Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the reply filed by Applicant on 10/12/2021. Claims 3 and 7 have been canceled.  Claims 1, 2, 4-6, 8 and 9 are pending. This Office Action is Final.

Response to Arguments
	A) Applicant’s arguments with respect to claim(s) 1 and 5 have been considered but are moot because the new ground of rejection does not rely on the same exact references applied in the prior rejection, of record for any teaching or matter specifically challenged in the argument, and have been necessitated by amendment.  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
	
Claims 1, 2, 4-6, 8 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Martinez (US 2016/0147996) in view of An et al. (US 2013/0003976), Lewis (US 2012/0266259) and Segawa (US 2008/0313627).

	As per claim 1, Martinez teaches a method of initiating a device managed by an authorized manager comprising: maintaining a security module connected to the device in hardware and an encrypted firmware image; loading the encrypted firmware image; decrypting the encrypted symmetric key included in the encrypted firmware image, by using an encryption key of the security module, decrypting encrypted firmware by using the decrypted symmetric key (Martinez, Paragraph 0010 recites “In a specific embodiment of the present disclosure, the firmware image 110 is encrypted before storing the image in firmware memory 110. The firmware image 112 is encrypted using a random symmetric encryption key generated by a software routine included in the firmware image 112. The encryption key can be stored in NVRAM 124 of TPM 120. The key is sealed to a TPM PCR state corresponding to a boot phase at the time of storing the key, such as during an early stage of execution of Unified Extensible Firmware Interface (UEFI) compliant boot software. During subsequent booting of information handling system 100, the encrypted firmware image 112 is retrieved from firmware memory 110, the symmetric key is unsealed from TPM 120, and the encrypted firmware image 112 is decrypted using the symmetric key.”);
	and executing the decrypted firmware in the device (Martinez, Paragraph 0010 recites “The unencrypted firmware image can be copied to system memory 104 where execution of the boot code included the image can commence.”).
	But fails to teach wherein the encrypted firmware image includes: an encrypted firmware encrypted by a symmetric key; an encrypted symmetric key encrypted by a private key which an authorized manager has; 
	However, in an analogous art An teaches wherein the encrypted firmware image includes: an encrypted firmware encrypted by a symmetric key; an encrypted symmetric key encrypted by a private key which an authorized manager has; (An, Paragraph 0025 recites “When a feature set of a hardware adapter is controlled according to an embodiment of the present disclosure, adapter firmware that stores code for the feature set is encrypted with a symmetric key. The symmetric key is then encrypted (via a vendor specified private key encryption algorithm) and stored in firmware of the adapter.” The vendor would be an authorized manager).


	And fails to teach an encrypted signature encrypted by the private key;
	However, in an analogous art Lewis teaches an encrypted signature encrypted by the private key (Lewis, Paragraph 0035 recites “The firmware signature may be encrypted using firmware private key 232. Firmware private key 232 may be implemented using a private half of an asymmetric key pair.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Lewis’ Approaches for firmware to trust an application with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of an additional encryption adds another security element.  
	And fails to teach confirming integrity of the encrypted firmware image by reading a header of the encrypted firmware image by using a public key of the manager stored in the security module in connection with the private key used when encrypting a symmetric key and a signature; when the integrity of the encrypted firmware image is confirmed, decrypting the encrypted symmetric key by using the public key
	However, in an analogous art Segawa teaches confirming integrity of the encrypted firmware image by reading a header of the encrypted firmware image by using a public key of the manager stored in the security module in connection with the private key used when encrypting a symmetric key and a signature; when the integrity of the encrypted firmware image is confirmed, decrypting the encrypted symmetric key (Segawa, Paragraphs 0096-0097 recites “The system managing module 34 requests the firmware authenticating module 37 to authenticate the first firmware updating file 110. The firmware authenticating module 37 obtains the public key 113 in the falsification unable region (read-only region) of the information processing apparatus. The firmware authenticating module 37 authenticates the first firmware updating file 110 by using the obtained public key 113 (S43). Specifically, the firmware authenticating module 37 calculates a digest of the firmware ROM image 82 and the PCR value 83 of the first firmware updating file 110 (S43a). The firmware authenticating module 37 decrypts the public key signature 84 in the first firmware updating file 110 by using the public key 113 and collates the decrypted public key signature with the calculated digest. That is, the signature is authenticated by using the digest (43b). With this, the firmware authenticating module 37 authenticates the first firmware updating file 110.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Segawa’s information processing apparatus, software updating method, and image processing apparatus with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of confirming firmware has the advantage of ensuring firmware is actual authentic firmware.  

	
	
	As per claim 2, Martinez in combination with An, Lewis and Segawa teaches the method of initiating a device of claim 1, Segawa further teaches stopping initiation of the device, when an error occurs in any one of the confirming of the integrity and the decrypting of the encrypted symmetric (Segawa, Paragraph 0103 recites “The system managing module 34 sends a result of the request to the network updating module 31 (S46). The network updating module 31 sends the result to a source that requests to update the firmware. In addition, when the first firmware updating file 110 is not authenticated in S43, the system managing module 34 sends a result of the request to the network updating module 31 (S46). That is, the network updating module 31 sends information that the first firmware updating file 110 is authenticated/not authenticated, and the firmware is updated/not updated.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Segawa’s information processing apparatus, software updating method, and image processing apparatus with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of confirming firmware has the advantage of ensuring firmware is actual authentic firmware.  

	As per claim 4, Martinez in combination with An, Lewis and Segawa teaches the method of initiating a device of claim 1, Segawa further teaches wherein the encrypted signature is located in the header and the header includes at least one of a magic number, a version, a firmware length, and a signature length (Segawa, Paragraphs 0096-0097 recites “The system managing module 34 requests the firmware authenticating module 37 to authenticate the first firmware updating file 110. The firmware authenticating module 37 obtains the public key 113 in the falsification unable region (read-only region) of the information processing apparatus. The firmware authenticating module 37 authenticates the first firmware updating file 110 by using the obtained public key 113 (S43). Specifically, the firmware authenticating module 37 calculates a digest of the firmware ROM image 82 and the PCR value 83 of the first firmware updating file 110 (S43a). The firmware authenticating module 37 decrypts the public key signature 84 in the first firmware updating file 110 by using the public key 113 and collates the decrypted public key signature with the calculated digest. That is, the signature is authenticated by using the digest (43b). With this, the firmware authenticating module 37 authenticates the first firmware updating file 110.” It would be inherent that the signature length would in the header because signatures need to match including be the same length to be authenticated.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Segawa’s information processing apparatus, software updating method, and image processing apparatus with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of confirming firmware has the advantage of ensuring firmware is actual authentic firmware.  

	

	As per claim 5, Martinez teaches a method of updating a device using an encrypted firmware update image provided by an authorized manager, comprising: maintaining a security secured to a device in hardware; storing encrypted firmware update image in the device; loading the encrypted firmware update image (Martinez, Paragraph 0010 recites “In a specific embodiment of the present disclosure, the firmware image 110 is encrypted before storing the image in firmware memory 110. The firmware image 112 is encrypted using a random symmetric encryption key generated by a software routine included in the firmware image 112. The encryption key can be stored in NVRAM 124 of TPM 120. The key is sealed to a TPM PCR state corresponding to a boot phase at the time of storing the key, such as during an early stage of execution of Unified Extensible Firmware Interface (UEFI) compliant boot software. During subsequent booting of information handling system 100, the encrypted firmware image 112 is retrieved from firmware memory 110, the symmetric key is unsealed from TPM 120, and the encrypted firmware image 112 is decrypted using the symmetric key.”); 
	and copying the encrypted firmware update image to a memory in which an existing encrypted firmware image is stored (Martinez, Paragraph 0010 recites “The unencrypted firmware image can be copied to system memory 104 where execution of the boot code included the image can commence.”).
	But fails to teach wherein the encrypted firmware update image includes: an encrypted firmware encrypted by a symmetric key; an encrypted symmetric key encrypted by a private key which an authorized manager has.

(An, Paragraph 0025 recites “When a feature set of a hardware adapter is controlled according to an embodiment of the present disclosure, adapter firmware that stores code for the feature set is encrypted with a symmetric key. The symmetric key is then encrypted (via a vendor specified private key encryption algorithm) and stored in firmware of the adapter.” The vendor would be an authorized manager).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use An’s techniques for accessing features of a hardware adapter Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of an additional encryption adds another security element.  
	And fails to teach an encrypted signature encrypted by the private key.
	However, in an analogous art Lewis teaches an encrypted signature encrypted by the private key (Lewis, Paragraph 0035 recites “The firmware signature may be encrypted using firmware private key 232. Firmware private key 232 may be implemented using a private half of an asymmetric key pair.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Lewis’ Approaches for firmware to trust an application with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of an additional encryption adds another security element.  



	However, in an analogous art Segawa teaches confirming integrity of the encrypted firmware update image by reading a header of the encrypted firmware update image by using a public key manager stored in the security module in connection with the private key used when encrypting a symmetric key and a signature; when the integrity of the encrypted firmware image is confirmed (Segawa, Paragraphs 0096-0097 recites “The system managing module 34 requests the firmware authenticating module 37 to authenticate the first firmware updating file 110. The firmware authenticating module 37 obtains the public key 113 in the falsification unable region (read-only region) of the information processing apparatus. The firmware authenticating module 37 authenticates the first firmware updating file 110 by using the obtained public key 113 (S43). Specifically, the firmware authenticating module 37 calculates a digest of the firmware ROM image 82 and the PCR value 83 of the first firmware updating file 110 (S43a). The firmware authenticating module 37 decrypts the public key signature 84 in the first firmware updating file 110 by using the public key 113 and collates the decrypted public key signature with the calculated digest. That is, the signature is authenticated by using the digest (43b). With this, the firmware authenticating module 37 authenticates the first firmware updating file 110.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Segawa’s information processing apparatus, software updating method, and image processing apparatus with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of confirming firmware has the advantage of ensuring firmware is actual authentic firmware.  

	As per claim 6, Martinez in combination with An, Lewis and Segawa teaches the method of updating a device of claim 5, Segawa stopping updating of the device when an error occurs in the confirming of the integrity (Segawa, Paragraph 0103 recites “The system managing module 34 sends a result of the request to the network updating module 31 (S46). The network updating module 31 sends the result to a source that requests to update the firmware. In addition, when the first firmware updating file 110 is not authenticated in S43, the system managing module 34 sends a result of the request to the network updating module 31 (S46). That is, the network updating module 31 sends information that the first firmware updating file 110 is authenticated/not authenticated, and the firmware is updated/not updated.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Segawa’s information processing apparatus, software updating method, and image processing apparatus with Martinez’s Method for Generating and Executing Encrypted BIOS Firmware and System Therefor because the use of confirming firmware has the advantage of ensuring firmware is actual authentic firmware.  
	As per claim 8, Martinez in combination with An, Lewis and Segawa teaches the method of updating a device of claim 5, Segawa further teaches wherein the encrypted signature is located in the header and the header further includes at least one of a magic number, a version, a firmware length, and a signature length (Segawa, Paragraphs 0096-0097 recites “The system managing module 34 requests the firmware authenticating module 37 to authenticate the first firmware updating file 110. The firmware authenticating module 37 obtains the public key 113 in the falsification unable region (read-only region) of the information processing apparatus. The firmware authenticating module 37 authenticates the first firmware updating file 110 by using the obtained public key 113 (S43). Specifically, the firmware authenticating module 37 calculates a digest of the firmware ROM image 82 and the PCR value 83 of the first firmware updating file 110 (S43a). The firmware authenticating module 37 decrypts the public key signature 84 in the first firmware updating file 110 by using the public key 113 and collates the decrypted public key signature with the calculated digest. That is, the signature is authenticated by using the digest (43b). With this, the firmware authenticating module 37 authenticates the first firmware updating file 110.” It would be inherent that the signature length would in the header because signatures need to match including be the same length to be authenticated.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Segawa’s information processing apparatus, software updating method, and image processing apparatus with Martinez’s Method for 
	As per claim 9, Martinez in combination with An, Lewis and Segawa teaches the method of updating a device of claim 5, Martinez further teaches wherein the symmetric key is arbitrarily selected by the authorized manager (Martinez, Paragraph 0010 recites “In a specific embodiment of the present disclosure, the firmware image 110 is encrypted before storing the image in firmware memory 110. The firmware image 112 is encrypted using a random symmetric encryption key generated by a software routine included in the firmware image 112.).












Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661.  The examiner can normally be reached on Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439