DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 22 July 2021 have been fully considered but they are not persuasive.
In response to applicant’s arguments that the cited references do not teach “executes the first…side-channel power signature,” page 12, lines 5-10, the examiner respectively disagrees.
Atkin teaches executing multiple class/code segment and capturing memory state snapshots (Para. 27, 28, 30, 31, 45, 48, 49). Atkin further teaches generating a second key using the snapshot and attempting to decrypt the second class using the second key, wherein if the key is incorrect, the class will not decrypt correctly, and if the key is correct, the class will decrypt correctly (Para. 27, 28, 30, 31, 35, 45, 48, 49, 52, 53).
Reed teaches collecting measurements from the power consumption during the execution of trusted code to produce a power signature (Para. 70, 79, 87, 240).  Power traces corresponding to the execution of the different modules and their individual execution paths are captured for all significant execution paths (Para. 79, 184, 185, 206, 
Schantz teaches constructing an encryption key using one or more of the memory measurement and power measurement (Para. 13, 18, 21, 25, 26, 31) and providing the decryption key to the decryption device and decrypting the data if the key is correct (Para. 17, 33).
It should be noted that regarding the “the first segment of software code or a third segment of software code,” “a first side-channel power signature…or a second side-channel power signature” and “the first side-channel power signature…or at least a portion of the second side-channel power signature” limitations of the independent claims, it is unclear as to how the second compute device receives the third segment of software code.  The claims state that the first segment and encrypted second segment are sent to the second compute device, but makes no mention of sending/receiving the third segment.  
Furthermore, the limitations state alternatives using “or”--“the first segment of software code or a third segment of software code,” “a first side-channel power signature…or a second side-channel power signature” and “the first side-channel power signature…or at least a portion of the second side-channel power signature.”  Using the broadest reasonable interpretation of the claims, the third segment of software code may not be utilized at all.
The examiner suggests clarifying the claim limitations.
Combining the references brings about a system that the second compute device (1) executes the first segment of software code or a third segment of software code to 

In response to applicant’s arguments regarding the combination of the Atkin and Reed references, page 12, lines 25-26, the examiner respectfully disagrees.
See MPEP 2143.01 (VI)—
“If the proposed modification or combination of the prior art would change the principle of operation of the prior art invention being modified, then the teachings of the references are not sufficient to render the claims prima facie obvious. In re Ratti, 270 F.2d 810, 813, 123 USPQ 349, 352 (CCPA 1959) (Claims were directed to an oil seal comprising a bore engaging portion with outwardly biased resilient spring fingers inserted in a resilient sealing member. The primary reference relied upon in a rejection based on a combination of references disclosed an oil seal wherein the bore engaging portion was reinforced by a cylindrical sheet metal casing. The seal construction taught in the primary reference required rigidity for operation, whereas the seal in the claimed invention required resiliency. The court reversed the rejection holding the "suggested combination of references would require a substantial reconstruction and redesign of the elements shown in [the primary reference] as well as a change in the basic principle under which the [primary reference] construction was designed to operate.").”
In this case, Atkin discloses that if a class is loaded in the wrong order or if a class was altered, the software halts (Para. 35).  Reed discloses power traces 
However, Reed’s execution paths are each a correct ordering of the software modules and are determined using different inputs.  Therefore, combining Atkin with Reed does not frustrate the principle of operation of Atkin since the execution paths of the modules would not be loaded in the “wrong order,” nor would the modules be “altered” in any way.  Therefore, the combination is valid.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 7-11 and 13-25 are rejected under 35 U.S.C. 103 as being unpatentable over Atkin et al. (US 2005/0005103) in view of Reed et al. (US 2013/0318607) and further in view of Schantz et al. (US 2009/0257585).
a non-transitory medium, e.g. level two cache, main memory, or a hard disk drive (Fig. 6, el. 610, 620; Para. 57), storing code representing a plurality of processor-executable instructions, the code comprising code that causes a processor, i.e. a processor (Fig. 6, el. 600), to: 
execute, at a first compute device, i.e. a vendor server (Fig. 1, el. 100; Fig. 6, el. 601), that includes the processor, a first segment of software code, e.g. executing a first class/first code segment and capturing a second memory state snapshot (Para. 27, 30, 31, 45, 48);
 receive information of the first compute device in response to executing the first segment of software code, e.g. executing a first class/first code segment and capturing a second memory state snapshot (Para. 27, 30, 31, 45, 48); 
produce an encryption key based on at least a portion of the information of the first compute device, e.g. producing a second key using the second memory state snapshot (Para. 30, 31, 48); 
encrypt a second segment of software code based on the encryption key to produce an encrypted version of the second segment of software code, e.g. encrypting a second class/second code segment using the second key (Para. 30, 31); and 
send, from the first compute device to a second compute device, i.e. a client (Fig. 2, el. 200), operatively coupled to the first compute device, the first segment of software code and the encrypted version of the second segment of software code without sending the encryption key, e.g. sending the first and second classes from the server to the client, wherein the first class may or may not be encrypted and the second class is encrypted (Para. 28, 31, 33),
such that the second compute device (1) executes the first segment of software code or a third segment of software code to produce first information for the second compute device or second information for the second compute device, respectively, the first segment of software code and the third segment of software code being segments of software code proceeding the second segment of software code at execution time, (2) produces a decryption key based on at least a portion of the first information of the second compute device or at least a portion of the second information of the second compute device, e.g. executing the first class, capturing a second memory state snapshot, and generating a second key using the snapshot (Para. 30, 35, 50, 51); executing a subsequent class/subsequent code segment and capturing a subsequent memory state snapshot (Para. 27, 28, 30, 31, 45, 48, 49), and 
such that second compute device attempts to decrypt the encrypted version of the second segment of software code based on the decryption key to produce a potentially decrypted version of the second segment of software code, e.g. attempting to decrypt the second class using the second key, wherein if the key is incorrect, the class will not decrypt correctly, and if the key is correct, the class will decrypt correctly (Para. 30, 35, 52, 53).

Reed teaches receiving a side-channel power signature information of a compute device in response to executing a first segment of software code, e.g. collecting measurements from the power consumption during the execution of trusted code to produce a power signature (Para. 70, 79, 87, 240);
such that the compute device (1) executes the first segment of software code or a third segment of software code to produce first side-channel power signature of the compute device or second side-channel power signature for the compute device, respectively, the first segment of software code and the third segment of software code being segments of software code proceeding the second segment of software code at execution time via different execution paths, e.g. collecting measurements from the power consumption during the execution of trusted code to produce a power signature (Para. 70, 79, 87, 240); capturing power traces corresponding to the execution of the different modules and their individual execution paths for all significant execution paths (Para. 79, 184, 185, 206, 217, 226, 240); the modules have different execution paths that depend on the inputs (Para. 235).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Atkin to include receiving a side-channel power signature of the first compute device in response to executing the first segment of software code; and such that the second compute device (1) executes the first segment of software code or a third segment of software code to produce a first side-channel power signature of the second compute device or a second side-channel power signature of the second compute device, respectively, the first segment of software code and the third segment of software code being segments of software code proceeding the second segment of software code at execution time via different execution paths, using the known method of collecting measurements from the power consumption during the execution of trusted code to produce a power signature, as taught by Reed, in combination with the encryption/decryption system that uses keys produced using side-channel information of Atkin, for the purpose of improving the operation, effectiveness, usability, and performance of integrity assessment and intrusion detection systems (Reed-Para. 12).

Schantz teaches receiving a side-channel power signature, e.g. providing a memory measurement and/or a power measurement (Para. 18, 21, 25, 26);
producing an encryption key based on at least a portion of the side-channel power signature, e.g. constructing an encryption key using one or more of the memory measurement and power measurement (Para. 13, 18, 21, 25, 26, 31);
encrypting a second segment of software code based on the encryption key to produce an encrypted version of the second segment of software code, e.g. using the encryption key to encrypt the data in memory (Para. 32);
producing a decryption key based on at least a portion of the side-channel power signature and such that a compute device attempts to decrypt the encrypted version of the second segment of software code based on the decryption key to produce a potentially decrypted version of the second segment of software code, e.g. providing the decryption key to the decryption device and decrypting the data if the key is correct (Para. 17, 33).


Regarding claim 8, Atkin in view of Reed in view of Schantz teaches wherein the code to send includes code to send to cause the second compute device to detect an anomaly at the second compute device when the attempt by the second compute device fails to decrypt the second segment of software code, the decryption key not substantially matching the encryption key, e.g. generating an error if the generated decryption key is incorrect and does not decrypt the class properly (Atkin-Para. 52); determining that the key is incorrect (Schantz-Para. 33).

Regarding claim 9, Atkin in view of Reed in view of Schantz teaches wherein the code to send includes code to send to cause the second compute device to detect a lack of an anomaly at the second compute device when the attempt by the second compute device succeeds to decrypt the second segment of software code, the encryption key substantially matching the decryption key, e.g. properly decrypting the class and enabling proper execution when the decryption key is correct (Atkin-Para. 52, 53); determining that the key is correct (Schantz-Para. 33).

Regarding claim 10, the claim is analyzed with respect to claim 7.
Using the same motivations as in claim 7, Atkin in view of Reed in view of Schantz further teaches the code further comprising code that causes the processor to: 
execute, at the first compute device, the second segment of software code to produce a second side-channel power signature of the first compute device, e.g. executing a subsequent class/subsequent code segment and capturing a subsequent memory state snapshot (Atkin-Para. 27, 28, 30, 31, 45, 48, 49); collecting measurements from the power consumption during the execution of trusted code to produce a power signature (Reed-Para. 70, 79, 87, 240); 
produce a second encryption key based on at least a portion of the second side-channel power signature of the first compute device, e.g. producing a subsequent key using the subsequent memory state snapshot (Atkin-Para. 30, 31, 48, 49); constructing an encryption key using one or more of the memory measurement and power measurement (Schantz-Para. 13, 18, 21, 25, 26, 31); 
encrypt a fourth segment of software code based on the second encryption key to produce an encrypted version of the fourth segment of software code, e.g. encrypting a subsequent class/second code segment using the subsequent key (Atkin-Para. 28, 30, 31, 49); using the encryption key to encrypt the data in memory (Schantz-Para. 32); and 
send, from the first compute device to the second compute device, the encrypted version of the fourth segment of software code without sending the second encryption key, e.g. sending the subsequent classes from the server to the client, wherein the subsequent classes are encrypted (Atkin-Para. 28, 31, 33, 49), 
such that the second compute device (1) executes the potentially decrypted version of second segment of software code to produce a third side-channel power signature of the second compute device and (2) produces a second decryption key based on at least a portion of the third side-channel power signature of the second compute device, e.g. executing the subsequent class, capturing a subsequent memory state snapshot, and generating a subsequent key using the snapshot (Atkin-Para. 30, 35, 50, 51); collecting measurements from the power consumption during the execution of trusted code to produce a power signature (Reed-Para. 70, 79, 87, 240), and 
such that second compute device attempts to decrypt the encrypted version of the fourth segment software code to produce a potentially decrypted version of the fourth segment software code, e.g. attempting to decrypt the subsequent class using the subsequent key, wherein if the key is incorrect, the class will not decrypt correctly, and if the key is correct, the class will decrypt correctly (Atkin-Para. 30, 35, 52, 53); providing the decryption key to the decryption device and decrypting the data if the key is correct (Schantz-Para. 17, 33).

Regarding claim 11, Atkin in view of Reed in view of Schantz teaches wherein: the code to send the first segment of software code and the encrypted version of the second segment of software code includes code to send to cause the second compute device to detect an anomaly at a first time at the second compute device when the attempt by the second compute device fails to decrypt the second segment of software code, e.g. generating an error if the generated decryption key is incorrect and does not decrypt the class properly (Atkin-Para. 52); determining that the key is incorrect (Schantz-Para. 33), and 
the code to send the encrypted version of the fourth segment of software code includes code to send to cause the second compute device to detect an anomaly at a second time at the second compute device when the attempt by the second compute device fails to decrypt the fourth segment of software code, e.g. properly decrypting the class and enabling proper execution when the decryption key is correct (Atkin-Para. 52, 53); determining that the key is incorrect (Schantz-Para. 33).

Regarding claim 13, the claim is analyzed with respect to claim 7.  Atkin in view of Reed in view of Schantz further teaches a non-transitory medium, e.g. level two cache, main memory, or a hard disk drive (Atkin-Fig. 6, el. 610, 620; Para. 57), storing code representing a plurality of processor-executable instructions, the code comprising code that causes a processor, i.e. a processor (Atkin-Fig. 6, el. 600), to perform the steps on the second compute device, i.e. the client (Atkin-Fig. 2, el. 200).

Regarding claim 14, the claim is analyzed with respect to claim 7.

Regarding claim 15, the claim is analyzed with respect to claim 8.

Regarding claim 16, the claim is analyzed with respect to claim 9.

Regarding claim 17, the claim is analyzed with respect to claim 10.

Regarding claim 18, the claim is analyzed with respect to claim 10.

Regarding claim 19, the claim is analyzed with respect to claim 11.

Regarding claim 20, Atkin in view of Reed in view of Schantz teaches the code further comprising code to: 
receive, from the first compute device, a signal indicating a predefined order representing an order in which the first compute device encrypted the second segment of software code and the fourth segment of software code based on the first segment of software code and the second segment of software code, respectively, e.g. receiving the software program, wherein the program includes the classes/code segments and the calling order of the classes (Atkin-Fig. 3; Para. 35, 37, 38, 52),
the processor executing the code to execute the first segment of software code and the code to execute the potentially decrypted version of second segment of software code in a first order defined by the predefined order, e.g. decrypting and executing each class based on the defined order of classes (Atkin-Fig. 3; Para. 35, 37, 38, 52), 
the processor executing the code to produce the first decryption key and the code to produce the second decryption key in a second order defined by the predefined order, e.g. generating the decryption keys for the respective snapshots based on the defined order of classes (Atkin-Fig. 3; Para. 35, 37, 38, 52), 
the processor executing the code to attempt to decrypt the encrypted version of the second segment of software code and the code to attempt to decrypt the encrypted version of the third segment of software code in a third order defined by the predefined order, e.g. attempting to properly decrypt each class using the respective decryption key based on the defined order of classes (Atkin-Fig. 3; Para. 35, 37, 38, 52).

Regarding claim 21, the claim is analyzed with respect to claims 1 and 13.  Atkin in view of Reed in view of Schantz further teaches an apparatus, i.e. a vendor server (Atkin-Fig. 1, el. 100; Fig. 6, el. 601), comprising: 
a memory of a first compute device, e.g. level two cache, main memory, or a hard disk drive (Atkin-Fig. 6, el. 610, 620; Para. 57); and 
a processor of the first compute device, i.e. a processor (Atkin-Fig. 6, el. 600), operatively coupled to the memory, the processor configured to perform the steps.

Regarding claim 22, the claim is analyzed with respect to claim 8.

Regarding claim 23, the claim is analyzed with respect to claim 9.

Regarding claim 24, the claim is analyzed with respect to claim 10.

Regarding claim 25, the claim is analyzed with respect to claim 11.

Claims 12 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Atkin in view of Reed in view of Schantz and further in view of Kleiman (US 7,330,904).

Atkin in view of Reed in view of Schantz does not explicitly teach the first compute device and the second compute device are included within a common device.
Kleiman teaches a first compute device and a second compute device are included within a common device, e.g. including a client and a server within a single device (Col. 1, lines 11-24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Atkin in view of Reed in view of Schantz to include the first compute device and the second compute device are included within a common device, using the known system of including a client and a server within a single device, as taught by Kleiman, in combination with the first and second devices of Atkin in view of Reed in view of Schantz, for the purpose of providing better security for the distribution and execution of software modules within a single device.

Regarding claim 26, the claim is analyzed with respect to claim 12.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Aguayo Gonzalez et al. (WO 2012/061663 A2)--Aguayo Gonzalez discloses computing power traces/measurement for software modules executed using different execution paths (Para. 151, 177, 182).

Prvulovic et al. (US 2018/0012020 A1)—Prvulovic discloses execution paths of software code (Para. 112, 132).

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643. The examiner can normally be reached Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




10 November 2021
/Jeremy S Duffield/           Primary Examiner, Art Unit 2498