DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 1-2, 5-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 20070300207 to Booth et al., in view of U.S. Patent Application Publication 20100306076 to Taveau et al.

As to claim 1, Booth discloses a computing device comprising:

a memory [240] to store a second hash [242] associated with a computer program executed by an operating system of the computing device [hash associated with firmware: paragraph 0021-0022], wherein the second hash is created prior to the first hash [second hash is preprogrammed: paragraph 0021]; and  
a processor to initiate a boot sequence [FIG. 5]: retrieve the first hash when the computer file is to be executed by the processor during a firmware boot sequence [obtain first hash: paragraph 0024]; and 
compare the first hash with the second hash to establish a trusted firmware boot sequence for execution by the computing device [compare the first and second hash to establish a trusted firmware boot: paragraph 0025];
execute the boot sequence when the first hash matches the second hash [paragraph 0028]. 
	Booth further teaches the boot sequence is a single firmware boot sequence without a prior boot authentication occurring during the single firmware boot sequence [FIG. 5].
Booth teaches the limitations of the claim but does not teach that the first hash is password protected.  
Taveau teaches that a trusted source may comprise keys for verifying software, i.e. security data such as a hash [secure vault for holding private identifying key material: paragraph 0058], including a circuit chip to compute the first hash [calculate a cryptographic hash for verifying the trustworthiness of a software entity, i.e. the computer file: paragraphs 0059-
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to employ a password protected trusted data store as taught by Taveau.  One of ordinary skill in the art would have been motivated to do so to prevent unauthorized access to the data store.
It would have been obvious to one of ordinary skill in the art to combine the teachings of the cited references because they are both directed to the problem of storing security data for authentication.  Moreover, the password protected trusted data store means taught by Taveau would improve the security of Booth because it allows for advanced protection of the security data, inter alia, 2-factor authentication.

As to claim 2, Taveau discloses the circuit chip is communicatively linked to the computer program [boot firmware may access to hash values and functions: paragraphs 0069-0072]. 

As to claim 5, Taveau discloses the password of the first hash is randomly generated during an installation process of the computer program onto the computing device [password is generated randomly when verification for access to the password protected material, i.e. first hash, is requested, i.e. during an installation process: paragraph 0108]. 

As to claim 6, Taveau discloses the password of the first hash is provided by a user [security data such as username and password is provided by a user: paragraph 0103].  Booth further teaches that this may occur during an installation process of the computer program onto the computing device [updating firmware on a device: paragraph 0008].

As to claim 7, Booth discloses a computer system comprising: a memory comprising a computer program, a cryptographic first hash [314], and a set of trusted security guidelines for operating an electronic device [procedure to verify that firmware is authentic: paragraph 0021-0022]; a trusted platform module device to store a cryptographic second hash associated with the computer program [240 & 242], wherein the second hash is created prior to the first hash [second hash is preprogrammed: paragraph 0021]; a processor to initiate a boot sequence [FIG. 5]; a trusted application computing agent to establish that a hardware initialization sequence of the electronic device is trusted upon matching the first hash with the second hash [compare the first and second hash to establish a trusted firmware boot: paragraph 0025]; and a controller to operate the computer program on the electronic device according to the set of trusted security guidelines [system performs procedures to verify that firmware is authentic: paragraph 0028].  Booth further teaches the boot sequence is a single firmware boot sequence without a prior boot authentication occurring during the single firmware boot sequence [FIG. 5].  Taveau further teaches that security data, i.e. the first cryptographic hash, may be stored in a set of data [secure vault comprising various security data: paragraph 0058].  It would have been obvious to one of ordinary skill in the art to combine the cited references for the same reasons as for Claim 1 as discussed above.

As to claim 8, Taveau discloses the trusted platform module device comprises a non-volatile memory, and wherein the computer program is to store the cryptographic first hash for the set of data in the non-volatile memory [secure vault for holding private identifying key material, i.e. hash data: paragraph 0058]. 

As to claim 9, Taveau discloses the code is to protect a programmable storage slot in the non-volatile memory [storage locations in the secure vault for storing data such as first cryptographic hash, is protected by a password, i.e. code: paragraph 0058]. 

As to claim 10, Booth discloses the set of trusted security guidelines comprises hardware initialization-enforced security policy data associated with the operational security of the electronic device [firmware verifies remainder of firmware is authentic for booting, is enforced when memory is paged in: paragraph 0028].

As to claim 11, Taveau discloses the set of data is a data structure [secure vault comprising various security data: paragraph 0058].  A BLOB is a data structure - a binary large object is a single data structure comprising a collection of binary data - well known in the art ; it would therefore have been obvious to one of ordinary skill in the art to use a BLOB to store any type of data, such as a password-protected hash file, substantially as claimed.  It well known in the art that specific data from the BLOB can be extracted for use; i.e. providing a modified version of the BLOB. 

As to claim 12, Booth discloses a machine-readable storage medium comprising computer-executable instructions that when executed cause a processor of a computing device to: establish a cryptographic hash function [314] for a computer file [234]; select the cryptographic hash function when the computer file is to be executed during a hardware initialization sequence [obtain first hash: paragraph 0024]; link the cryptographic hash function with a previously stored cryptographic hash function associated with a computer program executed by the computing device, wherein the linking is to establish a trusted hardware initialization sequence for execution by the computing device [compare the first and second hash to establish a trusted firmware boot: paragraph 0025]; and validate data exchanged between the computer file and the computing device during the hardware initialization sequence based on the linking [paragraph 0022].  Booth further teaches the hardware initialization sequence is a single hardware initialization sequence without a prior boot authentication occurring during the single hardware initialization sequence [FIG. 5].  Taveau further a set of data comprising security data, i.e. the first cryptographic hash, is protected by a password, i.e. code [paragraph 0058].  It would have been obvious to one of ordinary skill in the art to combine the cited references for the same reasons as for Claim 1 as discussed above.

As to claim 13, Booth discloses the instructions, when executed, further cause the processor to determine whether to enable the computer program to operate on the computing device based on a comparison of the cryptographic hash function with the previously stored cryptographic hash function [paragraph 0028]. 

As to claim 14, Booth discloses the instructions, when executed, further cause the processor to accept a request by the computer program to operate upon the cryptographic hash function matching the previously stored cryptographic hash function [if the hashes do match, the processor executes the computer program: paragraph 0028]. 

As to claim 15, Booth discloses the instructions, when executed, further cause the processor to reject a request by the computer program to operate upon the cryptographic hash function not matching the previously stored cryptographic hash function [if the hashes do not match, the processor prevents computer from operating: paragraph 0028].

As to claim 16, Booth discloses the circuit chip is to store the first hash in a first storage location and wherein the memory is in a second storage location that is a separate location from the first storage location [FIG. 3].

As to claim 17, Taveau discloses a separate password of the first hash is randomly generated during a different installation process of the computer program onto the computing device [password is generated randomly each time verification for access to the password protected materialis requested, i.e. during each installation process: paragraph 0108].

As to claim 18, Taveau discloses trusted platform module device is to define read and write credentials to the programmable storage slot in the non-volatile memory [storage 

As to claim 20, Booth discloses the processor performs the single hardware initialization sequence [initializing and testing hardware: paragraph 0019].  BIOS and UEFI are hardware initializing and testing means well known in the art; it would therefore have been obvious to one of ordinary skill in the art that said single hardware initialization sequence comprises BIOS or UEFI. 

Claims 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 20070300207 to Booth et al., in view of U.S. Patent Application Publication 20100306076 to Taveau et al., in further view of U.S. Patent Application Publication 20080263345 to Booth et al. (hereafter Booth ‘345)

As to claim 3, Booth and Taveau teach the limitations of the claim, but does not teach that the firmware boot sequence is to receive firmware boot sequence-enforced security policy data from the computer program for storage in a firmware-protected memory and retrieval by the computer program from the firmware-protected memory on demand.  
Booth ‘345 teaches that an authenticated firmware may be used to boot a processor [paragraph 0008].  Thus, Booth ‘345 teaches an authenticated boot sequence similar to that of Booth and Taveau.  Booth ‘345 further teaches the firmware boot sequence is to receive firmware boot sequence-enforced security policy data from the computer program for storage 
Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to employ firmware boot sequence-enforced security policy data means as taught by Booth ‘345.  One of ordinary skill in the art would have been motivated to do so that the processor can boot securely.
It would have been obvious to one of ordinary skill in the art to combine the teachings of the cited references because they are both directed to the problem of implementing an authenticated boot sequence.  Moreover, the firmware boot sequence-enforced security policy data means taught by Booth ‘345 would improve the security of Booth and Taveau because it allowed a first authenticated part of the firmware to validate additional firmware.

As to claim 4, Booth ‘345 discloses the computer file comprises the firmware boot sequence-enforced security policy data, and wherein the computer program is to enforce security policies provided by the firmware boot sequence-enforced security policy data [firmware verifies remainder of firmware is authentic for booting: paragraph 0009]. 

Allowable Subject Matter
Claim 19 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Response to Arguments
Applicant's arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection. 

In the remarks, Applicants request clarification if Taveau’s secure vault is equated to Applicant’s first hash.  The combination of Booth and Taveau teach that the first hash may be stored in Taveau’s secure vault, not that they are the same.

In the remarks, Applicants request clarification if Taveau’s identifying key is equated to Applicant’s first hash.  The combination of Booth and Taveau teach that the first hash may be stored in Taveau’s secure vault, and that Taveau’s identifying key may be used to access the contents of said secure vault.

In the remarks, applicants argued in substance that Booth does not teach or suggest firmware boot sequence-enforced security policy data.  But Booth ‘345 teaches firmware boot sequence-enforced security policy data from the computer program for storage in a firmware-protected memory and retrieval by the computer program from the firmware-protected memory on demand [boot firmware measures and stores additional security policy data to validate firmware as it is loaded from non-volatile memory: paragraph 0009].  That is, a first firmware is validated by hash comparison, substantially as claimed.  Said first firmware 

In the remarks, applicants argued in substance that Claim 5 indicates that a first hash is randomly generated.  But Claim 5 recites that “the password of the first hash is randomly generated”.  Taveau teaches randomly generated data to be used to access the secure vault, i.e. a randomly-generated password of the first hash, substantially as claimed.

In the remarks, applicants argued in substance that Taveau does not teach or suggest a programmable storage slot in the non-volatile memory.  But Taveau teaches a programmable storage slot in the non-volatile memory [storage locations in the secure vault for storing data such as first cryptographic hash: paragraph 0058].  That is, Taveau teaches the secure vault [non-volatile memory] comprises entries [slots] for storing data [i.e. programmable].  Thus, Taveau teaches a programmable storage slot in the non-volatile memory, substantially as claimed.
	
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC CHANG whose telephone number is (571)272-3671. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Huynh can be reached on (571) 272-4147. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic 





/ERIC CHANG/Examiner, Art Unit 2186                                  


/KIM HUYNH/Supervisor Patent Examiner, Art Unit 2186