Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/8/2022 has been entered.
Claims 1-8, 10-14 are pending.

Response to Arguments
Applicant’s arguments received on 6/8/2022 are respectfully addressed as follows:
Regarding the objection to the specification, Applicant’s arguments persuasive. The objection is withdrawn.
Regarding the rejection of claim 13 under 112 b, Applicant argues the limitation is amended, however, the correction was omitted; therefore the rejection is maintained.
Regarding the prior art rejection, Applicant’s amendments change the scope of the claims, a new ground of rejection is presented herein.

Informalities
Claim 7 presents some informalities to be corrected,  please: the claim recites: wherein the at least one processor is further configured to send the public key to the [[a]] configuration module or the software module in order to check an identity of the [[a] configuration module or the software module

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 13-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 13-14 recite “the task” in line 4, which lacks antecedent basis and renders the claim indefinite. For examining purposes, the limitation should be “a task”. Correction is kindly requested.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6-7, 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200169421 to Farkash et al., hereinafter Farkash, in view of US 20150264080  to Busser et al., hereinafter Busser, and further view of  US 20170357496 to Smith et al., hereinafter Smith.

Regarding claim 1, Farkash discloses 
A device, comprising: at least one memory configured to store data; at least one processor configured to process data (Fig. 7); and at least one additional component that is operated by the at least one processor to perform a task or function of the device; wherein the at least one memory stores (ii) software module having at least one application program that is executed by the at least one processor to perform the task or function of the device ([0019][0020], Fig. 1: application such as a web application, include multiple parts or modules, each for accessing data for a purpose), and wherein the at least one processor is configured to:  issue  (ii) a second cryptographic signature for the software module ([0021]: create a digital certificate for each part or module, signed with the private key of the certifier); form (ii) a second code as an identity of the software module , the second code being a hash value of the second cryptographic signature ([0021][0023]: the code identity is the hash of the software code of the part or module, signed and included in each certificate), and (iii) an overall code from the first and second codes (Fig. 2 the signed hashes of the different parts 216a-c (along with the corresponding signed purposes) are combined into the application certificate).
Farkash discloses parts of the web application that each fulfills a purpose i.e each part has configuration for a purpose see Fig. 1 part 104a-c and corresponding purposes or configuration 106a-c([0021]), but does not explicitly teach (i) a configuration module having at least one configuration of the device and other limitations related to the configuration module.
In an analogous art, Busser discloses a device comprising property data including a program data record and a configuration data record ([0062]; the property data is hashed ([0064]), therefore, Busser discloses (i) a configuration module having at least one configuration of the device; (i) a first cryptographic signature for the configuration module ([0061][0062][0064]); form (i) a first code as an identity of the configuration module of the first cryptographic signature ([0061] the property data uniquely identify a device, and the hashed property data constitutes the first code).
It would have been obvious to a skilled artisan before the application was effectively filed to include in the parts fulfilling a purpose and taught by Farkash, property data including configuration data as taught by Busser because it would allow to uniquely identify the device configuration using a signature and would implement a device signature that cannot be easily forged, improving security.
The difference between Farkash/Busser teachings and the claims is that Farkash, although disclosing a publisher certificate included in the application bundle ([0023]), does not explicitly teach sign the overall code with a key to issue a unique certificate for the device, which biuniquely identifies the device. In an analogous art, Smith discloses generating a software bundle including multiple package contents ([0016]), each package content is hashed, the hashes concatenated up toward a root hash in a tree structure ([0041], Fig. 4). Each hash is signed with a private key ([0049]). The signed hash is included in a file, interpreted as a certificate used to authenticate the package contents ([0048]). In a case of a bundle including only 2 packages (e.g. bundle 410, 412). The hash 424/426 biuniquely identifies the bundle. Therefore Smith teaches the limitation. It would have been obvious to a skilled artisan before the application was effectively filed to sign the application certificate of Farkash/Busser as taught by Smith and issue a unique certificate for the device because  it would ensure the integrity and authentication of the individual content bundled together (see Smith [0016]).

Regarding claim 2, Farkash in view of Busser and Smith discloses the device according to Claim 1, wherein the at least one processor (i) forms the first code from the first cryptographic signature and the at least one configuration of the device and (ii) forms the second code from the second cryptographic signature and the at least one application program (Farkash Fig. 1 each part 104a-c comprise at least a module, function, address, control flow ...  i.e program ([0007], associated with purpose (configuration), hashed (Fig. 2, 214); Smith [0042], software release components are hashed). 

Regarding claim 3, Farkash in view of Busser and Smith discloses the device according to Claim 1, wherein at least one of (i) the at least one configuration of the device and (ii) the at least one application program includes at least one parameter for performing the task or function of the device (Farkash [0007]: the part comprise at least function, address, URL ... (parameters, for performing a task such as access to data in the case of an application such as a web application [0019]).

Regarding claim 6, Farkash in view of Busser and Smith discloses the device according to Claim 1, wherein: the at least one processor  has a private key containing a public key, and the at least one processor  is configured to use the private key to sign the overall code for the device (Smith [0049]: each hash node of the tree is signed with a private key of a key pair, the public key being used to verify the signature).  

Regarding claim 7, Farkash in view of Busser and Smith discloses the device according to Claim 6, wherein the at least one processor is further configured to send the public key to the [[a]] configuration module or the software module in order to check an identity of the [[a] configuration module or the software module (Smith [0049]: each hash node of the tree is signed with a private key of a key pair, the public key being used to verify the signature for a particular node. It would have been obvious to a skilled artisan before the application was effectively filed to send the public key to verify the identity of the first or second module because it would allow to verify modules of an application individually (Farkash [0005]).

Regarding claim 13, the claim recites substantially the same content as claim 1 and is rejected by the rationales rejecting claim1.

Regarding claim 14, Farkash in view of Busser and  Smith discloses the method according to Claim 13, further comprising: checking, with the at least one processor of the device , after receiving a predetermined command, that a unique certificate currently created for the device matches a unique certificate stored for the device, and outputting, with the at least one processor of the device (Farkash Fig. 4, step 414, 418: generate hashes and compare with stored hashes), data that indicate a manipulation of the unique certificate currently created for the device when the unique certificate currently created for the device does not match the unique certificate stored for the device (Farkash [0029] Fig. 5, step 520 compare hashes , step 522: output decision whether data access is allowed. It would have been obvious to output decision that the hashes do not match without undue testing).   

Allowable Subject Matter
Claim 8 has been amended to include the previously found allowable matter previously recited in claim 9. Therefore, Claims 8, 10-12  are allowable.

Claims 4-5 recite allowable matter:
Regarding claim 4, Farkash in view of Busser and Smith discloses the device according to Claim 1. Farkash, alone or in combination with Busser, Smith, or any other prior art of the record, fails to teach: at least one peripheral component connected to the device via a data network, wherein the at least one processor is further configured to form a third code from a third cryptographic signature of the at least one peripheral component and to form the overall code from the first code, the second code, and the third code.  
Therefore claim 4 is allowable.  Claim 5 dependent from claim 4 is also allowable.
Claims 4-5 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Takayama et al 20110066838  disclose an apparatus comprising a first security module and a second security module, each security module comprising a plurality of modules respectively associated to certificates and a cumulative hash value of the modules.
Falk et al 11134072  disclose the verification of software of a device, and of  the integrity of the current software or the configuration of the device;
Collier et al 20170288867 disclose hashing device attributes information, generating attribute digital certificates.
Shall et al 10956615 disclose identifying a device platform manifest having a valid certificate, confirming that the platform manifest is bound to the device,  identifying components listed on the platform manifest, confirming that the listed components  have a valid certificate, and loading listed components with valid certificates on the device.
Courtney et al 20130166899 disclose determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed;


Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        6/18/2022