DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/19/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 2/15/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Status of Claims
Claims 1-20 are pending; of which, claims 1-7 and 16-20 are withdrawn from consideration.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8, 10, 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mangalore et al (PGPUB 2014/0095890), and further in view of Winograd et al (PGPUB 2016/0162858).

Regarding Claim 8:
Mangalore teaches a method to secure a controllable device using a gateway device, wherein the gateway device includes at least a partially trusted processor and partially trusted memory on a System on Chip (SoC) device which operates as a trusted execution environment (paragraph 35-37, 39, chip supporting Trusted Execution Environment, including firewall between components; secure environment includes secure memory; secure environment 330 may employ components of the so-called TrustZone family, including the secure processor 320S realized according to the ARM architecture, as well as the secure kernel 344 and secure file system 346 which are specially tailored for security-related uses; establishing a secure communication channel and execution space may be based on security features offered by the hardware (SOC chipset); paragraph 56, SOC while running in secure mode has access to secure RAM and execution memory that cannot be accessed by the user space), the method comprising: 
receiving encrypted data at the gateway device from a remote source (paragraph 27, encrypted digital content file stored in DRM server and transmitted to electronic device); 
transporting the received data to the trusted execution environment on the SoC (paragraph 51, “chunks” of video content; paragraph 58-59, front end downloads data chunks and passes encrypted chunk to TEE, and triggers DRM Decrypt based on session ID inside the secure space; decrypted data is demultiplexed into audio, video, and closed caption text); 
decrypting the received data in the trusted execution environment on the SoC (paragraph 5, Content data is typically encrypted and needs to be decrypted before the data can be played; paragraph 19, critical security module configured to run in a hardware module comprising a trusted execution environment (TEE), wherein the critical security module is configured to provide decryption; paragraph 27, rights object associated with the encrypted digital content file is stored in the DRM server 106 and is transmitted to the electronic device 108, which in turn uses the rights object to decrypt the digital content file; paragraph 37, components in the secure environment 330 are responsible for establishing and maintaining secure communication with DRM server 106 to obtain content key material to derive content keys for decrypting content; paragraph 59, HLS player passes the encrypted TS chunk to the TEE as standard HLS encrypts the whole TS, and triggers DRM Decrypt based on the session ID inside the secure space; DRM at this stage has the content key set in the engine; the decrypted data is demultiplexed into audio, video and closed caption text); 
filtering the decrypted data using an application layer gateway within the trusted execution environment on the SoC (paragraph 35, Trusted Execution Environment (TEE) provides firewalls between the various components including the renderer; paragraph 59, inside the secure space after translation the secure buffer is populated with decrypted encoded video; since the secure buffer is fire wall protected, an Openmax API call to decode will use secure buffer maintaining protection of the video back into the user-space; paragraph 61, in order to ensure that the decrypted audio packets are really audio packets, the decrypted audio buffer is scanned for audio specific data; this is done to ensure that the user space code is not compromised and video data is not presented as audio data in order to bypass the protected video path; paragraph 77, Parser Secure Service 835 is configured to parse or demultiplex the HLS MPEG-2 packets into video, audio and closed caption data after decryption; video data is copied only to secure memory); and 
passing the filtered data to a trusted peripheral device that functions as a communicatory gateway between the controllable device and the SoC device (paragraph 46-47, electronic device 400 also includes an audio and/or video processing system 424 that generates audio data for an audio system 426 and/or generates display data for a display system 428; the audio system and/or the display system (i.e. “controllable device”) may include any devices that process, display, and/or otherwise render audio, video, display, and/or image data; display data and audio signals can be communicated to an audio component and/or to a display component via an RF (radio frequency) link, S-video link, HDMI (high-definition multimedia interface), composite video link, component video link, DVI (digital video interface), analog audio connection, or other similar communication link, such as media data port 430 (i.e. “trusted peripheral device”); audio and/or video processing system 424 may be partially or wholly included in trusted execution environment 422; paragraph 81, Decode Render 830 decodes the video and renders to liquid crystal display; Decode Render can read the secure buffer protected by a firewall).
Mangalore does not explicitly teach wherein the trusted peripheral device comprises a communication transport stack configured for communication from the trusted peripheral device to the controllable device, and wherein the trusted peripheral device is only accessible from the trusted execution environment on the SoC.
However, Winograd teaches the concept wherein a trusted peripheral device comprises a communication transport stack configured for communication from the trusted peripheral device to a controllable device ((EXAMINER’S NOTE: a protocol “stack” is generally understood to be the software which enables a device to perform the functions of a protocol; as Applicant’s specification does not provide an alternative definition, “stack” will be construed as the software which enables hardware to perform a protocol) abstract, method to facilitate signaling of digital rights management (DRM) information that is carried within a multimedia content as digital watermarks; paragraph 117, Secure World managed by Trusted Execution Environment; paragraph 120-122, Physical AV Interface and Network AV Protocol for transmitting audiovisual (AV) content; all AV outputs resulting from any playback of protected or unprotected AV content must be controlled by trusted functions; Network AV Protocol includes e.g. Ethernet, WiFi, DLNA, etc. (i.e. protocol stack); paragraph 128-129, Fig. 5-7, Network AV Protocol and Physical AV Interface Driver shown as part of Secure World; paragraph 148, device 1100 comprises at least one communication unit 1106 that enables the exchange of data and information, directly or indirectly, through the communication link 1108 with other entities, devices, databases and networks (i.e. controllable devices); the communication unit 1106 may provide wired and/or wireless communication capabilities in accordance with one or more communication protocols, and therefore it may comprise the proper transmitter/receiver, antennas, circuitry and ports, as well as the encoding/decoding capabilities (i.e. protocol software stack) that may be necessary for proper transmission and/or reception of data and other information), and wherein the trusted peripheral device is only accessible from the trusted execution environment (paragraph 117, Secure World managed by Trusted Execution Environment; paragraph 120-122, Physical AV Interface and Network AV Protocol for transmitting audiovisual (AV) content; all AV outputs resulting from any playback of protected or unprotected AV content must be controlled by trusted functions; paragraph 128-129, Fig. 5-7, Network AV Protocol and Physical AV Interface Driver shown as part of Secure World; paragraph 148, the communication unit 1106 may provide wired and/or wireless communication capabilities in accordance with one or more communication protocols, and therefore it may comprise the proper transmitter/receiver, antennas, circuitry and ports, as well as the encoding/decoding capabilities (i.e. protocol software stack) that may be necessary for proper transmission and/or reception of data and other information); and
Mangalore teaches the trusted execution environment on the SoC (paragraph 35-37, 39).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the TEE restricted access and transport stack teachings of Winograd with the trusted gateway teachings of Mangalore, in order to improve security by preventing an output device from being accessed by an insecure environment by using a trusted execution environment as a gateway and limiting access to those applications which have been authorized by the trusted execution 

Regarding Claim 10:
Mangalore in view of Winograd teaches the method of claim 8.  In addition, Mangalore teaches wherein the data is cryptographically secured before entering the gateway device and while traversing through at least a portion of the gateway device (paragraph 51, “chunks” of video content; paragraph 58-59, front end downloads data chunks and passes encrypted chunk to TEE, and triggers DRM Decrypt based on session ID inside the secure space; decrypted data is demultiplexed into audio, video, and closed caption text).

Regarding Claim 12:
Mangalore in view of Winograd teaches the method of claim 8.  In addition, Mangalore teaches wherein the data includes one or more of commands or confidential information (paragraph 27, encrypted digital content file stored in DRM server and transmitted to electronic device).

Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mangalore in view of Winograd, and further in view of Brandwine et al (US 10,027,678).

Regarding Claim 9:
Mangalore in view of Winograd teaches the method of claim 8.  
Neither Mangalore nor Winograd explicitly teaches wherein the trusted peripheral device is configured to utilize proprietary protocol mechanisms that are unique to the controllable device and different from protocol mechanisms used within the transmitted data.
(col 2 line 16-35, peripheral device with intelligence to determine level of trust; depending on trust level of environment, peripheral enables/disables trust based features such as device access and authentication requirements; peripheral is therefore trusted peripheral; col 8 line 42-57, functions communicate with PCI endpoint port using proprietary bus protocol which defines transaction format for commands, e.g. read/write commands; col 8 line 12-21, port is physical interface to manage incoming and outgoing transactions; col 18 line 5-30, peripheral device receives packets and modifies contents before forwarding packets to another device; col 20 line 1-25, bus interface module enables communication with external entities using standard or proprietary bus protocol; col 20 line 38-63, device includes hardware for communicating with a network using network protocol stack, e.g. 802.11 wireless).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the multiple protocol teachings of Brandwine with the gateway device teachings of Mangalore in view of Winograd, in order to improve device compatibility by incorporating a multitude of device communication protocols, thereby allowing the peripheral to be used in a wide variety of technical environments.

Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mangalore in view of Winograd, and further in view of Bajikar (PGPUB 2005/0108532).

Regarding Claim 11:
Mangalore in view of Winograd teaches the method of claim 8.

However, Bajikar teaches wherein a trusted peripheral device is configured to only receive data from and transmit data to an outgoing port on a gateway device which operates within a trusted execution environment (paragraph 8, trusted channel within computer system for SIM device; data exchanged between application in trusted platform (i.e. gateway), and SIM device (i.e. trusted peripheral); paragraph 31, embodiment wherein SIM device transmits data to protected memory of chipset using trusted port; trusted driver then accesses data from protected section of memory).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the trusted data port teachings of Bajikar with the gateway device teachings of Mangalore in view of Winograd, in order to protect communications between a peripheral device and a trusted environment by limiting data transport to a specific trusted port, thereby preventing interception by malicious applications in an untrusted environment.

Claims 13-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mangalore in view of Winograd, and further in view of Verma (PGPUB 2017/0054563).

Regarding Claim 13:
Mangalore in view of Winograd teaches the method of claim 8.  
Neither Mangalore nor Winograd explicitly teaches the method further comprising a watchdog counter that causes the gateway device to: 
reset or receive an update from a remote service upon the watchdog counter timing out; or 
reset or receive the update from the remote service at a time selected by the gateway device.
(paragraph 44, PMD enters sleep mode after period of inactivity; gateway application determines PMD has entered sleep mode upon expiration of an activity timeout timer): 
reset or receive an update from a remote service upon the watchdog counter timing out (paragraph 44, gateway application determines PMD has entered sleep mode upon expiration of an activity timeout timer; upon determination that PMD has entered sleep mode, GD deletes shared key being used to communicate with PMD, i.e. resets a remote service); or 
reset or receive the update from the remote service at a time selected by the gateway device.
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the watchdog timer teachings of Verma with the trusted gateway teachings of Mangalore in view of Winograd, in order to provide a means of improving security by implementing additional security safeguards in the event of device activity, such as deleting shared keys for open communication sessions, thereby limiting the opportunity an attacker has to expose secure data.

Regarding Claim 14:
Mangalore in view of Winograd and Verma teaches the method of claim 13.  In addition, Verma teaches wherein the watchdog counter times out when an event is not periodically satisfied (paragraph 44, timeout timer is activity timeout timer, i.e. a lack of activity causes timer to timeout; generally, “activity” can be considered an “event”).
The rationale to combine Mangalore and Verma is the same as provided for claim 13 due to the overlapping subject matter between claims 13 and 14.

Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mangalore in view of Winograd and Verma, and further in view of Kabenjian (US 6,834,351).

Regarding Claim 15:
Mangalore in view of Winograd and Verma teaches the method of claim 14.
Neither Mangalore nor Winograd nor Verma explicitly teaches wherein the watchdog counter is satisfied upon receipt of an encrypted token from the remote service.
However, Kabenjian teaches the concept wherein a watchdog counter is satisfied upon receipt of an encrypted token from a remote service (col 13 line 41-51, function provided by information handling system waits for receipt of command to provide function; when token counter equal to zero, function disabled unless encrypted token is received; col 14 line 58-col 15 line 7, having broadcast token request, token request engine waits for receipt; timer times out after predetermined period wherein token has not been received; when timer expires, request is renewed or function disabled; when token is received, token counter is reset and function is enabled).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted token teachings of Kabenjian with the gateway device teachings of Mangalore in view of Winograd and Verma, in order to prevent tampering or alteration of received security data and to enable secure authentication and validation of a security provider prior to resetting or updating the associated timer or watchdog counter.

Response to Arguments
Applicant’s arguments with respect to claim(s) 8-15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814.  The examiner can normally be reached on 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 






/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491