Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is in reply to an application filed on September 25, 2020.  

Priority
This is a continuation application which is a continuation of application 16856968, filed 04/23/2020 is a continuation of 15201400, filed 07/02/2016, now U.S. Patent #10708067, 15201400 Claims Priority from Provisional Application 62351956, filed 06/18/2016). Therefore, the effective filling date for the subject matter defined in the pending claims of this application is 06/18/2016.		
Drawings
4.	The drawings filed on April 23, 2020 are accepted. 

Specification
5.	The specification filed on April 23, 2020 is also accepted.

Claim 21-40 have been examined.
1-20. (Cancelled) 

Internet Communications

6.	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http://www.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.
                  
 Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



9.	   Claims 21-22, 24-27, 29-36 and 38-40 are rejected under 35 U.S.C. 103 as being unpatentable over Bronk (U.S. Pub.  No.: 2017/0244565 A1), hereinafter refer as to “Zimmer”) in view of Wookey et al. (U.S. Pub. No.: 2007/0171921 A1, hereinafter refer as to “Wookey”).
Bronk provides a local computing device for securely exchanging sensor information, the local computing device comprising: a sensor to generate sensor data; a trusted execution environment module to establish a trusted execution environment on local computing device.

Wookey provides the client machine establishing a connection to a virtual machine providing access to a resource.

As per claim 21, Bronk discloses a non-transitory computer readable storage medium comprising instructions which, when executed, cause one or more processors to at least (para. 0011 discloses a machine-readable storage medium may be embodied as any storage device, mechanism, or other physical structure for storing or transmitting information in a form readable by a machine (e.g., a volatile or non-volatile memory, a media disc, or other media device), for example): obtain signed data from a (fig. 1 element 106a) via a front end service (figs. 1 and 5 illustrate in block 426, the in-vehicle computing system 102 may receive sensor data generated by sensors of other remote vehicles 122 from the coordination server 108, for example); confirm software of the first remote device is authentic based on the signed data (para. 0021 and furthermore, fig. 1 illustrate the memory 154 may store various data and software used during operation of the in-vehicle computing system 102 such as operating systems, applications, programs, libraries, and drivers, for example).

Bronk failed to express disclose generate a credential to enable communication between the first remote device and a second remote device; and cause the front end service to transmit the credential to the first remote device.

Wookey disclose generate a credential to enable communication between the first remote device (fig. 57 is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service, for example) and a second remote device (fig. 1 illustrate second remote machine 30', for example); and cause the front end service to transmit the credential to the first remote device (para. 0937 discloses the authentication credential is personal information of the user that the client machine 10 obtains after the first communication session has been established. Examples of authentication credentials include a login password, a social security number, a telephone number, an address, biometric information, a time-varying pass code and a digital certification. The client machine 10 then transmits (step 5405) the authentication credentials to the remote machine 30 over the communication channel 5004 so that the remote machine 30 can authenticate the client machine 10 or the user of the client machine 10, for example). 

Bronk and Wookey are analogous art because they both are directed to methods and Systems for Providing Access to a Computing Environment and one of ordinary skill in the art would have had a reasonable expectation of success to modify Bronk with the specified features of Wookey because they are from the same field of endeavor.
It would have been obvious to one of ordinary skill in the art before the effective filing date of applicant's claimed invention to incorporate the teachings of Wookey with the teaching of Bronk in order to client machine accesses a computing resource provided by a remote machine [Wookey: para. 0135]. 

Regarding claim 22, the combination of Bronk as modified by Wookey discloses wherein the signed data is based on hardware of the first remote device (fig. 1 illustrate of Bronk discloses a trusted execution environment of the in-vehicle computing system 102 (e.g., established in the security co-processor 158) may access sensor data generated by the sensors 156 through the hardware protected I/O path 166 (i.e., to provide trusted and tamper-resistant sensory readings, for example).

Regarding claim 24, the combination of Bronk as modified by Wookey discloses wherein the software of the first remote device is authentic when the software is trustworthy (fig. 4 of Bronk depicted  block 420, the in-vehicle computing system 102 determines whether the coordination server 108 is authentic and/or secure based on the attestation result, for example).

Regarding claim 25, the combination of Bronk as modified by Wookey discloses wherein the first remote device uses the credential to connect to the second remote device (para. 0804 of Wookey discloses the web server 3304 receives the request for access, which typically includes user credential information (e.g., user ID, password, group/project membership identifier, etc.), and authenticates the user to the machine farm 38 or to the individual servers 114 that provide at least some of the web page content 3306, for example). 
Examiner applied the same motivational statement as set forth above in claim 21. 

Regarding claim 26, the combination of Bronk as modified by Wookey discloses wherein the instructions cause the one or more processors to cause (fig. 2c of Wookey authentication page allows the client machine 10 to transmit user credentials, via the web browser 280, to the remote machine 30 for authentication. Transmitted user credentials are verified either by the remote machine 30 or by another remote machine 30 in the farm 38, for example).
Examiner applied the same motivational statement as set forth above in claim 21. 

Regarding claim 27, the combination of Bronk as modified by Wookey discloses wherein the signed data attests to an authenticity of the software of the first remote device (para. 0021 of Bronk and furthermore, fig. 1 of Bronk illustrate the memory 154 may store various data and software used during operation of the in-vehicle computing system 102 such as operating systems, applications, programs, libraries, and drivers, for example).

As per claim 28, Bronk discloses an apparatus comprising: memory: and a processor to (fig. 1. illustrative in-vehicle computing system 102 includes a processor 150, an input/output ("I/O") subsystem 152, a memory 154, one or more sensors 156, a security co-processor 158, a data storage 160, a communication circuitry 162, and one or more peripheral devices 164. Additionally, the I/O subsystem 152 may include a hardware protected, for example): obtain signed data from a first remote device (fig. 1 element 106a) via a front end service (figs. 1 and 5 illustrate in block 426, the in-vehicle computing system 102 may receive sensor data generated by sensors of other remote vehicles 122 from the coordination server 108, for example); confirm software of the first remote device is authentic based on the signed data (para. 0021 and furthermore, fig. 1 illustrate the memory 154 may store various data and software used during operation of the in-vehicle computing system 102 such as operating systems, applications, programs, libraries, and drivers, for example). 

Bronk failed to express disclose generate a credential to enable communication between the (fig. 1 illustrate a computing environment residing on a first remote machine 30 in the machine farm 38, for example) and a second remote device (fig. 1 illustrate second remote machine 30', for example); and cause the front end service to transmit the credential to the first remote device (para. 0937 discloses the authentication credential is personal information of the user that the client machine 10 obtains after the first communication session has been established. Examples of authentication credentials include a login password, a social security number, a telephone number, an address, biometric information, a time-varying pass code and a digital certification. The client machine 10 then transmits (step 5405) the authentication credentials to the remote machine 30 over the communication channel 5004 so that the remote machine 30 can authenticate the client machine 10 or the user of the client machine 10, for example).

Wookey disclose generate a credential to enable communication between the (fig. 1 illustrate a computing environment residing on a first remote machine 30 in the machine farm 38, for example) and a second remote device (fig. 1 illustrate second remote machine 30', for example); and cause the front end service to transmit the credential to the first remote device. (para. 0937 discloses the authentication credential is personal information of the user that the client machine 10 obtains after the first communication session has been established. Examples of authentication credentials include a login password, a social security number, a telephone number, an address, biometric information, a time-varying pass code and a digital certification. The client machine 10 then transmits (step 5405) the authentication credentials to the remote machine 30 over the communication channel 5004 so that the remote machine 30 can authenticate the client machine 10 or the user of the client machine 10, for example). 

Bronk and Wookey are analogous art because they both are directed to methods and Systems for Providing Access to a Computing Environment and 
It would have been obvious to one of ordinary skill in the art before the effective filing date of applicant's claimed invention to incorporate the teachings of Wookey with the teaching of Bronk in order to client machine accesses a computing resource provided by a remote machine [Wookey: para. 0135]. 

Regarding claim 29, the combination of Bronk as modified by Wookey discloses wherein the signed data is based on hardware of the first remote device (fig. 1 illustrate of Bronk discloses a trusted execution environment of the in-vehicle computing system 102 (e.g., established in the security co-processor 158) may access sensor data generated by the sensors 156 through the hardware protected I/O path 166 (i.e., to provide trusted and tamper-resistant sensory readings, for example).

Regarding claim 31, the combination of Bronk as modified by Wookey discloses wherein the software of the first remote device is authentic when the software is trustworthy (fig. 4 of Bronk depicted  block 420, the in-vehicle computing system 102 determines whether the coordination server 108 is authentic and/or secure based on the attestation result, for example).

claim 32, the combination of Bronk as modified by Wookey discloses wherein the first remote device uses the credential to connect to the second remote device (para. 0804 of Wookey discloses the web server 3304 receives the request for access, which typically includes user credential information (e.g., user ID, password, group/project membership identifier, etc.), and authenticates the user to the machine farm 38 or to the individual servers 114 that provide at least some of the web page content 3306, for example).
Examiner applied the same motivational statement as set forth above in claim 28. 

Regarding claim 33, the combination of Bronk as modified by Wookey discloses wherein the processor is to cause the front end service to transmit the credential to the second remote device (fig. 2c of Wookey authentication page allows the client machine 10 to transmit user credentials, via the web browser 280, to the remote machine 30 for authentication. Transmitted user credentials are verified either by the remote machine 30 or by another remote machine 30 in the farm 38, for example).
Examiner applied the same motivational statement as set forth above in claim 28. 

Regarding claim 34, the combination of Bronk as modified by Wookey discloses wherein the signed data attests to an authenticity of the software of (para. 0021 of Bronk and furthermore, fig. 1 of Bronk illustrate the memory 154 may store various data and software used during operation of the in-vehicle computing system 102 such as operating systems, applications, programs, libraries, and drivers, for example).

As per claim 35, Bronk discloses a system comprising: a processing device to: sign data to attest to software running on the processing device (fig. 1 depicted the memory 154 may store various data and software used during operation of the in-vehicle computing system 102 such as operating systems, applications, programs, libraries, and drivers. The memory 154 is communicatively coupled to the processor 150 via the I/O subsystem 152, for example); and transmit the signed data to a first server; and the first server to (fig. 1 illustrate a coordination server 108, for example): obtain the signed data from the processing device  (figs. 1 and 5 illustrate in block 426, the in-vehicle computing system 102 may receive sensor data generated by sensors of other remote vehicles 122 from the coordination server 108, for example); confirm the software of the processing device is authentic based on the signed data (para. 0021 and furthermore, fig. 1 illustrate the memory 154 may store various data and software used during operation of the in-vehicle computing system 102 such as operating systems, applications, programs, libraries, and drivers, for example). 


Wookey disclose generate a credential to enable communication between the processing device (fig. 1 illustrate a computing environment residing on a first remote machine 30 in the machine farm 38, for example) and a second server (fig. 1 illustrate second remote machine 30', for example); and transmit the credential to the processing device; and the processing device to access services of the second server using the credential from the first server (para. 0937 discloses the authentication credential is personal information of the user that the client machine 10 obtains after the first communication session has been established. Examples of authentication credentials include a login password, a social security number, a telephone number, an address, biometric information, a time-varying pass code and a digital certification. The client machine 10 then transmits (step 5405) the authentication credentials to the remote machine 30 over the communication channel 5004 so that the remote machine 30 can authenticate the client machine 10 or the user of the client machine 10, for example).
Bronk and Wookey are analogous art because they both are directed to methods and Systems for Providing Access to a Computing Environment and one of ordinary skill in the art would have had a reasonable expectation of success to modify 
It would have been obvious to one of ordinary skill in the art before the effective filing date of applicant's claimed invention to incorporate the teachings of Wookey with the teaching of Bronk in order to client machine accesses a computing resource provided by a remote machine [Wookey: para. 0135]. 

Regarding claim 36, the combination of Bronk as modified by Wookey discloses wherein the processing device is to measure a trustworthiness of the software running locally on a device platform the processing device (para. 0148 of Wookey the remote machines 30 can operate according to one type of operating system platform (e.g., WINDOWS NT, manufactured by Microsoft Corp. of Redmond, Wash.), for example).
Examiner applied the same motivational statement as set forth above in claim 35. 

Regarding claims 38 and 39, the combination of Bronk as modified by Wookey discloses wherein the processing device is to access the services of the second server by transmitting the credential to the second server (para. 0937 of Wookey discloses the authentication credential is personal information of the user that the client machine 10 obtains after the first communication session has been established. Examples of authentication credentials include a login password, a social security number, a telephone number, an address, biometric information, a time-varying pass code and a digital certification. The client machine 10 then transmits (step 5405) the authentication credentials to the remote machine 30 over the communication channel 5004 so that the remote machine 30 can authenticate the client machine 10 or the user of the client machine 10, for example).
Examiner applied the same motivational statement as set forth above in claim 35. 

Regarding claim 40, the combination of Bronk as modified by Wookey discloses wherein the second server provides the services to the second server in response to confirming that credential (fig. 56 of Wookey illustrate  the computer system of fig. 53 to maintain authentication credentials during a second communication session following the termination of a second communication channel, for example). 
Examiner applied the same motivational statement as set forth above in claim 35. 

10.	   Claims 23 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Bronk (U.S. Pub.  No.: 2017/0244565 A1), hereinafter refer as to “Zimmer”) in view of Wookey et al. (U.S. Pub. No.: 2007/0171921 A1, hereinafter refer as to “Wookey”), further in view of Hawkes et al. (US 2013/0275760 A, hereinafter refer as to “Hawkes”).

Regarding claims 23 and 28, the combination of Bronk as modified by Wookey discloses all claimed limitation except for wherein the signed data is based on a root key of the first remote device.

However, Hawkes discloses wherein the signed data is based on a root key of the first remote device (para. 0025 discloses a remote station to receive the certificate, the corresponding private key, and/or the root-of-trust public key/certificate from an external device using WiFi as the data medium. The remote station may contain multiple internal entities, and may receive multiple sets of certificates, the corresponding private keys, and/or the root-of-trust public key/certificate, for example). 

Bronk as modified by Wookey and Hawkes are analogous art because they both are directed to remote station with a digital certificate and one of ordinary skill in the art would have had a reasonable expectation of success to modify the teachings of Bronk as modified by Wookey with the specified features of Hawkes because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art before the effective filing date of applicant's claimed invention to incorporate the teachings of Hawkes with the teaching of Bronk as modified by Wookey in order for Hawkes: para. 0006]. 

11.	   Claims 37 is rejected under 35 U.S.C. 103 as being unpatentable over Bronk (U.S. Pub.  No.: 2017/0244565 A1), hereinafter refer as to “Zimmer”) in view of Wookey et al. (U.S. Pub. No.: 2007/0171921 A1, hereinafter refer as to “Wookey”).
Regarding claim 37, the combination of Bronk as modified by Wookey discloses all the claimed language except for wherein the processing device is to sign the data using a secret key set during manufacture of the processing device. 

However, Michau discloses wherein the processing device is to sign the data using a secret key set during manufacture of the processing device (fig. 1, furthermore para. 0088 discloses during the configuration phase P0, secret keys K.sub.1, K.sub.2 are distributed to the first and second entities 10, 20, respectively, each of the keys being shared with the third entity 30. In the example described here for a mobile network, the first entity is a (U)SIM card and the second entity is a terminal into which the card has been inserted. The first secret key K.sub.1, usually called the authentication key, is defined and installed in the (U)SIM card during the step of manufacturing the card. The second secret key K.sub.2 can be installed on the terminal once the equipment has been put in circulation. This installation can be carried out in secure fashion, for example using a public key cryptography system that is set up during manufacture of the terminal and intended to allow the secure installation of the shared second secret key K.sub.2 from the third entity, or from a dedicated entity for distributing keys. In this case, the entity for distributing keys then distributes the shared second key K.sub.2 to the second and third entities 20, 30, for example). 

Bronk as modified by Wookey and Michau are analogous art because they both are directed to a method for authenticating at least two separate entities with a third entity and one of ordinary skill in the art would have had a reasonable expectation of success to modify the teachings of Bronk as modified by Wookey with the specified features of Michau because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art before the effective filing date of applicant's claimed invention to incorporate the teachings of Michau with the teaching of Bronk as modified by Wookey in order for authenticating at least two separate entities with a third entity [Michau: para. 0004]. 
Pertinent Art
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Buer et al. (Pub. No.: 2006/0136717 A1) provide Wentz et al. (Patent No.: US 10,742,421 B1) provide System used for anonymous hardware attestation, comprises an originating device, the originating device has a secure computing module, the local software monitor is configured to digitally sign a first cryptographic hash.

Conclusion

13.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






A.G.
July 15, 2021
/ABIY GETACHEW/Primary Examiner, Art Unit 2434