Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remarks
2.	Claims 1-20 are pending in the application.
3.	Claims 1, 8, and 15 are amended herein. 
4.	Claims 3, 5, 10, 12 and 17 are objected as being allowable.

Response to Arguments
5.	Applicant’s arguments filed on 03/18/2021, with respect to the 35 U.S.C. § 103 rejection of claims 1, 2, 4, 6-9, 11, 13-16, and 18-20 under as allegedly being obvious over U.S. Patent Application Publication No. 2015/0052616 to Hutchinson et al. (“Hutchison”) in view of U.S. Patent Application Publication No. 2017/0099604 to Raleigh et al. (“Raleigh”) have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Allowable Subject Matter
6.    Claims 3, 5, 10, 12 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
7.	Claim 1, 2, 4, 6-9, 11,13-16,18-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20150052616 hereinafter Hutchison in view of U.S. Publication No. 20170099604 hereinafter Raleigh, and further in view of U.S. Publication No. 20140089615 hereinafter Watanable.

As per claim 1, Hutchison discloses:
A method (para 0003 “Methods and systems are disclosed for operating a COTS device according to a protected mode of operation and an unprotected mode of operation.”), comprising:
by a first processor of a computing device (para 0022 “When used herein, the term COTS device may refer to any computing device capable processors.”),
obtaining a first input indicating a request to shut down the computing device (para 0035 “Methods and systems are disclosed for operating a COTS device according to a protected mode of operation and an unprotected mode of operation.” Para 0061 “For example, at 202 upon determining to transition from unprotected mode to protected mode the device may hibernate (e.g., or otherwise suspend or terminate) the COTS OS (e.g., the OS that executes while the device is in unprotected mode). The termination of the COTS OS may be performed such that the unprotected mode session is not saved (e.g., the native OS is completely shutdown and/or the operating image of the native OS is deleted or disregarded).”);
validating an image associated with a second processor of the computing device (para 0011 “The TM may include a processor configured to independently determine the proper challenge response based on an expected state of the volatile memory of the untrusted device and one or more challenge parameters included in the challenge request para 0069 “The Secure OS may be configured to interact with a TM/reference monitor in order to validate that the Secure OS was properly instantiated (e.g., prevent unauthorized data and/or executable from the native COTS OS from persisting across the transition to Protected Mode), validate that the Secure OS operates correctly and/or according to expectations during the period in which the device operates in Protected Mode.”),
wherein the second processor image is stored in a memory location associated with the second processor (para 0049 “At 106, once the image of the Secure OS has been loaded on the device, the device may operate in protected mode using the Secure OS.” Para 0070 “For example, the TM may inspect the memory regions of the device that include the image of the Secure OS, memory regions associated with applications running on the Secure OS, and/or unused memory regions (e.g., unused RAM). By inspecting the volatile memory regions that may be operated on by the device during protected mode operation, the TM may ensure that malware or other malicious programs do not affect operation while the device is in protected mode.”);
storing the validation results in the memory location associated with the second processor (para 0008 “Upon loading the operational image of the operating system and writing the pattern to unused memory, the device may perform a integrity checksum across the volatile memory (e.g., once the volatile memory has been brought to the known state). The device may transmit the result of the integrity checksum to a trusted monitor (TM) for validation. Para 0056 “By ensuring the Secure OS is loaded from a trusted binary image and writing a pattern to unused memory locations when entering the protected mode, the device can ensure that malware installed while operating in the unprotected mode is unable persist across the transition to protected mode.” para 0072 “During protected mode operation, some or all used and/or unused memory may be written to a known pattern for a validation test. For example, a challenge/response validation test may be implemented using internal and/or external trusted monitors (e.g., a TM such as an XRM, IRM, ERM, etc.). In an example, validation may include determining a hash checksum of the binary image of the Secure OS that is operating in volatile memory (e.g., dynamic memory) after the Secure OS is restored to memory. The hash checksum may be compared to an expected result, for example as independently determined by the TM based on the expected state of the Secure OS. Such verification may detect possible subversion of the Secure OS utilized in protected mode by malware by detecting unauthorized changes to the binary image of the OS.”);
executing a shutdown mode for the computing device (para 0067 “At 210, the Secure OS may be terminated. In an example, the Secure OS may be terminated using a privileged software utility that restarts the COTS OS. There may be no changes to the Secure OS from operating the secure session.”)

Hutchison does not discloses:
initiating a shut down mode of the computing device; 
during the shut down mode of the computing device, validating image
obtaining a second input indicating a request to power on the computing device;
executing a boot-up procedure for the first processor; and 
providing instructions to the second processor to execute a boot-up procedure for the second processor, wherein the instructions comprise instructions to verify a status of the validated second processor image based on the stored validation results and, based on the verified status, to utilize the validated second processor image to boot-up the second processor

Raleigh discloses:
obtaining a second input indicating a request to power on the computing device, executing a boot-up procedure for the first processor (para 0197 “In some embodiments, upon a reset and/or power up at 1202, the system (e.g., APU, SIM, and/or MPU, whichever the DDR is embedded on in the wireless communication device) starts by executing a secure boot (e.g., executing secure boot code) at 1204.”);
providing instructions to a second processor to execute a boot-up procedure for the second processor (para 0197 “As part of the secure boot, an initialization routine is performed to configure system parameters (e.g., configures registers to ensure secure region, such as HW/firmware At 1208, the secure boot proceeds to download and verify/validate digital signatures of every secure software package (e.g., including the DDR Processor including a DDR generator) before allowing normal software routines to be downloaded.”),
wherein the instructions comprise instructions to verify a status of a validated second processor image based on the stored validation results and, based on the verified status, to utilize the validated second processor image to boot-up the second processor (para 0197 “At 1210, the secure boot determines if all signatures are properly validated. If any digital signature fails, then the secure boot stays looped in the idle state as shown at 1212 until it gets reset as shown at 1202 (e.g., watch dog timer expires) and/or the platform is flashed with a new image. If all of the digital signatures are properly validated, then the secure boot proceeds with other downloads (e.g., including applications) at 1214. When new secure software image is downloaded (e.g., the image is stored in new area of the flash memory with a "secure" flag set), and the system can return to reset state to have the secure boot reading the new image (e.g., based on the flag) and validate the digital signature of the image before it becomes the current image.”)

The motivation would have been to execute a secure boot procedure to provide a secure chain of trust.

Hutchison in view of Raleigh does not discloses:
initiating a shut down mode of the computing device; 
during the shut down mode of the computing device, validating image

	Watanable discloses:
initiating a shut down mode of the computing device (Fig. 5, para 0070 “As illustrated in FIG. 5, when detecting the shutdown.”) 
during the shut down mode of the computing device, validating image (para 0043 “According to the present invention, backed up sector data and the MBR are verified, and the sector data and the MBR can automatically be restored during the OS shutdown.” para 0070 “Sequentially, it is determined in step S402 whether a read error of the disk occurs and whether the MBR is improper. When the read error of the disk does not occur and the MBR is not improper (No in step S402), the CPU 24 reads the LBA 15 of the backup MBR (step S403). Then, it is determined in step S404 whether a read error of the disk Para 0072 “When it is determined that a read error of the disk does not occur, that the MBR is not improper, and that the MBR has been backed up (No in step S404), the MBR is compared to the backup MBR in step S405. When the MBR is identical to the backup MBR, the program is completed.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of operating a COTS device according to a protected mode of operation and an unprotected mode of operation of Hutchison in view of Raleigh to include during the shutdown mode of the computing device, validating image, as taught by Watanable.
The motivation would have been to execute verify boot information during shut down and boot up to verify a proper boot image.

As per claim 2, Hutchison in view of Raleigh and Watanable discloses:
The method of claim 1, wherein the second processor image is an operating system for the second processor (Hutchison Figs. 1 and 3, para 0049 and 0070).

As per claim 4, Hutchison in view of Raleigh and Watanable discloses:


As per claim 6, Hutchison in view of Raleigh and Watanable discloses:
The method of claim 1, wherein verifying the status of the stored second processor image comprises determining, by the second processor of the computing device, that the stored validation results are true (Hutchison para 0057, 0058, 0062, 0065, and 0069).

As per claim 7, Hutchison in view of Raleigh and Watanable discloses:
The method of claim 1, wherein the shutdown mode is a low power mode (Hutchison Figs. 2 and, 4 para 0061).

As per claim 8, the implementation of the method of claim 1 will execute the computer program product (Hutchison paragraph 0141) of claim 8. The claim is analyzed with respect to claim 1.

As per claim 9, the claim is analyzed with respect to claim 2.

As per claim 11, the claim is analyzed with respect to claim 4.

As per claim 13, the claim is analyzed with respect to claim 6.

As per claim 14, the claim is analyzed with respect to claim 7.

As per claim 15, the implementation of the method of claim 1 will execute the system of claim 15. The claim is analyzed with respect to claim 1.

As per claim 16, the claim is analyzed with respect to claim 2.

As per claim 18, the claim is analyzed with respect to claim 4.

As per claim 19, the claim is analyzed with respect to claim 6.

As per claim 20, the claim is analyzed with respect to claim 7.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GARY S GRACIA/Primary Examiner, Art Unit 2491