DETAILED ACTION
Response to Amendment
Applicant’s amendment, filed 12/28/20, for application number 15/572,624 has been received and entered into record.  Claims 2-4 and 6-8 have been amended and Claims 1 and 10 were previously cancelled.  Therefore, Claims 2-9 are presented for examination.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2, 3, 5, and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Tobita et al., US Pat. Appln. Pub. No. 2008/0092210 in view of Estakhri et al., US Pat. No. 5,606,660.
Regarding Claim 2, Tobita discloses a method for trusted booting of a programmable logic controller (PLC) [using the method of Fig. 2], comprising: 
at a factory initialization stage: 
initializing a self-firmware verification, comprising integrally checking firmware information on a basis of a trusted root provided by chip hardware [program 202, used in the manufacturing process (i.e. factor initialization stage) contains tampering check/decryption processing section 54, which performs a function of checking the encrypted firmware input for tampering and decrypting the encrypted firmware using the vendor unique information V in the chip of CPU 11, par 52]; 
reading firmware information, comprising loading a nonvolatile memory of the PLC onto a hardware carrier, and then reading firmware information in the nonvolatile memory [program 202, used in the manufacturing process (i.e. factory initialization stage) contains tampering check/decryption processing section 54, which performs a function of checking the encrypted firmware input for tampering and decrypting the 
conducting an integrity check, comprising computing the read firmware information in the nonvolatile memory for verifying the PLC through an integrity check algorithm [program 202, used in the manufacturing process (i.e. factory initialization stage) contains tampering check/decryption processing section 54, which performs a function of checking the encrypted firmware input for tampering and decrypting the encrypted firmware using the vendor unique information V in the chip of CPU 11; the firmware is stored in the firmware storage section 101, which corresponds to nonvolatile memory 15 (i.e. the memory is loaded), par 52; Fig. 1; par 28, ll. 1-2]; and 
storing verification results of the integrity check in a one-to-one corresponding mode in a trusted region [after the tampering check and decryption, the re-encryption/tampering check data addition processing section 55 performs a function of again encrypting the firmware subjected to the tampering check and decryption, and adds tampering check data to the firmware, and the storage processing section 56 stores the re-encrypted firmware in the firmware storage section 101; data is added to the firmware, and as only one firmware is being added, only a one-to-one method is possible, par 52, 53, 54]; and 
at an operation starting stage: 

reading firmware information, comprising loading a nonvolatile memory of the PLC onto a hardware carrier, and then reading firmware information in the nonvolatile memory [using program 203, which is used after shipment, i.e. at the operating starting stage when user has received the device, the tampering check/decryption processing section 58 performs a function of checking the encrypted firmware read by the reading processing section 57 for tampering and decrypting the encrypted firmware using the chip unique information C; the firmware is received (i.e. read) from firmware storage section 101, par 58, Fig. 7]; 
conducting an integrity check, comprising computing the read firmware information in the nonvolatile memory for verifying the PLC through an integrity check algorithm [program 203, which is used in shipment (i.e. at the operating starting stage when user has received the device) contains tampering check/decryption processing section 58, which performs a function of checking the encrypted firmware input for tampering and decrypting the encrypted firmware using the chip unique information C; 
conducting trusted authentication, comprising: comparing verification results 2PATENT USSN: 15/572,624 Atty Dckt No.: 034563.016 of the integrity check at the operation stage to the stored verification results in the trusted region [tampering check and decryption processing section 58 performs a function of checking the encrypted firmware read by processing section 57, which receives the firmware from storage 101; firmware stored in storage 101 was previously processed through program 202, and has tampering check data added through tampering check data addition processing section 55, Fig. 5, 6; par 54-58]. 
However, Tobita does not explicitly teach wherein the non-volatile storing firmware can be flash memory.
In the analogous art of firmware storage, Estakhri wherein the non-volatile storing firmware can be flash memory [firmware is stored in flash memory before it is subsequently downloaded elsewhere, col. 1, ll. 47-50].
It would have been obvious to one of ordinary skill in the art, having the teachings of Tobita and Estakhri before him before the effective filing date of the claimed invention, to incorporate the storage of firmware in flash memory as taught by Estakhri, into the method as disclosed by Tobita, as it is well-known to store firmware in flash memory to allow for flexibility in maintaining code [Estakhri, col. 1, ll. 55-60].
Regarding Claim 3, Tobita and Estakhri disclose the method according to Claim 2.  While Estakhri further discloses wherein the memory is a flash memory, Tobita further discloses trusted authentication, at the operation stage comprises comparing verification results from 
Regarding Claim 5, Tobita and Estakhri disclose the method according to Claim 2.  Tobita further discloses wherein the integrity check algorithm comprises: cooperatively designing software and hardware, grouping the software and concurrently invoking hardware for computation [using program 203, which is used after shipment, i.e. at the operating starting stage when user has received the device, the tampering check/decryption processing section 58 performs a function of checking the encrypted firmware read by the reading processing section 57 for tampering and decrypting the encrypted firmware; program 203 being software, and the hardware used to perform the software being CPU 11; the software is grouped into various program sections such as tampering check/decryption processing section 58; in order to perform the software of processing section 58, the underlying hardware would necessarily be invoked to perform the computations, Fig. 2].
Regarding Claim 7, Tobita and Estakhri disclose the method according to Claim 2.  Tobita further discloses wherein the trusted region is a secure and trusted location [firmware storage section 101 stores encrypted firmware after encryption and additional of tampering check data (i.e. data is only stored in firmware storage 101 after encryption), par 21, ll. 1-5].
Claims 4 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Tobita and Estakhri, and further in view of Rosenan, US Pat. Appln. Pub. No. 2010/0011200.
Regarding Claim 4, Tobita and Estakhri disclose the method according to Claim 2.  Tobita further discloses wherein self-firmware verification comprises integrally checking firmware information about a storage region [program 202, used in the manufacturing process (i.e. factory initialization stage) contains tampering check/decryption processing section 54, which performs a function of checking the encrypted firmware input for tampering and decrypting the encrypted firmware using the vendor unique information V in the chip of CPU 11; the tampering is performed and completed in order to determine whether tampering is present in the firmware, par 52].
However, Tobita and Estakhri do not explicitly teach the firmware information about the storage region comprising: boot information and MD5 value of an operating original program.
In the analogous art of secure booting from storage devices, Rosenan teaches the firmware information about the storage region comprising: boot information and MD5 value of an operating original program [management module and stamping UI module sign a stamp on the boot-loader firmware; signing may be done using techniques such as MD5; i.e. the boot-loader firmware necessarily contains boot information as it is the boot-loader firmware, and 
It would have been obvious to one of ordinary skill in the art, having the teachings of Tobita, Estakhri, and Rosenan before him before the effective filing date of the claimed invention, to incorporate the boot information and MD5 value as taught by Rosenan, into the method as disclosed by Tobita and Estakhri, to ensure secure boot of a computing device [Rosenan, par 6, 7].
Regarding Claim 6, Tobita and Estakhri disclose the method according to Claim 2.  
However, while Tobita discloses the integrity check, Tobita and Estakhri do not explicitly teach in the process of booting the system, conducting flow design in accordance with a loading process of a boot loader of the system.
In the analogous art of secure booting from storage devices, Rosenan teaches in the process of booting the system, conducting flow design in accordance with a loading process of a boot loader of the system [booting process according to boot loader as illustrated in Fig. 6; the booting process 600 is embedded in boot-loader firmware 282, par 103, ll. 1-3].
It would have been obvious to one of ordinary skill in the art, having the teachings of Tobita, Estakhri, and Rosenan before him before the effective filing date of the claimed invention, to incorporate the booting process as taught by Rosenan, into the method as disclosed by Tobita and Estakhri, to ensure a secure boot of a computing device [Rosenan, par 6, 7].
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Tobita and Estakhri, and further in view of Kathail et al., US Pat. No. 9,652,570.
Regarding Claim 8, Tobita and Estakhri disclose the method according to Claim 2.  However, while Tobita further discloses the self-firmware verification method at the operation start stage comprises performing verification in a check value matching manner [using program 203, which is used after shipment, i.e. at the operating starting stage when user has received the device, the tampering check/decryption processing section 58 performs a function of checking the encrypted firmware read by the reading processing section 57 for tampering and decrypting the encrypted firmware, par 58], Tobita and Estakhri do not explicitly teach booting a guidance file BOOT.BIN, a device tree devicetree.dtb, a kernel file uImage and a file system uramdisk.image.
In the analogous art of booting of a system, Kathail teaches the sequence of booting reading comprises: booting a guidance file BOOT.BIN, a device tree devicetree.dtb, a kernel file uImage and a file system uramdisk.image [software for a boot and runtime environment includes a first state boot loader, a device tree, a boot image file (Bif), a boot loader, a kernel, and a RAM disk; operating system boot files includes first stage boot loader, device tree 340, kernel 360, and Ram disk 365 (containing the file system), col. 9, ll. 3-5].
It would have been obvious to one of ordinary skill in the art, having the teachings of Tobita, Estakhri, and Kathail before him before the effective filing date of the claimed invention, to incorporate the booting as taught by Kathail into the method as disclosed by Tobita and Estakhri, as inclusion of required software to boot a system in a software package allows for simplification and reduction of the amount of time necessary in implementing a custom system, such as a system-on-chip [Kathail, col. 1, ll. 21-32].
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Tobita and Estakhri, and further in view of Auchmoody et al., US Pat. No. 9,940,069.
Regarding Claim 9, Tobita and Estakhri disclose the method according to Claim 2.  Tobita further discloses invoking a hash function in a corresponding file by the system, and computing a digest value to check whether the digest value is identical with a previously stored standard value [tampering check checks to see if a hash value provided by the predetermined computation based on the unique information matches the hash value added to the firmware, par 24, ll. 8-12]; wherein, if the values are identical, indicating that the file is complete, and giving file authorization to execute same [if hash values match, then firmware is encrypted and tampering check data is generated and added to firmware and stored in firmware storage (i.e. the tampering check data indicating that the hash values match and is permitted to be executed), par 24, ll. 15-22]; and if the values are not identical, indicating that the file is modified [if tampering is detected and hash values do not match, execution of the processing is prohibited, par 24, ll. 12-14].
However, Tobita and Estakhri do not explicitly teach if the has values do not match, deleting the file.
In the analogous art of restoring files on a system, Auchmoody teaches if the has values do not match, deleting the file [individual pages of the cache are verified; validation can occur on an individual basis as each page is loaded into memory; if there is a mismatch between the hash and checksum, the page is discarded and removed, col. 5, ll. 31-40].
It would have been obvious to one of ordinary skill in the art, having the teachings of Tobita, Estakhri, and Auchmoody before him before the effective filing date of the claimed 

Response to Arguments
Applicant’s arguments filed 12/28/20 have been considered but are moot due to the new rejection based on the references cited above.  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
Applicant is reminded that in amending a response to a rejection of claims, the patentable novelty must be clearly shown in view of the state of the art disclosed by the references cited and the objections made.  Applicant must also show how the amendments avoid such references and objections.  See 37 CFR §1.111(c).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL J YEN whose telephone number is (571)270-5047.  The examiner can normally be reached on M-F 8-5 PT.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Huynh can be reached on (571) 272-4147.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Paul Yen/Primary Examiner, Art Unit 2186