DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1-2 and 5-7 are pending.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-2 and 5-7 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Where applicant acts as his or her own lexicographer to specifically define a term of a claim contrary to its ordinary meaning, the written description must clearly redefine the claim term and set forth the uncommon definition so as to put one reasonably skilled in the art on notice that the applicant intended to so redefine that claim term. Process Control Corp. v. HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). The term “write-once register” in claims 1-2 and 7 is used by the claim to write-once register may be rewritten during power on or software resets,” while the accepted meaning is the write-once register may be written only one time. The term is indefinite because the specification does not clearly redefine the term.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-2 and 5-6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox et al. (US 2009/0359854) in view Datta et al. (US 20090249050), Mantyla (CN 102640160), and Iizyka et al. (US 20040193763)
Regarding claim 1, Cox teaches
An embedded device comprising a special-purpose computing system, 
firmware memory for storing firmware of the device and (Fig. 1 ((114 –secure boot code) or (144 – less secure boot code)), Figs. 4B and 5, “Device 110 and/or updating secure boot code, loading new or updating less-secure boot code” and [0071-72], “downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.). …  step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).)
a bootloader for verifying the integrity and authenticity of 5the firmware, whereas the bootloader checks a firmware hash against a verified reference hash, wherein the reference hash is stored in a write-once register (Fig. 1, (A/O register 112), [0038], “read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).”), which is part of an always on power domain of the embedded device. ([0078], “reading data from always-on (A/O) registers (e.g., 112). … Additionally, in one embodiment, the data may include a fingerprint (e.g., a non-secure hash value for the restart code, a secure hash value for the restart code, etc.) or other information about the restart code.” And [0081], “Step 840 involves authenticating the restart code. The restart code may be validated or authenticated by computing a non-secure hash or digest of the restart code stored on the peripheral. If the hash or digest matches the fingerprint accessed from the A/O register (e.g., 112) in step 810, then the restart code may be executed”)
a write once register that requires a system reset to rewrite the register.” Where the A/0 register which contains the secure/verified hash is interpreted as Datta’s write-once register accessible during reset only)
Cox and Datta are analogous art. Datta is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Datta, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox to make the always on register a write-once register only accessible during reset.  Furthermore, being able to make the register only accessible during reset improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Cox and Datta teach 
wherein the bootloader checking the firmware hash against the verified reference hash comprises: the bootloader verifying a reference hash of a firmware image with a stored digital signature algorithm public root key, storing the verified reference hash in the write-once register, and calculating the firmware hash and compares it against the verified reference hash. ([0081], “verifier function 40 may be one module of the kernel 14, and it can be used for encrypted Hash calculation files (such as by using SHA-protected memory 42, and for the application identity (path name) bound on the executable file. when the new application program appears, the verifier function 40 calculates reference Hash of the application program, using the private key of the verification device to sign it and stores it in the memory 42. before the application program operation, retrieving the signature from the memory 42 reference Hash calculated validating function 40 Hash application binary 46, and the result is retrieved from the protected memory 42 reference Hash is compared.”
Cox and Datta are analogous art. Datta is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Datta, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox to make the always on register a write-once register only accessible during reset.  Furthermore, being able to make the register only accessible during reset improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Cox teaches an always-on locked register (“write-once” register) which stores a reference hash but does not teach that the hash is the same size as the hash. Mantyla teaches that a reference hash in stored in a protected memory may be a SHA-1 algorithm [0081]. Cox, Datta, and Mantyla do not teach that the “write-once” register is the same size as the reference hash. Iizyka teaches that the register is the same size as the reference hash when using SHA-1. Iizyka teaches

Cox, Datta, Mantyla, and Iizyka are analogous art. Iizyka is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Iizyka, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox, Datta, and Mantyla to make the always on register a write-once register the same size as the hash.  Furthermore, being able to make the register the same size as the hash improves on Cox by being able to optimize/minimize the size of the register. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to minimize the size of the register.
Regarding claim 2, Cox teaches wherein the write-once register is locked automatically and protected against manipulation once after programming. ([0038], “Additionally, read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).” And [0057], “step 450 involves limiting access to secure information (e.g., secret key (e.g., SBK 330), secure key (SSK), information used to generate the secure key, etc.). Such access may be limited by 
Regarding claim 5, Cox teaches wherein at the power-on reset the 15bootloader starts executing, locates a firmware image and verifies a reference hash of the firmware image with a stored digital signature algorithm public root key, whereas the verified reference hash is stored in the write-once register and then the bootloader calculates a firmware hash of the firmware image and compares it against the verified reference hash, whereas the bootloader executes the firmware if hash values match otherwise an error state is 20indicated. (Figs. 4-9 (cold boot flow), [0071], “Step 540 involves downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.) … step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).” [0089], “Step 970 involves decrypting the less-secure boot code and/or authenticating the less-secure boot code using the SBK (e.g., 330). The SBK may be accessed from secure portion 310 of fuses 300, from key slot 210 of secure encryption engine 118, from an A/O register (e.g., 112) of device 110, etc. In one embodiment, once the less-secure boot code (e.g., 155) is decrypted (e.g., by secure encryption engine 118), it may be authenticated or validated by comparing a calculated hash or digest (e.g., calculated by engine 118 or 
Regarding claim 6, Cox’s system teaches the software reset/cold reset where updates occur and, based on Datta, the A/O register (write-once) can be updated only during the system/cold reset. Cox teach wherein at a software reset the bootloader starts executing, locates a new firmware image and verifies a new reference hash of the new firmware image with a stored digital signature algorithm public root key, whereas the new reference hash is stored in the write-once register and then the bootloaderPage 9 of 13LPTF2568CNPCTUSP201957978 calculates a firmware hash of the new firmware image and compares it against the new reference hash, whereas the bootloader executes new firmware if hash values match otherwise an error state is indicated. (Figs. 4 and 9, [0032], “a key stored in another portion of system 100 (e.g., stored within always on (A/O) registers 112 of A/O domain 111 and accessed in response to a reset of system 100), etc.”, [0038], “ information may be temporarily or permanently moved to A/O domain 111 (e.g., stored within A/O registers 112) so that it is not lost during a reduction or termination of power to at least one component in domain 160 (e.g., during a reset”, [0048], “step 430 involves determining whether a warm boot state is set. … Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code, changing the supply potential of one or more components in the controllable supply potential domain 160, etc.).”, [0056], “in step 435 that a force recovery mode state is not set, then cold boot operations may be performed in step 440. For example, less-secure boot code (e.g., 155) may be read, hash or digest (e.g., calculated by engine 118 or another component of system 100) with the hash or digest associated with the less-secure boot code accessed in step 950.”)

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox and Kennedy as applied to claim 1 above, and further in view of Walmsley (US 20090319802).
Regarding claim 7, Cox and Kennedy teach restarting the system but not specifically from a sleep state of the device. They do not teach but Walmsley teaches wherein at a wakeup from sleep of the 5embedded device the bootloader starts executing, loads the verified reference hash from the write-once register and then the Download and authentication of program using results in Power-Safe Storage (PSS).”)
Walmsley, Cox and Kennedy are analogous art. Walmsley is cited to teach a similar concept of hashes for security purposes in always on memory while waking from a sleep mode.  Based on Walmsley, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox and Kennedy to use the always on register only hashes to authenticate firmware during a wake from sleep.  Furthermore, being able to use the always on register when waking from a sleep mode improves on Cox and Kennedy by being able to reduce the wake-up time. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “[i]n order to reduce the wakeup boot time … certain data items are stored in the PSS block. … The SHA-1 value stored in the PSS is calculated by the CPU by decrypting the signature of the downloaded program using the appropriate public key stored in ROM. This compute intensive decryption only needs to 

Response to Arguments
Applicant’s arguments, see pgs. 9-10, filed 02/01/2022, with respect to the rejection(s) of claim(s) 1 under U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Cox, Datta, Mantyla, and Hong.
Applicant's arguments filed 02/01/2022 have been fully considered but they are not persuasive. The Applicant argues that Mantyla does not teach “wherein the bootloader checking the firmware hash against the verified reference hash comprises: the bootloader verifying a reference hash of a firmware image with a stored digital signature algorithm public root key, storing the verified reference hash in the write-once register, and calculating the firmware hash and compares it against the verified reference hash.” The Applicant acknowledges that Mantyla teaches the key concepts of verifying a reference hash, with a public key, the verified reference hash is stored in a protected memory, and the that the firmware has is calculated and compared with the verified reference hash on pg. 13 or the Applicant’s Arguments. The Applicant argues that Mantyla does not teach a write-once memory and therefore fails to teach the limitations. The Examiner uses Cox to teach the write-once register and Mantyla to teach the other concepts in the limitations.  Mantyla’s protected memory is a broad term and could be as interpreted as a write-once register.  Therefore, it is .

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468. The examiner can normally be reached Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        March 10, 2022

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187