DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 are pending.

Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 4/8/22 was filed after the mailing date of the RCE on 8/17/21.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowable Subject Matter
3.	Claims 12-15 are allowed over art.
4.	The following is a statement of reasons for the indication of allowable subject matter:  
Prior art does not explicitly teach select a particular memory address range corresponding to a particular portion of the authorized code from among the plurality of memory address ranges that cause data indicating the particular memory address range to be sent to the client device, determine a respective portion of the authorized code for each of the plurality of memory address ranges, and calculate a respective first property of each determined portion of the authorized code where stores the first information indicative of the respective first properties of the portions of the authorized code and second information indicative of the respective memory address ranges in the security device and respectively associate memory address ranges from among the plurality of memory address ranges with first properties from among the first properties of the portions. Therefore, claims 12-15 is in condition for allowance.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1-11 and 16-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Li (US 20090232301) in view of Zunke (US 20020087873)
Claim 1:	Li teaches a system comprising: 
a client device storing a code; and [Li: para 0010; The “client device” can be given the broadest reasonable interpretation (BRI) as any hardware or computer per se. As such systems or different parties (e.g. party A or party B) may be a client device]
a security device coupled to the client device and configured to: 
receive a first property of the code [Li: para 0010, 0031-0033; Party A and party B may calculate the public key of the opposite party according to the corresponding mapping algorithm and the PKM, and may calculate a shared key according to the key exchange algorithm and their own private key], the first property of the code generated by the client device; [The “property of the code” can be given the BRI as data such as identification, a value/number, encryption information, or may include cryptography property which may include key, certificates, signature or hash data, etc. per se as according to Appellant’s specification (pg.10)] 
verify correctness of the first property of the code based on information associated with an authorized code [authorized code can be given the BRI as information/data that is certified or valid] to determine that the code is authorized, the information being stored within the security device; [Li: para 0014; party A and party B to the communication have their own private key (the private key is generated by the private key management center, and distributed to the corresponding communication entity securely) and public parameters of the system (including PKM). Thus, correctness of the first property of the code associated to authorized code is verified in order to be distribute communication securely. See also para 0026]
in response to determining that the code is authorized, enable the security device to access first secret data [The “secret data” is relative which per BRI, may be data that’s unknown or protected from those unpermitted per se or only known to those permitted which may include identification, code, key, encrypted data, etc.] stored within secure storage the security device; and [Li: para 0014; 0026; a key management center adapted to generate a long-term public key and a long-term private key according to the parameters of the cryptosystem. The parameters or any key per se may be the first secret data that is stored in the cryptosystem (e.g. the security device). See also 0092; the communication device is based on a cryptosystem]
generate a first message authentication code (MAC) of a first message based on the first secret data, [Li: para 0091-0092; operate at least the long-term private key stored at the local party and the long-term public key of the opposite communication device according to the parameters of the cryptosystem to generate a MAC of the local message. Another example on para 0055-0058]
wherein the client device is configured to: 
receive the first MAC of the first message from the security device; [Li: para 0055, 0092; send the MAC to the opposite communication device]
generate a second MAC of a second message based on second secret data stored within the client device, the second secret data corresponding to the first data stored within the security device; [Li: para claim 6; receiving, after the first communication party receives the second message, a second MAC and using the second MAC to verify integrity of the second message, wherein the second MAC is a MAC of the second message and is generated by the second communication party after the first long-term public key of the first communication party and the second long-term private key of the second communication party are operated according to the parameters of the cryptosystem. As such, the second MAC is of the second message is generated after the first long-term public key of the first communication party (e.g. first client device) that is operated according to the parameters of the cryptosystem (e.g. the security device) suggests the second MAC of second message is based on secret data stored in the client device which is the second secret data (e.g. parameters or key) stored in the security device]
determine whether the second MAC of the second message is valid based on a comparison of the second MAC of the second message and the first MAC of the first message; and [Li: para 0056-0058, claim 6] 
**determine whether or not to run an application on the client device using the code based on a result of determining whether the second MAC of the second message is valid. [**As rejected by a secondary reference, discussed below]
However, Li did not clearly discuss “determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid”.
Zunke teaches the identification code of the device may be determined as the reference code when installing the program on the computer. This enables the user of the program to choose by himself to which device the run authorization of the program should be coupled [Zunke: para 0013]. Zunke further discusses when installing the program, the user is requested to provide a device to whose identification code the run authorization is to be coupled. Once he has done so, this identification code is transmitted via the data link, e.g. the internet, together with an authorization (e.g. a unique serial number on the packaging), to the provider who will then transmit the identification code as the reference code to the computer 1 and thus to the program 5. The reference code may be transmitted to the computer together with a digital signature, so that the checking module may safely determine that the existing reference code is actually authorized by the provider of the program [Zunke: para 0039]. As such, the motivation to “determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid”, would advantageously allow the program to run only on one computer, but not on several computers at the same time [Zunke: para 0011]. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Zunke with Li to “determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid”, for the reason that it is advantageous to allow the program to run only on one computer, but not on several computers at the same time [Zunke: 0011].
Claim 2:  Li: para 0056-0058, claim 6; discussing the system of claim 1, wherein the client device is to: in response to determining that the second MAC of the second message is valid, run the application on the client device using the code.
Claim 3:  As rejected dependent to claim 1, further in view of Zunke: 0011-0013 [run authorization of the program/application determines whether valid/invalid and to allow/restrain to run the application]; discussing the system of claim 1, wherein the client device is to: in response to determining that the second MAC of the second message is invalid, restrain the client device from running the application on the client device using the code.
Claim 4:  Li: 0028; discussing the system of claim 1, wherein the client device is to send a nonce to the security device, and wherein the first message comprises the nonce, and the second message comprises the nonce.
Claim 5:  Li: para 0015, 0051-0055; discussing the system of claim 1, wherein the first message comprises the first property of the code, and wherein the second message comprises the first property of the code.
Claim 6:  Li: para 0015, 0056-0058; discussing the system of claim 1, wherein the security device is to: in response to determining that the code is authorized, send a value indicating successful verification of the code to the client device; and receive a nonce from the client device, wherein the first message comprises the value and the nonce, and the second message comprises the value and the nonce.
Claim 7: Li: 0002, 0015; discussing the system of claim 1, wherein the security device is to: receive the first message from the client device, the first message being directed to a remote device; append the second property of the first message to the first message; and cause the first message to be sent, along with the appended second property of the first message, to the remote device.
Claim 8:  Li: 0094; discussing the system of claim 1, wherein the code comprises a boot code stored within the client device.
Claim 9:  Cancelled
Claim 10:  As rejected dependent to claim 1, further in view of Zunke: 0036, 0039 [where it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention teach digital signature where motivation is to safely determine the data (existing reference code) is actually authorized by the provider of the program]; discussing the system of claim 1, wherein the first property of the code comprises a digest of the code generated by the client device, wherein the information associated with the authorized code comprises a signature of the authorized code stored within the security device, and wherein the security device is to: generate a signature of the code based on the digest of the code and a public key stored within the security device, and determine that the generated signature of the code matches the stored signature of the authorized code to verify the correctness of the first property of the code.
Claim 11: As rejected dependent to claim 1, further in view of Zunke: 0035-0039 [where it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention teach digital signature where motivation is to safely determine the data (existing reference code) is actually authorized by the provider of the program]; discussing the system of claim 1, wherein the first property of the code comprises scrambled data of the code, wherein the security device is to: descramble the scrambled data of the code; and generate a digest of the descrambled data of the code, and wherein the security device is to: generate a signature of the code based on the generated digest and a public key stored within the security device and determine that the generated signature of the code matches the signature of the authorized code to verify the correctness of the first property of the code.
Claim 16:  As rejected dependent to claim 1, further in view of Zunke: 0035-0039 [where it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention teach digital signature where motivation is to safely determine the data (existing reference code) is actually authorized by the provider of the program]; discussing the system of claim 1, wherein the first property of the code comprises a digest of the code generated by the client device, wherein the information associated with the authorized code comprises a public key stored within the security device, and wherein the security device is to: access a signature of the authorized code from the client device, the signature of the authorized code being stored within the client device, generate a signature of the received digest of the code based on the stored public key, and determine that the generated signature of the digest of the code matches the signature of the authorized code to verify the correctness of the code.
Claim 17:  As rejected dependent to claim 1, further in view of Zunke: 0035-0039 [where it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention teach digital signature where motivation is to safely determine the data (existing reference code) is actually authorized by the provider of the program]; discussing the system of claim 1, wherein the security device is to: access an entire image of the authorized code; access a signature of the authorized code; calculate a digest of the entire image of the authorized code; generate a signature of the digest based on a public key stored within the security device; and verify authenticity of the entire image of the authorized code based on the accessed signature and the generated signature.
Claim 18:  Li: 0062-0070, claim 6; discussing the system of claim 1, wherein the security device is to: access a first property of second code; verify incorrectness of the first property of the second code based on information associated with a second authorized code corresponding to the second code, the information being stored within the security device; and based on the verifying incorrectness of the first property of the second code, disable the security device to access the first data stored in the security device. 
Claim 19:  As rejected dependent to claim 1, further in view of Zunke: 0033-0040 [where it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention teach “verifying incorrectness of the first property of the second code, prevent the client device from communicating”, where motivation run authorization is to be verified so as to safely determine the data is actually authorized]; discussing the system of claim 18, wherein the security device is to: based on the verifying incorrectness of the first property of the second code, prevent the client device from communicating with a remote device through a network.
Claim 20:	Altman, et al teaches a method comprising: 
receiving, at a security device, a first property of a code from a client device [Li: para 0010, 0031-0033; Party A and party B may calculate the public key of the opposite party according to the corresponding mapping algorithm and the PKM, and may calculate a shared key according to the key exchange algorithm and their own private key], the code being stored within the client device; [The “property of the code” can be given the BRI as data such as identification, a value/number, encryption information, or may include cryptography property which may include key, certificates, signature or hash data, etc. per se as according to Appellant’s specification (pg.10)]
verifying, by the security device, correctness of the first property of the code based on information associated with an authorized code [authorized code can be given the BRI as information/data that is certified or valid] and stored within the security device to determine that the code is authorized; [Li: para 0014; party A and party B to the communication have their own private key (the private key is generated by the private key management center, and distributed to the corresponding communication entity securely) and public parameters of the system (including PKM). Thus, correctness of the first property of the code associated to authorized code is verified in order to be distribute communication securely. See also para 0026] 
in response to determining that the code is authorized, enabling, by the security device, the security device to access first secret data [The “secret data” is relative which per BRI, may be data that’s unknown or protected from those unpermitted per se or only known to those permitted which may include identification, code, key, encrypted data, etc.] stored within secure storage the security device; [Li: para 0014; 0026; a key management center adapted to generate a long-term public key and a long-term private key according to the parameters of the cryptosystem. The parameters or any key per se may be the first secret data that is stored in the cryptosystem (e.g. the security device). See also 0092; the communication device is based on a cryptosystem] 
generating, by the security device, a first message authentication code (MAC) of a first message based on the first secret data; [Li: para 0091-0092; operate at least the long-term private key stored at the local party and the long-term public key of the opposite communication device according to the parameters of the cryptosystem to generate a MAC of the local message. Another example on para 0055-0058] 
receiving, by the client device, the first MAC of the first message from the security device; [Li: para 0055, 0092; send the MAC to the opposite communication device]
generating, by the client device, the second MAC of a second message based on second data stored within the client device, the second secret data corresponding to the first secret data stored within secure storage the security device; [Li: para claim 6; receiving, after the first communication party receives the second message, a second MAC and using the second MAC to verify integrity of the second message, wherein the second MAC is a MAC of the second message and is generated by the second communication party after the first long-term public key of the first communication party and the second long-term private key of the second communication party are operated according to the parameters of the cryptosystem. As such, the second MAC is of the second message is generated after the first long-term public key of the first communication party (e.g. first client device) that is operated according to the parameters of the cryptosystem (e.g. the security device) suggests the second MAC of second message is based on secret data stored in the client device which is the second secret data (e.g. parameters or key) stored in the security device] 
determining, by the client device, whether the second MAC of the second message is valid based on a comparison of the second MAC of the second message and the first MAC of the first message; and [Li: para 0056-0058, claim 6]
**determining, by the client device, whether to run an application on the client device using the code based on a result of determining whether the second MAC of the second message is valid. [**As rejected by a secondary reference, discussed below]
However, Li did not clearly discuss “determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid”.
Zunke teaches the identification code of the device may be determined as the reference code when installing the program on the computer. This enables the user of the program to choose by himself to which device the run authorization of the program should be coupled [Zunke: 0013]. Zunke further discusses when installing the program, the user is requested to provide a device to whose identification code the run authorization is to be coupled. Once he has done so, this identification code is transmitted via the data link, e.g. the internet, together with an authorization (e.g. a unique serial number on the packaging), to the provider who will then transmit the identification code as the reference code to the computer 1 and thus to the program 5. The reference code may be transmitted to the computer together with a digital signature, so that the checking module may safely determine that the existing reference code is actually authorized by the provider of the program [Zunke: 0039]. As such, the motivation to “determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid”, would advantageously allow the program to run only on one computer, but not on several computers at the same time [Zunke: 0011]. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Zunke with Li to “determine whether or not to run an application on the client device using the code based on a result of determining whether the second property of the second message is valid”, for the reason that it is advantageous to allow the program to run only on one computer, but not on several computers at the same time [Zunke: 0011].
Claim 21:  Li: 0004; discussing the system of claim 1, wherein the client device is to: receive a request including a memory address range corresponding to a portion of the code; and determine the first property of the code based on the memory address range.

Response to Arguments
6.	Applicant’s arguments with respect to claim(s) 1-11 and 16-21 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571) 272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM,EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA T TRUVAN
Examiner
Art Unit 2435


/L.TT/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435