POLICY CONTROLLED SHARING OF DATA AND PROGRAMMATIC ASSETS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). The disclosure of the prior-filed applications, Application No. 63/241,239 and 17/939,314, fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. Independent claims 1 and 6 recite the limitation anonymizing the output result before it is output from the trusted and isolated computing environment, which is not supported by the prior-filed applications 63/241,239 and 17/939,314. Accordingly, claims 1-10 are not entitled to the benefit of the prior applications 63/241,239 and 17/939,314 and the effective filing date of the claims is the priority date of the provisional patent application 63/440,165 dated 01/20/2023. Information Disclosure Statement The information disclosure statements (IDS) submitted on 01/18/2024 and 08/09/2024 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Examiner Notes Applicant is respectfully reminded that essential material may be incorporated by reference, but only by way of an incorporation by reference to a U.S. patent or U.S. patent application publication, which patent or patent application publication does not itself incorporate such essential material by reference. Applicant incorporates US Patent Application No. 63/440,165, 63/241,239, and 17/939,314 in paragraph [0001], US Patent Application No. 17/094,118 in paragraph [0063], and the International Patent Application No. PCT/US22/23671. “Essential material” is material that is necessary to provide written description support, enablement, set forth the best mode, describe the claimed invention in terms that particularly point out and distinctly claim the invention as required by 35 U.S.C. § 112(b) and the structure, material, or acts that correspond to a claimed means or step for performing a specified function as required by 35 U.S.C. § 112(f). Other material ("Nonessential material") may be incorporated by reference to U.S. patents, U.S. patent application publications, foreign patents, foreign published applications, prior and concurrently filed commonly owned U.S. applications, or non-patent publications. If any material from the previously said patent applications becomes “essential material” the Examiner may require that the material be inserted into the specification or drawings. Any insertion of material incorporated by reference into the specification or drawings of an application must be by way of an amendment to the specification or drawings. Such an amendment must be accompanied by a statement that the material being inserted is the material previously incorporated by reference and that the amendment contains no new matter. See 37 CFR 1.57 and MPEP 608.01(p) for more information. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Ibrahim et. al. (US Publication No. US 2021/0111901 A1) hereinafter Ibrahim, in view of Poornachandran et. al. (US Publication No. US 2017/0372076 A1) hereinafter Poornachandran, further in view of Fuhry et. al. (US Publication No. US 2022/0391526 A1) hereinafter Fuhry. Regarding Claims 1 and 6: Claim 1. Ibrahim discloses a method of securely processing a dataset with an algorithm to produce an output result to be securely provided to an output recipient, comprising (Ibrahim [0012], [0019-0021]): establishing, with a controlling trusted and isolated computing environment, a first trusted and isolated computing environment in which a dataset to be processed by an algorithm is received in encrypted form from a dataset-providing computational domain of an entity that is authorized to provide the dataset (Ibrahim [0016] trusted execution environment, [0041-0044] trusted environment used), the dataset being encrypted by a first encryption key (Ibrahim [0012] “the entity may use the particular cryptographic algorithm in communicating information to client devices. The entity may desire to keep the identity of the particular cryptographic algorithm secret to improve security.”; [0015], [0025-0026]), the controlling trusted and isolated computing environment providing the dataset-providing computational domain with a second encryption key for encrypting the first encryption key (Ibrahim [0016] “an entity may create a trusted application for execution in the trusted execution environment that is configured to receive code implementing a cryptographic algorithm, where the code is itself encrypted. A cryptographic coprocessor may be used to verify the authenticity and integrity of the code, after which the trusted application may then decrypt the code implementing the cryptographic algorithm and execute the code to encrypt information to be sent to the entity or to decrypt information sent from the entity”, [0031] cryptographic processes provided for by cryptographic coprocessor, [0041-0044] trusted environment used); providing to the first trusted and isolated computing environment, from the controlling trusted and isolated computing environment, a first decryption key for decrypting the first encryption key such that the first trusted and isolated computing environment is able to decrypt the encrypted dataset without allowing any other computational domain to access the dataset in an unencrypted form except for the dataset-providing computational domain (Ibrahim Fig. 3-4, [0056-0058]), … wherein the first trusted and isolated computing environment obtains the algorithm that is to process the dataset by receiving the algorithm as an encrypted algorithm from an external storage system and decrypts the encrypted algorithm using a second decryption key obtained from the controlling trusted and isolated computing environment such that the first trusted and isolated computing environment is able to decrypt the encrypted algorithm without allowing any other computational domain to access the algorithm in an unencrypted form except for the computational domain of an entity that is authorized to provide the algorithm (Ibrahim [0012], [0025-0026] “In some cases, the cryptographic algorithm 121 may include a key for use with the cryptographic algorithm 121 in order to decrypt and/or encrypt data with the cryptographic algorithm 121. Alternatively, such key(s) may be otherwise available to the client device 106. The encrypted code 118 includes a signature 124 that may be used to verify the authenticity or integrity of the encrypted code 118.”); and causing the algorithm to process the dataset in the first trusted and isolated computing environment to produce an output result (Ibrahim [0019-0022], [0037]). Ibrahim does not disclose a method wherein a trusted and isolated computing environment is a computing environment whose computer code is able to be attested by comparing a digest of the computing environment to a baseline digest of the computing environment that is available to third parties to thereby verify computing environment integrity while also being a computing environment in which only a specified maximum number of application processes and specified system processes implementing the computing environment are able to operate… anonymizing the output result before it is output from the first trusted and isolated computing environment. Poornachandran teaches a method wherein a trusted and isolated computing environment is a computing environment whose computer code is able to be attested by comparing a digest of the computing environment to a baseline digest of the computing environment that is available to third parties to thereby verify computing environment integrity while also being a computing environment in which only a specified maximum number of application processes and specified system processes implementing the computing environment are able to operate (Poornachandran Fig. 3-4, [0011] trusted execution environment may be validated using a hash corresponding to the launch state of the system, which may be OEM or policy-based, [0024-0026]). It would have been obvious to one having ordinary skill in the art at before the time the invention was effective filed to combine the secure cryptographic processing disclosed by Ibrahim with the hash comparison as taught by Poornachandran. As discussed above in independent claim 1 above, the motivation for this combination would be in order to further verify that the trusted execution environment has not been compromised or corrupted. While Ibrahim lacks a direct recitation of a comparison step involving a hash of the current operating system runtime as taught in Poornachandran, in Ibrahim [0031] and [0073] there is a recognized importance of remote device identity attestation and analyzing the current runtime to ensure integrity verification. Poornachandran does not explicitly teach anonymizing the output result before it is output from the first trusted and isolated computing environment. Fuhry teaches anonymizing the output result before it is output from the first trusted and isolated computing environment (Fuhry [0022-0025] “The system consistent with implementations of the current subject matter uses a trusted execution environment (TEE) for the trustworthiness check, to receive the data, to perform the analysis, and to return the anonymized results.”). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to further combine the secure cryptographic processing disclosed by Ibrahim with the hash comparison as taught by Poornachandran further with the anonymization taught by Fuhry. The motivation for this combination would be to be able to perform analytics and identify issues or trends visible within the data while preserving the privacy of potentially personally identifiable information of the users as discussed by Fuhry (Fuhry [0025] “This setting is useful, for instance, if privacy regulating laws otherwise forbid analysis on the data. For example, with this first scenario, a company may perform analysis over its own data to which privacy restrictions apply (e.g., medical data, human resources data, confidential employee or customer data, etc.) without violating the privacy of employees or customers. By performing the analysis, issues or trends may be identified and/or optimization techniques may be employed, depending on the data type and the particular analysis being done.”). Claim 6 recites substantially the same content and is therefore rejected under the same rationales. As of the current record, the principal difference between independent method claim 1 and independent method claim 6 appears to be that in independent claim 6, the first trusted and isolated computing environment receives the algorithm from an algorithm-providing computational domain and the dataset from an external storage system; whereas independent claim 1 receives the dataset from a dataset-providing computational domain and the algorithm from an external storage system. Regarding Claims 2 and 7: Claim 2. The combination of Ibrahim, Poornachandran, and Fuhry further teaches the method of claim 1 (Ibrahim [0012]) wherein the first encryption key is a symmetric key (Ibrahim [0031]). Claim 7 recites substantially the same content and is therefore rejected under the same rationales. Regarding Claims 3 and 8: Claim 3. The combination of Ibrahim, Poornachandran, and Fuhry further teaches the method of claim 2 (Ibrahim [0012], [0019-0021]) wherein the symmetric key is generated within the dataset-providing computational domain (Ibrahim [0030-0032]). Claim 8 recites substantially the same content and is therefore rejected under the same rationales. Regarding Claims 4 and 9: Claim 4. The combination of Ibrahim, Poornachandran, and Fuhry further teaches the method of claim 3 (Ibrahim [0012], [0019-0021]) wherein the symmetric key is encrypted by the second encryption key within the dataset-providing computational domain and provided to the controlling trusted and isolated computing environment. (Ibrahim Fig. 3, [0031], [0048] encrypted information is provided to the cryptographic coprocessor, [0052] cryptographic coprocessor uses information provided to it to encrypt symmetrically or asymmetrically). Claim 9 recites substantially the same content and is therefore rejected under the same rationales. Regarding Claims 5 and 10: Claim 5. The combination of Ibrahim, Poornachandran, and Fuhry further teaches the method of claim 1 further comprising (Ibrahim [0012], [0019-0021]): providing from the controlling trusted and isolated computing environment to a designated recipient of the output result a second encryption key for encrypting a symmetric key provided to the designated recipient by the dataset-providing computational domain (Ibrahim Fig. 3-4, [0056] cryptographic coprocessor used to decrypt, [0036-0037] authorized recipients); receiving in the first trusted and isolated computing environment the encrypted symmetric key from the designated recipient (Ibrahim [0071]); receiving a third decryption key in the first trusted and isolated computing environment from the controlling trusted and isolated computing environment for decrypting the encrypted symmetric key (Ibrahim Fig. 5-6, [0071] algorithm and key-pair may be included); decrypting the encrypted symmetric key in the first trusted and isolated computing environment using the third decryption key (Ibrahim Fig. 5-6, [0066]); and encrypting the output result in the first trusted and isolated computing environment using the symmetric key (Ibrahim Fig. 5 [0068]) and storing the encrypted output result in a storage system external to the first trusted and isolated computing environment and the controlling trusted and isolated computing environment (Ibrahim Fig. 2A-2B, [0048] securely stored, [0056] “Where the cryptographic coprocessor 206 is implemented in firmware, data (e.g., root keys) stored in a secure element (e.g., secure data storage) may be transferred from the secure element to the firmware cryptographic coprocessor 206 via an interface that mediates access to the secure element. The data (e.g., root keys) can enable the firmware cryptographic coprocessor 206 to perform functions such as verification and decryption.”). Claim 10 recites substantially the same content and is therefore rejected under the same rationales. Conclusion The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496