Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 2 is objected to because of the following informalities:  “in ressponse to” in the 5th line of the claim 2. “ressponse” should be fixed as “response.” Appropriate correction is required.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.


Claims 1 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over JANG et al. (United States Patent Application Publication US 2014/0164725), hereinafter JANG, in view of Kessler et al. (United States Patent Application Publication US 2013/0254906), hereinafter Kessler.

Regarding claim 1, JANG teaches a method comprising receiving a boot command to boot a computing system in one of a secure mode or an unsecure mode; ([0116] “if the electronic apparatus is turned on at operation S610, the CPU 130 determines whether to perform secure boot or normal boot at operation S615. That is, if power is switched on, the CPU 130 goes to a reset vector and fetches an instruction.” At the beginning of the booting process, the electronic apparatus, which is interpreted as a computing system, determines secure boot or normal boot by fetching an instruction, which is interpreted as a boot command to boot in one of a secure mode or an unsecure mode.)
in response to determining from the boot command to boot the computing system in the secure mode: ([0118] “If the first memory 110 is designated, it is determined that secure boot is performed at operation S615: Y. If the secure boot is performed, the CPU 130 accesses the first memory 110 at operation S625 and detects initialization data at operation S630. Prior to this, the CPU 130 may prohibit access to itself via an external port.” As shown in Fig. 6, as security boot is determined at S615, the computing system boots in a security boot based on the instruction by the CPU, which is interpreted as in response to determining from the boot command to boot the computing system in the secure mode.)
validating a boot image for the computing system via a secure verification code that is blocked from write access when the computing system is booted in the unsecure mode; ([0121] “If secure boot mode is set, the CPU 130 performs decryption and authentication using an encryption key which is stored in the first memory 110 at operation S640. The decryption and the authentication may be performed according to the above-described various algorithms (e.g., DES, TDES,AES, SEED, RSA,ARIA, etc.).” S640 to decrypt and authenticate encrypted data of non-volatile memory, such as a boot code, using an encryption key at S640 is interpreted as validating a boot image for the computing system via a secure verification code. [0044] “the MAK 340 (FIG. 1) may be designed so that it cannot be read out or changed.” [0061] “if the authentication of the secure earliest boot code 273-C fails, the secure internal writable
memory 230 instructions execute an unsecure code 281 with an appropriate error indication. The unsecure code 281 may also be executed if authentication of updates to secure keys fails...the unsecure code 281 may be used to offer limited access to the processor 100 resources. For example, the unsecure code may be used to offer limited usage/testing to a user that does not have access to the secure earliest boot code 273-C or Secure Keys 271-C.” Fig. 3 430 “Authenticate Secure Code” 440 “Yes”, 445 “Execute Secure Code”, 450 “No”, 455 “Provide restricted access to the processor cores”. Using an encryption key, which is a secure verification code, the boot code or the boot image for the computing system is authenticated, which is interpreted as validating a boot image for the computing system. The decryption and the authentication key are not changed, which is interpreted as a secure verification code that is blocked from write access. Furthermore, the key or the secure verification code, stored in the secure memory is not accessible when the authentication fails resulting executing unsecure code, which is interpreted as when the computing system is booted in the unsecure mode.) in response to successfully validating the boot image: continuing to boot the computing system in the secure mode according to the boot image. (Fig. 6 S635 S640 As shown in Fig. 6, after validating the boot image in the security boot as shown in Fig. 6 S645, the booting process in the secure boot mode is continued disclosed in the Fig. 6.)
However, JANG does not teach in response to successfully validating the boot image: allowing write access to the secure verification code.
Kessler teaches in response to successfully validating the boot image: allowing write access to the secure verification code; ([0025] “At startup time, instructions stored in the internal memory 220 load a secure earliest boot code 273-C from the external memory 210….The secure earliest boot code 273-C is authenticated, by a secure earliest boot code authenticator 273-A, using an authentication key.” [0030] “The secure memory 270 may further include a secure keys update code authenticator 272-A. The secure keys update code authenticator 272-A may be used to authenticate information (hereinafter generally referenced to as secure keys update code 272-C) for updating the secure keys 271-C. The secure keys update code 272-C can also update secure keys update code 272-C and/ or the secure earliest boot code 273-C.” After the secure boot code is authenticated, which is interpreted as in response to successfully validating the boot image, the secure keys update code updates secure keys update code, which is interpreted as allowing write access to the secure verification code.) 
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG by incorporating the teaching of Kessler to allow writing access to the secure verification code in response to successfully validating the boot image. They are all directed toward secure booting. Kessler improves upon JANG by incorporating the teaching of Kessler to allow access to the secure verification code in response to successfully validating the boot image. In order to improve the security of the software and hardware, the secure verification code needs to be updated. After validating the boot image using the secure verification code, the access to update the secure verification code is authenticated in order to ensure the security. Therefore, it would be advantageous to incorporate the teaching of Kessler to allow access to the secure verification code in response to successfully validating the boot image in order to improve the security.

	Regarding claim 14, the claim 14 is the instruction included in a computer readable storage medium of the method claim 1. The claim 14 does not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler teaches all the limitations of the claim 14.

s 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler as applied to claims 1 and 14 above, and further in view of Underwood et al. (United States Patent Application Publication US 2020/0050478), hereinafter Underwood, and further in view of JREIJ et al. (United States Patent Application Publication US 2019/0042754), hereinafter JREIJ, and further in view of Ibrahim et al. (United States Patent Application Publication US 2011/0131403), hereinafter Ibrahim.

Regarding claim 2, JANG in view of Kessler teaches all the limitations of the method of claim 1, as discussed above. 
However, JANG in view of Kessler does not teach after booting the computing system in the secure mode according to the boot image, receiving a second boot command indicating to boot the computing system in the unsecure mode; booting the computing system a second time in the unsecure mode in ressponse to the second boot command according to the boot image.
Underwood teaches after booting the computing system in the secure mode according to the boot image, receiving a second boot command indicating to boot the computing system in the unsecure mode; ([0172] “a reboot is performed through a soft reset command.” [0177] “all protected mode execution packets having complete successfully, in which case the protected status bit is set to SUCCESS;”…[0178] “the MCU then triggers a soft reset to exit protected mode and reboot in normal mode.” After finishing the protected mode, which is interpreted as after booting the computing system in the secure mode according to the boot image, a soft reset command to reboot the system into normal mode after booting the system in the secure mode is interpreted as receiving a second boot command indicating to boot the computing system in the unsecure mode.) booting the computing system a second time in the unsecure mode in ressponse to the second boot command according to the boot image([0172] “a reboot is performed through a soft reset command.” [0177] “all protected mode execution packets having complete successfully, in which case the protected status bit is set to SUCCESS;”…[0178] “the MCU then triggers a soft reset to exit protected mode and reboot in normal mode.” After finishing the protected mode, the system is reboot into normal mode, which is interpreted as a after booting the system in the secure mode, booting the system a second time in the unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler by incorporating the teaching of Underwood of booting the system in the unsecure mode after booting the system in the secure mode. As recognized by Underwood, within data processing systems, e.g., where an accelerator is controlled to perform desired processing operations by a host processor using one or more command streams, it is desired to achieve more secure processing of protected content. ([0005]) 
However, JANG in view of Kessler and further in view of Underwood does not teach receiving an updated boot image for the computing system while in the unsecure mode.
Ibrahim teaches receiving an updated boot image for the computing system while in the unsecure mode. ([0062] “The method 400 begins, at 405, by receiving and storing the updated firmware external to the chip. A computer system may be operating in a non-secure normal mode when the updated firmware is received.” The updated firmware, which is interpreted as an updated boot image for the computing system, is received in a non-secure normal mode, which is interpreted as receiving an updated boot image while in the unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Underwood by incorporating the teaching of Ibrahim to receive an updated boot image for the computing system while in the unsecure mode. They are all directed toward security in the computing system. Ibrahim JANG in view of Kessler and further in view of Underwood to receive an updated firmware in the non-secure normal mode. When the updated firmware or the boot image is available in unsecure mode, the computing system receives the updated boot image without transitioning to the secure mode, which may not need to be installed immediately. In the following booting, the authentication of the firmware can be confirmed. Thus, the time to unnecessary transition to the secure mode can be avoided, which may further improve user experience by not being interrupted from the unnecessary transition. Therefore, it would be advantageous to incorporate the teaching of Ibrahim to receive an updated boot image for the computing system while in the unsecure mode in order to improve user experience and save time by avoiding unnecessary transition between the secure mode and the unsecure mode.
However, JANG in view of Kessler and further in view of Underwood, and further in view of Ibrahim does not teach after rebooting the computing system in the unsecure mode at the second time, receiving a third boot command indicating to boot the computing system in the secure mode according to the updated boot image; in response to determining from the third boot command to boot the computing system in the secure-mode, booting the computing system in the secure mode at a third time according to the updated boot image; validating the updated boot image for the computing system via the secure verification code; and in response to unsuccessfully 
JREIJ teaches after rebooting the computing system in the unsecure mode at the second time, receiving a third boot command indicating to boot the computing system in the secure mode according to the updated boot image; ([0042] “in response to identifying the request, BMC 144 triggers a reboot of the system. During the DXE phase of the next boot of IHS 100 the boot path is initiated using the original UEFI image (e.g., UEFI image 306a). The boot/image loader then performs a secure authentication process on the new UEFI image (e.g., UEFI image 306b) using a corresponding cryptographic value (e.g., cryptographic value 334a).” After booting a system, when a reboot is triggered, a secure boot process is performed, which is interpreted as after rebooting the system in the unsecure mode, booting the system in the secure mode.) in response to determining from the third boot command to boot the computing system in the secure-mode, booting the computing system in the secure mode at a third time according to the updated boot image; ([0049] “In one embodiment, BMC 144 triggers the reboot immediately after authorizing the second image and updating the current boot path…the reboot may be delayed by an amount of time (which can be predetermined or may be established by user input)…In response to rebooting IHS 100, the image loader automatically initializes the current boot path, which now utilizes the second image as the primary boot image.” BMC triggering the reboot is interpreted as in response to determining from the third boot command. As discussed above, the secure boot process from the triggered reboot is interpreted as to boot the computing system in the secure-mode. Furthermore, in response to the third boot command, the second image is used to boot the computing system, which is interpreted as booting the computing system in the secure mode at the third time according to the updated boot image.) validating the updated boot image for the computing system via the secure verification code; ([0049] “In response to identifying the request, BMC 144 initializes pre-authentication process to authenticate the second boot image ( e.g., UEFI image 306b) using a corresponding cryptographic value (e.g., cryptographic value 334a), as described above.” The second boot image, which is interpreted as the updated boot image for the computing system, is authenticated or verified by a corresponding cryptographic value or the secure verification code.) and in response to unsuccessfully validating the updated boot image, failing system boot in the secure mode for the computing system. ([0046] “In response to being unable to authenticate the second image, BMC 144 issues a notification, such as an error message that indicates that the authentication of the second boot image has failed and/or that the updating of the current boot path has failed, to an error log and/or at least one output _device (e.g., a monitor).” When the boot image is not authenticated, which is interpreted as in response to unsuccessfully validating the boot image, the current boot path fails, which is interpreted as failing system boot.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Underwood, and further in view of Ibrahim by incorporating the teaching of JREIJ. They are all directed toward security in the computing device. JREIJ further improves upon JANG in view of Kessler and further in view of Underwood, and further in view of Ibrahim by incorporating validating the updated boot image, booting the system in the secure mode with the updated boot image and failing system boot in the secure mode in response to unsuccessfully validating the updated boot image. As recognized by JREIJ, the updates for the boot images are necessary for a variety of reasons, such as, to enter a recovery image or to perform firmware updates to the system. ([0004]) However, if the new boot image cannot be authenticated during the boot, the system is left in a non-operational state. ([0004]) Therefore, by validating the updated image in the secure mode and booting the system with the updated image, the security and the performance of the booting process in the secure mode with validating process can be achieved. Furthermore, by failing boot in case of unsuccessfully validation of the boot image, the security of the system is assured. Therefore, it would be advantageous to incorporate the teaching of JREIJ of validating the updated boot image, booting the system in the secure mode with .

Claims 3 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler as applied to claims 1 and 14 above, and further in view of Ibrahim.

Regarding claim 3, JANG in view of Kessler teaches all the limitations of the method of claim 1, as discussed above.
Kessler further teaches when write access to the secure verification code is allowed, updating the secure verification code according to the boot image as updated. ([0025] “At startup time, instructions stored in the internal memory 220 load a secure earliest boot code 273-C from the external memory 210….The secure earliest boot code 273-C is authenticated, by a secure earliest boot code authenticator 273-A, using an authentication key.” [0030] “The secure memory 270 may further include a secure keys update code authenticator 272-A. The secure keys update code authenticator 272-A may be used to authenticate information (hereinafter generally referenced to as secure keys update code 272-C) for updating the secure keys 271-C. The secure keys update code 272-C can also update secure keys update code 272-C and/ or the secure earliest boot code 273-C.” After the secure boot code is authenticated, which is interpreted as in response to successfully validating the boot image, the secure keys update code updates secure keys update code, which is interpreted as allowing write access to the secure verification code.)
However, JANG in view of Kessler does not teach before booting the computing system in the secure mode, updating the boot image when the computing system was booted in the unsecure mode. 
Ibrahim teaches before booting the computing system in the secure mode, updating the boot image when the computing system was booted in the unsecure mode. ([0062] “The method 400 begins, at 405, by receiving and storing the updated firmware external to the chip. A computer system may be operating in a non-secure normal mode when the updated firmware is received.” The updated firmware, which is interpreted as an updated boot image for the computing system, is received in a non-secure normal mode, which is interpreted as receiving an updated boot image while in the unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler by incorporating the teaching of Ibrahim to receive an updated boot image for the computing system in the unsecure mode before booting the computing system in the secure mode. They are all directed toward security in the computing Ibrahim further improves upon JANG in view of Kessler to receive an updated firmware in the non-secure normal mode. When the updated firmware or the boot image is available in unsecure mode, the computing system receives the updated boot image without transitioning to the secure mode, which may not need to be installed immediately. In the following booting, the authentication of the firmware can be confirmed. Thus, the time to unnecessary transition to the secure mode can be avoided, which may further improve user experience by not being interrupted from the unnecessary transition. Therefore, it would be advantageous to incorporate the teaching of Ibrahim to receive an updated boot image for the computing system while in the unsecure mode in order to improve user experience and save time by avoiding unnecessary transition between the secure mode and the unsecure mode.

Regarding claim 16, the claim 16 is instructions of the method claims 3 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claim 16 does not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Ibrahim teaches all the limitations of the claim 16.

s 4, 5, 8, 13, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler as applied to claims 1 and 14 above, and further in view of Starkweather et al. (United States Patent Application Publication US 2001/0041831), hereinafter Starkweather.

Regarding claim 4, JANG in view of Kessler teaches all the limitations of the method of claim 1, as discussed above.
However, JANG in view of Kessler does not teach wherein the boot image is stored on a first Serial Electrically Erasable Programmable Read-Only Memory (SEEPROM) device and the secure verification code is stored on a second SEEPROM device separate from the first SEEPROM device.
Starkweather teaches wherein the boot image is stored on a first Serial Electrically Erasable Programmable Read-Only Memory (SEEPROM) device ([0069] “This bootloader program in turns loads a second stage bootloader program into the RAM of each processor IC from the SEEPROMs that are attached to each, respectively.” A bootloader program stored in the SEEPROMs is interpreted as the boot image is stored on a first SEEPROM device.) and 
the secure verification code is stored on a second SEEPROM device separate from the first SEEPROM device. ([0103] “Downloading may be initiated by using a inbound load start message that includes an overall validation code (e.g. CRC) for the program that is to be downloaded (i.e. software image) along with its normal message validation code ( e.g. CRC) that is used to confirm that the start download message itself was properly received. The software may be downloaded from a non-volatile memory module (e.g. a SEEPROM) in the external communication device, or from a second external device, that holds implantable device software.” An validation code, which is interpreted as the secure verification code, is downloaded from a SEEPROM in the external communication device, which is interpreted as a second SEEPROM device separate from the first SEEPROM device.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler by incorporating the teaching of Starkweather of SEEPROM devices storing the boot image and the secure verification code. As recognized by Starkweather, some program code, i.e. algorithms are incapable of changing or updating after manufacturing and implantation. ([0004]) By storing the program code in the SEEPROM device, which can be re-written and will not be erased even without power, the program code can be updated. Furthermore, by using the secure verification code stored in the SEEPROM device, the security of the program code can be achieved. Therefore, it would be advantageous to incorporate SEEPROM devices storing the boot image and the secure verification code in order to securely update the program codes.

5, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the method of claim 4, as discussed above.
Starkweather further teaches in response to detecting an execution of the secure verification code not called by the secure boot engine, throwing an instruction storage exception. ([0088] “If the calculated CRCs do not match the image CRCs transmitted with their respective inbound start download messages, an error message is sent to indicate that there was a failure, and the system control remains with the bootloader software (i.e. the system remains in bootloader mode).” When CRCs do not match the image CRC, which is interpreted as in response to detecting an execution of the secure verification code not called by the secure boot engine, an error message is sent, which is interpreted as throwing an instruction storage exception.)

Regarding claims 17 and 18, the claims 17 and 18 are instructions of the method claims 4 and 5 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claims 17 and 18 do not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the claims 17 and 18.

8 and 13, the claims 8 and 13 are the apparatus claims of the method claims 1, 4 and 5. The claims 8 and 13 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the claims 8 and 13.

Claims 6, 7, 9-11, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler and further in view of Starkweather as applied to claims 4, 8, and 18 above, and further in view of Underwood.

Regarding claim 6, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the method of the claim 4, as discussed above. Starkweather further teaches the second SEEPROM device (SEEPROM)
However, JANG in view of Kessler and further in view of Starkweather does not teach wherein the second SEEPROM device is blocked from write access when the computing system is booted in an unsecure mode.
Underwood teaches wherein the second SEEPROM device is blocked from write access when the computing system is booted in an unsecure mode. ([0043] “the memory may be configurable to have both protected memory that is not readable by the operating system when it is operating in a non-secure mode” [0114] “the protected mode suspend buffer isn't readable/writable in normal mode (but is readable/writable in protected mode).” The protected memory is not readable/writable in a non-secure mode or normal mode, which is interpreted as blocked from write access when the computing system is booted in an unsecure mode. The combination of the teaching of Starkweather of the second SEEPROM and the teaching of Underwood of the memory that is blocked from write access in an unsecure mode is interpreted as the second SEEPROM is blocked from write access in an unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Starkweather by incorporating the teaching of Underwood of memory that is block from write access in an unsecure mode. As recognized by Underwood, within data processing systems, e.g., where an accelerator is controlled to perform desired processing operations by a host processor using one or more command streams, it is desired to achieve more secure processing of protected content. ([0005]) By blocking write access in an unsecure mode, the protected contented in the memory can be protected from contaminating any protected content from attacks. Therefore, it would be advantageous to incorporate of memory that is block from write access in an unsecure mode in order to improve security of the protected contents from the attacks.

Regarding claim 7, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the method of the claim 4, as discussed above.
JANG teaches in response to successfully validating the boot image via the secure verification code, changing a status of a secure verification bit from a first state to a second state. ([0127] “If secure boot is to be performed, a '1' may be recorded on the third memory 140.” [0131] “If system preparation (e.g., at least the decryption and authentication of the decrypted data) is completed, the CPU 130 stores a second value (for example, '0') to enable the access to CPU in the first register 155-1. The storage value of the second register 160-1 of the second circuit 160 may also be changed.” When the decryption and authentication of the decrypted data is completed, which is interpreted as in response to successfully validating the boot image via the secure verification code, a first value of “1” or a first state of a status of a secure verification bit is changed to a second value or a second state.) and resetting the secure verification bit from the second state to the first state prior to continuing to boot the computing system in the secure mode. ([0132] “if system preparation is completed, the CPU 130 records a control value (for example, '1 ') to disable the access to the first memory 110 on the second register 160-1, and blocks data of all regions of the first memory 110 from being read out. If the storage value of the second register 160-1 is changed to '1 ', the output value of the second circuit 160 is changed to' 1'.” Then, and the secure verification bit or the value stored in the register is changed to 1 from 0, which is interpreted as resetting the secure verification bit from the second state to the first state. After resetting the security verification bit, the boot process in other following circuits are performed in a secure mode, which is interpreted as prior to continuing to boot the computing system in the secure mode.)
Starkweather further teaches wherein the secure verification bit is defined on the second SEEPROM device at an address that is addressable by the secure verification code, ([0075] “The first several bytes of the SEEPROM contain memory address destination values, program packet length values, and an additive checksum that are used by the bootloader in loading software from the SEEPROM, confirming accurate loading, and executing the loaded software.”)
However, JANG in view of Kessler and further in view of Starkweather and further in view of JREIJ does not teach wherein a portion of the second SEEPROM device including the secure verification code is blocked from write access when the secure verification bit is in the first state.
Underwood teaches wherein a portion of the second SEEPROM device including the secure verification code is blocked from write access when the secure verification bit is in the first state; ([0043] “the memory may be configurable to have both protected memory that is not readable by the operating system when it is operating in a non-secure mode”)

Regarding claims 9-11, the claims 9-11 are the apparatus claims of the method claims 2, 6 and 7. The claims 9-11do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather and further in view of Underwood teaches all the limitations of the claims 9-11.

Regarding claims 19 and 20, the claims 19 and 20 is instructions of the method claims 6 and 7 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claims 19 and 20 do not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather and further in view of Underwood teaches all the limitations of the claims 19 and 20.

Response to Arguments

Applicant’s arguments, see Remarks, filed 12/17/2020, with respect to “Claim Objections” have been fully considered and are persuasive.  The claim objection of claims 8-10 and 13 has been withdrawn. 

Applicant’s arguments, see Remarks, filed 12/17/2020, with respect to the rejection of claims 1 and 14 under 35 U.S.C. 102 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of JANG, Kessler, and Ibrahim. 
JANG teaches a system to perform a secure boot or a normal boot. Furthermore, JANG teaches a decryption and authentication of encrypted data of non-volatile memory using encryption key in a secure boot mode. Kessler teaches loading a secure code at startup time and authenticating the program code using as authentication key. Furthermore, Kessler teaches a secure keys update code to update secure keys. Ibrahim teaches verifying firmware for update. Especially, Ibrahim teaches receiving the updated firmware in the normal mode and authenticating the updated firmware in the next secure mode.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768.  The examiner can normally be reached on Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/H.K./Examiner, Art Unit 2187         

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187