Prosecution Insights
Last updated: July 17, 2026
Application No. 19/047,317

ELECTRONIC DEVICE FOR PROVIDING TRUSTED EXECUTION ENVIRONMENT

Non-Final OA §103
Filed
Feb 06, 2025
Priority
Oct 04, 2022 — RE 10-2022-0126054 +2 more
Examiner
FAROOQUI, QUAZI
Art Unit
Tech Center
Assignee
Samsung Electronics Co., Ltd.
OA Round
1 (Non-Final)
83%
Grant Probability
Favorable
1-2
OA Rounds
1y 2m
Est. Remaining
98%
With Interview

Examiner Intelligence

Grants 83% — above average
83%
Career Allowance Rate
380 granted / 459 resolved
+22.8% vs TC avg
Moderate +15% lift
Without
With
+14.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
17 currently pending
Career history
467
Total Applications
across all art units

Statute-Specific Performance

§101
1.4%
-38.6% vs TC avg
§103
89.9%
+49.9% vs TC avg
§102
6.0%
-34.0% vs TC avg
§112
0.3%
-39.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 459 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detail Action This office action is response to the application 19/047,317 filed on 02/06/2025. Claims 1-20 are pending in this communication. Priority This application claims priority from KOREA, REPUBLIC OF 10-2022-0126054 10/04/2022 & KOREA, REPUBLIC OF 10-2022-0147159 11/07/2022. Priority date has been accepted. Examiner’s Note The examiner is requesting the applicant’s representative to provide direct phone number and/or mobile phone number in next communication, which will be very helpful to advance the prosecution. Claim Rejections - 35 USC § 103 The following is a quotation of AIA 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-6, 8-15 & 17-20 are rejected under AIA 35 U.S.C. 103 as being unpatentable over GIGOV; Nikolay et al. (US 11,347882 B2) in view of LAL, Reshma et al. US 2024/0073013 A1. Regarding Claim 1, GIGOV discloses a device comprising: one or more processors {col. 6 lines 20-29, “The sender device 120 may include one or more processor devices 125, such as a processor, a microprocessor, a digital signal processor, an application-specific integrated circuit (ASIC), … a dedicated logic circuitry, a dedicated artificial intelligence processor unit, or combinations thereof”}; and … a first secure area that provides a plurality of trusted execution environments (TEEs) to which access by software executed in the REE is controllable {{Fig. 1 & col. 6 lines 8-12, “A trusted, secure environment, such as a trusted execution environment (TEE) of a processor device, exists within the sender device 120 (shown as sender TEE 130) and the receiver device 150 (shown as receiver TEE 160). Examiner’s note: REE can be a device or non-secure memory area isolated from TEE, as per spec. para. [0003], “A TEE may restrict an application executed in a rich execution environment (RIEE) (general execution environment) from accessing a secure area, and may safely defense the secure area (e.g., secure processor, secure memory) from the REE or an external device. An operating system (OS) included in the TEE may provide an important function for security that needs to be separated from an application executed in the REE”} … wherein the one or more computer programs include computer-executable instructions which, when executed by the one or more processors, cause the electronic device to: obtain, from the plurality of TEEs, capability information indicating functions that the plurality of TEEs are capable of executing and provide the capability information to an application executed in the REE so that the application identifies a TEE capable of executing a required function {Col. 2 lines 58-60, “The step of decrypting the file encryption key is performed using the first private ABE key and the set of attribute values satisfying the access policy” … claim 20, “a sender device, … the TEE comprising a private sender TEE key; and a memory containing instructions that … encrypt a file using a file encryption key; encrypt the file encryption key using a decrypted master attribute based encryption (ABE) key of the sender device and an access policy for the file, the access policy comprising a plurality of receiver attribute configurations … and send the encrypted file, the encrypted file encryption key, and the encrypted plurality of private ABE keys to the receiver (TEE), the trusted execution environment”. Examiner’s note: claimed functions could be security related (claim 7), encryption keys etc.}. GIGOV, however, does not explicitly disclose first memory, storing one or more computer programs, the first memory being connected to the one or more processors and divided into a first normal area that provides a rich execution environment (REE) and … In an analogous reference LAL discloses first memory, storing one or more computer programs, the first memory being connected to the one or more processors and divided into a first normal area that provides a rich execution environment (REE) and a first secure area {[0001], “processors may provide support for a trusted execution environment such as a secure enclave. Secure enclaves include segments of memory (including code and/or data) protected by the processor from unauthorized access including unauthorized reads and writes” … [0043], “a software-based cryptography engine is located inside a TEE and a corresponding cryptography engine is located in a device. When the device reads data from the enclave, the enclave first encrypts the data and writes it into untrusted memory (e.g., a memory buffer) outside the enclave. The device moves the encrypted data from the untrusted memory to device memory via DMA if it is PCIe connected or over the network if it is network connected”. Examiner’s note: see notes above about REE. REE is an external device} … Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify GIGOV’s technique of ‘inter TEE capability attribute/ configuration sharing’ for ‘memory partitioning for secure memory segment for TEE and unsecure memory segment for other external devices or insecure area’, as taught by LAL, in order to make multi-tenant (TEE) configuration successful. The motivation is – this architecture creates a hardware-level trust chain that isolates sensitive operations (biometrics/encryption) within TEEs, shielding them from the potentially compromised REE. By securely bridging multiple TEEs, the system allows complex applications to execute correctly and efficiently. All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined, they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. Regarding Claim 2, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses wherein a first TEE, one of the plurality of TEEs, is configured to receive a request from the application, and wherein the one or more computer programs further include computer executable instructions that, when executed by the one or more processors individually or collectively, cause the electronic device to receive a request of a second TEE which is another one of the plurality of TEEs, the request requesting identifying and reporting of whether the first TEE has a privilege as an agent, and to provide an identification result indicating that the first TEE has a privilege as an agent to the second TEE, and wherein the second TEE is configured to execute, based on the identification result, a function corresponding to the request of the application transferred via the first TEE {GIGOV: col. 1 lines 14-18, “When data is shared with a remote device, the sender of the data may wish to control the conditions under which the receiver may access the data. Existing techniques for controllable, revocable, fine-grained permissioned data sharing rely on cloud-based systems” … col. 2 lines 19-21, “the response further comprises a key attestation report comprising a device identifier of the receiver device”. Examiner’s note: cited agent’s accesses permission is a user’s access permission between TEEs}. Regarding Claim 3, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses wherein the application is configured to recognize, based on the capability information, a TEE for executing a required function from among the plurality of TEEs, and to request the recognized TEE to execute the required function {GIGOV: Col. 2 lines 58-60, “The step of decrypting the file encryption key is performed using the first private ABE key and the set of attribute values satisfying the access policy” … claim 20, “a sender device, … the TEE comprising a private sender TEE key; and a memory containing instructions that … encrypt a file using a file encryption key; encrypt the file encryption key using a decrypted master attribute based encryption (ABE) key of the sender device and an access policy for the file, the access policy comprising a plurality of receiver attribute configurations … and send the encrypted file, the encrypted file encryption key, and the encrypted plurality of private ABE keys to the receiver (TEE), the trusted execution environment”. Examiner’s note: claimed functions could be security related (claim 7), encryption keys etc.}. Regarding Claim 4, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses wherein the first memory is volatile memory, and the electronic device comprises second memory, which is connected to the one or more processors and is non-volatile memory divided into a second normal area that provides the REE and a second secure area that provides the plurality of TEEs {LAL: [0013], “A machine-readable storage medium may be embodied as any storage device, mechanism, or other physical structure for storing or transmitting information in a form readable by a machine (e.g., a volatile or non-volatile memory, a media disc, or other media device)}, and wherein the one or more computer programs further include computer executable instructions that, when executed by the one or more processors individually or collectively, cause the electronic device to obtain the capability information, based on a fact that the plurality of TEEs are loaded from the second secure area to the first secure area {LAL: [0013], “as instructions carried by or stored on a transitory or non-transitory machine-readable (e.g., computer-readable) storage medium, which may be read and executed by one or more processors” … [0021], “the memory 130 may be communicatively coupled to the processor 120 via the I/O subsystem 124, which may be embodied as circuitry and/or components to facilitate input/output operations with the processor 120, the memory 130, and other components of the computing device 100”}. Regarding Claim 5, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses wherein the one or more computer programs further include computer-executable instructions that, when executed by the one or more processors individually or collectively, cause the electronic device to obtain the capability information, based on a fact that the plurality of TEEs are installed in the first memory {GIGOV: Col. 2 lines 58-60, “The step of decrypting the file encryption key is performed using the first private ABE key and the set of attribute values satisfying the access policy” … claim 20, “a sender device, … the TEE comprising a private sender TEE key; and a memory containing instructions that … encrypt a file using a file encryption key; encrypt the file encryption key using a decrypted master attribute based encryption (ABE) key of the sender device and an access policy for the file, the access policy comprising a plurality of receiver attribute configurations … and send the encrypted file, the encrypted file encryption key, and the encrypted plurality of private ABE keys to the receiver (TEE), the trusted execution environment”}. Regarding Claim 6, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses a communication circuit, wherein the one or more computer programs further include computer executable instructions that, when executed by the one or more processors individually or collectively, cause the electronic device to: receive capability information of a TEE installed in a cloud edge network via the communication circuit, and provide the received capability information to the application {GIGOV: col. 23 lines 1-11, “use a server, such as server 110 (which may be a network or cloud server or platform), to enable always-available active access features of an access policy 528. This server or platform may be referred to as a “dynamic policy server”, and an access policy having one or more active access options enabled may be referred to as a “dynamic policy”. The server 110 may be configured to receive notifications on behalf of the sender device 120 and relay the notifications to the sender device 120 when it becomes available”. Examiner’s note: without communication circuitry a cloud/ network can’t communicate with end-devices or intra cloud}. Regarding Claim 8, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses wherein the one or more processors comprise a normal processor for executing the REE {GIGOV: Fig. 3 & col. 8 lines 21-35, “The processor device 156 may be, for example, a processor, a microprocessor, a digital signal processor, an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a dedicated logic circuitry, a dedicated artificial intelligence processor unit, or combinations thereof”} and a first secure processor for executing at least one of the plurality of TEEs, and wherein the electronic device comprises a second secure processor for executing at least one of the plurality of TEEs {GIGOV: col. 6 lines, 8-12, “A trusted, secure environment, such as a trusted execution environment (TEE) of a processor device, exists within the sender device 120 (shown as sender TEE 130) and the receiver device 150 120 (shown as receiver TEE 160)”}. Regarding Claim 9, GIGOV as modified by LAL discloses all the features of claim 1. The combination further discloses a first processing module configured to support a root of trust (RoT) function to one of the plurality of TEEs {GIGOV: col. 1 lines 52-56, “A trusted hardware module on the receiver side may provide a root of trust to authorize access to locally-stored data at the receiver. Access policy enforcement may be protected against software exploits by enforcing the policy cryptographically”}; a second processing module configured to support a trustable user interface to another one of the plurality of TEEs {GIGOV: col. 6 lines 25-29, “The sender device 120 may also include one or more optional input/output (I/O) interfaces 132, which may enable interfacing with one or more optional input devices 134 and/or optional output devices 136”}. Regarding claim 10, claim 10 is claim to a method using the device of claim 1. Therefore, claim 10 is rejected for the reasons set forth for claim 1. Regarding claim 11, claim 11 is a dependent claim of claim 10, claim 11 is claim to method using the device of claim 2. Therefore, claim 11 is rejected for the reasons set forth for claim 2. Regarding claim 12, claim 12 is a dependent claim of claim 10, claim 12 is claim to method using the device of claim 3. Therefore, claim 12 is rejected for the reasons set forth for claim 3. Some of dependent claims have used words in different order or paraphrased but inventive concept remains same as cited device claims. Regarding claim 13, claim 13 is a dependent claim of claim 10, claim 13 is claim to method using the device of claim 4. Therefore, claim 13 is rejected for the reasons set forth for claim 4. Some of dependent claims have used words in different order or paraphrased but inventive concept remains same as cited device claims. Regarding claim 14, claim 14 is a dependent claim of claim 10, claim 14 is claim to method using the device of claim 5. Therefore, claim 14 is rejected for the reasons set forth for claim 5. Some of dependent claims have used words in different order or paraphrased but inventive concept remains same as cited device claims. Regarding claim 15, claim 15 is a dependent claim of claim 10, claim 15 is claim to method using the device of claim 6. Therefore, claim 15 is rejected for the reasons set forth for claim 6. Some of dependent claims have used words in different order or paraphrased but inventive concept remains same as cited device claims. Regarding Claim 17, GIGOV as modified by LAL discloses all the features of claim 10. The combination further discloses receiving capability information of a TEE installed in a cloud edge network via a communication circuit of the electronic device; and providing the received capability information to the application {GIGOV: Fig. 1 & col. 6 lines 8-12, “A trusted, secure environment, such as a trusted execution environment (TEE) of a processor device, exists within the sender device 120 (shown as sender TEE 130) and the receiver device 150 (shown as receiver TEE 160) … claim 20, “a sender device, … the TEE comprising a private sender TEE key; and a memory containing instructions that … encrypt a file using a file encryption key; encrypt the file encryption key using a decrypted master attribute based encryption (ABE) key of the sender device and an access policy for the file, the access policy comprising a plurality of receiver attribute configurations … and send the encrypted file, the encrypted file encryption key, and the encrypted plurality of private ABE keys to the receiver (TEE), the trusted execution environment”}. Regarding claim 18, claim 18 is a dependent claim of claim 12, claim 18 is claim to method using the device of claim 6. Therefore, claim 18 is rejected for the reasons set forth for claim 6. Some of dependent claims have used words in different order or paraphrased but inventive concept remains same as cited device claims. Regarding claim 19, claim 19 is claim to a non-transitory computer-readable storage media using the device of claim 1. Therefore, claim 19 is rejected for the reasons set forth for claim 1. Regarding claim 20, claim 20 is a dependent claim of claim 19, claim 20 is claim to non-transitory computer-readable storage media using the device of claim 2. Therefore, claim 20 is rejected for the reasons set forth for claim 2. Claims 7 & 16 are rejected under AIA 35 U.S.C. 103 as being unpatentable over GIGOV; Nikolay et al. (US 11,347882 B2) in view of LAL, Reshma et al. (US 2024/0073013 A1) and further in view of REESE; Kenneth W. et al. (US 2020/0167775 A1). Regarding Claim 7, GIGOV as modified by LAL discloses all the features of claim 1. The combination, however, does not explicitly disclose a sensor and a camera, wherein at least one of the plurality of TEEs executes a function related to security by using the sensor and the camera. In an analogous reference REESE discloses a sensor and a camera, wherein at least one of the plurality of TEEs executes a function related to security by using the sensor and the camera {[0031], “The TEE 115 is an EE that runs alongside but is isolated from the REE. The TEE 115 has security capabilities and meet certain security related requirements. The TEE 115 protects TEE 115 assets from general software attacks, defines rigid safeguards as to data and functions that a program can access, and resists a set of defined threats” … [0034], “the one or more sensors may include one or more biometric sensors, such as an infrared heart rate monitoring device, a fingerprint or handprint scanning device, a face and/or an eye scanning device (e.g., a camera or other like image sensor)”}. Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify GIGOV’s technique of ‘inter TEE capability attribute/ configuration sharing’ for ‘memory partitioning for secure memory segment for TEE and unsecure memory segment for other external devices or insecure for ‘including use of sensors and camera for implement applications in TEE and REE environment’, as taught by REESE, in order to defend data intrusion. The motivation is - this architecture creates a hardware-level trust chain that isolates sensitive operations (biometrics/encryption) within TEEs, shielding them from the potentially compromised REE. By securely bridging multiple TEEs, the system allows complex applications to use sensors and cameras without exposing raw data to the insecure external OS, balancing robust isolation with high-performance usability. Regarding claim 16, claim 16 is a dependent claim of claim 10, claim 16 is claim to method using the device of claim 7. Therefore, claim 16 is rejected for the reasons set forth for claim 7. Some of dependent claims have used words in different order or paraphrased but inventive concept remains same as cited device claims. Conclusion Following prior art has been considered but is not applied: TSIRKIN; Michael et al. (US 11,343,082 B2) – Resource sharing for trusted execution environments: “Processors 214 may interact with storage devices 212 and provide one or more features defined by or offered by trusted systems, trusted computing, trusted computing base (TCB), trusted platform module (TPM), hardware security module (HSM), secure element (SE), other features, or a combination thereof” … “Computing device 110B may use the same processor and storage device to establish multiple instances of trusted execution environment 120. Each instance of a trusted execution environment (e.g., TEE instance, TEEi) may be established for a particular set of one or more computing processes and may be associated with a particular memory encrypted area” … “Applications may be programs executing with user space privileges and may be referred to as application processes, system processes, services, background processes, or user space processes. A user space process (e.g., user mode process, user privilege process) may have lower-level privileges that provide the user space process access to a user space portion of data storage without having access to a kernel space portion of data storage”. Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034 or Quazi.farooqui@USPTO.GOV. The examiner can normally be reached on Monday-Friday 9:00 am to 5:30 pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bill Korzuch can be reached on (571) 272-7589 or William.Korzuch@USPTO.GOV. The fax phone number for Examiner Farooqui assigned is 571-270-2034. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /QUAZI FAROOQUI/ Primary Examiner, Art Unit 2491
Read full office action

Prosecution Timeline

Feb 06, 2025
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683781
Quantum vault for protecting secrets against quantum computing
2y 3m to grant Granted Jul 14, 2026
Patent 12682099
INFORMATION PROCESSING APPARATUS, SERVICE PROVIDING SYSTEM, AND METHOD TO MODIFY A LICENSE BASED ON USAGE
2y 2m to grant Granted Jul 14, 2026
Patent 12683806
ANONYMOUS EVENT ATTESTATION
1y 10m to grant Granted Jul 14, 2026
Patent 12671571
SYSTEMS AND METHODS FOR SUPPORT OF SECURITY FOR SIDELINK COMMUNICATION AND POSITIONING
2y 3m to grant Granted Jun 30, 2026
Patent 12664283
MANAGEMENT CONTROLLER RESOURCE USAGE BY A SECURITY PROCESSOR
2y 2m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
83%
Grant Probability
98%
With Interview (+14.9%)
2y 7m (~1y 2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 459 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month