DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to communication filed 12/18/2020.

Status of Claims
Claims 1-2, 7-8, 19-20 and 22-25 are currently amended.
Claims 3, 9 and 21 are hereby canceled.
Claims 37-39 are newly added.
Thus, claims 1-2, 4-8, 10- 12, 19-20, 22-26 and 37-39 are pending in this patent application.

Response to Arguments
Claim 1 is amended to recite “encrypting terminal identifier data using a preset key to obtain a first encrypted data; obtaining authentication data from a secure memory area, wherein the secure memory area is set on the baseband chip of the terminal and configured to store the authentication data carries the first encrypted data to ensure the terminal security, and wherein the secure memory area is isolated from another memory area of the terminal” and claims 7, 19 and 25 recite similar amendments.

1) Rejection under 35 U.S.C. 102 
Remarks: page 12.

Applicant’s arguments with respect to newly amended claims 1, 7, 19 and 25 relevant to 35 U.S.C. 102 rejection of claims 1-2, 7-8, 19-20, and 25-26 anticipated by Rogers (US2014/0372743A1) have been considered but are moot because the new ground(s) of rejection does not rely on Rogers as applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Rogers discloses in a specific implementation “the security program software stores credentials on a device or registers identity for future reactivation.  In a specific implementation, the stored credentials are directly stored on portion of device memory that is not erased during a data clear process (e.g., special writable partition).  There can be a secure element (e.g., TPM, or portion of processor, e.g., TrustZone) used to generate (or receive from server) and store a private key or certificate described above, so that it is not accessible to ordinary applications.  In this specific implementation, when logging into server, the secure element provides signed token or secure element used to sign credentials to be sent to server” – Rogers: par. 0060 – Note: “a portion of processor, e.g., TrustZone” is equivalent to “the 


2) Rejections under 35 U.S.C. 103 
 
2-a) Applicant argues that “the combination of Rogers and Fitzgerald fails to disclose all of the limitations set forth in claims 1, 7, 19, and 25, and consequently does not render obvious claims 1-2, 4-8, 10-12, 19-20, and 22-26…Fitzgerald does not store the authentication data carries the encrypted terminal identifier data on a secure memory area isolated from another memory area of the terminal. The memory storage device of Fitzgerald is not an independent isolated memory area on a baseband chip of the terminal” – Remarks: pages 13-15.

Applicant's arguments with respect to newly amended claims 1, 7, 19 and 25 relevant to Rogers in view of Fitzgerald (US2009/0253408A1) have been fully considered but are moot because the new ground(s) of rejection does not rely on Fitzgerald (individually) or Rogers in view of Fitzgerald as applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 

2-b) Regarding claims 4, 6, 10, 12, 22 and 24 rejected under 35 U.S.C. 103 (Rogers, US2014/0372734A1 in view of Mahaffey, US2016/0066189A1), Mahaffey and/or Rogers in view of Mahaffey have not been separately argued.



As such, in light of amendments, an updated search has been conducted and claims 1-2, 4-8, 10-12, 19-20, 22-26 and 37-39 are rejected as follows.

Claim Objections
Claims 1, 7, 19 and 25 are objected to because of the following informalities:  
Claim 1 is amended to recite “obtaining authentication data from a secure memory area, wherein the secure memory area is set on the baseband chip of the terminal and configured to store the authentication data carries the first encrypted data to ensure the terminal security, and wherein the secure memory area is isolated from another memory area of the terminal”. Similar amended limitations are recited in 7, 19 and 25.
For examination, this limitation is read “obtaining authentication data from a secure memory area, wherein the secure memory area is set on the baseband chip of the terminal and configured to store the authentication data, wherein the authentication data comprises/carries the first encrypted data to ensure the terminal security, and wherein the secure memory area is isolated from another memory area of the terminal”.
Appropriate correction or clarification is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 1-2, 7-8, 19-20 and 25-26 are rejected under 35 U.S.C. 103 as being unpatentable over Rogers, US2014/0372734A1 in view of Song, US2015/0095652A1.

Per claim 1, Rogers discloses a method performed by a baseband chip of a terminal to ensure a terminal security (the security program software stores credentials on a device or registers identity for future reactivation.  In a specific implementation, the stored credentials are directly stored on portion of device memory that is not erased during a data clear process (e.g., special writable partition).  There can be a secure element (e.g., TPM, or portion of processor, e.g., TrustZone) used to generate (or receive from server) and store a private key or certificate described above, so that it is not accessible to ordinary applications – Rogers: par. 0060).
Rogers is not relied on to individually disclose but Rogers in view of Song discloses combined features comprising: 
encrypting terminal identifier data using a preset key to obtain a first encrypted data (a secure chip may be disposed in a device, and the device may use a storage space of the secure chip as the second-type storage space.  The secure chip is a trusted platform module – Song: par. 0232 and 0237 and 0238); and 
obtaining authentication data from a secure memory area, wherein the secure memory area is set on the baseband chip of the terminal and configured to store the authentication data carries the first encrypted data to ensure the terminal security, and wherein the secure memory area is isolated from another memory area of the terminal” (After the device is powered on and started for the first time, the device may read the device running data and the first digital signature from the second storage space; perform digest calculation on the read device running data to obtain a digest of the read device running data, where a used digest algorithm is the same as a digest algorithm used at the manufacture stage – Song: par. 0242 - Note: a TPM type secure chip disposed in a device inherently provides an “isolated” storage and processing space).
Rogers further discloses sending a status query request to a security management server, the status query request carries the authentication data, used by the security management server to determine an identity of the terminal (In a step 362, after the factory reset, the security program--having survived--the factory reset, transmits to a server a request to verify ownership of the mobile device.  The request may be transmitted as soon as the device boots, i.e., upon boot …The request includes a device ID associated with the mobile device to permit the server to check the device ID against a registry and determine the device status  – Rogers: par. 0079-0080 and 0083 – Note: The registry further stores a status of the device such as whether the device has been reported missing or stolen);
receiving a status response from the security management server based on the identity of the terminal (In a step 363, a communication responsive to the request to verify ownership is received from the server…The content of the communication depends on the result of the server's check of the device ID against the registry – Rogers: par. 0085-0086); and
activating, based on the status response, a preset protection policy when the terminal is in a missing claiming state (if the mobile device was reported as stolen the communication may include a command to lock the mobile device, an alert to inform the current user of the device that the device has a registered user, or both…a communication 366A includes alerting a current user of the mobile device that the device has a registered user.  For example, a message may be displayed on a screen of the device so as to notify the current user that the device has a registered user.  The message may include directions for the current user to follow in order to return the device to the registered user…A communication 366B includes a command to the security program to lock the device.  Locking the device can include disabling some or all the features of the device.  For example, when the device is locked, the unauthorized user may be presented with a lock screen that requires a password to remove – Rogers: par. 0086-0090).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Rogers in view of Song to include encrypting terminal identifier data using a preset key to obtain a first encrypted data; and 
One of ordinary skill in the art would have been motivated because it would allow to “determine whether the digest of the read device running data is consistent with the decrypted digest.  If consistent, the device may determine that the device running data is not tampered, and further, run a related function with the device running data for the first time; and if inconsistent, the device determines that the device running data is tampered, and further, performs an operation, for example, sends an alarm signal or discards the device running data”– Song: par. 0242.

Per claim 7, it recites a method, performed by a terminal (Rogers: Fig. 2) to ensure a terminal security comprising the method steps as set forth in the method of claim 1.
Therefore, claim 7 is rejected based on the same analysis and the same motivation to combine as set forth in the rejection of claim 1 above.

Per claim 19, Rogers recites a baseband chip, comprising:
a secure memory area set on the baseband chip and configured to store data to ensure terminal security (the security program software stores credentials on a device or registers identity for future reactivation.  In a specific implementation, the stored credentials are directly stored on portion of device memory that is not erased during a data clear process  – Rogers: par. 0060).
Rogers is not relied on to individually disclose but Rogers in view of Song discloses a processor coupled to the secure memory area and configured to: encrypt terminal identifier data using a preset key to obtain the first encrypted data (a secure chip may be disposed in a device, and the device may use a storage space of the secure chip as the second-type storage space.  The secure chip is a trusted platform module (TPM), which can automatically encrypt data stored in the chip…the device may read the first key from the first storage space, and encrypt the digest of the device running data with the first key to obtain a first digital signature…the device may also store the first digital signature in the second storage space – Song: par. 0232 and 0237 and 0238); and 
obtain authentication data from the secure memory area, wherein authentication data carries the first encrypted data stored into the secure memory area (After the device is powered on and started for the first time, the device may read the device running data and the first digital signature from the second storage space; perform digest calculation on the read device running data to obtain a digest of the read device running data, where a used digest algorithm is the same as a digest algorithm used at the manufacture stage – Song: par. 0242), and wherein the secure memory area is isolated from another memory area of the terminal (Note: 
Rogers further discloses a transmitter coupled to the secure memory area and the processor and configured to send a status query request to a security management server, wherein the status query request carries the authentication data, used by the security management server to determine an identity of the terminal (In a step 362, after the factory reset, the security program--having survived--the factory reset, transmits to a server a request to verify ownership of the mobile device.  The request may be transmitted as soon as the device boots, i.e., upon boot …The request includes a device ID associated with the mobile device to permit the server to check the device ID against a registry and determine the device status (e.g., OK or STOLEN) – Rogers: par. 0079-0080 and 0083 – Note: The registry further stores a status of the device such as whether the device has been reported missing or stolen); and
a receiver coupled to the secure memory area, the processor and the transmitter and configured to receive a status response from the security management server based on the identity of the terminal (mobile communications device 305 may include a display 310 (e.g., touchscreen or touch-sensitive display), one or more cameras 315, a global positioning system (GPS) receiver 320, microphone 325, baseband processor 325, subscriber identity module or SIM card 330, storage component 340, communication chipsets (e.g., WiFi, Bluetooth, NFC, FM, or RF), transceivers, transmitters, receivers, power management chip, processor, memory, removable memory card, acceleration sensor, antenna, battery, and other components that may be found in a smartphone or tablet computing device…In a step – Rogers: par. 0085-0086), and 
the processor being further configured to activate, based on the status response, a preset protection policy when the terminal is in a missing claiming state (if the mobile device was reported as stolen the communication may include a command to lock the mobile device, an alert to inform the current user of the device that the device has a registered user, or both…a communication 366A includes alerting a current user of the mobile device that the device has a registered user.  For example, a message may be displayed on a screen of the device so as to notify the current user that the device has a registered user.  The message may include directions for the current user to follow in order to return the device to the registered user…A communication 366B includes a command to the security program to lock the device.  Locking the device can include disabling some or all the features of the device.  For example, when the device is locked, the unauthorized user may be presented with a lock screen that requires a password to remove – Rogers: par. 0086-0090).
Therefore, claim 19 is rejected based on the same analysis and the same motivation to combine as set forth in the rejection of claim 1 above. 

Per claim 25, it recites a terminal, comprising the features of claim 19.
Therefore, claim 25 is rejected based on the same analysis and the same motivation to combine as set forth in the rejection of claim 19 or claim 1 above.

Per claims 2, 8, 20, and 26, Rogers-Song discloses features of claims 1, 7, 19 and 25 respectively, wherein the authentication data further comprises first authentication token, and wherein before obtaining the authentication data from the secure memory area, the method further comprising: 
receiving the first authentication token data from an application processor of the terminal (an authentication token provided by a server (e.g., such as that provided by Google or Apple's authentication systems) may be stored on the device – Rogers: par. 0059 – Note: a client app in communication with a server such as Google or Apple is inherent); and 
saving the first authentication token data to the secure memory area (There can be a secure element (e.g., TPM, or portion of processor, e.g., TrustZone) used to generate (or receive from server) and store a private key or certificate described above, so that it is not accessible to ordinary applications.  In this specific implementation, when logging into server, the secure element provides signed token or secure element used to sign credentials to be sent to server – Rogers: par. 0060).

2.	Claims 4, 6, 10, 12, 22, 24, 37 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Rogers, US2014/0372734A1 in view of Song, US2015/0095652A1 as applied to claims 1, 7, 19 and 25, further in view of Mahaffey, US2016/0066189A1.

Per claims 4, 10, 22 and 37, Rogers-Song discloses features of claims 1, 7, 19 and 25 respectively. 

sending a control instruction query request carrying, the authentication data to the security management server (an application or widget loaded on the client computer is used to present a user interface to the user.  The user interface may provide some or all of the functionality provided by the web page displayed on the client computer.  The application or widget contains presentation logic and communicates with the server via an API.  The application or widget sends a request to the server in order to retrieve information from the server for display…the information requested by the application or widget and returned by the server may contain data such as: a list of devices accessible by the user, status information relating to a device, or a list of devices in a group managed by the user that are determined to be lost or stolen… Preferably, the server 111 will only allow the user to perform tasks after he or she has supplied authorized credentials 251.  The server 111 may require authentication information such as a user name, password, biometric data, or other security-related information. If the user is authorized, the server 111 retrieves previously stored information about the mobile device 101 for which remote access is sought.  The server 111 then generates a remote access web page corresponding to the mobile device 101 that is accessible by the client computer 233 and includes a user interface 253 which provides remote access to the mobile device 101 – Mahaffey: par. 0090 and 0091); 
receiving a remote control instruction from the security management server (The client computer 233 can request one or more actions to be performed by the mobile device 255,  – Mahaffey: par. 0092); 
executing a target operation corresponding to the remote control instructions (If the mobile device is not able to receive or process the command(s), the remote access web page can indicate that communication with the device is being attempted.  The server will continue to attempt to send a given command to the mobile device until the mobile device successfully completes the command, the command is manually cancelled, or the command cancelled through some setting established by the server software 117- Mahaffey: par. 0092-0093); and 
returning, to the security management server, an execution result obtained after the target operation is executed (When the mobile device 101 receives the command(s) from the server 111, the local software component 175 on the mobile device 101 initiates the commanded action(s) 261.  The local software component 175 then monitors the commanded action and prepares reports on the action's status 263.  The mobile device 101 continues to check if the commanded action has been completed 265 and, if desired, transmits updated command status 263 back to the server 111.  The command status is interpreted and updated information may be displayed on the web page 271.  In an embodiment, the reports are only prepared when the commanded action has completed successfully or has failed, but not while it is in progress – Mahaffey: par. 0095).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Rogers-Song further in view of Mahaffey 
One of ordinary skill in the art would have been motivated because it would allow “remotely detecting and responding to the loss or theft of a mobile communications device” – Mahaffey: par. 0002, wherein the system explicitly “allows both users and administrators to obtain remote access to a lost or stolen mobile device in order to secure the stored data, locate the mobile device, and provide feedback that confirms that the desired actions have successfully been executed” – Mahaffey: par. 0007.

Per claims 6, 12, 24 and 38, Rogers-Song discloses features of claims 1, 7, 19 and 25 respectively, wherein the preset protection policy comprises: prompting, in an alerting manner, that the terminal is in the missing claiming state (In a step 363, a communication responsive to the request to verify ownership is received from the server.  A communication may be referred to as an instruction, command, notification, or alert.  The communication may be received at the mobile device (step 364), at a different client device (step 365), or at the mobile device and the other client device.  The communication received at the mobile device and the communication received at other client device may be the same or different – Rogers: par. 0085 – Note: The owner or authorized user may specify multiple recipients.  For example, the owner or authorized user may specify a law enforcement agency, relatives, friends, 
Rogers-Song is not relied on to explicitly disclose but Mahaffey discloses prompting, in an alerting manner, that the terminal is in the missing claiming state (The server returns the information in a structured format such as XML or JSON, so that the application or widget is able to display the information in an arbitrary manner.  For example, the information requested by the application or widget and returned by the server may contain data such as: a list of devices accessible by the user, status information relating to a device, or a list of devices in a group managed by the user that are determined to be lost or stolen – Mahaffey: par. 0090).
The same motivation to modify Rogers-Song further in view of Mahaffey as applied to claim 4 above applies here.

3.	Claims 5, 11 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Rogers, US2014/0372734A1 in view of Song, US2015/0095652A1 as applied to claims 1, 7 and 19, further in view of deCharms, US2014/0368601A1.

Per claims 5, 11 and 23, Rogers-Song discloses features of claims 1, 7 and 19 respectively, wherein the preset protection policy comprises:
(A communication 366C includes a command for the device to determine and track its geographical location.  The geographical location may be transmitted to the server so that the device can be located – Rogers: par. 0089).
Rogers-Song is not relied on to disclose but deCharms discloses encrypting the current location information of the terminal to obtain second encrypted data (the user device 402 determines its location (501) (e.g., determining GPS coordinates, determining micro-location),…and packages the obtained data (location, audio/video, sensor data, other data) for secured and verified transmission to the responder device 404 and, concurrently, to the data storage system 403 (505)… information transmitted between the user and responder, or recorded by the user or responder, may be encrypted using digital encryption, and may also include a custom digital watermark or timestamp or location stamp that may also use encryption to verify the identity and time of transmission of the user, responder or both. – deCharms: par. 0126 and 0128); and 
sending the second encrypted data to the security management server (The user device 402 can transmit the packaged data to the responder device 404 and to the data storage system 403 (506).  The responder device 404 can update the presentation of information about the user based on the received data, such as displaying the received user video, audio, and data (511) and updating a display of the current location of the user device 402 (512) – deCharms: par. 0129).

One of ordinary skill in the art would have been motivated because it would allow to “provide a means of verification of information transmission, for example for the use in verifying from when and where and what user this information was transmitted.  This may be used later to verify this information for use as evidence” deCharms: par. 0128 – Note: encrypted location-stamped packaged data collected and provided by the user device to the responder device is secured and admissible in a court of law as forensic evidence.

4.	Claim 39 is rejected under 35 U.S.C. 103 as being unpatentable over Rogers, US2014/0372734A1 in view of Song, US2015/0095652A1 as applied to claim 25 above, further in view of Buck, US2014/0187202A1.

Per claim 39, Rogers-Song discloses the terminal of claim 25. 
Rogers-Song is not relied on to explicitly disclose but Buck discloses wherein the terminal activates the preset protection policy when a value of a flag bit is set to 1 (FIG. 5 illustrates a process 300 for using the security component 230 to facilitate finding device 200 after it has been lost or stolen… Process 300 waits for the detection of a defined trigger event in step 302.  When a defined trigger event is detected in step 302, a response is generated by the security component 230 and transmitted to a specified destination device via the a flag may be set and the special security mode entered into by device 200 in step 310 – Buck: par. 0044-0047).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Rogers-Song further in view of Buck to include wherein the terminal activates the preset protection policy when a value of a flag bit is set to 1.
One of ordinary skill in the art would have been motivated because it would allow entering to a special security mode for “wiping some or all of the data from the device 200; backing up some or all the data on the device; or substituting a "fake" set of data into the file system of the device” – Buck: par. 0048. It would further allow “to prevent a person who has stolen the phone from being able to access the real data, and by providing data that looks  – par. 0049.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533.  The examiner can normally be reached on Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/AREZOO SHERKAT/            Examiner, Art Unit 2434                                                                                                                                                                                            /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434