DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3, 5-6, 9, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Glass “Verified U-Boot” in view of Cerruti et al. (US 20080101596) .

Regarding claim 1, Glass teaches
A method for mitigating security breach for a circuit platform subject to compromise by unauthorized changes to a file system, the file system having data for an operating system and being stored for use by the circuit platform, the method comprising: 
abstracting the file system into an encrypted file with cryptographically signed components; (Section: U-boot verified boot, “hash an image, sign that hash” and Section: Overview of the verified boot flow, “The image is hashed and the hash is signed with the private key”)
during boot time of the operating system, accessing and using an unencrypted version of the operating system and the encrypted file by validating a signature associated with the file system and related to the cryptographically signed components; (Section: U-boot verified boot, “On the device we can obtain an image and verify it was signed by the private key”, Section: Overview of the verified boot flow, “device receives the image. It also hashes the image, then verifies that the hash agrees with the signature provided with the image”)
in response to validating the signature of the file system, installing the file system into a transient, non-persistent storage circuit,  (Section: Overview of the verified boot flow, “If it matches then the image is known to be signed as in step two, and it is safe to be used … image format is FIT … which supports … ram disks”)
the operating system executing instruction code via a central processing unit (CPU). (Section: U-boot verified boot, “On the device we can obtain an image and verify it was signed by the private key … That U-Boot in turn may load an image containing a kernel”)
to decrypt and load a running-state file of the file system; detecting a file change to the running-state file of the file system; updating the encrypted file to produce an updated encrypted file incorporating the file change to the running-state file of the file system; and ([0073], “The initialization module 205 could install the production module 225 in computer 25 (step 420). During production, the production module 225 will use the secure cryptographic facility (which now has the backup key installed) to decrypt the init and state files, and to encrypt the updated state file. The initialization module 205 generates secret long-lived keys and the init file 250 (step 425). The initialization module 205 encrypts an initial state of system 10 with the backup key, saves the initial state as a state file, and designates the saved state file as the current state file 270 (step 430).” And [0076], “The production module 225 updates the state of system 10 (step 520). The production module 225 encrypts the updated state with the backup key, saves the updated state in a state file, and designates the saved state file as the current state file 270 (step 525)”)
during a second boot time of the operating system, decrypting the updated encrypted file to load the running-state file incorporating the file change to the running-state file. ([0073], “the production module 225 will use the secure cryptographic facility (which now has the backup key installed) to decrypt the init and state files, and to encrypt the updated state file. The initialization module 205 generates secret long-lived keys and the init file 250 (step 425). The initialization module 205 encrypts an initial state of system 10 with the backup key, saves the initial state as a state file, and designates the saved state file as the current state file 270 (step 430). The initialization module 205 encrypts the init file with the backup key and saves the init file (step 435).”)
Glass and Cerruti are analogous art. Cerruti is cited to teach a similar concept of initialization after booting.  Based on Cerruti, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Glass to maintain an updated and encrypted file state list.  Furthermore, being able to maintain an updated and encrypted file state list using Cerruti improves on Glass by being able to determine reduce the delay in writing files. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “[f]or additional security, a system is desired that stores each state of the system after a set of keys is issued. ”, [0010]
Regarding claim 3, Glass teaches wherein the transient, non-persistent storage circuit purges unauthorized changes during a subsequent boot cycle of the operating system. (Where a subsequent boot cycle which is interpreted as a hard reset inherently clears the RAM which is taught in Glass because power is removed from the memory)
Regarding claim 5, Glass teaches comprising causing the transient, non-persistent storage circuit to boot, at run time, a kernel including a binary application to read and validate the cryptographically signed components of the file system. (Section: Overview of the verified boot flow, “device receives the image. It also hashes the image, then verifies that the hash agrees with the signature provided with the image” and “If it matches then the image is known to be signed as in step two, and it is safe to be used … image format is FIT … which supports … ram disks”)
Regarding claim 6, Glass teaches wherein the binary application reads and validates the cryptographically signed components of the file system by executing a digital signature algorithm. (Section: Overview of the verified boot flow, “device receives the image. It also hashes the image, then verifies that the hash agrees with the signature provided with the image”)
Regarding claim 9, Glass teaches comprising causing the operating system to update, in response to validating the signature, the transient, non-persistent storage circuit with additional modules to run as a fully functional operating system. (Section: U-boot verified boot, “we can create a key, hash an image, sign that hash, and publish the public key. On the device we can obtain an image and verify it was signed by the private key. … Images can be chained one after the other and signed … . U-Boot may load an image containing a new U-Boot, then boot that. That U-Boot in turn may load an image containing a kernel. Doing that would allow U-Boot itself to be updated with the firmware”)
As to claim 15, Glass and Cerruti teaches this claim according to the reasoning provided in claims 1 and 9.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 2 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Glass and Cerruti in view of Jones (“The Fundamentals of Secure Boot and Secure Download: How to Protect Firmware and Data within Embedded Devices”).
Regarding claim 2, Glass does not teach but Jones teaches further comprising causing the transient, non-persistent storage circuit to perform an integrity check of the file system using at least one of an error-detecting algorithm and a cryptographic hash function. (Authentication and Integrity of the Firmware: “provide a way to verify both authenticity and integrity of the information … Utilizing cryptographic digital signatures … enables this. … To bring the highest level of security, the algorithms need to be public and well proven. … we consider asymmetric cryptographic algorithms, specifically the FIPS 186 Elliptic Curve Digital Signature Algorithm (ECDSA)”)
Glass, Cerruti and Jones are analogous art. Jones is cited to teach a similar concept of securely booting and downloading files.  Based on Jones, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Glass to verify the integrity of the system using cryptographic algorithms.  Furthermore, being able to verify the integrity of the system with cryptographic algorithm improves on Glass and Cerruti by being able to determine that the system has not been hacked. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to determine that the system has is secure (i.e. has not been hacked).
As to claim 11, Glass, Cerruti, and Jones teach these claims according to the reasoning provided in claim 2.

Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Glass and Cerruti further in view of Ginter and Zhang et al (CN 102521289)
As to claim 4, Glass, Cerruti, Jones and Ginter teach these claims according to the reasoning provided in claim 2 and 8.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Glass and Cerruti in view of Zhang et al (CN 102521289)
Regarding claim 8, Zhang teaches comprising causing the transient, non-persistent storage circuit to synchronize to flash file components of the log-structured portion of the file system. (Abstract “The file synchronization method comprises the following steps of: synchronizing files in a flash of a LINUX embedded system to a RAMDISK, and carrying out inotify registration or dnotify registration on files in the RAMDISK; and carrying out operation on the files in the RAMDISK, which are subjected to the inotify registration or the dnotify registration, by an application program of the LINUX embedded system, and synchronizing changed files in the RAMDISK to the flash when the files in the RAMDISK, which are subjected to the inotify registration or the dnotify registration, are changed.” And Brief Description “The following describes the file synchronization method of the log type file and the configuration type file in the embodiments of the present invention: For log-type files, syncing the files in flash to RAMDISK can include: Copy the log type file in flash directly to RAMDISK. Further, for log-type files, synchronizing the changed files in RAMDISK to flash may include: Use the incremental synchronization method to synchronize the log file in RAMDISK to flash. Based on the log type file, each record has a fixed length, or ends with a newline character, you can synchronize the added records in the file into flash without having to synchronize the entire file into flash.”)
Zhang is cited to teach a similar concept of synchronizing files after booting.  Based on Zhang, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Glass to synchronize files in the FLASH and RAMDISK.  Furthermore, being able to synchronize the files using Zhang improves on Glass by being able to determine reduce the delay in writing files. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “of the present invention provide a file synchronization method, device, and system to reduce the delay in writing files.”, Summary of the invention

Claim 10, 13-16, and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Glass in view of Cerruti and Ginter et al. (US 8369625)
Regarding claim 10, Glass teaches 
A system for validating a file system, the system comprising: a processor including a central processing unit (CPU) circuit; and a memory circuit including instructions that, when executed by the processor, cause the processor to: during boot time of a file system having data, boot a transient, non-persistent storage circuit with a set of initial modules loaded; (Section: Overview of the verified boot flow, “If it matches then the image is known to be signed as in step two, and it is safe to be used … image format is FIT … which supports … ram disks”)
read and validate a signature of the file system; (Section: U-boot verified boot, “On the device we can obtain an image and verify it was signed by the private key”, Section: Overview of the verified boot flow, “device receives the image. It also hashes the image, then verifies that the hash agrees with the signature provided with the image”)
in response to validation of the signature of the file system, install packages of the file system into the transient, non-persistent storage circuit; (Section: U-boot verified boot, “On the device we can obtain an image and verify it was signed by the private key … That U-Boot in turn may load an image containing a kernel”)
Glass does not teach but Ginter teaches
encrypt the packages of the file system; and (col. 21, lines 6-9, “Concealment and tamper-resistance in semiconductor memory (e.g., RAM, ROM, NVRAM) can be achieved, in part, by employing such memory within an SPU package, by encrypting data”
in response to installation of the packages of the file system, decrypt and load configuration and running-state files of the file system. (col. 21, lines 11-12, “decrypting encrypted data within the CPU/RAM package before it is executed.”)
Glass and Ginter are analogous art. Ginter is cited to teach a similar concept of security of an electronic device.  Based on Ginter, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Glass to encrypt validated packages transmission and decrypt the packages after installation.  Furthermore, being able to encrypt and decrypt the packages improves on Glass by being able to securely install the package. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to securely install updates to the system.
detecting a file change to the running-state file of the file system; updating the encrypted file to produce an updated encrypted file incorporating the file change to the running-state file of the file system; and ([0073], “The initialization module 205 could install the production module 225 in computer 25 (step 420). During production, the production module 225 will use the secure cryptographic facility (which now has the backup key installed) to decrypt the init and state files, and to encrypt the updated state file. The initialization module 205 generates secret long-lived keys and the init file 250 (step 425). The initialization module 205 encrypts an initial state of system 10 with the backup key, saves the initial state as a state file, and designates the saved state file as the current state file 270 (step 430).” And [0076], “The production module 225 updates the state of system 10 (step 520). The production module 225 encrypts the updated state with the backup key, saves the updated state in a state file, and designates the saved state file as the current state file 270 (step 525)”)
during a second boot time of the operating system, decrypting the updated encrypted file to load the running-state file incorporating the file change to the running-state file. ([0073], “the production module 225 will use the secure cryptographic facility (which now has the backup key installed) to decrypt the init and state files, and to encrypt the updated state file. The initialization module 205 generates secret long-lived keys and the init file 250 (step 425). The initialization module 205 encrypts an initial state of system 10 with the backup key, saves the initial state as a state file, and designates the saved state file as the current state file 270 (step 430). The initialization module 205 encrypts the init file with the backup key and saves the init file (step 435).”)
Glass and Cerruti are analogous art. Cerruti is cited to teach a similar concept of initialization after booting.  Based on Cerruti, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Glass to maintain an updated and encrypted file state list.  Furthermore, being able to maintain an updated and encrypted file state list using Cerruti improves on Glass by being able to determine reduce the delay in writing files. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “[f]or additional security, a system is desired that stores each state of the system after a set of keys is issued. ”, [0010]
Regarding claim 18, Glass teaches further comprising instructions to: generate an encryption key using the transient, non-persistent storage circuit; and validate the file system using the generated encryption key. (Section: U-boot verified boot, “we can create a key, hash an image, sign that hash, and publish the public key. On the device we can obtain an image and verify it was signed by the private key. … Images can be chained one after the other and signed … . U-Boot may load an image containing a new U-Boot, then boot that.)
As to claim 13, Glass, Cerruti, and Ginter teach this claim according to the reasoning provided in claim 9.
As to claim 14, Glass, Cerruti, and Ginter teach this claim according to the reasoning provided in claims 10
As to claim 15, Glass, Cerruti, and Ginter teach this claim according to the reasoning provided in claims 10 and 9.
As to claim 16, Glass, Cerruti, and Ginter teach this claim according to the reasoning provided in claims 10 and 9.
As to claim 19, Glass, Cerruti, and Ginter teach this claim according to the reasoning provided in claim 10.

Response to Arguments
Applicant’s arguments, see pg. , filed 3/24/3033, with respect to the rejection(s) of claim(s) 1, 10, and 15 under U.S.C. 102 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Glass, Ginter, and Cerruti.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468. The examiner can normally be reached Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        June 16, 2022

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187