DETAILED ACTION
Remarks
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Office Action is filed in response to Applicant’s arguments and amendment dated December 20, 2021.  Claims 1 and 10 are currently amended and claims 1-20 remain pending in the application and have been fully considered by Examiner.    
Applicant's arguments with respect to the prior art rejections have been considered, but are not persuasive, as detailed below in the Prior Art Argument - Rejections section. To the extent that Applicant has amended these claims, additional clarification has been provided below where necessary to further point out that the prior art of record cited in the previous Office Action discloses the claim limitations as currently amended.

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Prior Art Arguments – Rejections
Applicant’s arguments have been fully considered by Examiner, but they are moot and/or not persuasive, as follows:

With respect to claim 1, Applicant primarily argues that “because APP1' with VER1' is not yet installed in user device 24 (but is to be installed only after authentication), Tasher's received version identifier (e.g., VER1') cannot be the claimed ‘backup system version identification corresponding to a backup system version that is a highest system version among all historical system versions of the system.’”1 Examiner respectfully disagrees.  While claims must be “given their broadest reasonable interpretation consistent with the specification.” Phillips v. AWH Corp., 415 F.3d 1303, 75 USPQ2d 1321 (Fed. Cir. 2005).  Although claims of issued patents are interpreted in light of the specification, prosecution history, prior art and other claims, this is not the mode of claim interpretation to be applied during examination. During examination, the claims must be interpreted as broadly as their terms reasonably allow. In re American Academy of Science Tech Center, 367 F.3d 1359, 1369, 70 USPQ2d 1827, 1834 (Fed. Cir. 2004) (The USPTO uses a different standard for construing claims than that used by district courts; during examination the USPTO must give claims their broadest reasonable interpretation in light of the specification.).  Furthermore, Tasher teaches, with claim mapping added, “Each of providers 64 assigns version identifiers to a respective data item in a sequence of an increasing order. As such, a more recent version of the data item is assigned a more advanced version identifier in the sequence...the assigned version numbers satisfy VER1′ [backup system version identification] > VER1 [current system version ident cation].” Thus the received version will have the highest version number, i.e. a backup system version identification corresponding to a backup system version that is a highest system version among all historical system versions of the system, as currently claimed.
Applicant’s argument is therefore unpersuasive.  

With respect to all other claims, Applicant references the arguments made with respect to claim 1, which are unpersuasive for the reasons detailed above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 5-8, 10-14, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Tasher et al. (20180060607 – hereinafter Tasher) in view Wikipedia, “Flash Memory” (hereinafter Wikipedia), Arora (20170124353– hereinafter Arora) and Krishnamurthy et al. (20140130151 – hereinafter Krishnamurthy).

	With respect to claim 1, Tasher discloses A method for upgrading a system version of a system, comprising: 
	[in response to the system powering up,] acquiring, using storage media, from a first storage space a current system version identification corresponding to a current system version (e.g., Figs. 1-4 along with associated text, e.g., [0015], A data item may comprise, for example, executable code, such as an application program or a booting code of an underlying operating system; [0039], Non-volatile memory 44 additionally stores for each application program 60A and 60B a respective version identifier 62A (denoted VER1) [current system version identification corresponding to a current system version] or 62B (denoted VER2); [0046], User device 24 downloads an updated version of a data item accompanied by its version identifier. In the present example, user device 24 downloads APP1' with VER1' and APP2' with VER2'. The memory controller compares between the received and stored version identifiers [acquiring, using storage media, from a first storage space a current system version identification corresponding to a current system version] of the relevant data item; see also [0093-95].); 
	acquiring, using storage media, from a second storage space a backup system version identification corresponding to a backup system version that is a highest system version among all historical versions of the system, the second storage space being a [non-volatile] storage space in a computer hardware device of the system and being configured to store the backup system version identification (e.g., Figs. 1-4 along with associated text, e.g., [0045], Each of providers 64 assigns version identifiers to a respective data item in a sequence of an increasing order. As such, a more recent version of the data item is assigned a more advanced version identifier in the sequence. For example, assuming that provider 64A issues version identifiers in some order, since APP1′ (72A) is an updated version of APP1 (60A), provider 64A assigns to APP1′ version identifier VER1′ (76A) [a backup system version identification corresponding to a backup system version] that is more advanced in the order than version VER1 (62A) of APP1 [that is a highest system version among all historical versions of the system]. In some embodiments, the version identifiers comprise version numbers. In such embodiments, the assigned version numbers satisfy VER1′>VER1; [0046], User device 24 downloads an updated version of a data item accompanied by its version identifier. In the present example, user device 24 downloads APP1' with VER1' [backup system version identification] and APP2' with VER2'. The memory controller compares between the received and stored version identifiers [acquiring, using storage media, from a second storage space a backup system version identification corresponding to a backup system version] of the relevant data item; see also [0093-95].); 
	comparing, using comparison circuitry, the current system version identification with the backup system version identification acquired from the second storage space, [wherein the comparison circuitry is a hardware implementation where software cannot participate in reading, comparing, and updating the backup system version identification] (e.g., Figs. 1-4 along with associated text, e.g., [0046],The memory controller compares between the received and stored version identifiers of the relevant data item [comparing, using circuitry, the current system version identification with the backup system version identification], and allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions; see also [0093-95]); and 
	configuring the system based on the comparison, [wherein the system is configured to start in response to a determination that the current system version identification is equal to the backup system version identification] (Id., particular, allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions [configuring the system based on the comparison]; see also [0039-40] and [0093-95].).
	Although Tasher disclose the second storage space (see above), to the extent that it does not appear to explicitly disclose non-volatile, this is taught in analogous art, Wikipedia (e.g., p. 1, Flash memory is an electronic (solid-state) non-volatile computer storage medium that can be electrically erased and reprogrammed.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Tasher with flash storage of Wikipedia because “flash memory is also often used to store configuration data in numerous digital products” and “flash memory offers fast read access times,” as suggested by Wikipedia (see p. 1).
	To the extent that Tasher does not appear to explicitly disclose wherein the comparison circuitry is a hardware implementation where software cannot participate in reading, comparing, and updating the backup system version identification, this is taught by analogous art, Arora (e.g., Figs. 3-4 and associated text, e.g., [0032], Processor 310, as a special-purpose machine, may include non-generic and specially-designed hardware circuits that are designed, arranged and configured to perform specific tasks pertaining to anti-rollback of version of secure data in accordance with various implementations of the present disclosure. For instance, processor 310 may include some or all of a comparison circuit 312, a retrieving circuit 314, an extraction circuit 316, an updating circuit 318, and an encryption and decryption circuit 319 that, together, perform specific tasks and functions to render anti-rollback of version of secure data in accordance with various implementations of the present disclosure.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the hardware-based invention of Arora because hardware is understood to be more secure than software.
	Tasher in view Arora does not appear to explicitly disclose in response to the system powering up or wherein the system is configured to start in response to a determination that the current system version identification is equal to the backup system version identification.  However, this is taught in analogous art, Krishnamurthy (e.g., Figs. 3-5 and associated text, e.g., [0078], at step 410, the start-up sequence [powering up] for the NFCC 145 is initiated; [0080], If the comparison step indicates that the FVN is not less than the LAFVN, then start-up continues as normal and proceeds to step 470 [wherein the system is configured to start in response to a determination that the current system version identification is equal to the backup system version identification];  see also [0039], According to some embodiments of the present invention, the NFCC 145 can check the firmware version number (FVN) of installation file that the mobile device wants to install against the current firmware version number. This can be done by storing a least acceptable firmware version number (LAFVN), which can be associated with the current firmware version number, in a secure element environment of the mobile device 110. The LAFVN can be used to compare against the FVN to prevent a rollback.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy because it “can protect against software and hardware attacks,” as suggested by Krishnamurthy (see [0010]).

	With respect to claim 2, Tasher also discloses wherein configuring the system based on the comparison further comprises: 
	in response to the current system version identification being less than the backup system version identification, triggering an upgrade of the system version according to the backup system version associated with the backup system version identification, wherein the backup system version is used for initiating the system (e.g., Figs. 1-4 along with associated text, e.g., [0045], In some embodiments, the version identifiers comprise version numbers. In such embodiments, the assigned version numbers satisfy VER1'>VER1; [0046],The memory controller compares between the received and stored version identifiers of the relevant data item, and allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions [n response to the current system version identification being less than the backup system version identification, triggering an upgrade of the system version according to the backup system version associated with the backup system version identification]; [0015], A data item may comprise, for example, executable code, such as an application program or a booting code of an underlying operating system [backup system version is used for initiating the system]; see also [0039-40].).

	With respect to claim 5, Tasher also discloses wherein configuring the system based on the comparison further comprises: in response to the current system version identification being the same as the backup system version identification, using the current system version when the system is initiated (e.g., 1 and 4 along with associated text, e.g., [0046],The memory controller compares between the received and stored version identifiers of the relevant data item, and allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions [in response to the current system version identification being the same as the backup system version identification, using the current system version]; [0015], A data item may comprise, for example, executable code, such as an application program or a booting code of an underlying operating system [when the system is initiated]; see also [0039-40].).

	With respect to claim 6, Krishnamurthy further teaches wherein configuring the system based on the comparison further comprises: in response to the current system version identification being greater than the backup system version identification, writing, using hardware, the current system version identification to the second storage space (e.g., Figs. 3 and 6-7 along with associated text, e.g., [0076], if the FVN is greater than the LAFVN, the LAFVN can be updated to equal the FVN. The methods for updating the secure element environment are discussed in more detail in FIG. 6 and FIG. 7.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy for the same reason set forth above with respect to claim 1.

	With respect to claim 7, Krishnamurthy further discloses wherein the second storage space cannot be updated by software (e.g., Figs. 3 and 6-7 along with associated text, e.g., [0047], Embodiments of the present invention overcome the shortfalls mentioned above, by storing the version number of the firmware in the secure element environment [second storage space].... Therefore, by storing the version number at the secure element environment instead of the high level software application layer, the mobile device can be less vulnerable to attacks. In some embodiment, the secure element environment is a secure memory execution partition that cannot be accessed or tampered by any external program [cannot be updated by software], bus or device port.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy for the same reason set forth above with respect to claim 1.

	With respect to claim 8, Tasher also discloses wherein the current system version identification in the first storage space is updated by software (e.g., Figs. 1-4 along with associated text, e.g., [0094], At a swapping step 216, upon successful authentication at step 208, and successful validation at step 212, the memory controller re-maps the logical-to-physical addresses. Specifically, address mapper 88 maps logical addresses LA1 of logical storage location SEC_1L to physical addresses PA2 of physical storage location SEC_2P (in which the updated version APP1' is now stored) [current system version identification in the first storage space is updated by software], and maps logical addresses LA2 of logical storage location SEC_2L to physical addresses PA1 of physical storage location SEC_1P, for writing a subsequent update of APP1, when available).

	With respect to claim 10, Tasher discloses An apparatus for upgrading a system version of a system, comprising: 
	a first storage space configured to store a current system version identification corresponding to a current system version, wherein the current system version identification is acquired from the first storage space [in response to the system powering up] (e.g., Figs. 1-4 along with associated text, e.g., [0015], A data item may comprise, for example, executable code, such as an application program or a booting code of an underlying operating system; [0039], Non-volatile memory 44 additionally stores for each application program 60A and 60B a respective version identifier 62A (denoted VER1) [current system version identification corresponding to a current system version] or 62B (denoted VER2); [0046], User device 24 downloads an updated version of a data item accompanied by its version identifier. In the present example, user device 24 downloads APP1' with VER1' and APP2' with VER2'. The memory controller compares between the received and stored version identifiers [a first storage space configured to store a current system version identification corresponding to a current system version, wherein the current system version identification is acquired from the first storage space] of the relevant data item; see also [0093-95].); 
	a second storage space configured to store a backup system version identification corresponding to a backup system version that is a highest system version among all historical versions of the system, the second storage space being a [non-volatile] storage space in a computer hardware device of the system (e.g., Figs. 1-4 along with associated text, e.g., [0045], Each of providers 64 assigns version identifiers to a respective data item in a sequence of an increasing order. As such, a more recent version of the data item is assigned a more advanced version identifier in the sequence. For example, assuming that provider 64A issues version identifiers in some order, since APP1′ (72A) is an updated version of APP1 (60A), provider 64A assigns to APP1′ version identifier VER1′ (76A) [a backup system version identification corresponding to a backup system version] that is more advanced in the order than version VER1 (62A) of APP1 [that is a highest system version among all historical versions of the system]. In some embodiments, the version identifiers comprise version numbers. In such embodiments, the assigned version numbers satisfy VER1′>VER1; [0046], User device 24 downloads an updated version of a data item accompanied by its version identifier. In the present example, user device 24 downloads APP1' with VER1' [backup system version identification corresponding to a backup system version/a second storage space configured to store a backup system version identification corresponding to a backup system version] and APP2' with VER2'. The memory controller compares between the received and stored version identifiers  of the relevant data item; see also [0093-95].); and 
	comparison circuitry having circuitry to compare the current system version identification with the backup system version identification acquired from the second storage space, [wherein the comparison circuitry is a hardware implementation where software cannot participate in reading, comparing and updating the backup system version identification] (e.g., Figs. 1-4 and associated text, e.g., [0046],The memory controller compares between the received and stored version identifiers of the relevant data item [comparing, using circuitry, the current system version identification with the backup system version identification], and allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions; see also [0093-95].), and 
	triggering circuitry having circuitry to trigger an upgrade of the system version according to the backup system version associated with the backup system version identification in response to the comparison, [wherein the system is configured to start in response to a determination that the current system version identification is equal to the backup version identification] (Id., particular, allows installing [upgrade] in the non-volatile memory only authenticated versions that are more recent than the stored versions [trigger an upgrade of the system version according to the backup system version associated with the backup system version identification in response to the comparison]; see also [0039-40] and [0093-95].).
	Although Tasher disclose the second storage space (see above), to the extent that it does not appear to explicitly disclose non-volatile, this is taught in analogous art, Wikipedia (e.g., p. 1, Flash memory is an electronic (solid-state) non-volatile computer storage medium that can be electrically erased and reprogrammed.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Tasher with flash storage of Wikipedia because “flash memory is also often used to store configuration data in numerous digital products” and “flash memory offers fast read access times,” as suggested by Wikipedia (see p. 1).
	To the extent that Tasher does not appear to explicitly disclose wherein the comparison circuitry is a hardware implementation where software cannot participate in reading, comparing and updating the backup system version identification, this is taught by analogous art, Arora (e.g., Figs. 3-4 and associated text, e.g., [0032], Processor 310, as a special-purpose machine, may include non-generic and specially-designed hardware circuits that are designed, arranged and configured to perform specific tasks pertaining to anti-rollback of version of secure data in accordance with various implementations of the present disclosure. For instance, processor 310 may include some or all of a comparison circuit 312, a retrieving circuit 314, an extraction circuit 316, an updating circuit 318, and an encryption and decryption circuit 319 that, together, perform specific tasks and functions to render anti-rollback of version of secure data in accordance with various implementations of the present disclosure.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the hardware-based invention of Arora because hardware is understood to be more secure than software.
	Tasher in view Arora does not appear to explicitly disclose in response to the system powering up or wherein the system is configured to start in response to a determination that the current system version identification is equal to the backup system version identification.  However, this is taught in analogous art, Krishnamurthy (e.g., Figs. 3-5 and associated text, e.g., [0078], at step 410, the start-up sequence [powering up] for the NFCC 145 is initiated; [0080], If the comparison step indicates that the FVN is not less than the LAFVN, then start-up continues as normal and proceeds to step 470 [wherein the system is configured to start in response to a determination that the current system version identification is equal to the backup system version identification];  see also [0039], According to some embodiments of the present invention, the NFCC 145 can check the firmware version number (FVN) of installation file that the mobile device wants to install against the current firmware version number. This can be done by storing a least acceptable firmware version number (LAFVN), which can be associated with the current firmware version number, in a secure element environment of the mobile device 110. The LAFVN can be used to compare against the FVN to prevent a rollback.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy because it “can protect against software and hardware attacks,” as suggested by Krishnamurthy (see [0010]).

	With respect to claim 11, Tasher also discloses wherein the triggering circuitry has circuitry to trigger an upgrade of the system version according to the backup system version associated with the backup system version identification in response to the comparison circuitry making a determination that the current system version identification is less than the backup system version identification (e.g., Figs. 1-4 and associated text, e.g., [0045], In some embodiments, the version identifiers comprise version numbers. In such embodiments, the assigned version numbers satisfy VER1'>VER1; [0046],The memory controller compares between the received and stored version identifiers of the relevant data item, and allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions [trigger an upgrade of the system version according to the backup system version associated with the backup system version identification in response to the comparison circuitry making a determination that the current system version identification is less than the backup system version identification]; see also [0039-40] and [0093-95].).

	With respect to claim 12, Tasher also discloses wherein in response to the comparison circuitry making a determination that the current system version identification is the same as the backup system version identification, the current system version is used when the system is initiated (e.g., Figs. 1-4 and associated text, e.g., [0046],The memory controller compares between the received and stored version identifiers of the relevant data item, and allows installing in the non-volatile memory only authenticated versions that are more recent than the stored versions [in response to the comparison circuitry making a determination that the current system version identification is the same as the backup system version identification, the current system version is used]; [0015], A data item may comprise, for example, executable code, such as an application program or a booting code of an underlying operating system [when the system is initiated]; see also [0039-40] and [0093-95].).

	With respect to claim 13, Tasher also discloses wherein the comparison circuitry and the triggering circuitry are part of a version apparatus that is separate from the first storage space (e.g., Figs. 1, particularly, Memory Controller 48, and Figs. 2 and 4 along with associate text, e.g., [0093], the memory controller further validates that VER1' is equal to or greater than VER1, i.e., the version number of APP1 currently stored.... At a swapping step 216, upon successful authentication at step 208, and successful validation at step 212, the memory controller re-maps the logical-to-physical addresses).

	With respect to claim 14, Tasher also discloses wherein the version apparatus further comprises memory reading circuitry having circuitry to read the current system version identification from the first storage space and the backup system version identification from the second storage space (e.g., Figs. 1-4 and associated text, e.g., [0093], At a version number verification step 212, in response to detecting that VER1' was authenticated successfully, the memory controller further validates that VER1' is equal to or greater than VER1, i.e., the version number of APP1 currently stored; see also [0043-46].).

	With respect to claim 17, Krishnamurthy further discloses wherein the version apparatus further comprises memory writing circuitry having hardware to write the current system version identification to the second storage space in response to the comparison circuitry making a determination that the current system version identification is greater than the backup system version identification (e.g., Figs. 3 and 6-7 along with associated text, e.g., [0076], if the FVN is greater than the LAFVN, the LAFVN can be updated to equal the FVN. The methods for updating the secure element environment are discussed in more detail in FIG. 6 and FIG. 7.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy for the same reason set forth above with respect to claim 10.

	With respect to claim 18, Krishnamurthy further discloses wherein the memory writing circuitry has exclusive writing privileges to the second storage space (e.g., Figs. 3 and 6-7 along with associated text, e.g., [0047], Embodiments of the present invention overcome the shortfalls mentioned above, by storing the version number of the firmware in the secure element environment [second storage space].... Therefore, by storing the version number at the secure element environment instead of the high level software application layer, the mobile device can be less vulnerable to attacks. In some embodiment, the secure element environment is a secure memory execution partition that cannot be accessed or tampered by any external program, bus or device port [memory writing circuitry has exclusive writing privileges to the second storage space].).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy for the same reason set forth above with respect to claim 10.

	With respect to claim 19, Tasher also discloses wherein the current system version identification in the first storage space is updated by software (e.g., Figs. 1-4 along with associated text, e.g., [0094], At a swapping step 216, upon successful authentication at step 208, and successful validation at step 212, the memory controller re-maps the logical-to-physical addresses. Specifically, address mapper 88 maps logical addresses LA1 of logical storage location SEC_1L to physical addresses PA2 of physical storage location SEC_2P (in which the updated version APP1' is now stored) [current system version identification in the first storage space is updated by software], and maps logical addresses LA2 of logical storage location SEC_2L to physical addresses PA1 of physical storage location SEC_1P, for writing a subsequent update of APP1, when available.).
	
	With respect to claim 20, Krishnamurthy further discloses wherein the second storage space cannot be updated by software (e.g., Figs. 3 and 6-7 along with associated text, e.g., [0047], Embodiments of the present invention overcome the shortfalls mentioned above, by storing the version number of the firmware in the secure element environment [second storage space].... Therefore, by storing the version number at the secure element environment instead of the high level software application layer, the mobile device can be less vulnerable to attacks. In some embodiment, the secure element environment is a secure memory execution partition that cannot be accessed or tampered by any external program [cannot be updated by software], bus or device port.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Krishnamurthy for the same reason set forth above with respect to claim 10.


Claims 3, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Tasher in view of Wikipedia, Arora, and Krishnamurthy as applied to clams 1, 2 and 14 above, and further in view of Karaginides et al. (20170308705 – hereinafter Karaginides).

	With respect to claim 3, Tasher in view of Arora and Krishnamurthy does not appear to explicitly disclose determining whether the upgrade fails; and in response to the determination that the upgrade fails, forcing, by hardware, the system into a constant reboot mode or a crashed mode.  However, this is taught by analogous art, Karaginides (e.g., Figs. 9A-C and associated text, e.g., [0055], If the security version does not pass ("NO") the integrity check/authentication [determining whether the upgrade fails], the trial image is invalidated 920 and causes the processing device to perform a cold reset 922 of the processing device [forcing, by hardware, the system into a constant reboot mode or a crashed mode]. After resetting, the processing device may reboot to the previous current version (i.e., the version prior to the update) 824 or reboot to the default (golden) image.). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the trial-based upgrading invention of Karaginides so that upgrades are evaluated before becoming permanent while also providing a flexible recovery mechanism that overcomes the “needlessly rigid and complex process for OEMs to manage and control OTA updates with specific devices,” as suggested by Karaginides (see [0005]).

With respect to claim 9, although Tasher discloses acquiring the current system version identification and acquiring the backup system version identification, by hardware (e.g., Figs. 1-4 and associated text, e.g., [0046], The memory controller compares between the received and stored version identifiers of the relevant data item; see also [0043-44].), it does not appear to explicitly disclose in response to the system starting or to the current system version having been updated. However, this is taught by analogous art, Karaginides (e.g., Figs. 9A-C and associated text, e.g., [0053-54], Once the trial image is activated, the processing device may perform a cold reset in 912 prior to performing further processing of the updated OTA image.... The boot loader determines if the security version passed the integrity check/authentication 918 [in response to the system starting or to the current system version having been updated].)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the trial-based upgrading invention of Karaginides so that upgrades are evaluated before becoming permanent while also providing a flexible recovery mechanism that overcomes the “needlessly rigid and complex process for OEMs to manage and control OTA updates with specific devices,” as suggested by Karaginides (see [0005]).

With respect to claim 16, although Tasher discloses the memory reading circuitry reads the current system version identification from the first storage space and the backup system version identification from the second storage space (e.g., Figs. 1-4 and associated text, e.g., [0093], [0093] At a version number verification step 212, in response to detecting that VER1' was authenticated successfully, the memory controller further validates that VER1' is equal to or greater than VER1, i.e., the version number of APP1 currently stored; see also [0043-46].), it does not appear to explicitly disclose in response to the system starting or to the current system version having been updated. However, this is taught by analogous art, Karaginides (e.g., Figs. 9A-C and associated text, e.g., [0053-54], Once the trial image is activated, the processing device may perform a cold reset in 912 prior to performing further processing of the updated OTA image.... The boot loader determines if the security version passed the integrity check/authentication 918 [in response to the system starting or to the current system version having been updated].)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the trial-based upgrading invention of Karaginides so that upgrades are evaluated before becoming permanent while also providing a flexible recovery mechanism that overcomes the “needlessly rigid and complex process for OEMs to manage and control OTA updates with specific devices,” as suggested by Karaginides (see [0005]).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Tasher in view of Wikipedia, Arora, and Krishnamurthy, as applied to claim 2 above, and further in view of Ravi (20150019698 – hereinafter Ravi).

	With respect to claim 4, Tasher also discloses wherein triggering the upgrade of the system version further comprises: 
	[suspending current system processes in the system; and]
	initializing an upgrading process for upgrading the system with the backup system version associated with the backup system version identification (e.g., Figs. 1-4 and associated text, e.g., [0090], The memory controller additionally receives for APP1' a respective updated version number VER1' [initializing an upgrading process for upgrading the system with the backup system version associated with the backup system version identification] and a respective signature; see also [0094-95].). 
Tasher in view of Arora and Krishnamurthy does not appear to explicitly disclose suspending current system processes in the system. However, this is taught by analogous art, Ravi (e.g., Figs. 3, 6, and 8 along with associated text, e.g., [0060], the client process (or processes) for which the surrogate is acting as a connection proxy can be paused (see operation 316).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Tasher with the invention of Ravi because “What's needed is a technique or techniques to minimize or eliminate blackouts or brownouts while the cloud-deployed server software is being upgraded,” as suggested by Ravi (see [0005]).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Tasher in view of Wikipedia, Arora, and Krishnamurthy as applied to claim 14 above, and further in view of Lei et al. (20040117541 – hereinafter Lei).

	With respect to claim 15, Tasher in view of Arora and Krishnamurthy does not appear to explicitly disclose wherein the memory reading circuitry includes a plurality of registers.  However, this is taught by analogous art, Lei (e.g., Figs. 4-8 and associated text, e.g., [0009], The processing system is electrically connected to a computer and comprises a non-volatile memory (NVM) for storing firmware needed by the processing system, and an NVM control interface having a plurality of registers for updating and reading data stored in the NVM.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Lei “so the accuracy of the update data can be guaranteed,” as suggested by Lei (see [0079]).

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Specifically, Stahl et al. teaches a memory image of the table that is used to perform anti-rollback verification of all trusted software components as they are loaded.
	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN DAVID BERMAN whose telephone number is (571)272-7206.  The examiner can normally be reached on M-F, 9-6 Eastern.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/STEPHEN D BERMAN/Examiner, Art Unit 2192                                                                                                                                                                                                                                                                                                                                                                                                       /S. Sough/SPE, AU 2192/2194


	
	


	
	
	

	
	
	

	
	
                                                                                                                                                                              


	
	
	

	
	
	


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 See Applicant’s Remarks at p. 10.