DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to application filed on 03/25/2019. Claims 1-20 are pending.

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy for CN2018105960852 filed 06/11/2018 has been retrieved in the instant application.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/17/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Examiner’s Note on 35 U.S.C. 101 (Abstract Idea Analysis)
Per 2019 PEG:
Step 1) claims 1, 18 and 20 are directed to subject matters that are categorically patent eligible, i.e., one of the four categories of invention.
Step 2A) prong one: claims 1, 18 and 20 do not recite limitations that reasonably fall under one of the abstract idea groupings as defined in 2019 PEG for electrical arts.
As such, claims 1-20 are patent eligible.

Examiner’s Note on 35 U.S.C. 101 (Computer-Readable Medium)
Per claimed computer-readable storage medium of claim 20, it is noted that par. 0143 of the specification explicitly excludes “transitory media, such as modulated data signals and carrier waves”. Therefore, claim 20 is subject matter eligible.

Claim Objections
Claims 3-4 and 9 are objected to because of the following informalities: 
Claims 3-4 recite the limitation "the algorithm" which appear to be referring back to “a target algorithm”.  For examination, this limitation is read “the target algorithm”.
Claim 9 once recites "the at least one second cryptographic algorithm" and once “the second cryptographic algorithm”.  Since it appears that both recitations have the same antecedent basis, to be consistent, both limitations are read “the at least one second cryptographic algorithm”.
Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claim 5 recites the limitation "the algorithm" which appear to be referring back to “a target algorithm”.  There is insufficient antecedent basis for this limitation in the claim. For examination, this limitation is read “the target algorithm”.
Claim 6 recites the limitation "at least one first cryptographic algorithm" twice.  There is insufficient antecedent basis for this limitation in the claim in that it is not clear if the second recitation is referring back to the first one. For examination, the second recitation is read “the at least one first cryptographic algorithm”.

Examiner’s Note
After reviewing this action and before filing a response, Applicant is encouraged to initiate an interview to discuss the claimed scope in light of the combined prior arts of record in an attempt to further the prosecution efficiently.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 18-19 and 20 are rejected under 35 U.S.C. 102 (a) (1) as being anticipated by Le Quere, US2005/0185790A1.

Per claim 1, Le Quere discloses a method implemented by an integrated chip comprising a trusted computing chip and a high-speed encryption chip, the method comprising: 
(The administration module (8) … manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – Le Quere: par. 0061); and 
invoking the high-speed encryption chip to perform the data encryption or the trusted computing based on the computing information (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033 and Fig. 1 – Note: The administration module (8) is responsible for supervising the various algorithm modules (5, 5', 5") and for managing the authentication keys.  Said module implements initialization and test functions by sending micro commands to the sequencer module (7) and also manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – par. 0061).

Per claim 18, it recites an apparatus comprising: one or more processors; memory; an information provision module stored in the memory and executable by the one or more processors to provide computing information of a trusted computing chip of an integrated chip to a high-speed encryption chip of the integrated chip (Le Quere: par. 0058 and Fig. 1), wherein the computing information includes key information and cryptographic operation information of trusted computing and data encryption (The administration module (8) … manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – Le Quere: par. 0061); and; and 
a computing module stored in the memory and executable by the one or more processors to invoke the high-speed encryption chip to perform the data encryption or the trusted computing based on the computing information (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033 and Fig. 1 – Note: The administration module (8) is responsible for supervising the various algorithm modules (5, 5', 5") and for managing the authentication keys.  Said module implements initialization and test functions by sending micro commands to the sequencer module (7) and also manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – par. 0061).

Per claim 20, it recites one or more computer readable storage media storing executable instructions that, when executed by one or more processors, cause the one or more processors to perform acts as set forth in the method of claim 1.
Therefore, claim 20 is rejected based on the same analysis and reasons set forth in the rejection of claim 1 or 18 above. 

Per claims 2 and 19, Le Quere discloses features of claims 1 and 18, wherein the trusted computing chip and the high-speed encryption chip perform data communications based on a circuit (Host module 40, security module 20, and accelerator 94 may be different design blocks within a single integrated circuit, or different integrated circuits within a package of integrated circuits.  Master module 80 represents such an integrated circuit or package of integrated circuits – Zander: par. 0017).

Per claim 3, Le Quere discloses the method of claim 1, wherein the computing information comprises a measurement key, and invoking the high-speed encryption chip to perform the trusted computing comprises verifying an integrity of a target algorithm or a legitimacy of an execution object of the algorithm based on the measurement key (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033).

Per claim 6, Le Quere discloses the method of claim 1, wherein the trusted computing chip is configured to securely store at least one first cryptographic algorithm, and the method further comprises selecting at least one first cryptographic algorithm that matches a current mode of the integrated chip (The sequencer module (7) sends an initialization signal comprising, for example, the memory address located in the command memory in which the command block intended for it is stored.  This address is loaded into the address register of the algorithm module (5).  Each command includes a specific check word of the algorithm implemented in the module, the input and output addresses of the data buffer memories and the size of these buffer memories, a pointer defining the address of the key stored in the key memory of the system, and possibly a pointer to an optional context memory area or to an initialization vector.  These characteristics are presented later in the description.  The sequencer module (7) activates a command signal addressed to the algorithm module (5) in question.  The I/O submodule (b) of the algorithm module (5), using the internal bus interface of the interconnect module (2), will search the various memory modules (3, 3', 3") for the command, the data and the key used.  At the end of the execution of the command, the I/O submodule (5b) of the algorithm module (5) informs the sequencer module (7) of the end of the operation by sending it a status word (56).  This status word makes it possible, through its content, to inform the sequencer module (7) of the result of the execution of a specific function, for example the verification of the authentication code of the message (MAC), indicating to it whether the result is good or bad.  Likewise, as soon as an abnormal operation is detected by the algorithm module (5) during the execution of a command, the I/O submodule (5b) sends the administration module (8) the status word (56), informing it, through a different content, of an error status – Le Quere: par. 0062).

Per claim 7, Le Quere discloses the method of claim 1, wherein the trusted computing chip is configured to securely store a trusted computing system firmware, and invoking the high-speed encryption chip to perform the trusted computing comprises scheduling and executing a trusted computing task using the trusted computing system firmware to perform an integrity check on a cryptographic operation (the sequencer module comprises a command distribution means, said means making it possible to break down into micro commands each cryptographic macro command coming from the protocol module, each of the micro commands comprising a simple cryptographic algorithm, and to post the micro commands in a memory module for commands to be sent to other modules; said sequencer module comprises a first master-type interface linked to the central interconnect module, for sending an end-of-execution status word to the protocol module or the administration module, a second slave-type interface linked to the central interconnect module for receiving macro commands sent by the protocol module or test commands sent by the administration module, and for receiving status words indicating the end of execution of commands sent by the algorithm modules and the external interface modules, and a third interface in direct memory access mode, linked to the algorithm modules and to the external interface modules, for triggering the execution of said modules by sending them a command block; and the sequencer module includes a means for sequencing the commands, making it possible to activate the algorithm modules and the external interface modules in a defined order – Le Quere: par. 0029).

Per claim 8, Le Quere discloses the method of claim 1, wherein: 
the computing information comprises at least one master key for a user application key, the master key being securely stored in the trusted computing chip, and used for protecting the user application key; providing the computing information of the trusted computing chip to the high- speed encryption chip comprises obtaining the master key from the trusted computing chip by the high-speed encryption chip (The administration module (8) … manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – Le Quere: par. 0061); and 
invoking the high-speed encryption chip to perform the data encryption comprises encrypting the user application key based on the obtained master key (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033 and Fig. 1 – Note: The administration module (8) is responsible for supervising the various algorithm modules (5, 5', 5") and for managing the authentication keys.  Said module implements initialization and test functions by sending micro commands to the sequencer module (7) and also manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – par. 0061).

Per claim 9, Le Quere discloses the method of claim 1, wherein: 
the computing information includes a high-speed encryption operation firmware, the high-speed encryption operation firmware being securely stored on a trusted computing chip and comprising at least one second cryptographic algorithm; providing the computing information of the trusted computing chip to the high- speed encryption chip comprises obtaining the second cryptographic algorithm from the trusted computing chip by the high-speed encryption chip(The administration module (8) … manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – Le Quere: par. 0061); and 
invoking the high-speed encryption chip to perform the data encryption includes performing the data encryption using the at least one second cryptographic algorithm of the high-speed encryption operation firmware (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033 and Fig. 1 – Note: The administration module (8) is responsible for supervising the various algorithm modules (5, 5', 5") and for managing the authentication keys.  Said module implements initialization and test functions by sending micro commands to the sequencer module (7) and also manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – par. 0061).

Per claim 10, Le Quere discloses the method of claim 1, wherein:
 the computing information includes a system secure operation firmware (Le Quere: par. 0058); 
providing the computing information of the trusted computing chip to the high- speed encryption chip comprises obtaining the system secure operation firmware from the trusted computing chip, and securely storing the firmware on the high-speed encryption chip (The administration module (8) … manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – Le Quere: par. 0061); and 
invoking the high-speed encryption chip to perform the trusted computing comprises performing a secure operation of a system on the high-speed encryption chip (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033 and Fig. 1 – Note: The administration module (8) is responsible for supervising the various algorithm modules (5, 5', 5") and for managing the authentication keys.  Said module implements initialization and test functions by sending micro commands to the sequencer module (7) and also manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – par. 0061).

Per claim 11, Le Quere discloses the method of claim 1, wherein: the computing information comprises a user policy firmware, the user policy firmware being used for formulating a cryptographic algorithm requirement for an application; providing the computing information of the trusted computing chip to the high- speed encryption chip comprises obtaining the user policy firmware from the trusted computing chip and storing the firmware on the high-speed encryption chip; and the method further comprises reconstructing the user policy firmware on the high-speed encryption chip according to user demand data (An error signal is activated by the administration module (8) upon detection of an error in the internal tests.  An error signal is activated from the outside by an external component, for example a processor controlling the network interfaces.  Added to these error signals are various external security signals, such as an emergency reset signal activated by an emergency stop button-type mechanism and a hardware intrusion detection signal.  The monitoring and alarm module (9) generates signals that make it possible to reset the secure memories.  These signals are sent to the secure memory modules (3, 3', 3") to order the clearing of the sensitive contents - Le Quere: par. 0091).

Per claim 12, Le Quere discloses the method of claim 1, wherein: 
the computing information comprises an operation key; providing the computing information of the trusted computing chip to the high- speed encryption chip comprises obtaining the operation key from the trusted computing chip and storing the operation key on the high-speed encryption chip (The administration module (8) … manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – Le Quere: par. 0061); and 
invoking the high-speed encryption chip to perform the data encryption or the trusted computing comprises performing data encryption or trusted computing based on the operation key (the administration module initializes a secure key memory module of the cryptographic system at the startup of said cryptographic system, reads encrypted keys in a memory of an external device or through a dedicated external link, then decrypts said encrypted keys and writes them into the secure key memory module of the cryptographic system… the central interconnect module guarantees read access by the algorithm modules for encryption and authentication code generation to a secure key memory module, by verifying a check word representing the use of each key – Le Quere: par. 0031 and 0033 and Fig. 1 – Note: The administration module (8) is responsible for supervising the various algorithm modules (5, 5', 5") and for managing the authentication keys.  Said module implements initialization and test functions by sending micro commands to the sequencer module (7) and also manages external interfaces (4, 4', 4") dedicated to the loading of the keys and to the cryptographic initialization functions such as configuration – par. 0061).

Per claim 13, Le Quere discloses the method of claim 1, wherein the high-speed encryption chip stores user data, and the method further comprises reconfiguring the user data on the high-speed encryption chip according to user demand data (An error signal is activated by the administration module (8) upon detection of an error in the internal tests.  An error signal is activated from the outside by an external component, for example a processor controlling the network interfaces.  Added to these error signals are various external security signals, such as an emergency reset signal activated by an emergency stop button-type mechanism and a hardware intrusion detection signal.  The monitoring and alarm module (9) generates signals that make it possible to reset the secure memories.  These signals are sent to the secure memory modules (3, 3', 3") to order the clearing of the sensitive contents - Le Quere: par. 0091).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Le Quere, US2005/0185790A1 in view of Brandwine, US10412191B1.

Per claim 4, Le Quere discloses the method of claim 3. Le Quere is not relied on to explicitly disclose but in view of Brandwine discloses wherein the measurement key comprises a platform measurement key, and verifying the integrity of the target algorithm and/or the legitimacy of the execution object of the algorithm based on the measurement key comprises verifying an integrity of an integrity measurement code and the legitimacy of the execution object of the algorithm based on the platform measurement key prior to performing an integrity measurement on a system or platform (A TPM in general is a dedicated microprocessor that can secure hardware by installing cryptographic keys into the hardware.  A TPM can utilize a unique encryption key that is inaccessible outside the TPM in order to enforce expected behaviors on the hardware and software of the host.  In some embodiments the unique key is an endorsement key, such as a 2048-bit RSA public and private key pair, that is immutable and unexportable from the TPM.  The public key for the endorsement key can be contained within a certificate for the TPM.  A TPM can perform remote attestation in some embodiments by generating a hash summary of the hardware and software configuration of the corresponding environment or subsystem.  The hash value can be generated using any appropriate cryptographic hashing algorithm, such as may generate MD5, SHA-1, SHA-2, or SHA-3 hashes – Brandwine: col. 6, lines 14-27).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Le Quere in view of Brandwine to include wherein the measurement key comprises a platform measurement key, and verifying the integrity of the target algorithm and/or the legitimacy of the execution object of the algorithm based on the measurement key comprises verifying an integrity of an integrity measurement code and the legitimacy of the execution object of the algorithm based on the platform measurement key prior to performing an integrity measurement on a system or platform.
One of ordinary skill in the art would have been motivated because it would allow “subsequently submit verification requests to the API to ensure that the host has not been unexpectedly modified or is otherwise operating as expected” – Brandwine: abstract.

Per claim 5, Le Quere discloses the method of claim 3. Le Quere is not relied on to explicitly disclose but in view of Brandwine discloses wherein the measurement key comprises a user measurement key, and verifying the integrity of the target algorithm and/or the legitimacy of the execution object of the algorithm based on the measurement key comprises verifying an integrity of an algorithm of a user cryptographic operation based on the user measurement key prior to performing the user cryptographic operation (The certificate can then be provided to the customer, or another appropriate party, in order to prove that the software currently executing in the environment is unmodified or as expected.  Remote attestation can take advantage of public key encryption, for example, to ensure that the information regarding the software is only exposed to the party requesting the attestation, or other party having obtained the appropriate key – Brandwine: col. 6, lines 2-12)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Le Quere in view of Brandwine to include wherein the measurement key comprises a user measurement key, and verifying the integrity of the target algorithm and/or the legitimacy of the execution object of the algorithm based on the measurement key comprises verifying an integrity of an algorithm of a user cryptographic operation based on the user measurement key prior to performing the user cryptographic operation.
One of ordinary skill in the art would have been motivated because it would allow “to ensure that the information regarding the software is only exposed to the party requesting the attestation, or other party having obtained the appropriate key” – Brandwine: col. 6, lines 2-12.

2.	Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Le Quere, US2005/0185790A1 in view of Fukuda, US2014/0136853A1.

Per claim 14, Le Quere discloses the method of claim 1. Le Quere is not relied on to disclose but in view of Fukuda discloses wherein the trusted computing comprises a high-speed computing and a low-speed computing, and the trusted computing comprises: invoking the trusted computing chip to perform the low-speed computing for platform security and/or system security; and/or invoking the high-speed encryption chip is called to perform the high-speed computing (a data communication apparatus in which a cryptographic algorithm, such as high speed hardware processing or low speed software processing, is selected on the basis of a battery remaining amount, a communication expectation time notified by communication application, a cryptographic strength, and the like, is proposed – Fukuda: par. 0009).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Le Quere in view of Fukuda to include wherein the trusted computing comprises a high-speed computing and a low-speed computing, and the trusted computing comprises: invoking the trusted computing chip to perform the low-speed computing for platform security and/or system security; and/or invoking the high-speed encryption chip is called to perform the high-speed computing.
One of ordinary skill in the art would have been motivated because it would allow “selecting the cryptographic algorithm on the basis of the battery remaining amount” – Fukuda: par. 0034.

2.	Claims 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Le Quere, US2005/0185790A1 in view of Chen, US2019/0052617A1.

Per claim 15, Le Quere discloses the method of claim 1. Le Quere is not relied on to disclose but in view of Chen discloses wherein the key information comprises a platform certificate, a platform public key, a platform private key, a platform identity certificate, a platform identity public key, a platform identity private key, a storage key, a platform measurement key, a user measurement key, a master key, and an operation key (Turning to FIG. 7, a block diagram 700 is shown illustrating an example trust hierarchy to be used in an example PCIe device authentication.  The chain of trust may be established through the signing of certificates from the DeviceCert 625 all the way up to the RootCert 615.  For instance, below the required root of trust 705 facilitated through root certificate 615, a vendor-specific level of hierarchy 710 may be established through vendor or manufacturer certificates (e.g., 715a-n).  Other intermediate certificates 720a-n (with intermediate keys) may also be provided.  At least a portion of the certificates (e.g., 625, 630) may be provisioned on the device itself to implement the device provisioning 725, including per-part device certificates (e.g., 625) and model certificates (e.g., 630).  In some implementations, the entire certificate chain (e.g., 615, 715a-n, 720a-n, 630, 625) may be used by the authentication initiator when verifying the signature generated by the device during an authentication transaction.  For instance, the RootCert (e.g., 615), ModelCert (e.g., 630) (e.g., which may be issued to all devices of a particular model (e.g., by the manufacturer), and the DeviceCert (e.g., 625) (e.g., a device-specific certificate) may be used as the basis for forming a minimal certificate chain, where in the certificate chain the intermediate keys form the chain-of-trust.  A unique per-part DeviceCert (e.g., 625) allows the device authentication architecture to detect and prevent advanced device-cloning attacks, as well as to revoke an individual device when necessary.  In some instances, a PCIe vendor can choose to have an arbitrary number of intermediate certificates (e.g., 720a-n) and any number of intermediate levels within an example trust hierarchy – Chen: par. 0065).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Le Quere in view of Chen to include wherein the key information comprises a platform certificate, a platform public key, a platform private key, a platform identity certificate, a platform identity public key, a platform identity private key, a storage key, a platform measurement key, a user measurement key, a master key, and an operation key.
One of ordinary skill in the art would have been motivated because it would allow “to detect and prevent advanced device-cloning attacks, as well as to revoke an individual device when necessary” – Chen: par. 0065.

Per claim 16, Le Quere-Chen discloses the method of claim 15, wherein the integrated chip comprises a platform password storage structure, an authentication password storage structure, a storage password storage structure, and a measurement password storage structure, for storing the key information, wherein: the platform password storage structure comprises the platform certificate, the platform public key, and the platform private key; the authentication password storage structure comprises the platform identity certificate, the platform identity public key, and the platform identity private key; the storage password storage structure comprises the storage key; and the measurement password storage structure comprises the platform measurement key and the user measurement key (Turning to the simplified block diagram 800 of FIG. 8, as example system is shown including a host 510 connected to a device 505 using a physical interconnect 802, such as an interconnect configured to implement a protocol compliant with a PCIe-based protocol.  An example host may include one or more microprocessors (e.g., 805), computer memory (e.g., 810), to implement system software (e.g., 815).  Protocol layer logic (e.g., 820) may be provided (e.g., in one or more ports of the host 510) to implement a link and stack of a particular protocol (e.g., PCIe, Gen-Z.TM., UPI, Cache Coherent Interconnect for Accelerators (CCIX.TM.), Advanced Micro Device.TM.'s (AMD.TM.) Infinity.TM., Common Communication Interface (CCI), Qualcomm.TM.'s Centriq.TM.' etc.) over physical interconnect 802.  System software 815 may include software to manage the host system 510 and connections to peripheral devices, such as device 505.  In some implementations, device (and host) authentication and device measurement functionality (e.g., implementing a host-based authentication engine) performed by the host 510 may be implemented in system software 815.  In still other examples, the "device" may be integrated with the host, and/or the device may have its own computing capability with local firmware/software independent of the host, and/or that a single processor may be operating on behalf of a complex device that is exposed through multiple functions (e.g., a switch) and/or even multiple logical devices (e.g. a switch with one or more additional devices logically appearing below the switch, among other example implementations).  The host 510, in some implementations, may additionally be provided with a cryptographic engine 825 including hardware circuitry, firmware, and/or software to perform cryptographic operations and other tasks relating to management and use of certificates and corresponding cryptographic keys (e.g., the decryption and encryption of signed manifest, verification of hashes, and other cryptographic tasks) in connection with authentication and verification tasks performed in an example device authentication architecture – Chen: par. 0067-0068 and Fig. 8 – plurality of hardware engines/circuits such as cryptographic engine, and the engine for authentication and measurement functionalities).
The same motivation to modify Le Quere in view of Chen applied to claim 15 above applies here.

Per claim 17, Le Quere-Chen discloses the method of claim 15, wherein: 
the user measurement key is stored in a non-volatile storage space of the trusted computing chip, [or a static storage area of the high-speed cryptographic chip]; the master key is stored in the non-volatile storage space of the trusted computing chip [or is stored in a storage space outside the integrated chip after being encrypted using the storage key]; and the operation key is stored in the non-volatile storage space of the trusted computing chip, [or the static storage area of the high-speed encryption chip, or the storage space outside the integrated chip after being encrypted using the master key] (A device configured to support device authentication may include memory and hardware to implement a trust domain for the storage and maintenance of the device private key.  Such protections may be provided for the per-part device private key in-use (secure signing) and at-rest (secure storage), where the per-part device private key implements the device root of trust (RoT).  Similarly, measurement engine 845 may be implemented through and measure the microcontroller firmware 835 using only hardware or immutable firmware (e.g., that is stored in Read-only Memory (ROM) of the device).  The measurement engine 845 may thus implement the device root of trust for measurement (RTM) for the device.  The device root of trust for reporting (RTR) may be implemented through the combination of the Device RoT and the Device RTM.  It may be assumed that the authentication initiator has access to the genuine root certificate (RootCert), where the RoT for device authentication is the root CA's private key, among other examples.  Further, PCIe device authentication may consider any physical extraction of the device's private key in-scope for the threat model and assume that any device qualified to participate in device authentication has been provided (e.g., by the manufacturer) with physical protection mechanisms for the device RoT  – Chen: par. 0068).
The same motivation to modify Le Quere in view of Chen applied to claim 15 above applies here.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Kaplan (US6704871B1), Zander (US2018/0089435A1), Innis (US2018/0270068A1) and Kancharla (US2015/0358294A1) have been noted to be relevant. Please see the abstracts.




Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533.  The examiner can normally be reached on Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571 - 272 - 3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/Examiner, Art Unit 2434