DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is a response to an application filed 09/21/2018, wherein Claims 1-20 are pending and ready for examination.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This application currently names joint inventors. In considering patentability of the claims, the Examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, found at http:/www.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax, which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Information Disclosure Statement
As required by the provisions of 37 CFR 1.97, 1.98 and MPEP § 609, the Applicant’s submission of the Information Disclosure Statements (IDS) dated  09/21/2018 and 10/21/2019 are acknowledged by the Examiner and the cited references have been considered in the examination of the claims now pending.  As required by the provisions of 37 CFR 1.97, 1.98 and MPEP § 609, an initialed and dated copy of each PTOL-1449 corresponding to each considered IDS is attached to the instant office action.

Priority
The instant application, filed 09/21/2018, does not claim priority.

Specification
Applicant’s cooperation is requested in correcting any errors of which Applicant may become aware in the specification.

Drawings
The submitted drawings, filed 09/21/2018, are acceptable for the examination purpose.

Claim Objections
Claims 1, 7, 8, and 15 are objected due to the following informality:
Claims 1, 7, 8, and 15 recite “based on the determination”. There is insufficient antecedent basis for “the determination”. The Examiner interprets the phrase “the determination“ as to the recited step for “determining that the platform state is a known good state”.  Appropriate clarification is requested.
Claim 4 is objected due to the following informalities:
Claim 4 recites “The method of claim 4, wherein…”, such that it is dependent on itself, and therefore does not contain a reference to a claim previously set forth. Applicant may cancel the claim, amend the claim to place the claim in proper dependent form, or rewrite the claim in 
Claim 4 recites “the computer application comprises the operating system”. There is insufficient antecedent basis for “the operating system”. Appropriate clarification is requested.
Claims 5 and 12 are objected due to the following informality:
Claims 5, 12 and 18 recite “the platform state comprises a representation of firmware that is running on the computing platform”. For clarification, it is suggested to amend claims 5, 12 and 18 so that they recite “the platform state comprises a representation of a firmware that is running on the computing platform”.
Claim 6 is objected due to the following informalities:
Claim 6 recites “The method of claim 6, wherein…”, such that it is dependent on itself, and therefore does not contain a reference to a claim previously set forth. Applicant may cancel the claim, amend the claim to place the claim in proper dependent form, or rewrite the claim in independent form. It appears that Claim 6 may actually be dependent on Claim 5. Appropriate clarification is requested.
Claim 6 recites “the computer application comprises the firmware”. There is insufficient antecedent basis for “the firmware”. Appropriate clarification is requested.
Claims 9 and 14 are objected due to the following informalities:
Claims 9 and 14 recite “wherein the instructions cause the processor to…”. There is insufficient antecedent basis for “the processor”. Appropriate clarification is requested.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Examiner’s note: text in bold correspond to the cited prior art reference, ad verbatim. Comments in brackets { } include the Examiner’s mapping of the claimed feature to the cited reference, and observations thereof. 
Claims 1, 2, 7, 8, 9, 14, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2011/0099627 (Proudler) in view of U.S. PGPub No. 2014/0130151 (Krishnamurthy).
Referring to independent Claims 1 and 8
Regarding Claim 1, Proudler teaches a method for secure data protection, comprising:
storing secured data (Proudler discloses various types of secured data, such as (1) a trusted computing platform [to] enable measurements {i.e. storing secured data, in this case, storing measurements in a trusted platform}... [¶ 3]... (2) a trusted BIOS program {i.e. also secured data} in... a trusted platform... [¶ 27]... (3) trustable storage for securely storing data {i.e. also a secured data} in encrypted form... [¶ 36].) using a security co-processor of a computing platform (Proudler discloses a trusted platform can be embodied as a hardware component (which may include a program-controlled processor) {i.e. a security co-processor)... [¶ 22].), wherein the secured data is associated with a computer application (Proudler discloses (1) a trusted computing platform [to] enable measurements {i.e. secured data}... [and] provide these in the form of integrity metrics to appropriate entities {i.e. secured data is associated with a computer application}... [¶ 3]... (2) a trusted BIOS program {i.e. also secured data} in... a trusted platform that is responsible for... initialising hardware before an OS takes over {i.e. secured data is associated with a computer application}... [¶ 27]... (3) trustable storage for securely storing data {i.e. also a secured data} in encrypted form... [¶ 36]... relating to some or all of the software running on the computer platform {i.e. secured data is associated with a computer application}. [¶ 38].);
associating the secured data with a platform state policy that indicates an expected platform state for providing the secured data to a requester (The term “state” is construed as the condition of something at a particular time. See OneLook.com, ahdictionary.com and macmillandictionary.com. The term "policy" is construed as procedure, code or method. See merriam-webster.com and lexico.com. Proudler discloses to securely enforce various security control policies {i.e. platform state policy}... [¶ 28]. The measurement {i.e. state} of the BIOS program’s integrity... can be used to verify whether the platform booted using the correct BIOS {i.e. expected platform state}... individual functional blocks within the BIOS could have their own digest values... to state which parts of BIOS operation are critical for an intended purpose {i.e. a platform state policy}... [¶ 35]. Once a user has established trusted operation of the platform {i.e. expected platform state}, he exchanges data with the platform {i.e. for providing the secured data, such as with the trustable storage for securely storing data in encrypted form [¶ 36], relating to some or all of the software running on the computer platform}. [¶ 38]. The present status {i.e. state} indicators are: a BIOSMatch flag 457, which indicates whether a current BIOS measurement matches an expected BIOS measurement {i.e. expected platform state}. [¶ 47].);
receiving a request for the secured data from the requester (Proudler discloses a user (for example via a software application) requests, via an appropriate command, specified information... [¶ 90].);
determining that the platform state is a known good state based on the platform state policy, [[the version counter policy,]] a platform state of the computing platform stored in the security co-processor, the expected platform state, [[a version counter of the platform state stored in the security co-processor, and the expected version counter]] (Proudler discloses a policy to state... that validity of operation under the policy can be established... [¶ 35]... by requesting the trusted platform to provide one or more integrity metrics {i.e. based on the platform state policy}. The user receives the integrity metric or metrics {i.e. expected platform state}, and compares them against values... provided by a TP that is prepared to vouch for the trustworthiness of the platform {i.e. a platform state of the computing platform stored in the security co-processor}... If there is a match, the implication is that at least part of the platform is operating correctly {i.e. determining that the platform state is a known good state}... [¶ 37]. The present status {i.e. state} indicators are: a BIOSMatch flag 457, which indicates whether a current BIOS measurement matches an expected BIOS measurement {i.e. expected platform state}. [¶ 47].); and
providing the secured data for the requester based on the determination (Proudler discloses trustable storage for securely storing data in encrypted form and for ensuring that access to this data only occurs in a named environment. [¶ 36]. A user can verify the correct operation of a trusted computing platform, for example, before exchanging data with the platform, by requesting the trusted platform to provide one or more integrity metrics. [¶ 37]. Once a user has established trusted operation of the platform, he exchanges data with the platform. [¶ 38].).
Proudler does not explicitly teach the following feature limitations that Krishnamurthy teaches:
associating the secured data with a version counter policy that indicates an expected version counter for providing the secured data to the requester (As noted in the analysis above, Proudler discloses associating secured data with a policy that indicates an expected value for providing the secured data. The term "policy" is construed as a procedure, code or method. See merriam-webster.com and lexico.com.  Krishnamurthy discloses to ensure that the new firmware version being downloaded onto the NFCC 145 is higher than the previous version {i.e. a version counter policy}... [¶ 40]... [and] enforce instructions in accordance to policies stored in the SEE {i.e. security co-processor}. [¶ 53]. FIG. 3 is a flowchart outlining... the Lowest Acceptable Firmware Version Number (LAFVN) in a secure element environment {i.e. LAFVN is the secured data}... [¶ 70]... [and] the firmware version number (FVN) associated with the firmware installation request... [¶ 71]...  if the comparison indicates that the FVN is equal to or greater than the LAFVN {i.e. expected version counter; which in this case is also secured data}, then the... firmware installation is allowed... [¶ 75]... [and] the LAFVN can be updated… {i.e. providing the secured data to the requester; in this case, providing the secured data LAFVN for updating said data to another value}. [¶ 76].); and
determining [[that the platform state is a known good state]] based on the version counter policy, a version counter [[of the platform state stored in the security co-processor]], and the expected version counter (As noted above, Proudler discloses a platform state stored in the security co-processor and determining that the platform state is a known good state. [¶ 34]. Krishnamurthy discloses to ensure that the new firmware version being downloaded onto the NFCC 145 is higher than the previous version {i.e. this is based on the version counter policy analyzed in the preceding paragraph}... [¶ 40]. [T]he FVN received is a version number 1.2, and the NFCC checks to make sure it is higher or equal to the LAFVN {i.e. based on the expected version counter} stored in the secure element environment... Once the NFCC 145 receives the version number, it compares the two values... [¶ 74]... if the comparison indicates that the FVN is equal to or greater than the LAFVN, then the... the firmware installation is allowed... [¶ 75].).
Proudler and Krishnamurthy are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need to facilitate information exchange in secure transactions. [Krishnamurthy; ¶ 2].
Therefore, prior to the instant application’s effective filing date, it would have been obvious to use the anti-rollback protection of Krishnamurthy in the trusted entity computing platform of Proudler in order to disallow firmware installation when the firmware version number is less than the lowest acceptable version.
Regarding Claim 8, it is a system claim that corresponds to method Claim 1, and is therefore rejected with the same rationale and motivation as above.
Referring to Claims 2 and 9
Regarding Claim 2, the combination of Proudler and Krishnamurthy teaches the method of Claim 1.
The combination of Proudler and Krishnamurthy further teaches:
a trusted boot process to ensure that the operating state of the platform 10 is recorded {i.e. storing} in a secure manner {i.e. in response to a booting operation}. [¶ 28]. [A] first integrity metric {i.e. platform state} is acquired... [¶ 32]. [T]he measurement function 31 has access to the… volatile memory 4 (for storing acquired integrity metric measurements {i.e. storing the platform state in the secure co-processor; note that volatile memory 4 is part of the trusted component in FIG. 3a}). [¶ 34].); and
storing the version counter of the platform state in the security co-processor in response to installing a version of software associated with the platform state on the computing platform (Proudler discloses a trusted boot process to ensure that the operating state of the platform 10 is recorded in a secure manner {i.e. storing the platform state in the security co-processor}. [¶ 28]. BIOS {i.e. software associated with the platform state} update procedure... [¶ 50]... reads a new BIOS data file... [¶ 51]. The update {i.e. platform state} would be stored {i.e. storing the platform state} as the expected BIOS measurement value {i.e. storing the platform state in response to installing a version of software associated with the platform state}… [¶ 54]. Krishnamurthy discloses updating the last installed firmware version number {i.e. version counter} stored in the secure environment {i.e. security co-processor} after a forced update {i.e. in response to installing a version of software}... [¶ 25]... [and] storing the version number of the firmware in the secure element environment. [¶ 47].).
Regarding Claim 9, the rejection of Claim 8 is incorporated. In addition, Claim 9 is a system claim that corresponds to method claim 2 and is therefore rejected with the same rationale and motivation as above.
Referring to Claim 7
Regarding Claim 7, the combination of Proudler and Krishnamurthy teaches the method of Claim 1.
The combination of Proudler and Krishnamurthy further teaches:
BIOS {i.e. firmware} installs the approved BIOS {i.e. computer application} update in the BIOS... [FIG. 5; ¶ 68].);
generating a new platform state policy to indicate a new expected platform state for providing the secured data to the requester in response to determining that the computer application is updated successfully, wherein the new expected platform state is based on the updated computer application (Proudler discloses [a]n exemplary trusted component parameters update command package {i.e. new parameters for the platform state policy, a new platform state policy}, BIOSupgradeParameters... includes the arguments... Expected BIOS measurement #2, which is the future expected value of measured BIOS firmware {i.e. new expected platform state}... the future value of PCR values {i.e. also new expected platform state} before BIOS measurements {i.e. secured data} are to be extended into the PCRs {i.e. for providing the secured data}... [¶ 71]. This process, in effect, revises the expected BIOS measurement parameters stored inside the trusted component {i.e. the new expected platform state is based on the updated computer application, which in this case is the BIOS}. [¶ 72].);
rebooting the computing platform (Proudler discloses the BIOS update program updates the trusted component parameters in the TPM... and then reboots the platform... under control of the new BIOS firmware. [¶ 68].); and
determining that the platform state of the rebooted computing platform represents the updated computer application (Proudler discloses verifying BIOS measurements during each boot process... [¶ 74]... BIOS measurement is checked [step 810] to see if it matches the expected BIOS measurement value 460 {i.e. updated computer application; in this case, the updated BIOS}... If the PCRs are the `PCRs prior to BIOS measurement` 456, AND [step 820] the BIOS measurement value is the expected BIOS measurement value 460 {i.e. determining that the platform state of the rebooted computing platform represents the updated computer application; in this case, the updated BIOS}, then the BIOSMatch flag 457 is set to one (TRUE) [step 825]... [FIG. 8; ¶ 81].).
updating the last installed firmware version number {i.e. version counter} stored in the secure environment {i.e. security co-processor} after a forced update {i.e. based on the determination}... [¶ 25]... [and] storing the version number of the firmware in the secure element environment. [¶ 47]. [I]f the NFCC 145 determines {i.e. based on the determination} that the LAFVN is less than the FVN, then the NFCC can update the LAFVN stored in the secure element environment to equal FVN. [¶ 104].).
Referring to Claim 14
Regarding Claim 14, the combination of Proudler and Krishnamurthy teaches the system of Claim 8.
Proudler further teaches to:
update the computer application to a new version of the computer application (Proudler discloses a BIOS installs the approved BIOS update {i.e. the computer application} in the BIOS... [FIG. 5; ¶ 68].); and
generate a new platform state policy to indicate a new expected platform state for providing the secured data to the requester in response to determining that the computer application is updated successfully (Proudler discloses [a]n exemplary trusted component parameters update command package {i.e. new parameters for the platform state policy, a new platform state policy}, BIOSupgradeParameters... includes the arguments... Expected BIOS measurement #2, which is the future expected value of measured BIOS firmware {i.e. new expected platform state}... the future value of PCR values {i.e. also new expected platform state} before BIOS measurements {i.e. secured data} are to be extended into the PCRs {i.e. for providing the secured data}... [¶ 71]. This process, in effect, revises the expected BIOS measurement parameters stored inside the trusted component {i.e. the new expected platform state is based on the updated computer application, which in this case is the BIOS}. [¶ 72].).
Referring to independent Claim 15
Regarding Claim 15, Proudler teaches a non-transitory, computer-readable medium storing computer-executable instructions, which when executed, cause a computer to:
store secured data (Proudler discloses various types of secured data, such as {1} a trusted computing platform [to] enable measurements {i.e. storing secured data, in this case, storing measurements in a trusted platform}... [¶ 3]... {2} a trusted BIOS program {i.e. also secured data} in... a trusted platform... [¶ 27]... {3} trustable storage for securely storing data {i.e. also a secured data} in encrypted form... [¶ 36].) using a security co-processor (Proudler discloses a trusted platform can be embodied as a hardware component (which may include a program-controlled processor) {i.e. a security co-processor)... [¶ 22].), wherein the secured data is associated with a computer application (Proudler discloses {1} a trusted computing platform [to] enable measurements {i.e. secured data}... [and] provide these in the form of integrity metrics to appropriate entities {i.e. secured data is associated with a computer application}... [¶ 3]... {2} a trusted BIOS program {i.e. also secured data} in... a trusted platform that is responsible for... initialising hardware before an OS takes over {i.e. secured data is associated with a computer application}... [¶ 27]... {3} trustable storage for securely storing data {i.e. also a secured data} in encrypted form... [¶ 36]... relating to some or all of the software running on the computer platform {i.e. secured data is associated with a computer application}. [¶ 38].);
associate the secured data with a platform state policy that indicates an expected platform state for providing the secured data to a requester (The term "policy" is construed as procedure, code or method. See merriam-webster.com and lexico.com. Proudler discloses to securely enforce various security control policies {i.e. platform state policy}... [¶ 28]. The measurement of the BIOS program’s integrity... can be used to verify whether the platform booted using the correct BIOS {i.e. expected platform state}... individual functional blocks within the BIOS could have their own digest values... to state which parts of BIOS operation are critical for an intended purpose {i.e. a platform state policy}... [¶ 35]. Once a user has established trusted operation of the platform {i.e. expected platform state}, he exchanges data with the platform {i.e. for providing the secured data, such as the trustable storage for securely storing data in . [¶ 38]. The present status indicators are: a BIOSMatch flag 457, which indicates whether a current BIOS measurement matches an expected BIOS measurement {i.e. expected platform state}. [¶ 47].);
store a platform state of a computing platform in the security co-processor in response to a booting operation of the computing platform (Proudler discloses a trusted boot process to ensure that the operating state of the platform 10 is recorded {i.e. storing} in a secure manner {i.e. in response to a booting operation}. [¶ 28]. [A] first integrity metric {i.e. platform state} is acquired... [¶ 32]. [T]he measurement function 31 has access to the… volatile memory 4 (for storing acquired integrity metric measurements {i.e. storing the platform state in the secure co-processor; note that volatile memory 4 is part of the trusted component in FIG. 3a}). [¶ 34].);
store [[a version counter of]] the platform state in the security co-processor in response to installing a version of software associated with the platform state on the computing platform (Proudler discloses a trusted boot process to ensure that the operating state of the platform 10 is recorded in a secure manner {i.e. storing the platform state in the security co-processor}. [¶ 28]. BIOS {i.e. software associated with the platform state} update procedure... [¶ 50]... reads a new BIOS data file... [¶ 51]. The update {i.e. platform state} would be stored {i.e. storing the platform state} as the expected BIOS measurement value 460 {i.e. in response to installing a version of software associated with the platform state}. [¶ 54].).
receive a request for the secured data from the requester (Proudler discloses a user (for example via a software application) requests, via an appropriate command, specified information... [¶ 90].);
determine that the platform state is a known good state based on the platform state policy, [[the version counter policy,]] the platform state, the expected platform state, [[the version counter, and the expected version counter]] (Proudler discloses a policy to state... that validity of operation under the policy can be established... [¶ 35]... by requesting the trusted platform to provide one or more integrity metrics {i.e. based on the platform state policy}. The user receives the integrity metric or metrics {i.e. expected platform state}, and compares them against values... provided by a TP that is prepared to vouch for the trustworthiness of the platform {i.e. a platform state of the computing platform (stored in the security co-processor)}... If there is a match, the implication is that at least part of the platform is operating correctly {i.e. determining that the platform state is a known good state}... [¶ 37].); and
provide the secured data for the requester based on the determination (The Examiner interprets the phrase “the determination“ as the instruction to “determine that the platform state is a known good state”.  Proudler discloses trustable storage for securely storing data in encrypted form and for ensuring that access to this data only occurs in a named environment. [¶ 36]. A user can verify the correct operation of a trusted computing platform, for example, before exchanging data with the platform, by requesting the trusted platform to provide one or more integrity metrics. [¶ 37]. Once a user has established trusted operation of the platform, he exchanges data with the platform. [¶ 38].).
Proudler does not explicitly teach the following feature limitations that Krishnamurthy teaches:
associate the secured data with a version counter policy that indicates an expected version counter for providing the secured data to the requester (As noted in the analysis above, Proudler discloses associating secured data with a policy that indicates an expected value for providing the secured data. The term "policy" is construed as a procedure, code or method. See merriam-webster.com and lexico.com.  Krishnamurthy discloses to ensure that the new firmware version being downloaded onto the NFCC 145 is higher than the previous version {i.e. a version counter policy}... [¶ 40]... [and] enforce instructions in accordance to policies stored in the SEE {i.e. security co-processor}. [¶ 53]. FIG. 3 is a flowchart outlining... the Lowest Acceptable Firmware Version Number (LAFVN) in a secure element environment {i.e. LAFVN is the secured data}... [¶ 70]... [and] the firmware version number (FVN) associated with the firmware installation request... [¶ 71]...  if the comparison indicates that the FVN is equal to or greater than the LAFVN {i.e. expected version counter; which in this case is also secured data}, then the... firmware installation is allowed... [¶ 75]... [and] the LAFVN can be updated… {i.e. providing the secured data to the requester; in this case, providing the secured data LAFVN for updating said data to another value}. [¶ 76].);
store a version counter of the platform state in the security co-processor in response to installing a version of software associated with the platform state on the computing platform (Krishnamurthy discloses updating the last installed firmware version number {i.e. version counter} stored in the secure environment {i.e. security co-processor} after a forced update {i.e. in response to installing a version of software}... [¶ 25]... and storing the version number of the firmware in the secure element environment. [¶ 47].); and
 [[determine that the platform state is a known good state]] based on the version counter policy, the version counter, and the expected version counter (As noted above, Proudler discloses to determine that the platform state is a known good state. [¶ 34]. Krishnamurthy discloses to ensure that the new firmware version being downloaded onto the NFCC 145 is higher than the previous version {i.e. this is based on the version counter policy analyzed in the preceding paragraph}... [¶ 40]. [T]he FVN received is a version number 1.2, and the NFCC checks to make sure it is higher or equal to the LAFVN {i.e. based on the expected version counter} stored in the secure element environment... Once the NFCC 145 receives the version number, it compares the two values... [¶ 74]... if the comparison indicates that the FVN is equal to or greater than the LAFVN, then the... the firmware installation is allowed... [¶ 75].).
Proudler and Krishnamurthy are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need to facilitate information exchange in secure transactions. [Krishnamurthy; ¶ 2].
Therefore, prior to the instant application’s effective filing date, it would have been obvious to use the anti-rollback protection of Krishnamurthy in the trusted entity computing platform of Proudler in order to disallow firmware installation when the firmware version number is less than the lowest acceptable version.
Referring to Claim 20
Regarding Claim 20, the combination of Proudler and Krishnamurthy teaches the medium of Claim 15.

update the computer application to a new version of the computer application (Proudler discloses a BIOS installs the approved BIOS update in the BIOS... [FIG. 5; ¶ 68].); and
generate a new platform state policy to indicate a new expected platform state for providing the secured data to the requester in response to determining that the computer application is updated successfully (Proudler discloses [a]n exemplary trusted component parameters update command package {i.e. new parameters for the platform state policy, a new platform state policy}, BIOSupgradeParameters... includes the arguments... Expected BIOS measurement #2, which is the future expected value of measured BIOS firmware {i.e. new expected platform state}... the future value of PCR values {i.e. also new expected platform state} before BIOS measurements {i.e. secured data} are to be extended into the PCRs {i.e. for providing the secured data}... [¶ 71]. This process, in effect, revises the expected BIOS measurement parameters stored inside the trusted component {i.e. the new expected platform state is based on the updated computer application, which in this case is the BIOS}. [¶ 72].).
Claims 3, 4, 5, 6, 10, 11, 12, 13, 16, 17, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2011/0099627 (Proudler) in view of U.S. PGPub No. 2014/0130151 (Krishnamurthy) and further in view of U.S. PGPub No. 2010/0229168 (Maeda).
Referring to Claims 3, 10 and 16
Regarding Claim 3, the combination of Proudler and Krishnamurthy teaches the method of Claim 1.
The previous combination does not explicitly teach the following feature limitation that Maeda teaches:
the platform state comprises a representation of an operating system that is running on the computing platform (Maeda discloses calculating (measuring) a hash value of software (hereinafter called "the measurement result" or "the measurement value") {i.e. the platform state}, and securely storing the calculated hash value {i.e. representation} in Platform Configuration Register (PCR) in the TPM... it is possible to check whether the application software programs are started up {i.e. running} in the appropriate order by sequentially checking the TPM, the BIOS, and OS {i.e. operating system that is running} and setting their respective hash values {i.e. the platform state comprises a representation of an operating system} to the PCR one by one. As a result, it is possible to realize a reliable software execution environment. [¶ 293].).
Proudler, Krishnamurthy and Maeda are from a similar field of technology. Prior to the instant application’s effective filing date, there was a need to realize a secure computing environment by ensuring the reliability of the platform. [Maeda; ¶ 292].
Therefore, prior to the instant application’s effective filing date, it would have been obvious to use the play-back techniques of Maeda in the trusted entity computing platform of Proudler in order to realize a reliable software execution environment.
Regarding Claim 10, the rejection of Claim 8 is incorporated. In addition, Claim 10 is a system claim that corresponds to method claim 3 and is therefore rejected with the same rationale and motivation as above.
Regarding Claim 16, the rejection of Claim 15 is incorporated. In addition, Claim 16 is a medium claim that corresponds to method claim 3 and is therefore rejected with the same rationale and motivation as above.
Referring to Claims 4, 11 and 17
Regarding Claim 4, the combination of Proudler, Krishnamurthy and Maeda teaches the method of Claim 3.
Proudler further teaches:
the computer application comprises the operating system (As noted previously above, the Examiner interprets Claim 4 as dependent on Claim 3. Proudler discloses a trusted BIOS program {i.e. secured data} in... a trusted platform that is responsible for taking measurements and initialising hardware before an OS takes over {i.e. the secured data is associated with a computer application, the operating system (OS)}... [¶ 27].).
Regarding Claim 11, the rejection of Claim 10 is incorporated. In addition, Claim 11 is a system claim that corresponds to method claim 4 and is therefore rejected with the same rationale and motivation as above.
Regarding Claim 17, the rejection of Claim 16 is incorporated. In addition, Claim 17 is a medium claim that corresponds to method claim 4 and is therefore rejected with the same rationale and motivation as above.
Referring to Claims 5, 12 and 18
Regarding Claim 5, the combination of Proudler, Krishnamurthy and Maeda teaches the method of Claim 4.
Maeda further teaches:
the platform state comprises a representation of firmware that is running on the computing platform (Maeda discloses calculating (measuring) a hash value of software (hereinafter called "the measurement result" or "the measurement value") {i.e. the platform state}, and securely storing the calculated hash value in Platform Configuration Register (PCR) in the TPM... it is possible to check whether the application software programs are started up {i.e. running} in the appropriate order by sequentially checking the TPM, the BIOS {i.e. firmware that this running}, and OS and setting their respective hash values {i.e. the platform state comprises a representation of firmware} to the PCR one by one. As a result, it is possible to realize a reliable software execution environment. [¶ 293].).
Regarding Claim 12, the rejection of Claim 10 is incorporated. In addition, Claim 12 is a system claim that corresponds to method claim 5 and is therefore rejected with the same rationale and motivation as above.
Regarding Claim 18, the rejection of Claim 16 is incorporated. In addition, Claim 18 is a medium claim that corresponds to method claim 5 and is therefore rejected with the same rationale and motivation as above.
Referring to Claims 6, 13 and 19
Regarding Claim 6, the combination of Proudler, Krishnamurthy and Maeda teaches the method of Claim 5.
Proudler further teaches:
the computer application comprises the firmware (As noted previously above, the Examiner interprets Claim 6 as dependent on Claim 5. Proudler discloses a trusted BIOS {i.e. secured data}... in... a trusted platform... [¶ 27]. In a first step [step 500], a user executes a BIOS update program, which is typically a software program provided by a platform OEM for the purposes of updating (or flashing) the BIOS firmware {i.e. the secured data is associated with a computer application and the computer application comprises the firmware, in this case the new or update BIOS that will be used for flashing}. [FIG. 5; ¶ 51].).
Regarding Claim 13, the rejection of Claim 12 is incorporated. In addition, Claim 13 is a system claim that corresponds to method claim 6 and is therefore rejected with the same rationale and motivation as above.
Regarding Claim 19, the rejection of Claim 18 is incorporated. In addition, Claim 19 is a medium claim that corresponds to method claim 6 and is therefore rejected with the same rationale and motivation as above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
US 20110040961 (Badaoui-Najjar; Ramez N. et al.) - a cryptographic co-processor in a computing system to encode data using parameters determined during initialization, or during operation, or determined from machine specific values or states to bind data optionally to a specific machine, a specific cryptographic co-processor, or a specific operating environment or machine state.
US 20170177873 (Raghuram; Yeluri et al.) - a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.
US 20180004502 (Samuel; Balasingh et al.) - a BIOS update may be communicated to the information handling system so that the BIOS firmware may be updated... If the BIOS version 
US 20140137178 (Thom; Stefan et al.) - trusted platform module stores information in a protected object having an associated policy. A program requesting access to the information is allowed to access the information if the policy is satisfied, and is denied access to the information if the policy is not satisfied. The trusted platform module uses one or more monotonic counters associated with the protected object to track attempts to access the information.
US 20080276086 (Proudler; Graeme John) - defining security controls for a plurality of data items, and applying individualised security rules to each of the data items based on a measurement of integrity of a computing entity to which the data items are to be made available.
US 20190197241 (Martinez; Ernesto) - a trusted execution environment (TEE) circuit to store a firmware of the drone and determine whether the firmware is valid.
US 20170010881 (Kawazu; Ayuta) - invention prevents rollback of firmware of an information processing apparatus. The apparatus including a security chip includes a counter which holds a value which monotonically increases, a version management unit which manages a current version number of software in the apparatus, a first verification unit which verifies validity of update software of the software and a version number of the update software, a rollback detection unit which detects whether a version of the update software is newer than a version of the current software, an update unit which updates the software using the update software, and a second verification unit which verifies whether the update unit has successfully updated the software.
US 20180144135 (Rihan; Sahil Sunil et al.) - BMC portion can include its own TPM for storing information about the last trusted version of BMC firmware. If the BMC firmware cannot be verified, then start-up of the server is canceled or paused, and the bootstrap software is configured to wait for new BMC firmware.
US 20200034541 (Ballard; Lee E. et al.) - a memory to store BIOS, a processor, a BMC, and an add-in device. The BMC updates the BIOS in a first system state and prevents BIOS updates in a second system state.
US 20190095623 (Narasimhan; Krishnakumar et al.) - a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD W CRUZ-FRANQUI whose telephone number is (313)446-6571.  The examiner can normally be reached on M-F 5:30-2:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571)272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/RICHARD W CRUZ-FRANQUI/Examiner, Art Unit 2498