Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsApple Inc. › 18790765
Last updated: April 19, 2026
Application No. 18/790,765

Secure Exclaves

Non-Final OA §103§112
Filed
Jul 31, 2024
Examiner
VO, ETHAN VIET
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
Apple Inc.
OA Round
1 (Non-Final)
74%
Grant Probability
Favorable
1-2
OA Rounds
3y 0m
To Grant
99%
With Interview

Interview Optional

+30.3% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 77 resolved cases, 2023–2026

Examiner Intelligence

VO, ETHAN VIET View full profile →
Grants 74% — above average
74%
Career Allow Rate
57 granted / 77 resolved
+16.0% vs TC avg
Strong +30% interview lift
Without
With
+30.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
23 currently pending
Career history
100
Total Applications
across all art units

Statute-Specific Performance

§101
5.8%
-34.2% vs TC avg
§103
55.7%
+15.7% vs TC avg
§102
14.2%
-25.8% vs TC avg
§112
24.3%
-15.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 77 resolved cases

Office Action

§103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . EXAMINER’S COMMENT Regarding the claimed invention, the independent claims recite “in response to a first indication that a first consumer is trustworthy, provide a first data set of the processed sensor data to the first consumer” and “and in response to a second indication that a second consumer is untrustworthy, negotiate one or more conditions in which the second consumer is permitted to receive a second data set of the processed sensor data” such as in Claim 1. This suggests a concept of asymmetry in which trusted consumers, i.e. the first consumer, receive sensor data while untrusted consumers, i.e. the second consumer, require further negotiation of conditions to receive the sensor data. It is noted by the Examiner however that the scope of the claims encompasses this negotiation also being performed with trusted consumers; i.e. while this negotiation is required of untrusted consumers, this negotiation can be enforced on all consumers equally and still read on the claims under the broadest reasonable interpretation. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 19 recites the limitation "and restrict the secure pipeline from accessing memory addresses outside of the set" in line 6 of Claim 19. There is insufficient antecedent basis for this limitation in the claim, regarding the recitation of the limitation “the set”. While Claim 19 previously recites “set of memory addresses designated as being accessible to the secure pipeline” beforehand, Claim 19 depends upon Claim 18 which recites multiple sets including “a first data set”, “a second data set”, and “a set of security criteria”. Therefore, a recitation of merely “the set” is ambiguous as to what set is being referred to, rendering the claim indefinite. It is recommended by the Examiner to amend the limitation to read as “the set of memory addresses designated as being accessible to the secure pipeline” instead for clarity. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 5-6, 12, 16, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dewan et al. (U.S. Pub. No. 2017/0180386 A1) hereinafter referred to as “Dewan”, and further in view of Wade et al. (U.S. Pub. No. 2023/0367908 A1) hereinafter referred to as “Wade”. Regarding Claim 1: Dewan teaches the following limitations: A computing device, comprising: a sensor; and sensor processor circuitry coupled to the sensor and configured to: process sensor data received from a sensor of the computing device (Fig. 2, Par. [0002], Par. [0016], Par. [0019], Par. [0023], Par. [0024], Par. [0025], Par. [0039]). Dewan teaches collecting and processing sensor data using a sensor hub/microcontroller trusted execution environment (TEE). in response to a first indication that a first consumer is trustworthy [trusted agent], provide a first data set of the processed sensor data to the first consumer (Fig. 2, Par. [0023]-[0028], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). Dewan teaches securely providing sensor data to trusted agents/applications in other TEEs, such as a host TEE in the same system. (taught by Wade below) Wade teaches the following limitations: and in response to a second indication that a second consumer is untrustworthy [non-trusted application], negotiate one or more conditions in which the second consumer is permitted to receive a second data set of the processed sensor data [user-defined permissions] (Par. [0036], Par. [0068]-[0071]). Wade teaches sharing sensor data with untrusted applications while maintaining privacy by allowing users to define permissions of what they desire to share with the application, i.e. negotiate conditions. Dewan teaches a system providing sensor data to applications within a trusted execution environment. Dewan also makes mention of providing sensor data to applications in unsecure areas (Par. [0020], Par. [0022], Par. [0030]), but does not teach negotiating conditions for how these applications are permitted to receive the sensor data. Wade however teaches that privacy concerns associated with sharing sensor data with untrusted applications can be mitigated by allowing users to define permissions of what they share, i.e. negotiate conditions (Par. [0001], Par. [0007]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan with the data sharing of Wade in order to gain the benefit of improved user privacy. One of ordinary skill in the art would have recognized that such permission-based data sharing of Wade is compatible with the system of Dewan, as both teach sharing data with untrusted applications, with Wade further noting that users themselves may desire to share this data with these non-trusted applications (Wade, Par. [0002]). Therefore, by combining the system of Dewan with the permission-based data sharing of Wade, this gains the benefit of data sharing with untrusted applications while respecting user privacy. Regarding Claim 2: Dewan teaches the following limitations: wherein the first indication identifies the first consumer as residing in a secure environment in which a set of security criteria is enforced for the first data set (Fig. 2, Par. [0023]-[0029], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). Dewan teaches securely providing sensor data to trusted agents, and this includes authentication, i.e. enforced security criteria. (Par. [0020], Par. [0022], Par. [0030]). Dewan teaches untrusted applications as residing outside the secure environment. Wade teaches the following limitations: and wherein the second indication identifies the second consumer (Par. [0036], Par. [0068]-[0071]). Wade teaches the untrusted application requesting access to the sensor data, and this can be considered an indication of the consumer residing outside the secure environment, as Wade was combined with Dewan in such a manner that the permissions-based sharing of Wade modified the separate communication channel of Dewan with regards to sensor data and untrusted applications. The reasons for motivation/combination of references remain the same as in Claim 1 above. Regarding Claim 3: Dewan teaches the following limitations: further comprising: one or more processors; and memory having program instructions stored therein that are executable by one or more processors to: implement a secure execution environment of the secure environment, wherein the first consumer is a first process executing within the secure execution environment (Fig. 2, Par. [0023]-[0028], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). Dewan teaches the trusted agents belonging to and executing within TEEs. and wherein the second consumer is a second process executing external to the secure execution environment (Par. [0020], Par. [0022], Par. [0030]). Dewan teaches untrusted applications operating outside of a TEE. Regarding Claim 5: Dewan teaches the following limitations: wherein the sensor processor circuitry is an image signal processor configured to process sensor data received from a camera (Par. [0015], Par. [0046], Par. [0061]). Dewan teaches the sensor data being received from a camera. Regarding Claim 6: Dewan teaches the following limitations: wherein the sensor processor circuitry is an audio processor configured to process sensor data received from a microphone (Par. [0015], Par. [0046], Par. [0062]). Dewan teaches the sensor data being received from a microphone. Regarding Claim 12: Dewan teaches the following limitations: wherein the sensor processor circuitry includes: a secure pipeline configured to: process sensor data to produce the first data set for the first consumer (Fig. 2, Par. [0023]-[0028], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). Dewan teaches a secure pathway of data for providing sensor data to trusted agents. and an unsecure pipeline configured to: process sensor data to produce the second data set for the second consumer (Fig. 2, Par. [0020], Par. [0022], Par. [0030]). Dewan teaches a non-secure pathway of data for providing sensor data to untrusted applications, and this pathway is different from the secure pathway. Regarding Claim 16: Dewan teaches the following limitations: A method, comprising: processing, by sensor processor circuitry of a computing device, sensor data received from a sensor of the computing device (Fig. 2, Par. [0002], Par. [0016], Par. [0019], Par. [0023], Par. [0024], Par. [0025], Par. [0039]). in response to a first indication that a first consumer resides in a secure environment, the sensor processor circuitry providing a first data set of the processed sensor data to the first consumer (Fig. 2, Par. [0023]-[0028], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). (taught by Wade below) Wade teaches the following limitations: and in response to a second indication that a second consumer resides outside of the secure environment, the sensor processor circuitry negotiating one or more conditions in which the second consumer is permitted to receive a second data set of the processed sensor data (Par. [0036], Par. [0068]-[0071]). Dewan teaches a system providing sensor data to applications within a trusted execution environment. Dewan also makes mention of providing sensor data to applications in unsecure areas (Par. [0020], Par. [0022], Par. [0030]), but does not teach negotiating conditions for how these applications are permitted to receive the sensor data. Wade however teaches that privacy concerns associated with sharing sensor data with untrusted applications can be mitigated by allowing users to define permissions of what they share, i.e. negotiate conditions (Par. [0001], Par. [0007]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan with the data sharing of Wade in order to gain the benefit of improved user privacy. One of ordinary skill in the art would have recognized that such permission-based data sharing of Wade is compatible with the system of Dewan, as both teach sharing data with untrusted applications, with Wade further noting that users themselves may desire to share this data with these non-trusted applications (Wade, Par. [0002]). Therefore, by combining the system of Dewan with the permission-based data sharing of Wade, this gains the benefit of data sharing with untrusted applications while respecting user privacy. Regarding Claim 18: Dewan teaches the following limitations: An integrated circuit, comprising: one or more processors configured to: co-execute trusted processes and untrusted processes in an isolated manner that includes enforcing a set of security criteria (Fig. 2, Par. [0002], Par. [0016], Par. [0019], Par. [0023], Par. [0024], Par. [0025], Par. [0039], Par. [0065]). Dewan teaches the system being a system on a chip, i.e. an integrated circuit. and sensor processor circuitry configured to: process sensor data received from a sensor (Fig. 2, Par. [0002], Par. [0016], Par. [0019], Par. [0023], Par. [0024], Par. [0025], Par. [0039]). in response to a first indication that a first process is one of the trusted processes, provide a first data set of the processed sensor data to the first process (Fig. 2, Par. [0023]-[0028], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). (taught by Wade below) Wade teaches the following limitations: and in response to a second indication that a second process is one of the untrusted processes, restrict, based on one or more of the set of security criteria, access of the second process to a second data set of the processed sensor data (Par. [0036], Par. [0068]-[0071]). Dewan teaches a system providing sensor data to applications within a trusted execution environment. Dewan also makes mention of providing sensor data to applications in unsecure areas (Par. [0020], Par. [0022], Par. [0030]), but does not teach negotiating conditions for how these applications are permitted to receive the sensor data. Wade however teaches that privacy concerns associated with sharing sensor data with untrusted applications can be mitigated by allowing users to define permissions of what they share, i.e. negotiate conditions (Par. [0001], Par. [0007]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan with the data sharing of Wade in order to gain the benefit of improved user privacy. One of ordinary skill in the art would have recognized that such permission-based data sharing of Wade is compatible with the system of Dewan, as both teach sharing data with untrusted applications, with Wade further noting that users themselves may desire to share this data with these non-trusted applications (Wade, Par. [0002]). Therefore, by combining the system of Dewan with the permission-based data sharing of Wade, this gains the benefit of data sharing with untrusted applications while respecting user privacy. Claims 4 is rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claim 2 above, and further in view of Volos et al. (U.S. Pub. No. 2020/0125772 A1) hereinafter referred to as “Volos”. Regarding Claim 4: Volos teaches the following limitations: wherein the sensor processor circuitry includes: one or more configuration registers configured to: store configuration information controlling operation of the sensor [sensitive data] (Par. [0048], Par. [0049], Par. [0067], Par. [0123]). Volos teaches that a trusted execution environment can have registers storing sensitive data in which external access can be restricted. In combination with the system of Dewan/Wade teaching trusted execution environments which store sensitive sensor data, this teaches the claimed limitation. wherein the one or more configuration registers are addressable only by entities within the secure environment [secure mode] (Par. [0048], Par. [0049], Par. [0067], Par. [0123]). Dewan/Wade teaches a system providing sensor data within a trusted execution environment, but does not teach registers with restricted access. Volos however teaches that a trusted execution environment can have registers in which external access is restricted in a secure mode, thereby improving security. (Par. [0048]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the registers of Volos in order to gain the benefit of additional security. One of ordinary skill in the art would have recognized that the registers of Volos are compatible with the system of Dewan/Wade, as both are directed towards trusted execution environments, and that such restricted registers would provide additional security by preventing external entities from accessing sensitive data/functionality. Claims 7, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claims 1 and 16 above respectively, and further in view of Pundak et al. (U.S. Pub. No. 2025/0124893 A1) hereinafter referred to as “Pundak”. Regarding Claim 7: Pundak teaches the following limitations: wherein the sensor processor circuitry is configured to: provide an indication that the sensor is active (Par. [0032], Par. [0063]). Pundak teaches that an indicator light can be illuminated to indicate a sensor is active for privacy concerns. wherein the one or more conditions include the sensor processor circuitry receiving confirmation that a user is being notified that the sensor is active (Par. [0032], Par. [0063]). Dewan/Wade teaches a system providing sensor data, in particular Wade is directed towards privacy concerns with sharing sensor data and requiring permissions/conditions for sensor usage. Dewan/Wade however does not teach notifying a sensor being active. Pundak however teaches that this active sensor notification, such as through an indicator light, is a method for mitigating privacy concerns with regards to sensor usage. (Par. [0032], Par. [0063]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the indicator light of Pundak in order to gain the benefit of additional privacy. One of ordinary skill in the art would have recognized that the indicator light of Pundak is compatible with the system of Dewan/Wade, as both are directed towards privacy concerns regarding sensors, and that additionally requiring such an indicator light would provide additional security/privacy by alerting the user of sensor usage. Regarding Claim 17: Pundak teaches the following limitations: wherein the negotiated one or more conditions includes a condition that a user is notified about the sensor’s use (Par. [0032], Par. [0063]). Dewan/Wade teaches a system providing sensor data, in particular Wade is directed towards privacy concerns with sharing sensor data and negotiating permissions/conditions for sensor usage. Dewan/Wade however does not teach notifying a sensor being active. Pundak however teaches that this active sensor notification, such as through an indicator light, is a method for mitigating privacy concerns with regards to sensor usage. (Par. [0032], Par. [0063]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the indicator light of Pundak in order to gain the benefit of additional privacy. One of ordinary skill in the art would have recognized that the indicator light of Pundak is compatible with the system of Dewan/Wade, as both are directed towards privacy concerns regarding sensors, and that using such an indicator light would provide additional security/privacy by alerting the user of sensor usage. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade/Pundak as applied to Claim 7 above, and further in view of Ugale et al. (U.S. Pub. No. 2022/0261475 A1) hereinafter referred to as “Ugale”. Regarding Claim 8: Ugale teaches the following limitations: further comprising: display pipeline circuitry configured to: in response to the provided indication, insert pixel data in a frame being presented on a display [visual icon] to notify the user is being notified that the sensor is active (Par. [0037], Par. [0060]). Ugale teaches that an active sensor notification can alternatively comprise displaying an icon on a visual user interface. Dewan/Wade/Pundak teaches a system providing sensor data with an indicator of active sensor usage, but do teach this being pixel data in a display. Ugale however teaches that this active sensor notification can alternatively be implemented using a visual icon on a display screen. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the active sensor notification of Dewan/Wade/Pundak with the visual icon of Ugale in order to gain the predictable result of the provided indication being pixel data in a display. One of ordinary skill in the art would have recognized that the visual icon of Ugale and the indicator light of Dewan/Wade/Pundak are alternative substitutes of providing an active sensor notification, and that using such a visual icon instead would gain the predictable result of the active sensor notification being done through pixel data on a display. Claims 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claim 1 above, and further in view of Vedula et al. (U.S. Pub. No. 2022/0094833 A1) hereinafter referred to as “Vedula”. Regarding Claim 9: Vedula teaches the following limitations: wherein the sensor processor circuitry is configured to: in response to determining to provide the second data set to the second consumer: periodically receive a heartbeat signal indicating that the one or more conditions have been satisfied (Par. [0024]-[0027], Par. [0041]-[0043], Par. [0047]-[0050]). Vedula teaches that an indicator light combined with a light sensor can be used as an anti-tampering privacy measure, in which the amount of light is periodically collected and verified as being above a certain threshold. This can be considered a type of heartbeat signal in the sense under the broadest reasonable interpretation. and discontinue providing the second data set in response to determining that the heartbeat signal is no longer being received (Par. [0024]-[0027], Par. [0041]-[0043], Par. [0047]-[0050]). Vedula teaches that blocking this light sensor results in disabling the camera, i.e. discontinuing sensor data. Dewan/Wade teaches a system providing sensor data, in particular Wade is directed towards privacy concerns with sharing sensor data and requiring permissions/conditions for sensor usage. Dewan/Wade however does not teach a heartbeat signal. Vedula however teaches that a light sensor can provide a heartbeat signal in the form of measuring the light amount, and is a method for mitigating privacy concerns with regards to sensor usage and tampering with an indicator light. (Par. [0016], Par. [0022]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the indicator light/light sensor of Vedula in order to gain the benefit of additional privacy. One of ordinary skill in the art would have recognized that the indicator light and light sensor of Vedula is compatible with the system of Dewan/Wade, as both are directed towards privacy concerns regarding sensors, and that additionally requiring such an indicator light/light sensor would provide additional security/privacy by alerting the user of sensor usage through the indicator light while detecting tampering through the light sensor. Regarding Claim 10: Vedula teaches the following limitation: wherein the sensor processor circuitry includes: a switch configured to: in response to the one or more conditions being violated, interrupt a data path through which the second data set is being provided to the second consumer (Par. [0041]-[0043], Par. [0048]). Vedula teaches switching/powering off a camera from transmitting sensor data in response to a light sensor being tampered with, i.e. a violation of conditions. This is an interruption of a data path under the broadest reasonable interpretation. Dewan/Wade teaches a system providing sensor data, in particular Wade is directed towards privacy concerns with sharing sensor data and requiring permissions/conditions for sensor usage. Dewan/Wade do not explicitly teach a switch upon detecting conditions being violated. Vedula however teaches that an indicator light/light sensor can be used to mitigate privacy concerns by alerting the user of sensor usage while detecting tampering (Par. [0016], Par. [0022]), and blocking this light sensor invokes a switch for disabling sensor data collection. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the system of Vedula in order to gain the benefit of additional privacy. One of ordinary skill in the art would have recognized that the system of Vedula is compatible with the system of Dewan/Wade, as both are directed towards privacy concerns regarding sensors, and that additionally requiring such an indicator light/light sensor would provide additional security/privacy by alerting the user of sensor usage through the indicator light and preventing undesired sensor usage upon detection of tampering by using a switch. Regarding Claim 11: Vedula teaches the following limitations: wherein the sensor processor circuitry is configured to: power gate the sensor in response to determining that the one or more conditions have been violated (Par. [0042], Par. [0043], Par. [0048]). Vedula teaches switching/powering off a camera from transmitting sensor data in response to a light sensor being tampered with, i.e. a violation of conditions. Dewan/Wade teaches a system providing sensor data, in particular Wade is directed towards privacy concerns with sharing sensor data and requiring permissions/conditions for sensor usage. Dewan/Wade do not explicitly teach a power gate/switch upon detecting conditions being violated. Vedula however teaches that an indicator light/light sensor can be used to mitigate privacy concerns by alerting the user of sensor usage while detecting tampering (Par. [0016], Par. [0022]), and blocking this light sensor invokes a switch for disabling sensor data collection by preventing the sensor from receiving power. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the system of Vedula in order to gain the benefit of additional privacy. One of ordinary skill in the art would have recognized that the system of Vedula is compatible with the system of Dewan/Wade, as both are directed towards privacy concerns regarding sensors, and that additionally requiring such an indicator light/light sensor would provide additional security/privacy by alerting the user of sensor usage through the indicator light and preventing undesired sensor usage upon detection of tampering by using a switch/power gate. Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claim 12 above, and further in view of Rhelimi et al. (U.S. Pub. No. 2018/0097781 A1) hereinafter referred to as “Rhelimi”. Regarding Claim 13: Rhelimi teaches the following limitations: wherein the sensor processor circuitry includes: an input-output memory management unit (IOMMU) configured to: store a first set of memory addresses designated as being accessible to the secure pipeline and a second set of memory addresses designated as being accessible to the unsecure pipeline (Par. [0027], Par. [0029], Par. [0031]). Rhelimi teaches a memory management unit (MMU) which assigns address ranges to a non-secure area and a secure area. and restrict the secure pipeline from accessing memory addresses outside of the first set and the unsecure pipeline from accessing memory addresses outside of the second set (Par. [0027], Par. [0029], Par. [0031]). Rhelimi further teaches the MMU checking permissions for access to the associated ranges. In combination with the environment isolation of Dewan/Wade, this teaches the claimed limitation. Dewan/Wade teaches a system providing sensor data within a trusted execution environment, but does not teach a memory management unit. Rhelimi however teaches that the isolation between a non-secure and secure area can have a memory management unit which acts as a memory protection unit to enforce isolation, thereby improving security (Par. [0029], Par. [0031]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the memory management unit in order to gain the benefit of additional security. One of ordinary skill in the art would have recognized that the memory management unit of Rhelimi is compatible with the system of Dewan/Wade, as both are directed towards isolating non-secure and secure environments, and that such a memory management unit would provide additional security by checking permissions for protected memory ranges. Regarding Claim 14: Rhelimi teaches the following limitation: wherein the memory addresses are stored as virtual to physical address translations (Par. [0027], Par. [0029], Par. [0030], Par. [0031]). Rhelimi further teaches translating virtual to physical addresses. The reasons for motivation/combination of references remain the same as in Claim 13. Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claim 1 above, and further in view of Pedersen et al. (U.S. Pub. No. 2016/0321472 A1) hereinafter referred to as “Pedersen”. Regarding Claim 15: Pedersen teaches the following limitation: wherein the sensor processor circuitry includes: a first direct memory access (DMA) engine configured to write the first data set to a portion of memory accessible to the first consumer (Par. [0008], Par. [0013]). Pedersen teaches that direct memory access controllers can be used to implement data communication to secure and non-secure memory regions. In the context of the data pathways of Dewan/Wade, this teaches a first and second direct memory access engine for the first and second consumer respectively. and a second DMA engine configured to write the second data to another portion of memory accessible to the second consumer (Par. [0008], Par. [0013]). Dewan/Wade teaches a system providing sensor data to a trusted execution environment and untrusted execution environment, but does not teach direct memory access engines. Pedersen however teaches that direct memory access (DMA) engines can be used to implement such data communication. (Par. [0013]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the direct memory access engines of Pedersen in order to gain the predictable result of using DMA engines to write to memory for the first and second consumers. One of ordinary skill in the art would have recognized that the DMA engines of Pedersen are compatible with the system of Dewan/Wade, as both are directed towards microcontroller systems, and that such DMA engines would have been a predictable implementation of the data pathways for delivering data to the first and second consumers. Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claim 18 above, and further in view of Rhelimi. Regarding Claim 19: Dewan teaches the following limitation: wherein the sensor processor circuitry includes: a secure pipeline configured to: process sensor data to produce the first data set for the first process (Fig. 2, Par. [0023]-[0028], Par. [0033], Par. [0034], Par. [0036], Par. [0039]). (taught by Rhelimi below) (taught by Rhelimi below) Rhelimi teaches the following limitations: and an input-output memory management unit (IOMMU) configured to: store a set of memory addresses designated as being accessible to the secure pipeline (Par. [0027], Par. [0029], Par. [0031]). and restrict the secure pipeline from accessing memory addresses outside of the set (Par. [0027], Par. [0029], Par. [0031]). Dewan/Wade teaches a system providing sensor data within a trusted execution environment, but does not teach a memory management unit. Rhelimi however teaches that the isolation between a non-secure and secure area can have a memory management unit which acts as a memory protection unit to enforce isolation, thereby improving security (Par. [0029], Par. [0031]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the memory management unit in order to gain the benefit of additional security. One of ordinary skill in the art would have recognized that the memory management unit of Rhelimi is compatible with the system of Dewan/Wade, as both are directed towards isolating non-secure and secure environments, and that such a memory management unit would provide additional security by checking permissions for protected memory ranges. Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Dewan/Wade as applied to Claim 18 above, and further in view of Pundak, and further in view of Ugale. Regarding Claim 20: Wade teaches the following limitations: (taught by Pundak/Ugale below) and wherein the sensor processor circuitry is configured to: based on (Par. [0036], Par. [0068]-[0071]). Wade was shown to teach satisfying permissions/rules to grant untrusted applications access to sensor data. Pundak teaches the following limitations: (Par. [0032], Par. [0063]). Pundak was previously shown to teach an indicator for a sensor being active to mitigate privacy concerns. Dewan/Wade teaches a system providing sensor data, in particular Wade is directed towards privacy concerns with sharing sensor data and requiring permissions/conditions for sensor usage. Dewan/Wade however does not teach notifying a sensor being active. Pundak however teaches that this active sensor notification, such as through an indicator light, is a method for mitigating privacy concerns with regards to sensor usage. (Par. [0032], Par. [0063]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the sensor data system of Dewan/Wade with the indicator light of Pundak in order to gain the benefit of additional privacy. One of ordinary skill in the art would have recognized that the indicator light of Pundak is compatible with the system of Dewan/Wade, as both are directed towards privacy concerns regarding sensors, and that additionally requiring such an indicator light would provide additional security/privacy by alerting the user of sensor usage. Ugale teaches the following limitation: further comprising: user interface pipeline circuitry configured to: insert, into an output provided to a user interface, an indicator that the sensor is active (Par. [0037], Par. [0060]). Ugale was shown to previously teach that an indicator of a sensor being active can alternatively be implemented using a visual icon on a display user interface. Dewan/Wade/Pundak teaches a system providing sensor data with an indicator of active sensor usage, but do teach this being pixel data in a display. Ugale however teaches that this active sensor notification can alternatively be implemented using a visual icon on a display screen. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the active sensor notification of Dewan/Wade/Pundak with the visual icon of Ugale in order to gain the predictable result of the provided indication being pixel data in a display. One of ordinary skill in the art would have recognized that the visual icon of Ugale and the indicator light of Dewan/Wade/Pundak are alternative substitutes of providing an active sensor notification, and that using such a visual icon instead would gain the predictable result of the active sensor notification being done through pixel data on a display. Related Art The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: Madar III et al. (U.S. Pub. No. 2022/0335945 A1) – Includes methods regarding sensor privacy Martel et al. (U.S. Pub. No. 2018/0349649 A1) – Includes methods regarding disabling sensors Chapier et al. (U.S. Pub. No. 2015/0032976 A1) – Includes methods regarding memory management Weaver (U.S. Pub. No. 2020/0020493 A1) – Includes methods regarding a sensor kill switch Yu et al. (U.S. Pub. No. 2023/0024628 A1) – Includes methods regarding notifying a user of sensor usage with different permission areas Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /E.V.V./Examiner, Art Unit 2431 /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Jul 31, 2024
Application Filed
Jan 08, 2026
Non-Final Rejection — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/349,050
Patent 12602496
COMMANDS COMMUNICATIONS
2y 5m to grant Granted Apr 14, 2026
17/994,944
Patent 12598200
DETECTING ABNORMAL PACKET TRAFFIC USING FINGERPRINTS FOR PLURAL PROTOCOL TYPES
2y 5m to grant Granted Apr 07, 2026
16/294,788
Patent 12572706
CROSS DOMAIN VOLTAGE GLITCH DETECTION CIRCUIT FOR ENHANCING CHIP SECURITY
2y 5m to grant Granted Mar 10, 2026
18/312,176
Patent 12547762
PERSONAL INFORMATION PROTECTION DEVICE
2y 5m to grant Granted Feb 10, 2026
18/057,458
Patent 12513135
ONE-WAY SEGREGATION OF AV SUBSYSTEMS AND USER DEVICES
2y 5m to grant Granted Dec 30, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
74%
Grant Probability
99%
With Interview (+30.3%)
3y 0m
Median Time to Grant
Low
PTA Risk
Based on 77 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month