Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 1, 2, 5-8, 11-13, and 16-21 are rejected under 35 U.S.C. 102(a)(1)(2) as being anticipated by Spangler et al. (United States Patent US 9015456), hereinafter Spangler.

Regarding claim 1, Spangler teaches a device unit comprising a module that configures the device unit with one operating state from various operating states when the device unit is booted and/or during ongoing operation of the device unit; (Col. 3 Lines 13-15 “In one aspect during boot time, a warning screen may be presented to the user notifying the user the system is running in developer mode.” Lines 57-59 “The developer switch 108 may include a physical switch connected to a switch circuit for switching between the two operating modes of the system.” Col. 2 Lines 60-64 “At some time during operation in normal mode, the user of the system may cause the system to switch to developer mode…” At booting or during in normal mode, the system switches the mode between the normal mode and the developer mode.)
wherein a first protected operating state of the various operating states is designed to permit, an execution of at least one predeterminable operating procedure and to protect it, using defined cryptographic means; (Col. 2 Lines 56-60 “In a first normal mode, the system runs verified code. As used herein, "verified code" refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” Col. 3 Lines 3-5 “security measures typically performed by the system when running normal mode to protect the user from security threats.” The normal mode with security measures is interpreted as a first protected operating state of the various operating states. The normal mode executes verified code, which has been signed by a trusted party, which is interpreted as an execution of at least one predeterminable operating procedure and to protect it. Furthermore, sign by the trusted party is interpreted as using defined cryptographic means.)
wherein at least one second operating state of the various operating states is designed to deactivate the first protected operating state and to permit at least one other changeable operating procedure and to protect it, using predefinable cryptographic means, (Col. 2 Lines 64-67 “In developer mode, the system may run unverified code. As used herein, “unverified code” refers to any code other than verified code, including unsigned or user-signed code.” Col. 6 Lines 36-40 “Once the value of the developer mode state has been locked, in step 414, control is switched to unverified code ( e.g., developer firmware) and the system boots in developer mode so that the user ( e.g., developer) may run their own unsigned or user-signed code.” Col. 6 Lines 40-45 “The value of the developer mode remains locked until the device is rebooted, at which time the system will initiate boot-up using the verified code. Thus, the value of the developer mode, and the state of the developer mode indicator, may be protected against unauthorized modification. The value of the developer mode remains locked until the device is rebooted, at which time the system will initiate boot-up using the verified code. Thus, the value of the developer mode, and the state of the developer mode indicator, may be protected against unauthorized modification.” A developer mode, which is interpreted as at least one second operating state of the various operating states, is switched from the normal mode or enabled. Thus, the normal mode is disabled, which is interpreted as deactivate the first protected operating state or the normal mode. In a developer mode, user (e.g., developer) may run their own unsigned or user-signed code, which is interpreted as permit at least one other changeable operating procedure. Furthermore, the value of the developer mode is also set. Then, the value of the developer mode is locked, which is interpreted as protect it, using predefinable cryptographic means.) and 
wherein, if the configured operating state corresponds to the first operating state, the module maintains this state, (Col. 6 Lines 6-11 “if the processor determines that the system is in normal mode, processor 202, executing verified firmware, may write the value of the developer mode state to secure memory 208 to reflect that the system is operating in normal mode (e.g., the value of the developer mode state is set to zero).” If the processor determines that the system is in normal mode, which is interpreted as if the configured operating state corresponds to the first operating state, the normal mode executes verified firmware and write the value of the developer mode state as the normal mode, which results the system continues to operate in the normal mode, which is interpreted as the module maintains this state.) or 
if the configured operating state corresponds to the at least second operating state, the module deactivates the first operating state and introduces and/or maintains the at least second operating state. (Col. 6 Lines 15-18 “once the developer mode is enabled (e.g., the developer mode state value is set to one) the system will run in developer mode until the developer mode is disabled (e.g., the developer mode state value is set to zero).” Once the developer mode is enabled or switched from the normal mode, which is interpreted as if the configured operating state corresponds to the at least second operating state, the system operates only in the developer mode resulting to disable the normal mode, which is interpreted as the module deactivates the first operating state. Until the developer mode is disabled, the system runs in the developer mode, which is interpreted as maintains the at least second operating state.)
wherein, on a device side, when the operating state is intended to be protected during a boot procedure and/or during ongoing operation of the device unit, integrity protection measures suitable for booting and/or suitable for ongoing operation are provided, (Col. 2 Lines 56-60 “In a first normal mode, the system runs verified code. As used herein, "verified code" refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” Col. 3 Lines 3-5 “security measures typically performed by the system when running normal mode to protect the user from security threats” The verified code in the normal mode, which performs security measures to protect the user from security threats, is interpreted as integrity protection measures suitable for booting and/or suitable for ongoing operation are provided. Furthermore, the verification or signed by a trusted party for the verified code, is used for the normal mode. The normal mode with security measure and the verified code is interpreted as when the operating state is intended to be protected during the boot procedure and/or during ongoing operation of the device unit.)
the integrity protection measures comprise device authentication and/or device integrity attestation; (Col. 2 Lines 57-60 ““verified code” refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” Col. 3 Lines 3-5 “security measures typically performed by the system when running normal mode to protect the user from security threats” Col. 7 Lines 50-52 “at boot time, the system (e.g., system 100 or system 200) may verify the code executed at the embedded controller before turning control over to unverified code.” Sign by a trusted party for verified code is interpreted as the integrity protection measure comprises device authentication. Furthermore, the system also verify the code at the boot time and performs the security measure when running normal mode.)
wherein the module is able to be configured by way of one or more software and/or firmware program codes and/or hardware circuits, (Col. 3 Lines 19-24 “the present system provides a developer mode indicator (e.g., an LED developer mode indicator) that can be activated for the duration that the system is running in developer mode such that the user is aware of the mode of operation of the system even if the user missed the boot time warning.” Col. 4 Line 65 - Col. 5 Line 1 “The secure memory 208 may store a developer mode state (e.g., having a value of one or zero) that controls whether the computing” Col. 5 Lines 22-30 “Since the developer mode indicator 214 is controlled using the developer mode state written to secure memory 208 (e.g., to an internal register of a TPM chip), the value of the developer mode state and thus the state of the developer mode 25 indicator should be protected from being falsely modified (e.g., to turn off the developer mode indicator 214 when running in developer mode) by an unauthorized developer while the system is executing unverified code in developer mode.” Col. 4 Lines 39-41 “The firmware memory 300 may include verified firmware 302 (e.g., read-only firmware) for initializing boot-up and/or booting the system in normal mode…” An LED developer mode indicator can be activated during the developer mode or deactivated during normal mode. Furthermore, the value of the developer mode state controls whether the computing device is in developer mode, which further controls the LED developer mode indicator. Furthermore, a verified code for initializing boot-up and/or booting the system in normal mode also configures the device.)
the one or more software and/or firmware program codes are able to be sealed. (Col. 3 Lines 48-51 “The processor 102 is configured to execute instructions, such as instructions physically coded into the processor 102, instructions received from software in firmware memory 104 or memory 106, or a combination thereof.” Col. 5 Lines 22-30 “Since the developer mode indicator 214 is controlled using the developer mode state written to secure memory 208 (e.g., to an internal register of a TPM chip), the value of the developer mode state and thus the state of the developer mode 25 indicator should be protected from being falsely modified (e.g., to turn off the developer mode indicator 214 when running in developer mode) by an unauthorized developer while the system is executing unverified code in developer mode.” Col. 4 Lines 39-41 “The firmware memory 300 may include verified firmware 302 (e.g., read-only firmware) for initializing boot-up and/or booting the system in normal mode…” The processor included in the system is configured by executing instruction coded into the processor and instructions received from software in firmware memory or memory, which is interpreted as the module is configured by way of one or more software and/or firmware program codes. Furthermore, the processor configures the system, which is interpreted as the module is able to be configured by hardware circuits. Furthermore, as discussed above, the value of the developer mode is stored in a secure memory providing lockable or protectable storage, which is interpreted as the one or more software and/or firmware program codes are able to be sealed. The verified code or firmware in the normal mode for initialization or booting process is also a read-only firmware.)

Regarding claim 2, Spangler teaches that the device unit is designed as an embedded system or as part of an embedded system. (Col. 7 Lines 41-47 “the system may include an embedded controller that controls keyboard, power, battery and/or other existing indicators. In one aspect, the state of the developer mode indicator may similarly be stored at the embedded controller or may be read at boot time from the physical developer switch 108 or secure memory 208 by the embedded controller.” The system includes an embedded controller, which is interpreted as the device is designed as an embedded system.)

Regarding claim 5, Spangler teaches depending on the operating state, at least one key for the integrity protection measures is able to be provided on the device side or by a user. (Col. 2 Lines 56-60 “In a first normal mode, the system runs verified code. As used herein, "verified code" refers to code, such as verified firmware, operating system or boot image, which has been signed by a trusted party (e.g., a computer manufacturer).” As well known in the art before the effective filing date of the claimed invention, the signature for the code or the code signed by a trusted party is a type of cryptography involving public keys and private keys. A signature provided by a trusted party for verified code is interpreted as one key for the integrity protection measure.)

Regarding claim 8, Spangler teaches that parts of the device unit are able to be activated and/or able to be deactivated. (Col. 3 Lines 19-24 “the present system provides a developer mode indicator (e.g., an LED developer mode indicator) that can be activated for the duration that the system is running in developer mode such that the user is aware of the mode of operation of the system even if the user missed the boot time warning.” An LED developer mode indicator can be activated during the developer mode or deactivated during normal mode.)

Regarding claim 11, Spangler teaches that at least one further third operating state of the device unit is designed to permit the first and the second operating state in parallel operation and possibly to cryptographically protect them. (Col. 7 Lines 50-55 “at boot time, the system (e.g., system 100 or system 200) may verify the code executed at the embedded controller before turning control over to unverified code. The system may then allow the main processor (e.g., processor 102 or 202) to run unverified code, but the embedded controller will only run verified code.” While the main processor runs unverified code, the embedded controller only runs verified code, which is interpreted as to permit the first and the second operating state in parallel operation. Furthermore, as discussed above, the verified code in the normal mode is protected with sign by the third party and the unverified code in the developer mode also is protected from an unauthorized developer, which is interpreted as to cryptographically protect them.)

	Regarding claims 13, 16, and 19, the claims 13, 16, and 19 are the method claims of the apparatus claims 1, 5, and 11. The claims 13, 16, and 19 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Spangler teaches all the limitations of the claims 13, 16, and 19.

Regarding claim 21, the claim 21 is a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, as claimed in claim 13. Spangler teaches a computer readable hardware storage device having computer readable program code stored therein. (Col. 9 Lines 52-57 “Some implementations include electronic components, such as microprocessors, storage and memory that store computer program instructions in a machine-readable or computer-readable medium (alternatively referred to as computer-readable storage media, machine-readable media, or machine-readable storage media).”) The claim 21 does not further teach or define the limitation over the limitations recited in the rejected claim 13 above. Therefore, Spangler teaches all the limitations of the claim 21.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 6, 7, 12, 17, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Spangler in view of Takayama et al. (United States Patent Application Publication US 2010/0185845), hereinafter Takayama.

Regarding claim 6, Spangler teaches all the limitations of the device unit as claimed in claim 1, as discussed above.
However, Spangler does not teach in each case a device certificate for both operating states is able to be made available.
Takayama teaches in each case a device certificate for both operating states is able to be made available. (Fig. 5 “Start normal secure boot processing” S501 “Compare module and certificate” Fig. 6 “Start update secure boot processing” S601 “Compare module and certificate” For both operating states, such as normal secure boot processing and update secure boot processing, as shown in Fig. 5 and Fig. 6, certificates are compared, which is interpreted as in each case a device certificate for both operating states is able to be made available.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spangler by incorporating the teaching of Takayama of certificates for both operating states. They are all directed toward security in the computer system. As recognized by Takayama, the services provided over a network have grown to provide wide range of services for various types of devices. ([0002]) Thus, for preventing improper activities such as manipulating the software modules installed in the devices, a certificate for each software module verifies the integrity of the software. ([0003]) Therefore, it would be advantageous to incorporate the teaching of Takayama of certificates for both operating states to verify the integrity of the software.

Regarding claim 7, Spangler teaches all the limitations of the device unit as claimed in claim 3, as discussed above.
Takayama further teaches that the deactivation of the protected operating state is able to be performed by deleting the at least one key and/or revoking the device certificate made available for the protected operating state. (Fig. 14 S406 “Reset update flag, delete certificate prior to update” S1407 “Update certificate for which value shown by counter in security device and reference counter value are the same with existing certificate”…“END” After delete certificate prior to update, then the certificate is update in the secure boot processing, which is interpreted as revoking the device certificate made available for the protected operating state. Furthermore, updating or revoking the device certificate results in “END” of the secure boot processing.)

Regarding claim 12, Spangler teaches all the limitations of the device unit as claimed in claim 1, as discussed above.
Takayama further teaches that the first, second and possibly the third operating state is able to be defined by device configuration, what are known as jumpers, activation codes and/or by the key and/or by the device certificate and/or the revocation state of the device certificate and/or by a trust anchor and/or by a communication protocol with a further authority. (FIG. 15A-15C, each states during updates are defined by values of the certificates, which are interpreted as the first, second, and possibly the third operating state is able to be defined by device configuration, what are known as the key, the device certificate, and the revocation state of the device certificate.)

	Regarding claims 17, 18, and 20, the claims 17, 18, and 20 are the method claims of the apparatus claims 6, 7, and 12. The claims 17, 18, and 20 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Spangler in view of Takayama teaches all the limitations of the claims 17, 18, and 20.

Response to Arguments
Applicant's arguments filed 4/5/2022 with respect to “35 U.S.C. 102(b)” have been fully considered but they are not persuasive.
Applicant argues
The claimed integrity protection measures such as device authentication and/or device integrity attestation are used, for example, to check whether hardware and software are available unchanged. In contrast, Spangler discloses a computer system with a secure memory unit 208 and an indicator for a developer operating mode, wherein the secure memory unit 208 can be locked via a firmware command such that the value of the indicator which developer mode as long as it cannot be changed how the computer system stays in developer mode.2 As described in Spangler, the indicator is intended to make the user aware that the system is in developer mode while thereby contributing to system security.
The objective technical task of Spangler is to increase an operational reliability of the device unit or the computer system; however, Spangler fails to teach the specifics for accomplishing this task, including the newly recited featured in claim 1. Due to the lack of specifics, one having ordinary skill in the art would have a multitude of options for increasing the operational security of the computer system of Spangler both in normal operating mode and in developer mode, without a specific direction to go. As noted above, Spangler describes a system for securing the developer mode consisting of firmware and a secure memory unit 208, the secure memory unit 208 being able to be locked via a firmware command in such a way that the value of the indicator which the developer mode displays until you can change how the computer system stays in developer mode. In order to increase the operational security of the computer system of Spangler, one having ordinary skill in the art would consequently implement additional security concepts for the locking of the secure memory unit in order to achieve greater reliability of the developer mode display. One having ordinary skill in the art would, for example, implement additional security concepts with regard to firmware access to the secure memory unit, or consider implementing measures which relate to a more secure hardware configuration of the secure storage unit or its system interface. However, based on the teaching of Spangler, one having ordinary skill in the art would have no reason to implement the claimed integrity protection measures such as device authentication and/or device integrity attestation.
Remarks Pages 8-9

Examiner respectfully disagrees with applicant’s argument that based on the teaching of Spangler, one having ordinary skill in the art would have no reason to implement the claimed integrity protection measures such as device authentication and/or device integrity attestation. As discussed above in the claim rejection under 35 U.S.C. 102 regarding claim 1, in normal mode, the system runs the verified code, which has been signed by a trusted part. (Col. 2 Lines 56-60) Also, the security measure is performed while running in normal mode to protect the user from security threats. (Col. 3 Lines 2-5) Furthermore, at the boot time, the system may verify the code executed at the embedded controller before turning control over to unverified code. (Col. 7 Lines 50-52) The claim 1 discloses that a first protected operating state of the various operating states is designed to…protect it...wherein at least one second operating state of the various operating states is designed to…protect it. Thus, the normal mode, which is interpreted as the first protected operating state, is protected using the verified code at boot time, and security measures while running in the normal mode. 

Applicant argues
Furthermore, amended claim 1 now recites that the software or firmware program codes be sealed so that a changed state can be secured again even in the open operating mode. Spangler only differentiates between a secure mode, in which original software or the like can only be processed, and an open mode, which can process other software. Although this other software can also be signed, sealing by means of the device unit (i.e. at or after the runtime) cannot be inferred from the Spangler document. The one or more software and/or firmware program codes being sealed is particularly advantageous in development because a development engineer can experiment with software and then fix a satisfactory state once it has been established, and thus create a new software state that is protected against manipulation. Spangler does not teach this feature. Accordingly, Spangler does not teach each and every element of amended claim 1.
Remarks Page 9

Examiner respectfully disagrees with applicant’s argument that although this other software can also be signed, sealing by means of the device unit (i.e. at or after the runtime) cannot be inferred from the Spangler document. As discussed above, Spangler teaches the verified code signed by a trusted party, which is verified at the boot time, and security measure while running in the normal mode. (Col. 2 Lines 56-60, Col. 3 Lines 2-5, Col. 7 Lines 50-52)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Isozaki et al. (United States Patent Application Publication US 2014/0122902) teaches a first processor of an information processing apparatus to switch between a secure mode and a non-secure mode and a second processor to access to a protected area of a storage module while the first processor is in the secure mode.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/H.K./            Examiner, Art Unit 2187                                                                                                                                                                                            
/JAWEED A ABBASZADEH/            Supervisory Patent Examiner, Art Unit 2187