Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This action is responsive to communication filed on: 29 March 2021 with acknowledgement of an original application filed on 30 January 2018 and that this application a 371 PCT that claims the benefit of a United Kingdom application filed 31 July 2015.  
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 29 March 2021 has been entered.
3.	Claims 1-8, 10 and 21-28 are currently pending.  Claims 1, 27, and 28, are independent claims.  Claims 9, 11-20 have been cancelled.  Claims 1, 27, and 28, have been amended.  
Response to Arguments

4.	Applicant's arguments filed 29 March 2021 have been fully considered however they are not persuasive where noted below or are moot due to the new grounds necessitated due to the Applicant’s amendment.
I)	In response to Applicant’s argument beginning on page 6, “None of these limitations indicate “invalidating the configuration effect”.
The Examiner disagrees with argument.  The below rejection utilizes the Drews reference which states the following in col. 6, lines 1-12:
If the digital signature is not valid then security module 30 jumps from block 205 to block 210 and rejects the modification request”.  

Therefore Drews clearly teaches/suggests invalidating the configuration effect.

II)	In response to Applicant’s argument beginning on page 6, “At pp. 3-4 of the OA …Therefore, Kelly plainly discloses that the CRC software is loaded in the second, less-secure domain and not in the first, more secure domain as required by claim 1”.
	The Examiner disagrees with the argument.  The claim states “where the security domain at which the configuration data item is stored is less-secure than the further security domain comprising the validator”.  This is clearly taught/suggested by the combination of references.  Note in Kelly the computer random access memory is divided into first and second partitions.  The first partition which does not access the Internet is more secure than the second partition.  In addition the secure memory which contains software that performs the cyclic redundancy check (CRC) is also more secure that the second partition.  Note the second partition only has read access to the secure memory, see paragraph 15.  The second partition only contains the validator software when it is loaded from the secure memory.  In addition as explained in Kelley the validator software compares the calculated values with the stored values.  The stored values are stored in secure memory which is more secure than the second partition.  Therefore the Applicant’s arguments are not persuasive.  The validator is the CRC software that is contained within secure memory and utilizes stored CRC values which are also in secure memory.

III)	In response to Applicant’s argument beginning on page 8, “For reference, paragraph [0039] of Kelley discloses that at Step 302 CRC value calculation and comparison software is loaded into the second partition.  Paragraph [0040] disclosed Step 303: CRC values are calculated for all files and software application (preferably including the Internet OS) loaded in the second partition…As Kelly disclosed at [0039], the CRC software is loaded into the second partition to calculate the CRC values for comparison with stored values.  Therefore, Kelley plainly disclosed that the CRC software is in the second, less-secure domain, and not in the first, more-secure domain as required by claim 1”.

	The Examiner disagrees with the argument.  The CRC software is loaded from secure memory which as explained above is more secure than the second partition.  In addition the CRC software when in operation compares the calculated CRC values with the stored CRC values.  The stored CRC values reside solely in the secure memory.  Please review paragraphs 15 and 41 which clearly indicate that the CRC software as well as the CRC values are stored in the secure memory.  Therefore the Applicant’s argument that the CRC software resides in the second partition that is less secure is not persuasive because the CRC software is stored initially in the secure memory and the CRC software requires access to a more secure partition (i.e. secure memory) to compare stored CRC values that located in the secure memory.  Therefore the stored 

IV)	In response to Applicant’s argument beginning on page 8, “Further, Kelley disclosed comparing calculated CRC values with stored CRC values but does not disclose comparing “[a] configuration data item with a trusted data schema to determine compliance with the trusted schema…given Drews requires the “information of the current trusted authority” to be stored in a “persistent store”, the person of ordinary skill in the art would look to store the “information of the current trusted authority” in a persistent memory in the system of Kelley.  Examples of persistent memory may include the secure storage 24 and download storage 26, but storing the “information of current trusted authority” in one of the secure memory 24 and download memory 26 would not result in the claimed invention because the Applicant submits that the secure memory 24 and download memory 26 are plainly not “partitions”…Thus combining Kelly and Drews would not result in the claimed invention”.

	The Examiner disagrees with the argument.  As explained below in the rejection, Kelley does not explicitly teach “by comparing, using a comparator of the validator, the configuration data item with a trusted data schema of the validator to determine compliance with the trusted data schema”, because the term “trusted data schema” is not used in the Kelley reference.  Kelley clearly teaches/suggests storing valid configuration data items, however nowhere in Kelley disclosure are the terms trusted and schema utilized.  Drews which is clearly related art because it to prevents the modification of configuration data uses the term trusted throughout its disclosure.  Drews teaches verifying software being loaded is from a trusted source (i.e. trusted 
IV)	In response to Applicant’s argument beginning on page 11, “None of the cited disclose a validator comprising “a comparator” and “a trusted data schema” and where the “validator”, “comparator” and “trusted data schema” are in a “more secure security domain” than the “configuration data item [used] to configure the device” for which the security indication is obtained”.

	The Examiner disagrees with the argument.  The combination of references clearly teach/suggest the claim invention.  Note Kelley clearly teaches/suggests comparing configuration changes to what is known or expected, i.e. stored CRC values.  In addition Kelley teaches a first partition, second partition, as well as a secure memory.  The values that are used to validate the CRC values are stored in secure memory, the secure memory is more secure than second partition.  Drews clearly teaches comparing configuration data items by validating the signature come from a trusted source.  Therefore the Applicant’s arguments are not persuasive.



Claim Rejections – 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this 


6.	Claims 1-2, 10, 21-22, 24-25, and 27-28, are rejected under 35 U.S.C. 103 as being unpatentable over Kelley et al. U.S. Patent Application Publication No. 2007/0192854 (hereinafter ‘854) in view of Drews U.S. Patent No. 6,539,480 (hereinafter ‘480).
	As to independent claim 1, “A machine-implemented method for controlling a configuration effect of a configuration data item in a storage-equipped device having at least two security domains, and comprising the steps of:” is taught in ‘854 Abstract, paragraphs 5 and 15, note ‘A computer random access memory is divided into first and second partitions…A secure memory is designated for temporary storage of software used in the second partition’ (the first partition, second partition, and secure memory are interpreted equivalent to security domains) / the configuration effect is equivalent to the partitions ‘own operating system, Internet browser, other software suitable for internet communications, memory size, memory allocation,  also note ‘the operating system within the second partition cannot expand the size of the second partition memory’ therefore the configuration effect (i.e. memory size) is controlled;
	“storing the configuration data item and one of said security domains of the device to configure the device in accordance with said configuration data item” is shown in  ‘854 Abstract and paragraphs 6-9, note each partition (domain) has its own operating system (OS) (i.e. configuration data) that is stored; 	
	“retrieving from the one of said security domains, said configuration data item” is disclosed in ‘854 paragraph 15 note “Every time Internet access is desired (or during computer 
	“obtaining, using a validator at a further of said security domains of the device, a security indication for said configuration data item” is taught in ‘854 paragraphs 40-41;
	“where the security domain at which the configuration data item is stored is less-secure than the further security domain comprising the validator” is shown in ‘854 paragraphs 38-41, note the second partition that contain the Internet OS is less-secure than secure memory, the validator is interpreted equivalent to the stored CRC values in the CRC table located in secure memory;the following is not explicitly taught in ‘854:
	“by comparing using a comparator of the validator, the configuration data item with a trusted data schema of the validator to determine compliance with the trusted data schema” however ‘480 teaches comparing configuration data to determine if the configuration data was issued by a trusted source (i.e. trusted data schema) in the Abstract, col. 1, line 49 through col. 2, line 17, col. 3, line 15 through col. 4, line 15 / note the persistent store holds information of the current trusted authority this is interpreted equivalent to “trusted data schema” this information is compared when any changes are proposed to configuration (i.e. configuration data item); 	
	“and when the security indication indicates untrustworthiness of said configuration data item, invalidating the configuration effect of said stored configuration data item” however ‘480 teaches if the digital signature is not valid (i.e. indicates untrustworthiness) the security module (i.e. validator) jumps from block 205 to block 210 and rejects the modification request (i.e. invalidating the configuration effect) in col. 6, lines 1-12.

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method for preventing malicious software installation (i.e. configuration data) taught in ‘854 to include a means to compare configuration data to a trust data schema and invalidate the configuration effect.  One of ordinary skill in the art would have been motivated to perform such a modification to prevent unauthorized individuals from changing configuration data see ‘480 (col. 1, lines 22-47).
	As to dependent claim 2, “The machine-implemented method as claimed in claim 1, wherein said at least two domains include at least one secure domain and at least one less-secure domain, and wherein said retrieving comprises receiving into one of the at least one secure domain and the at least one less-secure domain of said at least two security domains” is taught in ‘854 paragraphs 15, 19-20, and 24.
	As to dependent claim 10, “The machine-implemented method as claimed in claim 1, wherein said compliance with a trusted data schema is determined by a program operating in a secure domain of said at least two security domains” is disclosed in ‘854 paragraph 47.
	As to dependent claim 21, “The machine implemented method as claimed in claim 1, further comprising: receiving, at the device, a trusted signal” is taught in ‘854 Abstract, paragraphs 15, 17, and 19, the user entering the password a valid password generates the trust signal.
	As to dependent claim 22, “The machine implemented method as claimed in claim 21, wherein the trusted signal indicates the presence of a user” is shown in 854 Abstract, paragraphs 15, 17, and 19, the user entering the password indicates presence of a user.

	As to dependent claim 25, “The machine implemented method as claimed in claim 24, further comprising: deactivating one or more of the services in response to the trusted signal; and/or rebooting the device to place the device in the restricted mode” is taught in ‘854 paragraphs 35-36 and 41, note the device reinitializes as well as terminates crashes if the CRC values (trust signal) are incorrect.
	As to independent claim 27, this claim is directed to a storage-equipped device executing the method of claim 1; therefore it is rejected along similar rationale.
	As to independent claim 28, this claim is directed to a computer program product comprising computer-program code executing the method of claim 1; therefore it is rejected along similar rationale.
7.	Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Kelley et al. U.S. Patent Application Publication No. 2007/0192854 (hereinafter ‘854) in view of Drews U.S. Patent No. 6,539,480 (hereinafter ‘480) in further view of Palekar et al. U.S. Patent Application Publication No. 2007/0260738 (hereinafter ‘738).
	As to dependent claim 3, the following is not explicitly taught in ‘854 and ‘480: “The machine-implemented method as claimed in claim 1, wherein said invalidating a configuration effect comprises at least one of: revoking said effect; setting said configuration data item to a default value; temporarily suppressing said effect; and marking a data source of said configuration data item as untrusted” however ‘738 teaches the source of a configuration file can be designates as trusted or untrusted in paragraphs 45-47.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method for preventing malicious software installation (i.e. configuration data) taught in ‘854 and ‘480 to include a means to designate the source of configuration data as untrusted.  One of ordinary skill in the art would have been motivated to perform such a modification because users rely on configuration data to enhance user connection to information therefore additional flexible and security is needed to protect configuration data to securely enable connections to outside resources (such as remote servers) see ‘738 (paragraphs 4-9). 
	As to dependent claim 4, “The machine-implemented method as claimed in claim 3, further comprising, after selecting said step of marking said data source as untrusted, invalidating a configuration effect of at least one further configuration data item from said data source” is taught in ‘738 paragraphs 45-47.
	As to dependent claim 5, “The machine-implemented method as claimed in claim 3, wherein, after selecting said step of marking said data source as untrusted, a message is transmitted over a communications channel to communicate information that at least one of said data source and said configuration data item is untrusted” is shown in ‘738 paragraphs 47 and 53
8.	Claims 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Kelley et al. U.S. Patent Application Publication No. 2007/0192854 (hereinafter ‘854) in view of Drews U.S. Patent No. 6,539,480 (hereinafter ‘480) in further view of Pedersen U.S. Patent No. 8,736,299 (hereinafter ‘299).
As to dependent claim 6, the following is not explicitly taught in ‘854 and ‘480: “The machine-implemented method as claimed in claim 1, wherein said step of retrieving said configuration data item further comprises storing an ordering indicator” however ‘299 teaches each programing object file (POF) includes configuration data and includes a sequence number in col. 4, lines 23-40 and col. 7, lines 54-67.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method for preventing malicious software installation (i.e. configuration data) taught in ‘854 and ‘480 to include a means to store an ordering indicator in configuration data.  One of ordinary skill in the art would have been motivated to perform such a modification to prevent replay attacks see ‘299 col. 7, lines 49-53. 
	As to dependent claim 7, “The machine-implemented method as claimed in claim 6, wherein said step of storing said ordering indicator comprises storing at least one of: a time stamp;  a date stamp;  a sequence indicator;  and a position in a buffer indicator” is taught in ‘299 col. 4, lines 23-40 and col. 7, lines 54-67.9.	Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Kelley et al. U.S. Patent Application Publication No. 2007/0192854 (hereinafter ‘854) in view of Drews U.S. Patent No. 6,539,480 (hereinafter ‘480) in further view of Pedersen U.S. Patent No. 8,736,299 (hereinafter ‘299) in further view of Sobel et al. U.S. Patent No. 7,437,764 (hereinafter ‘764).
	As to dependent claim 8, the following is not explicitly taught in ‘854, ‘480, and ‘299: “The machine-implemented method as claimed in claim 6, wherein said step of invalidating a configuration effect comprises rolling back at least one prior configuration data item according to said ordering indicator” however‘764 teaches rolling back configuration data to a safe state in col. 1, lines 19-50, col. 3, lines 49-67, and col. 7, lines 16-44.
. 
10.	Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Kelley et al. U.S. Patent Application Publication No. 2007/0192854 (hereinafter ‘854) in view of Drews U.S. Patent No. 6,539,480 (hereinafter ‘480) in further view of Ibrahim et al. U.S. Patent Application Publication No. 2011/0131403 (hereinafter ‘403).
	As to dependent claim 23, the following is not explicitly taught in ‘854 and ‘480:  “The machine implemented method as claimed in claim 21, further comprising: placing the device in a restricted mode in response to the trusted signal and performing the step of storing said configuration data item in said one of said security domains when the device is in the restricted mode” however ‘403 teaches placing the computing system in secure mode while updating the firmware image (i.e. configuration data) in paragraphs 48-49 and 54.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method for preventing malicious software installation (i.e. configuration data) taught in ‘854 and ‘480 to include a means to place a device in restricted mode when storing configuration data.  One of ordinary skill in the art would have been motivated to perform such a modification to be assured the firmware update (i.e. configuration data) is authentic see ‘403 paragraph 1. 
26 is rejected under 35 U.S.C. 103 as being unpatentable over Kelley et al. U.S. Patent Application Publication No. 2007/0192854 (hereinafter ‘854) in view of Drews U.S. Patent No. 6,539,480 (hereinafter ‘480) in further view of Seymour et al. U.S. Patent Application Publication No. 2015/0153911 (hereinafter ‘911).
	As to dependent claim 26, the following is not explicitly taught in ‘854and ‘480: “The machine implemented method as claimed in claim 24, further comprising: removing the device from the restricted mode in response to one or more of: a command, releasing a held button, a button click, ending a state of proximity and on expiry of a clock” however ‘911 teaches removing a device from restricted mode when a user enters a password, predefined input…such as a triple click of a home button, in paragraphs 186 and 227-228.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a method for preventing malicious software installation (i.e. configuration data) taught in ‘854 and ‘480 to include a means to remove the device from the restricted mode.  One of ordinary skill in the art would have been motivated to perform such a modification to make it easier to configure devices see ‘911 paragraphs 4-5.
Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        18 May 2021