Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment and Arguments
	Applicant has significantly amended independent claims 1, 12 & 13 and also amended dependent claims 3-7 & 10-11 and canceled claims 2 & 8-9. The Applicant added new claims 14-18. Examiner reviewed these amendment and found them persuasive to  have overcome most claims objections issued in previous office action for claims 1, 4 & 12-13. However, the amendment has not addressed one claim objection for claims 1, 12 & 13 (as mentioned below in this office action and  the amendment has not also addressed claim objection for claim 3.
The amendment has overcome rejection 112(a) for claim 1 issued for single means  and hence this rejection for claim 1 has been withdrawn.  
The amendment has also overcome 112b rejection issued based on invocation of 112f (f)  for claims 3 & 12-13. Hence , rejections 112b (issued based on invocation of 112 (f) has been withdrawn. 
The amendment has also overcome rejections 112b issued for claims 1, 3-7 & 10-11 for antecedent issues. These rejections for claims 1, 3-7 & 10-11 has been withdrawn. 
	The amendment although has overcome most 112b rejections due to indefiniteness issued for claim 1, 3-7 & 10-11 based on indefiniteness, it has not addressed one identified  issue in claim 1 and an issue of claim 7. These unaddressed issues has been maintained as illustrated below in this office action.
	The amendment also created few new issues as illustrated below in this office action.
Response to Arguments
	The Examiner reviewed the arguments of the Applicant in remarks dated 5/02/2022 against issuance 103 rejections for claims 1, 3-7, 10-13 but found them to  be moot as the Examiner has changed ground.
Claim Objection
Claim 1 is objected to as it recites “so as to enable” in 2nd paragraph of clam 1. As recited it make the claim unclear and indirect. Moreover user of word “enable” makes the limitation optional as the make may not be executed at all.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention

Claim 1, 3-7 & 10-11 & 14-18 are rejected under 35 U.S.C. 112 (b), as being indefinite for failing to particularly point out and distinctly claim subject matter which applicant regards as the invention. 
Claim 1 recites in preamble “initializing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner which secures sensitive data, code, and other information”. As recited it makes the claim indefinite as the word “in a manner which” introduces subjectivity in the claim.  
Claims 3-7,  10-11 & 14-18 are also rejected under 112b for their dependencies on claim 1.
Claims 12 & 13 are also rejected under 112b for the reason as illustrated above for claim 1.
Amended Claim 1 recites  in paragraph 05 “storing  a second ownership credential on one hand, and changing an internal key pair on the other hand; As recited the limitation recites subjective term “in one hand” and “on other hand”.
Claims 3-7, 10-11 & 14-18 are also rejected under 112b for their dependencies on claim 1.
Claims 12 & 13 are also rejected under 112b for the reason as illustrated above for claim 1.
Claim 7 is also rejected under 112b as it recites “”zeroizing all or some of its internal state” in the claim body. It is not clear what the limitation is referring to by using word “zeroizing”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1, 3-4, 7, 10-13 & 18 are rejected under 35 USC 103 as being unpatentable over  Xjp (JP 4188584 B2- translated as well as original is attached) in view of  Wolffond  (US 20110214171 A1)  and  O’Loughlin (US 20140108825 A1)   
Regarding claim 1,  Xjp teaches :
after authenticating the request from the second communication, accepting an ownership change by the at least one processing module, wherein accepting the ownership change includes at least one of generating, and storing  a second ownership credential on one hand, and changing an internal key pair on the other hand; [0081] Once authenticated, the management device can communicate the request to BMonitor 250 and have any of the requests executed (provided that it has the right to do so). Although not necessary, it is wise for the management console to change its public / private key pair when it first authenticates itself to BMonitor 250.[0082] When a new ownership domain is created, the management device that creates the new ownership domain can optionally terminate the existing engine 252 and erase the system memory and mass storage device. This enhances the security level in addition to encryption, thereby preventing one management device from accessing information stored on the hardware by another management device. . In addition, each time an ownership domain is popped from the stack, BMonitor 250 terminates the existing engine 252, erases system memory, and erases the storage key for that ownership domain. Thus, information stored by that ownership domain is not accessed by the remaining ownership domains. That is, since the memory is erased, there is no data in the memory, and information on the mass storage device cannot be decrypted without a storage key. Alternatively, BMonitor 250 can also erase mass storage devices.] 
receiving by said at least one secure processing module encrypted client software from a requesting party; and  providing an interface with client application software programs by said at least one secure processing module for the requesting party, wherein said client application software programs embody the encrypted client software after the encrypted client software has been decrypted and run on said secure processing module[.[no mapping is required as the limitation recites “at least one of”.]  
Although Xjp teaches changing of ownership, he does not expclitly teach, however, Wolford teaches:
Wattford teaches a method of initializing a processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner which secures sensitive data, code, and other information, the method comprising: providing at least one processing module, having a first processor, a memory, and  wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;  [0014] According to one aspect of the invention, there is provided a method for authenticating an identity, that involves a computing device receiving a first credential over a first communications channel, and determining a second communications channel from a comparison between the first received credential and a first reference credential. The second communications channel is provisionally associated with the first credential and is different from the first communications channel. The computing device opens the second communications channel and receives a second credential over the opened second communications channel. The computing device authenticates the identity by generating a first identity proof score from a correlation between the first received credential (submitted credential) and the first reference credential, generating a second identity proof score from a correlation between the second received credential and a second reference credential, and generating an ultimate identity proof score from the first identity proof score and the second identity proof score.]
storing by said at least one processing module a first credential in response to receiving a first communication; [0015] The first identity proof score is indicative of a first correlation level between the first received credential and the first reference credential, the second identity proof score is indicative of a second correlation level between the second received credential and the second reference credential, and the ultimate identity proof score is indicative of a confidence level in a correlation between the received credentials and the identity
authenticating by said at least one processing module a request from a second communication, wherein the second communication includes a submitted  credential and  authenticating the request from the second communication includes validating the submitted credential against the first  credential stored by said at least one processing module; [0017] The second communications channel may be uniquely associated with the first reference non-biometric credential, and the communication channel determining may comprise the computing device determining the second communications channel from a comparison between the first received non-biometric credential and the first reference non-biometric credential. The second received credential may comprise a second received biometric credential, the second reference credential may comprise a second reference biometric credential, and the second identity proof score generating (for authentication) may comprise generating the second identity proof score from a comparison between the second received biometric credential and the second reference biometric credential.
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp with the disclosure of Wolfond. The motivation or suggestion would have been to implement a system that will provide efficient, highly reliable and robust authentication techniques. (abstract, para  0002-0012, Wolfond)  
Although Xjp and Wolfond teach change of owner of processing module, they do not teach expclitly, however, O’ Loughlin teaches:
  a secure processing module, 0084] The manufacturing platform noted above may be referred to herein as an asset management system (AMS) and will be denoted by numeral 10 as shown in FIG. 1. The AMS 10 is a customizable solution that can be adapted to accommodate various services. For example, as discussed below, the AMS 10 can be configured to perform one or more of serialization, key injection, and feature activation by controlling the provision of corresponding assets. An asset may therefore refer to any digital data that is to be added, applied to, associated with, or otherwise bound to a device 14. A device 14 can be any component or item that is capable of utilizing such assets. For example, a device 14 may represent a chip, circuit board, electronic consumer device, computer, processor, memory, etc. The AMS 10 creates a control channel 4 to control the provision or injection of an asset into a device 14, and an audit channel 6 to enforce the collection of logging data to track the distribution and use of the assets. The components of the AMS 10 which will be described below can be distributed globally, implemented locally, or any configuration comprising both remote and local components. The AMS 10 enables a company to manage and control sensitive manufacturing processes across a global, outsourced manufacturing environment..
a cryptography module interconnected inside an anti-tamper enclosure, [0112] In order to secure the ACC-to-appliance communication channel, the ACC 12 uses an asymmetric cryptography scheme for key exchange, and symmetric key cryptography to transfer messages between it and the appliance 18. The asymmetric cryptography scheme uses a public key, which is generated from a secret private key. The private key is kept secret and the public key is exposed. It is imperative that the private key be protected in a secure, highly tamper resistant setting. An embedded ACC 12 is able to fulfill this requirement by being able to internally and autonomously generate a unique private key, with a combination of hardware and firmware to protect the secret key from being exposed. The ACC 12 generates a unique identifier for each device 14, and participates in the tracking and provisioning of the device 14 through the encrypted channel with the appliance 18. Once both parties agree on a symmetric key, the appliance 18 issues confidential messages, referred to herein as feature control tickets (FCTs) 50 to the ACC 12 in a secure manner. The ACC 12 is described in greater detail below making reference to FIGS. 51 to 66.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp and Wolffond  with the disclosure of O’Louhlin. The motivation or suggestion would have been to implement a system that will provide efficient techniques to manage the distribution and collection of proprietary and sensitive data such as feature provisioning commands, content protection key data, software/firmware code images,. (abstract, para  0003-0006, O’Loughlin)  
Regarding claim 3, Xjp and and Wolfond teach changing ownership but they do not explicitly teach, O’Loughlin teaches deploying said at least one secure processing module over a computer network, wherein deploying said at least one secure processing module includes: establishing a secure communication channel between  a client device of said requesting party and said at least one secure processing module; receiving by said at least one secure processing module an encrypted client package containing at least one of client package data and client package software; and decrypting by said cryptography module the encrypted client package, thereby availing the decrypted client package to the processor and allowing the processor to load any client package data in application software and run any client package software.  [0200] The appliance 18 is a secure module used to cache, distribute and collect provisioning data and responses to/from one or more agents 20. For example, when an ACC 12 comes on-line, the appliance 18 can track the parts that it is connected to using the ACC's unique ID (UID). The appliance 18 and the ACC 12 may then proceed to exchange key information and open up a tamper resistant communication channel 29, which allows data to be transferred in such a way that the ACC 12 can be certain that it is talking to an authorized appliance 18, and the appliance 18 can be assured that only one unique ACC 12 can decrypt and respond to the message it has sent. Ultimately, the ACC 12 can be issued FCTs 50, and provide FCT responses which contain provisioning commands, secure data, key information, serialization information and any other data the appliance 18 wishes to provide to, push to, upload to, inject into or collect from the ACC 12 or the device 14 in general.] 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp and Wolffond  with the disclosure of O’Louhlin. The motivation or suggestion would have been to implement a system that will provide efficient techniques to manage the distribution and collection of proprietary and sensitive data such as feature provisioning commands, content protection key data, software/firmware code images,. (abstract, para  0003-0006, O’Loughlin)  
Regrading claim 4, Xjp and  O’Loughlin teaches secure processing module , however, they do not teach , expclitly, however, Wolfond teaches wherein said first communication is sent by a said at least one secure processing module for after an initial programming of said at least one  processing module.  [0053] The mobile device 28 executes an application for controlling access to data and/or functionality. The application is stored in the storage 80 of the mobile device 28 and executed by the processor 84. A set of data is accessible via the application after authentication of the user via the entry of the PIN. The data is encrypted by an encryption module of the application using the PIN. In addition, the encryption module of the application encrypts and separately stores the user PIN as will be described below. The encryption module can form part of the application or can be separate.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp and O’Loughlin with the disclosure of Wolfond. The motivation or suggestion would have been to implement a system that will provide efficient, highly reliable and robust authentication techniques. (abstract, para  0002-0012, Wolfond)  
Regarding claim 7, although Xjp and Wolfond teach accepting change of Ownership, they do not teach explicitly, however, O’Loughlin teaches wherein accepting the credential change includes causing the at least one secure processing module to zeroize at least a part of its internal state. [0015] requiring a user of said computing device to change said security credential after said communicating; and [0016] modifying said access to said sensitive data by requiring entry said changed security credential, and [0017] wherein said changed security credential is encrypted during said re-encrypting. [0028] The encryption module can require that a user of the computing device change the security credential before encrypting the security credential using the second encryption key.]
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp and Wolffond  with the disclosure of O’Louhlin. The motivation or suggestion would have been to implement a system that will provide efficient techniques to manage the distribution and collection of proprietary and sensitive data such as feature provisioning commands, content protection key data, software/firmware code images,. (abstract, para  0003-0006, O’Loughlin)  
Regarding claim 10, although Xjp and Wolfon teach secure processing module, they do not teach clearly, however, O’Loughlin teaches storing by said at least one  processing module an owner public key certificate corresponding to an owner private key, wherein the owner public key certificate and the owner private key allow said at least one  processing module to authenticate received message being signed by an owning party using said owner private key in accordance with asymmetric cryptography.  [0404] FIG. 64 illustrates an example of an authenticated confidential messaging protocol, which will now be described. After the successful execution of the key agreement, the ACC 12 and the appliance 18 will have established the basis of a secure channel between the two, and they are now able to share authenticated confidential messages in the form of FCTs 50. The following preconditions may be required. First, APP.sub.j should have its own static private key, d.sub.sj; and obtained some indication that ACC.sub.i, which owns UID.sub.i, will receive a feature control ticket, FCT 50. Second, ACC.sub.i should have APP.sub.j's static public keys, Q.sub.sj, and ACC.sub.i should be ready to handle a new command. This means that ACC.sub.i is in the Functional State 84, is not in hibernation mode, and has completed its previous task.]
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp and Wolffond  with the disclosure of O’Louhlin. The motivation or suggestion would have been to implement a system that will provide efficient techniques to manage the distribution and collection of proprietary and sensitive data such as feature provisioning commands, content protection key data, software/firmware code images,. (abstract, para  0003-0006, O’Loughlin)  
Regarding claim 11, although Xjp and Wolfond teach first ownership credential, they do not teach expclitly, however, O’Loughlin teaches wherein the first credential is defined by said owner public key certificate. [0213] Completely secured feature provisioning can be achieved through the combination of various cryptographic techniques, examples of which are as follows. [0214] Each ACC 12 may have a Root CA public key stored in its ROM 52 or NVM 62. Each appliance j may then have its own unique certificate CERT[APP.sub.j] produced by the Root CA (not shown). The certificates may be relatively small and the certificate fields bit-mapped for easy parsing. The appliance 18 authenticates itself to the ACC 12 by sending a certificate to the ACC 12 as part of the protocol (to be discussed in greater detail below). The ACC 12 uses the CA root certificate to verify the identity of the appliance 18.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Xjp and Wolffond  with the disclosure of O’Loughlin. The motivation or suggestion would have been to implement a system that will provide efficient techniques to manage the distribution and collection of proprietary and sensitive data such as feature provisioning commands, content protection key data, software/firmware code images,. (abstract, para  0003-0006, O’Loughlin) 
Regarding claims 12 & 13, these claims are interpreted to be same as claim 1 and rejected for the same reasons as ser forth for claim 1.
Regarding claim 18, Xjp teaches wherein accepting the ownership change includes causing the at least one secure processing module to replace said first ownership credential with another ownership credential.  .[0082] When a new ownership domain is created, the management device that creates the new ownership domain can optionally terminate the existing engine 252 and erase the system memory and mass storage device. This enhances the security level in addition to encryption, thereby preventing one management device from accessing information stored on the hardware by another management device. . In addition, each time an ownership domain is popped from the stack, BMonitor 250 terminates the existing engine 252, erases system memory, and erases the storage key for that ownership domain. Thus, information stored by that ownership domain is not accessed by the remaining ownership domains. That is, since the memory is erased, there is no data in the memory, and information on the mass storage device cannot be decrypted without a storage key. Alternatively, BMonitor 250 can also erase mass storage devices.] 
Allowable Subject Matter
Claim 5-6 & 14-17 are objected but would be allowable if incorporated in independent claims 1, 12 & 13, if the Applicant rewrites claims I, 12 & 13 to overcome all claim objections and 112b rejections issued for these claims in this instant office action without broadening the scope of these claims. 
Relevant prior arts shown in pto-892 but not used in this office action are as follows:
1. Hamid (US 201302191647) discloses a cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations.2. Dawson (US77788491) teaches a system and method for exchanging secure communications between devices. A broadcast message is periodically transmitted. The broadcast message contains a public key. A response to the broadcast message is received from a client device. The response is encrypted with use of the public key. Further, the response contains the client's public key. Messages encrypted with the client's public key are communicated to the client device.
2. Anand (WO2007148258 -an original English copy attached) ) describes that tamper-proofing is not sufficient for embedded computing platform security as it solves only half of the problem & replication can defeat all sophisticated measures of tamper-proofing. A replicated platform means look-alike and functionally equivalent model of original device. This invention uses hardware rooted trust in a novel way to guarantee platform security without hardware upgrade and re-certification. Tangible assurance about integrity of platform is essential to secure maximum public trust using an external attestation & certification unit (020). Attestation & certification unit (020) along with platform (021) is provisioned with security credentials using a provisioning server (018 & 019) shown as core root-of-trust at platform-vendor premises in a auditable and verifiable manner, beyond any disputes or litigations. This invention is based on distributed root-of-trust security model (as shown in Diagram 11) wherein both attestation unit (020) and platform (021) is on same trust hierarchy and hence can be used in many horizontal applications which are otherwise complex from legal, public-trust aspects and onus of anything going wrong is mostly one-sided. This also provides a maximum security against insider threats from inside of vendor premises.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER A KHAN whose telephone number is (571)272-8574. The examiner can normally be reached M-F 8:00 am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497