Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	In response to amendment filed on 12 July 2021 and Examiner Initiated Interview on 10 August 2021.   
2.	An examiner's amendment to the record is attached.  Please enter entire claim set.LIE PLEASE SCROLL DOWN TO THE END OF DOCUMENT.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  The examiner's amendment was authorized by attorney of record James Love in phone interview on 10 August 2021 and confirming email received on 12 August 2021.   
Conclusion
3.	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. 
4.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        


Examiner’s Amendment 
This listing of the claims will replace all prior versions and listings of the claims in the application.

Listing of Claims:

1 (Currently Amended).  A method for providing a firmware update [[of]] to a first device, comprising: 
receiving together as a software package, at the first device, from a signing portal that provides software, the signing portal connected to a hardware security module (HSM) that contains an online portion that is designed to be always available and an offline portion that is designed to be only available when a new master key is created or when signing a signing certificate, the software package contains:
a firmware update signed with a signing key, the signing the online portion of the HSM, 
a signing certificate certificate being signed with the master key 
a revision number on the signing certificate[[;]], 
verifying, at the first device, the on the firmware update using the public part of the signing key 
verifying, at the first device, the signature of the signing certificate using the public part of the master key;
checking, at the first device, the revision number on the signing certificate against a roll back counter; and 

rejecting or accepting, at the first device, the received firmware update based on the outcome of the above verifying and checking.

2 (Previously Presented).  The method according to claim 1, wherein checking the revision number against the roll back counter comprises: 
determining whether the revision number: 
is equal to the roll back counter, and / or 
is greater than the roll back counter, and / or 
matches an expected consecutive number complying with a predetermined number series; and 
updating the roll back counter if the revision number on the signing certificate is greater or matches an expected consecutive number.

3 (Previously Presented).  The method according to claim 1, further comprising: 
verifying a signature on a revocation list; and 
checking whether the signing certificate is listed as revoked on the revocation list. 

4 (Cancelled).

5 (Currently Amended).  A computer implemented method for providing a firmware update to an electronic device, comprising: 
at a signing portal, connected to a hardware security module (HSM) that contains an online portion that is designed to be always available and an offline portion that is designed to be only available when a new master key is created or when signing a signing certificate:
authenticating a firmware provider; 
obtaining a firmware update from the authenticated firmware provider; 
signing the firmware update by applying a signature with a private part of the signing keygenerated by an online portion of the HSM; 
providing a signing certificate with a revision number; 
signing the signing certificate by applying a signature with a private part of the master key generated by an offline portion of the 
providing the signed firmware update to the electronic device which verifies the signature on the firmware update using the public part of the signing key, verifies the signature of the signing certificate using the public part of the master key, checks the revision number on the signing certificate against a roll back counter, and rejects or accepts the received firmware update based on the outcome of the above verifying and checking.

6 Currently Amended).  The computer implemented method according to claim 5, further comprising: 
generating an updated signing 
providing the public part of the updated signing 
master 
sending the firmware update to the electronic device; 
providing an updated signing certificate; and
signing the updated signing certificate by applying the signature of the master key. 

7 (Currently Amended).  The computer implemented method according to claim 6, further comprising: 
revoking the signing certificate by updating the revocation list with the signing certificate; and
signing the updated revocation list by applying the signature of the master key. 

8 (Currently Amended).  The computer implemented method according to claim 5, comprising: 
generating an updated master 
generating an updated master certificate of the updated master 
providing a domain signature to the updated master certificate by applying a domain root key; 
providing a public part of the updated master 
signing the firmware update by applying the signature of the signing 
sending the firmware update to the electronic device.

9 (Currently Amended).  The computer implemented method according to claim 5, comprising: 
generating an updated master 
generating a temporary master certificate of the updated master 
providing a signature to the temporary master certificate by applying the master 
providing a public part of the updated master 
signing the firmware update by applying the signature of the signing 

10 (Currently Amended).  The computer implemented method according to claim 9, further comprising: 
generating an updated master certificate of the updated master 
providing a domain signature to the updated master certificate by applying a domain root key.

11 (Currently Amended).  The computer implemented method according to claim 8, further comprising: 
revoking the master certificate by updating the revocation list with the master certificate; 
signing the updated revocation list by applying the signature of the domain root key; 
generate a new signing certificate of the signing key; and
master 

12 (Currently Amended). A firmware update system, comprising:
a first electronic device comprising firmware, a Signature Management Module SMM, and a roll back counter;
a signing portal including a Hardware Security Module HSM including an online component storing one or more first keys, wherein the online component is designed to be designed to be always available and an offline component storing one or more second keys, wherein the offline component is designed to be only available when a new master key is created or when signing a signing certificate; and
the signing portal device configured to sign: 
a software package by a private part of the signing key stored in the HSM online component, and 
a signing certificate by a private part of the master key stored in the HSM offline component, 
wherein the signing certificate comprises a revision number, and 
wherein the SMM is configured to 

verify the of the software package by [[a]] the public part of the respective signing key, and
verify the of the signing certificate by [[a]] the public part of the respective master key, and 
check the revision number against the roll back counter, and
accept or reject the firmware update based on the outcome of the above verifying and checking. 

13 (Currently Amended).  The firmware update system according to claim 12, wherein the HSM offline component further stores a domain/root key; 
which domain key is used: 
to provide a signature to a master certificate for each respective master 
to provide a signature to a master certificate revocation list with the private part of the domain key.

14 (Currently Amended).  The firmware update system according to claim 12, further comprising a Certificate Revocation List CRL provided with the signature of the master 
wherein the SMM is further arranged for checking:
the signature of the CRL by the public part of the master 
whether the signing certificate is valid and/ or not revoked. 

15 (Previously Presented).  The firmware update system according to claim 12, wherein the roll back counter indicates the latest revision number of the signing certificate; 
wherein the roll back counter is updated with each certificate update / replacement; and 

checking whether the revision number is equal to the roll back counter; and / or 
checking whether the revision number is greater than the roll back counter; and / or 
whether the revision number matches an expected consecutive number complying with a predetermined number series; and 
wherein the device is arranged for updating the roll back counter if the revision number on the signing certificate is greater or matches an expected consecutive number.

16 (Previously Presented).  The firmware update system according to claim 12, wherein the software package comprises a firmware update for an electronic device. 

17 (Currently Amended).  A non-transitory computer readable medium[[,]] comprising instructions which, when executed on at least one computer processor, cause the at least one computer processor to carry out a method comprising: 
at a signing portal, connected to a hardware security module (HSM) that contains an online portion that is designed to be always available and an offline portion that is designed to be only available when a new master key is created or when signing a signing certificate:
authenticating a firmware provider; 
obtaining a firmware update from the authenticated firmware provider; 
signing the firmware update by applying a signature with a private part of the signing keygenerated by an online portion of the HSM; 

signing the signing certificate by applying a signature with a private part of the master keygenerated by an offline portion of the 
providing the signed firmware update to the electronic device that verifies the signature on the firmware update using the public part of the signing key, verifies the signature of the signing certificate using the public part of the master key, checks the revision number on the signing certificate against a roll back counter, and rejects or accepts the received firmware update based on the outcome of the above verifying and checking.

18 (Currently Amended).  The non-transitory computer readable medium according to claim 17, comprising further instructions which, when executed on at least one computer processor, cause the at least one computer processor to further implement the method comprising: 
generating an updated signing 
providing the public part of the updated signing 
updating the revision number of the signing certificate and applying the signature of the master 
sending the firmware update to the electronic device; 	
providing an updated signing certificate; and
signing the updated signing certificate by applying the signature of the master key.



20 (Cancelled).





/ELLEN TRAN/Primary Examiner, Art Unit 2433