DETAILED ACTION
Claims 1-20 are pending in this action.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 07/02/2019 are accepted.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/03/2020 has been considered.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 06/03/2020 is attached to the instant Office action. 
Claim Objections
Claims 6 and 17 are objected to because of the following informalities:
Claims 6 and 17 recites the limitation “a trusted metric root for a metric object to a host processor” (claim 6, ln. 1-2; claim 17, ln. 1-2). Examiner suggests changing the phrasing to “the trusted metric root for the metric object to the host processor” to clarify that this is referring to the same “trusted metric root”, “metric object”, and “host processor contact” recited previously (claim 1, ln. 2-3; claim 12, ln. 2, and ln. 4).  
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 20 is 
Claims 20 does not fall within at least one of the four categories of patent eligible subject matter because, using the broadest reasonable interpretation, the claims are directed to signals per se.  Claim 20 cites a computer-readable storage medium storing computer-readable instructions.  None of the claims, specification or the record disclose that the claimed computer-readable storage medium, under the broadest reasonable interpretation, is exclusively non-transitory.  In particular see para. 0037, 0200, 0212, 0213, and 0221 in the specification of the instant application where it is stated that the storage medium/memory may be non-transitory (and so may also be transitory signals per se).  The Examiner suggests that Applicant edit the preamble to read:  “A non-transitory computer-readable storage medium storing computer-readable instructions”.  The applicant may also/alternatively clarify that the system and method is stored on a non-transitory medium and executed by a processor on the record. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hamlin (US Patent No. 9,530,002) (hereinafter “Hamlin”) in view of Thadishetty (US Patent No. 9,893,882) (hereinafter “Thadishetty”).  

As per claim 1, Hamlin teaches loading, by a security chip, ([Hamlin, col. 7, ln. 32-33; Fig. 1] the secure computing platform [the security chip - see col. 6, ln. 35-38]) sends [loads] the software image [a trusted metric root] to the target computing platform [a host processor  - see col. 10, ln. 2-6; Fig. 3]) (the instant application defines a metric root as a structure that includes metric codes, which when executed, produces one or more metric data/metric object [see para. 0050 of the instant application].  Likewise, the software image contains main code that when executed, produces execution parameter values [see Hamlin, col. 9, ln. 11-14; Fig. 2D; col. 9, ln. 33-46], which are metric object data) for a metric object to a host processor, (the instant application defines a metric object as an object that is, at some specific point 1) measured, 2) has information extracted from, and 3) has  the extracted information compared with a pre-recorded standard value to determine whether the integrity of the object is compromised [see para. 0033 of the instant application].  Likewise, by executing the software image, the execution parameters [the metric objects] are measured, has information extracted, and the extracted information compared with another set that was pre-recorded to determine whether the integrity of the values are compromised [see Hamlin, col. 8, ln. 54-64]) wherein the trusted metric root is an encrypted metric root; ([col. 5, ln. 37-41] the code of the software image and other relevant values and parameters within the software image are encrypted)
receiving, by the security chip, a processing result ([Hamlin, col. 7, ln. 39-42] the target computing platform sends, and the secure computing platform receives, a result of the verification) after the host processor performs asymmetric encryption and decryption processing on the trusted metric root ([Col. 8, Ln. 54-61] sending the verification result is performed after the host performs asymmetric decryption on the first encrypted data structure, a component of the encrypted software image [the trusted metric root]), wherein the processing result includes metric object data ([Col. 2, ln. 37-39] the third set of execution parameter values [the metric object data – see above and col. 8, ln. 23-26] is verification message [the processing result – see also col 5, ln. 57-61] is sent to the secure computing platform) [by a public key]; ([Col. 2, ln 37-39] the verification message is an encrypted data structure.  [Col. 5, ln. 34-37] A number of encryption techniques, such as streaming, block, symmetric, asymmetric, etc., are known in the art. In general, the embodiments can use any encryption technique that is appropriate for a given use case.  Encrypting by a public key is explicitly taught by Thadishetty below)
and determining, by the security chip, integrity of the metric object by performing a comparison on decrypted metric object data. ([Hamlin, col. 5, ln. 61-66] the secure computing platform [the security chip] checks [performing a comparison] and verifies the execution parameter values that were generated by the target computing platform [on decrypted metric object data] match the requirements [establishing the integrity of the metric object/execution parameters])
Hamlin does not explicitly teach encrypting a metric object data with a public key, and decrypting, by the security chip, the metric object data encrypted by the public key;
However, Thadishetty teaches encrypting a metric object data with a public key ([Thadishetty, col. 7, ln. 30-38] encrypted identification information is generated by encrypting identification information [metric object data] with a public key.  [Col. 4, ln. 14-18] Identification information is any type or form of data that indicates/identifies features of a computing device, such as the execution parameter values/metric object data described above)
decrypting, by the security chip, ([Thadishetty, col. 8, ln. 61-64] the TPM chip decrypts an encrypted copy of identification information using a private key) the metric object data encrypted by the public key; ([Col. 6, ln. 40-45; Fig. 3) verification information [processing result] from the operating system [the host processor] includes encrypted identification information [metric object data].  [Col. 7, ln. 30-38] encrypted identification information is generated by encrypting identification information [metric object data] with a public key)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamlin with the teachings of Thadishetty to include encrypting a metric object data with a public key, and decrypting, by the security chip, the metric object data encrypted by the public key.  One of ordinary skill in the art would have been because such an arrangement would enable asymmetric key pairs to securely encrypt and/or decrypt data.  (Thadishetty, col. 4, ln. 44-51)

	As per claim 2, Hamlin in view of Thadishetty teaches claim 1.
	Hamlin does not explicitly teach wherein the security chip stores a private key for the trusted metric root, and the host processor stores the public key for the trusted metric root. 
	However, Thadishetty teaches wherein the security chip stores a private key for the trusted metric root ([Thadishetty, Fig. 5, Col. 5, ln. 38-42] the TPM chip stores the private key), and the host processor stores the public key for the trusted metric root. ([Fig. 5; Col. 4, ln. 53-54] In contrast the public key may be readily accessed by any entity, and stored on a remote device separate from the TPM chip [host processor].  [Col. 5, ln. 19-34; Col. 6, ln. 19-23] the asymmetric keys are used to encrypt/decrypt the identification information [the metric object] as part of creating a verification request [processing result] that contains the encrypted identification [the encrypted metric object], used by the security chip, to establish the integrity of the platform/system, and so are keys for the trusted metric root)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamlin with the teachings of Thadishetty to include wherein the security chip stores a private key for the trusted metric root, and the host processor stores the public key for the trusted metric root.  One of ordinary skill in the art would have been motivated to make this modification because the keys may be stored in separate storage to prevent a user or device from accessing both the public key and the private key to enable encryption and decryption of information (Thadishetty, col. 5, ln. 7-18)

As per claim 3, Hamlin in view of Thadishetty teaches claim 2,
([Hamlin, col. 5, ln. 31-43] before the secure computing platform loads the software image into the target computing platform, the data structures of the software image are populated),
loading, by the security chip, a metric root ([Hamlin, col. 7, ln. 25-31] the process begins by the secure computing platform generating [loading] a software image [the metric root]) of the metric object ([Fig. 2B; Col. 8, ln. 4-9] the software image is generated by first determining a first set of execution parameter [the metric object] values that corresponds to executing the software code on a targeting platform]) to an encryption module; and ([Col. 5, ln. 32-33] a module/embodiment encrypts the data structure into which the execution parameter were populated)
encrypting the metric root, ([Col. 8, ln. 9-12] after determining the execution parameters a first encrypted data structure can be determined by encrypting a first data structure comprising the first set of execution parameter values) by the encryption module, ([Col. 5, ln. 32-33] a module/embodiment encrypts the data structure into which the execution parameter were populated) [using the private key to obtain the trusted metric root]. ([Col. 5, ln. 34-37] a number of encryption techniques that are known in the art may be used to encrypt the execution parameter. Using the private key to obtain the trusted metric root is taught by Thadishetty below)
Hamlin does not explicitly teach using the private key to obtain the trusted metric root.
However, Thadishetty teaches using the private key to obtain the trusted metric root.  ([Thadishetty, col. 5, ln. 11-15] the private key may be used to encrypt the metric root to create an encrypted metric root that is the trusted metric root as defined by the instant application [see para. 0010 of the instant application])


As per claim 4, Hamlin in view of Thadishetty teaches claim 2.
Hamlin does not explicitly teach wherein decrypting, by the security chip, the metric object data encrypted by the public key comprises: calling, by the security chip, a decryption module; and decrypting, by the decryption module, the encrypted metric object data encrypted by the public key using the private key to obtain the decrypted metric object data.
However, Thadishetty teaches wherein decrypting, by the security chip, the metric object data encrypted by the public key comprises: ([Thadishetty, col. 8, ln. 61-64] the TPM chip decrypts an encrypted copy of identification information [metric object data], which is encrypted by the pubic key [see col. 7, ln. 30-38])
calling, by the security chip, a decryption module; and ([Thadishetty, col. 8, ln. 61-64] the processing unit executing an instruction to decrypt [a decryption module] may direct the TPM chip to decrypt the identification information)
decrypting, by the decryption module, the encrypted metric object data encrypted by the public key using the private key to obtain the decrypted metric object data. ([Thadishetty, col. 8, ln. 61-64] the encrypted metric object data is decrypted by the public key to obtain the decrypted identification information [decrypted metric object data])
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hamlin and Thadishetty for the same reasons as disclosed above.


Hamlin also teaches wherein determining, by the security chip, integrity of the metric object by performing a comparison on decrypted metric object data comprises: ([Hamlin, col. 5, ln. 61-66] the secure computing platform [the security chip] checks [performing a comparison] and verifies the execution parameter values that were generated by the target computing platform [on decrypted metric object data] match the requirements [establishing the integrity of the metric object/execution parameters])
determining that the integrity of the metric object is in a normal state in response to a comparison result satisfying a predetermined condition ([Hamlin, col. 5, ln. 61-66] the secure computing platform [the security chip] checks [performing a comparison] and verifies [obtains a comparison result] the execution parameter values that were generated by the target computing platform [on decrypted metric object data] match the requirements [in response to a comparison, determining that the integrity is in a normal state] established when the image was initially constructed [satisfying a predetermined condition])
Hamlin does not teach calculating, by the security chip, a Hash value of the metric object data; comparing the calculated Hash value with a metric reference value.  
However, Thadishetty teaches calculating, by the security chip, a Hash value of the metric object data; ([Thadishetty, col. 9, ln. 41-43] the processing unit of the TPM chip generates a hash of the identification information [the metric object data] from the received identification information)
comparing the calculated Hash value with a metric reference value.  ([Thadishetty, col. 9, ln. 43-46] the hash of the previously stored identification information [the reference value – see definition in para. 0046 of the instant application] is compared with the decrypted hash to identify any discrepancies between the previously stored hash, and the recently decrypted hash)
because using hashes may improve the overall efficiency of verifying identification information (Thadishetty, col. 8, ln. 11-15)

As per claim 6, Hamlin in view of Thadishetty teaches claim 5.
Hamlin also teaches wherein before loading a trusted metric root for a metric object to a host processor, the method further comprises: ([Hamlin, col. 5, ln. 15-43] before the secure computing platform loads the software image into the target computing platform, a template of the software image [an initial metric root] is generated)
upon first booting, ([Hamlin, col. 6, ln. 65-67] the template prepared at the time the image was initially generated in the secure environment [by the security chip] prior to shipping it to the target environment [upon first booting]) loading, by the security chip, an initial trusted metric root of the metric object to the host processor, ([col. 5, ln. 25-30] the template consist of execution parameters that are generated by an uncontaminated target computing platform [the host processor at first booting]) wherein the initial trusted metric root is an encrypted initial metric root; and ([col. 6, ln. 47-56] the target template includes execution parameters that associated with the actual encryption of the execution parameters on the uncontaminated target computing platform),
receiving, by the security chip, an initial processing result after the host processor performs asymmetric encryption and decryption processing on the initial trusted metric root, where the initial processing result includes initial metric object data ([Hamlin, col. 9, ln. 21-24] in generating the reference for comparison, the secure computing platform encrypts the execution parameter and sends it to an uncontaminated target computing platform) [encrypted by the public key]; (Encrypting metric data by the public key will be taught by Thadishetty below)
Hamlin does not teach a metric object data encrypted by the public key, calculating, by the security chip, an initial Hash value of the initial metric object data; determining, by the security chip, the initial Hash as the metric reference value; and storing the metric reference value at the security chip.
However, Thadishetty teaches metric object data encrypted by the public key ([Thadishetty, col. 7, ln. 30-38] encrypted identification information is generated by encrypting identification information [metric object data] with a public key.  [Col. 4, ln. 14-18] Identification information is any type or form of data that indicates/identifies features of a computing device, such as the execution parameter values/metric object data described above)
calculating, by the security chip, an initial Hash value of the initial metric object data; ([Thadishetty, col. 7; ln. 59-62] the processing unit of the TPM chip computes [calculates] a hash of identification information prior to encrypting identification information [an initial hash value of the initial metric object data]) 
determining, by the security chip, the initial Hash as the metric reference value; and ([Thadishetty, col. 9, ln. 41-46] the hash of the identification information is stored so that it may be, by the processing unit of the TPM chip, compared to a received hash value.  A hash of the metric data object used for comparison is defined as metric reference data [see para. 0046 of the instant application] and the initial hash is determined as the metric reference value)
storing the metric reference value at the security chip.  ([Thadishetty, col. 8, ln. 5-7] the processing unit of the TPM chip utilizes a hash function to produce a hash of the identification information. (Col. 5, ln. 31-34] the hash of the identification information, which identifies properties of features of the computing device, is stored on the TPM chip as identification information)
because using the verification information generated by comparing the initial metric reference value against another hash of a metric data object may alert the operating system about the detection of the evidence of device tampering (Thadishetty, col. 9, ln. 19-58)

As per claim 7, Hamlin in view of Thadishetty teaches claim 1.
Hamlin also teaches wherein the metric object includes a plurality of metric objects, and the method further comprises: ([Hamlin, col. 8, ln. 31-46] the software image [metric root] includes a set of execution parameters [metric object] that is a larger number of interdependent execution parameters [a plurality of metric objects] in an alternative embodiment)
determining, by the security chip, integrity of each of the plurality of metric objects; ([Hamlin, col. 5, ln. 49-61] a plurality of execution parameters such as cycles, code integrity and timing associated with the decryption process is generated by the target platform, and sent to the secure computing platform.  The secure computing platform then determines if the parameters conform to requirements to verify that the parameters are uncontaminated)
determining, by the security chip, whether the integrity of each of the plurality of metric objects is in a normal state; and ([Hamlin, col. 5, ln. 61-66] the secure computing platform checks the various parameters against the parameters initially constructed in a secure instance of the target computing platform, to determine whether such parameters are verified [the integrity of the plurality of metric objects is in a normal state])
in response to a determination that the integrity of each of the plurality of metric objects is in a normal state, determining that integrity of a platform and a system in which the security chip is implemented is not compromised, and the system enters a safe mode. ([Hamlin, col. 5, ln. 55-67 to col. 6, ln. 1-5] if the secure computing platform verifies the various execution parameters, the secure platform determines that the target platform/system is not compromised [see also, col. 2, ln. 49-58] and the code [safe mode] allowing normal operation is made active)

As per claim 8, Hamlin in view of Thadishetty teaches claim 7.
Hamlin also teaches in response to a determination that the integrity of one or more of the plurality of metric objects is in an abnormal state, determining that the integrity of the platform and the system in which the security chip is implemented is compromised, and the system enters an unsafe mode, or the system is prohibited from booting. ([Hamlin, col. 2, ln. 44-49] if, after the secure computing platform checks the various parameters against the parameters initially constructed in a secure instance of the target computing platform, the execution parameters are found to not be verified [in an abnormal state], the secure computing platform determines that the target platform/system is compromised, secure computing platform restores the target platform to a secure state [the system enters an unsafe mode])

As per claim 9, Hamlin teaches receiving, by a host processor, a trusted metric root of a metric object loaded by a security chip, ([Hamlin, col. 7, ln. 32-33; Fig. 1] the secure computing platform [the security chip - see col. 6, ln. 35-38]) sends [loads] the software image [a trusted metric root] to the target computing platform [a host processor - see col. 10, ln. 2-6; Fig. 3] which is received by the target computing platform) wherein the trusted metric root is an encrypted metric root; (the instant application defines a metric root as a structure that includes metric codes, which when executed, produces one or more metric data/metric object [see para. 0050 of the instant application].  Likewise, the software image contains main code that when executed, produces execution parameter values [see Hamlin, col. 9, ln. 11-14; Fig. 2D; col. 9, ln. 33-46], which are metric object data.  ([Col. 5, ln. 37-41] the code of the software image and other relevant values and parameters within the software image are encrypted)
performing, by the host processor, asymmetric decryption processing on the trusted metric root to obtain a processing result, wherein the processing result includes metric object data [encrypted by a public key]; and ([Hamlin, col. 8, ln. 54-61] the target computing platform executes the encrypted software image [the trusted metric root] and produces a third set of execution parameter values [the processing result, which includes metric object data].  [Col 5, ln. 57-61] the result of the unpacking [the third set of execution parameter values/verification data] is transmitted in encrypted form back to the secure computing platform.  [Col. 5, ln. 34-37] Asymmetric encryption techniques appropriate for encrypting the metric parameter may be used to encrypt the processing result.  The metric object data encrypted by a public key is taught by Thadishetty below)
transmitting, by the host processor, the processing result to the security chip to decrypt the metric object data [encrypted by a public key] ([Hamlin, col. 7, ln. 39-42] the target computing platform sends, and the secure computing platform receives, a result of the verification.  [Col. 5, ln. 34-37] Asymmetric encryption techniques appropriate for encrypting the metric parameter may be used to encrypt the processing result.  The metric object data encrypted by a public key is taught by Thadishetty below) and determine integrity of the metric object by comparing decrypted metric object data to a metric reference value. ([Col. 5, ln. 49-66] the secure computing platform matches the execution parameters [decrypted metric object data] conforms to the initial requirements [a metric reference value] and finds the parameters uncontaminated [determines integrity] if a match is made)

However, Thadishetty teaches encrypting a metric object data with a public key ([Thadishetty, col. 7, ln. 30-38] encrypted identification information is generated by encrypting identification information [metric object data] with a public key.  [Col. 4, ln. 14-18] Identification information is any type or form of data that indicates/identifies features of a computing device, such as the execution parameter values/metric object data described above)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hamlin and Thadishetty for the same reasons as disclosed above.

As per claim 10, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 11, Hamlin in view of Thadishetty teaches claim 10.
Hamlin also teaches wherein performing, by the host processor, asymmetric decryption processing on the trusted metric root to obtain a processing result further comprises: ([Hamlin, col. 8, ln. 54-64] the target computing platform executes the software image to obtain a processing result)
decrypting, by the host processor, the trusted metric root [using the public key] to obtain a decrypted trusted metric root; ([Hamlin, col. 8, ln. 56-57] the target computing platform decrypts the first encrypted data structure of the software image to obtain the main code of the software image to execute)
executing, by the host processor, the decrypted trusted metric root to obtain the metric object data; ([Hamlin, col. 9, ln. 11-17; col. 8, ln. 57-59] the target computing platform executes the decrypted main code of the software image allowing the target computing platform to obtain a third set of execution parameter values – an instance of metric object data, the verification data)
sending, by the host processor, encrypted metric object data to the security chip. ([Hamlin, Fig. 1; col. 7, ln. 39-44] the encrypted verification data containing encrypted execution parameter values [encrypted metric object data] is sent by the target computing platform to the secure computing platform)
Hamlin does not explicitly teach decrypting using the public key, and encrypting, by the host processor, the metric object data using the public key.  
However, Thadishetty teaches decrypting the using the public key, and ([Thadishetty, col.7, ln. 1-4] the remote device [the host processor] may generate a decrypted copy of information by decrypting information with a public key)
encrypting, by the host processor, the metric object data using the public key.  ([Thadishetty, col. 7, ln. 30-38] encrypted identification information is generated, by an entity other than the TPM chip [the host processor/remote device - see Col. 4, ln. 53-54], by encrypting identification information [metric object data] with a public key.  [Col. 4, ln. 14-18] Identification information is any type or form of data that indicates/identifies features of a computing device, such as the execution parameter values/metric object data described above)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hamlin and Thadishetty for the same reasons as disclosed above.

As per claim 12, Hamlin teaches a security chip configured to store ([Hamlin, col. 7, ln. 32-33; Fig. 1] the secure computing platform [the security chip - see col. 6, ln. 35-38]) stores the software image [a trusted metric root] so that it may send it to the target computing platform) a trusted metric root (the instant application defines a metric root as a structure that includes metric codes, which when executed, produces one or more metric data/metric object [see para. 0050 of the instant application].  Likewise, the software image contains main code that when executed, produces execution parameter values [see Hamlin, col. 9, ln. 11-14; Fig. 2D; col. 9, ln. 33-46], which are metric object data) of a metric object, (the instant application defines a metric object as an object that is, at some specific point 1) measured, 2) has information extracted from, and 3) has  the extracted information compared with a pre-recorded standard value to determine whether the integrity of the object is compromised [see para. 0033 of the instant application].  Likewise, by executing the software image, the execution parameters [the metric objects] are measured, has information extracted, and the extracted information compared with another set that was pre-recorded to determine whether the integrity of the values are compromised [see Hamlin, col. 8, ln. 54-64]) wherein the trusted metric root is an encrypted metric root; and ([col. 5, ln. 37-41] the code of the software image and other relevant values and parameters within the software image are encrypted)
a host processor configured to receive the trusted metric root of the metric object loaded by the security chip; and ([Hamlin, col. 7, ln. 32-33; Fig. 1] the secure computing platform [the security chip - see col. 6, ln. 35-38]) sends [loads] the software image [a trusted metric root] to the target computing platform [a host processor - see col. 10, ln. 2-6; Fig. 3] which is received by the target computing platform)
perform an asymmetric encryption and decryption process on the trusted metric root ([Hamlin, col. 8, ln. 56-57] the target computing platform decrypts the first encrypted data structure of the software image to obtain the main code of the software image to execute) to obtain a processing result, wherein the processing result includes [metric object data encrypted by a public key], ([col. 9, ln. 11-17; col. 8, ln. 57-59] the target computing platform executes the decrypted main code of the software image allowing the target computing platform to obtain a third set of execution parameter values – an instance of metric object data, the verification data [the processing result]) [wherein the security chip is further configured to decrypt the metric object data encrypted using the public key]; and
determine integrity of the metric object by performing a comparison on decrypted metric object data. ([Hamlin, col. 5, ln. 61-66] the secure computing platform [the security chip] checks [performing a comparison] and verifies the execution parameter values that were generated by the target computing platform [on decrypted metric object data] match the requirements [establishing the integrity of the metric object/execution parameters])
Hamlin does not explicitly teach metric object data encrypted by a public key, and wherein the security chip is further configured to decrypt the metric object data encrypted using the public key.
However Thadishetty teaches metric object data encrypted by a public key ([Thadishetty, col. 7, ln. 30-38] encrypted identification information is generated by encrypting identification information [metric object data] with a public key.  [Col. 4, ln. 14-18] Identification information is any type or form of data that indicates/identifies features of a computing device, such as the execution parameter values/metric object data described above)
wherein the security chip is further configured to decrypt the metric object data encrypted using the public key. ([Thadishetty, col. 8, ln. 61-64] the processing unit executing an instruction to decrypt [a decryption module] may direct the TPM chip to decrypt the identification information [metric object data])
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hamlin and Thadishetty for the same reasons as disclosed above.

As per claim 13, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 14, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 15, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

As per claim 16, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 5.

As per claim 17, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 6.

As per claim 18, the claim language is identical or substantially similar to that of claim 8. Therefore, it is rejected under the same rationale applied to claim 8.

As per claim 19, the claim language is identical or substantially similar to that of claim 8. Therefore, it is rejected under the same rationale applied to claim 11.

As per claim 20, Hamlin teaches a computer-readable storage medium storing computer-readable instruction executable by one or more processors, that when executed by the one or more processors, cause the one or more processors to perform operations.  ([Hamlin, col. 11, ln. 1-6] the methods described may be fully embodied as code stored in a non-transitory computer-readable storage medium)
.   

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Ohhashi (US Patent No. 8,645,711) discloses A TPM that stores hash values and compares such values on startup to detect unauthorized tampering in hardware and software.  Ignatchenko et al. (US Pub. 2014/0298040) discloses a security enhancing chip configured to calculate a hash compared with a hash generated by a host processor that indicates whether data has been tampered with or malicious.  Lee et al. (US Pub. 2019/0392151) discloses an automatic verification method executing at startup that compares a verification value to a preset condition.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 

/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493