DETAILED ACTION
This action is in response to communications filed on July 23, 2009.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed September 02, 2021 have been fully considered but they are not persuasive. Applicant argued:
	a)  Sherman fails to teach or suggest that “immutable executable code stored in read-only memory.”
	
Examiner respectfully disagrees with Applicant’s assertions.

With regards to a) Examiner appreciates the interpretation description given by Applicant in response. Applicant discloses Sherman fails to teach or suggest that “immutable executable code stored in read-only memory”, however there is no description or language indicative of limiting the interpretation of this limitation. Therefore, taking into consideration but without drawing the limitation from the specification into the claim, the limitation “immutable executable code stored in read-only memory” can be interpreted as (i.e., they are immutable by an unauthorized user; [0011]). The Applicant further argues that “immutable by an unauthorized user” is not the same as immutable executable code.  
	Overall, Examiner respectfully suggests the Applicant to further clarify the independent claims in order to advance the prosecution of this case. Thus, the Examiner can give claims their broadest reasonable interpretation. Because, the Manual of Patent Examining Procedure (MPEP) 2106 and 2145 stated:
“USPTO personnel are to give claims their broadest reasonable interpretation in light of the supporting disclosure. In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 1023, 1027-28 (Fed. Cir. 1997). Limitations appearing in the specification but not recited in the claim should not be read into the claim. E-Pass Techs., Inc. v. 3Com Corp., 343 F.3d 1364, 1369, 67 USPQ2d 1947, 1950 (Fed. Cir. 2003) (claims must be interpreted “in view of the specification” without importing limitations from the specification into the claims unnecessarily).” Although the claims are interpreted “in view of the specification”, “limitations from the specification are not read into the claims. In re Van Geuns, 988 F. 2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) (Claims to be superconducting magnet which generates a “uniform magnetic field” were not limited to the degree of magnetic field uniformity required Nuclear Magnetic Resonance (NMR) imaging. Although the specification disclosed that the claimed magnet may be used in an NMR apparatus, the claims were not so limited.);  Constant v. Advanced Mircro-Devices, Inc., 848 F.2d 1560, 1571-72, 7 USPQ2d 1057, 1064-1065 (Fed. Cir.), cert. denied, 488 U.S. 892 (1988) (Various limitations on which appellant relied were not stated in the claims; the specification did not provide evidence indicating these limitations must be read into the claims to give meaning to the disputed terms.; Ex parte McCullough, 7 USPQ2d 1889, 1891 (Bd. Pat. App. & Inter. 1987)(Claimed electrode was rejected as obvious despite assertions that electrode functions differently than would be expected when used in nonaqueous battery since “although the demonstrated results may be germane to the patentability of a battery containing appellant’s electrode, they are not germane to the patentability of the invention claimed on appeal.”)

Status of Claims

Claims 1-20 are pending, of which claims 1, 10-11 and 20 are in independent form. Claims 1-20 are rejected under 35 U.S.C. 102(a)(1). 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sherman (US 2016/0378691 A1).

Regarding claim 1, Sherman teaches a tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising: accessing, with a processor of an embedded computing device, immutable executable code stored in read-only memory of the embedded computing device (i.e., since the detection and protection mechanisms are in the trusted computing base, they are immutable by an unauthorized user; [0011]).
	Sherman teaches executing, with the processor of the embedded computing device, instructions of the immutable executable code that retrieve, from the read-only memory, a network-layer address of a tamper-evident, immutable data repository and an application-layer address of firmware of the embedded computing device stored in the tamper-evident, immutable data repository (i.e., If there is a discrepancy, the logic may identify that a tamper has occurred and take one or more appropriate measures. Since this logic (which in an embodiment may be implemented at least in part using firmware of an SSD controller) is protected from software (including ring-0 software) and is in an authenticated base (e.g., a TCB), it is immutable by an unauthorized user; [0031]).
	Sherman teaches executing, with the processor of the embedded computing device, instructions of the immutable executable code that, using the network-layer address and the application-layer address, download the firmware of the embedded computing device from the tamper-evident, immutable data repository (i.e., Various software, including user-level software (referred to also as a ring-3 software) such as user applications, and supervisor-level software (referred to as ring-0 software) such as an operating system, hypervisor, firmware, or other supervisor software, may execute on processor 110. As seen, processor 110 couples to a system memory 120 which, in an embodiment may be implemented as one or more dynamic random access memories (DRAM). As seen, interconnection between processor 110 system memory 120 may be via a memory interconnect 115; [0015]).
	Sherman teaches executing, with the processor of the embedded computing device, instructions of the immutable executable code that store the downloaded firmware in re-writeable memory of the embedded computing device (i.e., disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic random access memories (DRAMs), static random access memories (SRAMs), erasable programmable read-only memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions; [0089]).
	Sherman teaches executing, with the processor of the embedded computing device, instructions of the immutable executable code that cause an instruction address register of the processor or another processor of the embedded computing device to point to a first address of the firmware in the re-writeable memory of the embedded computing device to initiate execution of the firmware by the processor or another processor of the embedded computing device (i.e., see at least Fig. 1-Fig. 2).

Regarding claim 2, Sherman teaches wherein: the tamper-evident, immutable data repository comprises one or more directed acyclic graphs of cryptographic hash pointers storing the firmware in one or more nodes of the one or more graphs (i.e., processor 210 may be a given embedded processor, which may be implemented as a microcontroller configured to execute firmware (which may be stored in the microcontroller itself or otherwise stored in a non-volatile storage); [0020]).

Regarding claim 3, Sherman teaches verifying that the firmware has not been subject to tampering by computing a hash digest of the firmware and determining that the hash digest is consistent with one or more cryptographic hash values of the cryptographic hash pointers of nodes not storing part of the firmware (i.e., a tamper alert flag may be raised and communicated, e.g., to the authorized user such as a system administrator or user of the system. At this point and depending on policy, further incoming requests may not be allowed to be processed and passed to the data storage device. That is, in such cases, the user may take an affirmative action, such as resetting this tamper alert flag within a configuration register of the storage controller before normal operation is allowed to continue; [0027]).

Regarding claim 4, Sherman teaches wherein: verifying that the firmware has not been subject to tampering is performed by the processor of the embedded computing device while executing the instructions of the immutable executable code (i.e., an alert monitor can be configured to poll the tamper alert detection, at least in an embodiment in which no denial of service occurs when the calculated ratio varies from the expected workload; [0030]).

Regarding claim 5, Sherman teaches wherein: execution of a first part of the firmware begins before downloading a second part of the firmware (i.e., Referring now to FIG. 6, shown is a block diagram of a system in accordance with another embodiment of the present invention. As shown in FIG. 6, multiprocessor system 1000 is a point-to-point interconnect system such as a server system, and includes a first processor 1070 and a second processor 1080 coupled via a point-to-point interconnect 1050; [0054]).

Regarding claim 6, Sherman teaches verifying that the first part of the firmware has not been subject to tampering by the processor of the embedded computing device while executing the instructions of the immutable executable code; and after beginning to execute the first part of the firmware, verifying that the second part of the firmware has not been subject to tampering by the processor of the embedded computing device while executing instructions of the first part of the firmware (i.e., Various software, including user-level software (referred to also as a ring-3 software) such as user applications, and supervisor-level software (referred to as ring-0 software) such as an operating system, hypervisor, firmware, or other supervisor software, may execute on processor 110. As seen, processor 110 couples to a system memory 120 which, in an embodiment may be implemented as one or more dynamic random access memories (DRAM). As seen, interconnection between processor 110 system memory 120 may be via a memory interconnect 115; [0015]).

Regarding claim 7, Sherman teaches incrementing a version of the firmware to a newer version of the firmware by writing a value to a write-once memory of the embedded computing device, the write-once memory being configured to prevent decrementing the version of the firmware; and determining a location of at least part of the newer version of the firmware in the tamper-evident, immutable data repository based on both the application-layer address and the value written to the write-once memory (i.e., the storage controller is set to begin the workload analysis. Understand that in a given embodiment, a variety of other configuration information may be provided by the authorized user. For example, the workload analysis operations may be enabled for certain workloads and/or certain time periods and disabled for other workloads/times. Still further, in some cases such measures can be enabled for only certain locations within a corresponding data storage device (such as one or more given logical block address (LBA) ranges or so forth). In still further embodiments, the workload analysis operations may be enabled as appropriate depending on workload or other conditions; [0026]).

Regarding claim 8, Sherman teaches wherein: writing the value to the write-once memory comprises blowing a fuse among a plurality of fuses of the embedded computing device, different fuses in the plurality corresponding to different versions of the firmware (i.e., A SATA physical (PHY) unit 202 processes the communications in the upstream and downstream directions via interface 201 and provides incoming communications via a SATA controller 205 to a processor 210. In an embodiment, processor 210 may be a given embedded processor, which may be implemented as a microcontroller configured to execute firmware (which may be stored in the microcontroller itself or otherwise stored in a non-volatile storage); [0020]).

Regarding claim 9, Sherman teaches wherein: the embedded computing device is a hardware sub-system of a computing device having a plurality of embedded computing devices and a central processing unit and system memory that is distinct from memory of the embedded computing device (i.e., see at last FIG. 6).

Regarding claims 10-20. Claims 10-20 are essentially the same as claims 1-9 above and rejected for the same reasons as applied hereinabove.

Conclusion

THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRUONG V VO whose telephone number is (571)272-1796.  The examiner can normally be reached on 7am-5pm M-Thr. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tamara Kyle can be reached on (571) 272-4241.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRUONG V VO/Primary Examiner, Art Unit 2156                                                                                                                                                                                                        11/5/2021