Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-5, 8-11, 13-16, 19, and 21 are rejected under 35 U.S.C. 102(a)(1)(2) as being anticipated by Spangler et al. (United States Patent US 9015456), hereinafter Spangler.

1, Spangler teaches a device unit comprising a module that configures the device unit with one operating state from various operating states when the device unit is booted and/or during ongoing operation of the device unit; (Col. 3 Lines 13-15 “In one aspect during boot time, a warning screen may be presented to the user notifying the user the system is running in developer mode.” Lines 57-59 “The developer switch 108 may include a physical switch connected to a switch circuit for switching between the two operating modes of the system.” Col. 2 Lines 60-64 “At some time during operation in normal mode, the user of the system may cause the system to switch to developer mode…” At booting or during in normal mode, the system switches the mode between the normal mode and the developer mode.)
wherein a first protected operating state of the various operating states is designed to permit, an execution of at least one predeterminable operating procedure and to protect it, using defined cryptographic means; (Col. 2 Lines 56-60 “In a first normal mode, the system runs verified code. As used herein, "verified code" refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” Col. 3 Lines 3-5 “security measures typically performed by the system when running normal mode to protect the user from security threats.” The normal mode with security measures is interpreted as a first protected operating state of the various operating states. The normal mode executes verified code, which has been signed by a trusted party, which is interpreted as an execution of at least one predeterminable operating procedure and to protect it. Furthermore, sign by the trusted party is interpreted as using defined cryptographic means.)
wherein at least one second operating state of the various operating states is designed to deactivate the first protected operating state and to permit at least one other changeable operating procedure and to protect it, using predefinable cryptographic means, (Col. 2 Lines 64-67 “In developer mode, the system may run unverified code. As used herein, “unverified code” refers to any code other than verified code, including unsigned or user-signed code.” Col. 6 Lines 36-40 “Once the value of the developer mode state has been locked, in step 414, control is switched to unverified code ( e.g., developer firmware) and the system boots in developer mode so that the user ( e.g., developer) may run their own unsigned or user-signed code.” Col. 6 Lines 40-45 “The value of the developer mode remains locked until the device is rebooted, at which time the system will initiate boot-up using the verified code. Thus, the value of the developer mode, and the state of the developer mode indicator, may be protected against unauthorized modification. The value of the developer mode remains locked until the device is rebooted, at which time the system will initiate boot-up using the verified code. Thus, the value of the developer mode, and the state of the developer mode indicator, may be protected against unauthorized modification.” A developer mode, which is interpreted as at least one second operating state of the various operating states, is switched from the normal mode or enabled. Thus, the normal mode is disabled, which is interpreted as deactivate the first protected operating state or the normal mode. In a developer mode, user (e.g., developer) may run their own unsigned or user-signed code, which is interpreted as permit at least one other changeable operating procedure. Furthermore, the value of the developer mode is also set. Then, the value of the developer mode is locked, which is interpreted as protect it, using predefinable cryptographic means.) and 
wherein, if the configured operating state corresponds to the first operating state, the module maintains this state, (Col. 6 Lines 6-11 “if the processor determines that the system is in normal mode, processor 202, executing verified firmware, may write the value of the developer mode state to secure memory 208 to reflect that the system is operating in normal mode (e.g., the value of the developer mode state is set to zero).” If the processor determines that the system is in normal mode, which is interpreted as if the configured operating state corresponds to the first operating state, the normal mode executes verified firmware and write the value of the developer mode state as the normal mode, which results the system continues to operate in the normal mode, which is interpreted as the module maintains this state.) or 
if the configured operating state corresponds to the at least second operating state, the module deactivates the first operating state and introduces and/or maintains (Col. 6 Lines 15-18 “once the developer mode is enabled (e.g., the developer mode state value is set to one) the system will run in developer mode until the developer mode is disabled (e.g., the developer mode state value is set to zero).” Once the developer mode is enabled or switched from the normal mode, which is interpreted as if the configured operating state corresponds to the at least second operating state, the system operates only in the developer mode resulting to disable the normal mode, which is interpreted as the module deactivates the first operating state. Until the developer mode is disabled, the system runs in the developer mode, which is interpreted as maintains the at least second operating state.)

Regarding claim 2, Spangler teaches that the device unit is designed as an embedded system or as part of an embedded system. (Col. 7 Lines 41-47 “the system may include an embedded controller that controls keyboard, power, battery and/or other existing indicators. In one aspect, the state of the developer mode indicator may similarly be stored at the embedded controller or may be read at boot time from the physical developer switch 108 or secure memory 208 by the embedded controller.” The system includes an embedded controller, which is interpreted as the device is designed as an embedded system.)

3, Spangler teaches on the device side, when the operating state is intended to be protected during the boot procedure and/or during ongoing operation of the device unit, integrity protection measures suitable for booting and/or suitable for ongoing operation are provided. (Col. 2 Lines 56-60 “In a first normal mode, the system runs verified code. As used herein, "verified code" refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” Col. 3 Lines 3-5 “security measures typically performed by the system when running normal mode to protect the user from security threats” The verified code in the normal mode, which performs security measures to protect the user from security threats, is interpreted as integrity protection measures suitable for booting and/or suitable for ongoing operation are provided. The normal mode with security measure is interpreted as when the operating state is intended to be protected during the boot procedure and/or during ongoing operation of the device unit.)

Regarding claim 4, Spangler teaches that the integrity protection measures furthermore comprise device authentication and/or device integrity attestation. (Col. 2 Lines 57-60 “ “verified code” refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” Sign by a trusted party for verified code is interpreted as the integrity protection measure comprises device authentication.)

Regarding claim 8, Spangler teaches that parts of the device unit are able to be activated and/or able to be deactivated. (Col. 3 Lines 19-24 “the present system provides a developer mode indicator (e.g., an LED developer mode indicator) that can be activated for the duration that the system is running in developer mode such that the user is aware of the mode of operation of the system even if the user missed the boot time warning.” An LED developer mode indicator can be activated during the developer mode or deactivated during normal mode.)

Regarding claim 9, Spangler teaches that the module is able to be configured by way of one or more software and/or firmware program codes and/or hardware circuits. (Col. 3 Lines 48-51 “The processor 102 is configured to execute instructions, such as instructions physically coded into the processor 102, instructions received from software in firmware memory 104 or memory 106, or a combination thereof.” The processor included in the system is configured by executing instruction coded into the processor and instructions received from software in firmware memory or memory, which is interpreted as the module is configured by way of one or more software and/or firmware program codes. Furthermore, the processor configures the system, which is interpreted as the module is able to be configured by hardware circuits.)

Regarding claim 10, Spangler teaches that the one or more software and/or firmware program codes are able to be sealed. (Col. 5 Lines 30-34 “To prevent unauthorized modification of the state of the developer mode indicator 214, the system 200 may protect the value of the internal register at boot time before turning control over to unverified code being run while the system is in developer mode.” Col. 7 Lines 54-55 “the embedded controller will only run verified code.” The value of the internal register at boot time is protected, which is interpreted as the one or more software and/or firmware program codes are able to be sealed.)

Regarding claim 11, Spangler teaches that at least one further third operating state of the device unit is designed to permit the first and the second operating state in parallel operation and possibly to cryptographically protect them. (Col. 7 Lines 50-55 “at boot time, the system (e.g., system 100 or system 200) may verify the code executed at the embedded controller before turning control over to unverified code. The system may then allow the main processor (e.g., processor 102 or 202) to run unverified code, but the embedded controller will only run verified code.” While the main processor runs unverified code, the embedded controller only runs verified code, which is interpreted as to permit the first and the second operating state in parallel operation. Furthermore, as discussed above, the verified code in the normal mode is protected with sign by the third party and the unverified code in the developer mode also is protected from an unauthorized developer, which is interpreted as to cryptographically protect them.)

	Regarding claims 13-16, and 19, the claims 13-16, and 19 are the method claims of the apparatus claims 1, 3-5, and 11. The claims 13-16, and 19 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Spangler teaches all the limitations of the claims 13-16, and 19.

	Regarding claim 21, the claim 21 is a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, as claimed in claim 13. Spangler teaches a computer readable hardware storage device having computer readable program code stored therein. (Col. 9 Lines 52-57 “Some implementations include electronic components, such as microprocessors, storage and memory that store computer program instructions in a machine-readable or computer-readable medium (alternatively referred to as computer-readable storage media, machine-readable media, or machine-readable storage media).”) The claim 21 does not further 13 above. Therefore, Spangler teaches all the limitations of the claim 21.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6, 7, 12, 17, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Spangler in view of Takayama et al. (United States Patent Application Publication US 2010/0185845), hereinafter Takayama.

Regarding claim 6, Spangler teaches all the limitations of the device unit as claimed in claim 1, as discussed above.
Spangler does not teach in each case a device certificate for both operating states is able to be made available.
Takayama teaches in each case a device certificate for both operating states is able to be made available. (Fig. 5 “Start normal secure boot processing” S501 “Compare module and certificate” Fig. 6 “Start update secure boot processing” S601 “Compare module and certificate” For both operating states, such as normal secure boot processing and update secure boot processing, as shown in Fig. 5 and Fig. 6, certificates are compared, which is interpreted as in each case a device certificate for both operating states is able to be made available.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spangler by incorporating the teaching of Takayama of certificates for both operating states. They are all directed toward security in the computer system. As recognized by Takayama, the services provided over a network have grown to provide wide range of services for various types of devices. ([0002]) Thus, for preventing improper activities such as manipulating the software modules installed in the devices, a certificate for each software module verifies the integrity of the software. ([0003]) Therefore, it would be advantageous to incorporate the teaching of Takayama of certificates for both operating states to verify the integrity of the software.

7, Spangler teaches all the limitations of the device unit as claimed in claim 3, as discussed above.
Takayama further teaches that the deactivation of the protected operating state is able to be performed by deleting the at least one key and/or revoking the device certificate made available for the protected operating state. (Fig. 14 S406 “Reset update flag, delete certificate prior to update” S1407 “Update certificate for which value shown by counter in security device and reference counter value are the same with existing certificate”…“END” After delete certificate prior to update, then the certificate is update in the secure boot processing, which is interpreted as revoking the device certificate made available for the protected operating state. Furthermore, updating or revoking the device certificate results in “END” of the secure boot processing.)

Regarding claim 12, Spangler teaches all the limitations of the device unit as claimed in claim 1, as discussed above.
Takayama further teaches that the first, second and possibly the third operating state is able to be defined by device configuration, what are known as jumpers, activation codes and/or by the key and/or by the device certificate and/or the revocation state of the device certificate and/or by a trust anchor and/or by a communication protocol with a further authority. (FIG. 15A-15C, each states during updates are defined by values of the certificates, which are interpreted as the first, second, and possibly the third operating state is able to be defined by device configuration, what are known as the key, the device certificate, and the revocation state of the device certificate.)

	Regarding claims 17, 18, and 20, the claims 17, 18, and 20 are the method claims of the apparatus claims 6, 7, and 12. The claims 17, 18, and 20 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Spangler in view of Takayama teaches all the limitations of the claims 17, 18, and 20.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Skalsky (United States Patent Application Publication US 2013/0031538) teaches updating secure-preboot firmware in real-time without rebooting the system to update the BIOS/UEFI firmware.
Young et al. (United States Patent Application Publication US 2014/0068594) teaches a firmware update system to manage some firmware update in a pre-boot environment (e.g., before an operating system is loaded)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 





/H.K./Examiner, Art Unit 2187                                                                                                                                                                                                        

/XUXING CHEN/Primary Examiner, Art Unit 2187