Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

2.	Claims 1, 3, 4-5, 7, 8, 10, 11, 12, 14-15, 17, 18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sakata (US Patent Application Publication 20200228346), and further in view of Zayas (US Patent Application Publication 20090172420), further in view of Spainer et al (US Patent 10958435). 

For claim 1, Sakata teaches the following limitations: A direct-attached storage device bridge (HDD in [0061]) comprising: boot loader logic ([0062]); a memory configured to store a public key ([0036]); logic to: access a firmware image comprising: an encrypted hash code and encrypted firmware instructions (43 in Fig 1 is the encrypted firmware image and 42 is the encrypted firmware and 8 is the encrypted hash); use the public key to decrypt an encrypted hash code into a decrypted hash code (([0061]; 8 is decrypted with public key); use the public key to decrypt encrypted firmware instructions into decrypted firmware instructions ([0061]; 43 is decrypted; [0077]; public key); calculate a first calculated hash code of the decrypted firmware instructions (hash code 6; [0061]); calculate a second calculated hash code for firmware instructions stored as clear- text (second hash value [0061]); and control the boot loader logic based on the decrypted hash code, the first calculated hash code, and the second calculated hash code. ([0061]-[0062]). 

Sakata does not mention the following limitations:
ROM to store the public key
Public key used to decrypt both firmware and hash 

Zayas teaches the following limitations: key in ROM in HDD and decrypt both firmware and hash code ([0039]-[0042]). 

It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Sakata and Zayas to use one public key stored in ROM so that the system is simplified. Sakata mentions one public key system for the firmware encryption ([0077]). Sakata in view of Zayas does not teach that the firmware image include clear-text version of the firmware. Spainer et al teach a firmware image with encrypted hash code and clear-text of firmware (Fig 6A). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Sakata, Zayas and Spainer to include a firmware image with clear-text, encrypted hash and encrypted firmware to increase the security. As explained in Spainer et al, the hash of the plain text is calculated and compared against hash obtained from the digital signature to determine the accuracy (lines 45-62 of col 24). This 

For claims 3, 10 and 17, Sakata teaches the second alternative in [0061]-[0062]. 

For claims 4-5, 11-12 and 18, cited art does not mention about warning. Providing warning is well known in the art. It would have been obvious for one ordinary skill in the art to provide warning during partial accuracy, since that provides user an indication that system is working with partial accuracy. 

For claims 7, 14 and 20, prohibiting boot during tampering is known in the art for security reasons. Sakata teaches tamper detection ([0062]).  

For claim 8, A system comprising: means for storing a firmware image comprising: an encrypted hash code and encrypted firmware instructions (43 in Fig 1 is the encrypted firmware image and 42 is the encrypted firmware and 8 is the encrypted hash); means for booting the device using firmware image ([0061]-[0062]); means for: using the public key to decrypt an encrypted hash block into a decrypted hash code (([0061]; 8 is decrypted with public key); using the key to decrypt encrypted firmware instructions into decrypted firmware instructions  ([0061]; 43 is decrypted; key 5 is used; [0018]-[0019]); calculating a first calculated hash code of the decrypted firmware instructions (hash code 6; [0061]);  17Docket No: FSP1613 calculating a second calculated hash code for firmware instructions stored as clear-text (second hash value [0061]); and controlling a boot loader using the decrypted hash code, the first calculated hash code, and the second calculated hash code ([0061]-[0062])..

Sakata does not mention the following limitations:
ROM to store the public key
Public key used to decrypt symmetric key, symmetric key to decrypt the encrypted firmware

Zayas teaches the following limitations: key in ROM in HDD and decrypt both firmware and hash code ([0039]-[0042]). Decrypting symmetric key with public key is known in the art.  

It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Sakata and Zayas to use one public key stored in ROM to decrypt a symmetric key so that the system is simplified. Sakata mentions encryption key 5 for firmware ([0016]-[0017]), which can be encrypted with the firmware so that public key can decrypt the key. Sakata in view of Zayas does not teach that the firmware image include clear-text version of the firmware. Spainer et al teach a firmware image with encrypted hash code and clear-text of firmware (Fig 6A). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Sakata, Zayas and Spainer to include a firmware image with clear-text, encrypted hash and encrypted firmware to increase the security. 

For claim 15, Sakata teaches the following limitations:  A method comprising: storing a firmware image comprising: an encrypted hash code and encrypted firmware instructions (43 in Fig 1 is the encrypted firmware image and 42 is the encrypted firmware and 8 is the encrypted hash); using a public key from a read-only memory to decrypt an encrypted hash code into a decrypted hash code (([0061]; 8 is decrypted with public key); using the public key to decrypt encrypted firmware instructions into decrypted firmware instructions ([0061]; 43 is decrypted; [0077]; public key); calculating a first calculated hash code of the decrypted firmware instructions (hash code 6; [0061]); calculating a second calculated hash code for firmware instructions stored as clear-text (second hash value [0061]); and controlling a boot loader based on the decrypted hash code, the first calculated hash code, and the second calculated hash code ([0061]-[0062])..

Sakata does not mention the following limitations:
ROM to store the public key
Public key used to decrypt both firmware and hash 

Zayas teaches the following limitations: key in ROM in HDD and decrypt both firmware and hash code ([0039]-[0042]). 

It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Sakata and Zayas to use one public key stored in ROM so that the system is simplified. Sakata mentions one public key system for the firmware encryption ([0077]). Sakata in view of Zayas does not teach that the firmware image include clear-text version of the firmware. Spainer et al teach a firmware image with encrypted hash code and clear-text of firmware (Fig 6A). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Sakata, Zayas and Spainer to include a firmware image with clear-text, encrypted hash and encrypted firmware to increase the security. As explained in Spainer et al, the hash of the plain text is calculated and compared against hash obtained from the digital signature to determine the accuracy (lines 45-62 of col 24). This teaching can be imcorporated into Sakata to determine further accuracy of the plaintext. Sakata decrypts the firmware to get plaintext 41 ([0061]-[0062]). The plaintext can be sent in addition to the encrypted text so that further accuracy of the plaintext is determined. 

3.	Claims 2, 9 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sakata (US Patent Application Publication 20200228346), and further in view of Zayas (US Patent Application Publication 20090172420), further in view of Spainer et al . 

For claims 2, 9 and 16, cited art does not teach plural keys. Gulati teaches plural keys (Fig 1). With the plural keys, indexing is necessary to determine the correct key. Flash ROM can be used to store such index because of non-volatility. It would have been obvious for one ordinary skill in the art before the effective filing date of the application to use plural keys so that user can take key randomly at a time to increase security. 

Allowable Subject Matter
3.	Claims 6, 13 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory 






/FAHMIDA RAHMAN/Primary Examiner, Art Unit 2186