DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application European Patent Application No. 18169269.0, filed on April 25, 2018.

Drawings
The drawings are objected to because the unlabeled elements of Figures 1-5 should be provided with descriptive text labels.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
The disclosure is objected to because of the following informalities: 
In Par. [0024], it is recommended that “secrete” read as “secret”. 
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 10 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Regarding Claim 10, the claim recites the additional limitation of “generate measurement data based on the type and scope of how the current platform configuration has been measured for establishing the attestation data” (Claim 10, lines 2-4). Regarding the phrase “based on the type and scope of how the current platform configuration has been measured”, the specification merely recites “providing measurement data may advantageously allow to trace through which platform configurations the current platform configuration was arrived and what would be an expected attestation data for this path” (Par. [0056]), i.e. that the measurement data can be used for tracing an execution path. No information is provided in the specification in how exactly the measurement data is generated and what exactly constitutes “the type and scope of how the current platform configuration has been measured” beyond what is claimed. That is, no information is provided in which one of ordinary skill in the art could predict to generate the measurement data, since the specification is directed towards an exemplary usage of the measurement data and does not define “the type and scope” necessary for its construction. For this reason, a person of ordinary skill in the art would not view the applicant to have been in possession of the generic subject matter claimed based on the information disclosed in the specification.	

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 10 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential structural cooperative relationships of elements, such omission amounting to a gap between the necessary structural connections.  See MPEP § 2172.01.  The omitted structural cooperative relationships are how the measurement data is generated based on the type and scope of how the current platform configuration has been measured for establishing the attestation data. As argued previously, the lack of written description in the specification, i.e. omission of these relationships, prevent one of ordinary skill in the art to predict how to generate the measurement data, rendering the scope of the claim indefinite.
Claims 11-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
In line 2 of Claim 11, Claim 11 recites the limitation "second digital signature".  There is insufficient antecedent basis for this limitation in the claim. Claim 11 depends on independent Claim 6 which does not recite a first digital signature.
In line 3 of Claim 12, Claim 12 recites the limitation "third digital signature".  There is insufficient antecedent basis for this limitation in the claim. Claim 12 depends on independent Claim 6 which does not recite a first or second digital signature.

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 13 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Claim 13 recites the limitation of “a server for component images being configured to provide one or more images of software components, which are configured to be run on the first data processing apparatus” and that “one or more of the software components are each bundled with validation data into a bundled component image, the respective validation data being specific for the respective software component”, but these limitations exist in the amendments made to Claim 6 from which Claim 13 depends: “wherein the at least one software component and the validation data that is specific for the at least one software component are bundled into a bundled component image” (Page 7, lines 10-12), “receive the bundled component image from a server for component images” (Page 7, lines 13-14). Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-9, 11, 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs et al. (U.S. Pub. No. 2015/0288659 A1) hereinafter referred to as “Lukacs”, and further in view of Solsona et al. (WO 2004/114528 A2) hereinafter referred to as “Solsona”.
Regarding Claim 1:
	Lukacs discloses the following limitations:
	A first data processing apparatus configured to operate in accordance with one or more platform configurations (Par. [0006], executing the boot image on a processor of the client system causes a booting of the client system (A first data processing apparatus configured to operate in accordance with one or more platform configurations)). The client device of Lukacs is considered here to be the first data processing apparatus under the broadest reasonable interpretation, as it operates in accordance with the software defined by a boot image, i.e. a platform configuration. 
	wherein the first data processing apparatus comprises: an attestation processor configured to establish attestation data (Par. [0027], client system 12 comprises a processor 22 (wherein the first data processing apparatus comprises: an attestation processor); Par. [0043], In some embodiments, the mutual integrity attestation transaction includes client system 12 sending a client integrity indicator 76 to appliance 20 (configured to establish attestation data)). The client device of Lukacs contains a processor, and the processor establishes attestation data in the form of a client integrity indicator. 
	the attestation data being indicative of a current platform configuration of the one or more platform configurations (Par. [0043], Client integrity indicator 76 is indicative of the integrity of the respective software object, i.e., of whether the respective software object is currently in a reference, trusted state (the attestation data being indicative of a current platform configuration of the one or more platform configurations)). The client integrity indicator is considered under the broadest reasonable interpretation to be attestation/integrity data, as it indicates the state of the software object as well as the integrity of the state by virtue of being a hash of the software object (Par. [0043], Client integrity indicator 76 may comprise at least one hash of a memory image of a software object currently loaded into the memory of the respective client system).
	a network interface (Par. [0027], client system 12 comprises a processor 22, a memory unit 24, a set of input devices 26, a set of output devices 28, a set of storage devices 32, and a set of network adapter(s) 34 (a network interface), all interconnected by a controller hub 30). The client device of Lukacs includes network adapters, i.e. a network interface.  
	and a data storage device for storing validation data, the validation data facilitating a validity check of integrity data, the integrity data at least comprising the attestation data (Par. [0029], client system 12 further includes a protected storage module 36 (and a data storage device for storing validation data) connected to hub 30. Module 36 comprises a hardware device, e.g., an integrated circuit, configured to securely store sensitive information, such as integrity indicators (e.g., hashes) of software objects (the validation data facilitating a validity check of integrity data, the integrity data at least comprising the attestation data) executing on client system 12 and/or network appliance 20). The client device of Lukacs includes a storage device which stores validation data in the form of integrity indicators, i.e. hashes of software objects. These integrity indicators are used to facilitate a validity check by means of comparing current and previous integrity indicators (Par. [0045], Having a local repository of reference integrity indicators received from various client systems allows network appliance 20 to determine whether a client system is currently in the trusted state, for instance by comparing current client integrity indicator 76 to a reference integrity indicator of the same client system, stored in database 66). That is, previous integrity indicators, also regarded as reference integrity indicators, comprise validation data in order to check the validity of current integrity indicators, i.e. attestation/integrity data. Therefore, under the broadest reasonable interpretation, Lukacs teaches storing validation data.
	wherein the first data processing apparatus is configured to: provide the integrity data and the validation data to a second data processing apparatus via the network interface (Par. [0043], client system 12 sending a client integrity indicator 76 to appliance 20 (wherein the first data processing apparatus is configured to: provide the integrity data … to a second data processing apparatus via the network interface); Par. [0059], client system 12 transmits the reference client integrity indicators to network appliance 20 (and the validation data)). The client device of Lukacs sends current client integrity indicator to the network appliance for attestation, i.e. providing the integrity data. Furthermore, Lukacs teaches transmitting the reference client integrity indicators to the network appliance, i.e. providing the validation data to the network appliance. Since the claim does not specify that the integrity data and validation data are necessarily sent together simultaneously, under the broadest reasonable interpretation, this comprises providing both integrity and validation data. 
	run at least one software component wherein the at least one software component comprises: an application, which provides stored and/or computed application data to the second data processing apparatus and/or which requests application data from the second data processing apparatus; a hypervisor; a virtual machine; a data space runtime environment, or a combination thereof (Par. [0031], client system 12 is configured to execute a hypervisor (HV) (run at least one software component wherein the at least one software component comprises: … a hypervisor)). The client device of Lukacs executes a hypervisor, i.e. a software component. A hypervisor is listed as one of the possibilities claimed for a software component, and as the claim recites the conjunction “or”, only one possibility needs to be taught under the broadest reasonable interpretation. Therefore, Lukacs teaches running a software component. 
	provide the integrity data and the validation data (Par. [0043], Par. [0059]). This part of the limitation was earlier shown to be disclosed by Lukacs in the respective paragraphs. That is, as it has not been specified as to where or what the integrity/validation data is being provided, under the broadest reasonable interpretation, the previous interpretation with its corresponding arguments hold. 
	such that the integrity data and the validation data are specific for the at least one software component (Par. [0043], Client integrity indicator 76 may comprise at least one hash of a memory image of a software object currently loaded into the memory of the respective client system (such that the integrity data and the validation data are specific for the at least one software component)). The integrity indicators of Lukacs comprise hashes of the software object. As hashes are intended to act as unique identifiers of data, Lukacs therefore teaches the integrity data and validation data being specific for the software component.  
	(taught by Solsona below)
	receive the (Par. [0055], After receiving boot image 74; Par. [0047], Boot images may come pre-packaged with network appliance 20 or may be downloaded by network appliance 20 from a dedicated server). Lukacs teaches the client device receiving a boot image, i.e. a component image, from the network appliance and further teaches the origin of the boot image being a dedicated server for component images.
	store the (Par. [0053], and allowing client system 12 to download boot image 74). Lukacs teaches downloading a boot image onto the client system. As the client system comprises the aforementioned storage devices for storing data, this teaches the claimed limitation under the broadest reasonable interpretation (Par. [0028], Storage devices 32 include computer-readable media enabling the non-volatile storage, reading, and writing of software instructions and/or data).
	and retrieve the software component of the (Par. [0055], After receiving boot image 74, a step 248 loads boot image into memory (and retrieve the software component of the bundled component image from the data storage device for running the at least one software component)). Lukacs teaches downloading the component image, and then loading the boot image for execution of the software component (Par. [0056], client system 12 executes boot image 74 to launch hypervisor 40). 
	
	Solsona discloses the following limitations not taught by Lukacs:
	wherein the at least one software component and the validation data that is specific for the at least one software component are bundled into a bundled component image (Page 3, lines 18-20, a process for creating an OS binary image that includes integrity data associated with a protected OS binary (wherein the at least one software component and the validation data that is specific for the at least one software component are bundled into a bundled component image)). Reference Solsona teaches bundling a software component with its integrity data into a single binary image. As the validation data of Lukacs comprises reference integrity indicators, i.e. the initial integrity data of the software component, the combination of Lukacs with Solsona teaches bundling validation data with the software component. 

	Lukacs teaches all features of the claimed invention but does not teach bundling the software component and validation data into a bundled component image. Reference Solsona however teaches bundling a software component with its initial integrity data, i.e. validation data, into a single binary image. Solsona further teaches that this bundling allows users to detect tampering of the received software component (Solsona, Page 2, lines 10-11, The integrity data enables detection of a modification to the operating system binary).
	References Lukacs and Solsona are considered to be analogous art because they relate to systems for verifying data integrity. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attestation system of Lukacs with the bundled software image of Solsona in order to gain the benefit of detecting tampering of the software component upon receipt of the image. 

Regarding Claim 3:
	The combination of Lukacs/Solsona discloses Claim 1.
	Lukacs further discloses the following limitation:
	wherein the first data processing apparatus is further configured to provide the validation data being specific for the at least one software component by retrieving it from the data storage device (Par. [0066], step 308 may further include comparing the current client integrity indicator (e.g., a hash of a current memory image of HV 40) to a reference integrity indicator previously stored in protected storage module 36 of the respective client system (provide the validation data being specific for the at least one software component by retrieving it from the data storage device)). Reference Lukacs teaches performing a validity check by comparing the integrity data with the previous stored validation data for local verification. Since this comparison uses the data stored in the data storage device, Lukacs teaches retrieving validation data by retrieval from the data storage device.

Regarding Claim 4:
	The combination of Lukacs/Solsona discloses Claim 1.
	Lukacs further discloses the following limitations:
	wherein the first data processing apparatus is further configured to provide at least one of the integrity data and the validation data being specific for the at least one software component by running an integrity module and/or a validity module of the at least one software component (Par. [0029], protected storage module 36 also comprises a cryptographic processor (running an integrity module and/or a validity module of the at least one software component) configured to generate cryptographic keys, to compute hashes, and/or to perform encryption/decryption of data (integrity module). Exemplary protected storage modules 36 include trusted platform module (TPM) chips produced by various hardware manufacturers). Lukacs teaches a protected storage module containing a cryptographic processor to compute hashes. As Lukacs teaches computation of client integrity indicators through hashes, i.e. integrity data, this constitutes running an integrity module for providing integrity data (Par. [0043], Client integrity indicator 76 may comprise at least one hash of a memory image of a software object currently loaded into the memory of the respective client system). 
	and wherein: the integrity module is configured to establish specific integrity data by the attestation processor (Par. [0043], Client integrity indicator 76 may comprise at least one hash of a memory image of a software object currently loaded into the memory of the respective client system (and wherein: the integrity module is configured to establish specific integrity data by the attestation processor)). As integrity data comprises hashes according to Lukacs and the cryptographic processor of Lukacs computes hashes, this teaches the integrity module establishing integrity data. 
	and/or the validity module is configured to establish specific validation data by selecting and retrieving the specific validation data from the data storage device (Par. [0066], step 308 may further include comparing the current client integrity indicator to a reference integrity indicator previously stored in protected storage module 36 of the respective client system (and/or the validity module is configured to establish specific validation data by selecting and retrieving the specific validation data from the data storage device)). Since the claim recites “and/or” regarding the presence of an integrity/validity module and it has been argued that an integrity module exists to perform the previously claimed functions, the limitations of the claim have already been met since only one option needs to be satisfied under the broadest reasonable interpretation of “and/or”. For the purposes of compact prosecution however, Lukacs teaches the protected storage module being used to retrieve validation data in order to verify integrity. Under the broadest reasonable interpretation, this constitutes a validity module establishing validation data by selection and retrieval from the storage device. 

Regarding Claim 5:
	The combination of Lukacs/Solsona discloses Claim 1.
	Lukacs further discloses the following limitation:
	wherein the attestation processor comprises one or more of the following: a trusted platform module; a cryptoprocessor configured to determine the current platform configuration and to generate the attestation data based on the current platform configuration; a processor configured to run a firmware or software module of the first data processing apparatus, which is configured to determine information indicative of the current platform configuration and to generate the attestation data based on the determined information; and/or a data interface configured to receive the attestation data from a hardware security module, wherein the hardware security module is configured to detect information indicative of the current platform configuration and to generate the attestation data based on the detected information (Par. [0029], Exemplary protected storage modules 36 include trusted platform module (TPM) chips produced by various hardware manufacturers (wherein the attestation processor comprises one or more of the following: a trusted platform module)). Since the claim recites “and/or”, only one of the options needs to be met under the broadest reasonable interpretation. Lukacs recites a trusted platform module as part of the client device. 

Regarding Claim 6:
	Lukacs discloses the following limitations:
	A system comprising a first data processing apparatus and a second data processing apparatus having a network interface (Par. [0027], client system 12 (A system comprising a first data processing apparatus) comprises a processor 22, a memory unit 24, a set of input devices 26, a set of output devices 28, a set of storage devices 32, and a set of network adapter(s) 34, all interconnected by a controller hub 30; Par. [0034], Appliance 20 (and a second data processing apparatus) comprises a processor 122, a memory 124, storage devices 132, network adapter(s) 134 (having a network interface)). The system of Lukacs includes a client device and an appliance, i.e. a first/second data processing apparatus. Both systems have a network adapter, i.e. a network interface.
	wherein the first data processing apparatus comprises: an attestation processor configured to establish attestation data, the attestation data being indicative of a current platform configuration of the one or more platform configurations (Par. [0027], Par. [0043]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	a network interface (Par. [0027]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	and a data storage device for storing validation data, the validation data facilitating a validity check of integrity data, the integrity data at least comprising the attestation data (Par. [0029]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	wherein the first data processing apparatus is configured to: provide the integrity data and the validation data to a second data processing apparatus via the network interface (Par. [0043], Par. [0059]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	run at least one software component, wherein the at least one software component comprises: an application, which provides stored and/or computed application data to the second data processing apparatus and/or which requests application data from the second data processing apparatus; a hypervisor; a virtual machine; an operating system; a data space runtime environment, or a combination thereof (Par. [0031]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	provide the integrity data and the validation data, such that the integrity data and the validation data are specific for the at least one software component (Par. [0043], Par. [0059]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	(taught by Solsona below)
	receive the (Par. [0055], Par. [0047]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	store the (Par. [0053]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	and retrieve the software component of the (Par. [0055]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	wherein the second data processing apparatus is configured to: receive integrity data from the first data processing apparatus via the network interface (Par. [0043], client system 12 sending a client integrity indicator 76 (receive integrity data from the first data processing apparatus) to appliance 20 (the second data processing apparatus); Par. [0030], Network adapters 134 may connect network appliance 20 to local network 14 and extended network 16, and enable data transmission between client systems (via the network interface)). In the system of Lukacs, the client device, i.e. the first data processing apparatus, sends integrity data in the form of a client integrity indicator to the network appliance, i.e. the second data processing apparatus. Under the broadest reasonable interpretation, this teaches the second data processing apparatus receiving integrity data.
	receive validation data from the first data processing apparatus via the network interface (Par. [0053], appliance 20 may receive reference client integrity indicators from client system 12 (receive validation data from the first data processing apparatus via the network interface); Par. [0030], Network adapters 134 may connect network appliance 20 to local network 14 and extended network 16, and enable data transmission between client systems (via the network interface)). The network appliance of Lukacs is also configured to receive validation data in the form of reference client integrity indicators from the client device. As the claim does not specify simultaneity or a particular order in the actions of receiving data, this teaches the claimed limitation.
	and perform a security check of the first data processing apparatus, wherein the security check at least comprises a validity check of the integrity data based on the validation data (Par. [0045], Having a local repository of reference integrity indicators received from various client systems allows network appliance 20 to determine whether a client system is currently in the trusted state (and perform a security check of the first data processing apparatus), for instance by comparing current client integrity indicator 76 to a reference integrity indicator of the same client system, stored in database 66 (wherein the security check at least comprises a validity check of the integrity data based on the validation data)). Lukacs further teaches checking whether the client system is in a trusted state, i.e. a security check, by matching the current client integrity indicators, i.e. integrity data, with reference integrity indicators, i.e. validation data.

	Solsona discloses the following limitations not taught by Lukacs:
	wherein the at least one software component and the validation data that is specific for the at least one software component are bundled into a bundled component image (Page 3, lines 18-20). This limitation was shown to be disclosed by Solsona in the rejection of Claim 1. 

	Lukacs teaches all features of the claimed invention but does not teach bundling the software component and validation data into a bundled component image. Reference Solsona however teaches bundling a software component with its initial integrity data, i.e. validation data, into a single binary image. Solsona further teaches that this bundling allows users to detect tampering of the received software component (Solsona, Page 2, lines 10-11, The integrity data enables detection of a modification to the operating system binary).
	References Lukacs and Solsona are considered to be analogous art because they relate to systems for verifying data integrity. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attestation system of Lukacs with the bundled software image of Solsona in order to gain the benefit of detecting tampering of the software component upon receipt of the image. 

Regarding Claim 7:
	The combination of Lukacs/Solsona discloses Claim 6.
	Lukacs further discloses the following limitations:
	wherein the first data processing apparatus is configured to provide application data to the second data processing apparatus via the network interface (Par. [0032], Applications 54a-b generically represent any application such as word processing, image processing, media player, database, calendar, personal contact management, browser, gaming, voice communication, and data communication applications, among others; Par. [0026], all data traffic between client systems 12a-c and extended network 16 is routed through network appliance 20). The client device of Lukacs runs applications in order to communicate data to other devices on the network, and Lukacs further teaches that the network appliance, i.e. the second data processing apparatus, routing all network traffic from the client device. Therefore, this teaches second data processing apparatus receiving application data from the first data processing apparatus, as the network appliance receives the data in order to route the traffic. 
	wherein the application data is stored on the data storage device or another data storage device of the first data processing apparatus or computed by running at least one software component (Par. [0031], client system 12 is configured to execute a hypervisor (HV) 40, the hypervisor further configured to expose a client virtual machine (VM) 50. Virtual machine 50 comprises a software abstraction, for instance an emulation, of an actual physical computing device, the abstraction enabling VM 50 to execute a client operating system (OS) 52 and/or a set of other software applications (application data… computed by running at least one software component)). Since the claim recites “or”, only one of the options needs to be met under the broadest reasonable interpretation. In this case, the application data is computed by running at least one software component, i.e. executing the hypervisor enables executing the software applications.  
	and wherein the second data processing apparatus is configured to selectively receive and/or process the application data from the first data processing apparatus depending on the security check (Par. [0064], A mismatch between current client integrity indicator 76 and the reference client integrity indicator may denote an unauthorized and possibly malicious modification of the respective software component, e.g., of HV 40. In such cases, a step 296 may configure appliance network filter 62 to restrict access of client system 12 to extended network 16). As Lukacs teaches the network appliance acting as a router for data from the client device, Lukacs further teaches the network appliance filtering/restricting data traffic according to the result of checking for a match between the integrity indicators.

Regarding Claim 8:
	The combination of Lukacs/Solsona discloses Claim 6.
	Lukacs further discloses the following limitations:
	wherein the first data processing apparatus is configured to receive application data from the second data processing apparatus via the network interface (Par. [0032], Applications 54a-b generically represent any application such as word processing, image processing, media player, database, calendar, personal contact management, browser, gaming, voice communication, and data communication applications, among others; Par. [0026], all data traffic between client systems 12a-c and extended network 16 is routed through network appliance). Lukacs teaches communication between different client systems using the network appliance to route network traffic. Since Lukacs teaches data communication through applications, Lukacs further teaches a first data processing apparatus, i.e. the client device, receiving application data from the second data processing apparatus, i.e. the network appliance routing data communication from another client device.
	wherein the second data processing apparatus comprises a data storage device for the application data and/or is configured to run one or more applications, which provide stored and/or computed application data (Par. [0030], Storage devices 132 include computer-readable media enabling the non-volatile storage, reading, and writing of software instructions and/or data (wherein the second data processing apparatus comprises a data storage device for the application data)). Since the claim recites “and/or”, only one of the options needs to be met under the broadest reasonable interpretation. Lukacs teaches the network appliance having a storage device which is capable of performing the function of storing application data. 
	and wherein the second data processing apparatus is further configured and/or wherein the applications are configured to selectively provide application data to the first data processing apparatus depending on the security check (Par. [0064], A mismatch between current client integrity indicator 76 and the reference client integrity indicator (depending on the security check) may denote an unauthorized and possibly malicious modification of the respective software component, e.g., of HV 40. In such cases, a step 296 may configure appliance network filter 62 to restrict access of client system 12 to extended network 16 (and wherein the second data processing apparatus is further configured and/or wherein the applications are configured to selectively provide application data to the first data processing apparatus). Restricting access may include, for instance, blocking access of system 12 to addresses within extended network 16. Such restrictions may prevent client system 12 from performing unauthorized communications with a third party on extended network 16). Lukacs teaches that the network appliance may block communications between the client device and the network depending on the security check. Under the broadest reasonable interpretation, blocking communications constitutes selectively providing application data, as none is provided depending on the security check in this scenario. 

Regarding Claim 9:
	The combination of Lukacs/Solsona discloses Claim 6.
	Lukacs further discloses the following limitations:
	wherein the validation data comprises information being indicative of at least one predefined valid platform configuration of the one or more platform configurations of the first data processing apparatus (Par. [0045], each reference integrity indicator corresponds to the trusted state of the respective client system). Lukacs teaches validation data in the form of reference integrity indicators, which are indicative to valid platform configurations as they correspond to trusted states. 
	and wherein the second data processing apparatus is configured to perform the validity check by determining whether the attestation data of the integrity data matches with the at least one predefined valid platform configuration (Par. [0045], Having a local repository of reference integrity indicators received from various client systems allows network appliance 20 to determine whether a client system is currently in the trusted state, for instance by comparing current client integrity indicator 76 (and wherein the second data processing apparatus is configured to perform the validity check by determining whether the attestation data of the integrity data) to a reference integrity indicator of the same client system, stored in database 66. A match may indicate that the respective client system 12 is in the trusted state (matches with the at least one predefined valid platform configuration)). Lukacs teaches the network appliance performing a validity check by matching the client integrity indicator, i.e. attestation data of the integrity data, with the reference integrity indicator, i.e. the validation data. 

Regarding Claim 11:
	The combination of Lukacs/Solsona discloses Claim 6.
	Lukacs further discloses the following limitation:
	wherein the validation data is digitally signed by a second digital signature (Par. [0046], Reference integrity indicators may be encrypted and/or cryptographically signed with a key specific to the respective client system). Lukacs discloses digitally signing reference integrity indicators, i.e. the validation data. 
	(taught by Solsona below)
	(taught by Solsona below)

	Solsona further discloses the following limitations:
	and wherein the first data processing apparatus is configured to verify the validation data based on the second digital signature and selectively provide the integrity data, the validation data, the application data, request the application data depending on the verification of the validation data, or a combination thereof (Page 7, lines 12-14, the digital signature is configured to enable detection of a modification to the protected user level binary (208-210) during an installation, execution, and the like (and wherein the first data processing apparatus is configured to verify the validation data based on the second digital signature); Page 8, lines 16-17, in another embodiment, the modified OS user level binary (208-210) is denied execution/access (and selectively provide the integrity data, the validation data, the application data, request the application data depending on the verification of the validation data, or a combination thereof)). Reference Solsona further teaches that a digital signature allows for tamper modification of the validation data, and subsequent provisioning of the validation data depending on the verification, i.e. Solsona teaches blocking access if tampering is detected. Claim 11 recites the phrase “configured to”, indicating that the hardware should have the capability to perform the recited function. Therefore, since Lukacs teaches using a digital signature for the validation data through a mutual authentication system and Solsona teaches hardware structure for signature verification, and since the references were combined for the benefit of tamper detection, the combination of Lukacs/Solsona teaches the claimed limitation for the same reasons for motivation/combination of references as argued in Claim 6. 
	and/or wherein the second data processing apparatus is configured to verify the validation data based on the second digital signature, wherein the security check comprises and depends on the verification of the validation data (Page 7, lines 12-14, the digital signature is configured to enable detection of a modification to the protected user level binary (208-210) during an installation, execution, and the like (and/or wherein the second data processing apparatus is configured to verify the validation data based on the second digital signature); Page 8, lines 16-17, in another embodiment, the modified OS user level binary (208-210) is denied execution/access (wherein the security check comprises and depends on the verification of the validation data)). Since the claim recites “and/or”, only one of the options needs to be met under the broadest reasonable interpretation. For the purposes of compact prosecution however, Solsona teaches provisioning data through verification of a digital signature, so the claimed limitation is met by the previously argued sections of Solsona as directed towards the network appliance, rather than the client device. Since Lukacs is drawn towards a mutual authentication system (Abstract, The client system performs a mutual integrity attestation transaction with the network appliance over the network), both devices, the first and second data processing apparatus, are capable of performing the recited function when combined with Solsona. 

	Since the limitations taught by Solsona only further clarify the hardware structure used to perform tamper detection as argued for the reason for motivation/combination of references in Claim 6, the reasons for motivation/combination of references remain the same as argued in Claim 6.

Regarding Claim 13:
	The combination of Lukacs/Solsona discloses Claim 6.
	Lukacs further discloses the following limitations:
	further comprising: a server for component images being configured to provide one or more images of software components, which are configured to be run on the first data processing apparatus (Par. [0047], Par. [0055], Par. [0056]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	(taught by Solsona below)
	the respective validation data being specific for the respective software component (Par. [0043]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 

	Solsona further teaches the following limitation not taught by Lukacs:
	wherein one or more of the software components are each bundled with validation data into a bundled component image (Page 3, lines 18-20). This limitation was shown to be disclosed by Solsona in the rejection of Claim 1. 

	The reasons for motivation/combination of references remain the same as argued in Claim 6.

Regarding Claim 14:
	Lukacs discloses the following limitations:
	A method for proving the security of a first data processing apparatus, the method comprising: receiving a (Par. [0055], Par. [0047]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	wherein at least one software component and validation data that is specific for the at least one software component (Par. [0043]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	(taught by Solsona below)
	storing the (Par. [0053], Par. [0028]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	retrieving the software component of the (Par. [0055]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	establishing attestation data by an attestation component of the first data processing apparatus, the attestation data being indicative of a current platform configuration of one or more platform configurations (Par. [0027], Par. [0043]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	in accordance of which the first data processing apparatus is configured to operate (Par. [0006]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	providing integrity data to a second data processing apparatus, the integrity data at least comprising the attestation data (Par. [0043]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 
	and providing the validation data to the second data processing apparatus, wherein the validation data facilitates a validity check of the integrity data (Par. [0059], Par. [0029]). This limitation was shown to be disclosed by Lukacs in the rejection of Claim 1. 

	Solsona further teaches the following limitation not taught by Lukacs:
	are bundled into a bundled component image (Page 3, lines 18-20). This limitation was shown to be disclosed by Solsona in the rejection of Claim 1. 

	Lukacs teaches all features of the claimed invention but does not teach bundling the software component and validation data into a bundled component image. Reference Solsona however teaches bundling a software component with its initial integrity data, i.e. validation data, into a single binary image. Solsona further teaches that this bundling allows users to detect tampering of the received software component (Solsona, Page 2, lines 10-11, The integrity data enables detection of a modification to the operating system binary).
	References Lukacs and Solsona are considered to be analogous art because they relate to systems for verifying data integrity. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attestation system of Lukacs with the bundled software image of Solsona in order to gain the benefit of detecting tampering of the software component upon receipt of the image. 

	Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Lukacs/Solsona, and further in view of Abbondanzio et al. (U.S. Pub. No. 2003/0188176 A1) hereinafter referred to as “Abbondanzio”.
Regarding Claim 2:
	The combination of Lukacs/Solsona discloses Claim 1.
	Abbondanzio discloses the following limitations not taught by Lukacs/Solsona:
	wherein the bundled component image is digitally signed by a first digital signature (Par. [0016], The message digest of the boot code image and the boot code image may then be encoded using the authentication parameter generated, e.g., secret key, to generate what is commonly referred to as a digital signature (wherein the bundled component image is digitally signed by a first digital signature)). Reference Abbondanzio teaches digitally signing a boot image. 
	and wherein the first data processing apparatus is further configured to: verify the bundled component image based on the first digital signature (Par. [0021], A determination may then be made by the server blade receiving the boot code image and digital signature as to whether the digital signature is authenticated). Reference Abbondanzio further teaches verification through the digital signature. 
	And selectively run the software component of the bundled component image depending on the verifying of the bundled component image (Par. [0021], If the server blade receiving the digital signature is able to authenticate the digital signature, then the server blade may boot the received boot code image). Reference Abbondanzio further teaches executing the software component upon verification. 

	The combination of references Lukacs/Solsona does not teach digitally signing the bundled component image. Solsona teaches digitally signing the software component as a possible method to form the bundled component image, but not the signing of the bundled image itself. Reference Abbondanzio teaches digitally signing a boot image. When combined with references Lukacs/Solsona which teach a bundled component image, this teaches the claimed limitation of digitally signing the bundled image. Reference Abbondanzio further teaches that their system of using a digital signature helps to prevent tampering and replay attacks (Par. [0011], By the deployment server generating unique authentication(s), e.g., public/private key pair, for each network boot operation, the exposure to replay attacks may be substantially reduced). 
	References Lukacs/Solsona and reference Abbondanzio are considered to be analogous art because they relate to verification systems of data integrity. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attestation system of Lukacs/Solsona with the digital signature of Abbondanzio in order to gain the benefit of protecting against tampering and replay attacks. 

	Claims 10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Lukacs/Solsona, and further in view of Ellison et al. (U.S. Pub. No. 2010/0082984 A1) hereinafter referred to as “Ellison”.
Regarding Claim 10:
	The combination of Lukacs/Solsona discloses Claim 6.
	Ellison discloses the following limitations not taught by Lukacs/Solsona:
	wherein the first data processing apparatus is configured to generate measurement data based on the type and scope of how the current platform configuration has been measured for establishing the attestation data (Par. [0030], The RAM 132 (wherein the first data processing apparatus is configured to) can also comprise data that can be relevant to the operation of the TPM 150, such as the TCG event log 190. In one embodiment, the TCG event log 190 (generate measurement data) can comprise a unique identification of all of the modules loaded or executed by the computing device 100 since power was applied or since it was last restarted (based on the type and scope of how the current platform configuration has been measured for establishing the attestation data)). For the purposes of compact prosecution, “measurement data based on the type and scope of how the current platform configuration has been measured” is interpreted to mean data which establishes a path through which the platform configuration was obtained in accordance with the specification (Par. [0056], Providing measurement data may advantageously allow to trace through which platform configurations the current platform configuration was arrived and what would be an expected attestation data for this path). Therefore, the event log of Ellison which records the execution history of the device meets the claimed limitation of measurement data. 
	wherein the integrity data comprises the measurement data and wherein the second data processing apparatus is configured to perform an integrity check by determining whether the attestation data matches with the measurement data (Par. [0042], if the received TCG event log 191 (wherein the integrity data comprises the measurement data) results in different PCR values than those of the received signed PCRs 261 (wherein the second data processing apparatus is configured to perform an integrity check by determining whether the attestation data matches with the measurement data), the server computing device 220 can conclude that the received TCG event log 191 does not accurately reflect the components that have been loaded or executed on the client computing device 210). Reference Ellison further teaches sending both the event log and signed PCRs, i.e. the integrity data comprises the measurement data, and verification by matching the measurement data, i.e. the event log, with the signed PCRs, i.e. attestation data. 
	wherein the security check comprises the integrity check, such that the security check depends on both the validity check and the integrity check (Par. [0040], the server computing device 220 can perform a number of verifications and decisions, as indicated by FIG. 2 (wherein the security check comprises the integrity check, such that the security check depends on both the validity check and the integrity check)). Reference Ellison further teaches performing multiple verifications one of which includes using the event log, i.e. the measurement data. 

	The combination of references Lukacs/Solsona does not teach measurement data indicating such a path. Reference Ellison however teaches a TCG event log which traces the execution history of the TPM, i.e. measurement data specifying an execution path. Reference Ellison further teaches that using such an event log provides more rigorous attestation (Par. [0005], To provide more rigorous attestation and sealing mechanisms, the concepts of "generalized attestation" and "generalized sealing" have been developed; Par. [0006], More specifically, in addition to, or as an alternative to, maintaining the PCR values in the manner described above, the TPM can also maintain one or more lists, or logs, of values uniquely identifying each component of the computing device that was utilized or executed during the boot process). Reference Ellison further teaches that their method provides an efficient method of attestation (Par. [0010], Generalized remote attestation and generalized remote sealing can be utilized to more efficiently evaluate the state of the computing device requesting the remote attestation or the remote sealing).
	The combination of references Lukacs/Solsona and reference Ellison are considered to be analogous art because they relate to systems of remote attestation and integrity verification. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the remote attestation system of Lukacs/Solsona with the event log of Ellison in order to gain the benefit of more rigorous and efficient attestation. 

Regarding Claim 12:
	The combination of Lukacs/Solsona discloses Claim 6.
	Ellison discloses the following limitations not taught by Lukacs/Solsona:
	wherein the attestation processor of the first data processing apparatus is configured to digitally sign the integrity data by a third digital signature (Par. [0003], "Attestation" generally refers to the provision of signed versions of one or more PCR values to an external entity so as to prove that the computing device is in a trusted state. Specifically, one or more PCR values are signed by the TPM using its private key and then transmitted to an external entity). Reference Ellison teaches that the integrity data, i.e. the PCR values, is normally signed during attestation.
	and wherein the first data processing apparatus is configured to verify the integrity data based on the third digital signature and selectively provide the integrity data, the validation data, the application data, request the application data depending on the verifying of the integrity data, or a combination thereof and/or wherein the second data processing apparatus is configured to verify the integrity data based on the third digital signature, wherein the security check comprises and depends on the verifying of the integrity data (Par. [0003], The external entity can verify that the PCR values did indeed come from the indicated computing device, based on the fact that the PCR values were signed with the TPM's private key (wherein the second data processing apparatus is configured to verify the integrity data based on the third digital signature), and can further verify, based on the values of the PCRs themselves, that the computing device was placed into a trusted state (wherein the security check comprises and depends on the verifying of the integrity data)). Since the claim recites “and/or”, only one of the options needs to be met under the broadest reasonable interpretation. As such, the second option of the claim is satisfied as Ellison teaches an external device, i.e. the second data processing apparatus, verifying the signature during attestation. On further note regarding the first option, as the claim states that the first data processing apparatus is both responsible for digitally signing the integrity data and providing the integrity data, it is unclear as to why the first data processing apparatus is verifying the signed integrity data which it is producing. 

	Neither reference Lukacs/Solsona describe digitally signing the integrity data. Reference Ellison however teaches that the integrity data, i.e. the PCR values, is normally signed during attestation. Ellison further teaches that this provides an additional layer of security by verifying the identity of the device along with the integrity data (Par. [0003], The external entity can verify that the PCR values did indeed come from the indicated computing device, based on the fact that the PCR values were signed with the TPM's private key).
	The combination of references Lukacs/Solsona and reference Ellison are considered to be analogous art because they relate to systems of remote attestation and integrity verification. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the remote attestation system of Lukacs/Solsona with the digital signature of Ellison in order to gain the benefit of more rigorous attestation. 
	
Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
Anwar et al. (NPL - “An Alternate Secure Element Access Control for NFC Enabled Android Smartphones”) – Includes methods related to remote attestation for mobile devices
Trusted Computing Group (NPL – “TCG Guidance for Securing Network Equipment”) – Includes methods related to remote attestation as defined by the Trusted Computing Group

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                                                                                                                                                                                                        /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431