DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 18-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the invention is directed to a signal.  The claims are for a "computer program" (software per se) and “a storage medium” (signal per se).  The United States Patent and Trademark Office (USPTO) is obliged to give claims their broadest reasonable interpretation consistent with the specification during proceedings before the USPTO. See In re Zletz, 893 F.2d 319 (Fed. Cir. 1989) (during patent examination the pending claims must be interpreted as broadly as their terms reasonably allow).  The broadest reasonable interpretation of a claim drawn to a computer readable medium typically covers forms of non-transitory media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. See MPEP 2111.01.
a transitory signal medium.”, [0066] When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 1357, 84 USPQ2d 1495, 1503 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter).

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-4 and 14-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hursti (US 20140195804).
Regarding claim 1, Hursti teaches

obtaining, in response to a request to verify a signature associated with first data, an asymmetric verifier application from off-device storage; ([0015], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 using techniques such as a digital signature, challenge-response handshake, client-side key verification, and/or other possible techniques.”, and ([0028-29], “the client device 106 may provide the dispatch service 121 with a service request … In response to the service request, the dispatch service 121 may deliver the cryptographic application 131 via the network 109.”)
loading the asymmetric verifier application; ([0028-29], “the client device 106 may provide the dispatch service 121 with a service request …In response to the service request, the dispatch service 121 may deliver the cryptographic application 131 via the network 109. In response to obtaining the cryptographic application 131 through the browser 161 or other client application, execution of the cryptographic application 131”)
executing the asymmetric verifier application; ([0029], “In response to obtaining the cryptographic application 131 through the browser 161 or other client application, execution of the cryptographic application 131 within a virtual machine 163 may be initiated in the client device 106.”)
verifying, using the asymmetric verifier application, the signature associated with the first data using asymmetric-key cryptography. ([0030], “the cryptographic application 131 will manipulate one or more public keys 135 encoded in the JavaScript.RTM. Object Notation (JSON) Web Key (JWK) format, and the communications between the 
Regarding claim 2, Hursti teaches wherein the signature associated with the first data is a signature of a hash of the first data. ([0031], “The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)
Regarding claim 3, Hursti teaches wherein the first data is a further application. ([0031], “the cryptographic application 131 verifies the integrity of the virtual machine 163”)
Regarding claim 4, Hursti teaches wherein prior to executing the asymmetric verifier application verifying, using a first hashing function and an initial application hash, the asymmetric verifier application and responsive to a positive verification result, executing the asymmetric verifier application. ([0029], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 as it executes in the client device 106 using techniques such as a digital signature, challenge-response handshake, client-side key verification, and/or other possible techniques as can be appreciated.”)
Regarding claim 14, Hursti teaches wherein responsive to a positive verification of the signature associated with the first data, the first data is loaded. (Fig. 2, [0051-52], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 as it executes in the client device 106. The data integrity check may be carried out with the cooperation of the dispatch service 121 (FIG. 1) and/or the operator of the client device 106 using techniques such as a digital signature, challenge-response handshake, client-side certificate verification, and/or other possible techniques as can be appreciated. … if the data integrity check completes successfully, in block 209, the cryptographic application 131 obtains the plaintext data to be encrypted.” And [0054], “block 224, the cryptographic application 131 may transmit the ciphertext data 141 and associated metadata (e.g., hash values, identifiers, etc.) for remote storage”)
Regarding claim 15, Hursti teaches wherein the signature associated with the first data is a signature of a hash of the first data and responsive to a positive verification of the signature associated with the first data, the hash of the first data is stored on the device. ([0031], “The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)

Regarding claim 17, Hursti teaches wherein responsive to positive verification of the first data, the first data is executed or made available for use by executable code, optionally wherein after the first data has been executed or made available for use by executable code the hash of the first data is removed from the device. (Figs. 2-3, [0031], “After the cryptographic application 131 verifies the integrity of the virtual machine 163 and/or the client device 106, the cryptographic application 131 may then retrieve the remaining functions, modules, components, functions and/or portions of the cryptographic application 131 from the computing environment 103 necessary for complete operation of the cryptographic application 131. The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated 

As to claims 18-20, Hursti teaches these claims according to the reasoning provided in claim 1.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Hursti in view of Hofstee et al. (US 20070179904)
Regarding claim 5, Hursti teaches an asymmetric verifier but does not teach the verifier is verified using a master bootloader. Hofstee teaches wherein the asymmetric verifier application is verified using a master bootloader of the device. ([0065-66], “Once the initial piece of software, e.g., the loader module, is decrypted and authenticated 
Hursti and Hofstee are analogous art. Hofstee is cited to teach a similar concept of device security.  Based on Hofstee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to verify the verifier application before it is used (i.e. during the boot verification).  Furthermore, being able to verify the verifier application improves on Hursti by being able to maintain a secure device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to maintain security on the device.
Regarding claim 6, Hursti does not teach but Hofstee teaches wherein the initial application hash is retrieved from on-device storage. (Fig. 5, [0064], “The authentication 
Hursti and Hofstee are analogous art. Hofstee is cited to teach a similar concept of device security.  Based on Hofstee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to verify the verifier application with a hash located on chip before use.  Furthermore, being able to verify the verifier application with a hash located on chip before use improves on Hursti by being able to maintain a secure device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to maintain security on the device.
Regarding claim 7, Hurst does not teach but Hofstee teaches wherein the initial application hash is embedded on the device during manufacture or assembly of the device. ([0017], “cryptographic hashing, i.e. hashing in which only entities having knowledge of the hash key may correctly generate a hash value, may be used to generate an authentication value that is based on the core key and the first software 
Hursti and Hofstee are analogous art. Hofstee is cited to teach a similar concept of device security.  Based on Hofstee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to verify the verifier application with a hash located on chip before use.  Furthermore, being able to verify the verifier application with a hash located on chip before use improves on Hursti by being able to maintain a secure device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to maintain security on the device.

Claims 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Hursti in view of Li et al. (US 20190007835).
Regarding claim 8, Hursti teaches an asymmetric verifier application that verifies a signature but does not mention whether the keys are stored in on-device storage but Li teaches wherein the asymmetric verifier application verifies the signature using one 274. The key store 274, in some embodiments, resides in non-volatile memory and key values are burned into the key store 274 at the time of manufacture of the SE 103.”)
Hursti and Li are analogous art. Li is cited to teach a similar concept of device security using keys.  Based on Li, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to use keys burned in during manufacture to an on-device storage.  Furthermore, being able to use keys burned in during manufacture to an on-device storage improves on Hursti by being able to prevent modification to the keys on the device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification by being able to prevent modification to the keys on the device.
Regarding claim 9, Hursti does not teach that the keys are associated with a privilege level but Li teaches wherein a plurality of keys are stored in on-device storage, wherein each of the keys is associated with a privilege level, and wherein restrictions associated with the privilege level of the key which verifies the signature associated with the first data are applied to that first data. (Table 2, [0058], “For the signature embodiment, the SE maintains a key-privilege table. Each row of the table associates a privilege level with a public key.”)
Hursti and Li are analogous art. Li is cited to teach a similar concept of device security using keys.  Based on Li, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject 
Regarding claim 10, Hurst teaches a plurality of keys but does not teach that the keys are embedded at the time of manufacture. Li teaches wherein the one or more keys are embedded on the device during manufacture or assembly of the device. ([0050], “Public keys can be stored in a key store 274. The key store 274, in some embodiments, resides in non-volatile memory and key values are burned into the key store 274 at the time of manufacture of the SE 103.”)
Hursti and Li are analogous art. Li is cited to teach a similar concept of device security using keys.  Based on Li, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to use keys burned in during manufacture to an on-device storage.  Furthermore, being able to use keys burned in during manufacture to an on-device storage improves on Hursti by being able to prevent modification to the keys on the device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification by being able to prevent modification to the keys on the device.

11 is rejected under 35 U.S.C. 103 as being unpatentable over Hursti in view of Takagi et al (US 20170366525)

Regarding claim 11, Hursti teaches verifying the signature using keys but does not teach that the keys are embedded in the application. Takagi teaches herein the asymmetric verifier application verifies the signature using one or more keys embedded in the asymmetric verifier application. (Fig. 9 (103,104), [0145], “delivers the software 111a with the obfuscated public key embedded”)
Hursti and Takagi are analogous art. Takagi is cited to teach a similar concept of device security using keys.  Based on Takagi, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to embed the keys on the application1.  Furthermore, being able to embed keys in the application improves on Hursti by being able to transfer the keys needed with the application to the client. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “the public key 13 corresponding to the private key 14 is embedded into the client application 17 to be delivered to the client 4. Only when the private key 14 used for generating the signature 16a, 16b corresponds to the public key 13 used in the verification of the signature 16a, 16b, the signature 16a, 16b is verified successfully. Therefore, use of an unauthorized client application leads to a failure in the verification of the signature 16a, 16b. This means that it is possible to reduce a risk of covering up an 

Claims 12-13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Hursti in view of
Regarding claim 12, Hurst teaches a positive or negative verification but does not teach unloading the verifier application afterwards. Nelson teaches wherein responsive to a positive or a negative verification (Hurst, [0015], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 using techniques such as a digital signature”) of the signature associated with the first data the asymmetric verifier application is unloaded. (Nelson, [0019], “a failure to match a unique identifier of a verification signature 34 at an information handling system 10 may initiate a variety of protective measures, such as locking the information handling system, deleting the application”)
As to claim 13, Hursti and Nelson teaches this claim according to the reasoning provided in claim 1.
Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468. The examiner can normally be reached Generally, M-F, 7:30a-4p.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        March 8, 2022

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187