DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
The present application is being examined under the claims filed on August 17, 2019.  Claims 1-20 are presented for examination.  Claims 1-20 are rejected.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1 and 8-12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Deierling et al. (hereinafter ‘Deierling’) WO 2011/019390.  

As to independent claim 1, Deierling teaches:
a boot Read-Only Memory (ROM) update method of an embedded system (para. [0014] field upgradable unit FUU 110A-110D) including a memory, which includes a user data area (para. [0035] non-secure volatile memory 315) and a boot ROM area (para. [0031] secure memory device 280) that includes a first area (para. [0031] active portion 305) and a second area (para. [0031] inactive portion 310), and a ROM, which copies a first boot code (para. [0023] bootloader 282) from the boot ROM area during boot-up, the boot ROM update method comprising: 
writing a second boot code (para. [0031] store update object 320) to the second area in response to a first ROM update command (para. [0035] “initiate an update by writing a predetermined value such as an update command”), the second boot code including a second boot ROM image (para. [0031] “update object 320 may include update information that is formatted into a number of sections”) and a second signature (para. [0031] “the update object 320 may have an associated update signature 321 … that may be appended to the update object”) for the second boot ROM image (para. [0049] “field upgradeable unit 110 may receive a signed update object 320, and optional update signature, in association with one or more keys (e.g., Key 1, Key 2, Key 3) at Step 405” ; Step 405 stores update object 320 in verification portion 319 of non-secure memory 315); 
verifying validity of the second signature (para. [0052] step 420 authenticates data in verification portion); and 
if the second signature is valid, swapping the first area and the second area (para. [0008] “The inactive portion [310] of the memory can be swapped with an active portion [305] of the secure memory [280], such that the inactive portion becomes active.” ; para. [0053] step 450 swap active portion 305 and inactive portion 310 to update/replace active bootloader), 


As to dependent claim 8, Deierling teaches: 
before the swapping the first area and the second area: 
if a sudden power-off (SP0) occurs, performing boot-up using the first boot code (para. [0023] “A bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset”); 
writing the second boot code to the user data area (para. [0040] “the update object 320 and signature 321, if present, are loaded into a verification portion 319 of the non-secure memory [315]”); 
writing the second boot code to the second area in response to a second ROM update command (para. [0035] “initiate an update by writing a predetermined value such as an update command” ; In this scenario, a second ROM update command occurs after the first ROM update command received before the sudden power-off.  Therefore, a second or sequential ROM update command is interpreted to be functionally identical to the first ROM update command.); 
verifying the validity of the second signature (para. [0042] “Thereafter, the controller 210 calculates a hash of the update information, identified as ‘hash 3’. Key 1 is applied to Signature 1 to determine a hash value, identified as ‘hash 4’. Hash 3 and hash 4 are compared to see if they match one another. In a similar manner Key 2 is used to generate a hash value from Signature 2, and Key 3 is used to generate a hash value from Signature 3. Each of these generated hash values is also compared with hash 3, to determine whether they match. If the calculated value for hash 3 matches each of the hash values generated from the signatures, the update object 320 is verified.” ; para. [0044] “If all 
if the second signature is valid, swapping the first area and the second area (para. [0008] “The inactive portion [310] of the memory can be swapped with an active portion [305] of the secure memory [280], such that the inactive portion becomes active.” ; para. [0053] step 450 swap active portion 305 and inactive portion 310 to update/replace active bootloader). 

As to dependent claim 9, Deierling teaches: 
executing. by the ROM, a boot loader by verifying integrity of the boot loader, verifying, by the boot loader. integrity of a kernel, and verifying, by the kernel, integrity of a file system (para. [0040] controller 210 transfers control [e.g. loads] previously verified bootloader code stored in the active portion 305 of the secure non-volatile memory device 280 ; For the purposes of examination, the phrase “by the ROM” will be interpreted as “from the ROM”). 

As to dependent claim 10, Deierling teaches: 
executing, by the ROM, a boot ROM loader and loading, by the boot ROM loader, the first boot code from the first area (para. [0023] “[a] bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset” ; For the purposes of examination, the phrase “by the ROM” will be interpreted as “from the ROM” and the phrase “by the boot ROM loader” will be interpreted as “from the boot ROM loader”). 


receiving a ROM update command (para. [0035] “initiate an update by writing a predetermined value such as an update command”); 
writing a new boot code (para. [0031] update object 320) to a backup boot ROM area (para. [0031] inactive portion 310); 
verifying validity of the new boot code (para. [0052] step 420 authenticate data in verification portion 319) using a Digital Signature Algorithm (para. [0031] signature 1, signature 2, and signature 3 may support a key management protocol used by the operator of network 130); and 
if the new boot code is valid, changing the backup boot ROM area into a main boot ROM area (para. [0008] “The inactive portion [310] of the memory can be swapped with an active portion [305] of the secure memory [280], such that the inactive portion becomes active.” ; para. [0053] step 450 swap active portion 305 and inactive portion 310 to update/replace active bootloader).

As to dependent claim 12, Deierling teaches:
the verifying the validity of the new boot code comprises calculating a hash value of the new boot code (para. [0042] “Thereafter, the controller 210 calculates a hash of the update information, identified as ‘hash 3’. Key 1 is applied to Signature 1 to determine a hash value, identified as ‘hash 4’. Hash 3 and hash 4 are compared to see if they match one another. In a similar manner Key 2 is used to generate a hash value from Signature 2, and Key 3 is used to generate a hash value from Signature 3. Each of these generated hash values is also compared with hash 3, to determine whether they match. If the calculated value for hash 3 matches each of the hash values generated from the signatures, the update object 320 is verified.” ; para. [0044] “If all verifications pass, update module 284 copies Key 2, Key 3, and the update information [which, as discussed above, may be a new bootloader] into the inactive portion 310 of secure memory device 280”). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-7 are rejected under 35 U.S.C. 103 as being unpatentable over Deierling as applied to claim 1 above, and further in view of Gaurav Shah et al. (hereinafter ‘Shah’) US 20110087872.  

As to dependent claim 2, Deierling teaches the invention of claim 1.  Dierling does not explicitly teach the boot code includes a header.  However, Shah is cited to teach that boot code headers may include a plurality of fields of information regarding the corresponding boot code:
the first boot code includes a first header, which includes detailed information regarding the first boot code (Shah para. [0052]-[0059] header 216, header signature 218, header 300, length 310, algorithm 320, key-size 330, crypto hash algorithm 340, public key 350, key version number 360, crypto hash 370, firmware version 410, length 420), and 

Deierling and Shah are both considered to be analogous to the claimed invention because they are in the same field of securely booting computer systems and reasonably pertinent to the problem faced by the inventors in securely updating boot code (e.g. firmware) and protecting against attacks from malicious actors (Deierling para. [0003], Shah para. [0003]).  Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Deierling to incorporate the teachings of Shah to obtain the claimed limitations above.  Doing so would improve security by expanding the verification features associated with modifiable boot code thereby robustly protecting against attacks by malicious actors who may attempt to modify a “boot path” by corrupting or replacing legitimate instructions with malicious instructions (Shah para. [0003]-[0007] and [0030]-[0033]).  

As to dependent claim 3, the combination of Deierling and Shah teaches:  
the first header includes at least one of version information of the first boot code, size information of the first boot code, an encryption key of the first boot code, an encryption algorithm of the first boot code, and a hash value of a public key (Shah para. [0052]-[0059] length 310, algorithm 320, key-size 330, crypto hash algorithm 340, public key 350, key version number 360, crypto hash 370, firmware version 410, length 420), and 
the second header includes at least one of version information, size information, an encryption key, and an encryption algorithm of the second boot code and the hash value of the public key (Shah 

As to dependent claim 4, the combination of Deierling and Shah teaches:  
if the second signature is valid (Shah para. [0010] “The boot process of the second general aspect further includes verifying, by the processor, an encrypted signature corresponding with a second portion of the read-write portion of the firmware using a second public-key and a second cryptographic hash algorithm”), determining whether a version of the second boot code is newer than a version of the first boot code based on the first header and the second header (Shah para. [0055] “header 300 may also include a key-version number field 360” ; Shah para. [0056] “Use of a securely stored highest-key-version number to verify … is the most recent [or a newer version]”); and 
if the version of the second boot code is newer than the version of the first boot code, swapping the first area and the second area (Shah para. [0055] “header 300 may also include a key-version number field 360” ; Shah para. [0056] “Use of a securely stored highest-key-version number to verify … is the most recent [or a newer version]”).  

As to dependent claim 5, the combination of Deierling and Shah teaches:  
verifying the public key using the hash value of the public key (Shah para. [0070] “verification at block 620 may be accomplished using, for example, a second public-key and a second cryptographic hash algorithm”). 

As to dependent claim 6, the combination of Deierling and Shah teaches:  
the embedded system includes a memory controller, which includes firmware that controls the memory (Shah para. [0032]-[0033] “chipset [130] may include … a memory controller”), 

the verifying the validity of the second signature, comprises verifying the validity of the second signature using the public key (Shah para. [0070] “the method 600 includes verifying an encrypted signature corresponding with a second portion of the read-write portion of the firmware. The verification at block 620 may be accomplished using, for example, a second public-key and a second cryptographic hash algorithm”). 

As to dependent claim 7, the combination of Deierling and Shah teaches: 
the second signature is created using a private key of the DSA and the second boot ROM image (Shah para. [0052] “[t]he firmware information signature 224 and the R/W firmware data signature 226 may be generated and verified using a cryptographic hash algorithm that is indicated in the header 216 and a public-key that is included in header 216 … encrypted signatures may generated and verified in different manners, based any appropriate portion or section of the firmware 200”.  An exemplary type of Digital Signature Algorithm [DSA] is not specified in the instant application.). 

Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Deierling as applied to claims 11-12 above, and further in view of Kotary et al. (hereinafter ‘Kotary’) US 20170147356.  

As to dependent claim 13, Deierling teaches the invention of claims 11-12.  Dierling does not explicitly teach calculating the hash value of the new boot code by dividing the new boot code into segments of a standard size of data calculated by a hash function.  However, Kotary is cited to teach: 

Deierling and Kotary are both considered to be analogous to the claimed invention because they are in the same field of securely booting computer systems and reasonably pertinent to the problem faced by the inventors in securely updating boot code (e.g. firmware) and protecting against attacks against initialization software during the booting process (Deierling para. [0003]-[0006], Kotary para. [0001]).  Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Deierling to incorporate the teachings of Kotary to obtain the claimed limitations above.  Doing so would improve security by retrieving and authenticating platform initialization firmware before booting the processor (Kotary para. [0014] “a security engine 140 of the computing device 102 retrieves and authenticates platform initialization firmware 134” ; “initial boot firmware 136 (e.g., STAGE-1 firmware 136), which may be required to complete initialization (e.g., booting, etc.) of the processor 110”).  

As to dependent claim 14, the combination of Deierling and Kotary teaches:
the writing the new boot code to the backup boot ROM area comprises writing the new boot code to the backup boot ROM area in units of the segments (Deierling para. [0031] “update object 320 may include update information that is formatted into a number of sections” ; Kotary para. [0014] “breaking the initial boot firmware 136 (e.g., STAGE-1 firmware 136) into multiple blocks, consecutively 

As to dependent claim 15, the combination of Deierling and Kotary teaches:
the writing the new boot code to the backup boot ROM area in units of the segments and the calculating the hash value of the new boot code by dividing the new boot code into the segments of the standard size of data calculated by a hash function are performed simultaneously (Kotary para. [0015] “Contemporaneous with determining the hash value for the initial block, the security engine 140 may retrieve the next block of the initial boot firmware 136 from the memory 130 and store that block in another buffer 146 of the secure memory 142”). 

Claims 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Deierling in view of Nayer Naguib (hereinafter ‘Naguib’) US 20150200934.  

As to independent claim 16, Deierling teaches:
executing, by a Read-Only Memory (ROM), a boot ROM loader (para. [0023] “bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset” ; For the purposes of examination, the phrase “by a Read-Only Memory” will be interpreted as “from a Read-Only Memory”); 
loading, by the boot ROM loader, a first boot code from a memory (para. [0023] “bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset” ; For the purposes of examination, the phrase “by the ROM” will 
executing, by the ROM, a boot loader by verifying integrity of the boot loader (para. [0040] controller 210 transfers control [e.g. loads] previously verified bootloader code stored in the active portion 305 of the secure non-volatile memory device 280 ; For the purposes of examination, the phrase “by the ROM” will be interpreted as “from the ROM”); 
Deierling does not teach verifying integrity of a kernel or verifying integrity of a file system.  However, Naguib is cited to teach:
verifying, by the boot loader, integrity of a kernel (Naguib para. [0021] “the bootloader verifies the operating system kernel”; Naguib para. [0050] “[t]he verified bootloader verifies the operating system kernel, which in turn verifies executable files” ; Naguib Claim 1 also states succinctly “verifying, by the bootloader, an operating system kernel”; “The express, implicit, and inherent disclosures of a prior art reference may be relied upon in the rejection of claims under 35 U.S.C. 102 or 103”. See MPEP 2112 ; For the purposes of examination, the phrase “by the boot loader” will be interpreted as “by verifying the boot loader”); and 
verifying, by the kernel, integrity of a file system (Naguib para. [0022] “[t]he kernel then verifies operating-system level executable files [e.g., device drivers]”; Naguib para. [0084] “[t]he initial integrity check verifies that no untrusted software [e.g., bootloader, operating system kernel, driver, application, etc.] will execute on the computing device during the computing session” ; Naguib Claim 1 also states succinctly “upon verification of the operating system kernel, verifying, by the operating system kernel, at least one executable file” ; For the purposes of examination, the phrase “by the kernel” will be interpreted as “by verifying the kernel”).  
Deierling and Naguib are both considered to be analogous to the claimed invention because they are in the same field of ensuring the security of computer systems during firmware and software 

As to dependent claim 17, the combination of Deierling and Naguib teaches:
secure-updating the first boot code in the memory (Deierling para. [0023] “bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset” ; Instructions read and executed by the controller must be previously stored in the non-volatile memory 280.). 

As to dependent claim 18, the combination of Deierling and Naguib teaches:
the memory includes a user data area (Deierling para. [0035] non-secure volatile memory 315) that is freely accessible and a boot ROM area with restricted access (Deierling para. [0031] secure memory device 280), and 
the boot ROM area includes a main boot ROM area (Deierling para. [0031] active portion 305) and a backup boot ROM area (Deierling para. [0031] inactive portion 310). 


writing the first boot code to the backup boot ROM area (Deierling para. [0023] “bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset” ; Instructions read and executed by the controller must be previously stored in the non-volatile memory 280.), 
verifying validity of the first boot code (Deierling para. [0008] “After verifying the authenticity of the update object [320], the device may copy the update object from the verification portion [319] of the memory to an inactive portion [310] of secure memory [280].” ; Deierling para. [0038] Alternatively, update module 284 may initiate the update mode by triggering state machine 270 to read predefined location 317 in the memory 315. Controller 210 can monitor location 317 and switch into the update mode once this has occurred. Update module 284 can then verify that the information in a verification area 319 is authentic ; Deierling para. [0040] controller 210 transfers control [e.g. loads] previously verified bootloader code stored in the active portion 305 of the secure non-volatile memory device 280); and 
swapping the backup boot ROM area and the main boot ROM area if the first boot code is valid (Deierling para. [0008] “The inactive portion [310] of the memory can be swapped with an active portion [305] of the secure memory [280], such that the inactive portion becomes active.” ; Deierling para. [0053] step 450 swap active portion 305 and inactive portion 310 to update/replace active bootloader). 

As to dependent claim 20, the combination of Deierling and Naguib teaches:
the loading, by the boot ROM loader, the first boot code from the memory comprises 


Conclusion
Other references deemed relevant to the pending application, are:
US 20160048459 to Sang-Jin Oh which teaches sudden power off and a secondary nonvolatile memory device having a physical storage area with first and second logical areas. 
US 20160048684 to Paul Kocher et al. which teaches a secure boot process that verifies whether an encrypted data segment has been modified.
US 20150098563 to Sean Gulley et al. which teaches an apparatus that includes a single instruction multiple data (SIMD) hash module configured to apportion at least a first portion of a message to a number of segments.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLIFFORD G COUSINS whose telephone number is 571-272-0486. The examiner can normally be reached Monday-Friday 8:00 am - 5:00 pm Central.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/CLIFFORD G COUSINS/               Examiner, Art Unit 2187                     

/JAWEED A ABBASZADEH/               Supervisory Patent Examiner, Art Unit 2187