Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over JANG et al. (United States Patent Application Publication US 2014/0164725), hereinafter JANG, in view of Kessler et al. (United States Patent Application Publication US 2013/0254906), hereinafter Kessler.

1, JANG teaches a method comprising receiving a boot command to boot a computing system in one of a secure mode or an unsecure mode; ([0116] “if the electronic apparatus is turned on at operation S610, the CPU 130 determines whether to perform secure boot or normal boot at operation S615. That is, if power is switched on, the CPU 130 goes to a reset vector and fetches an instruction.” At the beginning of the booting process, the electronic apparatus, which is interpreted as a computing system, determines secure boot or normal boot by fetching an instruction, which is interpreted as a boot command to boot in one of a secure mode or an unsecure mode.)
in response to determining from the boot command to boot the computing system in the secure mode: ([0118] “If the first memory 110 is designated, it is determined that secure boot is performed at operation S615: Y. If the secure boot is performed, the CPU 130 accesses the first memory 110 at operation S625 and detects initialization data at operation S630. Prior to this, the CPU 130 may prohibit access to itself via an external port.” As shown in Fig. 6, as security boot is determined at S615, the computing system boots in a security boot based on the instruction by the CPU, which is interpreted as in response to determining from the boot command to boot the computing system in the secure mode.)
validating, by a secure boot engine executed by a processor, a boot image for the computing system via a secure verification code that is blocked from write access when ([0121] “If secure boot mode is set, the CPU 130 performs decryption and authentication using an encryption key which is stored in the first memory 110 at operation S640. The decryption and the authentication may be performed according to the above-described various algorithms (e.g., DES, TDES, AES, SEED, RSA, ARIA, etc.).” S640 to decrypt and authenticate encrypted data of non-volatile memory, such as a boot code, using an encryption key at S640 is interpreted as validating a boot image for the computing system via a secure verification code. Furthermore, validating a boot image for the computing system via a secure verification code is performed according to various algorithms executed by the CPU. Various algorithms for the decryption and the authentication are the programs executed by the CPU, which is interpreted as a secure boot engine. [0044] “the MAK 340 (FIG. 1) may be designed so that it cannot be read out or changed.” [0061] “if the authentication of the secure earliest boot code 273-C fails, the secure internal writable memory 230 instructions execute an unsecure code 281 with an appropriate error indication. The unsecure code 281 may also be executed if authentication of updates to secure keys fails...the unsecure code 281 may be used to offer limited access to the processor 100 resources. For example, the unsecure code may be used to offer limited usage/testing to a user that does not have access to the secure earliest boot code 273-C or Secure Keys 271-C.” Fig. 3 430 “Authenticate Secure Code” 440 “Yes”, 445 “Execute Secure Code”, 450 “No”, 455 “Provide restricted access to the processor cores”. Using an encryption key, which is a secure verification code, the boot code or the boot image for the computing system is authenticated, which is interpreted as validating a boot image for the computing system. The decryption and the authentication key are not changed, which is interpreted as a secure verification code that is blocked from write access. Furthermore, the key or the secure verification code, stored in the secure memory is not accessible when the authentication fails resulting executing unsecure code, which is interpreted as when the computing system is booted in the unsecure mode.) in response to successfully validating the boot image: continuing to boot the computing system in the secure mode according to the boot image. (Fig. 6 S635 S640 As shown in Fig. 6, after validating the boot image in the security boot as shown in Fig. 6 S645, the booting process in the secure boot mode is continued disclosed in the Fig. 6.)
However, JANG does not teach in response to successfully validating the boot image: allowing write access to the secure verification code.
Kessler teaches in response to successfully validating the boot image: allowing write access to the secure verification code only from memory addresses associated with the secure boot engine; ([0025] “At startup time, instructions stored in the internal memory 220 load a secure earliest boot code 273-C from the external memory 210….The secure earliest boot code 273-C is authenticated, by a secure earliest boot code authenticator 273-A, using an authentication key.” [0030] “The secure memory 270 may further include a secure keys update code authenticator 272-A. The secure keys update code authenticator 272-A may be used to authenticate information (hereinafter generally referenced to as secure keys update code 272-C) for updating the secure keys 271-C. The secure keys update code 272-C can also update secure keys update code 272-C and/ or the secure earliest boot code 273-C.” [0026] “Secure memory 270 is the most secure region in the external memory 210 and stores the earliest boot codes in addition to keys for later boot stages and codes to update these keys.” After the secure boot code is authenticated, which is interpreted as in response to successfully validating the boot image, the secure keys update code updates secure keys update code, which is interpreted as allowing write access to the secure verification code. As shown in Fig. 1, “secure memory 270,” which is a specific region in the external memory, includes the secure keys update code. A specific region in the external memory for the secure memory is interpreted as memory address since a memory address is a specific location of the memory. Since the secure memory includes the secure earliest boot code, a secure earliest boot code authenticator, secure keys, secure keys update code, secure keys update code, and secure keys authenticator, which are the secure boot engine, the memory addresses or the secure memory are associated with the secure boot engine.) 
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG by Kessler to allow writing access to the secure verification code in response to successfully validating the boot image. They are all directed toward secure booting. Kessler improves upon JANG by incorporating the teaching of Kessler to allow access to the secure verification code in response to successfully validating the boot image. In order to improve the security of the software and hardware, the secure verification code needs to be updated. After validating the boot image using the secure verification code, the access to update the secure verification code is authenticated in order to ensure the security. Therefore, it would be advantageous to incorporate the teaching of Kessler to allow access to the secure verification code in response to successfully validating the boot image in order to improve the security.

	Regarding claim 14, the claim 14 is the instruction included in a computer readable storage medium of the method claim 1. The claim 14 does not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler teaches all the limitations of the claim 14.

Claims 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler as applied to claims 1 and 14 above, and further in view of Underwood et al. (United States Patent Application Publication US 2020/0050478), hereinafter Underwood, and further in view of JREIJ et al. (United States Patent JREIJ, and further in view of Ibrahim et al. (United States Patent Application Publication US 2011/0131403), hereinafter Ibrahim.

Regarding claim 2, JANG in view of Kessler teaches all the limitations of the method of claim 1, as discussed above. 
However, JANG in view of Kessler does not teach after booting the computing system in the secure mode according to the boot image, receiving a second boot command indicating to boot the computing system in the unsecure mode; booting the computing system a second time in the unsecure mode in ressponse to the second boot command according to the boot image.
Underwood teaches after booting the computing system in the secure mode according to the boot image, receiving a second boot command indicating to boot the computing system in the unsecure mode; ([0172] “a reboot is performed through a soft reset command.” [0177] “all protected mode execution packets having complete successfully, in which case the protected status bit is set to SUCCESS;”…[0178] “the MCU then triggers a soft reset to exit protected mode and reboot in normal mode.” After finishing the protected mode, which is interpreted as after booting the computing system in the secure mode according to the boot image, a soft reset command to reboot the system into normal mode after booting the system in the secure mode is interpreted as receiving a second boot command indicating to boot the computing system in the unsecure mode.) booting the computing system a second time in the unsecure mode in response to the second boot command according to the boot image ([0172] “a reboot is performed through a soft reset command.” [0177] “all protected mode execution packets having complete successfully, in which case the protected status bit is set to SUCCESS;”…[0178] “the MCU then triggers a soft reset to exit protected mode and reboot in normal mode.” After finishing the protected mode, the system is reboot into normal mode, which is interpreted as a after booting the system in the secure mode, booting the system a second time in the unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler by incorporating the teaching of Underwood of booting the system in the unsecure mode after booting the system in the secure mode. As recognized by Underwood, within data processing systems, e.g., where an accelerator is controlled to perform desired processing operations by a host processor using one or more command streams, it is desired to achieve more secure processing of protected content. ([0005]) By booting the system in the unsecure mode, after performing tasks that require better protection or security in a secure mode, the security of the protected content can be achieved. Therefore, it would be advantageous to incorporate booting the system in the 
However, JANG in view of Kessler and further in view of Underwood does not teach receiving an updated boot image for the computing system while in the unsecure mode.
Ibrahim teaches receiving an updated boot image for the computing system while in the unsecure mode. ([0062] “The method 400 begins, at 405, by receiving and storing the updated firmware external to the chip. A computer system may be operating in a non-secure normal mode when the updated firmware is received.” The updated firmware, which is interpreted as an updated boot image for the computing system, is received in a non-secure normal mode, which is interpreted as receiving an updated boot image while in the unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Underwood by incorporating the teaching of Ibrahim to receive an updated boot image for the computing system while in the unsecure mode. They are all directed toward security in the computing system. Ibrahim further improves upon JANG in view of Kessler and further in view of Underwood to receive an updated firmware in the non-secure normal mode. When the updated firmware or the boot image is available in unsecure mode, the computing system Ibrahim to receive an updated boot image for the computing system while in the unsecure mode in order to improve user experience and save time by avoiding unnecessary transition between the secure mode and the unsecure mode.
However, JANG in view of Kessler and further in view of Underwood, and further in view of Ibrahim does not teach after rebooting the computing system in the unsecure mode at the second time, receiving a third boot command indicating to boot the computing system in the secure mode according to the updated boot image; in response to determining from the third boot command to boot the computing system in the secure-mode, booting the computing system in the secure mode at a third time according to the updated boot image; validating the updated boot image for the computing system via the secure verification code; and in response to unsuccessfully validating the updated boot image, failing system boot in the secure mode for the computing system.
JREIJ teaches after rebooting the computing system in the unsecure mode at the second time, receiving a third boot command indicating to boot the computing system in the secure mode according to the updated boot image; ([0042] “in response to identifying the request, BMC 144 triggers a reboot of the system. During the DXE phase of the next boot of IHS 100 the boot path is initiated using the original UEFI image (e.g., UEFI image 306a). The boot/image loader then performs a secure authentication process on the new UEFI image (e.g., UEFI image 306b) using a corresponding cryptographic value (e.g., cryptographic value 334a).” After booting a system, when a reboot is triggered, a secure boot process is performed, which is interpreted as after rebooting the system in the unsecure mode, booting the system in the secure mode.) in response to determining from the third boot command to boot the computing system in the secure-mode, booting the computing system in the secure mode at a third time according to the updated boot image; ([0049] “In one embodiment, BMC 144 triggers the reboot immediately after authorizing the second image and updating the current boot path…the reboot may be delayed by an amount of time (which can be predetermined or may be established by user input)…In response to rebooting IHS 100, the image loader automatically initializes the current boot path, which now utilizes the second image as the primary boot image.” BMC triggering the reboot is interpreted as in response to determining from the third boot command. As discussed above, the secure boot process from the triggered reboot is interpreted as to boot the computing system in the secure-mode. Furthermore, in response to the third boot command, the second image is used to boot the computing system, which is interpreted as booting the computing system in the secure mode at the third time according to the updated boot image.) validating the updated boot image for the computing system via the secure verification code; ([0049] “In response to identifying the request, BMC 144 initializes pre-authentication process to authenticate the second boot image ( e.g., UEFI image 306b) using a corresponding cryptographic value (e.g., cryptographic value 334a), as described above.” The second boot image, which is interpreted as the updated boot image for the computing system, is authenticated or verified by a corresponding cryptographic value or the secure verification code.) and in response to unsuccessfully validating the updated boot image, failing system boot in the secure mode for the computing system. ([0046] “In response to being unable to authenticate the second image, BMC 144 issues a notification, such as an error message that indicates that the authentication of the second boot image has failed and/or that the updating of the current boot path has failed, to an error log and/or at least one output _device (e.g., a monitor).” When the boot image is not authenticated, which is interpreted as in response to unsuccessfully validating the boot image, the current boot path fails, which is interpreted as failing system boot.)
JANG in view of Kessler and further in view of Underwood, and further in view of Ibrahim by incorporating the teaching of JREIJ. They are all directed toward security in the computing device. JREIJ further improves upon JANG in view of Kessler and further in view of Underwood, and further in view of Ibrahim by incorporating validating the updated boot image, booting the system in the secure mode with the updated boot image and failing system boot in the secure mode in response to unsuccessfully validating the updated boot image. As recognized by JREIJ, the updates for the boot images are necessary for a variety of reasons, such as, to enter a recovery image or to perform firmware updates to the system. ([0004]) However, if the new boot image cannot be authenticated during the boot, the system is left in a non-operational state. ([0004]) Therefore, by validating the updated image in the secure mode and booting the system with the updated image, the security and the performance of the booting process in the secure mode with validating process can be achieved. Furthermore, by failing boot in case of unsuccessfully validation of the boot image, the security of the system is assured. Therefore, it would be advantageous to incorporate the teaching of JREIJ of validating the updated boot image, booting the system in the secure mode with the updated boot image and failing system boot in the secure mode in response to .

Claims 3 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler as applied to claims 1 and 14 above, and further in view of Ibrahim.

Regarding claim 3, JANG in view of Kessler teaches all the limitations of the method of claim 1, as discussed above.
Kessler further teaches when write access to the secure verification code is allowed, updating the secure verification code according to the boot image as updated. ([0025] “At startup time, instructions stored in the internal memory 220 load a secure earliest boot code 273-C from the external memory 210….The secure earliest boot code 273-C is authenticated, by a secure earliest boot code authenticator 273-A, using an authentication key.” [0030] “The secure memory 270 may further include a secure keys update code authenticator 272-A. The secure keys update code authenticator 272-A may be used to authenticate information (hereinafter generally referenced to as secure keys update code 272-C) for updating the secure keys 271-C. The secure keys update code 272-C can also update secure keys update code 272-C and/ or the secure earliest boot code 273-C.” After the secure boot code is authenticated, which is interpreted as in response to successfully validating the boot image, the secure keys update code updates secure keys update code, which is interpreted as allowing write access to the secure verification code.)
However, JANG in view of Kessler does not teach before booting the computing system in the secure mode, updating the boot image when the computing system was booted in the unsecure mode. 
Ibrahim teaches before booting the computing system in the secure mode, updating the boot image when the computing system was booted in the unsecure mode. ([0062] “The method 400 begins, at 405, by receiving and storing the updated firmware external to the chip. A computer system may be operating in a non-secure normal mode when the updated firmware is received.” The updated firmware, which is interpreted as an updated boot image for the computing system, is received in a non-secure normal mode, which is interpreted as receiving an updated boot image while in the unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler by incorporating the teaching of Ibrahim to receive an updated boot image for the computing system in the unsecure mode before booting the computing system in the secure mode. They are all directed toward security in the computing system. Ibrahim further improves upon JANG in view of Kessler to receive an updated Ibrahim to receive an updated boot image for the computing system while in the unsecure mode in order to improve user experience and save time by avoiding unnecessary transition between the secure mode and the unsecure mode.

Regarding claim 16, the claim 16 is instructions of the method claims 3 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claim 16 does not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Ibrahim teaches all the limitations of the claim 16.

Claims 4, 8, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler as applied to claims 1 and 14 above, and further in view of Starkweather et al. (United States Patent Application Publication US 2001/0041831), hereinafter Starkweather.

Regarding claim 4, JANG in view of Kessler teaches all the limitations of the method of claim 1, as discussed above.
However, JANG in view of Kessler does not teach wherein the boot image is stored on a first Serial Electrically Erasable Programmable Read-Only Memory (SEEPROM) device and the secure verification code is stored on a second SEEPROM device separate from the first SEEPROM device.
Starkweather teaches wherein the boot image is stored on a first Serial Electrically Erasable Programmable Read-Only Memory (SEEPROM) device ([0069] “This bootloader program in turns loads a second stage bootloader program into the RAM of each processor IC from the SEEPROMs that are attached to each, respectively.” A bootloader program stored in the SEEPROMs is interpreted as the boot image is stored on a first SEEPROM device.) and 
the secure verification code is stored on a second SEEPROM device separate from the first SEEPROM device. ([0103] “Downloading may be initiated by using a inbound load start message that includes an overall validation code (e.g. CRC) for the program that is to be downloaded (i.e. software image) along with its normal message validation code ( e.g. CRC) that is used to confirm that the start download message itself was properly received. The software may be downloaded from a non-volatile memory module (e.g. a SEEPROM) in the external communication device, or from a second external device, that holds implantable device software.” An validation code, which is interpreted as the secure verification code, is downloaded from a SEEPROM in the external communication device, which is interpreted as a second SEEPROM device separate from the first SEEPROM device.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler by incorporating the teaching of Starkweather of SEEPROM devices storing the boot image and the secure verification code. As recognized by Starkweather, some program code, i.e. algorithms are incapable of changing or updating after manufacturing and implantation. ([0004]) By storing the program code in the SEEPROM device, which can be re-written and will not be erased even without power, the program code can be updated. Furthermore, by using the secure verification code stored in the SEEPROM device, the security of the program code can be achieved. Therefore, it would be advantageous to incorporate SEEPROM devices storing the boot image and the secure verification code in order to securely update the program codes.

Regarding claim 8, the claim 8 is the apparatus claims of the method claims 1, and 4. JANG, as modified above, further teaches in response to determining that the ([0101] “The CPU 130 determines which of the plurality of encryption keys stored in the first memory 110 will be selected according to the setting value (that is, an encryption key setting value) stored in the third memory 140. If a key in use is exposed, the manufacturer of the system on chip 100 or the electronic apparatus in which the system on chip 100 is mounted changes the key by changing encryption key setting value of the third memory 140.” The CPU determines or selects encryption keys to decrypts or authenticate the data in order to perform a secure boot using algorithms or the secure boot engine, as discussed above in the claim 1.) The claim 8 does not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the claim 8.

Regarding claim 17, the claims 17 is instructions of the method claim 4 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claim 17 does not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the claim 17.

s 6, 7, 9-11, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler and further in view of Starkweather as applied to claims 4, and 8 above, and further in view of Underwood.

Regarding claim 6, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the method of the claim 4, as discussed above. Starkweather further teaches the second SEEPROM device (SEEPROM)
However, JANG in view of Kessler and further in view of Starkweather does not teach wherein the second SEEPROM device is blocked from write access when the computing system is booted in an unsecure mode.
Underwood teaches wherein the second SEEPROM device is blocked from write access when the computing system is booted in an unsecure mode. ([0043] “the memory may be configurable to have both protected memory that is not readable by the operating system when it is operating in a non-secure mode” [0114] “the protected mode suspend buffer isn't readable/writable in normal mode (but is readable/writable in protected mode).” The protected memory is not readable/writable in a non-secure mode or normal mode, which is interpreted as blocked from write access when the computing system is booted in an unsecure mode. The combination of the teaching of Starkweather of the second SEEPROM and the teaching of Underwood of the memory that is blocked from write access in an unsecure mode is interpreted as the second SEEPROM is blocked from write access in an unsecure mode.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Starkweather by incorporating the teaching of Underwood of memory that is block from write access in an unsecure mode. As recognized by Underwood, within data processing systems, e.g., where an accelerator is controlled to perform desired processing operations by a host processor using one or more command streams, it is desired to achieve more secure processing of protected content. ([0005]) By blocking write access in an unsecure mode, the protected contented in the memory can be protected from contaminating any protected content from attacks. Therefore, it would be advantageous to incorporate of memory that is block from write access in an unsecure mode in order to improve security of the protected contents from the attacks.

Regarding claim 7, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the method of the claim 4, as discussed above.
JANG teaches in response to successfully validating the boot image via the secure verification code, changing a status of a secure verification bit from a first state to a second state. ([0127] “If secure boot is to be performed, a '1' may be recorded on the third memory 140.” [0131] “If system preparation (e.g., at least the decryption and authentication of the decrypted data) is completed, the CPU 130 stores a second value (for example, '0') to enable the access to CPU in the first register 155-1. The storage value of the second register 160-1 of the second circuit 160 may also be changed.” When the decryption and authentication of the decrypted data is completed, which is interpreted as in response to successfully validating the boot image via the secure verification code, a first value of “1” or a first state of a status of a secure verification bit is changed to a second value or a second state.) and resetting the secure verification bit from the second state to the first state prior to continuing to boot the computing system in the secure mode. ([0132] “if system preparation is completed, the CPU 130 records a control value (for example, '1 ') to disable the access to the first memory 110 on the second register 160-1, and blocks data of all regions of the first memory 110 from being read out. If the storage value of the second register 160-1 is changed to '1 ', the output value of the second circuit 160 is changed to' 1'.” Then, and the secure verification bit or the value stored in the register is changed to 1 from 0, which is interpreted as resetting the secure verification bit from the second state to the first state. After resetting the security verification bit, the boot process in other following circuits are performed in a secure mode, which is interpreted as prior to continuing to boot the computing system in the secure mode.)
Starkweather further teaches wherein the secure verification bit is defined on the second SEEPROM device at an address that is addressable by the secure verification code, ([0075] “The first several bytes of the SEEPROM contain memory address destination values, program packet length values, and an additive checksum that are used by the bootloader in loading software from the SEEPROM, confirming accurate loading, and executing the loaded software.”)
However, JANG in view of Kessler and further in view of Starkweather and further in view of JREIJ does not teach wherein a portion of the second SEEPROM device including the secure verification code is blocked from write access when the secure verification bit is in the first state.
Underwood teaches wherein a portion of the second SEEPROM device including the secure verification code is blocked from write access when the secure verification bit is in the first state; ([0043] “the memory may be configurable to have both protected memory that is not readable by the operating system when it is operating in a non-secure mode”)

Regarding claims 9-11, the claims 9-11 are the apparatus claims of the method claims 2, 6 and 7. The claims 9-11do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and Starkweather and further in view of Underwood teaches all the limitations of the claims 9-11.

Regarding claim 19, the claim 19 is instructions of the method claims 6 and 7 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claim 19 does not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather and further in view of Underwood teaches all the limitations of the claim 19.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler and further in view of Starkweather as applied to claim 8 above, and further in view of JREIJ.

Regarding claim 12, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the system of claim 8, as discussed above.
However, JANG in view of Kessler and further in view of Starkweather does not teach wherein the system was previously booted in the unsecure mode and the boot 
JREIJ teaches wherein the system was previously booted in the unsecure mode and the boot command restarts the system to transition the system from the unsecure mode to the secure mode. ([0042] “in response to identifying the request, BMC 144 triggers a reboot of the system. During the DXE phase of the next boot of IHS 100 the boot path is initiated using the original UEFI image (e.g., UEFI image 306a). The boot/image loader then performs a secure authentication process on the new UEFI image (e.g., UEFI image 306b) using a corresponding cryptographic value (e.g., cryptographic value 334a).” After booting a system, when a reboot is triggered, a secure boot process is performed, which is interpreted as after rebooting the system in the unsecure mode, booting the system in the secure mode.) 
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Starkweather. They are all directed toward security in the computing device. JREIJ further improves upon JANG in view of Kessler and further in view of Starkweather by incorporating the teaching of JREIJ of restarting the system to transition the system from the unsecure mode to the secure mode. As recognized by JREIJ, the updates for the boot images are necessary for a variety of reasons, such as, to enter a recovery image or to perform firmware updates to the ([0004]) However, if the new boot image cannot be authenticated during the boot, the system is left in a non-operational state. ([0004]) Therefore, in order to securely validate the updated image in the secure mode and boot the system with the updated image, the system needs to be restarted in the secure mode to. Therefore, it would be advantageous to incorporate the teaching of JREIJ of restarting the system to transition from the unsecure mode to the secure mode in order to validate the newly updated image and improve the security of the system.

Claims 5, 13, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler and further in view of Starkweather as applied to claims 4, 8, and 17 above, and further in view of Chan et al. (United States Patent Application Publication US 2015/0326563), hereinafter Chan.

Regarding claim 5, JANG in view of Kessler and further in view of Starkweather teaches all the limitations of the method of claim 4, as discussed above.
JANG teaches wherein the secure boot engine is stored in a processor of the computing system. ([0088] “The CPU 130 decrypts encrypted data which is stored in the non-volatile memory 200 located outside the system on chip 100, using an encryption key stored in the first memory 110, and stores the decrypted data in the second memory 120. The CPU 130 may perform boot using the data stored in the second memory 120.” The CPU performs decrypts and authentication to perform boot using the algorithms in the CPU, which is interpreted as the secure boot engine is stored in a processor of the computing system.)
However, JANG in view of Kessler and further in view of Starkweather does not teach further comprising: in response to detecting a second execution of the secure verification code not called by the secure boot engine, throwing an instruction storage exception.
Chan teaches further comprising: in response to detecting a second execution of the secure verification code not called by the secure boot engine, throwing an instruction storage exception. ([0018] “An Update Server 104 can be used to provide new or updated DRM credentials 102 to client devices 100.” [0046] “At step 504, the Update Server 104 can verify that the device identifier 302 in the authorization token 120 matches the device identifier 302 in the DRM Credential Request 122. If the device identifier 302 in the authorization token 120 does not match the device identifier 302 in the DRM Credential Request 122, the authorization token 120 and DRM Credential Request 122 can be rejected.” The update server to provide new or updated credentials determines if the request is from the client based on the device identifier. The device identifier in the authorization token and in the DRM Credential Request are different. Then, it is determined that it is not called or request from the client device, which is interpreted as in response to detecting a second execution of the secure verification code not called by the secure boot engine. Based on the determination, the authorization token and DRM Credential Request are rejected, which is interpreted as throwing an instruction storage exception.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Starkweather by incorporating the teaching of Chan of in response to detecting a second execution of the secure verification code not called by the secure boot engine, throwing an instruction storage exception. As recognized by Chan, some systems would allow copy-protected content from one device can be accessed with authorization on a secondary device, without allowing unrestricted copying of the media content. ([0005]) However, in order to prevent access from the unauthorized devices, the update server detects if the call for the credentials is from the authorized device using the device identifier and determines that the execution of the secure verification code or the credentials is not called from the secure boot engine or the authorized device resulting on a security improvement. Therefore, it would be advantageous to incorporate the teaching of Chan of in response to detecting a second execution of the secure verification code not called by the secure boot engine, throwing an instruction storage exception in order to prevent the unauthorized access and improve the security.

13, the claim 13 is the apparatus claims of the method claims 4 and 5. The claim 13 does not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather and further in view of Chan teaches all the limitations of the claim 13.

Regarding claim 18, the claim 18 is instructions of the method claims 4 and 5 in a computer readable storage medium, which in specification [0045], a computer readable storage medium…is not to be construed as being transitory signals per se. The claim 18 do not further teach of define the limitation over the limitations recited in the rejected claims above. Therefore, JANG in view of Kessler and further in view of Starkweather and further in view of Chan teaches all the limitations of the claim 18.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over JANG in view of Kessler and further in view of Starkweather and further in view of Chan as applied to claim 18 above, and further in view of Underwood.

Regarding claim 20, JANG in view of Kessler and further in view of Starkweather and further in view of Chan teaches all the limitations of the method of the claim 4, as discussed above.
JANG teaches in response to successfully validating the boot image via the secure verification code, changing a status of a secure verification bit from a first state to a second state. ([0127] “If secure boot is to be performed, a '1' may be recorded on the third memory 140.” [0131] “If system preparation (e.g., at least the decryption and authentication of the decrypted data) is completed, the CPU 130 stores a second value (for example, '0') to enable the access to CPU in the first register 155-1. The storage value of the second register 160-1 of the second circuit 160 may also be changed.” When the decryption and authentication of the decrypted data is completed, which is interpreted as in response to successfully validating the boot image via the secure verification code, a first value of “1” or a first state of a status of a secure verification bit is changed to a second value or a second state.) and resetting the secure verification bit from the second state to the first state prior to continuing to boot the computing system in the secure mode. ([0132] “if system preparation is completed, the CPU 130 records a control value (for example, '1 ') to disable the access to the first memory 110 on the second register 160-1, and blocks data of all regions of the first memory 110 from being read out. If the storage value of the second register 160-1 is changed to '1 ', the output value of the second circuit 160 is changed to' 1'.” Then, and the secure verification bit or the value stored in the register is changed to 1 from 0, which is interpreted as resetting the secure verification bit from the second state to the first state. After resetting the security verification bit, the boot process in other following circuits are performed in a secure mode, which is interpreted as prior to continuing to boot the computing system in the secure mode.)
Starkweather further teaches wherein the secure verification bit is defined on the second SEEPROM device at an address that is addressable by the secure verification code, ([0075] “The first several bytes of the SEEPROM contain memory address destination values, program packet length values, and an additive checksum that are used by the bootloader in loading software from the SEEPROM, confirming accurate loading, and executing the loaded software.”)
However, JANG in view of Kessler and further in view of Starkweather and further in view of Chan does not teach wherein a portion of the second SEEPROM device including the secure verification code is blocked from write access when the secure verification bit is in the first state.
Underwood teaches wherein a portion of the second SEEPROM device including the secure verification code is blocked from write access when the secure verification bit is in the first state; ([0043] “the memory may be configurable to have both protected memory that is not readable by the operating system when it is operating in a non-secure mode”)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified JANG in view of Kessler and further in view of Starkweather by incorporating the teaching of Underwood of a portion of the SEEPROM device that is block from write access in an unsecure mode. As recognized by Underwood, within data processing systems, e.g., where an accelerator is controlled to perform desired processing operations by a host processor using one or more command streams, it is desired to achieve more secure processing of protected content. ([0005]) By blocking write access in an unsecure mode, the protected contented in the memory can be protected from contaminating any protected content from attacks. Therefore, it would be advantageous to incorporate of memory that is block from write access in an unsecure mode in order to improve security of the protected contents from the attacks.

Response to Arguments
Applicant’s arguments, see Remarks, filed 4/21/2021, with respect to “Claim Objections” have been fully considered and are persuasive.  The objection of the claim 2 has been withdrawn. 

Applicant's arguments filed 4/21/2021 with respect to Claim Rejections – 35 U.S.C. 103 regarding claims 1 and 14 have been fully considered but they are not persuasive.
Applicant argues that
As amended, claim 1 recites, in part "validating, by a secure boot engine, a boot image for the computing system via a secure verification code that is blocked from write access when the computing system is booted in the unsecure mode; in response to successfully validating the boot image: allowing write access to the secure verification code only from memory addresses associated with the secure boot engine.” Claim 14 recites substantially similar elements in relevant parts.
	Remarks Page 10

	Examiner respectfully disagrees with the applicant’s argument that JANG in view of Kessler does not teach the amendments in the claims 1 and 14. As discussed above in the claim rejections under 35 U.S.C., JANG teaches the algorithms in the CPU to validate a boot image. A secure boot engine or an engine is program codes. The algorithms executed by the CPU to validate a boot image via a secure verification code is also program codes, which perform the same process as the secure boot engine. Therefore, JANG teaches a secure boot engine to validate a boot image for the computing system via a secure verification code.
	Kessler teaches the secure keys update code inside the secure memory as shown in Fig. 1. Memory addresses are to point a specific memory location. Kessler teaches that secure memory is secure region of the external memory, which is a specific region 

Applicant’s arguments, see Remarks, filed 4/21/2021, with respect to the rejections of claims 5, 8, 13, 18 and 20 under 35 U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground of rejection is made in view of JANG and Chan. JANG teaches “in response to that secure verification code was called for execution by the secure boot engine, validate the boot image via the secure verification code.” As discussed above in the claim rejection 35 U.S.C. regarding claim 8, JANG teaches that The CPU determines or selects encryption keys to decrypts or authenticate the data in order to perform a secure boot using algorithms or the secure boot engine. 
Chan teaches using the device identifier to determine if the request is from the authorized devices. Then, if the request is not from the authorized device based on the device identifier to determine if the execution of the secure verification code not called by the secure boot engine, the request is rejected.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768.  The examiner can normally be reached on Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the 






/H.K./Examiner, Art Unit 2187                                   

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187