DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 32 and 35 are objected to because of the following informalities:  they recite “a provide module” and “a receive module”, which appear to contain typographical errors.  Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a measurement module configured to perform…”, “a provide module configured to provide…” and “a receive module configured to receive…” in claim 32 and “a provide module configured to provide…” and “a receive module configured to receive…” in claim 35.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3, 5-7, 17, 19, 20, 22, 23, 30-37 are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Lowell (US 2006/0253702).

Regarding claims 1, 22, 30-32 and 36, Lowell teaches A method for obtaining a Vendor Credential (VC) certificate from a server, the method being performed by network equipment (see Fig. 1 and [0024]: gaming CA 12. And see [0007]: “The system also includes a gaming certificate authority server (gaming CA) and a gaming registration authority server (gaming RA)….The gaming CA is configured to issue digital certificates to the gaming RA. The gaming RA is configured to receive certificate requests from clients, authenticate the requesting clients, and transmit certificate requests made by the authenticated clients to the gaming CA. The gaming RA is configured to receive digital certificates from the gaming CA and transmit them to authenticated clients”. The Examiner interprets the gaming certificate authority server (gaming CA) 12 as a server. 
And see [0030]: “The system of the present invention can be classified into two types of components, gaming components (GCs) and site management components (SMCs)”. And see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file” . And see [0060]: “If the private key encrypted installation executable is successfully authenticated, the secure loader then executes the file, and generates a new user CA private/public key pair, and a certificate request for the newly generated user CA public key”. The Examiner further interprets “digital certificates from the gaming CA” taught in  [0007] as a Vendor Credential (VC) certificate from a server. The Examiner also interprets “the GC server” as network equipment. And see [0045]: “client machines within a gambling site”),the method comprising: 
performing, by an enclave (see [0048]: “For some implementations, secure boot loader 48 is the read-only disk-on-chip that contains an operating system and network operating system. For other implementations, secure boot loader 48 is the secured boot sector within the hard drive that is authenticated by the read-only BIOS”. The specification of the instant application defines enclave as the following: “the term enclave as used herein could be regarded as short for hardware-mediated execution enclave. The enclave might generally be defined as an area of process space and memory within a system environment, such as network equipment 200, within a computer host which delivers confidentiality and integrity of instructions and data associated with that enclave” (see page 13). Because secure boot loader 48 is an area of process space and memory within a system environment, within a computer host which delivers security of instructions and data, the Examiner interprets secure boot loader 48 as an enclave) of the network equipment, measurements on at least one property of the network equipment (see [0048]: “Secure boot loader 48 is trusted software that verifies the operating system and other executables within the system are authentic when the system boots”. And see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”. The Examiner interprets “hash function is run against the program” taught in [0037] as performing, by an enclave of the network equipment, measurements on at least one property of the network equipment); 
providing, by the enclave, a request for the VC certificate from the server upon having attested the measurements (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”. And see [0060]: “If the private key encrypted installation executable is successfully authenticated, the secure loader then executes the file, and generates a new user CA private/public key pair, and a certificate request for the newly generated user CA public key. The technician sends the certificate request to gaming RA 14, which validates the certificate request and forwards the certificate request to gaming CA 12”. The Examiner interprets “hash function is run against the program, then matched against its white list hash value before the program is executed” as having attested the measurements. The Examiner interprets “Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed. If the … executable is successfully authenticated, the secure loader then … generates a new user CA private/public key pair, and a certificate request for the newly generated user CA public key” as providing, by the enclave, a request for the VC certificate from the server upon having attested the measurements); and 
receiving, from the server, the VC certificate in response to the request and storing the VC certificate in the network equipment (see [0064]: “Gaming CA 12 issues a certificate for user CA 17's public key. A certificate is forwarded to the technician, used to find the 3DES key used to encrypt the OS, SQL Server, etc installed at site 15, and encrypt the 3DES key using the public key submitted for the gaming certificate. The encrypted 3DES key is then signed by gaming CA 12's private key”. And see [0066]: “The technician downloads the user CA gaming certificate and encrypted 3DES Key to his computer over a public network, stores the files on a disk, and inserts the disk into the server's disk drive or equivalent. The private key encrypted installation executable copies the encrypted 3DES key, verifies gaming CA 12's digital signature for the key for authentication, decrypts the encrypted key, and stores it in the host protected space as the site secret, by 3DES encrypting it using the same password used by the site manager for encrypting the site private key. The private key encrypted installation executable copies the gaming certificate for the site public key into the host protected area”. And see [0054] and [0055]: “When a gaming server, device, or peripheral is equipped with a secured BIOS ROM, the BIOS holds the key to opening the host protected space”. “The host protected area (HPA) is a protected area of the hard drive reserved for storage of critical data and applications in a container segregated from the rest of the hardware by an internal firewall”. The Examiner interprets the executable copying the gaming certificate for the site public key into the host protected area of the client machine taught in [0066] as storing the VC certificate in the network equipment ).  

Regarding claim 3, Lowell further teaches wherein the request for the VC certificate is encryption signed by the enclave (see [0063]: “The technician responsible for installing the software signs the certificate request using his private key”).  

Regarding claim 5, Lowell further teaches wherein the measurements are performed on the at least one property according to a whitelist (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value”). 

Regarding claim 6, Lowell further teaches wherein the whitelist comprises boot measurement recordings to which the measurements are compared (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”). 

Regarding claim 7, Lowell further teaches wherein the measurements are compared to the boot measurement recordings by a boot appraiser in the enclave (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”). 

Regarding claim 17, Lowell further teaches wherein the at least one property relates to configuration parameters of the network equipment (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”. The Examiner interprets programs on the GC server as configuration parameters of the network equipment).  

Regarding claim 19, Lowell further teaches wherein the configuration parameters relate to software and/or hardware of the network equipment (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”. The Examiner interprets software programs on the GC server as configuration parameters of the network equipment).  
  
Regarding claims 20, 33-35 and 37, Lowell teaches A method for providing a Vendor Credential (VC) certificate to network equipment, the method being performed by a server  (see Fig. 1 and [0024]: gaming CA 12. And see [0007]: “The system also includes a gaming certificate authority server (gaming CA) and a gaming registration authority server (gaming RA)….The gaming CA is configured to issue digital certificates to the gaming RA. The gaming RA is configured to receive certificate requests from clients, authenticate the requesting clients, and transmit certificate requests made by the authenticated clients to the gaming CA. The gaming RA is configured to receive digital certificates from the gaming CA and transmit them to authenticated clients”. The Examiner interprets the gaming certificate authority server (gaming CA) 12 as a server. 
And see [0030]: “The system of the present invention can be classified into two types of components, gaming components (GCs) and site management components (SMCs)”. And see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file” . And see [0060]: “If the private key encrypted installation executable is successfully authenticated, the secure loader then executes the file, and generates a new user CA private/public key pair, and a certificate request for the newly generated user CA public key”. The Examiner further interprets “digital certificates from the gaming CA” taught in  [0007] as a Vendor Credential (VC) certificate from a server. The Examiner also interprets “the GC server” as network equipment. And see [0045]: “client machines within a gambling site”), the method comprising: 
receiving a request for the VC certificate from an enclave (see [0048]: “For some implementations, secure boot loader 48 is the read-only disk-on-chip that contains an operating system and network operating system. For other implementations, secure boot loader 48 is the secured boot sector within the hard drive that is authenticated by the read-only BIOS”. The specification of the instant application defines enclave as the following: “the term enclave as used herein could be regarded as short for hardware-mediated execution enclave. The enclave might generally be defined as an area of process space and memory within a system environment, such as network equipment 200, within a computer host which delivers confidentiality and integrity of instructions and data associated with that enclave” (see page 13). Because secure boot loader 48 is an area of process space and memory within a system environment, within a computer host which delivers security of instructions and data, the Examiner interprets secure boot loader 48 as an enclave) of the network equipment (see [0060]: “If the private key encrypted installation executable is successfully authenticated, the secure loader then executes the file, and generates a new user CA private/public key pair, and a certificate request for the newly generated user CA public key. The technician sends the certificate request to gaming RA 14, which validates the certificate request and forwards the certificate request to gaming CA 12”. The Examiner interprets “the secure loader then … generates a new user CA private/public key pair, and a certificate request for the newly generated user CA public key …gaming RA 14 … forwards the certificate request to gaming CA 12” as receiving a request for the VC certificate from an enclave of the network equipment); and 
providing the VC certificate to the enclave (see [0064]: “Gaming CA 12 issues a certificate for user CA 17's public key. A certificate is forwarded to the technician, used to find the 3DES key used to encrypt the OS, SQL Server, etc installed at site 15, and encrypt the 3DES key using the public key submitted for the gaming certificate. The encrypted 3DES key is then signed by gaming CA 12's private key”. And see [0066]: “The technician downloads the user CA gaming certificate and encrypted 3DES Key to his computer over a public network, stores the files on a disk, and inserts the disk into the server's disk drive or equivalent. The private key encrypted installation executable copies the encrypted 3DES key, verifies gaming CA 12's digital signature for the key for authentication, decrypts the encrypted key, The private key encrypted installation executable copies the gaming certificate for the site public key into the host protected area”. And see [0054] and [0055]: “When a gaming server, device, or peripheral is equipped with a secured BIOS ROM, the BIOS holds the key to opening the host protected space”. “The host protected area (HPA) is a protected area of the hard drive reserved for storage of critical data and applications in a container segregated from the rest of the hardware by an internal firewall”).  

Regarding claim 23, Lowell further teaches wherein the request for the VC certificate is encryption signed by the enclave (see [0063]: “The technician responsible for installing the software signs the certificate request using his private key”).  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Tsang (EP 3163490 A1, provided in the IDS).

Regarding claims 2 and 21, Lowell fails to teach wherein the request for the VC certificate comprises an indication of measurements of the network equipment as attested by the enclave.  
In the same field of endeavor, Tsang teaches wherein the request for the VC certificate comprises an indication of measurements of the network equipment (see [0019]: “In some cases, the certificate request can include one or more requested security assurance attributes. The one or more requested security assurance attributes can indicate the security assurance attributes that the client process requests to include in the certificate. A security assurance attribute can indicate the security assurance character associated with the certificate request. As described in more detail below, examples of security assurance characters include a UE security assurance character, a key generation security assurance character, or any other type of security assurance character”).  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the request for the VC certificate taught by Lowell comprise an indication of measurements of the network equipment, as taught by Tsang. It would have been obvious because Tsang teaches in [0030]: “At 206, whether to grant the certificate request is determined based on the security assurance character. In some cases, the certificate request can be rejected if the security assurance character determined at 204 indicates a security assurance character that is less than the security assurance character requested by the client process. In some cases, the certificate request can be granted if the security assurance character determined at 204 indicates a security assurance that meets or exceeds the security assurance requested by the client process”. In other words, Tsang teaches 
Because Lowell teaches an indication of measurements of the network equipment as attested by the enclave, Lowell modified in view of Tsang would teach wherein the request for the VC certificate comprises an indication of measurements of the network equipment as attested by the enclave.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Aissi (US 2005/0039016).

Regarding claim 4, Lowell fails to teach before storing the VC certificate: binding the VC certificate to the enclave and the measurements. 
However, Aissi teaches before storing the VC certificate: binding the VC certificate to the enclave and the measurements (see [0040]: “Once the certificates are bound into a single hardware-based identity, the information within the single identity includes, but is not limited to, an identification of the cryptographic processor, an identification key, information about the cryptographic processor, such as security properties, hashing properties, etc.”). 
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by adding the step of binding the VC certificate to the enclave and the measurements taught by Aissi before storing the VC certificate. It would have been obvious because Aissi teaches that doing so achieves the following benefit: “The identification credential is a digital file used to cryptographically bind a mobile device's public key to specific trusted hardware attributes that provide strong binding to the identity of the user's trusted mobile device” (see [0024]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 1.

Regarding claim 8, Lowell fails to teach wherein the measurements only are attested when being within a threshold value from the boot measurement recordings.  
The Examiner takes Official Notice 1 that it is a well-known technique that the measurements only are attested when being within a threshold value from the boot measurement recordings.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the measurements only be attested when being within a threshold value from the boot measurement recordings, as taught by Official Notice 1. It would have been obvious because doing so predictably achieves the commonly understood benefit of allowing the boot measurements that differ slightly from the boot measurement recordings due to noise, etc. to still be attested. 

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 2.

Regarding claim 9, Lowell fails to teach wherein the whitelist is provided to the enclave from the server.  
The Examiner takes Official Notice 2 that it is a well-known technique that the whitelist is provided to the enclave from the server.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the whitelist be provided to the enclave from the server, as taught by Official Notice 2. . 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 2, and further in view of Official Notice 3.

Regarding claim 10, Lowell modified in view of Official Notice 2 fails to teach wherein the whitelist is provided to the enclave using integrity protected communications between the enclave and the server.  
The Examiner takes Official Notice 3 that using integrity protected communications is a well-known technique.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the whitelist be provided to the enclave using integrity protected communications between the enclave and the server, as taught by Official Notice 3. It would have been obvious because doing so predictably achieves the commonly understood benefit of preventing tampering of communications between the enclave and the server. 

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 4.

Regarding claim 11, Lowell fails to teach wherein the enclave is provided to the network equipment from the server.  

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the enclave be provided to the network equipment from the server, as taught by Official Notice 4. It would have been obvious because doing so predictably achieves the commonly understood benefit of allowing the enclave to be updated by the server. 

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 5.

Regarding claim 12, Lowell fails to teach wherein when the enclave is provided to the network equipment from a provider outside the server, the method further comprising: authenticating, by the enclave and with the server, before performing the measurements.  
The Examiner takes Official Notice 5 that it is a well-known technique that the enclave is provided to the network equipment from a provider outside the server, the method further comprising: authenticating, by the enclave and with the server, before performing the measurements.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the enclave be provided to the network equipment from a provider outside the server, the method further comprising: authenticating, by the enclave and with the server, before performing the measurements, as taught by Official Notice 5. It would have been obvious because doing so predictably achieves the commonly understood benefit of allowing the enclave to be updated by a . 

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 6.

Regarding claim 13, Lowell fails to teach wherein when not being able to attest the measurements, the method further comprising: requesting, by the enclave, further information from the server in order for the enclave to perform further measurements on said at least one property of the network equipment or on at least one further property of the network equipment.  
The Examiner takes Official Notice 6 that it is a well-known technique that when not being able to attest the measurements, the method further comprising: requesting, by the enclave, further information from the server in order for the enclave to perform further measurements on said at least one property of the network equipment or on at least one further property of the network equipment.  
Before the effective filing date of the claimed invention, when not being able to attest the measurements, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the method further comprise: requesting, by the enclave, further information from the server in order for the enclave to perform further measurements on said at least one property of the network equipment or on at least one further property of the network equipment, as taught by Official Notice 6. It would have been obvious because doing so predictably achieves the commonly understood benefit of providing alternatives when not being able to attest the measurements. 

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 7.

Regarding claim 14, Lowell fails to teach wherein when not being able to attest the measurements, the method further comprising: reporting, by the enclave, the measurements to the server.  
The Examiner takes Official Notice 7 that it is a well-known technique that when not being able to attest the measurements, the method further comprising: reporting, by the enclave, the measurements to the server.  
Before the effective filing date of the claimed invention, when not being able to attest the measurements, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the method further comprise: reporting, by the enclave, the measurements to the server, as taught by Official Notice 7. It would have been obvious because doing so predictably achieves the commonly understood benefit of letting the server attest the measurements when the enclave is not able to attest the measurements. 

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 8.

Regarding claim 15, Lowell fails to teach obtaining an indication of a successful authenticated presence check of a token, wherein the request for the VC certificate from the server only is provided upon having obtained the indication.  

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by adding the step of obtaining an indication of a successful authenticated presence check of a token, wherein the request for the VC certificate from the server only is provided upon having obtained the indication, as taught by Official Notice 8. It would have been obvious because doing so predictably achieves the commonly understood benefit of increasing security by letting the provision of the request for the VC certificate from the server be further dependent on a successful authenticated presence check of a token. 

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 8, and further in view of Official Notice 9.

Regarding claim 16, Lowell modified in view of Official Notice 8 fails to teach wherein the token is provided in a programming station of the network equipment.  
The Examiner takes Official Notice 9 that it is a well-known technique to provide the token in a programming station of the network equipment.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell modified in view of Official Notice 8 by letting the token be provided in a programming station of the network equipment, as taught by Official Notice 9. It would have been obvious because doing so predictably achieves the commonly understood benefit of increasing security by letting the provision of . 

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 10.

Regarding claim 18, Lowell fails to teach wherein the configuration parameters are stored in security protected registers of the network equipment.  
The Examiner takes Official Notice 10 that it is a well-known technique that the configuration parameters are stored in security protected registers of the network equipment.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the configuration parameters be stored in security protected registers of the network equipment, as taught by Official Notice 10. It would have been obvious because doing so predictably achieves the commonly understood benefit of protecting the configuration parameters from tampering. 

Claims 24-26 are rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 11.

Regarding claim 24, Lowell fails to teach obtaining a request from the network equipment to be certified by the server; and providing the enclave to the network equipment in response thereto.  
  The Examiner takes Official Notice 11 that it is a well-known technique to obtain a request from the network equipment to be certified by the server; and to provide the enclave to the network equipment in response thereto.  


Regarding claim 25, Lowell further teaches performing measurements on the enclave upon the enclave having been provided to the network equipment (see [0048]: “Secure boot loader 48 is trusted software that verifies the operating system and other executables within the system are authentic when the system boots”. And see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value. hash function is run against the program, then matched against its white list hash value before the program is executed”. The Examiner interprets “hash function is run against the program” taught in [0037] as performing measurements on the enclave).  

Regarding claim 26, Lowell further teaches wherein the measurements are performed on the enclave according to a first whitelist (see [0037]: “All GC floor devices implement a secure boot loader and digital authentication for program and data set authentication. The secure boot loader ensures that only authentic executables are loaded into memory during the boot process. … Programs that are allowed to run on the GC server may be authenticated by a boot loader or optionally a white list file. The white list file contains programs that may run on the server as well as their hash value”).  

Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 12.

Regarding claim 27, Lowell fails to teach providing, in response to having received the request for the VC certificate from the enclave, a second whitelist to the enclave for the enclave to perform measurements on at least one property of the network equipment, wherein the second whitelist comprises boot measurement recordings.  
The Examiner takes Official Notice 12 that it is a well-known technique to provide, in response to having received the request for the VC certificate from the enclave, a second whitelist to the enclave for the enclave to perform measurements on at least one property of the network equipment, wherein the second whitelist comprises boot measurement recordings.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by adding the step of providing, in response to having received the request for the VC certificate from the enclave, a second whitelist to the enclave for the enclave to perform measurements on at least one property of the network equipment, wherein the second whitelist comprises boot measurement recordings, as taught by Official Notice 12. It would have been obvious because doing so predictably achieves the commonly understood benefit of allowing the whitelist and boot measurement recordings contained in the whitelist to be updated by the server. 

Claim 28 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 12, and further in view of Official Notice 3.

Regarding claim 28, Lowell modified in view of Official Notice 12 fails to teach wherein the second whitelist is provided to the enclave using integrity protected communications between the enclave and the server.  
The Examiner takes Official Notice 3 that using integrity protected communications is a well-known technique.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell by letting the second whitelist be provided to the enclave using integrity protected communications between the enclave and the server, as taught by Official Notice 3. It would have been obvious because doing so predictably achieves the commonly understood benefit of preventing tampering of communications between the enclave and the server. 

Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over Lowell (US 2006/0253702), further in view of Official Notice 11, further in view of Official Notice 12, and further in view of Official Notice 13.

Regarding claim 29, Lowell modified in view of Official Notice 11 fails to teach providing, in response to having received the request for the VC certificate from the enclave, a second whitelist to the enclave for the enclave to perform measurements on at least one property of the network equipment, wherein the second whitelist comprises boot measurement recordings.  

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell modified in view of Official Notice 11 by adding the step of providing, in response to having received the request for the VC certificate from the enclave, a second whitelist to the enclave for the enclave to perform measurements on at least one property of the network equipment, wherein the second whitelist comprises boot measurement recordings, as taught by Official Notice 12. It would have been obvious because doing so predictably achieves the commonly understood benefit of allowing the whitelist and boot measurement recordings contained in the whitelist to be updated by the server. 

Lowell modified in view of Official Notice 11 and Official Notice 12 fails to teach wherein the second whitelist only is provided to the enclave upon the server having attested the measurements on the enclave.  
The Examiner takes Official Notice 13 that it is a well-known technique that the second whitelist only be provided to the enclave upon the server having attested the measurements on the enclave.  
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the method for obtaining a vendor credential (VC) certificate of Lowell modified in view of Official Notice 11 and Official Notice 12 by letting the second whitelist only be provided to the enclave upon the server having attested the measurements on the enclave, as taught by Official Notice 13. It would have been obvious because doing so predictably achieves the commonly 

	Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHIMEI ZHU whose telephone number is (571)270-7990. The examiner can normally be reached 10am-6pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZHIMEI ZHU/Examiner, Art Unit 2495