DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 03/05/2020.
Status of claims in the instant application:
Claims 1-20 are pending.
Priority
This application claims benefit of 62/858670 filed on 06/07/2019.
Information Disclosure Statement
Information Disclosure Statements (IDS) filed on 10/05/2020 have been considered, and a signed copies of the IDS forms have been attached to this office action.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-6, 8-11, 13-17 and 19-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
	Claim 1 recites the limitations:
	“A method comprising:
providing, via a processor, a secure execution context representing an isolated and secure operating system on a device;
providing a normal operating system representing a software supporting device functions and excluding the secure execution context;
determining in the secure execution context first data representing information about a state of the device, the state of the device including at least one of the physical environment of the device and a security posture of the normal operating system;
requesting from the normal operating system second data representing the state of the device;
receiving, from the normal operating system, the second data;
comparing, in the secure execution context, the first data and the second data to obtain a comparison result; and
based on the comparison result, returning a determination whether to perform an action representing a response to a mismatch between the first data and the second data.”
The claim limitations reciting, “determining in the secure execution context first data representing information about a state of the device, the state of the device including at least one of the physical environment of the device and a security posture of the normal operating system; comparing, in the secure execution context, the first data and the second data to obtain a comparison result; based on the comparison result, returning a determination whether to perform an action representing a response to a mismatch between the first data and the second data” can be considered a process that can be performed in human mind or using pencil and paper. These limitations perform comparison of two pieces of Mental processes - concepts performed in the human mind (including an observation, evaluation, judgment, opinion)” per “2019 Revised Patent Subject Matter Eligibility Guidance”
The remaining limitations of claim 1 “providing, via a processor …; providing a normal operating …; requesting from the normal operating …; receiving, from the normal operating system” are there to request and receive/collect data which are transmission and receiving of data. These steps are interpreted as Insignificant Extra- Solution Activity (MPEP 2106.05(g))
	The claim does not contain any other limitations. Thus the abstract idea as identified above is not integrated into a practical application. Therefore, claim 1 is rejected as the claimed invention is directed to a judicial exception, an abstract idea, without significantly more. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception.
	The dependent claim 2-15 are interpreted as below:
	Claim 2: Sending/receiving data.
	Claim 3: Recites a “mental process” – an abstract idea, and providing/collecting data.
	Claim 4: Collecting data and making judgement about the data
	Claim 5: Perform data collection, comparison, provides opinion/judgement – a mental process.
	Claim 6: Collects more data.
	Claim 8: Collects more data.
	Claim 9: Collects data.
	Claim 10: Collecting data, comparing data (a mental process), and sending data.
	Claim 11: Collecting data, comparing data and providing a judgement/opinion (a mental process), and sending data.
	Claim 13: Collecting and providing more data.
	Claim 14: Collecting data and comparing/evaluating data (a mental process).
	Claim 15: Collecting data and comparing/evaluating data (a mental process).
	The dependent claims as interpreted above perform (sending/receiving) data collection and also perform additional mental process of comparing data and providing a judgement/opinion. Thus these dependent claims are also rejected for reasons similar to claim 1.
	Claim 16, 17, 19 and 20 are also rejected for reasons similar to that claim 1 and its dependent claims.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
	Claim 1 recites, “providing a normal operating system representing …; determining in the secure execution context … a security posture of the normal operating system; requesting from the normal operating system second data representing the state of the device; receiving, from the normal operating system, the second data”
	It’s not clear from the claim language what would a “normal operating system” be. The use of the term “normal” makes the limitation ambiguous, one would not know what is considered normal and what is not normal without a clear description. Also, the standard of “normal” can be different with time, scope, application and so on. The term “normal” can be interpreted as a relative term.
The term “normal operating system” in claim 1 is a relative term which renders the claim indefinite.  The term “normal operating system” is not defined by the claim, and the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.
Therefore, claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
The remaining independent claims 16 and 20 also recite limitations similar to claim 1, and hence they are also similarly rejected.
The dependent claims are rejected since some do explicitly recite the term “normal operating system” and also for the fact that they inherit the term “normal operating system” from the independent claims.
Appropriate correction required.
*** Note: For examination purposes, Examiner interprets “normal operating system” as “non-secure operating system”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 12-13 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 20190132739 A1 to Raleigh et al. (hereinafter “Raleigh”) in view of Pub. No.: US 20120159156 A1 to Barham et al. (hereinafter “Barham”).
Regarding Claim 1. Raleigh discloses A method (Raleigh, FIG. 15, Para [0213]: … FIG. 15 illustrates a flow diagram for secure device data records for implementing device assisted services (DAS) in accordance with some embodiments …) comprising:
providing, via a processor, a secure execution context representing an isolated and secure operating system on a device (Raleigh, Para[0027-0029, 0070, 0072, 0115, 0219]: … if a device service processor, the device operating environment, device operating system or device software is tampered with in a manner that produces wireless network (or other I/O port) access service usage characteristics that are not compliant with expected policy or allowed policy, a device configuration error message can be generated or device wireless network access (or other 1/0 connection access) can be restricted or blocked. Such embodiments can be helpful in securing device based network access (or I/O control) policies and can also be helpful in identifying device software that has been tampered with or any malware that is present … In some embodiments, AWSP supports a wide range of services, devices, and applications for consumer, enterprise, and machine to machine markets … some embodiments, AWSP supports various device types, including the following: 4G and 3G smart phones, 4G and 3G feature phones, 4G and 3G USB dongles and cards, 4G-to-WiFi and 3G-to-WiFi bridge devices, 4G and 3G notebook and netbook computing devices, 4G and 3G slate computing devices, 4G and 3G consumer electronics devices (e.g., cameras, personal navigation devices, music players, and home power meters), and machine to machine devices (e.g., various types of consumer and industrial devices with minimal user interface (UI) capabilities such as geo-location tracking devices, parking meters, and vending machines) … the secure environment also ensures that the data path from the DDR Processor to the physical modem bus driver (e.g., USB port, Ethernet port, Firewire port, WiFi port, Bluetooth port, NFC port, or another I/O bus port) is isolated from firmware outside the secure environment. That is, no firmware outside the secure environment has the ability to affect the accurate gathering of statistics by the DDR Processor …);
providing a normal operating system representing a software supporting device functions and excluding the secure execution context (Raleigh, Para [0031, 0086, 0113]: … one or more of the other device based service usage measures is not secured (e.g., not completely trusted … the APU OS execution environment is generally not considered secure or trusted even though the Service Processor can be protected by the OS and/or other security elements … unsecure OS stack in the kernel …);
determining in the secure execution context first data representing information about a state of the device, the state of the device including at least one of the physical environment of the device and a security posture of the normal operating system (Raleigh, Para[0026-0027, 0031, 0185-0188]: … communication activity over a device wireless access network connection (or other I/O port communication connection) is securely monitored and reported to a network server for further processing to determine if device access service policies are being properly enforced, or to determine of malicious software in the device operating environment is accessing the network … if a device service processor, the device operating environment, device operating system or device software is tampered with in a manner that produces wireless network (or other I/O port) access service usage characteristics that are not compliant with expected policy or allowed policy, a device configuration error message can be generated or device wireless network access (or other I/O connection access) can be restricted or blocked … the device policy verification includes whether the device is communicating from an allowed location or from a location that is not allowed …);
However, Raleigh does not explicitly teach, but Barham from same or similar field of endeavor teaches:
“requesting from the normal operating system second data representing the state of the device (Barham, Para [0030-0031]: …  FIG. 3 is a flow diagram that illustrates processing of the secure location system to access a resource with location-based access permissions, in one embodiment. Resources within a computing system may include location information as one of multiple criteria for accessing a resource. For example, a file may include a user and location restriction, so that a particular user can access the file from specified locations only … Beginning in block 310, the system receives a request to access an identified resource, wherein the identified resource includes location-based access information. For example, the resource may include a file, directory, printer, computer peripheral, configuration database entry, or other resource for which an operating system defines and enforces access control. The request may come from an application calling an operating system API for accessing files or other resources. The request includes a security token that identifies a security principal associated with the request …);
receiving, from the normal operating system, the second data (Barham, Para [0032-0033]: … Continuing in block 320, the system accesses a secure source of location information. For example, the system may invoke an operating system API for requesting a location certificate from GPS and/or TPM hardware that provide a verifiable and auditable location indication. The location indication may include latitude and longitude coordinates or other location specification, as well as a timestamp and other identifying information that validates that the location information is current and has not been tampered with. The computing device may include a secure boot process that creates a chain of trust ensuring that the operating system has control of the location hardware and that the output related to location received from the operating system is trustworthy … Continuing in block 330, the system receives a location certificate from the secure source of location information that indicates a current geographic location of a computing device on which the request was received. The certificate may include a signature or other cryptographically verifiable indication of the source of the location information. The recipient may query a TPM or other security hardware to verify the signature to ensure that no tampering has occurred with the location information provided in the certificate. The system may also create a log of issued location certificates that forms an audit trail for any later investigation of actions performed at particular locations …);”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barham into the teachings of Raleigh, because it discloses that “the secure location system provides a secure mechanism whereby the GPS location of a computer at a specific time can be certified by the operating system kernel and TPM. In some embodiments, the secure location system logs user activity with a label indicating the geographic location of the computing device at the time of the activity. The secure location system can provide a difficult to forge (i.e., tamper-proof), time-stamped location through a combination of kernel-mode GPS access and TPM security hardware (Barham: Para [0004]).
Raleigh further discloses:
“comparing, in the secure execution context, the first data and the second data to obtain a comparison result (Raleigh, Para [0026-0027, 0031, 0185-0188]: … the network based reconciliation function reconciles two or more device based service usage measures, in which one of the device based service usage measures is secured (e.g., deemed as secured and/or trusted based on various techniques described herein, such as for secure DDRs) and one or more of the other device based service usage measures is not secured (e.g., not completely trusted, such as a service processor reports generated by a service processor that is not implemented in a secure execution environment) … the device policy that is verified is whether or not the device application activity is in accordance with a set of pre-determined policies … In some embodiments, the device policy verification includes whether the device is accessing approved or unapproved networks. In some embodiments, the device policy verification includes whether the device is communicating specified content via one or more allowed wireless connections or other I/O ports, or is communicating specified content over one or more wireless networks or I/O ports that are not allowed. In some embodiments, the device policy verification includes whether the device is communicating specified content via an allowed secure link over one or more wireless connections or other I/O ports, or is communicating specified content over an insecure link. In some embodiments, the device policy verification includes whether the device is communicating from an allowed location or from a location that is not allowed. In some embodiments, the device policy verification includes whether or not the device operating environment monitoring reports indicate that the device operating environment is free of any malicious software …); and
based on the comparison result, returning a determination whether to perform an action representing a response to a mismatch between the first data and the second data (Raleigh, Para [0026-0027, 0031, 0051-0055, 0185-0188]: … determining if the two sequences of service usage reports match … when the minimum tolerance limit is not met a fraud detection error flag for that device is set to restrict network access and also signals network apparatus or a network administrator to take further action … if a device service processor, the device operating environment, device operating system or device software is tampered with in a manner that produces wireless network (or other I/O port) access service usage characteristics that are not compliant with expected policy or allowed policy, a device configuration error message can be generated or device wireless network access (or other I/O connection access) can be restricted or blocked …).”
Regarding Claim 2. The combination of Raleigh-Barham discloses the method of claim 1, Raleigh further discloses, “further comprising:
providing a security application executing within the operating system, the security application defining an interface to the secure execution context (Raleigh,  Para [0093-0097]: … In some embodiments, the DDR Processor image is digitally signed by the device OEM. For example, the secure boot loader can verify the signature using a boot loader verification key and reject the image if the signature is invalid … the signed DDR Processor image is stored in on-chip nonvolatile memory. In some embodiments, the signed DDR Processor image is stored in off-chip nonvolatile memory (e.g., if the on-chip storage capacity of the chipsets is too constrained to store this image) … FIG. 2 illustrates a process for booting, executing, and updating the DDR firmware in accordance with some embodiments. As shown in FIG. 2, at 210, when the device boots, the Secure Boot Loader fetches the DDR Processor image from nonvolatile memory, installs it in the SEE, and executes it … a communication channel (e.g., a DDR mail box) provides communication between the DDR Processor program executing in the SEE to a Service Processor application program executing in the non-secure OS environment (e.g., application space or user space), such as shown at 230 in FIG. 2 …);
wherein requesting the second data from the normal operating system comprises requesting, by the security application, the second data (Raleigh,  Para [0031, 0096, 0185-0188]: … secure communication between a network-based service controller and a device-based secure service processor element operating in a secure execution environment on a device connected to a wide area access network is used for secure (or trusted) delivery of secure service processor element I/O activity monitor records for one or more I/O ports (e.g., an I/O port including but not limited to 2G, 3G, 4G, Ethernet, WiFi, USB, Firewire, Bluetooth, or NFC), wherein the secure communication includes a secure message receipt feedback loop … the secure service processor element executing within a secure execution environment and communicating with a service controller via a secure communication link that includes a secure message receipt feedback loop observes device application and/or I/O port activity and generates one or more of the following device activity reports: service usage reports, service usage reports including service usage classification, application service usage reports, network destination service usage reports, service usage reports including network type identifiers, service usage reports including location identifiers, application access monitoring reports, application access service accounting reports, application activity monitoring reports, device operating environment monitoring reports … the device policy that is verified is a network access service policy enforcement set comprising a network access service plan policy enforcement set, including a set of policies for one or more of network access control or traffic control, network application control … the device policy that is verified is whether or not the device application activity is in accordance with a set of pre-determined policies (e.g., determining if the applications that are accessing the network or other I/O ports are all allowed applications, or determining if the applications accessing the network or other I/O ports are behaving according to expected policy behavior) …).”
Regarding Claim 3. The combination of Raleigh-Barham discloses the method of claim 1, Raleigh further discloses, “wherein the device further comprises a persistent storage device and the state of the device is an evaluation of a portion of a file system of the device storing files of the operating system (Raleigh, Para [0091-0095] … the device policy that is verified is whether or not the device application activity is in accordance with a set of pre-determined policies (e.g., determining if the applications that are accessing the network or other I/O ports are all allowed applications, or determining if the applications accessing the network or other I/O ports are behaving according to expected policy behavior) … the DDR Processor image is digitally signed by the device OEM. For example, the secure boot loader can verify the signature using a boot loader verification key and reject the image if the signature is invalid. In some embodiments, the boot loader verification key is a 2048-bit RSA public key embedded within the secure boot loader image …).”
Regarding Claim 4. The combination of Raleigh-Barham discloses the method of claim 3, Raleigh further discloses, “wherein the state of the device is a result of monitoring of writes to the file system (Raleigh, Para [0024­0027, 0048, 0106]: … the service controller also observes the integrity of the ordered sequence of device data records to determine if device data records have been tampered with or omitted. In some embodiments, if the service processor determines that the device data records have not been tampered with or omitted, the service controller sends back a signed or encrypted device data record receipt message. In some embodiments, if the service processor determines that the device data records have been tampered with or omitted, the service controller sends back an error message or does not send back a signed or encrypted device data record receipt message. In some embodiments, if the system for secure DDRs receives an error message from the service controller, or does not receive a signed or encrypted device data record receipt message within a certain period of time or within a certain number of transmitted device data records or within a certain amount of communication information processed, then (i) a device configuration error message can be generated for delivery to a security administrator or server, or (ii) one or more of the wireless network connections (or other I/O connection or port) for the wireless communication device are either blocked or restricted to a pre-determined set of safe destinations. In this manner, if a device service processor, the device operating environment, device operating system or device software is tampered with in a manner that produces wireless network (or other I/O port) access service usage characteristics that are not compliant with expected policy or allowed policy, a device configuration error message can be generated or device wireless network access (or other I/O connection access) can be restricted or blocked …).”
Regarding Claim 5. The combination of Raleigh-Barham discloses the method of claim 4, Raleigh further discloses, “wherein the state of the device is a determination as to whether the normal operating system has been compromised (Raleigh, Para [0024-0027, 0031, 0048]: … the service controller also observes the integrity of the ordered sequence of device data records to determine if device data records have been tampered with or omitted. In some embodiments, if the service processor determines that the device data records have not been tampered with or omitted, the service controller sends back a signed or encrypted device data record receipt message. In some embodiments, if the service processor determines that the device data records have been tampered with or omitted, the service controller sends back an error message or does not send back a signed or encrypted device data record receipt message. In some embodiments, if the system for secure DDRs receives an error message from the service controller, or does not receive a signed or encrypted device data record receipt message within a certain period of time or within a certain number of transmitted device data records or within a certain amount of communication information processed, then (i) a device configuration error message can be generated for delivery to a security administrator or server, or (ii) one or more of the wireless network connections (or other I/O connection or port) for the wireless communication device are either blocked or restricted to a pre-determined set of safe destinations. In this manner, if a device service processor, the device operating environment, device operating system or device software is tampered with in a manner that produces wireless network (or other I/O port) access service usage characteristics that are not compliant with expected policy or allowed policy, a device configuration error message can be generated or device wireless network access (or other I/O connection access) can be restricted or blocked … …).”
Regarding Claim 12. The combination of Raleigh-Barham discloses the method of claim 1, Raleigh further discloses, “wherein the device further comprises components including at least one of a camera (Raleigh, Para [0070]: … AWSP supports a wide range of services, devices, and applications for consumer, enterprise, and machine to machine markets, as described herein with respect to various embodiments. In some embodiments, AWSP supports various device types, including the following: 4G and 3G smart phones, 4G and 3G feature phones, 4G and 3G USB dongles and cards, 4G-to-WiFi and 3G-to-WiFi bridge devices, 4G and 3G notebook and netbook computing devices, 4G and 3G slate computing devices, 4G and 3G consumer electronics devices (e.g., cameras, personal navigation devices, music players, and home power meters) …), a touch screen, and an accelerometer, Raleigh further discloses, “the method further comprising:
obtaining an authentication status of a user of the device obtained by performing, in the secure context, behavioral analysis of the user based on outputs of the components (Raleigh, Para [0163-0165, 0185, 0222]: … In some embodiments, in each receive frame, the MPU increments the receive count and compares that value to the value of the maximum transmit count as obtained from the most recent frame acknowledgment. In some embodiments, if the receive count is greater than the maximum receive count, the MPU determines that the SIM is not receiving valid receive frame data. In some embodiments, the MPU informs a network element (e.g., a trusted entity such as a service controller) that a fraud has occurred after determining that the SIM is not receiving valid receive frame data … if the secure service processor element receives an error message from the service controller, or does not receive a signed or encrypted I/O activity monitor record receipt message within a certain period of time or within a certain number of transmitted I/O activity monitor records or within a certain amount of communication information processed, then (i) a device configuration error message is generated for delivery to a security administrator or server, and/or (ii) one or more of the wireless network connections or other I/O connections or ports of the wireless communication device are either blocked or restricted to a pre-determined set of safe destinations … the device communication activity policy further comprises requesting an access network service cost acknowledgement or payment indication from a device user and restricting device roaming network access privileges if the user does not provide an service cost acknowledgement or payment indication …)” 
Regarding Claim 13. The combination of Raleigh-Barham discloses the method of claim 12, Raleigh further discloses, “further comprising:
providing a security application executing within the normal operating system, the security application defining an interface to the secure execution context (Raleigh, Para [0070]: AWSP supports a wide range of services, devices, and applications for consumer, enterprise, and machine to machine markets, as described herein with respect to various embodiments. In some embodiments, AWSP supports various device types, including the following: 4G and 3G smart phones, 4G and 3G feature phones, 4G and 3G USB dongles and cards, 4G-to-WiFi and 3G-to-WiFi bridge devices, 4G and 3G notebook and netbook computing devices, 4G and 3G slate computing devices, 4G and 3G consumer electronics devices (e.g., cameras, personal navigation devices, music players, and home power meters), and machine to machine devices (e.g., various types of consumer and industrial devices with minimal user interface (UI) capabilities such as geo-location tracking devices, parking meters, and vending machines) …);
37Attorney Docket No. LOOK-00201providing a plurality of other applications executing within the normal operating system (Raleigh, Para [0070]: AWSP supports a wide range of services, devices, and applications for consumer, enterprise, and machine to machine markets, as described herein with respect to various embodiments. In some embodiments, AWSP supports various device types, including the following: 4G and 3G smart phones, 4G and 3G feature phones, 4G and 3G USB dongles and cards, 4G-to-WiFi and 3G-to-WiFi bridge devices, 4G and 3G notebook and netbook computing devices, 4G and 3G slate computing devices, 4G and 3G consumer electronics devices (e.g., cameras, personal navigation devices, music players, and home power meters) …);”
Barham further discloses, “
“subscribing, by the plurality of other applications, to authentication by the security application (Barham, Para [0005, 0012, 0016]: … the system provides a secure audit trail that can be used to verify that particular actions occurred at a particular location. The system can also restrict the use of operating system services or changes to access-control decisions based on geographic location and/or time. The secure location system performs these actions by making GPS hardware only accessible by the kernel. The TPM ensures operating system and boot loader code come from a trusted source. The operating system reads a secure GPS location and provides certified GPS/time data to user-space processes. The system forms a chain of trust from early in the boot process to the execution of user processes that monitors and controls how GPS information is provided and used by applications. Thus, the secure location system incorporates secure location information into authorization and other operating system decisions … Applications can read and obtain a certificate of location. When an application reads a file, the data it gets back can be selected at the operating system or more secure level based on location … The kernel location provider 130 provides an interface from an operating system kernel to user-mode services and applications that use location information. The interface may include one or more APIs that applications or operating system services can use to receive secure location information and make decisions based on a current location of the computing device …)”; and
distributing, by the security application, the authentication status (Barham, Claim 16: …  wherein the hardware security component verifies authentication information for a software driver associated with the location hardware component to create a secure chain of trust from the location hardware component to the operating system …).”
The motivation to further combine Barham remains same as in claim 1.
Regarding Claim 15. The combination of Raleigh-Barham discloses the method of claim 1, Raleigh further discloses, “wherein the device further comprises a baseband processor configured to manage wireless communication of the device (Raleigh, Para [0088]: In some embodiments, a secure, reliable, and trusted transmission of DDRs from the DDR processor 114 is provided by DDR reporting techniques, including the following: (1) the DDR Processor firmware is securely loaded and executed in a Secure Execution Environment (SEE); (2) the data path between the DDR Processor to the wireless modem antenna connection (e.g., a 3G or 4G network modem antenna connection) is secured to prevent fraudulent software or firmware from forming data paths that circumvent the DDR Processor data path processing …), the method further comprising evaluating whether the baseband processor is encrypting transmitted data (Raleigh, Para [0185, 0192]: if the secure message feedback loop is interrupted, a secure service processor element secure communication channel error condition is detected and acted on. In some embodiments, an ordered sequence of secure service processor element I/O activity reports is communicated to a service controller using a signed or encrypted communication channel … As described herein with respect to various embodiments, the DDR messages are encrypted and can only be decrypted by the Service Controller. This logical channel can also be used for Service Controller to send down new DDR software updates …).”
Regarding Claim 16. This claim contains all the same or similar limitation as claim 1, hence similarly rejected as claim 1.
Regarding Claim 17. The combination of Raleigh-Barham discloses the mobile device of claim 16, Raleigh further discloses, “wherein the state of the device is at least one of:
a state of a portion of a file system storing an operating system of the device;
a location of the device (Raleigh, Para [0188]: … In some embodiments, the device policy verification includes whether the device is communicating from an allowed location or from a location that is not allowed. In some embodiments, the device policy verification includes whether or not the device operating environment monitoring reports indicate that the device operating environment is free of any malicious software or erroneous operating conditions …);
an output of a sensor of the device; and
a state of encryption of data transmitted from the device (para (0026)-(0027), (0031), (0070), [0144), (0185)-(0188)).”
Regarding Claim 18. The combination of Raleigh-Barham discloses the mobile device of claim 16, Raleigh further discloses, “wherein the executable code when executed by the one or more processing devices, causes the one or more processing devices to cryptographically sign the first data using a [hardware] key of the device (Raleigh, Para [0146, 0214, 0241]: … Examples of secure execution environment (SEE) implementations in the APU DDR Processor and MPU DPSV embodiments include the examples similarly discussed above for various secure execution environment (SEE) implementations in the APU embodiments. Specific examples are also listed below. Example commercially available APUs include the following: Intel Atom (e.g., Z5xx, Z6xx, D4xx, D5xx series) based solutions with Intel Trusted Execution Technology including TPM support; and ARM based solutions with ARM Trusted Zone Architecture. Example APU specification requirements can also include: common hardware security blocks (e.g., AES, DES, RSA, Diffie-Hellman, SHA, and a random generator). Example commercially available MPUs include the following: EVDO chipset based solutions (e.g., ARM 11-based CPU architecture, including ARM Trusted Zone Architecture with many common hardware crypto blocks); HSPA chipset based solutions (e.g., Snapdragon/ARM based CPU architecture, including ARM Trusted Zone Architecture with many common hardware crypto blocks); and LTE chipset based solutions (e.g., Snapdragon/ARM based CPU architecture, including ARM Trusted Zone Architecture with many common hardware crypto blocks). … In some embodiments, intermediate elements on the data path cannot alter or tamper with the data without detection. In some embodiments, the data path is trusted because data sent over it is signed … the trusted data path communication between the one or more secure data path processing agents and the one or more I/O port modems is secured by signing or encrypting with a shared key …).”
Barham further discloses, “a hardware key (Barham , Para [0041]: …access to resources may be protected with cryptographic keys managed by the TPM or other security hardware, and the TPM may hand out time-limited keys based on a current location of the device derived from the location hardware …)”
The motivation to further combine Barham remains same as in claim 1.
Regarding Claim 19. This claim contains all the same or similar limitations as in claim 2, hence similarly rejected as claim 2
Regarding Claim 20. This claim contains all the same or similar limitation as claim 1, hence similarly rejected as claim 1.
Raleigh also discloses “a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment … a memory coupled to the processor and configured to provide the processor with instructions … (Raleigh, Para [0026])”.
Claims 6-11 and 14 is rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 20190132739 A1 to Raleigh et al. (hereinafter “Raleigh”) in view of Pub. No.: US 20120159156 A1 to Barham et al. (hereinafter “Barham”), as applied to claim 1 above, and further in view of Pub. No.: US 20170346851 A1 to Drake (hereinafter “Drake”).
Regarding Claim 6. The combination of Raleigh-Barham discloses the method of claim 1, however it does not explicitly teach, but Drake from same or similar field of endeavor teaches:
“wherein:
the device further comprises one or more sensors (Drake, Para [0075]: … Another of this present invention's solutions is to generate keys from biometric sensors, preferably locally in a device without storing or trafficking actual biometric features, thus not putting them in serverside break-in harm's way at all, as well as preventing their local theft too …); and
the first data is a reading from the one or more sensors obtained within the secure execution context (Drake, Para [0120]: … This invention teaches the use of sensor equipped mobile platforms and secure communications with asymmetric cryptography and rich two-way customer interaction as one means to both confirm user intent, as well as collect non-repudiation metrics to help combat fraudulent customer claims …).”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Drake into the combined teachings of Raleigh-Barham, because it discloses that “to generate keys from biometric sensors, preferably locally in a device without storing or trafficking actual biometric features, thus not putting them in serverside break-in harm's way at all, as well as preventing their local theft too (Drake: Para [0075]).
Regarding Claim 7. The combination of Raleigh-Barham-Drake discloses the method of claim 6, Barham further discloses, “further comprising cryptographically signing the reading using a hardware key of the device (Barham, Para [0037]: … the secure location system facilitates implementation of a steganographic file system. A steganographic file system provides layers of access to data on a storage device. For example, a base layer may be accessible without a key or from any location and may include benign data that is not particularly security sensitive. The TPM or other secure hardware may provide a cryptographic key in response to an access request based on a current location of the device. Higher layers may provide increasingly more access to sensitive data to those that have the appropriate key … The channel may include encrypted communications that allow the TPM to certify the output of the GPS chip and ensure a chain of trust that is tamper proof between the GPS hardware and operating system or applications. In some embodiments, access to resources may be protected with cryptographic keys managed by the TPM or other security hardware, and the TPM may hand out time-limited keys based on a current location of the device derived from the location hardware …).”
The motivation to further combine remains Barham same as in claim 1.
Regarding Claim 8. The combination of Raleigh-Barham-Drake discloses the method of claim 6, Raleigh further discloses, “wherein the one or more sensors include a camera and the reading is pixel data obtained from the camera (Drake, Para [0123]: … in one embodiment of present invention, a user with a smartphone will only be able to perform secure operations after the front-facing device camera has recognized that the legitimate face of the user is present, this action assisted by illuminating the user's face in dark environments through substantially bright-whitening the device display during recognition, all the while using keys that prevent a thief of the device or key from being able to recreate a face image that would regenerate the key …).”
Therefore, it would have been obvious to further combine Drake, because it disclose that, “the convenience factor however, can make the use of biometric techniques suitable in some situations. This present invention teaches how to use biometric feature readings to construct encryption keys so that these keys can be used to protect authentication data but the biometrics features that generated them cannot be easily reconstructed … This facilitates convenience for users while avoiding legal infringement problems and technical theft risks. For example, in one embodiment of present invention, a user with a smartphone will only be able to perform secure operations after the front-facing device camera has recognized that the legitimate face of the user is present, this action assisted by illuminating the user's face in dark environments through substantially bright-whitening the device display during recognition, all the while using keys that prevent a thief of the device or key from being able to recreate a face image that would regenerate the key (Drake: Para [0122-0123]) ”
Regarding Claim 9. The combination of Raleigh-Barham-Drake discloses the method of claim 6, Raleigh further discloses, “wherein the one or more sensors include a global positioning system (GPS) receiver and the reading is a location obtained from the GPS receiver (Raleigh, Para [0041, 0070, 0081, 0144, 0185-0188]: … DDR processor 114 may be embedded in a secure zone of any other functional processor with a companion MPU to enforce network access. Such functional processors in which DDR processor 114 may be embedded include, for example, video processors, audio processors, display processors, location (e.g., GPS) processors …).”
Regarding Claim 10. The combination of Raleigh-Barham-Drake discloses the method of claim 9, Barham further discloses, “further comprising:
receiving a region definition (Barham, Para [0030-0031]: … FIG. 3 is a flow diagram that illustrates processing of the secure location system to access a resource with location-based access permissions, in one embodiment. Resources within a computing system may include location information as one of multiple criteria for accessing a resource … Beginning in block 310, the system receives a request to access an identified resource, wherein the identified resource includes location-based access information. For example, the resource may include a file, directory, printer, computer peripheral, configuration database entry, or other resource for which an operating system defines and enforces access control …);
evaluating, on the device, whether the location is within the region definition (Barham, Para [0034]: … Continuing in block 340, the system compares the location-based information provided by the received location certificate with at least one location-based restriction in an access control list associated with the identified resource. For example, the access control list may specify that the resource cannot be read or written outside the United States, can be read anywhere within the United States, and can be written only within a particular city …); and
returning a result of the evaluating (Barham, Para [0035]: … Continuing in decision block 350, if the comparison indicates that the requested access of the resource is not permitted at the current location, then the system continues at block 360, else the system continues at block 370. Continuing in block 360, the system denies the access request. The system may provide an error message or other indication that the request is denied …).”
The motivation to further combine remains Barham same as in claim 1.
Regarding Claim 11. The combination of Raleigh-Barham-Drake discloses the method of claim 9, Barham further discloses, “wherein the location is a first location, the method further comprising:
“obtaining, by the normal operating system, a second location, the second location being the second data (Barham, Para [0033]: … Continuing in block 330, the system receives a location certificate from the secure source of location information that indicates a current geographic location of a computing device on which the request was received …);
comparing the first location to the second location (Barham, Para [0035]: … Continuing in decision block 350, if the comparison indicates that the requested access of the resource is not permitted at the current location, then the system continues at block 360, else the system continues at block 370. Continuing in block 360, the system denies the access request. The system may provide an error message or other indication that the request is denied …); and
when the first location and the second location are not consistent, determining that the normal operating system is compromised (Barham, Para [0040]: … the system may invoke an operating system API for requesting a location certificate from GPS and/or TPM hardware that provide a verifiable and auditable location indication. The location indication may include latitude and longitude coordinates or other location specification, as well as a timestamp and other identifying information that validates that the location information is current and has not been tampered with. The computing device may include a secure boot process that creates a chain of trust ensuring that the operating system has control of the location hardware and that the output related to location received from the operating system is trustworthy … In some embodiments, the secure location system operates with a variety of location-based hardware. GPS chips in devices are common today from many different vendors, and the system can be modified to work with each of these. In addition, the system may employ GPS hardware that includes a substantially unique identifier per GPS chip that can be captured as part of the location certificate to identify a specific location authority that provided the location information. Processors and TPMs have used unique serial numbers for cryptographic and identification purposes so that specific instances can be banned if they are compromised and for other reasons …).”
The motivation to further combine remains Barham same as in claim 1.
Regarding Claim 14. The combination of Raleigh-Barham discloses the method of claim 1, Raleigh further discloses, “wherein the device further comprises a baseband processor configured to manage wireless communication of the device (Raleigh, Para [0088]: In some embodiments, a secure, reliable, and trusted transmission of DDRs from the DDR processor 114 is provided by DDR reporting techniques, including the following: (1) the DDR Processor firmware is securely loaded and executed in a Secure Execution Environment (SEE); (2) the data path between the DDR Processor to the wireless modem antenna connection (e.g., a 3G or 4G network modem antenna connection) is secured to prevent fraudulent software or firmware from forming data paths that circumvent the DDR Processor data path processing …), [the method further comprising evaluating whether a state of the baseband processor indicates a man-in-the-middle (MITM) attack].
However, the combination of Raleigh-Barham does not explicitly teach, but Drake from same or similar field of endeavor teaches, “the method further comprising evaluating whether a state of the baseband processor indicates a man-in-the-middle (MITM) attack (Drake, Para [0397-0399, 0449]: … One aspect of this present invention teaches how active and/or passive MitM or similar attacks can be detected and/or blocked, including in situations where a deep-packet-inspection (DPI) firewall may be present …)”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Drake into the combined teachings of Raleigh-Barham, because it discloses that “the protection taught is effective against both complicated and difficult attack situations, as well as less difficult scenarios as well, both for MitM style attacks as well as other attack forms (Drake: Para [0406]).”
Pertinent Prior Arts: The following prior arts made of record and not relied upon are considered pertinent to applicant's disclosure.
	US-PGPUB 20060265761 A1, Rochette et al.: Rochette discloses a method and system for protecting a computer platform from malware. The protection is achieved by encapsulating an application that can serve as a malware conduit within a protected capsule environment, so as to prevent the conduit application or any processes originated therefrom from accessing and making changes to objects associated with an operating system (OS) of the computer platform or with other applications running on the computer platform outside of the capsule environment, thereby preventing the malware provided via the conduit application from contaminating the computer platform outside of said secure protected environment, or capsule. Capsule runtime software manages the dynamic state of the encapsulated application, and re-directs system service requests generated by the application and associated processes from OS-provided system objects to corresponding object libraries provided within the capsule object set, so that any malware induced changes remain local to the capsule. Protection of the operating system and most applications running on the computer platform is thus provided by the isolation of the conduit applications within a secure capsule environment, which can be safely removed from the computer platform, together with any changes introduced by the malware to the computer platform, without affecting the computer operation.
	The invention generally relates to computer software, and in particular to controlling the spread and impact of malicious software within a computer platform.
	US-PGPUB 20170277570 A1, LaMantia et al.: LaMantia discloses a system and method for coordinating security components, including: determining, by an application executing on a client device, a need to perform a sharable functional task; identifying a first security component and a second security component installed on the client device and capable of performing variations of the sharable functional task, where variations of the sharable functional task are functionally overlapping and not identical; identifying a set of characteristics characterizing the first security component and the second security component; selecting the second security component as a primary security component for performing a variation of the sharable functional task based on the set of characteristics; delegating, by one or more processors, performance of the sharable functional task to the primary security component; and instructing the processors to cause functionality associated with the first security component to be at least partially suspended.
	US-PAT 8099596 B1, Rusakov et al.: Rusakov discloses systems, methods and computer program products for protecting applications deployed on a host computer from malware using virtualization. An exemplary malware protection system may include a kernel-level driver configured to intercept system calls addressed to an object of a protected application. The system also includes an analysis engine configured to determine if there are security rules associated with one or more of the intercepted system call, the object of the protected application, and the actions allowed on the object of the protected application. The security rules indicate whether the system call is allowed or not allowed to be executed on the host computer. If there is no security rule associated with the system call, the system call is executed in a secure execution environment of the host computer using a virtual copy of the object of the protected application.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434