Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This communication is in response to Applicant's Amendment filed 4/26/2021.  Applicant has amended claim 1, 7, 9, 15 and 17.  Currently, claims 1-20 are pending in the application.

Response to Amendments
Acknowledgement to applicant’s amendment to claims 7 and 15 has been noted.  The claims have been reviewed, entered and found obviating to previously raised objections for minor informalities.  Objection to claims 7 and 15 is hereby withdrawn.

Response to Arguments
Regarding rejection under 35 USC § 103, the arguments filed on 4/26/2021 have been considered but are not persuasive to overcome the references on record:  Fava et al. (US 2019/0229913 A1, hereinafter “Fava”) in view of Floyd et al. (US 10,826,706 B1, hereinafter “Floyd”).
In claim 1 (also applicable to claims 9 and 17):
	Applicant has generally stated in page 9 that “Fava does not teach or suggest what is specifically claimed, namely: in response to a boot-up operation, reading a first marker from a storage device of a sensor unit of the autonomous driving vehicle (ADV), the storage device including a plurality of partitions, each of the partitions storing an executable image of firmware, wherein the first marker includes a first unique identifier with a first unique pattern associated with a corresponding partition.”    
	Examiner notes that the allegations in relation to the claim limitation “in response to a boot-up operation, reading a first marker from a storage device of a sensor unit of the autonomous driving vehicle (ADV), the storage device including a plurality of partitions, each of the partitions storing an executable image of firmware” are but a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references, therefore, the arguments fail to comply with 37 CFR 1.111(b).  Nevertheless, Examiner notes that such claim limitation, in the broadest reasonable interpretation, is taught by prior art of reference, specifically, Fava, since Fava teaches that as boot device is operating (i.e. each page is received by boot device, par 42), a first marker is read from a storage device (i.e. an expected value stored in memory, which expected value is to be matched with the computed cryptographic measurement for the page of data – see par 42).  Examiner notes that such expected value is also a cryptographic measurement or hash stored in memory (see also par 44) since both values need to be matched in order to authenticate the firmware code (see also the brief summary on par 1 for further evidence).  See rejection section below.
	Applicant further argues in page 9 that “Fava does not teach or suggest “wherein the first marker includes a first unique identifier with a first unique pattern associated with a corresponding partition” in the specific context of the claims, as recited.  Indeed, there is no discussion of “unique identifier” and “unique pattern” anywhere in the entire reference….Fava never suggests that the first marker includes a first unique identifier with a first unique pattern associated with a corresponding partition.”  Examiner respectfully disagrees.   Examiner believes that the amended portion is still taught by prior art of record as it seems that the Applicant is just further defining what a first marker is as it is already known in the art.  Examiner notes that the term “first marker” has been mapped to a cryptographic measurement or hash.  This first marker, as amendment recites, is a unique identifier with a unique pattern with a corresponding partition.  In paragraph 39, Fava teaches that the firmware is checked by the cryptographic measurement or hash for each portion or page of data (i.e. mapped to limitation “corresponding partition”) of stored firmware code.  As it is known in the art, a hash is an output of a hashing algorithm where the output yields a unique string (i.e. claimed term “unique pattern”), or hash value or message digest, for any given piece of data (i.e. portion or page of data as mentioned in Fava).  This unique string is a unique identifier (i.e. claimed term “unique identifier”) used to uniquely identify files.  Data is uniquely identified since it is not possible to change an original piece of data and be able to obtain the same hash value for both the changed piece of data and the original piece of data.  Refer to https://www.sentinelone.com/cybersecurity-101/hashing/ and https://en.wikipedia.org/wiki/Hash_function for additional resources on the topic.  Examiner also notes that, as suggested in Fava, paragraphs [0002]-[0003], and [0045] also define hashes as such.  See rejection section below for newly added amendments.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claim1-6, 8-14, 16-20 rejected under 35 U.S.C. 103 as being unpatentable over Fava et al. (US 2019/0229913 A1, hereinafter “Fava”) in view of Floyd et al. (US 10,826,706 B1, hereinafter “Floyd”).

Regarding claim 1, Fava teaches:
A computer-implemented method of performing a secure boot operation of executable code for operating an autonomous driving vehicle (par 24, boot code security checks in autonomous vehicle systems), comprising: 
in response to a boot-up operation (par 42-43), reading a first marker (par 39, 42; i.e. determining a cryptographic measurement (i.e. digest) and comparing the value) from a storage device (par 44; i.e. digest is stored in memory) of a sensor unit of the autonomous driving vehicle (ADV) (par 18, 24, 33; i.e. implementation in an autonomous vehicle for seat control of a vehicle or a powertrain system of a vehicle), the storage device including a plurality of partitions (i.e. pages of data), each of the partitions storing an executable image of firmware (par 39; i.e. each portion is a page of data of firmware or run-time code stored in memory), wherein the first marker (i.e. a cryptographic measurement (i.e. digest or hash, see also par 45)) includes a first unique identifier (i.e. uniquely identify files, it is evident that a unique identifier is inferred) with a first unique pattern (i.e. unique string of a fixed size) (Examiner believes that this wherein clause is just a definition of what a hash is.  It is well known in the art, as Fava’s background paragraphs 2-4 state, that hashes are a string of a fixed size (i.e. unique pattern) used to uniquely identify files (i.e. unique identifier)) with a corresponding partition (par 39; cryptographic measurement or hashes are calculated for each of several portions of data where each portion is a page of data); 
determining whether the first marker is valid (par 16, comparing cryptographic measurement of portion of computer program to the stored value), wherein the first marker (i.e. cryptographic measurement or digest) is associated with a first of the partitions having a first executable image stored therein (par 16, 39, portion of the computer program); and 
executing the first executable image (i.e. cryptographic measurement of the portion of the runtime code) retrieved from the first partition (i.e. portion/page of data in memory) in response to determining that the first marker is valid (par 16, 39, 129; i.e. cryptographic measurement of the portion of the runtime code matches, data is accepted and executed), wherein the first executable image, when executed, is configured to process sensor data obtained from one or more sensors mounted on the ADV (par 85; data to be executed controls operations of a vehicle, see also par 90 – data to be executed is obtained from sensor in a vehicle [Fig. 4]) 
Fava’s invention is utilized on sensor devices used on autonomous vehicles, as it is implied on paragraphs 85 and 90.  However, Fava does not explicitly teach yet Floyd suggests:
utilized to perceive a driving environment surrounding the ADV during autonomous driving (col. 4 lines 55-61; i.e. validated software is authenticated that will allow vehicles to enable autonomous driving functionality on a smart roadway).
Accordingly it would have been obvious to one having ordinary skill in the art before the effectively filing date of the invention to have implemented a secure boot up that validates software that is utilized to perceive a driving environment surrounding the ADV during autonomous driving, as taught by Floyd, to Fava’s invention.  The motivation to do so would be in order to provide vehicle configuration verification for vehicle software modification detection (Floyd: col. 4 lines 30-31).  
Regarding claim 2, the combination of Fava and Floyd teach:
The method of claim 1, wherein each of the partitions (Fava: par 16, 39; i.e. portion/page of data in memory) includes a marker stored therein to indicate whether a respective executable image is valid for execution (Fava: Fig. 3, Digest, see also par 14-15).  
Regarding claim 3, the combination of Fava and Floyd teach:
The method of claim 2, wherein each partition further includes an authentication code stored therein to authenticate the respective executable image (Floyd: fig. 6, step 606, digital signature is added to the data block).  
Regarding claim 4, the combination of Fava and Floyd teach:
The method of claim 2, wherein each partition further includes a verifier code stored therein to verify an integrity of the respective executable image (Floyd: fig. 6, step 606, vehicle identifier).  

Regarding claim 5, the combination of Fava and Floyd teach:
The method of claim 1, further comprising: reading a second marker from a second partition of the storage device (Fava: par 42-43; i.e. each page has a digest, and when each page of the executable code is received, the digest is compared), the second partition storing a second executable image (Fava: par 43; i.e. if the digest compares, the page is stored); 
examining the second marker to determine whether the second marker is valid (Fava: par 42-43; each page compares the digest); and 
if the second marker is determined valid, executing the second executable image retrieved from the second partition (Fava: par 42-43; i.e. if the digest compares good with the expected value, the page of data is accepted and the code is executed.).  

Regarding claim 6, the combination of Fava and Floyd teach:
The method of claim 5, wherein the second marker is examined and the second executable image is executed (Fava: par 42-43; each page is examined and the code executed), in response to determining that the first marker is invalid (Fava: par 17, if portion or page of data does not compare, the data is rejected), wherein the second executable image (i.e. rescue mode code) is a back-up version of the first executable image (Fava: par 32).  

Regarding claim 8, the combination of Fava and Floyd teach:
The method of claim 1, further comprising: in response to a request for updating a third executable image (Fava: par 17; a request for update the executable code) stored in a third partition (Fava: par 24; the update is performed by using a device component with a cryptographic engine, par 39; i.e. each portion is a page of data of firmware or run-time code stored in memory), modifying a third marker associated with the third partition to indicate that the third executable image is invalid (Fava: par 22, digests can be modified by attack); 
updating the third executable image in the third partition (Fava: par 24; the update is performed by using a device component with a cryptographic engine); and 
restoring the third marker to indicate that the third executable image is valid again (Fava: par 16-17, the update replaces the software and integrity and authenticity of the program is checked, see also par 39, 129; i.e. cryptographic measurement of the portion of the runtime code matches, data is accepted and executed).  

Regarding claim 9, all claims set forth are rejected as it has been discussed in claim 1.  Furthermore, Fava also discloses the additional limitations:
A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations (Fava: par 142), the operations comprising:  

Regarding claims 10 and 18, all claims set forth are rejected as it has been discussed in claim 2.
Regarding claims 11 and 19, all claims set forth are rejected as it has been discussed in claim 3.

Regarding claims 12 and 20, all claims set forth are rejected as it has been discussed in claim 4.

Regarding claim 13, all claims set forth are rejected as it has been discussed in claim 5.

Regarding claim 14, all claims set forth are rejected as it has been discussed in claim 6.

Regarding claim 16, all claims set forth are rejected as it has been discussed in claim 8.

Regarding claim 17, all claims set forth are rejected as it has been discussed in claim 1.
Claims 7, 15 rejected under 35 U.S.C. 103 as being unpatentable over Fava et al. (US 2019/0229913 A1, hereinafter “Fava”) in view of Floyd et al. (US 10,826,706 B1, hereinafter “Floyd”) in further view of Hu et al. (US 2009/0193211 A1, hereinafter “Hu”).

Regarding claim 7, Fava and Floyd do not explicitly teach yet Hu suggests:
The method of claim 5, wherein the second marker is examined (par 38, 42 – authenticating second stage boot loader) and the second executable image is executed (Fig. 3 step 308 – Yes path) in response to a successful execution of the first executable image (Fig. 3 step 304 – yes path).  
	Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have execute a second executable image in response to a successful execution of the first executable image, as taught in Hu, to Fava and Floyd’s invention.  The motivation to do so would be to authenticate software at system boot up and then used during run-time to authenticate selected portions of a software image (Hu: Abstract).

Regarding claim 15, all claims set forth are rejected as it has been discussed in claim 7.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is 571-272-37391787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-37393739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495     
                                                                                                                                                                                                   31 July 2021