DETAILED ACTION
Claims 1-20 are pending in this action.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 08/28/2019 are accepted.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/02/2020 and 06/03/2021 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 06/02/2020 and 06/03/2021 are attached to the instant Office action. 
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:

(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder (a trusted forwarding module) that is coupled with functional language (configured to do one or more operations) without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations include: a trusted forwarding module being configured to: receive a cryptographic operation request… (claim 12, claim 12, ln. 3-11), a trusted forwarding module configured to obtain a security level of a user… (claim 16, ln. 1-2), a trusted forwarding module configured to send the cryptographic operation request… (claim 17, ln. 1-2).
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.  Para. 0208 discloses that the trusted forwarding module includes one or more processors, a memory, an internal bus, an I/O interface, and a network interface.  
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Objections
Claims 2-6, and 14-19 are 
Claim 2-6 recites the limitation “a dynamic measurement requirement” (claim 2, ln. 3).  If this refers to a dynamic measurement requirement (claim 1, ln. 6), examiner suggests changing the limitation to “the dynamic measurement requirement”.  
Claim 3 recites the limitations “a cryptographic operation” (claim 3, ln. 4) and “an abnormal feature” (claim 3, ln. 5).  If this respectively refers to cryptographic operations (claim 1, ln. 11), and abnormal feature (claim 2, ln. 4), examiner suggests changing the limitations to “the cryptographic operation” and “the abnormal feature” respectively.  
Claim 4-6 recites the limitation “an abnormal feature” (claim 4, ln. 4).  If this respectively refers to abnormal feature (claim 2, ln. 4), examiner suggests changing the limitation to “the abnormal feature”.  
Claim 6 recites the limitation “a low security level” (claim 6, ln. 3).  If this respectively refers to a low security level (claim 5, ln. 4), examiner suggests changing the limitation to “the low security level”.  
Claim 14 recites the limitations “a cryptographic operation chip” (claim 14, ln. 3-4) and “a cryptographic operation” (claim 14, ln. 4-5).  If this respectively refers to “a cryptographic operation chip” (claim 9, ln. 9) and “a cryptographic operation” (claim 9, ln. 9), examiner suggests change the limitation to “the cryptographic operation chip” to “the cryptographic operation” respectively.  
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claims 1-8 do not fall within at least one of the four categories of patent eligible subject matter because, using the broadest reasonable interpretation, the claim is directed to signals per se.  Claim 1 recites a one or more processor readable media storing executable instructions, that when executed by 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 7, and 9-14 are rejected under 35 U.S.C. 103 as being unpatentable over Hadley (US Pub. 2014/0140512) (hereinafter “Hadley”), in view of Freeman et al. (US Pub. 2005/0108564) (hereinafter “Freeman”).  Freeman is included in the IDS dated 06/03/2021.

As per claim 1, Hadley teaches one or more processor readable media storing executable instructions that, ([Hadley, para. 0016] the modules may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor) when executed by one or more processors of a trusted forwarding module, cause the one or more processors to perform acts comprising: 
receiving a cryptographic operation request; and ([Hadley, para. 0017] the attribute module is to receive a crypto process requesting a cryptographic operation [a cryptographic operation request])
([Hadley, Fig. 2, para. 0010] the crypto process may send cryptographic parameters [part of the request - see para. 0012], to a crypto engine) to a security chip ([para. 0014] the comparison module [a component of the crypto engine as it is also passed the attributes from the crypto process – see para 0002; para. 0017; Fig. 2] may be implemented in hardware only as part of a chipset/microprocessor executed on a device [see para. 0015; para. 0039]) if the cryptographic operation request has a dynamic measurement requirement, ([para. 0017] the comparison module compares the requested cryptographic operation to at least one allowed cryptographic operation output [a dynamic measurement requirement] to determine the cryptographic operation is allowable) wherein a cryptographic operation chip performs cryptographic operation processing after the security chip completes the dynamic measurement requirement, ([Fig. 2, para. 0029; para. 0032] the comparison module [the security chip] is show to include a plurality of gates which signals to indicate whether the requested cryptographic operation is allowable and performed by the crypto module [implemented in hardware as a cryptographic operation chip – see para. 0020]).
Hadley does not explicitly teach the dynamic measurement requirement being used for indicating that a dynamic measurement module is needed to be measured, (implicitly, see para. 0024: different modes such as a need to be measured mode) and the dynamic measurement module being a measurement entity used for measuring a firmware that performs cryptographic operations. (Implicitly, see para. 0017 of Hadley – process may refer to any part of a computer program, such as firmware)
However, Freeman teaches the dynamic measurement requirement being used for indicating that a dynamic measurement module is needed to be measured, and ([Freeman, Fig. 3; para. 0044; para. 0048; para. 0049] if any of the bits read indicate a segment of flash memory has been updated, and if any of the updated segments stores POST BIOS data, [a dynamic measurement requirement] then, the CRTM performs a measurement of the segment updated containing POST BIOS code.  [Para. 0014] POST BIOS code is used to measure other entities in the operating system)
([Freeman, para. 0013; para. 0038] the CRTM take measurements from POST BIOS and all firmware physically bound to the motherboard, such as firmware for the POST BIOS which measures other components [see para. 0014; Fig. 1])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freeman to include the dynamic measurement module being a measurement entity used for measuring a firmware that performs cryptographic operations.  One of ordinary skill in the art would have been motivated to make this modification because such a procedure would allow a manufacturer or third party to update or modify other firmware, while only the manufacturer can modify or update the boot block code to strengthen security at the platform level.  (Freeman, para. 0012; para. 0003)

As per claim 7, Hadley in view of Freeman teaches claim 1.
Hadley does not teach obtaining a requirement parameter included in the cryptographic operation request after receiving the cryptographic operation request, wherein the requirement parameter is used to indicate whether the dynamic measurement requirement exists; and determining whether the cryptographic operation request has the dynamic measurement requirement according to the requirement parameter.
However, Freeman teaches obtaining a requirement parameter included in the cryptographic operation request after receiving the cryptographic operation request, wherein the requirement parameter is used to indicate whether the dynamic measurement requirement exists; and ([Freeman, para. 0027; Fig. 3] CRTM in the boot block code may read the bits in the memory [a requirement parameter] to determine if any of the segments have been updated [an indication of whether the dynamic measurement requirement exists].  If the segments have not been updated, the CRTM cannot use the pre-measured values must perform measurement, and so the requirement parameter is used to determine whether the dynamic measurement requirement exists [see step 311 of Fig. 3 and para. 0049])
determining whether the cryptographic operation request has the dynamic measurement requirement according to the requirement parameter. ([Freeman, para. 0045; Fig. 3] step 310 of Fig. 3 checks if any of the read bits [requirement parameters] indicate a segment of flash memory to be executed [the cryptographic operation] has been updated.  If the segments does not contain the requisite flag, a measurement is not performed, and so, the segment does not have a dynamic measurement requirement)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freeman for the same reasons as disclosed above.

As per claim 9, Hadley also teaches a method implemented by a security chip comprising one or more processors and memory, the method comprising: receiving a cryptographic operation request, ([Hadley, para. 0017] the attribute module is to receive a crypto process requesting a cryptographic operation [a cryptographic operation request]) wherein the cryptographic operation request includes a dynamic measurement requirement, ([para. 0017] the comparison module compares the requested cryptographic operation to at least one allowed cryptographic operation output [a dynamic measurement requirement] to determine the cryptographic operation is allowable)
a cryptographic operation chip to perform a cryptographic operation when the measurement result indicates that an integrity of the dynamic measurement module is intact.  ([Hadley, Fig. 2, para. 0029; para. 0032] the comparison module [the security chip] is show to include a plurality of gates which signals to indicate whether the requested cryptographic operation is allowable and performed by the crypto module [implemented in hardware as a cryptographic operation chip – see para. 0020]).

However, Freeman teaches the dynamic measurement requirement is used to indicate that a dynamic measurement module is needed to be measured; ([Freeman, Fig. 3; para. 0044; para. 0048; para. 0049] if any of the bits read indicate a segment of flash memory has been updated, and if any of the updated segments stores POST BIOS data, [a dynamic measurement requirement] then, the CRTM performs a measurement of the segment updated containing POST BIOS code.  [Para. 0014] POST BIOS code is used to measure other entities in the operating system)
measuring the dynamic measurement module according to the dynamic measurement requirement to obtain a measurement result.  ([Freeman, para. 0049] if one or more of the updated segments contain POST BIOS code, [according to the dynamic measurement requirement] then in step 311, the CRTM performs a measurement of the segment [to obtain a measurement result])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freeman for the same reasons as disclosed above. 

As per claim 10, Hadley in view of Freeman teaches claim 9.
Hadley does not explicitly teach the dynamic measurement module being a measurement entity used for measuring a firmware that performs cryptographic operations.  
However, Freeman teaches the dynamic measurement module being a measurement entity used for measuring a firmware that performs cryptographic operations.  ([Freeman, para. 0013; para. 0038] the CRTM take measurements from POST BIOS and all firmware physically bound to the motherboard, such as firmware for the POST BIOS which measures other components [see para. 0014; Fig. 1])


As per claim 11, Hadley in view of Freeman teaches claim 9.
Hadley also teaches verifying legitimacy of the cryptographic operation request after receiving the cryptographic operation request; and ([Hadley, para. 0017] the comparison module compares the requested cryptographic operation to at least one allowed cryptographic operation output to determine the cryptographic operation is allowable [verifying the legitimacy] after receiving the request)
Hadley does not teach allowing the dynamic measurement module to be measured upon successful verification. 
However, Freeman teaches allowing the dynamic measurement module to be measured upon successful verification.  ([Freeman, Fig. 3; para. 0052] the CRTM determines if all the updated segments of flash memory have been verified.  If they have been verified, then the POST BIOS code is executed, which is used to measure other entities in the operating system [see para. 0014])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freeman for the same reasons as disclosed above. 

As per claim 12, Hadley teaches a trusted forwarding module comprising one or more processors and memory, the trusted forwarding module being configured to: ([Hadley, para. 0016 the modules may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor.  [Para. 0039; Para. 0044] components may include a number of I/O interfaces, and connected to a number of other devices in a network)
([Hadley, para. 0017] the attribute module is to receive a crypto process requesting a cryptographic operation [a cryptographic operation request]) wherein the cryptographic operation request includes instruction information indicating whether [a dynamic measurement module] is needed to be measured, ([para. 0028; Fig. 2] in an embodiment, the attribute module may allow output and allow the comparison module to make measurements based on a Key ID, provided that is an allowable Key ID.  [para. 0017] the Key ID is provided in lieu of a cryptographic operation request that includes instruction information [see para. 0007, Fig. 3]. A “dynamic measurement module” is taught by Freeman below) 
forward the cryptographic operation request to a security chip or a cryptographic operation chip based on whether the instruction information indicates that the dynamic measurement module is needed to be measured.  ([Hadley, Fig. 2, para. 0032] upon the verification of the key value, the value that determines whether the module is needed to be measured, the cryptographic operation request is forwarded to crypto module [the cryptographic operation chip])
Hadley in view of Freeman does not explicitly teach the dynamic measurement module is a measurement entity used for measuring a firmware that performs cryptographic operations. 
However, Freeman teaches the dynamic measurement module is a measurement entity used for measuring a firmware that performs cryptographic operations.  ([Freeman, para. 0013; para. 0038] the CRTM [a dynamic measurement module] takes measurements from POST BIOS and all firmware physically bound to the motherboard, such as firmware for the POST BIOS which measures other components [see para. 0014; Fig. 1])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freemen for the same reasons as disclosed above. 

As per claim 13, Hadley in view of Freeman teaches claim 12.  
[dynamic measurement module] is needed to be measured.  ([Hadley, para. 0017; para. 0028] the attribute module [the trusted forwarding module] after receiving an allowable Key ID [instruction information] forwards the cryptographic operation request to the comparison module [the security chip that does the comparison/measurement].  A dynamic measurement module is taught by Freeman below.)
Hadley does not explicitly teach a dynamic measurement module.  
However, Freeman teaches the dynamic measurement module is a measurement entity used for measuring a firmware that performs cryptographic operations.  ([Freeman, para. 0013; para. 0038] the CRTM [a dynamic measurement module] takes measurements from POST BIOS and all firmware physically bound to the motherboard, such as firmware for the POST BIOS which measures other components [see para. 0014; Fig. 1])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freemen for the same reasons as disclosed above. 

As per claim 14, Hadley in view of Freeman teaches claim 13.  
Hadley also teaches wherein the security chip is configured to measure [the dynamic measurement module] according to the dynamic measurement requirement ([Hadley, para. 0017] the comparison module compares the requested cryptographic operation to at least one allowed cryptographic operation output [a dynamic measurement requirement]) to obtain a measurement result, and send the measurement result to a cryptographic operation chip, to cause the cryptographic operation chip to perform a cryptographic operation when the measurement result indicates that an integrity of the dynamic measurement module is intact.  ([Fig. 2, para. 0029; para. 0032] the comparison module [the security chip] is show to include a plurality of gates which signals to indicate whether the requested cryptographic operation is allowable [a measurement indicating the integrity is intact] and performed by the crypto module.    
Hadley does not explicitly teach a dynamic measurement module.  
However, Freeman teaches a dynamic measurement module.  ([Freeman, para. 0013; para. 0038] the CRTM [a dynamic measurement module] takes measurements from POST BIOS and all firmware physically bound to the motherboard, such as firmware for the POST BIOS which measures other components [see para. 0014; Fig. 1])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Freeman for the same reasons as disclosed above. 

Claims 2-3, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hadley in view of Freeman as applied to claims 1 and 12 above, and further in view of Kazmierczak et al. (US Pub. 2009/0172378) (hereinafter “Kazmierczak”).  Kazmierczak is included in the IDS dated 06/03/2021.  

As per claim 2, Hadley in view of Freeman teaches claim 1.
Hadley in view of Freeman does not teach obtaining a monitoring result when the cryptographic operation request does not have a dynamic measurement requirement, wherein the monitoring result indicates whether a system performing cryptographic operations has an abnormal feature.  
However, Kazmierczak teaches obtaining a monitoring result when the cryptographic operation request does not have a dynamic measurement requirement, wherein the monitoring result indicates whether a system performing cryptographic operations has an abnormal feature.  ([Kazmierczak, para. 0026] the PTS kernel monitors and obtains a static measurement of a file [a monitoring result] when the OS loads an executable [when the cryptographic operation request does not have a dynamic measurement requirement, and when the request is executed without the measurement].  The monitoring results is used to construct an integrity report for verification [indicates whether a system has an abnormal feature])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Kazmierczak to include obtaining a monitoring result when the cryptographic operation request does not have a dynamic measurement requirement, wherein the monitoring result indicates whether a system performing cryptographic operations has an abnormal feature.  One of ordinary skill in the art would have been motivated to make this modification because such a step would allow for an integrity report which may be used later in verifying the trustworthiness of the a platform, as opposed to doing an entire measurement of the operating system, which may be inefficient and delay the operation.  (Kazmierczak, para. 0016, para. 0023)

As per claim 3, Hadley in view of Freeman and further in view of Kazmierczak teaches claim 2.
Hadley also teaches sending the cryptographic operation request to the cryptographic operation chip to perform a cryptographic operation.  ([Hadley, Fig. 2; para. 0032] if the validation is successful, the crypto module performs the cryptographic operation)
Hadley in view of Freeman does not teach performing a function if the monitoring result indicates that the system performing cryptographic operations does not have an abnormal feature.  
However, Kazmierczak teaches performing a function if the monitoring result indicates that the system performing cryptographic operations does not have an abnormal feature.  ([Kazmierczak, para. 0016] an integrity report [the monitoring result] may be used later in verifying the trustworthiness of the PC platform.  [Para. 0004] Once a file, such an OS program loader, is monitored by the PTS kernel, and determined by a verifier to have an acceptable level of trustworthiness [does not have an abnormal feature], the trust boundary is extended from the PTS to the OS program loader which can use this cryptographic operation to extend the trust boundary, such as measuring other executable programs [see, for example, para. 0028, the program loader]) 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Kazmierczak for the same reasons as disclosed above. 

As per claim 15, the claim language is identical or substantially similar to that of claims 2 and 3. Therefore, it is rejected under the same rationale applied to claims 2 and 3.

As per claim 20, Hadley in view of Freeman teaches claim 12.  
Hadley in view of Freeman does not explicitly teach wherein the trust forwarding module comprises: a trusted software base, and a trusted software stack.  
However, Kazmierczak teaches wherein the trust forwarding module comprises: a trusted software base, and a trusted software stack. ([Kazmierczak, para. 0018] the trusted platform comprises the CRTM, the core trusted root [trusted software base], and a transitive chain of trusted applications [a trusted software stack])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Kazmierczak for the same reasons as disclosed above. 

Claims 4-5, and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hadley in view of Freeman and Kazmierczak as applied to claims 2 and 15 above, and further in view of Corley et al. (US Pub. 2007/0094711) (hereinafter “Corley”).


Hadley in view of Freeman and Kazmierczak does not teach obtaining a security level of a user who sends the cryptographic operation request when the monitoring result indicates that the system performing cryptographic operations has an abnormal feature.  
However, Corley teaches obtaining a security level of a user ([Corley, para. 0065] a security user level is obtained either externally or from information gathered by the system) who sends the cryptographic operation request ([Para. 0060] the user sends a request to perform potentially problematic operations, [a cryptographic security operation - see para. 0041]  which are compiled and analyzed) when the monitoring result indicates that the system performing cryptographic operations has an abnormal feature.  ([Para. 0057] the monitoring operation determines whether the operations that are problematic or suspicious in accordance to a policy)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Corley to include obtaining a security level of a user who sends the cryptographic operation request when the monitoring result indicates that the system performing cryptographic operations has an abnormal feature.  One of ordinary skill in the art would have been motivated to make this modification because such a modification would improve computational security over a data processing system by allowing computer security procedures to be implemented in a flexible manner with respect to different users.  (Corley, para. 0011)

As per claim 5, Hadley in view of Freeman and Kazmierczak and further in view of Corley teaches claim 4.
Hadley also teaches sending the cryptographic operation request to the security chip ([Hadley, Fig. 2, para. 0010] the crypto process may send cryptographic parameters [part of the request - see para. 0012], to a crypto engine)

However, Corley teaches when the security level of the user is a high security level, wherein security levels of users include: the high security level and a low security level. ([Corley, para. 0053; FIG. 4C-4D] a user security level for a given user is expressed as a variable where a user that is a high security risk is assigned a low computational security level [a low security level], and is not allowed to access or execute [see, for example, para. 0057 – the user’s session can be terminated in response], and a user that is a low security risk is assigned a high computational security level and is permitted to access or execute [see. for example, para. 0067, resource, i.e. the cryptographic operation request, can be granted or denied based on a computational security level)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Corley for the same reasons as disclosed above.

As per claim 16, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

As per claim 17, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.

Claims 6, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hadley in view of Freeman, Kazmierczak, and Corley as applied to claim 4 above, and further in view of Meyer et al. (US Patent No. 8,442,960) (hereinafter “Meyer”).


Hadley also teaches sending the cryptographic operation request to the security chip after receiving an instruction indicating a need to start a dynamic measurement.  ([Hadley, Fig. 2, para. 0010] the crypto process may send cryptographic parameters [part of the request - see para. 0012], to a crypto engine.  [Para. 0017] the PID is the PID of a dynamic process that needs a cryptographic operation to be measured, is associated with a start signal [see para. 0033] to start the cryptographic operation that needs to be measured, and so the PID is an instruction indicating a need to start a dynamic measurement)
Hadley in view of Freeman, Kazmierczak and Corley does not teach sending prompt information indicating that the system is at risk when the security level of the user is a low security level. 
However, Meyer teaches sending prompt information ([Meyer, col. 6, ln. 39-46; Fig. 3] a prompt is given for a user to elevate privileges) indicating that the system is at risk ([col. 6, ln. 54-58] the prompt includes security information, such as if the process will compromise protected resources [see col. 1, ln. 14-16]) when the security level of the user is a low security level.  ([col. 3, ln. 31-34] the phrase “privilege” refers to a level of permission that can be granted to a user.  “Elevate” refers to raising the permission level of the user from a lower security level. [Col. 7, ln. 5-7] the user may allow the request to continue by elevating the privilege)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Meyer to include sending prompt information indicating that the system is at risk when the security level of the user is a low security level.  One of ordinary skill in the art would have been motivated to make this modification because by prompting a user to elevate privileges, an administrative-privilege module may allow the process to proceed through normal execution with full privileges, despite the low security level of the user.  (Meyer, col. 7, ln. 31-34; col. 3, ln. 50-57)

As per claim 18, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claims 6.

As per claim 19, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claims 6.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Hadley in view of Freeman as applied to claim 1 above, and further in view of Dodeja et al. (US Pub. 2014/0122897) (hereinafter “Dodeja”).

As per claim 8, Hadley in view of Freeman teaches claim 1.
Hadley also teaches verifying validity of the cryptographic operation request ([Hadley, Fig. 2; para. 0017] the comparison module compares the parameters requested cryptographic operation to a set of parameters to determine if the requested cryptographic operation is allowable [verifying the validity]) [according to a user platform identity certificate] included in the cryptographic operation request after receiving the cryptographic operation request, and ([para. 0010] the crypto process may send parameters such as a key value to the crypto engine as a part of a request to allow a cryptographic operation; explicitly using a certificate to verify the validity of the cryptographic request is explicitly taught by Dodeja below) allowing the cryptographic operation request to be forwarded upon successful verification.  ([Fig. 2, para. 0032] upon the verification of the key value, the cryptographic operation request is forwarded to crypto module)
Hadley in view of Freeman does not explicitly teach verifying validity of the cryptographic operation request according to a user platform identity certificate. 
([Dodeja, Fig. 1; para. 0025] the integrity management architecture includes a function to verify an OS layer certificate.  [Fig. 2; para. 0035] after receiving the request for trusted environment verification [the cryptographic operation request] the validity of the request is verified and forwarded to the next step, contingent upon successful verification [see para. 0031 – the steps in fig. 2 are performed in sequence]) 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hadley with the teachings of Dodeja to include verifying validity of the cryptographic operation request according to a user platform identity certificate.  One of ordinary skill in the art would have been motivated to make this modification because such a modification would allow certificates for verification of each component and platform of the device such as HW drivers, the OS, the BIOS and various applications.  (Dodeja, para. 0021; Fig. 2)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Glew et al. (US Pub. 2019/0108332) discloses monitoring a “taint” representative of an abnormal feature and performing measurement when the threshold of the taint raises to an unacceptable level.  Zarakas et al. (US Pub. 2016/0306977) discloses a measurement entity for measuring firmware similar to the disclosed specification.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493

/PETER C SHAW/Primary Examiner, Art Unit 2493