DETAILED ACTION
The present office action is responsive to communications received on 09/02/2020.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/02/2020 has been entered.

Status of Claims
Claims 1, and 11 were amended.
Claims 1-20 are pending.

Response to Arguments
With respect to the 35 USC § 103 rejection, new grounds of rejection have been introduced in light of the applicant’s amendments, using Diehl et al. (US 20130333040 A1) and Arbaugh et al. (US 20070261120 A1), to remedy any deficiencies in the prior art Martinez as argued by the applicant. The 35 USC § 103 rejection updated.

Claim Objections
Claim 11 objected to because of the following informalities: “validity date in perseistent memory” the word persistent is misspelled.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention.
Claims 1 and 11 recite the limitation “a host computing processing system” then in the amended limitations they recite “the host computing device” and “the host”.  There is insufficient antecedent basis for the later two limitations in the claim.
Claims 2-10, and 12-20 are do not remedy the deficiencies of the dependent claims upon which they depend and are therefore rejected under 35 USC § 112(b).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 4-9, 11-12, and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez et al. (US 20150220736 A1) hereinafter referred to as Martinez in view of Diehl et al. (US 20130333040 A1) hereinafter referred to as Diehl and further in view of Arbaugh et al. (US 20070261120 A1) hereinafter referred to as Arbaugh.

With respect to claim 1, Martinez discloses: A system configured to ensure an integrity of an operating system and software components at runtime, (Martinez paragraph [0003] discloses that the 
the system comprising: critical applications including system data; (Martinez paragraph [0012] discloses OS kernel data in used in the operation of the system).
a host computing processing system configured to load the system data within system RAM, (Martinez paragraph [0011] Fig.1 discloses a CPU interacting with RAM inside the Information Handling System 100).
the system data being associated with an operating system of the host computing processing system; (Martinez paragraph [0012] discloses “The memory 110 can store data/code to be used by an operating system (OS) kernel of the information handling system 100”).
a hardware module being configured to monitor the system data , (Martinez Fig. 1 illustrates system 100 comprises multiple modules wherein Martinez [0014] discloses “The modules of the information handling system 100 can be hardware, software, or a combination of hardware and software.” Martinez [0016] discloses “provisioning module 202 can access the critical memory locations of the BIOS flash memory and can then produce separate hashes of the data/code stored in each of the critical memory locations of the BIOS flash memory”. Wherein the module 202 is one of the modules of system 100 as shown in Fig. 1).
and the hardware module is configured automatically store validity data in persistent memory of the hardware module before the system data is loaded into the host computing device responsive to the monitoring of the system data, (Martinez [0016] discloses “During the start-up of the information system 100, the provisioning module 202 can access the critical memory locations of the BIOS flash memory and can then produce separate hashes of the data/code stored in each of the critical memory locations of the BIOS flash memory. The hashes of the BIOS flash memory locations can be referred to as `gold` hashes 228, because the hashes are associated with data/code of the BIOS 108, 
wherein the validity data is associated with the system data (Martinez [0016] discloses the hashes, mapped to the validity data, since it is being used for validation, and the “data/code stored in each of the critical memory locations of the BIOS flash memory” is mapped to the system data).
and the hardware module being configured to determine at runtime when there is a security violation based on mutations to the system data (Martinez paragraph [0020] discloses the integrity verification module in communication with the error detection module 222 would determine at runtime to “compare the stored hash received from hash storage location 216 to the generated hash of the current data/code” data integrity, which is interpreted that if they do not match then there is a security violation wherein a “warning signal may be provided”. The current data/code would be mapped to the loaded system data).
Martinez does not explicitly recite: “before the system data is loaded into the host computing device” and “without being remotely modified by the host” and “hardware module is located remotely from the host computing processing system”.
However, Diehl in an analogous art discloses: a hardware module being configured to monitor the system data before the system data is loaded into the host computing device, (Diehl claim 21 discloses “kernel-level security agent is a secure operating system that launches prior to a system operating system”, wherein according to Diehl [0011] the kernel-level security agent “may be implemented as a cloud of security service devices (referred to herein as a "security service cloud" or a "remote security system")”. Diehl [0042] discloses kernel-level security agent would “track attributes” 
and the hardware module is configured automatically store validity data in persistent memory of the hardware module before the system data is loaded into the host computing device responsive to the monitoring of the system data without being remotely modified by the host, (Diehl [0042] discloses “the kernel-level security agent 114 may comprise any one or more databases, files, tables, or other structures that track attributes, behaviors, and/or patterns of objects or processes of the computing device 102.” The database tracking is mapped to the storing. Wherein, the agent 114 could be remote cloud devices as explained in the previous limitation that launches prior to a system operating system for monitoring and the prior art does not disclose that the agent is remotely modified by the host during the monitoring, therefore it is interpreted that the agent is not modified by the host when monitoring the system).
wherein the hardware module is located remotely from the host computing processing system. (Diehl [0011] the kernel-level security agent “may be implemented as a cloud of security service devices (referred to herein as a "security service cloud" or a "remote security system")”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Marinez with a hardware module being configured to monitor the system data before the system data is loaded into the host computing device, and the hardware module is configured automatically store validity data in persistent memory of the hardware module before the system data is loaded into the host computing device as disclosed by Diehl because “By loading early in boot-time, the kernel-level security agent significantly reduces the window in which malware can become active and interfere with operation of the host computing device or run unobserved on the host computing device.” Diehl [0010]. 
comparing the validity data stored on the hardware module with the loaded system data on the host computing processing system”.
However, Arbaugh in an analogous art discloses: and the hardware module being configured to determine at runtime when there is a security violation based on mutations to the system data by comparing the validity data stored on the hardware module with the loaded system data on the host computing processing system, (Arbaugh [0139-0140 and 0161] disclose management station used to monitor rootkit and kernel violations wherein the management station could be a “server” and therefore is interpreted to be a remote hardware module. Arbaugh [0069] discloses “The monitor engine has access to the low level state (registers, virtue and physical memory, and the scale system) of the running operating system” and Arbaugh [0115] discloses “compare with the model (specification or set of predicates) to issue a signal indicative of potential violation of the monitored host computer system” and Arbaugh [0116] discloses “The captured memory image can be saved on a disk for later analysis.” Which is interpreted as detecting a violation based on comparing stored data with data on running operating system; this interpretation supported by Arbaugh [0110] “with a running system and a debugger system to identify security essential structures of the memory”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez with the hardware module being configured to determine at runtime when there is a security violation based on mutations to the system data by comparing the validity data stored on the hardware module with the loaded system data on the host computing processing system disclosed by Arbaugh which provides the highest degree of protection from modification by a remote or local end-user of the protected device (see Arbaugh paragraph [0137]). 

With respect to claim 2, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, wherein the system data is associated with a driver, kernel, or userspace executable.  (Martinez paragraph [0012] discloses “The memory 110 can store data/code to be used by an operating system (OS) kernel of the information handling system 100, or by user applications running on the information handling system.”).

With respect to claim 4, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, wherein the validity data includes at least one of stored cryptographic signatures or collision-resistant hashes.  (based on paragraph [0035] of the applicant specs as recited in the prior office action Martinez paragraph [0020] discloses that the validity data includes a hash).

With respect to claim 5, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, wherein the validity data includes at least one of key pair data, hash data, and signature data.  (Martinez paragraph [0020] discloses that the validity data is a hash data).

With respect to claim 6, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, wherein the host computing processing system includes a memory device with addresses corresponding to different areas of the memory device, (Martinez Fig. 2 illustrates the Integrity Verification Module 220 containing multiple Critical Location 240 inside the memory 110).
and the hardware module is configured to only scan addresses associated with the system data. (Martinez paragraph [0017] discloses at startup the CPU identifying the critical memory locations which means that there is scanning in order to identify the locations and provide the addresses associated with the policy information and the address in the critical memory locations 240).

With respect to claim 7, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, including: general platform logic that is configured to communicate with the host computing processing system, the hardware module, and an operator console, (Arbaugh paragraph [0084] discloses an administrator can shut down the system which means the monitoring hardware is in communication with an operator/administrator console).
wherein responsive to the hardware module determining the security violation the general platform logic asserts a reset line for the host computing processing system, deactivates host power, or otherwise stops execution of a central processing unit associated with the host, (Arbaugh paragraph [0197] also disclose shut down system when a violation is detected).
the reset line being in communication with the hardware module and general platform logic, (Arbaugh paragraph [0084] discloses an administrator can shut down the system which means when looking at Fig. 5 the monitoring hardware is in communication with resetting and general platform logic) and the hardware module communicates with the host computing processing system via a direct memory access endpoint. (Arbaugh, claim 6 recites monitoring system communicated through Direct Memory Access (DMA) with host).

With respect to claim 8, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 7, further comprising: a plurality of host computing processing systems, wherein the hardware module is coupled to the plurality of host computing processing systems.  (Martinez paragraph [0028] discloses the information handling system can include “one or more processing resources”).

With respect to claim 9, Martinez in view of Arbaugh, and Diehl discloses: The system of claim 1, wherein the hardware module is located remotely from the host computing processing system, and the hardware module communicates with the host computing processing system via a direct memory access endpoint.  (Arbaugh, claim 6 recites monitoring system communicated through Direct Memory Access (DMA) with host wherein paragraph [0137] and Fig. 5 show that the monitoring system is remotely located from host).

With respect to claim 11, Martinez discloses: A method configured to ensure an integrity of an operating system and software components at runtime, (Martinez paragraph [0003] discloses that the prior art is about solving the problem of integrity of software upon which the operating system depends on).
the method comprising: loading, by a host computing processing system on system RAM, system data, (Martinez paragraph [0011] Fig.1 discloses a CPU interacting with RAM inside the Information Handling System 100 for loading system data).
the system data being associated with an operating system of the host computing processing system; (Martinez paragraph [0012] discloses “The memory 110 can store data/code to be used by an operating system (OS) kernel of the information handling system 100”).
monitoring, via a hardware module, the system data (Martinez Fig. 1 illustrates system 100 comprises multiple modules wherein Martinez [0014] discloses “The modules of the information handling system 100 can be hardware, software, or a combination of hardware and software.” Martinez [0016] discloses “provisioning module 202 can access the critical memory locations of the BIOS flash memory and can then produce separate hashes of the data/code stored in each of the critical memory locations of the BIOS flash memory”. Wherein the module 202 is one of the modules of system 100 as shown in Fig. 1).
automatically storing validity date in perseistent memory of the hardware module before the system data is loaded into the host computing device responsive to the monitoring of the system data (Martinez [0016] discloses “During the start-up of the information system 100, the provisioning module 
determining, via the hardware module, at runtime when there is a security violation based on mutations to the system data by comparing the validity data stored in persistent memory of the hardware module (Martinez paragraph [0020] discloses the integrity verification module in communication with the error detection module 222 would determine at runtime to “compare the stored hash received from hash storage location 216 to the generated hash of the current data/code” data integrity, which is interpreted that if they do not match then there is a security violation wherein a “warning signal may be provided”. The current data/code would be mapped to the loaded system data).
Martinez does not explicitly recite: “before the system data is loaded into the host computing device” and “without being remotely modified by the host”
However, Diehl in an analogous art discloses: monitoring, via a hardware module, the system data before the system data is loaded into the host computing device; (Diehl claim 21 discloses “kernel-level security agent is a secure operating system that launches prior to a system operating system”, wherein according to Diehl [0011] the kernel-level security agent “may be implemented as a cloud of security service devices (referred to herein as a "security service cloud" or a "remote security system")”. Diehl [0042] discloses kernel-level security agent would “track attributes” which is mapped to monitor the system data. The remote kernel-level security agent is mapped to the hardware module and 
automatically storing validity date in perseistent memory of the hardware module before the system data is loaded into the host computing device responsive to the monitoring of the system data without being remotely modified by the host; (Diehl [0042] discloses “the kernel-level security agent 114 may comprise any one or more databases, files, tables, or other structures that track attributes, behaviors, and/or patterns of objects or processes of the computing device 102.” The database tracking is mapped to the storing. Wherein, the agent 114 could be remote cloud devices as explained in the previous limitation that launches prior to a system operating system for monitoring and the prior art does not disclose that the agent is remotely modified by the host during the monitoring, therefore it is interpreted that the agent is not modified by the host when monitoring the system).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Marinez with a hardware module being configured to monitor the system data before the system data is loaded into the host computing device, and the hardware module is configured automatically store validity data in persistent memory of the hardware module before the system data is loaded into the host computing device as disclosed by Diehl because “By loading early in boot-time, the kernel-level security agent significantly reduces the window in which malware can become active and interfere with operation of the host computing device or run unobserved on the host computing device.” Diehl [0010].
Martinez does not explicitly recite: wherein the validity data is associated with the loaded system data and the validity data.
However, Arbaugh in an analogous art discloses: security violation based on mutations to the system data by comparing the validity data stored in persistent memory of the hardware module, wherein the validity data is associated with the loaded system data and the validity data. (Arbaugh 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez with the hardware module being configured to determine at runtime when there is a security violation based on mutations to the system data by comparing the validity data stored on the hardware module with the loaded system data on the host computing processing system disclosed by Arbaugh which provides the highest degree of protection from modification by a remote or local end-user of the protected device (see Arbaugh paragraph [0137]).

With respect to claim 12, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 11, wherein the system data is associated with a driver, kernel, or userspace executable.  (Martinez paragraph [0012] discloses “The memory 110 can store data/code to be used by an operating system (OS) kernel of the information handling system 100, or by user applications running on the information handling system.”).

With respect to claim 14, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 11, wherein the validity data includes at least one of stored cryptographic signatures or collision-resistant hashes. (based on paragraph [0035] of the applicant specs as recited in the prior office action Martinez paragraph [0020] discloses that the validity data includes a hash).

With respect to claim 15, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 11, wherein the validity data includes at least one of key pair data, hash data, and signature data.  (Martinez paragraph [0020] discloses that the validity data is a hash data).

With respect to claim 16, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 11, wherein the host 5computing processing system includes a memory device with addresses corresponding to different areas of the memory device, (Martinez Fig. 2 illustrates the Integrity Verification Module 220 containing multiple Critical Location 240 inside the memory 110).
and the hardware module scans only addresses associated with the system data. (Martinez paragraph [0017] discloses at startup the CPU identifying the critical memory locations which means that there is scanning in order to identify the locations and provide the addresses associated with the policy information and the address in the critical memory locations 240).

With respect to claim 17, Martinez in view of Arbaugh, and Diehl discloses: The method of claim 11, including: responsive to determining the security violation general platform logic asserts a reset line for the host computing processing system, deactivates host power, or otherwise stops execution of a central processing unit associated with the host, (Arbaugh paragraph [0197] also disclose shut down system when a violation is detected).
wherein the general platform logic communicates with the host computing processing system, the hardware module, and an operator console, (Arbaugh paragraph [0084] discloses an administrator can shut down the system which means the monitoring hardware is in communication with an operator/administrator console).
the reset line being in communication with the hardware module and general platform logic, (Arbaugh paragraph [0084] discloses an administrator can shut down the system which means when looking at Fig. 5 the monitoring hardware is in communication with resetting and general platform logic)
and the hardware module communicates with the host computing processing system via a direct memory access endpoint. (Arbaugh, claim 6 recites monitoring system communicated through Direct Memory Access (DMA) with host).

With respect to claim 18, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 17, further comprising: coupling the hardware module with a plurality of host computing processing systems.  (Martinez paragraph [0028] discloses the information handling system can include “one or more processing resources”).

With respect to claim 19, Martinez in view of Arbaugh, and Diehl discloses: The method of claim 11, further comprising: positioning the hardware module in a remote location from the host computing processing system, wherein the hardware module communicates with the host computing processing system via a direct memory access endpoint.  (Arbaugh, claim 6 recites monitoring system communicated through Direct Memory Access (DMA) with host wherein paragraph [0137] and Fig. 5 show that the monitoring system is remotely located from host).

Claims 10 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Martinez in view of Diehl, and Arbaugh as applied to claims 1-2, 4-9, 11-12, and 14-19 above, and further in view of Wang (US 20130124845 A1) hereinafter referred to as Wang.

With respect to claim 10, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, 
They do not explicitly disclose a locking process as explained by the “immutability flag” of the applicant specifications.
However, Wang in an analogous art discloses: wherein the hardware module is configured to determine golden hashes based on a kernel or a userspace process loaded into memory after an immutability flag has been set, (Wang [0036] discloses “The hash value generated from the first calculation is referred to as a golden value. The golden value and the initial value are separately stored or locked, and cannot be modified unless a reboot is performed or an integrated circuit is reset.” Which is mapped to a golden hash determined based on a userspace process wherein values are locked, mapped to the immutability flag set as explained by the applicant specifications paragraph [0015]).
wherein the golden hashes are utilized to determine mutations to the kernel or the userspace process.  (Wang claims 13 discloses “comparing the hash value with a golden value representing a predetermined hash value for the data-to-be-authenticated”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez, Diehl and Arbaugh as combined above wherein the hardware module is configured to determine golden hashes based on a kernel or a userspace process loaded into memory after an immutability flag has been set, wherein the golden hashes are utilized to determine mutations to the kernel or the userspace process as disclosed by Wang so as to prevent the unauthorized activity from further taking place, see Wang [0029].

With respect to claim 20, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 11, 
They do not explicitly disclose a locking process as explained by the “immutability flag” of the applicant specifications.
However, Wang in an analogous art discloses: further comprising: determining golden hashes based on a kernel or a userspace process loaded into memory after an immutability flag has been set, (Wang [0036] discloses “The hash value generated from the first calculation is referred to as a golden value. The golden value and the initial value are separately stored or locked, and cannot be modified unless a reboot is performed or an integrated circuit is reset.” Which is mapped to a golden hash determined based on a userspace process wherein values are locked, mapped to the immutability flag set as explained by the applicant specifications paragraph [0015]). 
wherein the golden hashes are utilized to determine mutations to the kernel or the userspace process. (Wang claims 13 discloses “comparing the hash value with a golden value representing a predetermined hash value for the data-to-be-authenticated”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez, Diehl and Arbaugh as combined above wherein the hardware module is configured to determine golden hashes based on a kernel or a userspace process loaded into memory after an immutability flag has been set, wherein the golden hashes are utilized to determine mutations to the kernel or the userspace process as disclosed by Wang so as to prevent the unauthorized activity from further taking place, see Wang [0029].

Claims 3 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Martinez in view of Diehl, and Arbaugh as applied to claims 1-2, 4-9, 11-12, and 14-19 above, and further in view of Li et al. (US 20170161483 A1) hereinafter referred to as Li.

With respect to claim 3, Martinez in view of, Diehl and Arbaugh disclose: The system of claim 1, 
Although Martinez discloses comparing two hash for verification as well as the concept of golden hash, yet Martinez does not explicitly disclose comparing two public keys as disclosed: wherein the hardware module is configured to determine a cryptographic signature associated with the system data is valid by comparing a public key associated with the cryptographic signature with a stored public key, 
However, Li in an analogous art teaching protecting initial operating instruction discloses wherein the hardware module is configured to determine a cryptographic signature associated with the system data is valid by comparing a public key associated with the cryptographic signature with a stored public key, (Li paragraph [0016] discloses chipset 106 using hash values of public keys and compare to pre-stored hash values to calculate if they match).
wherein the stored public key is associated with the validity data, (Li paragraph [0016] discloses that the hash values of the public keys pre-stored as the key authentication information 112). 
wherein the cryptographic signature is valid when there are no mutations to the system data. (Li paragraph [0016] discloses that the signatures have to match therefore it is implicit that if there is any alteration of the Startup-ACM, or as the applicant calls it mutation, then the signatures would not be valid and the Startup-ACM would not be authenticated, see paragraph [0025]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez, Diehl and Arbaugh as combined above with comparing a public key, associated with a cryptographic signature, with a stored public key disclosed by 

With respect to claim 13, Martinez in view of, Diehl and Arbaugh disclose: The method of claim 11, further comprising: 
Although Martinez discloses comparing two hash for verification as well as the concept of golden hash, yet Martinez does not explicitly disclose comparing two public keys as disclosed: determining, via the hardware module, a cryptographic signature associated with the system data is valid by comparing a public key associated with the cryptographic signature with a stored public key, wherein the stored public key is associated with the validity data, wherein the cryptographic signature is valid when there are no mutations to the system data. 
However, Li in an analogous art teaching protecting initial operating instruction discloses determining, via the hardware module, a cryptographic signature associated with the system data is valid by comparing a public key associated with the cryptographic signature with a stored public key, (Li paragraph [0016] discloses chipset 106 using hash values of public keys and compare to pre-stored hash values to calculate if they match).
wherein the stored public key is associated with the validity data, (Li paragraph [0016] discloses that the hash values of the public keys pre-stored as the key authentication information 112).
wherein the cryptographic signature is valid when there are no mutations to the system data. (Li paragraph [0016] discloses that the signatures have to match therefore it is implicit that if there is any alteration of the Startup-ACM, or as the applicant calls it mutation, then the signatures would not be valid and the Startup-ACM would not be authenticated, see paragraph [0025]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez, Diehl and Arbaugh as combined above with 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322.  The examiner can normally be reached on Mon to Fri 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/Michael Simitoski/Primary Examiner, Art Unit 2493