DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 1-3 and 5-7 are pending.
The U.S.C. 112 rejections, other than those stated below, have been corrected and the rejections are withdrawn.
With the amendments to the claims, U.S.C. 112(f) is no longer invoked.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-2 and 5-6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox et al. (US 2009/0359854) in view Datta et al. (US 20090249050)
Regarding claim 1, Cox teaches

firmware memory for storing firmware of the device and (Fig. 1 ((114 –secure boot code) or (144 – less secure boot code)), Figs. 4B and 5, “Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code” and [0071-72], “downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.). …  step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).)
a bootloader for verifying the integrity and authenticity of 5the firmware, whereas the bootloader checks a firmware hash against a verified reference hash, wherein the reference hash is stored in a write-once register (Fig. 1, (A/O register 112), [0038], “read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).”), which is part of an always on power domain of the embedded device. ([0078], “reading data from always-on (A/O) registers (e.g., 112). … Additionally, in one embodiment, the data may include a fingerprint (e.g., a non-secure hash value for the restart code, a secure hash value for the restart code, etc.) or other information about the restart code.” And [0081], “Step 840 involves authenticating the restart code. The restart code may be validated or authenticated by hash or digest matches the fingerprint accessed from the A/O register (e.g., 112) in step 810, then the restart code may be executed”)
Cox teaches that the register may be accessed during reset. Cox does not specifically teach that the register may only be accessed during reset but Datta teaches wherein only a power-on reset or a software reset can access the write-once register. ([0013], “The ME 125 includes a ME register 130, which may be implemented as a write once register that requires a system reset to rewrite the register.” Where the A/0 register which contains the secure/verified hash is interpreted as Datta’s write-once register accessible during reset only)
Cox and Datta are analogous art. Datta is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Datta, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox to make the always on register a write-once register only accessible during reset.  Furthermore, being able to make the register only accessible during reset improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Regarding claim 2, Cox teaches wherein the write-once register is locked automatically and protected against manipulation once after programming. ([0038], “Additionally, read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may 
Regarding claim 5, Cox teaches wherein at the power-on reset the 15bootloader starts executing, locates a firmware image and verifies a reference hash of the firmware image with a stored digital signature algorithm public root key, whereas the verified reference hash is stored in the write-once register and then the bootloader calculates a firmware hash of the firmware image and compares it against the verified reference hash, whereas the bootloader executes the firmware if hash values match otherwise an error state is 20indicated. (Figs. 4-9 (cold boot flow), [0071], “Step 540 involves downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.) … step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).” [0089], “Step 970 involves decrypting the less-secure boot code and/or authenticating the less-secure boot code using the SBK (e.g., 330). The SBK may be accessed from secure portion 310 of fuses 300, from key slot 210 of secure encryption engine 118, from an A/O register (e.g., 112) of device 110, etc. In one embodiment, once the less-secure boot code (e.g., 155)  authenticated or validated by comparing a calculated hash or digest (e.g., calculated by engine 118 or another component of system 100) with the hash or digest associated with the less-secure boot code accessed in step 950.”)
Regarding claim 6, Cox’s system teaches the software reset/cold reset where updates occur and, based on Datta, the A/O register (write-once) can be updated only during the system/cold reset. Cox teach wherein at a software reset the bootloader starts executing, locates a new firmware image and verifies a new reference hash of the new firmware image with a stored digital signature algorithm public root key, whereas the new reference hash is stored in the write-once register and then the bootloaderPage 9 of 13LPTF2568CNPCTUSP201957978 calculates a firmware hash of the new firmware image and compares it against the new reference hash, whereas the bootloader executes new firmware if hash values match otherwise an error state is indicated. (Figs. 4 and 9, [0032], “a key stored in another portion of system 100 (e.g., stored within always on (A/O) registers 112 of A/O domain 111 and accessed in response to a reset of system 100), etc.”, [0038], “ information may be temporarily or permanently moved to A/O domain 111 (e.g., stored within A/O registers 112) so that it is not lost during a reduction or termination of power to at least one component in domain 160 (e.g., during a reset”, [0048], “step 430 involves determining whether a warm boot state is set. … Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code, changing the supply potential of one or more components in the controllable supply potential domain 160, etc.).”, [0056], hash or digest (e.g., calculated by engine 118 or another component of system 100) with the hash or digest associated with the less-secure boot code accessed in step 950.”)

Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox and Datta in view of Chhabra et al. (US 2019/0095351).
Regarding claim 3, Cox and Datta does not teach the size of the register but Chhabra teaches wherein the write-once register has a same size as the verified reference hash. ([0047], “For example, in some embodiments, the TLC 226 may include 4 kilobytes of data for each processor usage 202, while the stored hash may include 128 bits of data or other relatively small amount of data.”, where 128 bits is interpreted as the size of the hash)
Cox, Datta, and Chhabra are analogous art. Chhabra is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Chhabra, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox and Datta to make the always on register the size of the hash it is storing.  Furthermore, being able to make the register size the same as the hash improves on Cox and Datta by being able to minimize both power and space. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “The TLC memory 226 may be significantly larger than the stored hash value, and thus powering down the TLC memory 226 may provide significant power savings. For example, in some embodiments, the TLC memory 226 may include 4 kilobytes of data for each processor usage 202, while the stored hash may include 128 bits of data or other relatively small amount of data.”, [0047]

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox and Kennedy as applied to claim 1 above, and further in view of Walmsley (US 20090319802).
Regarding claim 7, Cox and Kennedy teach restarting the system but not specifically from a sleep state of the device. They do not teach but Walmsley teaches Download and authentication of program using results in Power-Safe Storage (PSS).”)
Walmsley, Cox and Kennedy are analogous art. Walmsley is cited to teach a similar concept of hashes for security purposes in always on memory while waking from a sleep mode.  Based on Walmsley, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox and Kennedy to use the always on register only hashes to authenticate firmware during a wake from sleep.  Furthermore, being able to use the always on register when waking from a sleep mode improves on Cox and Kennedy by being able to reduce the wake-up time. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “[i]n order to reduce the wakeup boot time … certain data items are stored in the PSS block. … The SHA-1 value stored in the PSS is 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468.  The examiner can normally be reached on Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        September 30, 2021

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187