DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claims 1, 4, 5, 7, 10, 13-15, 18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cha, U.S. Publication No. 2011/0302638, in view of Wu, U.S. Patent No. 10,891,366. Referring to claim 1, Cha discloses software integrity validation procedure wherein when a system is booted, the integrity of each boot stage of code is measured before it is executed ([0124]), which meets the limitation of receiving dynamic measurement request for a cryptographic operation. A device unique secret key is generated using a root key ([0124]: device unique secret key reads on the claimed child key), which meets the limitation of generating a child key of a platform measurement root key based on the platform measurement root key [and a random number]. The device unique secret key is used to encrypt code stage signing secrets ([0135]) that include integrity information for the corresponding code stage ([0129]), which meets the limitation of wherein the child key of the platform measurement root key is used for encrypting a loading process and an execution process measured by a dynamic measurement module. The integrity information is utilized to detect integrity failures in the code ([0129]) that can include firmware ([0099]), which meets the limitation of the dynamic measure module is a module used for measuring firmware that performs cryptographic operations. Examiner notes that the claim requirements that the firmware perform . 
Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23), which meets the limitation of generating a child key of a platform measurement root key based on the platform measurement root key and a random number. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Referring to claims 4, 5, Cha discloses that the chip includes a key derivation portion that generates the device unique secret key and provides the generated device unique secret key to the cipher engine ([0134] & Figures 13a-13c), which meets the limitation of transmitting the child key of the platform measurement root key to a cryptographic operation chip. The cipher engine uses the received device unique secret key to encrypt the signing secrets of the boot code ([0134]: encrypting using the device unique secret key requires cipher engine to store the device unique secret key prior to performing encryption), which meets the limitation of to allow the cryptographic operation chip to store the child key of the platform measurement root key in a local storage device in advance before the cryptographic operation is performed, storing the child key of the platform measurement root key in a local storage device.
Referring to claim 7, Cha discloses the generation of a new device unique secret key for each stage, or portion of code that is examined (Figure 16 & [0124]: any non-initial device unique secret key would read on the claimed cryptographic measurement key) where each device unique secret key is based, at least in part, on the initial root key (Figure 16 & [0124]: root key is used to generate initial device unique secret key, which is used to generate the next device unique secret key, and so on. Therefore, the subsequent device unique secret keys are generated based, at least in part, on the root key), which meets the limitation of generating a cryptographic operation measurement key based on the platform measurement root key [and the third random number]. The device unique secret key is used to encrypt code stage signing secrets ([0135]) that include integrity information for the corresponding code stage ([0129]), which meets the limitation of wherein the cryptographic operation measurement key is used to encrypt a loading process and an execution process of a cryptographic operation measurement.
Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23) such that random values are generated for each key generation process (Col. 33, lines 25-33: random values generated for each key generation process would show that the random value used to generate a first key would be different than the random value used to generated a subsequent key), which meets the limitation of generating a third random number, and generating a cryptographic operation measurement key based on the platform measurement root key and the third random number. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Referring to claim 10, Cha discloses a software integrity validation procedure wherein a device unique secret key is generated and provided to the cipher engine ([0134] & Figures 13a-13c: KDF would read on the claimed second chip), which meets the limitation of receiving a child key of a platform measurement root key transmitted by a second chip. The cipher engine uses the received device unique secret key to encrypt the signing secrets of the boot code ([0134]: encrypting using the device unique secret key requires cipher engine to store the device unique secret key prior to performing encryption), which meets the limitation of storing the child key of the platform measurement root key in a local storage device. A device unique secret key is generated using a root key ([0124]: device unique secret key reads on the claimed child key), which meets the limitation of wherein the child key of a platform measurement root key is generated by the second chip based on the platform measurement root key [and a random number]. The device unique secret key is used to encrypt code stage signing secrets ([0135]) that include integrity information for the corresponding code stage ([0129]), which meets the limitation of the child key of the platform measurement root key is used for encrypting a loading process and an execution process measured by a dynamic measurement module. The integrity information is utilized to detect integrity failures in the code ([0129]) that can include firmware ([0099]), which meets the limitation of the dynamic measure module is a module used for measuring firmware that performs cryptographic operations. Examiner notes that the claim requirements that the firmware perform cryptographic operations represents an intended use limitation since the claims do not actually require cryptographic operations to be performed by the claimed firmware. 
Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23), which meets the limitation of generating a child key of a platform measurement root key based on the platform measurement root key and a random number. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Referring to claim 13, Cha discloses the generation of a new device unique secret key for each stage, or portion of code that is examined (Figure 16 & [0124]: any non-initial device unique secret key would read on the claimed cryptographic measurement key) where each device unique secret key is generated by the KDF, at least in part, on the initial root key (Figure 16 & [0124]: root key is used to generate initial device unique secret key, which is used to generate the next device unique secret key, and so on. Therefore, the subsequent device unique secret keys are generated based, at least in part, on the root key), which meets the limitation of receiving a cryptographic operation measurement key transmitted by the second chip, the cryptographic operation measurement key is generated by the second chip based on the platform measurement root key [and the third random number]. The device unique secret key is used to encrypt code stage signing secrets ([0135]) that include integrity information for the corresponding code stage ([0129]), which meets the limitation of wherein the cryptographic operation measurement key is used to encrypt a loading process and an execution process of a cryptographic operation measurement. The cipher engine uses the received device unique secret key to encrypt the signing secrets of the boot code ([0134]: encrypting using the device unique secret key requires cipher engine to store the device unique secret key prior to performing encryption), which meets the limitation of storing the cryptographic operation measurement key in the local storage device.
Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23) such that random values are generated for each key generation process using functionality on the same integrated circuit as the key generation functionality (Figure 3A & Col. 33, lines 25-33: random values generated for each key generation process would show that the random value used to generate a first key would be different than the random value used to generated a subsequent key; random number generator 305 and keys generated in 309), which meets the limitation of the cryptographic operation measurement key is generated by the second chip based on the platform measurement root key and a third random number, and the third random number is generated by the second chip. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Referring to claim 14, Examiner notes that the claimed functionality represents intended use limitations since the claim does include any limitations that require functionality to be performed by the claimed first chip or the claimed second chip. A recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim. In the instant case, the cipher engine and the KDF of Cha (Figures 13a-13c) are separate portions of a hardware chip and could be utilized to perform the claimed cryptographic operation or encryption/authentication of data. Therefore, because the cipher engine and KDF is capable of performing the claimed intended use, the limitations are met.
Referring to claim 15, Cha discloses a hardware chip that includes a processor and memories that include functionality to perform software integrity validation procedures (Figures 13a-13c: Processor, Internal ROM, On-Chip Execution Memory), which meets the limitation of one or more processors, memory, a receiving module stored in the memory and executable by the one or more processors, a generating module stored in the memory and executable by the one or more processors. The software integrity validation procedure is initiated when a system is booted such that the integrity of each boot stage of code is measured before it is executed ([0124]), which meets the limitation of receive a dynamic measurement request for a cryptographic operation. A device unique secret key is generated using a root key ([0124]: device unique secret key reads on the claimed child key), which meets the limitation of generate a child key of a platform measurement root key based on the platform measurement root key [and a random number]. The device unique secret key is used to encrypt code stage signing secrets ([0135]) that include integrity information for the corresponding code stage ([0129]), which meets the limitation of wherein the child key of the platform measurement root key is used for encrypting a loading process and an execution process measured by a dynamic measurement module. The integrity information is utilized to detect integrity failures in the code ([0129]) that can include firmware ([0099]), which meets the limitation of the dynamic measure module is a module used for measuring firmware that performs cryptographic operations. Examiner notes that the claim requirements that the firmware perform cryptographic operations represents an intended use limitation since the claims do not actually require cryptographic operations to be performed by the claimed firmware. 
Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23), which meets the limitation of generate a child key of a platform measurement root key based on the platform measurement root key and a random number. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Referring to claim 18, Cha discloses that the chip includes a key derivation portion that generates the device unique secret key and provides the generated device unique secret key to the cipher engine ([0134] & Figures 13a-13c), which meets the limitation of transmit the child key of the platform measurement root key to a cryptographic operation chip. The cipher engine uses the received device unique secret key to encrypt the signing secrets of the boot code ([0134]: encrypting using the device unique secret key requires cipher engine to store the device unique secret key prior to performing encryption), which meets the limitation of to allow the cryptographic operation chip to store the child key of the platform measurement root key in a local storage device in advance before the cryptographic operation is performed.
Referring to claim 20, Cha discloses the generation of a new device unique secret key for each stage, or portion of code that is examined (Figure 16 & [0124]: any non-initial device unique secret key would read on the claimed cryptographic measurement key) where each device unique secret key is based, at least in part, on the initial root key (Figure 16 & [0124]: root key is used to generate initial device unique secret key, which is used to generate the next device unique secret key, and so on. Therefore, the subsequent device unique secret keys are generated based, at least in part, on the root key), which meets the limitation of wherein the generating module is further configured to generate a cryptographic operation measurement key based on the platform measurement root key [and the third random number]. The device unique secret key is used to encrypt code stage signing secrets ([0135]) that include integrity information for the corresponding code stage ([0129]), which meets the limitation of wherein the cryptographic operation measurement key is used to encrypt a loading process and an execution process of a cryptographic operation measurement.
Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23) such that random values are generated for each key generation process using functionality on the same integrated circuit as the key generation functionality (Figure 3A & Col. 33, lines 25-33: random values generated for each key generation process would show that the random value used to generate a first key would be different than the random value used to generated a subsequent key), which meets the limitation of wherein the generating module is further configured to generate a third random number, and generate a cryptographic operation measurement key based on the platform measurement root key and the third random number. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Claims 2, 3, 11, 16, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Cha, U.S. Publication No. 2011/0302638, in view of Wu, U.S. Patent No. 10,891,366, and further in view of Newton, U.S. Publication No. 2018/0026969. Referring to claims 2, 16, Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values and a root key (Col. 53, line 40 – Col. 54, line 23), which meets the limitation of wherein the random number comprises [a first random number and] a second random number, and the second random number being used for generating the child key of the platform measurement root key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Cha, as modified in view of Wu above, does not disclose utilize an additional random number. Newton discloses the use of a random number to generate authorization codes ([0064]), which meets the limitation of wherein the random number comprises a first random number, and the first random number being used for preventing from being attacked during a process of responding the request. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the software integrity validation procedures of Cha to have utilized an additional random number to generate authorization codes in order to protect the system from replay attacks as suggested by Newton ([0064]).
Referring to claims 3, 17, Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values, generated from a random number generator in an integrated circuit (Figure 2C), and a root key (Col. 53, line 40 – Col. 54, line 23), which meets the limitation of the second random number is generated by the security chip. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Cha, as modified in view of Wu above, does not disclose utilize an additional random number. Newton discloses the use of a random number to generate authorization codes where the random numbers are passed during the shared session ([0064]: shared session would include the request/initiation of session), which meets the limitation of wherein the first random number is included in the dynamic measurement request for the cryptographic operation. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the software integrity validation procedures of Cha to have utilized an additional random number to generate authorization codes in order to protect the system from replay attacks as suggested by Newton ([0064]).
Referring to claim 11, Cha does not disclose that the device unique secret key is generated using a random number. Wu discloses key generation that utilizes random values, generated from a random number generator in an integrated circuit (Figure 2C), and a root key (Col. 53, line 40 – Col. 54, line 23), which meets the limitation of wherein the random number comprises [a first random number and] a second random number, and the second random number being generated by the security chip, and is used for generating the child key of the platform measurement root key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device unique secret key of Cha to have been generated using the root key and a random value in order to generate the device unique secret key in a manner that is unrelated to the root key as suggested by Wu (Col. 54, lines 19-23).
Cha, as modified in view of Wu above, does not disclose utilize an additional random number. Newton discloses the use of a random number to generate authorization codes where the random numbers are passed during the shared session ([0064]: shared session would include the request/initiation of session), which meets the limitation of wherein the random number comprises a first random number, the first random number is included in a dynamic measurement request for the cryptographic operation, and is used for preventing from being attacked during a process of responding the request. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the software integrity validation procedures of Cha to have utilized an additional random number to generate authorization codes in order to protect the system from replay attacks as suggested by Newton ([0064]).
Allowable Subject Matter
Claims 6, 8, 9, 12, 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kepa, U.S. Publication No. 2019/0213359, discloses on-chip key generation in MPSoC devices.
Forehand, U.S. Publication No. 2008/0072071, discloses embedded cryptographic operations where keys are generated using a root key.
Li, U.S. Publication No. 2020/0117805, discloses a secure booting method wherein a boot program is run when the device is booted such that an encryption/decryption key is generated using the root key ([0127]). 
	Moon, U.S. Publication No. 2019/0163910, discloses firmware verification utilizing a key derived on the device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437