DETAILED ACTION
This communication responsive to the Application No. 17/334,051 filed on May 28,
2021. Claims 1-16 are pending and are directed towards APPARATUS AND METHOD FOR MANAGING REMOTE ATTESTATION.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/28/2021 was Acknowledge. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities: 
In Spec, para [0005] the acronyms “TPM, ROM, TLS” should be defined at least once, with first letter capitalized.  
In Spec, para [0007] the acronyms “IoT, APs” should be defined at least once, with first letter capitalized.  
In Spec, para [0052] the acronym “PANA” should be defined at least once, with first letter capitalized.  
The use of the term “WI-FI” in para [0007], which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.
Appropriate correction is required.

Claim Objections
Claims 1, 5, 9 and 13 objected to because of the following informalities:  
Claims 5 and 13 recite the limitation “performs the detailed integrity verification on the devices” which should rather be “performs the detailed integrity verification on the device”.  
Claims 1 and 9 recite the limitation “perform an operation for responding to the object, the integrity of which is damaged” which should rather be “perform an operation in response to identifying the object, the integrity of which is damaged”
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 3-4, 6-7, 11-12, 14-15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 3 and 11 recite the limitation " the encrypted first attestation values ". There is insufficient antecedent basis for this limitation in the claim.
Claims 6 and 14 recite the limitation " the encrypted second attestation values ". There is insufficient antecedent basis for this limitation in the claim.
Claims 4, 7, 12, 15 are rejected by dependency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 1-6 and 9-14 are rejected under 35 U.S.C. 103 as being unpatentable over KIM et al. US 2019/0080091 A1 (hereinafter “KIM”) in view of Ko US 10,346,614 B1.

As per claims 1 and 9, KIM teaches an apparatus and method for managing remote attestation (a method of verifying integrity of an Internet of Things (IoT) system. KIM, para [0007][0039]), comprising: 
one or more processors (one or more processors. KIM, para [0034]); and 
executable memory for storing at least one program executed by the one or more processors (one or more storage devices may be configured to store computer programs, program code, instructions. KIM, para [0039]), 
wherein the at least one program is configured to request a gateway to verity integrity of devices connected with the gateway (The root device 400 may receive sub-tree message authentication codes MAC_SUB1 through MAC_SUBk from the first through k.sup.th sub-trees 510_1 through 510_k of the root device 400. The root device 400 may verify the integrity of the first through k.sup.th sub-trees 510_1 through 510_k of the root device 400 based on the received sub-tree message authentication codes MAC_SUB1 through MAC_SUBk. KIM, para [0082]) (the home gateway 2300 and the IoT devices 2110 through 2140 may perform the integrity verification […] The home gateway 2300 may be a hub device, and the IoT devices 2110 through 2140 may be a plurality of end-node devices. KIM, para [0137]), 
receive a verification result about whether the integrity of the devices is damaged from the gateway (The root device 400 may generate a root message authentication code MAC_ROOT by using an authentication key of the root device 400 based on the result of the integrity verification of the first through k.sup.th sub-trees 510_1 through 510_k of the root device 400 and a software configuration value of the root device 400. The root device 400 may transmit the root message authentication code MAC_ROOT to the hub device 100 for verification [second verification for detailed]. KIM, para [0083]). 
KIM does not explicitly teach identify a device, integrity of which is damaged, using the verification result, perform detailed integrity verification on the device, the integrity of which is damaged, in order to identify an object, integrity of which is damaged, of the device and perform an operation for responding to the object, the integrity of which is damaged.
However, Ko teaches identify a device, integrity of which is damaged, using the verification result (the security system 100 protects at least one local IoT device 102 from external network-based attacks by transmitting remote attestation requests to and from a remote attestation server 106 to detect malware or insecure software. Ko, Col. 4 lines 46-50)( This allows security gateway 104 to analyze a software execution history of local IoT device 102, so as to detect a malware and insecure software 118 in local IoT device. Ko, Col. 5 lines 54-57), 
perform detailed integrity verification on the device, the integrity of which is damaged, in order to identify an object, integrity of which is damaged, of the device (The attestation message is transported remotely for the purpose of analyzing the software [object within the detected IoT device] execution history of the local IoT device. Ko, Col. 7 lines 22-24)( if the authentication fails, the remote attestation server analyzes the cause of the authentication failure of the local device [detailed integrity verification]. Ko, Col. 7 lines 42-44) and 
perform an operation for responding to the object, the integrity of which is damaged (If malware and insecure software 118 is detected, the remote attestation server 106 commands local IoT device 102 to perform an operating software update or modify an execution order of the operating software. Ko, Col. 5 lines 57-61).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of KIM in view of Ko. One would be motivated to do so, to detect the cause of damage and fix it. (Ko, Col. 7 lines 45-54).

As per claims 2 and 10, KIM and Ko teach the apparatus and method of claims 1 and 9, wherein the gateway verifies whether the integrity of the devices is damaged using first attestation values received from the devices and first reference values previously received from the devices and registered in advance (software configuration values of the first through n.sup.th end-node devices 200_1 through 200_n may be used to verify the integrity of the first through n.sup.th end-node devices 200_1 through 200_n, and a chain message authentication code may also be used for integrity verification. KIM, para [0048]) (Each of the first through n.sup.th end-node devices 200_1 through 200_n may share software configuration values through communication with other end-node devices. KIM, para [0049])( The hub device 100 may store the n.sup.th authentication key KEY_AUTH_n in the TEE 120. The n.sup.th end-node device 200_n may transmit an n.sup.th software configuration value SWCONFIG_n thereof to the hub device 100. The n.sup.th software configuration value SWCONFIG_n may include process memory map information of the n.sup.th end-node device 200_n and security policy information of the n.sup.th end-node device 200_n. KIM, para [0072]). 

As per claims 3 and 11, KIM and Ko teach the apparatus and the method of claims 2 and 10, wherein the gateway decrypts the encrypted first attestation values using first encryption keys previously registered and shared with the devices (The receiver 1200 may receive the encrypted message ENC_MESSAGE and verify the integrity of the message MESSAGE by using the symmetric key KEY_SYM to decrypt the encrypted message ENC_MESSAGE. KIM, para [0053]-[0054]).

As per claims 4 and12, KIM and Ko teach the apparatus and the method of claims 3 and 11, wherein the verification result about whether the integrity of the devices is damaged includes an identifier of the gateway, an identifier of the device, the integrity of which is damaged, and a first attestation value received from the device, the integrity of which is damaged (The end-node device 200 may generate the authentication message AUTH_MESSAGE by using the salt, the device ID, the encrypted message ENC_MESSAGE, and the hash message authentication code HMAC. KIM, para [0069])( The root device 400 may generate a root message authentication code MAC_ROOT by using an authentication key of the root device 400 based on the result of the integrity verification of the first through k.sup.th sub-trees 510_1 through 510_k of the root device 400 and a software configuration value of the root device 400. The root device 400 may transmit the root message authentication code MAC_ROOT to the hub device 100 for verification. KIM, para [0083]).

As per claims 5 and 13, KIM and Ko teach the apparatus and the method of claims 1 and 9 wherein the at least one program performs the detailed integrity verification on the devices using a second attestation value received from the device, the integrity of which is damaged, and second reference values previously received from the devices and registered in advance (The hub device 100 may verify the received root message authentication code MAC_ROOT [which has different attestation value other than the verification done by the root device]. The hub device 100 may verify the integrity of the whole tree structure 500 including the root device 400 and the first through k.sup.th sub-trees 510_1 through 510_k by verifying the root message authentication code MAC_ROOT. KIM, para [0084]).

As per claims 6 and 14, KIM and Ko teach the apparatus and the method of claims 5 and 13, wherein the at least one program decrypts the encrypted second attestation value using a second encryption key previously registered and shared with the device, the integrity of which is damaged (The receiver 1200 may receive the encrypted message ENC_MESSAGE and verify the integrity of the message MESSAGE by using the symmetric key KEY_SYM to decrypt the encrypted message ENC_MESSAGE. KIM, para [0053]-[0054]).

Claim(s) 7-8 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over KIM et al. US 2019/0080091 A1 (hereinafter “KIM”) in view of Ko US 10,346,614 B1 and further in view Nelson et al. US 2021/0051143 A1 (hereinafter “Nelson”)

As per claims 7 and 15, KIM and Ko teach the apparatus and the method of claims 6 and 14. KIM does not explicitly teach wherein the at least one program is configured to: check whether a change in a state of the object, the integrity of which is damaged, is approved, and update the first reference value and the second reference value with the first attestation value and the second attestation value, respectively, when it is determined that the change is a previously approved change.
However, Ko teaches check whether a change in a state of the object, the integrity of which is damaged, is approved and [perform an action when] when it is determined that the change is a previously approved change (if the authentication fails, the remote attestation server analyzes the cause of the authentication failure of the local device (27) If updates of specific software is necessary [previously approved changed] remote attestation server sends those updates to the local IoT device (S110), which is relayed by security gateway (S115). If certain untrusted software requires deletion, or certain software execution orders need to be changed, the remote attestation server sends an appropriate instruction message to the local IoT device. Ko, Col. 7 lines 42-51).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of KIM in view of Ko. One would be motivated to do so, to detect and authorize necessary changes in software and objects. (Ko, Col. 7 lines 45-54).
Nelson teaches update the first reference value and the second reference value with the first attestation value and the second attestation value (the one or more authorized downstream services 141 may generate data integrity values, such as action log entries and/or hashes that record the modification. Subsequently, services may use the data integrity values to verify the updated value, or to reject the updated value and revert to a previous value. For example, an authorized downstream service 141 could be an authorization service that is approved to perform a set of actions using identity envelope 125. One such action could be updating identity envelope 125 to include the services authorized to be accessed by the user and capable of being performed by endpoint device 110(1). Authorized downstream service 141 could use information included in identity envelope 125 and/or message body 127 to retrieve authorization data values associated with the user and/or endpoint device 110. Authorized downstream service 141 could then update identity envelope 125 by generating modified identity envelope 145 that includes the retrieved authorization information. Authorized downstream service 141 may also generate a new hash based on the new value and may store a previous hash in a different portion of modified identity envelope. Nelson, para [0040]-[0042]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the system of KIM in view of Nelson. One would be motivated to do so, to use the updated values for integrity verification. (Nelson, para [0040]).

As per claims 8 and 16, KIM, Kon and Nelson teach the apparatus and the method of claims 7 and 15, wherein the at least one program is configured to: check whether the change in the state of the object, the integrity of which is damaged, is approved, and perform recovery of the device, the integrity of which is damaged, using the first reference value and the second reference value when it is determined that the change is not a previously approved change.
Ko teaches check whether the change in the state of the object, the integrity of which is damaged, is approved (analyzing a software execution history of the local IoT device to detect a malware and insecure software in the local IoT device. A Step comprises whereby if malware and insecure software is detected [not previously approved]. Ko, Col. 2 lines 42-46), and 
perform recovery of the device, the integrity of which is damaged, using the first reference value and the second reference value when it is determined that the change is not a previously approved change (commanding, by the remote attestation server, the local IoT device to perform an operating software update or modify an execution order of the operating software. Ko, Col. 2 lines 46-49).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of KIM in view of Ko. One would be motivated to do so, to detect unauthorized changes and fix it. (Ko, Col. 7 lines 45-54).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
A. Mandyam US 2018/0069836 Ai directed to tiered attestation for resource limited devices.
B. Irwan et al. US 10270770 B1 directed to Method for providing improvements in secure enrollment of computing devices in data networks to validate device identity by using attestation process.
C. Lee et al. US 9,208,318 B2 directed to device integrity authentication. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/            Examiner, Art Unit 2492