Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.       This action is responsive to the communication filed on 6/26/2022.

Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 10/14/2020 was filed after the mailing date of the instant application. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections – 35 USC 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1-5, 8-15, and 21 are rejected under 35 USC 103 as being unpatentable over Roever et al (US 2013/0036476) in view of Agerstam et al (US 2019/0042779).
Regarding claim 1, Roever et al teaches a computing device (fig. 1 & par [0015], lines 13-15, “implemented with one or more computing devices”), comprising: 
a hardware component (par [0003], lines 2-4, “rights-based system components”); 
trusted hardware circuitry, configured to provide data for an embedded voucher associated with the hardware component (fig. 1 & par [0019], lines 1-10, “user’s collection of vouchers”), wherein the embedded voucher includes an identifier for the hardware component (par [0078], lines 1-5, “identified by the permit voucher”) and the identifier is generated on behalf of an original entity authorized to issue the identifier (par [0179], lines 16-18, which discloses only allowing authorized parties with rights to voucher resources to issue vouchers); 
storage memory, configured to store a voucher for validation of the hardware component (par [0019], lines 1-5, which discloses a repository for storing the plurality of vouchers).
Roever et al does not explicitly teach wherein the voucher includes a second identifier that is provided on behalf of a subsequent entity and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher; and wherein the voucher identifies ownership rights in the hardware component for both of the original entity and the subsequent entity.
However, Agerstam et al further teaches wherein the voucher includes a second identifier that is provided on behalf of a subsequent entity (fig. 1, ‘110 - ‘112, “Owner 1…Owner 2”) and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher (fig. 1, which discloses a UUID assigned for each owner of each portion); and
wherein the voucher identifies ownership rights in the hardware component for both of the original entity and the subsequent entity (par [0055], “ownership manifest”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al in order to improve upon secure transferring and trading of vouchers (as disclosed in par [0010] of Roever et al) by implementing the platform state validation and challenge responses processes (disclosed in fig. 3-4 of Agerstam et al) which provide Roever et al with an increase in assurance of content and vouchers being appended to the authenticated owner as the owner would not be authorized to access requested resources associated with each voucher unless the owner provided a valid response to each challenge each time the owner wishes to access voucher-related data.
Regarding claim 2, Roever et al and Agerstam et al teach the limitations of claim 1.
 Roever et al further teaches wherein the trusted hardware circuitry provides a hardware root of trust (par [0088] & [0094], “protected resource server trust”), and wherein the embedded voucher is unmodifiable in the hardware root of trust (par [0063] & [0094], “refresh value for a pass voucher does not change over its life” & “not to allow the issuance of initial refresh values for vouchers containing rights”).

Regarding claim 3, Roever et al does not explicitly teach wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture.
However, Agerstam et al further teaches wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture (par [0012], lines 20-22).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 1.

Regarding claim 4, Roever et al teaches wherein the composite device identifier is assigned to the original entity in the embedded voucher (par [0011], lines 14-17, “user ID field”).
Roever et al does not explicitly teach wherein the second identifier is based on a second composite device identifier, wherein the composite device identifier is assigned to the original entity in the embedded voucher, and wherein the second composite device identifier is assigned to the subsequent entity in the voucher.
However, Agerstam et al further teaches wherein the second identifier is based on a second composite device identifier (par [0024], “Owner 2” & par [0025], lines 1-5, “device-UUID”), and wherein the second composite device identifier is assigned to the subsequent entity in the voucher (fig. 1-2 & par [0005], “device ID exchange” ).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 1.
Regarding claim 5, Roever et al does not explicitly teach wherein the second identifier is generated based on multiple hardware layers in the DICE architecture.
However, Agerstam et al further teaches wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture (par [0012], lines 20-22, par [0030], & fig. 2).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 1.

Regarding claim 8, Roever et al and Agerstam et al teach the limitations of claim 1.
Roever et al further teaches circuitry configured to: 
attempt validation of the voucher (par [0002], lines 5-6, “validates the vouchers”), to validate ownership rights for the original entity (par [0080], which discloses validating credentials for the voucher owner) or the subsequent entity; and 
perform an action with the hardware component, based on successful validation of the voucher (par [0022], lines 8-12, which discloses actions taking place upon validation of the voucher).

Regarding claim 9, Roever et al and Agerstam et al teach the limitations of claim 8.
Roever et al further teaches wherein the action is one of: onboarding, updating (par [0013], lines 10-15, [0043], lines 5-10 & [0045], which disclose updating hardware-implemented data upon validation of the voucher), retooling, or reconfiguration of the hardware component.

Regarding claim 10, Roever et al does not explicitly teach wherein the original entity is an original component manufacturer, and wherein the subsequent entity is one of a: original equipment manufacturer, reseller, value added reseller, owner, or platform.
However, Agerstam et al further teaches wherein the original entity is an original component manufacturer (par [0019], lines 1-5), and wherein the subsequent entity is one of a: original equipment manufacturer (par [0019], “UUID of the manufacturer”), reseller, value added reseller, owner, or platform.
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 1.

Regarding claim 11, Roever et al teaches at least one non-transitory machine-readable storage medium (par [0015], lines 17-19) comprising instructions stored thereupon, which when executed by processing circuitry of a computing system, cause the processing circuitry to perform operations comprising: 
accessing an embedded voucher associated with a hardware component of the computing system (par [0003], lines 2-4, “rights-based system components”); 
wherein the embedded voucher includes an identifier for the hardware component (par [0078], lines 1-5, “identified by the permit voucher”) and the identifier is generated on behalf of an original entity authorized to issue the identifier (par [0179], lines 16-18, which discloses only allowing authorized parties with rights to voucher resources to issue vouchers); 
performing an action in the computing system, based on validation of the voucher (par [0022], lines 7-8, which discloses validation of corresponding vouchers).
Roever et al does not explicitly teach wherein the voucher includes a second identifier that is provided on behalf of a subsequent entity and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher; and wherein the voucher identifies ownership rights in the hardware component for both of the original entity and the subsequent entity.
However, Agerstam et al further teaches wherein the voucher includes a second identifier that is provided on behalf of a subsequent entity (fig. 1, ‘110 - ‘112, “Owner 1…Owner 2”) and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher (fig. 1, which discloses a UUID assigned for each owner of each portion); and
wherein the voucher identifies ownership rights in the hardware component for both of the original entity and the subsequent entity (par [0055], “ownership manifest”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al in order to improve upon secure transferring and trading of vouchers (as disclosed in par [0010] of Roever et al) by implementing the platform state validation and challenge responses processes (disclosed in fig. 3-4 of Agerstam et al) which provide Roever et al with an increase in assurance of content and vouchers being appended to the authenticated owner as the owner would not be authorized to access requested resources associated with each voucher unless the owner provided a valid response to each challenge each time the owner wishes to access voucher-related data.
Regarding claim 12, Roever et al and Agerstam et al teach the limitations of claim 11.
 Roever et al further teaches wherein the trusted hardware circuitry provides a hardware root of trust (par [0088] & [0094], “protected resource server trust”), and wherein the embedded voucher is unmodifiable in the hardware root of trust (par [0063] & [0094], “refresh value for a pass voucher does not change over its life” & “not to allow the issuance of initial refresh values for vouchers containing rights”).

Regarding claim 13, Roever et al does not explicitly teach wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture.
However, Agerstam et al further teaches wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture (par [0012], lines 20-22).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 11.

Regarding claim 14, Roever et al teaches wherein the composite device identifier is assigned to the original entity in the embedded voucher (par [0011], lines 14-17, “user ID field”).
Roever et al does not explicitly teach wherein the second identifier is based on a second composite device identifier, wherein the composite device identifier is assigned to the original entity in the embedded voucher, and wherein the second composite device identifier is assigned to the subsequent entity in the voucher.
However, Agerstam et al further teaches wherein the second identifier is based on a second composite device identifier (par [0024], “Owner 2” & par [0025], lines 1-5, “device-UUID”), and wherein the second composite device identifier is assigned to the subsequent entity in the voucher (fig. 1-2 & par [0005], “device ID exchange” ).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 11.

Regarding claim 15, Roever et al does not explicitly teach wherein the second identifier is generated based on multiple hardware layers in the DICE architecture.
However, Agerstam et al further teaches wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture (par [0012], lines 20-22, par [0030], & fig. 2).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 11.

Regarding claim 18, Roever et al and Agerstam et al teach the limitations of claim 11.
Roever et al further teaches circuitry configured to: 
attempt validation of the voucher (par [0002], lines 5-6, “validates the vouchers”), to validate ownership rights for the original entity (par [0080], which discloses validating credentials for the voucher owner) or the subsequent entity; and 
perform an action with the hardware component, based on successful validation of the voucher (par [0022], lines 8-12, which discloses actions taking place upon validation of the voucher).

Regarding claim 19, Roever et al and Agerstam et al teach the limitations of claim 18.
Roever et al further teaches wherein the action is one of: onboarding, updating (par [0013], lines 10-15, [0043], lines 5-10 & [0045], which disclose updating hardware-implemented data upon validation of the voucher), retooling, or reconfiguration of the hardware component.

Regarding claim 20, Roever et al does not explicitly teach wherein the original entity is an original component manufacturer, and wherein the subsequent entity is one of a: original equipment manufacturer, reseller, value added reseller, owner, or platform.
However, Agerstam et al further teaches wherein the original entity is an original component manufacturer (par [0019], lines 1-5), and wherein the subsequent entity is one of a: original equipment manufacturer (par [0019], “UUID of the manufacturer”), reseller, value added reseller, owner, or platform.
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 11.

Regarding claim 21, Roever et al teaches a method, performed in a computing device (fig. 1 & par [0015], lines 13-15, “implemented with one or more computing devices”), of using a voucher to attest ownership of a hardware component of the computing device (par [0080]), the method comprising:
accessing an embedded voucher associated with the hardware component of the computing device (par [0003], lines 2-4, “rights-based system components”); 
wherein the embedded voucher includes an identifier for the hardware component (par [0078], lines 1-5, “identified by the permit voucher”) and the identifier is generated on behalf of an original entity authorized to issue the identifier (par [0179], lines 16-18, which discloses only allowing authorized parties with rights to voucher resources to issue vouchers); 
performing an action in the computing system, based on validation of the voucher (par [0022], lines 7-8, which discloses validation of corresponding vouchers).
Roever et al does not explicitly teach wherein the voucher includes a second identifier that is provided on behalf of a subsequent entity and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher; and wherein the voucher identifies ownership rights in the hardware component for both of the original entity and the subsequent entity.
However, Agerstam et al further teaches wherein the voucher includes a second identifier that is provided on behalf of a subsequent entity (fig. 1, ‘110 - ‘112, “Owner 1…Owner 2”) and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher (fig. 1, which discloses a UUID assigned for each owner of each portion); and
wherein the voucher identifies ownership rights in the hardware component for both of the original entity and the subsequent entity (par [0055], “ownership manifest”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al in order to improve upon secure transferring and trading of vouchers (as disclosed in par [0010] of Roever et al) by implementing the platform state validation and challenge responses processes (disclosed in fig. 3-4 of Agerstam et al) which provide Roever et al with an increase in assurance of content and vouchers being appended to the authenticated owner as the owner would not be authorized to access requested resources associated with each voucher unless the owner provided a valid response to each challenge each time the owner wishes to access voucher-related data.
Regarding claim 22, Roever et al and Agerstam et al teach the limitations of claim 21.
 Roever et al further teaches wherein the trusted hardware circuitry provides a hardware root of trust (par [0088] & [0094], “protected resource server trust”), and wherein the embedded voucher is unmodifiable in the hardware root of trust (par [0063] & [0094], “refresh value for a pass voucher does not change over its life” & “not to allow the issuance of initial refresh values for vouchers containing rights”).

Regarding claim 23, Roever et al does not explicitly teach wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture.
However, Agerstam et al further teaches wherein the identifier is based on a composite device identifier provided within a Device Identifier Composition Engine (DICE) architecture (par [0012], lines 20-22).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 21.

Regarding claim 25, Roever et al and Agerstam et al teach the limitations of claim 21.
Roever et al further teaches circuitry configured to: 
attempt validation of the voucher (par [0002], lines 5-6, “validates the vouchers”), to validate ownership rights for the original entity (par [0080], which discloses validating credentials for the voucher owner) or the subsequent entity; 
wherein the action is performed with the hardware component, based on successful validation of the voucher (par [0022], lines 8-12, which discloses actions taking place upon validation of the voucher); and 
wherein the action is one of: onboarding, updating (par [0013], lines 10-15, [0043], lines 5-10 & [0045], which disclose updating hardware-implemented data upon validation of the voucher), retooling, or reconfiguration of the hardware component.

5.	Claims 6-7, 16-17, and 24 are rejected under 35 USC 103 as being unpatentable over Roever et al (US 2013/0036476) in view of Agerstam et al (US 2019/0042779), further in view of Haldenby et al (US 2017/0046806).
Regarding claim 6, Roever et al and Agerstam et al do not explicitly teach wherein the voucher identifies the original entity as a partial owner of the hardware component, and identifies the subsequent entity as a partial owner of the hardware component.
However, Haldenby et al further teaches wherein the voucher identifies the original entity as a partial owner of the hardware component (par [0149], which discloses partial/joint ownership in a block-chain environment), and identifies the subsequent entity as a partial owner of the hardware component (par [0149], “partial or joint owner entity of the good”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Haldenby et al within the disclosures of Roever et al and Agerstam et al in order to more efficiently maintain and track rights to stored content in an event where public and private data is stored within an environment by implementing hybrid public/private block-chaining (as disclosed in par [0018-0019] of Haldenby et al) within Roever et al and Agerstam et al to securely process secure data stored in vouchers & block-chain legers simultaneously without risking a leak of secure data.
Regarding claim 7, Roever et al does not explicitly teach a certificate authority associated with an issuer of the respective voucher, and a certificate authority associated with an assignment of ownership in the respective voucher.
However, Agerstam et al further teaches a certificate authority associated with an issuer of the respective voucher (par [0055], “certificate of the peripheral device”), and a certificate authority associated with an assignment of ownership in the respective voucher (par [0055], “ownership manifest”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 1.

Regarding claim 16, Roever et al and Agerstam et al do not explicitly teach wherein the voucher identifies the original entity as a partial owner of the hardware component, and identifies the subsequent entity as a partial owner of the hardware component.
However, Haldenby et al further teaches wherein the voucher identifies the original entity as a partial owner of the hardware component (par [0149], which discloses partial/joint ownership in a block-chain environment), and identifies the subsequent entity as a partial owner of the hardware component (par [0149], “partial or joint owner entity of the good”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Haldenby et al within the disclosures of Roever et al and Agerstam et al in order to more efficiently maintain and track rights to stored content in an event where public and private data is stored within an environment by implementing hybrid public/private block-chaining (as disclosed in par [0018-0019] of Haldenby et al) within Roever et al and Agerstam et al to securely process secure data stored in vouchers & block-chain legers simultaneously without risking a leak of secure data.
Regarding claim 17, Roever et al does not explicitly teach a certificate authority associated with an issuer of the respective voucher, and a certificate authority associated with an assignment of ownership in the respective voucher.
However, Agerstam et al further teaches a certificate authority associated with an issuer of the respective voucher (par [0055], “certificate of the peripheral device”), and a certificate authority associated with an assignment of ownership in the respective voucher (par [0055], “ownership manifest”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Agerstam et al within the concept illustrated by Roever et al according to the motivation previously addressed regarding claim 11.

Regarding claim 24, Roever et al and Agerstam et al do not explicitly teach wherein the voucher identifies the original entity as a partial owner of the hardware component, and identifies the subsequent entity as a partial owner of the hardware component.
However, Haldenby et al further teaches wherein the voucher identifies the original entity as a partial owner of the hardware component (par [0149], which discloses partial/joint ownership in a block-chain environment), and identifies the subsequent entity as a partial owner of the hardware component (par [0149], “partial or joint owner entity of the good”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the teachings of Haldenby et al within the disclosures of Roever et al and Agerstam et al in order to more efficiently maintain and track rights to stored content in an event where public and private data is stored within an environment by implementing hybrid public/private block-chaining (as disclosed in par [0018-0019] of Haldenby et al) within Roever et al and Agerstam et al to securely process secure data stored in vouchers & block-chain legers simultaneously without risking a leak of secure data.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RANDY A SCOTT/Primary Examiner, Art Unit 2439                                                                                                                                                                                                        20220810