DETAILED ACTION

Status of Claims
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-23 are pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-23 are rejected under 35 U.S.C. 103 as being unpatentable over Moulard et al. (“ROS 2 Robotic Systems Threat Model,” March 2019) (hereinafter “Moulard”), available at http://design.ros2.org/ articles/ros2_threat_model.html.  References cited by Moulard are also incorporated by reference therein.  
	Regarding claims 1-23, Moulard teaches the various strategies to mitigate tampering risks for robotic systems, including but not limited to the following:
“Run each node in an isolated environment with limited privileges(sandboxing).”
“Enable signing and verification of executables.”
“Implement network access control systems, performing a verification of the part before granting access to the system.”
“Enable signature verification of executables to reduce the risks of inserting a malicious node”
“Configuration data access control list should be implemented.”
“Configuration write-access should be limited to the minimum set of users and/or components.”
“Permissions CA should digitally sign nodes binaries to prevent running tampered binaries.”
“Permissions CA should be able to revoke certificates in case credentials get stolen.”
“Each ROS user should have very limited permissions and quota should be configured.”
“Reduce blast radius using IAM roles with minimal permissions and expiring credentials following AWS security best practices.”
“DDS Security Governance document must set `enable_join_access_control` to True to explicitly whitelist node-to-node-communication. permissions.xml should be as restricted as possible.”
“Add authentication mechanisms to limit access to the ports only to authenticated devices and users.”
“Limit access or remove exposed debug ports.”
“Disable local debug terminals and functionality from the ports.”
“For tampering a package on a third-party repository: set up a third-party package validation process so packages are not consumed directly from a third party, but instead each package version has to be approved and imported into a private trusted repository.”
“Components should not be trusted and be properly isolated (e.g. run as different users).”
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate, combine, extend, generalize or otherwise apply the teachings of Moulard to arrive at the limitations of the claims at issue, including a computing device, comprising: a processor; and a non-transitory computer readable medium comprising processor-executable instructions to cause the processor to: receive a request to execute an application from a robotic surgical system; obtain a cryptographic signature associated with a manifest, the manifest associated with the application; in response to verification of the manifest or the application based on the cryptographic signature, determine at least one configuration setting for the application based on the manifest, the at least one configuration setting comprising a permission; configure an execution environment based on the at least one configuration setting, the at least one configuration setting enabling the application to interact with the robotic surgical system; and execute the application in the execution environment (as recited in claim 1); further comprising processor-executable instructions to cause the computing device to: restrict the execution environment of the application by limiting communication between the robotic surgical system and the computing device, wherein the computing device comprises a separate processor, a distributed computing environment, or a separate execution environment in a separate device (as recited in claim 2); further comprising processor-executable instructions to cause the computing device to: authenticate a user; determine an access level for the user based on one or more user permissions; verify the user is allowed access based on the access level; and launch the application when the one or more user permissions are verified (as recited in claim 3); further comprising processor-executable instructions to cause the computing device to: verify the cryptographic signature with a first trusted entity; and install the application on the computing device, wherein the installation only occurs after verification that the cryptographic signature originated from the first trusted entity or a second trusted entity (as recited in claim 4); wherein the cryptographic signature comprises an encryption key, wherein the encryption key is provided by a first trusted entity, and further comprising processor-executable instructions to cause the computing device to: verify the cryptographic signature using the encryption key from the first trusted entity; and install the application on the computing device, wherein the installation only occurs after verification that the cryptographic signature originated from the first trusted entity or a second trusted entity and is unaltered (as recited in claim 5); further comprising processor-executable instructions to cause the computing device to: receive a request to access a resource via one or more external ports; and allow the application to access the resource based on the execution environment associated with the robotic surgical system via the one or more external ports (as recited in claim 6); further comprising processor-executable instructions to cause the computing device to: identify one or more external ports requested by the application; determine permissions for each requested external port based on the manifest, before running the application; and create a restricted execution environment to execute the application based on the determined permissions of the one or more identified external ports (as recited in claim 7); further comprising processor-executable instructions to cause the computing device to: enable the application to use an existing restricted execution environment based on the determined permissions of the one or more identified external ports; and communicate display or audio information from the application to a display manager of the robotic surgical system through the one or more external ports, the display manager controlling the display or audio information output by the robotic surgical system, and wherein the display or audio information comprises streaming audio, streaming video, annotated streaming video, an image, or an annotated image (as recited in claim 8); a method, comprising: receiving, by a computing device, a request to execute an application from a robotic surgical system; obtaining, by the computing device, a cryptographic signature associated with a manifest, the manifest associated with the application; determining, by the computing device and in response to verification of the manifest or the application based on the cryptographic signature, at least one configuration setting for the application based on the manifest, the at least one configuration setting comprising a permission; configuring, by the computing device, an execution environment based on the at least one configuration setting, the at least one configuration setting enabling the application to interact with the robotic surgical system; and executing the application in the execution environment (as recited in claim 9); further comprising: restricting the execution environment of the application by limiting communication between the robotic surgical system and the computing device, wherein the computing device comprises a separate processor, a distributed computing environment, or a separate execution environment in a separate device (as recited in claim 10); further comprising: authenticating a user; determining an access level for the user based on one or more user permissions; verifying the user is allowed access based on the access level; and launching the application when the one or more user permissions are verified (as recited in claim 11); further comprising: verifying the cryptographic signature with a first trusted entity; and installing the application on the computing device, wherein the installation only occurs after verification that the cryptographic signature originated from the first trusted entity or a second trusted entity (as recited in claim 12); wherein the cryptographic signature comprises an encryption key, wherein the encryption key is provided by a first trusted entity, and further comprising: verifying the cryptographic signature using the encryption key from the first trusted entity; and installing the application on the computing device, wherein the installation only occurs after verification that the cryptographic signature originated from the first trusted entity or a second trusted entity and is unaltered (as recited in claim 13); further comprising: receiving a request to access a resource via one or more external ports; and allowing the application to access the resource based on the execution environment associated with the robotic surgical system via the one or more external ports (as recited in claim 14); further comprising: identifying one or more external ports requested by the application; determining permissions for each requested port based on the manifest, before running the application; and creating a restricted execution environment to execute the application based on the determined permissions of the one or more identified external ports (as recited in claim 15); further comprising: enabling the application to use an existing restricted execution environment based on the determined permissions of the one or more identified external ports; and communicating display or audio information from the application to a display manager of the robotic surgical system through the one or more external ports, the display manager controlling the display or audio information output by the robotic surgical system, and wherein the display or audio information comprises streaming audio, streaming video, annotated streaming video, an image, or an annotated image (as recited in claim 16); a non-transitory computer readable medium comprising processor-executable instructions to cause a processor to: receive a request to execute an application from a robotic surgical system; obtain a cryptographic signature associated with a manifest, the manifest associated with the application; in response to verification of the manifest or the application based on the cryptographic signature, determine at least one configuration setting for the application based on the manifest, the at least one configuration setting comprising a permission; configure an execution environment based on the at least one configuration setting, the at least one configuration setting enabling the application to interact with the robotic surgical system; and execute the application in the execution environment (as recited in claim 17); further comprising processor-executable instructions to cause the processor to: restrict the execution environment of the application by limiting communication between the robotic surgical system and a computing device, wherein the computing device comprises a separate processor, a distributed computing environment, or a separate execution environment in a separate device (as recited in claim 18); further comprising processor-executable instructions to cause the processor to: authenticate a user; determine an access level for the user based on one or more user permissions; verify the user is allowed access based on the access level; and launch the application when the one or more user permissions are verified (as recited in claim 19); further comprising processor-executable instructions to cause the processor to: verify the cryptographic signature with a first trusted entity; and install the application on a computing device, wherein the installation only occurs after verification that the cryptographic signature originated from the first trusted entity or a second trusted entity (as recited in claim 20); wherein the cryptographic signature comprises an encryption key, wherein the encryption key is provided by a first trusted entity, and further comprising processor-executable instructions to cause the processor to: verify the cryptographic signature using the encryption key from the first trusted entity; and install the application on a computing device, wherein the installation only occurs after verification that the cryptographic signature originated from the first trusted entity or a second trusted entity and is unaltered (as recited in claim 21); further comprising processor-executable instructions to cause the processor to: identify one or more external ports requested by the application; determine permissions for each requested port based on the manifest, before running the application; and create a restricted execution environment to execute the application based on the determined permissions of the one or more identified external ports (as recited in claim 22); further comprising processor-executable instructions to cause the processor to: enable the application to use an existing restricted execution environment based on the determined permissions of the one or more identified external ports; and communicate display or audio information from the application to a display manager of the robotic surgical system through the one or more external ports, the display manager controlling the display or audio information output by the robotic surgical system, and wherein the display or audio information comprises streaming audio, streaming video, annotated streaming video, an image, or an annotated image (as recited in claim 23) in order to mitigate tampering risks for robotic systems.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT T LUAN whose telephone number is (571)270-1860.  The examiner can normally be reached on 9am-5pm, M-F (generally).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Gary Jackson, can be reached on 571-272-4697.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SCOTT LUAN/Primary Examiner, Art Unit 3792