Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 1-25 are presented for examination.



Information Disclosure Statement
No information disclosure statement (IDS) is submitted.


Drawings
The drawings filed on 09/14/2020 are accepted by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

1.	Claims 1-12 and 18-25 are rejected under 35 U.S.C. 103 as being unpatentable over Marr et al. (US Pub No. 8,971,538, hereinafter “Marr”) in view of Hu et al. (US Pub No. 2009/019321, hereinafter “Hu”).

Regarding claim 1, Marr does disclose, a method, comprising: receiving, by the secure storage device, data associated with the portion of the software image from the electronic control unit based at least in part on identifying the portion to authenticate; calculating, by the secure storage device, a first hash associated with the data received from the electronic control unit; identifying, by the secure storage device, a second hash stored by the secure storage device and associated with the portion of the software image of the electronic control unit based at least in part on calculating the first hash; authenticating, by the secure storage device, the software image associated with the electronic control unit based at least in part on the first hash matching the second hash (Marr, (claims 5-6), …. causing at least a portion of the current firmware information to be copied to a secure location inaccessible to the central processing unit before executing a cryptographic hashing algorithm in order to process the firmware information in an isolated environment; comparing at least a portion of the current firmware information on the host machine to approved firmware information stored in the secure location inaccessible to the central processing unit of the host machine; and if the current firmware information does not match the approved firmware information, performing at least one remedial action with respect to the host machine, wherein the request is received along a path that is hidden and inaccessible to the user, and the comparing is performed independent of the central processing unit); and transmitting, to the electronic control unit, an indication of the authentication (Marr, (claim 13), if the at least one generated hash value matches the at least one approved hash value, logging validation information to a data store external to the host machine).  
Marr does not explicitly disclose but the analogous art Hu discloses, identifying, [by a secure storage device,] a portion of a software image associated with an electronic control unit to authenticate [using the secure storage device] (Hu, (para. [0014-0015]), enable the processing unit to select one of the portions of the software image, to calculate a hash value for the selected portion, and to determine if the software image is authentic by comparing the hash value calculated for the selected portion to the hash value associated with the selected portion in the hash table).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Marr by including identifying, a portion of a software image associated with an electronic control unit to authenticate taught by Hu for the advantage of preventing unauthorized users from accessing or using certain features or resources of the embedded system (Hu, (para. [0008])).

Regarding claim 2, the combination of Marr-Hu does disclose the method of claim 1, wherein identifying the second hash comprises: identifying the second hash stored by the secure storage device based at least in part on the identified portion of the software image (Hu, (para. [0016]), comparing the hash value calculated for the selected portion to the hash value associated with the selected portion in the hash table).  

Regarding claim 3, the combination of Marr-Hu does disclose the method of claim 2, further comprising: generating a plurality of second hashes associated with a plurality of portions of the software image of the electronic control unit, each second hash of the plurality of second hashes corresponding to one portion of the plurality of portions of the software image; and storing, by the secure storage device, the plurality of second hashes based at least in part on generating the plurality of second hashes (Hu, (para. [0047]), an original software image 402 is divided into a plurality of blocks, denoted image blocks 1 through N. A hash function is then applied to each of these blocks to generate a corresponding hash value which is stored in a hash table 404), wherein identifying the second hash is based at least in part on storing the plurality of second hashes (Hu, (para. [0018]), the third means are for enabling the processing unit to determine if the software image is authentic by comparing the hash value calculated for the selected portion to a hash value associated with the selected portion in a hash table that was authenticated during boot up of the computer system).  

Regarding claim 4, the combination of Marr-Hu does disclose the method of claim 1, wherein identifying the second hash comprises: calculating, by the secure storage device, the second hash using the portion of a second software image associated with the electronic control unit (Marr, (claim 6), executing a hashing mechanism against at least a portion of the current firmware information on the host machine to generate at least one hash value for the current firmware information; comparing the at least one generated hash value with at least one approved hash value stored in the secure location inaccessible to a central processing unit of the host machine).  

Regarding claim 5, the combination of Marr-Hu does disclose the method of claim 4, further comprising: receiving the portion of the second software image from the electronic control unit (Marr, (claim 5), …. causing at least a portion of the current firmware information to be copied to a secure location …).  

Regarding claim 6, the combination of Marr-Hu does disclose the method of claim 1, further comprising: comparing the first hash with the second hash based at least in part on identifying the second hash; and determining whether the first hash is different than the second hash based at least on comparing the first hash with the second hash, wherein authenticating the software image is based at least in part on the first hash matching the second hash (Marr, (claim 5), …. comparing at least a portion of the current firmware information on the host machine to approved firmware information stored in the secure location inaccessible to the central processing unit of the host machine …).  

Regarding claim 7, the combination of Marr-Hu does disclose the method of claim 6, further comprising: refraining from authenticating the software image based at least in part on determining that the first hash is different than the second hash; and transmitting, to the electronic control unit, a second indication that the software image associated with the electronic control unit is not authenticated based at least 6in part on refraining from authenticating the software image received from the electronic control unit (Marr, (claim 5), ….if the current firmware information does not match the approved firmware information, performing at least one remedial action with respect to the host machine, wherein the request is received along a path that is hidden and inaccessible to the user, and the comparing is performed independent of the central processing unit).  

Regarding claim 8, the combination of Marr-Hu does disclose the method of claim 7, further comprising: transmitting, to the electronic control unit, a copy of a second software image stored by the secure storage device based at least in part on refraining from authenticating the software image received from the electronic control unit (Marr, (claim 5), …. if the current firmware information does not match the approved firmware information, performing at least one remedial action with respect to the host machine, wherein the request is received along a path that is hidden and inaccessible to the user, and the comparing is performed independent of the central processing unit).  

Regarding claim 9, the combination of Marr-Hu does disclose the method of claim 1, further comprising: initiating a boot sequence of the electronic control unit, wherein identifying the portion of the software image of the electronic control unit to authenticate is based at least in part on initiating the boot sequence (Hu, (para. [0052-0054]), if first stage boot loader 222 determines that any of the data in the secure data block is not valid, then the first stage boot fails as shown at step 512. However, if first stage boot loader 222 determines that the data in secure data block is valid, then processing proceeds to step 506, in which second stage boot loader 222 authenticates second stage boot loader 234).  

Regarding claim 10, the combination of Marr-Hu does disclose the method of claim 1, further comprising: receiving, by the secure storage device, diagnostic information associated with the electronic control unit before identifying the portion of the software image; identifying a quantity of portions of the software image associated with the electronic control unit based at least in part on receiving the diagnostic information, wherein each of the portions of the software image are associated with a different pattern identifier; and assigning one or more address ranges of the software image to each of the portions of the software image based at least in part on identifying the quantity of portions of the software image (Hu, (para. [0049]), the processing unit periodically checks a run-time image 406 of the operating system and application software. …. To perform this periodic checking, run-time image 406 is partitioned into N blocks in the same manner as original image 402. Then, on a periodic basis, one of the N blocks of run-time image 406 is selected and the same hash function that was used to generate the hash values in hash table 404 is applied to the selected block to calculate a hash value. The hash value calculated for the selected block is then compared to the hash value stored for the selected block in hash table 404. If the hash values match, then the block is deemed valid. If the hash values do not match then the block has failed authentication and the entire software image may be deemed corrupt. Appropriate steps may then be taken responsive to the detection of a corrupt software image).  

Regarding claim 11, the combination of Marr-Hu does disclose the method of claim 10, further comprising: assigning the quantity of portions of the software image, the pattern identifier associated with each of the quantity of portions of the software image, and the one or more assigned address ranges to respective entries in a first table stored at the secure storage device based at least in part on assigning the one or more address ranges of the software image to each of the portions of the software image (Marr, (col. 14 lines 17-50), device functionality can be made available to the guest OS by configuring the chipset to translate particular memory address ranges in the guest to accessible addresses on the devices (and vice versa). The guest OS can be prevented from performing actions such as making firmware and/or configuration changes to a device if there is no mapping for those actions, such as a mapping to one or more configurability mechanisms or other such mechanisms that can be used to update firmware or other configuration information. For example, updating firmware for a peripheral device might require mapping between the guest OS and specific memory addresses for the peripheral device. If there is no mapping stored (or exposed) for these memory addresses, then the guest OS cannot access those addresses and thus cannot modify the firmware or other configuration information. A guest OS thus can be granted access to the immutable portions, by exposing mappings to those memory addresses, but denied access to the mutable portions. In some cases this partial mapping not be possible, such as where required guest functionality shares memory address ranges with functionality that needs to be blocked. Specific hardware might need to be selected in various embodiments that allows for separate mapping of these address spaces. In some examples, the guest operating system drivers might create unnecessary dependencies on the address ranges that need to be blocked).  

Regarding claim 12, the combination of Marr-Hu does disclose the method of claim 10, wherein a respective second hash is associated with each of the one or more assigned address ranges, the method further comprising: assigning an integer value to each of the respective second hashes based at least in part on assigning the respective entries in the first table (Hu, (para. [0046]), software image 232 is divided into a plurality of blocks, wherein each block represents a different portion of software image 232. A hash function is then applied to each block to generate a unique hash value, or signature, for each block. The hash values are organized in a hash table 238, which is stored in secure data block 236 within second non-volatile memory 230 and authenticated during boot-up).  

Regarding claim 18, the combination of Marr-Hu does disclose the method of claim 1, wherein the secure storage device is configured to authenticate software images associated with a plurality of electronic control units within a system (Hu, (para. [0052]), in which first stage boot loader 222 authenticates secure data block 236, which includes hash table 238; (para. [0039]), Second non-volatile memory 230 stores a software image 232, a second stage boot loader 234 and a secure data block 236. Software image 232 comprises an image of operating system and application software used to run embedded system 200. Second stage boot loader 232 is a computer program that is executed by processing unit 210 responsive to being loaded into volatile memory 240 by first stage boot loader 222).  

Regarding claim 19, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.
 
Regarding claim 20, the combination of Marr-Hu does disclose the system of claim 19, wherein the secure storage device is configured to: identify the second hash based at least in part on the identified portion of the software image (Hu, (para. [0016]), comparing the hash value calculated for the selected portion to the hash value associated with the selected portion in the hash table); generate a plurality of second hashes associated with a plurality of portions of 6the software image of the electronic control unit, each second hash of the plurality of second hashes corresponding to one portion of the plurality of portions of the software image; and store the plurality of second hashes based at least in part on generating the plurality of second hashes, wherein identifying the second hash is based at least in part on storing the plurality of second hashes (Hu, (para. [0047]), an original software image 402 is divided into a plurality of blocks, denoted image blocks 1 through N. A hash function is then applied to each of these blocks to generate a corresponding hash value which is stored in a hash table 404).  

Regarding claim 21, the combination of Marr-Hu does disclose the system of claim 19, wherein the secure storage device is configured to: generate the second hash using the portion of a second software image associated with the electronic control unit (Marr, (claim 6), executing a hashing mechanism against at least a portion of the current firmware information on the host machine to generate at least one hash value for the current firmware information; comparing the at least one generated hash value with at least one approved hash value stored in the secure location inaccessible to a central processing unit of the host machine); receive the second software image from the electronic control unit; and store a copy of the second software image (Marr, (claim 5), …. causing at least a portion of the current firmware information to be copied to a secure location … ).  

Regarding claim 22, the combination of Marr-Hu does disclose the system of claim 19, wherein the secure storage device is configured to: initiate a boot sequence of the electronic control unit, wherein identifying the portion of the software image of the electronic control unit to authenticate is based at least in part on initiating the boot sequence (Hu, (para. [0052-0054]), if first stage boot loader 222 determines that any of the data in the secure data block is not valid, then the first stage boot fails as shown at step 512. However, if first stage boot loader 222 determines that the data in secure data block is valid, then processing proceeds to step 506, in which second stage boot loader 222 authenticates second stage boot loader 234).  


Regarding claim 23, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

Regarding claim 24, the combination of Marr-Hu does disclose the non-transitory computer-readable medium of claim 23, wherein the code is executable by the processor to: generate a plurality of second hashes associated with a plurality of portions of the software image of the electronic control unit (Hu, (para. [0016]), comparing the hash value calculated for the selected portion to the hash value associated with the selected portion in the hash table), each second hash of the plurality of second hashes corresponding to one portion of the plurality of portions of the software image; and store the plurality of second hashes based at least in part on generating the plurality of second hashes (Hu, (para. [0047]), an original software image 402 is divided into a plurality of blocks, denoted image blocks 1 through N. A hash function is then applied to each of these blocks to generate a corresponding hash value which is stored in a hash table 404).  

Regarding claim 25, the combination of Marr-Hu does disclose the non-transitory computer-readable medium of claim 23, wherein the code is executable by the processor to: compare the first hash with the second hash based at least in part on identifying the second hash; and determine whether the first hash is different than the second hash based at least on comparing the first hash with the second hash, wherein authenticating the software image is based at least in part on the first hash matching the second hash (Marr, (claim 5), …. comparing at least a portion of the current firmware information on the host machine to approved firmware information stored in the secure location inaccessible to the central processing unit of the host machine …).



Allowable Subject Matter
Claims 13-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI	whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST.    If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeffrey L. Nickerson can be reach on (469) 295-9235. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000.

/MORSHED MEHEDI/Primary Examiner, Art Unit 2432