Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                               DETAILED ACTION

1.This action is response to application filed on 10/12/2021. Claims 1-20 are pending.
                Allowable Subject Matter
2. Claims 1, 8 and 17 recite allowable subject matter. There are no prior arts of record, singly or in combination teaches the feature of claim(s) limitations in context of the claims as a whole. However, claims 1, 8 and 17 are not in allowance condition yet because of existing double patenting issue. 
3. For claims 1, 8 and 17, the U.S. 8,266,676 to Hardjono (hereinafter "Hardjono ‘676") discloses the authenticator entity can use the information in the database to assess a level of trustworthiness of the client platform by comparing the integrity /trust records of the database with individual components stored in the integrity report received from the client platform, and computing an overall integrity/trust score for the client platform. The overall integrity/trust score can be influenced by several factors. For example, the chain of custody of the component whose digest is stored in the integrity record can influence the individual integrity/trust scores assigned to the component of the integrity/trust record, and ultimately influence the overall integrity/trust score determined for the client platform. As discussed above, a digest harvested directly from the manufacturer is more likely to be trustworthy than a harvest digested from an off-the-shelf product; and if the digest is more trustworthy, then the digest can potentially lead to greater "trustworthiness" for the client platform. Another factor in determining the "trustworthiness" of the client platform can be the type of certificate used to sign the integrity report. Once the overall integrity /trust score has been determined, that value can be used for additional decision-making and, according to a predetermined policy, can be used in determining whether to grant or deny the client platform access to a resource or service on a network (Hardjono, column 4, lines 12-40). But, Hardjono does not teach obtaining integrity data of an application on a computer system and attesting environment metrics associated with an environment of the computer system; obtaining reference values corresponding to the integrity data of the application and reference values corresponding to the attesting environment metrics; determining, based on a first comparison of the integrity data and the reference values corresponding to the integrity data and a second comparison of the attesting environment metrics and the references values corresponding to the attesting environment metrics, that the integrity data and the attesting environment metrics are valid; and based on the determining that the integrity data and the attesting environment metrics are valid, determining that the computer system is trustworthy as claimed.
              Claim rejections-35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


4. Claim 19 recites the limitation "the request" in line 7.  There is insufficient antecedent basis for this limitation in the claim.

                                                        Double patenting

5. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1+7+4 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1+4 of U.S. Patent No. U.S. U.S. 11165861. Although the claims at issue are not identical, they are not patentably distinct from each other because both of them describe similar method for determining that a computer system is trustworthy. 

The current application 17499731
U.S. 11165861
Explanation
1.A method comprising:






obtaining integrity data of an application on a computer system and attesting environment metrics associated with an environment of the computer system; 


obtaining reference values corresponding to the integrity data of the application and reference values corresponding to the attesting environment metrics; 


determining, based on a first comparison of the integrity data and the reference values corresponding to the integrity data and a second comparison of the attesting environment metrics and the references values corresponding to the attesting environment metrics, that the integrity data and the attesting environment metrics are valid; and 
based on the determining that the integrity data and the attesting environment metrics are valid, determining that the computer system is trustworthy.
7. The method of claim 1, wherein at least a portion of the attesting environment metrics comprises at least one of kernel secure boot metrics or operating system environment metrics.
4. The method of claim 1, further comprising: sending, to the application, a request for the integrity data of the application, wherein the request for the integrity data of the application includes a nonce and a digital signature, and wherein the nonce and the digital signature are used by the computer system to authenticate the request.


1.A computer-implemented method comprising: transmitting, to an application executing on a computer system within a network, a request to obtain integrity data of the application;
obtaining, in response to the request, a response comprising the integrity data of the application and kernel secure boot metrics of a kernel executing on the computer system; 
obtaining a first set of reference values corresponding to the integrity data of the application and a second set of reference values corresponding to the kernel secure boot metrics; 
determining, based on a first comparison of the first set of reference values to the integrity data and a second comparison of the second set of references values to the kernel secure boot metrics, that the integrity data and the kernel secure boot metrics are valid; and as a result of the integrity data and the kernel secure boot metrics being valid, determining that the computer system is trustworthy.














4. The computer-implemented method of claim 1, wherein the request to obtain the integrity data of the application includes a nonce and a digital signature, the nonce and the digital signature used by the computer system to authenticate the request.






	










Similar remarks apply to the instant claims 8+16+13 and 17+20.
                                                     Conclusions
6. Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAN DAI T TRUONG whose telephone number is (571)272-7959. The examiner can normally be reached on Monday-Friday 7:00 Am to 3:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) athttp://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LAN DAI T TRUONG/          Primary Examiner, Art Unit 2452