Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 19 recites the limitation "authenticating the secondary part" in 4th line of the claim 19. There is insufficient antecedent basis for this limitation in the claim. The limitation "authenticating the secondary part" should be fixed as "authenticating the secondary portion." For the purpose of the examination, the examiner interprets the authenticating the secondary part" as "authenticating the secondary portion."

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 4-6 and 11 are rejected under 35 U.S.C. 102(a)(1) & (2) as being anticipated by Worsley (United States Patent US 9064117), hereinafter Worsley.

Regarding claim 1, Worsley teaches a memory system, comprising: a memory device (“Provisioning service/authority” 104 in Fig. 1) suitable for storing an encrypted (Col. 4 Lines 20-29, “ The provisioning service/authority 104 may perform various authentication and administrative functions…the provisioning service/authority 104 may store a plurality of various different target computer configuration, including boot images.” Col. 4 Lines 49-54 “The provisioning service/authority 104 may store or generate credentials 126 for eventual distribution to provisioning devices and target computers. Credentials may comprise information such as keys, passwords, and so forth, to allow other devices and computers to subsequently authenticate 104 with the provisioning service/authority.” Col. 8 Lines 26-31 “The credentials 126 or other security information may also be generated by the provisioning service/authority 104 in this initialization process, and transferred to the provisioning device 102. In some situations, credentials and security information may be embedded in the boot images 134.”Col. 4 Lines 26-29 “A system loader is a relatively small program that can be used in initial stages of booting a computer, and which is often configured to load and execute a larger, higher-level operating program.” Loader images and system images, which are interpreted as an encrypted first boot image including first firmware are stored in the provisioning service/authority as shown in Fig. 1 and 2A. A small program of a system loader for initial stages of booting is interpreted as a first firmware included in the first boot image. Credentials such as keys, passwords, and so forth for authenticating the target computer and images is interpreted as a second authentication key for decrypting the encrypted second boot image.) and 
a controller (“Target computer” 106 Fig. 1) suitable for controlling the memory device (Col. 9 Lines 8-13 “During the authentication procedure, the target computer 106 contacts the provisioning service/authority 104 and uses the previously provided credentials 126 to perform authentication between the target computer and the provisioning service/authority 104.” Also, as shown in Fig. 2D, and col 9 Lines 23-26, the target computer 106 or a controller sends a request to download the system loader or loader image to the provisioning service/authority 104 and perform authentication, which is interpreted as controlling the memory device to send the boot images and perform authentication. Thus, the target computer with a processors,  memory, and network interface is suitable for controlling the provisioning service/authority or the memory device.) and including: a boot memory provided with a boot loader (“firmware” 134 in Fig. 1. Col. 5 Lines 23-29 “The target computer 106 may also have firmware 134, containing low-level boot instructions that are the first instructions executed by the target computer 106 upon star-t up. Upon execution during computer startup, the firmware 134 may load and execute a bootloader or system loader, which in turn accesses the memory 130 to initiate execution of the execution image 132.” Col. 5 Lines 44-45 “The firmware 134 is typically stored in a form of non-volatile memory such as programmable flash memory.” The firmware to initiate the execution image 132 in non-volatile memory of the target computer is interpreted as a boot memory provided with a boot loader.) and a first authentication key for decrypting the encrypted first boot image, (Fig. 2C 126 Credentials. As shown in Fig. 2B the credentials for the images 138(a)-(c) are provided from the provision device is interpreted as a first authentication key for decrypting the encrypted first boot image.)
one or more first processing blocks each of which includes a first core, one or more second processing blocks each of which includes a second core, (Col. 12 Lines 52-53 “the operating logic of the target computer 106 may comprises one or more processors 128.” Processors 128 are interpreted as a first processing block including a first core and a second processing block including a second core.)
a buffer memory (“Provision Device” 102 in Fig. 1. As shown in Fig. 1, provision device stores images A-C 138(a)-(c), credentials, and various logics in memory 110.)

Regarding claim 2, Worsley teaches wherein during a booting operation, the one or more first processing blocks initialize themselves by executing the boot loader to load the encrypted first boot image into the buffer memory, (Col. 9 Lines 7-13 “FIG. 2C illustrates an authentication procedure implemented by the loader image 202 and performed upon execution of the loader image 202. During the authentication procedure, the target computer 106 contacts the provisioning service/authority 104 and uses the previously provided credentials 126 to perform authentication between the target computer and the provisioning service/authority 104.” Col. 5 Lines 23-29 “The target computer 106 may also have firmware 134, containing low-level boot instructions that are the first instructions executed by the target computer 106 upon start-up. Upon execution during computer startup, the firmware 134 may load and execute a bootloader or system loader, which in turn accesses the memory 130 to initiate execution of the execution image 132.” Fig. 2A & 2B. As discussed above, at the start up of the target device, the firmware initialize itself for executing a bootloader of system loader. As shown in Fig. 2A, 2B, & 2C, the system loader with credential is provided from the provisioning service/authority 104 to the provisioning device, which is interpreted as the buffer memory.)
decrypting the encrypted first boot image based on the first authentication key, and driving the first firmware of the decrypted first boot image. (Fig. 2B. As shown in Fig. 2B, based on the credential or the first authentication key, the encrypted first boot image is executed or decrypted to load system image, which includes small program used in initial stages of booting as disclosed in Col. 4 Lines 25-29.)

Regarding claim 4, Worsley teaches wherein the encrypted first boot image includes the first authentication key. (Col. 9 Lines 1-6 “Credentials, from the credentials 126, may be embedded in the loader image 202, transferred along with the loader image 202, or transferred to the target computer 106 in a subsequent data exchange as the target computer executes the loader image 202.” As discussed above in claim 2, the credential, which is interpreted as the first authentication key, is used to authenticate the boot image. Furthermore, the credentials are embedded in the loader image, which is interpreted as the encrypted first boot image includes the first authentication key.) and wherein the one or more first processing blocks decrypt the encrypted first boot image according to a first result of comparison between the first authentication key of the encrypted first boot image and the first authentication key of the boot memory. (Col. 9 Lines 36-41 “the loader image 202 may be configured to contain or specify one or more of the credentials 126, and the system loader may be configured to present the credentials to the provisioning service/authority 104 to authenticate the target computer 106 with the provisioning service/authority 104.” Col. 12 Lines 19-24 “such security credentials may be contained or indicated by a boot image provided to the target computer 106 for booting. The security credentials may be used by the target computer 106 for subsequent provisioning activities. The boot image may also indicate or include an identification of a provisioning server.” As discussed above, the loader image or a boot image embedded with credentials is provided to the target computer, which is also shown in Fig. 2B and 2C. Then, using the credentials in the target computer, which is interpreted as the first authentication key of the boot memory. Then the credentials and/or the security information of the boot image embedded with the credentials are used to authenticate the loader image and the system image. Also, by providing an identification of the target computer to the provisioning service/authority, which compares the identification of the target computer provided by the target computer with the identification of the target computer stored in the provisioning service/authority, the target computer is authenticated for the boot image.)

Regarding claim 5, Worsley teaches wherein a select first processing block, among the one or more first processing blocks, extracts the first authentication key from the encrypted first boot image by performing a set operation. (As discussed above, and shown in Fig. 2A-D and 3, the credential or the first authentication key embedded in the boot image is extracted or authenticated by performing communication between the provisioning device, provisioning service/authority, and the target computer, which is interpreted as a set operation.)

Regarding claim 6, Worsley teaches wherein the one or more first processing blocks end an operation, when the first result of comparison reveals that the first authentication keys do not coincide with each other. (Col. 14 Lines 7-8, “Similarly, the provisioning service/authority can ensure that it provisions only authorized target computers.” As discussed above in claim 4, the authentication is performed by comparing the credential or the identification embedded in with the boot image with the credential or the identification stored in the boot memory. Furthermore, the authentication by comparison only authorizes the communication with the target computer, which is interpreted as not authenticated target computer being not allowed or authorized to communicate. Thus, the failure of the authorization by comparison ends an booting operation.)

Regarding claim 11, Worsley teaches wherein the second authentication key is included in the encrypted first boot image. (Col. 9 Lines 49-54 “the loader image 102 may be configured upon execution to configure the firmware 134 of the target computer, and to embed the credentials 126 and an address or identification of the provisioning service/authority 104 in the firmware 134. The firmware 134 may be configured to utilize this information in subsequent startups.” Col. 8 Lines 27-31 “The credentials 126 or other security information may also be generated by the provisioning service/authority 104 in this initialization process, and transferred to the provisioning device 102. In some situations, credentials and security information may be embedded in the boot images 134.” As shown in Fig. 1, the memory includes image A, B, and C, (138(a)-(c)) and Credentials 125. Each image is provided with credential or each image is embedded with credentials and security information. Credential embedded in the image is interpreted as the second authentication key in the encrypted first boot image.)

Allowable Subject Matter

Claims 3, and 7-10 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claims 12-18 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:  Worsley teaches a device to provide authentication keys and encrypted boot images with processing blocks including cores. However, Worsley does not teach a second authentication key to decrypt the encrypted second boot image loaded into the buffer memory. 
Zimmer et al. (United States Patent Application Publication US 2004/0064457) teaches a secure platform comprising a processor and a first memory containing a plurality of components. The components are authenticated sequentially by passing control of the authentication to the next core component. However, Zimmer does not 
Spangler et al. (United States Patent US 8386763) teaches a system and method to verify each stage of boot code. Especially, each verified stage of boot code verify the subsequent stage of boot code. However, Spangler does not teach to load the second boot image and the second authentication key loaded into the buffer memory.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768.  The examiner can normally be reached on Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/H.K./Examiner, Art Unit 2187                          

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187