DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
Claims 1-7, 16-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to nonelected inventions, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 10/6/2020.  Examiner notes that claims in the response were filed without indicating (withdrawn) or (previously presented); however, in lieu of issuing a nonresponsive amendment, Examiner will enter the claims and examine the elected group, as discussed with Applicant’s Representative per interview dated 2/1/2021.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/12/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 5/27/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 10/9/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claim 8 is objected to because of the following informalities:  
Claim 8 missing the word “and” prior to final limitation (e.g. “and passing the data…”)
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8, 12-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma (PGPUB 2017/0054563), and further in view of Potlapally et al (PGPUB 2016/0149921).

Regarding Claim 8:
Verma teaches a method to secure a controllable device using a gateway device (abstract, gateway device (GD) for securely obtaining health information from personal medical device (PMD)), wherein the gateway device includes at least a partially trusted processor and partially trusted memory on a System on Chip (SoC) device which operates within a trusted execution environment (paragraph 13, processor of GD includes secure area such as trusted execution environment (TEE); paragraph 15, gateway application executed in secure area of GD; paragraph 16, core circuitry of GD comprises ROM, RAM, CPU, etc.; paragraph 17, ROM and RAM include trusted execution environment or other secure area and comprise single electronically erasable memory), the method comprising: 
(paragraph 33, baseband/RF circuitry, TX/RX switch, WiFi/Bluetooth transceivers, and USB interface comprise communications interface that enables GD to communicate wired or wirelessly with PMDs and relying system (RS); paragraph 37, gateway application establishes connection with PMDs and begins collecting data; data is therefore received by communications interfaces);
transporting the received data to the trusted execution environment (paragraph 37, gateway application collects data from PMD sensors; paragraph 13, 15, 33, gateway application executed in secure area of GD, comprising TEE; data therefore transported from interface circuitry to TEE);
filtering the received data using an application layer gateway within the trusted execution environment (paragraph 13, 15, gateway application, i.e. “application layer gateway”, executed within TEE; paragraph 37-38, gateway application collects and aggregates information collected from PMD sensors; when triggering event occurs, e.g. threshold number of measurements or measurement (data) with threshold value (e.g. blood pressure below certain level), data is sent by gateway application to RS; detecting threshold value in received data is filtering policy; triggering event combined with alarm message relating to triggering action; paragraph 39, alarm message causes RS to take specified action); and
passing the data to a peripheral device that functions as a communicatory gateway between the controllable device and the SoC device (paragraph 33, baseband/RF circuitry, TX/RX switch, WiFi/Bluetooth transceivers, and USB interface comprise communications interface that enables GD to communicate wired or wirelessly with PMDs and RS; interface therefore comprises peripheral device providing communications gateway between GD and RS; paragraph 39, RS takes specified action as a result of receiving alarm, and is therefore controllable device).
Verma does not explicitly teach passing the data to a trusted peripheral device that functions as a communicatory gateway between the controllable device and the SoC device.
(paragraph 10, trusted peripheral card, e.g. network interface card (NIC); authorized host can remotely connect to trusted peripheral using secure and authenticated network connection in order to run functions on the host to which the peripheral is attached; paragraph 26, trusted peripheral incorporates trusted platform module (TPM) functionality; paragraph 29, trusted peripheral provided on host device; privileged security and management functionality provided via the peripheral; processor of peripheral configured to communicate with host, application running on host, etc., as well as centralized management service, host, or other such component; processor of trusted peripheral device collects information from host and returns that information to centralized manager); and
Verma teaches wherein the host device is the SoC device (paragraph 13, 15-17, as above).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the trusted peripheral device teachings of Potlapally with the gateway device teachings of Verma, in order to improve security by providing a device for performing communication between endpoint systems which provides verifiable attestation functionality allowing relying parties to prove authenticity and integrity of endpoint platforms and hosts, as well as provide additional cryptographic functionality, such as offloading data encryption.

Regarding Claim 12:
Verma in view of Potlapally teaches the method of claim 8.  In addition, Verma teaches wherein the data includes one or more of commands or confidential information (paragraph 38-39, aggregated information send from gateway application to RS, including alarm message which directs RS to take specified action).

Regarding Claim 13:
Verma in view of Potlapally teaches the method of claim 8.  In addition, Verma teaches the method further comprising a watchdog counter that causes the gateway device to (paragraph 44, PMD enters sleep mode after period of inactivity; gateway application determines PMD has entered sleep mode upon expiration of an activity timeout timer): 
reset or receive an update from a remote service upon the watchdog counter timing out (paragraph 44, gateway application determines PMD has entered sleep mode upon expiration of an activity timeout timer; upon determination that PMD has entered sleep mode, GD deletes shared key being used to communicate with PMD, i.e. resets a remote service); or 
reset or receive the update from the remote service at a time selected by the gateway device.

Regarding Claim 14:
Verma in view of Potlapally teaches the method of claim 13.  In addition, Verma teaches wherein the watchdog counter times out when an event is not periodically satisfied (paragraph 44, timeout timer is activity timeout timer, i.e. a lack of activity causes timer to timeout; generally, “activity” can be considered an “event”).

Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Potlapally, and further in view of Brandwine et al (US 10,027,678).

Regarding Claim 9:
Verma in view of Potlapally teaches the method of claim 8.  

However, Brandwine teaches the concept wherein a trusted peripheral device is configured to utilize proprietary protocol mechanisms that are unique to a controllable device and different from protocol mechanisms used within transmitted data (col 2 line 16-35, peripheral device with intelligence to determine level of trust; depending on trust level of environment, peripheral enables/disables trust based features such as device access and authentication requirements; peripheral is therefore trusted peripheral; col 8 line 42-57, functions communicate with PCI endpoint port using proprietary bus protocol which defines transaction format for commands, e.g. read/write commands; col 8 line 12-21, port is physical interface to manage incoming and outgoing transactions; col 18 line 5-30, peripheral device receives packets and modifies contents before forwarding packets to another device; col 20 line 1-25, bus interface module enables communication with external entities using standard or proprietary bus protocol; col 20 line 38-63, device includes hardware for communicating with a network using network protocol stack, e.g. 802.11 wireless).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the multiple protocol teachings of Brandwine with the gateway device teachings of Verma in view of Potlapally, in order to improve device compatibility by incorporating a multitude of device communication protocols, thereby allowing the peripheral to be used in a wide variety of technical environments.

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Potlapally, and further in view of Vetillard (PGPUB 2014/0317686).

Regarding Claim 10:
Verma in view of Potlapally teaches the method of claim 8.
While Verma teaches the use of shared session keys in a “secure” communication (paragraph 43), neither Verma nor Potlapally explicitly teaches wherein the data is cryptographically secured before entering the gateway device and while traversing through at least a portion of the gateway device.
However, Vetillard teaches the concept wherein data is cryptographically secured before entering a gateway device and while traversing through at least a portion of the gateway device (paragraph 25, trusted execution environment (TEE) comprising TEE proxy executed on device; device therefore considered gateway device; TEE proxy provides trusted communication channel between trusted applications and client applications; paragraph 58, content exchanged with TEE proxy encrypted for confidentiality/integrity; therefore, gateway device receives cryptographically secured data which traverses at least a portion of the gateway device (e.g. interface to proxy application)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted data teachings of Vetillard with the gateway device teachings of Verma in view of Potlapally, in order to improve security by incorporating methods of encrypting data which protect the confidentiality of transferred data, and prevent malicious agents from obtaining data in transit which was meant to be private or secret.

Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Potlapally, and further in view of Bajikar (PGPUB 2005/0108532).

Regarding Claim 11:
Verma in view of Potlapally teaches the method of claim 8.

However, Bajikar teaches wherein a trusted peripheral device is configured to only receive data from and transmit data to an outgoing port on a gateway device which operates within a trusted execution environment (paragraph 8, trusted channel within computer system for SIM device; data exchanged between application in trusted platform (i.e. gateway), and SIM device (i.e. trusted peripheral); paragraph 31, embodiment wherein SIM device transmits data to protected memory of chipset using trusted port; trusted driver then accesses data from protected section of memory).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the trusted data port teachings of Bajikar with the gateway device teachings of Verma in view of Potlapally, in order to protect communications between a peripheral device and a trusted environment by limiting data transport to a specific trusted port, thereby preventing interception by malicious applications in an untrusted environment.

Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verma in view of Potlapally, and further in view of Kabenjian (US 6,834,351).

Regarding Claim 15:
Verma in view of Potlapally teaches the method of claim 14.
Neither Verma nor Potlapally explicitly teaches wherein the watchdog counter is satisfied upon receipt of an encrypted token from the remote service.
However, Kabenjian teaches the concept wherein a watchdog counter is satisfied upon receipt of an encrypted token from a remote service (col 13 line 41-51, function provided by information handling system waits for receipt of command to provide function; when token counter equal to zero, function disabled unless encrypted token is received; col 14 line 58-col 15 line 7, having broadcast token request, token request engine waits for receipt; timer times out after predetermined period wherein token has not been received; when timer expires, request is renewed or function disabled; when token is received, token counter is reset and function is enabled).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted token teachings of Kabenjian with the gateway device teachings of Verma in view of Potlapally, in order to prevent tampering or alteration of the received tokens and to enable secure authentication and validation of the token provider prior to resetting or updating the associated timer or watchdog counter.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Muttik (PGPUB 2016/0330172) teaches a proxy and data store operating in a trusted execution environment (e.g. Fig. 2).
Belrose et al (PGPUB 2011/0003580) teaches a trusted gateway that filters communications to a trusted peripheral SIM/UICC (e.g. paragraph 32).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814.  The examiner can normally be reached on 9:00AM-5:30PM M-F.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491