DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending, of which claims 8-20 are withdrawn.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/17/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) receiving a firmware update patch, generating a platform signature using a platform private key and the firmware update patch, adding the platform signature to the firmware update patch, and providing the firmware update patch to a tester. This judicial exception is not integrated into a practical application because they merely recite process steps in the absence of any physical structure to perform the method, and therefore amount to data manipulation or mathematical operations which can be performed by a human. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because no hardware is presented which performs the method steps.  In order to overcome this rejection, the Examiner recommends incorporating hardware elements which perform the method, such as a hardware processor.  None of claims 2-7 fix this and are therefore rejected for the same reasons.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho et al (PGPUB 2015/0288528), and further in view of Kumar et al (PGPUB 2020/0192659).

Regarding Claim 1:
Cho teaches a method for enabling hardware verification testing of a software (abstract, method includes receiving an application by an electronic device, determining an application signature key included in the application, if the application signature key matches a development signature key among the development signature key and a commercial signature key, verifying the application signature key in relation to whether the electronic device corresponds to information on a test electronic device defined in the application signature key), the method comprising: 
receiving the software (paragraph 174, development application written in a software development kit (SDK)), wherein the software includes a payload (paragraph 41, an application according to various embodiments of the present disclosure may include execution code, data referenced by the execution code, a resource for screen configuration, application authority information defining data or functions that the application accesses, an entire application signature value, an open key for certifying an application signature key, an authority open key for certifying the open key, or the device unique ID (DUID) of a test electronic device), the payload includes code for modifying an application (paragraph 71-78, electronic device including processor and memory comprising software; paragraph 42-43, electronic device receives and installs application), the application includes a standard mode and a test mode, and the standard mode has a first set of verification checks for authenticating a patch that is different from a second set of verification checks for authenticating a patch of the test mode (paragraph 109, communication interface receives application; paragraph 110, application certificate module determines whether application includes application signature key; paragraph 112, application certificate module determines whether the application signature key matches a development signature key; paragraph 114, application certificate module verifies application signature key in relation to whether electronic device receiving the application corresponds to information on a test electronic device defined in the application signature key, i.e. “test mode”; paragraph 119-120, alternatively, if the application signature key matches a commercial signature key, the processor installs the application to the electronic device, i.e. “standard mode”); 
generating a platform signature using a platform private key and the software (paragraph 174, operation terminal may sign a development application with an application signature key; user may load the application signature key from the SDK and sign the development application with the application signature key; paragraph 167, RSA key pair); 
adding the platform signature to the software (paragraph 174, operation terminal may sign a development application with an application signature key; user may load the application signature key from the SDK and sign the development application with the application signature key), wherein the second set of verification checks of the test mode does not require a signature other than the platform signature to authenticate the software but the first set of verification checks of the standard mode requires a signature other than the platform signature to authenticate the software (paragraph 109-120, application certificate module verifies application signature key according to whether the received key matches a development signature key or a commercial signature key using separate processes; if the application signature key matches the development signature key, the commercial signature key is not required; if the application signature key matches the commercial signature key, the development signature key is not required); and 
providing the software to a tester (paragraph 42, application received (e.g. downloading) at test electronic device).
Cho does not explicitly teach wherein the software is a firmware update patch; and
wherein the application is firmware.
However, Kumar teaches the concept wherein a software is a firmware update patch (paragraph 32, uCode capsule package includes authentication information and payload containing uCode firmware volume; paragraph 2-4, firmware volumes for updating platform firmware); and
wherein an application is firmware (paragraph 2-4, firmware volumes for updating platform firmware; paragraph 28, BIOS region divided into three firmware volumes; paragraph 33, System Management Interrupt handler defined to parse uCode patch from capsule image; SMI handler configured to check integrity of update image by validating signature from either OEM/ODM/platform vendor or cloud customers).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the firmware update of a firmware teachings of Kumar with the test platform signature generation teachings of Cho.  Firmware is a subcategory of software generally, which typically runs at the lowest level of device hardware, and can therefore be considered especially vulnerable to programming errors and malicious exploits; therefore, a person of ordinary skill in the art would have considered combining the methods of Cho with the firmware system of Kumar in order to be able to test firmware prior to official release, thereby detecting and eliminating bugs, unforeseen problems, and potential attacks before any field devices become damaged or vulnerable due to installing untested firmware.

Regarding Claim 2:
Cho in view of Kumar teaches the method of claim 1.  In addition, Cho teaches wherein a developer built the payload and adding the platform signature to the software does not require re-building the payload (paragraph 167, development application written by the SDK; paragraph 174, user loads application signature key from the SDK and signs development application with application signature key); and
Kumar teaches wherein the software is the firmware update patch (paragraph 32, uCode capsule package includes authentication information and payload containing uCode firmware volume; paragraph 2-4, firmware volumes for updating platform firmware).
The rationale to combine Cho and Kumar is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.

Regarding Claim 3:
Cho in view of Kumar teaches the method of claim 1.  In addition, Kumar teaches wherein the payload comprises a payload header (paragraph 32, UEFI capsule header).
The rationale to combine Cho and Kumar is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.

Regarding Claim 4:
Cho in view of Kumar teaches the method of claim 1.  In addition, Kumar teaches wherein the firmware is a Basic Input/Output System (BIOS) or a Unified Extensible Framework Interface (UEFI) (paragraph 47, under a modular firmware architecture, such as UEFI, the firmware (BIOS uCode) comprises a combination of core UEFI components and extensions implemented as UEFI modules that are also referred to as images, such as UEFI driver images and UEFI application images; a uCode patch may be targeted to a particular UEFI module).
The rationale to combine Cho and Kumar is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.

Regarding Claim 5:
Cho in view of Kumar teaches the method of claim 4.  In addition, Kumar teaches wherein the firmware update patch is a UEFI runtime patch (URP) capsule (paragraph 31, the uCode patch is encapsulated into a capsule format and a capsule firmware update interface is used to update the uCode regions in BIOS flash; the capsule format uCode image can be built by either an offline phase or online phase to support flexible integrity check method; the capsule formats comply with the capsule format defined by an applicable UEFI specification).
The rationale to combine Cho and Kumar is the same as provided for claim 4 due to the overlapping subject matter between claims 4 and 5.

Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Kumar, and further in view of Fassino et al (PGPUB 2019/0163465).

Regarding Claim 6:
Cho in view of Kumar teaches the method of claim 1.
Neither Cho nor Kumar explicitly teaches the method, further comprising: 
adding a platform public key to the firmware update patch, wherein the platform public key can authenticate the platform signature.
However, Fassino teaches the concept of adding a platform public key to the firmware update patch, wherein the platform public key can authenticate the platform signature (abstract, method provides a firmware update to an electronic device; paragraph 49, firmware update provided with the signing certificate of the master key; device verifies the signature of the signing key on the firmware update; paragraph 57, method includes generating an updated signing key and providing the public part of the updated signing key in the firmware update).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine public key provisioning teachings of Fassino with the test platform signature generation teachings of Cho in view of Kumar, in order to provide the public key used to verify the firmware update with the update itself, with the benefit of improving efficiency and security by eliminating the need to seek and acquire the public key as a separate step, as well as confirming the receiving device was using the most up-to-date keys and certificates, and that the public key certificate had not been revoked.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Kumar, and further in view of Peng et al (PGPUB 2012/0297178).

Regarding Claim 7:
Cho in view of Kumar teaches the method of claim 1.
Neither Cho nor Kumar explicitly teaches wherein the test mode of the firmware can be selected only in a startup menu of the firmware.
However, Peng teaches the concept wherein a test mode of a firmware can be selected only in a startup menu of the firmware (abstract, method automatically switches from a manufacture mode to a user mode on a BIOS chip of a motherboard; paragraph 4, motherboard is tested under manufacture mode, i.e. “test mode”; paragraph 15, configuring module configures BIOS setting file to manufacture mode by configuring options in BIOS setup menu; paragraph 18, configuring module saves configuration into BIOS chip when BIOS chip starts).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the firmware startup menu teachings of Peng with the test platform signature generation teachings of Cho in view of Kumar.  It is well-known in the art that low-level firmware/BIOS settings can typically only be accessed during the startup of a device, before more complex OS elements or interfaces are loaded.  Therefore, a person of ordinary skill in the art would have considered combining the menu teachings of Peng with the system of Cho and Kumar in order to conform to the standards and practices which are common in the art and thereby improve compatibility and usability of the system to the typical user.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491