DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In view of the appeal brief filed on 02/25/2026, PROSECUTION IS HEREBY REOPENED. A new ground of rejection is set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below.
Claims 1, 3-12, 14-22 are pending.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1, 3-12, 14-22 are rejected under 35 U.S.C. 112 (b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or joint inventor regards as the invention.
The following claim language is not clearly understood:
Claim 1 recites “host device comprising a first processor” and “an auxiliary device comprising a second processor”. It is unclear if the second processor is part of host device or separate and independent from the host device. Examiner has interpreted the claim limitations to mean - auxiliary processor being either inside (fig. 1) or outside the host device (fig. 3A-3B, according to the broadest reasonable interpretation of the claim elements in view of specification ([0061] fig. 3A-B [0063]).
Claim 1 recites “host device comprising: …primary trusted execution environment…an auxiliary device comprising … auxiliary trusteed execution environment. It is unclear if the auxiliary device / auxiliary trusted execution environment is part of the host device or not. Examiner has interpreted the claim limitations to mean - auxiliary device / trusted execution device being either inside (fig. 1) or outside the host device (fig. 3A-3B), according to the broadest reasonable interpretation of the claim elements in view of specification ([0061] fig. 3A-3B [0063]).
Claim 1 recites “storing the encrypted data on an external storage device”. It is unclear “external” is referring to external to the auxiliary device, or external to the host device or external to auxiliary device or external to host device or external to both host device and auxiliary device.
Claims 12 and 17 recite elements similar to claim 1 and have similar deficiency as claim 1. Therefore, they are rejected for the same rational. Remaining dependent claims 3-11, 14-16 and 18-22 are also rejected due to similar deficiency inherited from the rejected independent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-7, 9, 11-12, 14-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bursell (US 2021/0374232 A1) in view of Wilkinson et al. (US 2023/0020255 A1, hereafter Wilkinson).
As per claim 1, Bursell teaches the invention substantially as claimed including a host device comprising (fig. 1 computing device 110A fig. 2 110A):
a main memory (fig. 2 main memory 212 );
a first processor coupled to the main memory (fig. 2 processors 214 trusted I/O 215 main memory 212);
a primary trusted execution environment established by the first processor and comprising at least a part of the main memory (fig. 2 Trusted execution environment 120 processors 214 main memory 212 trusted storage area 213 [0044] Processors 214 may establish a trusted execution environment across multiple hardware devices of hardware platform 210 (e.g., processor and storage devices) and may include instructions (e.g., opcodes) to initiate, configure, and maintain the trusted execution environment 120);
an auxiliary device comprising (fig. 1 computing device 110 C):
a device memory, a second processor communicably coupled to the device memory, and an auxiliary trusted execution environment established by the second processor and comprising at least a part of the device memory ( fig. 3 computing device 110C fig. 2 computing device 110 C - similar to 110 A, main memory 212, processors 214, trusted execution environment 120 trusted storage area 213 [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120 );
wherein the second processor is configured to perform operations comprising (fig.3 computing device 110C, which similar to 110A fig. 1 1110A processor 214 [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120 [0041] processors, perform computing tasks):
establishing a trusted communication link between the primary trusted execution environment and the auxiliary trusted execution environment (fig. 1 computing device 110A encrypted communication channel 112B computing device 110C [0072] encrypted communication channel 112A-B, connect trusted execution environment 120 of computing device 110A, established by the processor; fig. 3 110A-312-110C [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120);
receiving data of the primary trusted execution environment over the trusted communication link ([0023] computing device, trusted execution environment, transfer data [0071] computing device 110A, transfer protected content 124 into trusted execution environment 120 protected content 124, transferred, over, one or more communication channels 112A-B [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120), wherein the data is stored in the auxiliary trusted execution environment (fig. 2 computing device 110A trusted execution environment 120 trusted storage area 213 data 122 fig. 3 data 122 protected content 124 [0031] data 122 may originate on computing device 110 B and may be transferred from computing device 110B to computing device 110A and loaded into trusted execution environment 120, store/ execute/isolate data 122 [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120);
processing the data by the auxiliary trusted execution environment ([0031] computing device 110A, trusted execution environment 120, execute, data 122 [0037] executable data 122 may be received from or generated by a first computing device (e.g., 110A or 110B) and portions of protected content 124 may be received from one or more other computing devices (e.g., 110B-Z). In either example, executable code 126 may include executable data, configuration data, other data, or a combination thereof and may be stored and executed in the trusted execution environment 120 [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120), wherein the processing generates encrypted data ([0037] executable data 122, received from or generated by the first computing device [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120 [0085] executable code 126, implement one or more operations 526 that use protected content 124, operations 526 involve logic to combine protected content 124A-Z, combining involve generate protected content 124, initiate cryptographic key functions [0086] key generator function, [0087] performing an encryption operation, encrypt data using protected content); and
storing the encrypted data on an external storage device ([0071] enable computing device 110A to transfer protected content 124, between computing devices, to or from external device e.g. remote computing device, accessible over an external connection e.g. network/internet [0026] computing device 110A-Z include data storage device [0100]).
Bursell doesn’t specifically teach host device comprising primary trusted execution environment and auxiliary device comprising auxiliary trusted execution environment. (although multiple trusted execution environments within same computing device is taught by Bursell [0041] [0053] [0062]).
Wilkinson, however, teaches host device (fig. 1 processing unit 2 multiple processor tiles 4 fig. 2 4 tile processor [0069] processor tiles 4, processor 10) comprising primary trusted execution environment and auxiliary device comprising auxiliary trusted execution environment ([0005] accelerator subsystems, connected together, local TEEs formed on the individual accelerator [0007] system comprising a plurality of accelerator subsystems, each of the accelerator subsystems comprises: at least one processor, provide trusted execution environment on the respective accelerator subsystem).
It would have been obvious to one of ordinary skills in the art before the effective filing date of the invention was made to combine the teachings of Bursell with the teachings of Wilkinson of system comprising plurality of accelerator subsystem with each individual accelerator subsystem comprising a processor providing trusted execution environment on respective accelerator subsystem to improve security and allow host device comprising primary trusted execution environment and auxiliary device comprising auxiliary trusted execution environment to the method of Bursell as in the instant invention.
The combination of cited prior art would have been obvious because applying the known method of trusted execution environment running on individual accelerator as taught by Wilkinson to the method of Bursell to yield expected result with improved security and efficiency.
As per claim 3, Bursell teaches auxiliary device further comprises a third processor coupled, via a data storage interface to the external storage device (fig. 1 computing device 110C Trusted execution environment 120; fig. 2 computing device 110A, processors 214 [0071] enable computing device 110A to transfer protected content 124, between computing devices, to or from external device e.g. remote computing device, accessible over an external connection e.g. network/internet [0026] computing device 110A-Z include data storage device [0100] [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120)
As per claim 4, Bursell teaches wherein the third processor is outside of the auxiliary trusted execution environment (fig. 2 computing device 110 A processors 214 trusted processor 217 [0052] portion of processor 214 i.e. portion outside the TEE; also fig. 3 processor of other computing devices are external to the auxiliary device), and wherein processing the data by the auxiliary trusted execution environment further comprises:
encrypting the data by the second processor ([0031] computing device 110A, trusted execution environment 120, execute, data 122 trusted processor area 217 [0052] trusted processor area 217, processor core [0085] executable code 126, implement one or more operations 526 that use protected content 124, operations 526 involve logic to combine protected content 124A-Z, combining involve generate protected content 124, initiate cryptographic key functions [0086] key generator function, [0087] performing an encryption operation, encrypt data using protected content);
storing, by the second processor, the encrypted data in a memory buffer of the device memory (fig. 2 computing device 110A trusted execution environment 120 trusted storage area 213 data 122 fig. 3 data 122 protected content 124 [0031] trusted executed environment 120 store data 122 [0052] trusted processor area 217, processor core );
retrieving the encrypted data from the memory buffer by the third processor ([0048] trusted storage area 213, stores data, encrypted form, cryptographic keys, accessible to the hardware devices e.g. processor 214 [0052] trusted processor area 217, processor cores 214 i.e. other processor cores outside the TEE [0019] fig. 1 computing device 110A data exchange device, function as data distribution device, data retrieval device, retrieve data from a sending device );
forwarding the encrypted data, by the third processor over the data storage interface, to the external storage device ([0019] fig. 1 computing device 110A data exchange device, function as data distribution device, data retrieval device, retrieve data from a sending device , provide a portion of the data to one or more recipient device [0071] enable computing device 110A to transfer protected content 124, between computing devices, to or from external device e.g. remote computing device, accessible over an external connection e.g. network/internet [0026] computing device 110A-Z include data storage device [0100] [0042] storage device 312 any data storage device, persistent data storage).
As per claim 5, Bursell teaches wherein the third processor is within the auxiliary trusted execution environment (fig. 2 trusted processor area 217 [0052] portion of processor that executes that executes the data e.g. processor core), and wherein processing the data by the auxiliary trusted execution environment further comprises:
storing, by the second processor, the data in a memory buffer of the device memory (fig. 2 computing device 110A trusted execution environment 120 trusted storage area 213 data 122 fig. 3 data 122 protected content 124 [0052] trusted processor area 217, stores the data e.g. CPU cache, processor memory, register [0031] data 122 may originate on computing device 110 B and may be transferred from computing device 110B to computing device 110A and loaded into trusted execution environment 120, store/ execute/isolate data 122 [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120;
retrieving the data from the memory buffer by the third processor ([0048] trusted storage area 213, stores data, encrypted form, cryptographic keys, accessible to the hardware devices e.g. processor 214 [0052] trusted processor area 217, processor cores 214 i.e. other processor cores outside the TEE [0019] fig. 1 computing device 110A data exchange device, function as data distribution device, data retrieval device, retrieve data from a sending device);
encrypting the data by the third processor ([0018] hardware processor, encrypt, data [0048] data, encrypted, hardware device, cryptographic keys, hardware devices e.g. processor 214);
forwarding the encrypted data, by the third processor over the data storage interface, to the external storage device ([0019] fig. 1 computing device 110A data exchange device, function as data distribution device, data retrieval device, retrieve data from a sending device , provide a portion of the data to one or more recipient device [0071] enable computing device 110A to transfer protected content 124, between computing devices, to or from external device e.g. remote computing device, accessible over an external connection e.g. network/internet [0026] computing device 110A-Z include data storage device [0100] [0042] storage device 312 any data storage device, persistent data storage).
As per claim 6, Bursell teaches wherein the third processor implements a secure Remote Device Memory Access (RDMA) protocol ([0071] transfer the data, between computing device 120, external device, DMA ).
As per claim 7, Bursell teaches wherein the primary trusted execution environment comprises a Trusted Virtual Machine (TVM) ([0046] fig. 1 110A 120 TEE virtual machine e.g. virtual machine based TEE ).
As per claim 9, Bursell teaches wherein processing the data using the auxiliary trusted execution environment comprises:
generating, using the auxiliary trusted execution environment, a digest of the data ([0021] hash data, generated integrity data [0064] attestation data, integrity data, hash [0096] TEE, compare hashes or digital fingerprints).
As per claim 11, Bursell teaches wherein the operations further comprise:
processing, using the auxiliary trusted execution environment, data read from the external storage device ([0052] trusted processor area 217, core, executes the data [0034] protected content 124 received from the data originating device [0042] data of computing process 225A may be received from a device that is internal or external to computing device 110A. ), wherein the processing comprises decrypting and verifying the read data ([0052] trusted processor area 217 store the data in decrypt form [0039] verify to each of the participant devices, configured with trusted execution environment 120); and
providing the processed data to the primary trusted execution environment using the trusted communication link ([0023] computing device, trusted execution environment, transfer data [0071] computing device 110A, transfer protected content 124 into trusted execution environment 120 protected content 124, transferred, over, one or more communication channels 112A-B [0040] computing device 110A may be the same or similar to one or more of computing devices 110A-Z of FIG. 1 and may include a hardware platform 210, a trusted execution environment 120).
Claim 12 recites a method for elements similar to claim 1. Therefore, it is rejected for the same rationale.
Claim 14 recites the elements similar to claim 3. Therefore, it is rejected for the same rationale.
Claim 15 recites the elements similar to claim 4. Therefore, it is rejected for the same rationale.
Claim 16 recites the elements similar to claim 5. Therefore, it is rejected for the same rationale.
Claim 17 recites non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to perform operations similar to claim 1. Therefore, it is rejected for the same rationale.
Claim 18 recites non-transitory machine-readable storage medium storing instructions for elements similar to claim 3. Therefore, it is rejected for the same rationales.
Claim 19 recites non-transitory machine-readable storage medium storing instructions for elements similar to claim 4. Therefore, it is rejected for the same rationales.
Claim 20 recites non-transitory machine-readable storage medium storing instructions for elements similar to claim 5. Therefore, it is rejected for the same rationales.
As per claim 21, Bursell teaches wherein processing the data by the auxiliary trusted execution environment further comprises:
generating, by the auxiliary trusted execution environment, a digest of the data ( [0042] data of computing process 225A may be received from a device that is internal or external to computing device 110A [0052] Trusted processor area 217, core, executes the data, encrypted form [0098] hash of executable code in TEE);
updating, by the auxiliary trusted execution environment, using the digest of the data, a hierarchical digest data structure ([0098] hash of executable code in TEE [0064] attestation chaining, different portions of computing device 110A, combined, layers of hardware device layer/ program layer [0094] The different layers of attestation data may be combined before, during, or after being received by attestation component 615 and may be referred to as chained attestation data; also Mallick [0096] data, layers).
Claim 22 recites the elements similar to claim 21. Therefore, it is rejected for the same rationale.
Claims 8, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bursell, in view of Wilkinson, as applied to above claims, and further in view of Mallick et al. (US 2022/0391107 A1, hereafter Mallick).
Mallick was cited in the last office action.
As per claim 8, Bursell teaches wherein processing the data using the auxiliary trusted execution environment further comprises:
using the auxiliary trusted execution environment, the data of the primary trusted execution environment to generate data ([0052] Trusted processor area 217, processor 214, executes data, store the data encrypted form [0053] store and/or executed within trusted execution environment).
Bursell and Wilkinson, in combination, do not specifically teach compressing the data to generate compressed data.
Mallick, however, teaches compressing the data to generate compressed data ([0008] data services, compression [0094] compression, compressed data ).
It would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to combine the teachings of Bursell and Wilkinson with the teachings of Mallick of generating compressed data to improve storage efficiency and allow compressing the data to generate compressed data to the method of Bursell and Wilkinson as in the instant invention.
The combination cited prior arts would have been obvious because applying the known method of compressing data taught by Mallick to the method of Bursell and Wilkinson to yield expected result and improved efficiency.
As per claim 10, Bursell teaches wherein the storage device comprises a solid state storage device ([0042] storage device 212, solid state drives SSD) and wherein the storing comprises:
generating, using the auxiliary trusted execution environment, a write command (fig. 1 TEE 120 [0052] Trusted processor are 217, stores the data, encrypted form [0071] processor, write data, memory) ; and
transmitting, using the auxiliary trusted execution environment, the write command and the encrypted data to a DPU of the persistent storage device ([0051] The data may be transmitted over one or more system buses, networks, or other communication channel in an encrypted or partially encrypted form [0052] Trusted processor are 217, stores the data, encrypted form [0071] processor, write data, memory [0017] data exchange device, function, intermediate device [0050] data in the storage units of trusted storage area 213 may be transmitted to other hardware devices [0042] data, encrypted, key).
Mallick teaches remaining claim elements of command that complies with a Non-Volatile Memory Express (NVMe) protocol ([0030] storage device, write commands, NVMe commands of NVMe access protocol).
Examiners Note
Applicant is further reminded of that the cited paragraphs and in the references as applied to the claims above for the convenience of the applicant(s) and although the specified citations are representative of the teachings of the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses, to fully consider all of the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Response to Arguments
Applicant's arguments in the appeal filed on 02/25/2026 have been fully considered but they are moot in view of new ground of rejection.
Conclusion
Authorization for Internet Communication
Applicant is encouraged to submit an authorization to communicate with the Examiner via the internet by making the following statement (MPEP 502.03)
“Recognizing that internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”
Please note that the above statement can only by submitted via Central Fax (not Examiner’s Fax), Regular postal mail, or EFS Web using PTO/SB/439.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Fausak; Andrew T. et al. (US 20200067984 A1) teaches management of a distributed universally secure execution environment
Ginzton; Matthew David (US-20190188418-A1) teaches restriction related to a virtualized computer
Morgan; Jeffery A. et al. (US 8254579 B1) teaches cryptographic key distribution using a trusted computing platform
Ventura; Giuseppe (US 20180239897 A1) teaches performance of distributed system functions using a trusted execution environment
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU ZAR GHAFFARI whose telephone number is (571)270-3799. The examiner can normally be reached on Monday-Thursday 9:00 - 17:00 Hrs.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aimee Li can be reached on 571-272-4169. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABU ZAR GHAFFARI/Primary Examiner, Art Unit 2195
/Aimee Li/Supervisory Patent Examiner, Art Unit 2195
Prosecution Insights