DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/25/2021 has been entered.
 
Response to Arguments


Art Rejection Arguments:

Applicant's first argument found bottom page 8 asserts that Kanemura nor Abe alone or in combination teach verifying function programs based on a particular function at the time just before the particular function is executed.

	First
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., verifying function programs based on a particular function at the time just before the particular function is executed) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
	
Second
the claim only requires that 'a particular function is executed'  and there is not a specific relationship between the claimed verification and the claimed execution.  Evenso, the verification processing is executed which performs the verification.  Therefore, the argued claim limitation is met by the art.



	
	

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
'a hardware verification unit configured to perform at least a verification' in claim 1 
'a storage unit configured to store a plurality of programs' in claim 1
Note:  Examiner has interpreted 'a hardware verification unit' to be a verification unit that verifies hardware, and as such has not interpreted the term 'hardware' as a structural modifier of the term 'verification unit' thereby not avoiding 112(f).

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.









	


Claim Rejections - 35 USC § 112
The previous 112(a) rejection is withdrawn in view applicant's amended claim language.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2, 3, and 12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.   
Claims 1-8 and 11-13 are rejected as being indefinite for at least the following reasons:


Claim 2 recites the limitation 'the function program' in line 3.  There is insufficient antecedent basis for this limitation in the claim.  

Claim 3 recites ' startup', but 'a startup program' was introduced in claim 1.
It is unclear if the 'startup' and the  'a startup program' are the same or different.

It is recommended to either state as:
first and second startup program if the startup program and startup process are different or refer to the startup as the startup program if the startup program and startup process are the same. 

For the purposes of applying prior art, the 'startup ' and the  'a startup program' has been interpreted as being the same.


- Claim 12 recites 'a loader', but  'a loader' was introduced in claim 1.  



 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over Kanemuru et al ( US 2009/0204806  hereinafter Kanemura) in view of Abe (US 2018/0096132 hereinafter Abe).

Examiner's Notes

(1) The Kanemura reference provides several drawings for a terminal device that are relied upon in the rejection, each having various levels of detail.
	Fig 1:   terminal devices A-Z
Fig 2:   terminal device 0102
Fig 3:   terminal device 0105
Fig 29: terminal device 3001 introduced in subsection header:  "1. Embodiment 1"   in [0881]
Fig 32: functional block diagram of terminal device 3001
Fig 48: functional block diagram of a terminal device
introduced in subsection header:  "5. Embodiment 5"   in [1392]
Fig 49: functional block diagram of  terminal device 3500
introduced in subsection header:  "5.3 Modification of Embodiment 5"   in [1414]
Fig 50: functional block diagram of a terminal device 3600 introduced in [1445]
		and also referring to subsection header:  "5.3 Modification of Embodiment 5"   

It should be noted that in  [1483], Kanemura discloses that functional embodiments should be considered 
as computer systems that includes a microprocessor, ROM, RAM, hard disk, … and the like.

(2) In [0163], Kanemura discloses that secure module 201 of Fig 1 has the same function as a TPM.  TPMs are 
   shown in related figures: Figs 29, 32, 48, 49 and 50.


(3)  On 6/10/2021, a phone call was held with applicant's attorney Cindy Trout.  The purpose of the call was to for 
the examiner to ascertain the meaning of several of the instant claim limitations as well as the source of written support for several other of the instant claim limitations.  As also outlined in the attached interview summary, several issues were discussed an agreed on.  Agreements included:
	(A) lack of written support as outlined in the 112 rejections above, and
	(B) several instances of indefinite language as outlined in the 112 rejections above

As such, examiner and applicant agreed on the claim interpretations outlined in the 112 rejections section above and including:  
	(A) control programs and a plurality of control programs may be interpreted as software 
or firmware associated with an operating system 
(B) function programs and a plurality of function programs may be interpreted as one or 
        more application programs
			(C )  a control unit including a memory, and a processor may be interpreted as a control 
unit including a memory[[,]] and a processor
			(D)  a loader load-and-verify program may be interpreted as any software or firmware 
that implements a verification function 
(E)  a loader may be interpreted as any software or firmware that calls or loads 
any software or firmware






mapped to Kanemura' s terminal device embodiments as laid out in the above 
    Examiner's note, section (1)
    e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and Fig 50 3600
comprising: 
a hardware verification unit  
Fig 48 3438, 3433, and 3436 in view of Fig 29 verification program
e.g.  Fig 49 3527, 3516, and 3517  and  Fig 50 3626, 3516, and 3517  
configured to perform at least a verification 
[1435] verifies the PCR certificate 3536 for the BIOS
of a startup program 
Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
in view of [1475]  verification of authenticity of the BIOS
in view further view of  [1434] after PCR1 is calculated, the BIOS is loaded and executed
stored in read only memory; Fig 29 3143 secure ROM stores BIOS

a storage unit Fig 2 0208 program storage unit e.g. Fig 29 3142 e.g. Fig 48 3432
configured to store a plurality of programs 
[0166] program storage unit 0208 stores programs
in view of [0192] various types of applications
see also [0903] 3142 stores not only programs but also data
including 
a plurality of control programs 
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
and a plurality of function programs; 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications see also  [0167] / [0183]

and a control unit Fig 2 0201 and Fig 2 0202  e.g. Fig 29 3142 and  Fig 29 3145
including a memory Fig 2 0202 e.g. Fig 29 3145
and a processor Fig 2 0201 e.g. Fig 29 3141
in communication with the memory, Fig 2 0213 Bus  e.g. Fig 29 3160
the processor configured to: 
perform a first verification process 
[1428] the three verifying units respectively verify authenticity of PCR 
values calculated by corresponding TPMs
including  a verification [1435] verifies the PCR certificate 3536 for the BIOS
of the startup program  Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
by using Fig 49 3527
the hardware verification unit,  
Fig 48 3438, 3433, and 3436 in view of Fig 29 verification program
e.g.  Fig 49 3527, 3516, and 3517  and  Fig 50 3626, 3516, and 3517  

and, in a case where, the verification of the startup program is successful, 
Fig 49 3527 Verification OK
in view of  [1409] when any of the verifications results in a failure, the 
operation of the terminal device is stopped


	Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
						e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533
in view of [1441] each verifying unit verifies whether a program 
corresponding to itself is authentic	
of a plurality of control programs  
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
and a plurality of function programs 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications 
see also  [0167] / [0183]
stored in the storage unit 
Fig 2 0208 program storage unit e.g. Fig 29 3142 / Fig 48 3432

[[perform a second verification process, after the information processing apparatus has completed starting up, of verifying one or more of the plurality of function programs, 
in a case where a particular function is executed, based on the particular function; ]] and

restrict use [1428] operation of the terminal device 3500 is stopped
of the information processing apparatus, 
Kanemura' s terminal device  e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and 
              Fig 50 3600
 in a case where the first verification process 
[1428] the three verifying units respectively verify authenticity 
of PCR values calculated by corresponding TPMs
[[or the second verification process ]]
fails.  
[1413] verification results in failure 
in view of [1428] when the comparison shows that they do not match

wherein
the plurality of control programs 
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
	includes at least 
a kernel  Fig 49 3523
and a loader  [1439] OS 3503 is attempting to load

and a plurality of function programs includes at least an application program; 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications see also  [0167] / [0183]





Kanemura does not teach
perform a second verification process, after the information processing apparatus has completed starting up, of verifying one or more of the plurality of function programs, in a case where a particular function is executed, based on the particular function; 

and restrict use of the information processing apparatus, in a case where the first verification process or the 
second verification process fails

Abe teaches
perform a second verification process,  Fig 14 S29-S39  (*note: Abe's 1st verification process shown Fig 4)
after the information processing apparatus  Fig 2 1 main control apparatus
has completed starting up 
[0080] with reference to Fig 14 ……  processing executed after starting   
in view of Fig 4  i.e. verification previously executed at startup
of verifying [0085] determine whether the program loaded in the RAM is valid
one or more of the plurality of function programs, [0085] the program loaded in the RAM
in a case where a particular function is executed, Fig 14 S31 second verification processing
based on the particular function; Fig 14 S25 and S27  to avoid redundant execution discussed in [0082] 
*In other words, Fig 14 S31 is only executed if  'second verification processing' is not currently executing on a concurrent thread.  S25 and S27 are for determining if  'second verification processing' is or is not currently executing to avoid redundant execution.

therefore  Kanemura modified by Abe teaches
restrict use of the information processing apparatus, in a case where the first verification process or the 
second verification process fails

because
Kanemura teaches restrict use of the information processing apparatus, in a case where the first 
verification process fails  
and  Abe teaches a second verification process which may fail (i.e. Fig 14 S39).  

As such, in a case wherein Kanemura incorporates Abe's second verification process,  Kanemura may apply the restriction of: [1428] operation of the terminal device 3500 is stopped in addition to Abe's teaching in Fig 14 S39 alert message in a case when a verification process fails.
	
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.

 

As to claim 2,   
Kanemura discloses 
wherein use of the function program Fig 49 3502 Application
is disabled as the restriction imposed [1428] operation of the terminal device 3500 is stopped
when the verification [[of the function program]]
[1435] verifies the PCR certificate 3536 for the BIOS

by [[the second]] verification process 
 [1428] the three verifying units respectively verify authenticity of PCR values calculated 
by corresponding TPMs
fails, 
[1413] verification results in failure 
in view of [1428] when the comparison shows that they do not match

and wherein [[when]]
the use of the function program Fig 49 3502 Application
is disabled, [1428] operation of the terminal device 3500 is stopped
 
a notification is displayed [1069] 3192 displays a warning screen
on a screen [1069] 3192 displays a warning screen in view of Fig 28 showing a monitor
of the information processing apparatus 
Fig 2 102 see [0041] Terminal A also shown as Fig 49 3500
to notify that tampering has been detected.
[1069] a warning screen indicating  that the structure of the terminal device 3001 is not 
authentic, stops operations, and powers off

Kanemura does not teach
wherein use of the function program is disabled as the restriction imposed when the verification of the function program by the second verification process fails

and wherein when a notification is displayed on a screen of the information processing apparatus to notify that tampering has been detected.

Abe teaches
	a second verification process Fig 14 S29-S39  (*note: Abe's 1st verification process shown Fig 4)

verifying [0085] determine whether the program loaded in the RAM is valid
one or more of the plurality of function programs, [0085] the program loaded in the RAM

	a notification is displayed when the second verification process fails  
Fig 14 S39 display alert message

therefore  Kanemura modified by Abe teaches
wherein use of the function program is disabled as the restriction imposed when the verification of the function program by the second verification process fails

and wherein when a notification is displayed on a screen of the information processing apparatus to notify that tampering has been detected.

because
Kanemura teaches  wherein use of the function program is disabled as the restriction imposed when the 
     any verification process fails 
[1413] verification results in failure 
in view of [1428] the comparison shows they do not match
and  Abe teaches a second verification process which may fail (i.e. Fig 14 S39).  

As such, in a case wherein Kanemura incorporates Abe's second verification process,  Kanemura may apply the restriction of: [1428] operation of the terminal device 3500 is stopped in addition to Abe's teaching in Fig 14 S39 alert message in a case when a verification process fails.

and further
Kanemura teaches  wherein use of the function program is disabled as the restriction imposed when the 
     any verification process fails 
[1413] verification results in failure 
in view of [1428] the comparison shows they do not match
		and in
[1069] a warning screen indicating  that the structure of the terminal device 3001 is not 
authentic, stops operations, and powers off

	Likewise, Abe teaches a second verification process Fig 14 S29-S39  and a display message Fig 14 S39 
upon verification process failure.   

As such, in a case wherein Kanemura incorporates Abe's second verification process,  Kanemura may apply the restriction of: [1428] operation of the terminal device 3500 is stopped in addition to Abe's teaching in Fig 14 S39 alert message in a case when a verification process fails to arrive at the claimed invention. 


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.

As to claim 3,   
Kanemura discloses
wherein the first verification process 
[1428] the three verifying units respectively verify authenticity of PCR values calculated 
by corresponding TPMs
is performed when electric power is supplied 
[1434]  when powered on, RTM 3526 is achieved as the CRTM code is executed
in view of  Fig 49 RTM 3526
to the information processing apparatus 
mapped to Kanemura' s terminal device embodiments as laid out in the above 
    Examiner's note, section (1)
    e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and Fig 50 3600

and a startup process Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
is initiated,  [1434] BIOS is loaded

Kanemura does not teach
the second verification process is performed when an instruction to execute the particular function of the information processing apparatus is issued

Abe teaches 
the second verification process  Fig 14 S29-S39  (note: Abe's 1st verification process shown Fig 4)
is performed when an instruction Fig 14 S27
to execute a particular function Fig 14 S29  
of the information processing apparatus Fig 2 1 main control apparatus
is issued Fig 14 S27 No path

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.

As to claim 4,   
Kanemura discloses
wherein in the software verification 
	Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
				e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533
by the first verification process, 
[1428] the three verifying units respectively verify authenticity of PCR values calculated 
by corresponding TPMs

the software verification 
	Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
				e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533
is performed  Fig 48 in view of Fig 49
on the plurality of programs 
[0166] program storage unit 0208 stores programs
including
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
    and
	Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications 
see also  [0167] / [0183]
sequentially on a program- by-program basis in a program start order, 
	Fig 49 executes from BIOS at 3527 to OS at 3524 to Application(s) at 3522

and when the software verification fails for any one of the programs, 
[1428] when the comparison shows they do not match
in view of  [1409] when any of the verifications results in a failure, the 
operation of the terminal device is stopped
in further view of  [1427] verifying units 3527, 3524, and 3522  of Fig 49
the restriction restricts use  [1428] operation of the terminal device 3500 is stopped
of the information processing apparatus.
mapped to Kanemura' s terminal device embodiments as laid out in the above Examiner's note, section (1)
e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and Fig 50 3600

As to claim 5,   
Kanemura discloses
wherein in the software verification 
Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
				e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533

by the first verification process, 
[1428] the three verifying units respectively verify authenticity of PCR values calculated 
by corresponding TPMs

for a control program Fig 49 3522 verifying unit
to be started next  Fig 49 3522 executes after Fig 49 3524
a hash value  
the hash value included in Fig 49 3512 PCR3 
in view of [0184] to cause the PCR value to depend on the software 
structure of the terminal, the PRC value is updated using a hash value of the program loaded into the terminal.
is calculated [1441] TPM 3511 calculates a PCR value 3512

and is compared  
[1428] compares the PCR value held by the corresponding TMP with 
an authentic PRC value included in the PCR certificate
with a hash value  
the hash value included in Fig 49 3533 Authentic PCR certificate
[0184] to cause the PCR value to depend on the software structure of 
the terminal, the PRC value is updated using a hash value of the program loaded into the terminal.

included in (interpreted as associated with*) 
Fig 49 3522 verifying unit is called after Fig 49 3524 verifying unit 
indicates a 'Verification OK' result
a control program Fig 49 3524 verifying unit
verified immediately before 
the comparison of Fig 49 3524 occurs before the comparison of Fig 49 3522   

				* On 6/10/2021, a phone call was held with applicant's attorney Cindy Trout 
who agreed the specification lacks support for a hash included in a control program and agreed that the term should be interpreted as associated with

As to claim 6,   
Kanemura discloses 
wherein in the software verification 
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
by [[the second]] verification process, 
[1428] the three verifying units respectively verify authenticity of PCR values calculated 
by corresponding TPMs

a hash value  
mapped to the hash value included in Fig 49 3512 PCR3 
in view of [0184] to cause the PCR value to depend on the software 
structure of the terminal, the PRC value is updated using a hash value of the program loaded into the terminal.
is calculated for [0184] a PCR is updated using a calculated hash 
a function program  Fig 49 3502 Application
corresponding to [[the particular function]]a function selected by a user, 
[0193] terminal A executes an application program in accordance with an input 
from a user

and the calculated hash value  mapped to the hash value included in Fig 49 3512 PCR3 
is compared with  
[1428] compares the PCR value held by the corresponding TMP with an 
authentic PRC value included in the PCR certificate
a hash value  
the hash value included in Fig 49 3533 Authentic PCR certificate
[0184] to cause the PCR value to depend on the software structure of 
the terminal, the PRC value is updated using a hash value of the program loaded into the terminal.
included in a list
 Fig 49 3531 Secure memory
of second hash values stored 
	Fig 49 3531 Secure memory includes 3536, 3534, and 3533 
which correspond to  PCR certificates with attached hash values
for use by [[the second]] verification process. 
[1428] the three verifying units respectively verify authenticity of PCR values 
calculated by corresponding TPMs

Kanemura does not teach
the second verification process 
a function corresponding to the particular function which is selected by a user

Abe teaches 
the second verification process Fig 14 S29-S39 (*note: Abe's 1st verification process shown Fig 4)
a particular function is executed, Fig 14 S31 second verification processing
a trigger to initiate Fig 14 step S31  Fig 14 step S21 and S23



therefore  Kanemura modified by Abe teaches
in the software verification process by the second verification process is calculated for a function program corresponding to a function selected by a user and the calculated hash value is compared with a hash value included I the list of the second hash values store for use by the second verification process

the particular function  selected by a user, 


because
Kanemura teaches   all of the limitations except for the second verification process
and  Abe teaches  the second verification process including a hash comparison see  [0085 ] similar to that taught by Kanemura in [1428-35] and Fig 49
and further, Kanemura teaches that a user may select a function in [0193] whereas  Abe teaches a trigger may initiate the second verification process in steps Fig 14 step S21 and S23
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.

And moreover, it would be obvious to one of ordinary skill in the art that Kanemura [0193] input from a user may embody Abe's trigger of Fig 14 step S21 and S23

As to claim 7,   
Kanemura discloses
wherein in a case when 
the software verification 
Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
				e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533
by [[the second ]]verification process 
[1428] the three verifying units respectively verify authenticity of PCR values 
calculated by corresponding TPMs
fails 
[1413] verification results in failure 
in view of [1428] the comparison shows they do not match
for a function program, [1440] the application

the restriction determines whether the program is a known program, 
[1414] each verifying unit verifies whether or not a program corresponding to itself is 
authentic
and if it is determined that the program is not a known program, 
[1414] each verifying unit verifies whether or not a program corresponding to itself is 
authentic
in view of [1413] verification results in failure 
the restriction does not 
[1413] device 3431 is stopped when a verification results in a failure. However, not 
limited to this structure, for example, a predermined operation may be restricted, and the operation may be continued.
*because the operation continues, the apparatus is not restricted
of the information processing apparatus
 mapped to Kanemura' s terminal device embodiments as laid out in the above 
 Examiner's note, section (1)
    e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and Fig 50 3600
 but notifies 
[1069] a warning screen indicating  that the structure of the terminal device 3001 is not 
authentic
[[that]] executing of a[[n unknown]] program has been restricted.
	[1413] a predetermined operation may be restricted

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura to arrive at the claim limitation of: 'but notifies that executing of an unknown program has been restricted.'
	because
Kanemura teaches in [1413] an operation may be restricted when verification fails 
Kanemura teaches in [1067-69] a warning screen indicating that the structure of the terminal 
device  3001 is not authentic when an operation prohibition 
notification is received
	therefore
One of ordinary skill in the art would find it obvious that in the case of [1413], when an operation is restricted, to include that an operation has been restricted in the warning screen of [1069] as both the warning screen and the restriction are predicated on the verification failure event.

Kanemura does not teach
the second verification process 
Abe teaches 
the second verification process  Fig 14 S29-S39(*note: Abe's 1st verification process shown Fig 4)

therefore  Kanemura modified by Abe teaches
wherein in a case when the software verification by the second verification process fails for a function program, the restriction determines whether the program is a known program, and if it is determined that the program is not a known program, the restriction does not stop the system of the information processing apparatus but notifies that executing of an unknown program has been restricted.
because
Kanemura teaches the advantages of a first verification process  whereas  Abe teaches the advantages of a first (Fig 4) and second (Fig 14) verification process. The second process to be executed after a first verification process in response to a trigger to achieve continuous monitoring of applications being loaded into memory for execution.

Therefore, as previously established in the rejection of claim 1, one of ordinary skill in the art would find it obvious that the combination of Kanemura and Abe would include Abe's second verification process.

And further, that when the second verification process fails as taught by Abe in Fig 14 S38 No, an alert message is provides as taught by Abe in Fig 14 S39 and that the alert message may include a notification that the executing of an unknown function has been restricted as taught by Kanemura in [1067-69] and [1413].

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.
As to claim 8,   
Kanemura discloses,
	the startup program 
Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
in view of [1475]  verification of authenticity of the BIOS
in view further view of  [1434] after PCR1 is calculated, the BIOS is loaded and executed
in further view of  Fig 49 3536, 3527, 3517, and 3526

verified[1435] verifies the PCR certificate 3536 for the BIOS
by the hardware verification unit 
Fig 48 3438, 3433, and 3436 in view of Fig 29 verification program
	is a BIOS   Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS

As to claim 9,   
Kanemura discloses a method for controlling an information processing apparatus configured to execute
processes comprising verifying a startup program stored in read only memory by a hardware verification unit, storing a plurality of control programs and function programs in a-4-Amendment for Application No.: 16/383252 Attorney Docket: 10193364US01storage unit, and controlling executing of the plurality of programs by a control unit, the method comprising:

performing a first verification process 
[1428] the three verifying units respectively verify authenticity of PCR 
values calculated by corresponding TPMs
including  performing the verification 
[1435] verifies the PCR certificate 3536 for the BIOS
of the startup program  Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
by using Fig 49 3527
the hardware verification unit,  
Fig 48 3438, 3433, and 3436 in view of Fig 29 verification program
e.g.  Fig 49 3527, 3516, and 3517  and  Fig 50 3626, 3516, and 3517  

and, in a case where, the verification of the startup program is successful, 
Fig 49 3527 Verification OK
in view of  [1409] when any of the verifications results in a failure, the 
operation of the terminal device is stopped
performing a software verification 
	Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
						e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533
in view of [1441] each verifying unit verifies whether a program 
corresponding to itself is authentic	
of the plurality of control programs  
Fig 49 3503 OS in view of Fig 48 3448 OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
and the function programs 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications 
see also  [0167] / [0183]


Fig 2 0208 program storage unit e.g. Fig 29 3142 / Fig 48 3432
				by using [1483] each of the above-specified devices is specifically a computer 
system that includes a microprocessor, ROM, RAM, hard disk, … and the like.
the control unit;  Fig 2 0201 and Fig 2 0202  e.g. Fig 29 3142 and  Fig 29 3145

[[perform a second verification process, after the information processing apparatus has completed starting up, of verifying one or more of the plurality of function programs, 
in a case where a particular function is executed, based on the particular function;]] and
restricting use [1428] operation of the terminal device 3500 is stopped
of the information processing apparatus, 
Kanemura' s terminal device  e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and 
              Fig 50 3600
 in a case where the first verification process 
[1428] the three verifying units respectively verify authenticity 
of PCR values calculated by corresponding TPMs
[[or the second verification process ]]
fails.  
[1413] verification results in failure 
in view of [1428] when the comparison shows that they do not match

wherein
the plurality of control programs 
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
	includes at least 
a kernel  Fig 49 3523
and a loader  [1439] OS 3503 is attempting to load

and a plurality of function programs includes at least an application program; 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications see also  [0167] / [0183]


Kanemura does not teach
perform a second verification process, after the information processing apparatus has completed starting up, of verifying one or more of the plurality of function programs, in a case where a particular function is executed, based on the particular function; 

and restrict use of the information processing apparatus, in a case where the first verification process or the 
second verification process fails


Abe teaches
perform a second verification process,  Fig 14 S29-S39  (*note: Abe's 1st verification process shown Fig 4)
after the information processing apparatus  Fig 2 1 main control apparatus
has completed starting up 
[0080] with reference to Fig 14 ……  processing executed after starting   
in view of Fig 4  i.e. verification previously executed at startup
of verifying [0085] determine whether the program loaded in the RAM is valid
one or more of the plurality of function programs, [0085] the program loaded in the RAM
in a case where a particular function is executed, Fig 14 S31 second verification processing
based on the particular function; Fig 14 S25 and S27  to avoid redundant execution discussed in [0082] 
*In other words, Fig 14 S31 is only executed if  'second verification processing' is not currently executing on a concurrent thread.  S25 and S27 are for determining if  'second verification processing' is or is not currently executing to avoid redundant execution.

therefore  Kanemura modified by Abe teaches
restrict use of the information processing apparatus, in a case where the first verification process or the 
second verification process fails

because
Kanemura teaches restrict use of the information processing apparatus, in a case where the first 
verification process fails  
and  Abe teaches a second verification process which may fail (i.e. Fig 14 S39).  

As such, in a case wherein Kanemura incorporates Abe's second verification process,  Kanemura may apply the restriction of: [1428] operation of the terminal device 3500 is stopped in addition to Abe's teaching in Fig 14 S39 alert message in a case when a verification process fails.

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.

As to claim 10,   
Kanemura discloses a non-transitory computer-readable storage medium in which a program is stored, the program implementing a method for controlling an information processing apparatus configured to execute processes comprising
performing a first verification process 
[1428] the three verifying units respectively verify authenticity of PCR 
values calculated by corresponding TPMs
including  performing the verification 
[1435] verifies the PCR certificate 3536 for the BIOS
of the startup program  Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
by using Fig 49 3527
the hardware verification unit,  
Fig 48 3438, 3433, and 3436 in view of Fig 29 verification program
e.g.  Fig 49 3527, 3516, and 3517  and  Fig 50 3626, 3516, and 3517  

and, in a case where, the verification of the startup program is successful, 
Fig 49 3527 Verification OK
in view of  [1409] when any of the verifications results in a failure, the 
operation of the terminal device is stopped
performing a software verification 
	Fig 48 3448 and 3449 authentic PCR certificates:
[1409] verifying unit 3438 reads out PCR values from PCR 
storage in the TPM 3433 and confirms whether or not the read-out PCR values match the authentic PCR values included in each  PCR certificate
						e.g.
Fig 49 3503, 3513, 3514, 3524, 3523, and 3534 
[1438-39] PCR2 matches the authentic PCR value
in view of  Fig 49 3524 Verification OK
and
Fig 49 3502, 3511, 3512, 3521, 3522, 3532, and 3533

in view of [1441] each verifying unit verifies whether a program 
corresponding to itself is authentic	
of a plurality of control programs  
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
and a plurality of function programs 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications 
see also  [0167] / [0183]
stored in the storage unit 
Fig 2 0208 program storage unit e.g. Fig 29 3142 / Fig 48 3432
				by using [1483] each of the above-specified devices is specifically a computer 
system that includes a microprocessor, ROM, RAM, hard disk, … and the like.
the control unit;  Fig 2 0201 and Fig 2 0202  e.g. Fig 29 3142 and  Fig 29 3145


[[perform a second verification process, after the information processing apparatus has completed starting up, of verifying one or more of the plurality of function programs, 
in a case where a particular function is executed, based on the particular function;]] and
restricting use [1428] operation of the terminal device 3500 is stopped
of the information processing apparatus, 
Kanemura' s terminal device  e.g. Fig 1 102, Fig 48 3431, Fig 49 3500, and 
              Fig 50 3600
 in a case where the first verification process 
[1428] the three verifying units respectively verify authenticity 
of PCR values calculated by corresponding TPMs
[[or the second verification process ]]
fails.  
[1413] verification results in failure 
in view of [1428] when the comparison shows that they do not match

wherein
the plurality of control programs 
Fig 29 OS e.g.  Fig 48  OS
in view of [1418] 3513, 3523, and 3524 correspond to OS 3503
	includes at least 
a kernel  Fig 49 3523
and a loader  [1439] OS 3503 is attempting to load

and a plurality of function programs includes at least an application program; 
Fig 29 Application e.g. Fig 48  Application
plural in view of [0192] various types of applications see also  [0167] / [0183]


Kanemura does not teach
perform a second verification process, after the information processing apparatus has completed starting up, of verifying one or more of the plurality of function programs, in a case where a particular function is executed, based on the particular function; 

and restrict use of the information processing apparatus, in a case where the first verification process or the 
second verification process fails

Abe teaches
perform a second verification process,  Fig 14 S29-S39  (*note: Abe's 1st verification process shown Fig 4)
after the information processing apparatus  Fig 2 1 main control apparatus
has completed starting up 
[0080] with reference to Fig 14 ……  processing executed after starting   
in view of Fig 4  i.e. verification previously executed at startup
of verifying [0085] determine whether the program loaded in the RAM is valid
one or more of the plurality of function programs, [0085] the program loaded in the RAM
in a case where a particular function is executed, Fig 14 S31 second verification processing
based on the particular function; Fig 14 S25 and S27  to avoid redundant execution discussed in [0082] 
*In other words, Fig 14 S31 is only executed if  'second verification processing' is not currently executing on a concurrent thread.  S25 and S27 are for determining if  'second verification processing' is or is not currently executing to avoid redundant execution.

therefore  Kanemura modified by Abe teaches
restrict use of the information processing apparatus, in a case where the first verification process or the 
second verification process fails


because
Kanemura teaches restrict use of the information processing apparatus, in a case where the first 
verification process fails  
and  Abe teaches a second verification process which may fail (i.e. Fig 14 S39).  

As such, in a case wherein Kanemura incorporates Abe's second verification process,  Kanemura may apply the restriction of: [1428] operation of the terminal device 3500 is stopped in addition to Abe's teaching in Fig 14 S39 alert message in a case when a verification process fails.

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.


As to claim 11,   
Kanemura discloses wherein 
the hardware verification unit, 
Fig 48 3438, 3433, and 3436 in view of Fig 29 verification program
e.g.  Fig 49 3527, 3516, and 3517  and  Fig 50 3626, 3516, and 3517  
the read only memory, Fig 29 3143 secure ROM stores BIOS
and the processor Fig 2 0201 e.g. Fig 29 3141
are connected by a bus Fig 2 0213 Bus
which is internal to an integrated circuit 
[0874] all of the elements of the devices may be achieved as an IC card or module 
in view of  Title: Certifying device, verifying device, verifying system, computer 
program and Integrated Circuit
and not accessible outside of the integrated circuit. [00874] the IC card may be tamper resistant


Claims 12 and 13 are  rejected under 35 U.S.C. 103 as being unpatentable over Kanemuru  in view of Abe in further view of Morrow et al (US 2006/0079333 herein after Morrow) in further view of  LIU et al (US 2018/0321947 hereinafter Liu)  in further view of  Rusakov et al (US 9195832 hereinafter Rusakov)

As to claim 12, Kanemuru  in view of Abe teaches all the subject matter pointed out in the above 103  rejection of parent claim 8.

As to claim 12,   
Kanemura discloses 
a loader load-and-verify program Fig 48 3438
[[is included in]] 
the BIOS, Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS

and the loader load-and-verify program Fig 48 3438
includes a public key [1408] verifying unit 3438 reads public key 3446  
corresponding to a process for verifying 
[1391] confirms that verification data has not been tampered with and then performs 
attestation and verifies the authenticity of the structure inside the terminal.
			in view of  [0165] attestation, signature verification, etc.
a loader  Fig 29 3162 Boot Loader with RTM	
and a signature [1408] verifying unit 3438  verifies the  signature data in each certificate
assigned to 
[0966] PCR1 corresponds to the boot loader
in view of  [0165] secure module 0207 can provide a service of attaching a signature to 
a PCR value using a private key
the loader, Fig 29 3162 Boot Loader with RTM

wherein the BIOS Fig 29 3109 BIOS e.g. Fig 48 3432 BIOS
[[also includes a process of]]
loading Fig 35 S3016 Load boot loader
the loader Fig 29 3162 Boot Loader 
[[from the storage unit ]]
and starting the loader. Fig 35 S3016 execute boot loader

	Neither Kanemura nor Abe discloses
		a loader load-and-verify program is included in the BIOS

Morrow teaches
a loader load-and-verify program [0065] verification software 70
is included in Fig 1 70 within Fig 1 64
the BIOS Fig 1 64

Neither Kanemura, Abe nor Morrow teaches
	the BIOS also includes a process of loading the loader
	 
	Lui teaches
the BIOS also includes a process of loading the loader [0023] the BIOS is to load a boot loader

Neither Kanemura, Abe, Morrow nor Lui teaches
	loading the loader from the storage unit 

Rusakov teaches
	loading the loader from the storage unit 
		C3 51-53 The boot manager finds the OS boot loader in the system partition of the hard 
   disk
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot up verification process e.g. Fig 49 wherein 1st the BIOS is verified, followed by the OS, followed by Application 3502.  
Similarly, Abe teaches a multi-step verification process executed at start up see Fig 4 and  [0038] wherein with reference to Figs 4 to 15….when control apparatus 1 is powered on, Fig 4: step S1 is loaded into RAM
However Abe also teaches a verification process in Fig 14 that is performed after startup see  [0080] after startup; the verification process of Fig 14 triggered by [0082] arbitrary timing 
As such, Kanemura may be combined with Abe to arrive at the claimed invention by incorporating Abe's post start up verification routine of Fig 14.  Kanemura may incorporate Abe's post start up verification routine of Fig 14 without requiring changes to any of Kanemura 's start up verification routines  of Figs 49, 50, etc. thereby 
not affecting Kanemura' s existing operations but improving Kanemura' overall security by incorporated post start up, continuous verification of the application layer programs as taught by Abe.

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura and Abe with those of Morrow as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a loader load-and-verify program in [0065] i.e. verification software 70 but is silent on where verification software 70 is stored or retrieved from.  Morrow cures Kanemura 's deficiency by teaching that a verification program with similar functionality to that of Kanemura' s verifier of Fig 48 3438 may be included in the BIOS of Morrow (see Morrow Fig 1 and [0065]) to thereby arrive at the claimed invention.
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura, Abe and Morrow with those of Lui as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches loading and executing a loader program see Fig 35 S3016 but is silent on which component is responsible for implementing the action of loading and executing a loader program as per Fig 35 S3016.  Lui cures Kanemura 's deficiency by teaching that the BIOS also includes a process of loading the loader in [0023]  to thereby arrive at the claimed invention.
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura, Abe, Morrow, and Lui with those of Rusakov as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot loader in Fig 29 3162 but shows it stored in Fig 29 3143 ROM memory instead of Fig 29 3143 hard disk.  Rusakov teaches in C3 51-53 that an OS boot loader may be stored on a hard disk.  Therefore, Kanemura may incorporate Rusakov by storing Fig 29 Boot Loader 3162 in Hard disk 3142 to realize a predictable result and to thereby arrive at the claimed invention.

in view of Abe teaches all the subject matter pointed out in the above 103  rejection of parent claim 1.

As to claim 13,   
Kanemura discloses 
	an operation unit  Fig 29 3167/3166

Neither Kanemura, Abe, Morrow nor Lui teaches
	a printer unit and a scanner unit

Rusakov teaches
a printer unit  C6 43
and a scanner unit C6 53

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Kanemura, Abe, Morrow, and Lui with those of Rusakov as elements known in the prior art combined to yield predictable results.  For example Kanemura teaches a boot loader in Fig 29 3162 but shows it stored in Fig 29 3143 ROM memory instead of Fig 29 3143 hard disk.  Rusakov teaches in C3 51-53 that an OS boot loader may be stored on a hard disk.  Therefore, Kanemura may incorporate Rusakov by storing Fig 29 Boot Loader 3162 in Hard disk 3142 to realize a predictable result and to thereby arrive at the claimed invention.
And further, Kanemura teaches in Fig 29 bus 3160 for connecting devices such as a keyboard and mouse see [0922].  Moreover, in [0893] Kanemura teaches bios 3109 composed of a plurality of programs adapted to control peripheral devices.  As such, Rusakov may be further incorporated into Kanemura to include a printer and scanner peripheral to realize an additional predictable result and to thereby  arrive at the claimed invention.


Conclusion
	






Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431