Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites the limitation "the computing system platform" in 5th line of the claim 1.  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, examiner interprets “the computing system platform” as “a computing system platform.”

Claims 2-8 inherit the deficiencies of the independent claim 1.

Claim 8 recites the limitation "at an agent" in 2nd line of the claim 8.  There is insufficient antecedent basis for this limitation in the claim. The limitation “an agent” is not clear whether “an agent” refers to “plurality of agents” or an agent, which is not included in the “plurality of agents.” For the purpose of the examination, examiner interprets “an agent” as one of the plurality of agents, which is different from “each of the plurality of agents.”

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 10-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims 10-15 do not fall within at least one of the four categories of patent eligible subject matter because the limitation “at least one computer readable medium having instruction stored” does not exclude ineligible signal per se. Furthermore, the specification [0049]-[0050] does not exclude the ineligible signal per se.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1)(2) as being anticipated by Boone et al. (United States Patent Application Publication US 2014/0109076), hereinafter Boone.

Regarding claim 1, Boone teaches an apparatus (Fig. 1, ABSTRACT “Firmware updates for, e.g., thin client devices”) comprising: 
a plurality of agents (FIG. 1 100 THIN CLIENT, “thin client devices”) each including: a non-volatile memory storing firmware executed to perform a function associated with the agent; ([0021] “non-volatile memory 106 (e.g., EPROM or flash memory) storing firmware”) and 
attestation hardware (FIG. 1 “SYSTEM ON A CHIP” 102 “CACHING LOADER” 136) to detect an update at the computing system platform, ([0022] “The caching loader may also periodically check for updates to application packages (or continuously "listen" for messages indicating the availability of updates), and download and install the newer versions (such as UAS firmware 142). Alternatively, updates may be "pushed" to the thin client 100 using server-side push technologies such as Web Sockets.” [0028] “Referring now to FIG. 2B, during use of the thin client device 100, the caching loader periodically communicates with the firmware server 120 (step 230) to determine whether a newer manifest141 is available (step 232).” The caching loader checks the updates for the firmware or receives the push to update the firmware.)
generate a cryptographic key associated with each of the plurality of agents, ([0024] “the firmware packages on the firmware server 120 (including the caching loader 136) are digitally signed to ensure their authenticity and integrity.” [0026] “if a newer version is available on the server 120 but has not been downloaded, the caching loader 136 typically downloads the new package from the firmware server 120 and stores it in the SOC memory 106 (step 216). The verification process used by the base loader is now used by the caching loader to verify the integrity of the downloaded package(s) (step 218); that is, the caching loader 136 verifies the downloaded material using the digital certificate 134 included with the base loader 136.” For each new package from the firmware server, the digital signature and the digital certificate as shown in Fig. 1 are downloaded from the server or embedded by the hardware vendor, which is interpreted as generate a cryptographic key. Furthermore, as disclosed in the paragraph [0024], “a digital certificate may employ a public-key scheme in accordance with, for example, the X.509 standard.”)
perform an attestation with a relying party using the generated cryptographic keys ([0024] “the term "digital certificate" refers to any secure form of transactional identity verification, which is typically based on a cryptography infrastructure. A digital certificate may employ a public-key scheme in accordance with, for example, the X.509 standard.” [0028] “[0028] “The caching loader 136 then downloads any new packages (step 234), again validating them with the digital certificate 134.” Using the digital certificate, which employ a public-key scheme, the caching loader validates the downloaded firmware, which is interpreted as perform an attestation using the generated cryptographic keys. Furthermore, the certificate of the newly downloaded from the server is matched with the certificate stored on the thin client device. Thus, the attestation using the generated crypto graphic keys are performed with the server or a relying party.) and 
receive a tuple associated with each of the plurality of agents, ([0029] “The UAS application 138 may determine the optimum transition time by monitoring the state of the terminal emulation program 140 to check whether there are active sessions in use or the system is, instead, in a logged-off state awaiting a new user.” The determination for the optimum transition time from the old version to new version is interpreted as a tuple associated with each of the plurality of agents. A caching loader then manages the transition. Thus, the determination or a tuple is received for the later processing such as the transition.)
wherein the tuple includes one or more permissions indicating platform resources an agent is permitted to access. ([0029] “As soon as the policy criteria are satisfied, the caching loader 132 manages the transition to the new version using conventional deployment routines in conjunction with the client operating system.” The determination indicating that the newly downloaded firmware can replace the existing version is interpreted as one or more permissions indicating platform resources an agent is permitted to access.)

Regarding claim 2, Boone teaches wherein the attestation hardware comprises firmware measurement hardware to perform measurements of the firmware at each of the plurality of agents to generate measurement data. ([0028] “If so, the contents of the manifest 141 are used to determine which package(s) require updating (or which additional packages require downloading).” The manifest to check the updating the firmware using the caching loader during use of the thin client device also includes the digital signature for verification, which are performed by the system on a chip as shown in Fig. 1. Furthermore, the abstract and background disclose thin client devices utilizing system on chip communicating with server. Thus, measurements of the firmware to generate measurement data, such as using the contents of the manifest and verification with digital certificates, is performed as each thin client or at each of the plurality of agents.)

Regarding claim 3, Boone teaches wherein the attestation hardware further comprises key generation engine to generate the cryptographic key for each of the plurality of agents based on the measurement data. ([0028] “The caching loader 136 then downloads any new packages (step 234), again validating them with the digital certificate 134.” Key generation engine is interpreted as a code, a program or software to generate the crypto graphic key for each of the plurality of agents based on the measurement data. As well known in the art, the digital certificate is a file or electronic password, which is also a file. The certificate stored on the thin client device employs a public key scheme based on the manifests, which is interpreted as generate the crypto graphic key for each of the plurality of agents based on the measurement data.)

Regarding claim 4, Boone teaches wherein the attestation hardware further comprises second firmware to store the cryptographic keys and perform the attestation with the relying party. ([0024] “The base loader 132 or caching loader 136 validates each package, usually following download prior to installation, by verifying that the digital signature on the package matches the digital certificate 134 stored on the thin client device 100.” The caching loader downloads and store the manifest including the digital certificate, which is interpreted as second firmware to store the cryptographic keys, and verify the downloaded materials using the digital certificates of the server, which is interpreted as perform the attestation with the relying party.)

Regarding claim 5, Boone teaches wherein the attestation hardware further comprises a tuple manager to receive the tuples associated with each of the plurality of agents and verify the permissions included in each tuple. ([0028] “If so, the contents of the manifest 141 are used to determine which package(s) require updating (or which additional packages require downloading)…The caching loader 136 then downloads any new packages (step 234), again validating them with the digital certificate 134.” A tuple manager is interpreted as a code, a software, or a program to receive the tuples and verify the permissions included in each tuple. As discussed above, the manifest and the new packages with indicating or permitting the downloading with the digital certificate for validation is interpreted as the tuples associated with each of the plurality of agents and verifying the permissions included in each tuple. Furthermore, the code to perform receiving the tuples and verifying the permission included in each tuple within the caching loader is given with a name, which is interpreted as a tuple manager.) 

Regarding claim 6, Boone teaches wherein the tuple manager transmits the permissions to the plurality of agents. ([0028] “Referring now to FIG. 2B, during use of the thin client device 100, the caching loader periodically communicates with the firmware server 120 (step 230) to determine whether a newer manifest141 is available (step 232).” The result of a new manifest, which is interpreted as the permissions to the plurality of agents, is used to determine the downloading. Thus, the determination of the manifest or the permission to download transmits to the thin clients.) 

Regarding claim 7, Boone teaches wherein the tuple manager applies revokes the permissions to the plurality of agents upon detection of a second update at the computing system platform. (FIG. 2B, “NEW MANIFEST AVAILABLE?” [0028] “If so, the contents of the manifest 141 are used to determine which package(s) require updating (or which additional packages require downloading).” At the thin client, the new manifest indicating new update, which is interpreted as upon detection of a second update at the computing system platform, the caching manager revokes the permissions to the old firmware for an update and transition to a new firmware, as shown in Fig. 2B.)

Regarding claim 8, Boone teaches wherein each of the plurality of agents comprises a permissions manager to provide access to resources at an agent indicated in the permissions received from the tuple manager. ([0026] “the caching loader 136 first downloads a manifest 141 from the firmware server 120 to determine what packages are supposed to be on the device (step 212); this manifest 141 may be customer- and/or device-dependent so that only relevant packages are downloaded by the caching loader 136.” [0029] “The UAS application 138 may determine the optimum transition time by monitoring the state of the terminal emulation program 140 to check whether there are active sessions in use or the system is, instead, in a logged-off state awaiting a new user.” Each thin client device with the caching loader determines if the new firmware or the resources are available, which is interpreted as resources at an agent indicated in the permission received from the tuple manager. Furthermore, as discussed above, a chunk or a portion of codes to perform the limitation, such as a permission manager, of the caching loader is given with names. Thus, the portion of the caching loader is interpreted as a permissions manager.)  

Regarding claim 9, Boone teaches a security controller including a permissions manager to provide access to computing system platform resources indicated in the permissions received from the tuple manager. ([0026] “the caching loader 136 first downloads a manifest 141 from the firmware server 120 to determine what packages are supposed to be on the device (step 212); this manifest 141 may be customer- and/or device-dependent so that only relevant packages are downloaded by the caching loader 136.” [0029] “The UAS application 138 may determine the optimum transition time by monitoring the state of the terminal emulation program 140 to check whether there are active sessions in use or the system is, instead, in a logged-off state awaiting a new user.” A security controller including a permissions is interpreted as a portion of the caching loader, as discussed above. Furthermore, the caching downloads and transition to the new firmware, which is interpreted as a security controller including a permissions manager to provide access to computing system platform resources. As discussed above, the permission is received from the another portion of the caching loader, which is interpreted as the tuple manager.) 

Regarding claims 10-15, the claims 10-15 are at least one computer readable medium having instructions stored thereon, which when executed by one or more processors of the apparatus claims 1-9. Furthermore, Boone teaches at least one computer readable medium having instructions stored, (FIG. 1 Memory 106) which executed by one or more processors. (Fig. 1 Processor 104) The claims 10-15 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Boone teaches all the limitations of the claims 10-15.

	Regarding claims 16-20, the claims 16-20 are the method claims of the apparatus claims 1-9. The claims 16-20 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Boone teaches all the limitations of the claims 16-20.
 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Schack (United States Patent Application Publication US 2021/0182398) teaches a method for updating firmware by downloading the updated firmware on the non-volatile memory and installing on volatile memory during a boot process.
Zayas (United States Patent Application Publication US 2010/0008510) teaches secure downloading of firmware using the encryption key with an encrypted communication session.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/H.K./Examiner, Art Unit 2187                                                                                                                                                                                                        


/JI H BAE/Primary Examiner, Art Unit 2187