DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the amendments filed on June 10, 2022.
Claims 1, 4, 11, and 17 have been amended.
Claim 13 is canceled.
Claims 1-12, 14-20 are pending.

Response to Arguments
The rejections regarding 35 U.S.C. 102(a) for Claims 1-5, 7-8, 11-12, 14, 17-18 have been withdrawn as the claims have been amended.
The rejections regarding 35 U.S.C. 103 for Claims 6, 9-10, 15-16, 19-20 have been withdrawn as the claims have been amended. 
Applicant’s arguments with respect to claim(s) 1-12, 14-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Information Disclosure Statement
The information disclosure statement filed on October 4, 2021 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed. Copies of Non-Patent Literature Documents #3 and #4 are missing. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 4 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 4 recites the limitation "the software repository" in line 1 of Claim 4 on page 2. There is insufficient antecedent basis for this limitation in the claim. Claim 4 has been amended to depend on Claim 1 instead of Claim 3, but a software repository is defined in Claim 3 and not in Claim 1. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1-5, 7-8, 11-12, 14, 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Tang et al. (U.S. Pub. No. 2013/0129086 A1) hereinafter referred to as “Tang”, and further in view of Wadhwa et al. (U.S. Pub. No. 2012/0030512 A1) hereinafter referred to as “Wadhwa”.
Regarding Claim 1:
	Tang discloses the following limitations:
	A method, comprising: receiving, by a software provisioning agent residing in a trusted execution environment (TEE) of a host computer system, a software provisioning command from a software provisioning controller (Par. [0018], secure processors 200a-200n illustrated in FIG. 1 may provide additional security for the software (by a software provisioning agent) and other data stored in their protected memories (residing in a trusted execution environment (TEE) of a host computer system) as compared with conventional computing devices; Par. [0017], the control server 100 (software provisioning controller) may include a push notification server configured to generate push notifications to deliver data and/or commands (receiving… a software provisioning command) to the secure processors). Reference Tang is directed towards a secure processor downloading data. The software of the secure processor is interpreted here under the broadest reasonable interpretation to comprise the software provisioning agent, since the entirety of the secure processor may be secured, and thus treated as a trusted execution environment (Par. [0018], secure processors may also employ techniques such as cryptographic storage and physical tamper-resistant measures to protect data and/or software from theft, reverse engineering, and the like). For this reason, the secure processor of Tang will be considered to be synonymous with the software provisioning agent in the following interpretations. Regarding the limitation of “receiving”, the secure processor of Tang may receive a command from the control server to receive data. This data may be software (Par. [0025], the control server 100 identifies a software download that is to be provided to the secure processor 200).	wherein the software provisioning command identifies a target software application (Par. [0025], the control server 100 identifies a software (wherein the software provisioning command identifies a target software application) download that is to be provided to the secure processor 200). The control server of Tang identifies that a software download such as through the notification taught above. Under the broadest reasonable interpretation, the software to be downloaded constitutes that of the target software application. 
	(taught by Wadhwa below)
	and a software provisioning operation to be performed with respect to the target software application (Par. [0025], The software download in step 310 may also represent a new software application not currently installed at the secure processor 200 (and a software provisioning operation to be performed with respect to the target software application)). The control server of Tang identifies that a software download such as through the notification taught above. Under the broadest reasonable interpretation, the software provisioning operation constitutes that of downloading the application and loading it for execution. 
	(taught by Wadhwa below)
	and performing, using the file, a software provisioning operation specified by the software provisioning command (Par. [0038], the decrypted application code image is loaded onto the secure processor 200 (and performing, using the file, a software provisioning operation specified by the software provisioning command)). The system of Tang decrypts the file and loads the software for execution. As it was previously argued that the push notification of a data delivery network which applies to the system of Tang constitutes the software provisioning command, the loading for execution is considered to be performing a software provisioning operation specified by the software provisioning command, as this ultimately completes the data delivery intended by the notification.

	Wadhwa discloses the following limitations not taught by Tang:
	a uniform resource identifier (URI) of a file associated with the target software application (Par. [0011], one or more URIs to receive the software may be obtained). Wadhwa teaches using Uniform Resource Identifiers (URIs) to identify software for provisioning. Wadhwa also teaches this being part of a software provisioning command identifying target software (Par. [0010], customization schedule providing software) and a software provisioning operation (Par. [0010], software for customized installation).
	receiving the file identified by the URI (Par. [0011], The software may be received from memory based on one or more URIs transmitted to memory). Wadhwa further teaches receiving software, i.e. the file, that is identified by the URI.

	Tang discloses a software provisioning command, but does not disclose using a Uniform Resource Identifier (URI) for provisioning. Wadhwa however teaches a software provisioning command which uses a URI. Tang and Wadhwa are considered to be analogous art because they relate to the field of software provisioning. Thus, all claimed features were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the software provisioning command of Tang with the software provisioning command of Wadhwa in order to gain the predictable result of the applicant’s claimed invention.

Regarding Claim 2:
	Tang/Wadhwa discloses Claim 1.
	Tang further discloses the following limitation:
	wherein the file is received from the software provisioning controller (Par. [0032], the control server 100 transmits the encrypted application code image to the secure processor 200). The control server, i.e. the software provisioning controller, transmits the file. 

Regarding Claim 3:
	Tang/Wadhwa discloses Claim 1.
	Tang further discloses the following limitation:
	wherein the file is received from a software repository (Par. [0023], control server 100 includes memory storing one or more application code images 103 to be transmitted to secure processors 200a-200n). Under the broadest reasonable interpretation, the control server of Tang is a software repository, i.e. it stores the application code images that it transmits.

Regarding Claim 4:
	Tang/Wadhwa discloses Claim 1.
	Tang further discloses the following limitation:
	wherein the software repository is identified by the software provisioning command (Par. [0017], the control server 100 may include a push notification server configured to generate push notifications to deliver data and/or commands (wherein the software repository is identified by the software provisioning command) to the secure processors). The software provisioning command was previously interpreted to mean the push notifications of Tang which deliver data/commands to the processor. This command inherently identifies the software repository, i.e. the control server, as it is necessary for the download location to be identified when the software provisioning command is interpreted to deliver data. 

Regarding Claim 5:
	Tang/Wadhwa discloses Claim 1.
	Tang further discloses the following limitations:
	wherein the file is encrypted using a first cryptographic key (Par. [0029], the control server 100 generates an encryption key that may be used to encrypt the software application code image for transmission to the secure processor 200). The file from Claim 1 is encrypted with a key which the control server generates.
	and wherein receiving the file further comprises: decrypting the file using a second cryptographic key (Par. [0036], the secure processor 200 generates a decryption key for decrypting the application code image (decrypting the file using a second cryptographic key) received from the control server 100 (and wherein receiving the file further comprises)). The file is decrypted when the file is received by the secure processor. 
	wherein the first cryptographic key and the second cryptographic key are generated by applying a cryptographic operation to a secret value (Par. [0029], FIG. 7, described below, illustrates one such method of generating sequences of unique encryption and decryption keys derived from personalized unit data (e.g., seed data). Using the technique illustrated in FIG. 7, or other similar techniques, the encryption key (wherein the first cryptographic key) in step 330 may be generated by executing a hashing algorithm the same number of times as a stored download sequence number; Par. [0036], the decryption key in step 430 may be generated by taking the personalized unit data of the secure processor 200 and executing a hashing algorithm (and the second cryptographic key are generated by applying a cryptographic operation) on that data; Par. [0035], the personalized unit data may be stored internally within the secure processor 200, for example, in a cryptographically protected internal memory 204 (to a secret value)). The system of Tang generates encryption/decryption keys by continuously hashing the personalized unit data of the secure processor. This is well understood in the art to be a secret value, as the unit data is considered to be seed data, is unique to the secure processor, and is securely stored for protection.

Regarding Claim 7:
	Tang/Wadhwa discloses Claim 1.
	Tang further discloses the following limitation:
	wherein receiving the software provisioning command is performed responsive to transmitting a software provisioning request to the software provisioning controller (Par. [0017], the control server 100 may also include software to validate user identities and entitlements, locate and retrieve requested content, encrypt the content, and initiate delivery (e.g., streaming) of the content to the requesting user (wherein receiving the software provisioning command is performed responsive to transmitting a software provisioning request to the software provisioning controller), based on information received from and provided to the secure processors 200a-200n). Tang discloses that a user may request content which then is delivered to the secure processor of the user. Since receiving the software provisioning command is considered to be the data delivery associated with the push notification, this meets the limitation of the claim under the broadest reasonable interpretation. 

Regarding Claim 8:
	Tang/Wadhwa discloses Claim 1.
	Tang further disclose the following limitation:
	wherein performing the software provisioning operation further comprises at least one of: installing the software application or updating the software application (Par. [0025], the software download may represent an updated version of a software application currently loaded and executing on the secure processor 200. As is well-known in the art, software updates may include bug fixes and optimizations from previous versions, and/or may provide users with additional functionality. The software download in step 310 may also represent a new software application not currently installed at the secure processor 200 (wherein performing the software provisioning operation further comprises at least one of: installing the software application or updating the software application)). The system of Tang delivers the software then loads the software for execution (Par. [0003], the secure processor may then decrypt and load the software code image for execution). As disclosed above, this is considered to be either an installation or update, as running an updated version of the software application constitutes updating the application under the broadest reasonable interpretation.

Regarding Claim 11:
	Claim 11 is drawn to the computer system corresponding to the method of using same as claimed in Claim 7 except that Claim 11 further recites the following limitations which are disclosed by Tang:
	A computer system, comprising: a memory; and a processing device, coupled to the memory (Par. [0018], a secure processor may be a computing device comprising a processor with at least one protected memory)
	wherein the software provisioning agent is to: transmit a software provisioning request to a software provisioning controller (Par. [0017], the control server 100 (to a software provisioning controller) may also include software to validate user identities and entitlements, locate and retrieve requested content, encrypt the content, and initiate delivery (e.g., streaming) of the content to the requesting user, based on information received from (transmit a software provisioning request) and provided to the secure processors). As argued previously in Claim 7, the user may request content, i.e. software, and this request is transmitted to the software provisioning controller, as the information is received from the secure processors in the system of Tang.
	wherein the software provisioning request identifies a target software application (Par. [0017], locate and retrieve requested content (wherein the software provisioning request identifies a target software application)). The system of Tang locates content according to the request. As previously argued, the system of Tang is directed towards provisioning software. Therefore, this action inherently implies that the request identifies a target software application.
	
	Therefore, system Claim 11 corresponds to method Claim 7 up to these additional limitations which are also met by Tang, and is rejected for the same reasons of motivation/combination of references as used above. 

Regarding Claim 12:
	Tang/Wadhwa discloses Claim 11.
	Claim 12 is drawn to the computer system corresponding to the method of using same as claimed in Claim 5 except that Claim 11 further recites additional limitations by virtue of being dependent from Claim 11 which were shown to be disclosed by Tang above. Therefore, system Claim 12 corresponds to method Claim 5 up to these additional limitations which are also met by Tang, and is rejected for the same reasons of motivation/combination of references as used above. 

Regarding Claim 14:
	Tang/Wadhwa discloses Claim 11.
	Claim 14 is drawn to the computer system corresponding to the method of using same as claimed in Claim 8 except that Claim 14 further recites additional limitations by virtue of being dependent from Claim 11 which were shown to be disclosed by Tang above. Therefore, system Claim 14 corresponds to method Claim 8 up to these additional limitations which are also met by Tang, and is rejected for the same reasons of motivation/combination of references as used above. 

Regarding Claim 17:
	Claim 18 is drawn to the non-transitory computer readable medium corresponding to the computer system same as claimed in Claim 11 except that Claim 18 further recites the following limitations which are disclosed by Tang:
	A non-transitory computer-readable storage medium comprising executable instructions that, when executed by a host computer system (Par. [0021], the instructions may be stored in any type of computer-readable medium or memory, to configure the operation of the processor 101. For example, instructions may be stored in a read-only memory (ROM), random access memory (RAM), removable media (Universal Serial Bus (USB) drive, compact disk (CD) or digital versatile disk (DVD), floppy disk drive), or any other desired electronic storage medium. Instructions may also be stored in an attached (or internal) hard drive). 
	wherein the software provisioning agent is to: receive a software provisioning request initiated by the host computer system (Par. [0017], the requesting user, based on information received from and provided to the secure processors (wherein the software provisioning agent is to: receive a software provisioning request initiated by the host computer system)). In the previous interpretation of the software provisioning agent, this was considered to be the software of the secure processor, i.e. the two entities are conflated. Thus, when the system of Tang describes a user-generated request, one that is formed from information provided to the secure processor, this is considered to meet the limitation claimed as the request is initiated by the secure processor, and also received by the secure processor (from the user). 
	
Therefore, non-transitory computer readable medium Claim 18 corresponds to system Claim 11 up to these additional limitations which are also met by Tang, and is rejected for the same reasons of motivation/combination of references as used above. 

Regarding Claim 18:
	Tang/Wadhwa discloses Claim 17.
	Claim 18 is drawn to the non-transitory computer readable medium corresponding to the system same as claimed in Claim 12 except that Claim 18 further recites additional limitations by virtue of being dependent from Claim 17 which were shown to be disclosed by Tang above. Therefore, non-transitory computer readable medium Claim 18 corresponds to system Claim 12 up to these additional limitations which are also met by Tang, and is rejected for the same reasons of motivation/combination of references as used above. 

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Tang/Wadhwa, and further in view of Nataraj et al. (U.S. Pub. No. 2008/0276301 A1) hereinafter referred to as “Nataraj”. 
Regarding Claim 6:
	Tang/Wadhwa discloses Claim 1.
	Nataraj discloses the following limitation not taught by Tang/Wadhwa:
	wherein the software provisioning controller is running in a second TEE (Par. [0029], the server 110 is configured to receive the encoded request from the client 130. The encoded request from the client 130 is authenticated by the server's TPM chip 115 (wherein the software provisioning controller is running in a second TEE), wherein the TPM chip 115 verifies whether or not the encoded requested is from a trusted client). The system of Tang/Wadhwa does not disclose a second TEE for the control server, i.e. the software provisioning controller. Reference Nataraj however teaches that the software providing server may run in a second trusted execution environment, i.e. it uses a trusted platform module (TPM). Reference Nataraj further teaches that this TPM chip may be used to securely authenticate the client’s request for software. 

	References Tang/Wadhwa and Nataraj are considered to be analogous art because they both relate to software provisioning systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the software provisioning system of Tang/Wadhwa with the server’s TPM chip of Nataraj in order to gain the benefit of additional security through authentication of the client’s request for software.

Claims 9-10, 15-16, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Tang/Wadhwa, and further in view of Parthasarathy et al. (U.S. Patent No. 6,802,061 B1) hereinafter referred to as “Parthasarathy”.
Regarding Claim 9:
	Tang/Wadhwa discloses Claim 1.
	Parthasarathy discloses the following limitation not taught by Tang/Wadhwa:
	wherein performing the software provisioning operation further comprises: invoking a function defined by a software provisioning application programming interface (API) of the host computer system (Col. 9, lines 52-55, the verified software components are then automatically installed 74 (e.g., with ICodeInstall) in various directories of a file system on the local computer 34 (The method of claim 1, wherein performing the software provisioning operation further comprises: invoking a function defined); Col. 8, lines 62-63, and a software interface ICodeInstall for the code installation module 64 (a software provisioning application programming interface (API) of the host computer system)). The system of Tang/Wadhwa does not explicitly disclose invoking an API’s function when performing the provisioning operation. Parthasarathy however discloses that the software, which may compose of various components, can be automatically installed in various directories of the file system through the ICodeInstall API. This uses an API function inherently, as invoking an API to perform an action requires calling a function.  Parthasarathy further discloses that this may be used to provide interactive multimedia to users (Col. 3, lines 25-29, The method and System are used by applications (e.g., network browsers, network Servers) to automatically download and install software components from code depositories on computer networks (e.g., the Internet, or local corporate intranets) to provide dynamic and truly interactive multimedia to a user). 

	References Tang/Wadhwa and Parthasarathy are considered to be analogous art because they both relate to software provisioning systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the software provisioning system of Tang/Wadhwa with the automatic installation of software components of Parthasarathy in order to gain the benefit of having the ability to provide the user interactive multimedia content.

Regarding Claim 10:
	Tang/Wadhwa discloses Claim 1.
	Parthasarathy discloses the following limitation not taught by Tang/Wadhwa:
	wherein performing the software provisioning operation further comprises: causing a file operation using the file to be performed by a file system of the host computer system (Col. 9, lines 52-55, the verified software components are then automatically installed 74 (e.g., with ICodeInstall) (causing a file operation using the file) in various directories of a file system on the local computer 34 (to be performed by a file system of the host computer system)). The system of Tang/Wadhwa does not explicitly disclose a file operation in its software downloading system. Parthasarathy however discloses that the software, which may compose of various components, can be installed in various directories of the file system. This describes a file operation inherently, as the installation of files across various directions is that of a write operation performed by the file system. Parthasarathy further discloses that this may be used to provide interactive multimedia to users (Col. 3, lines 25-29, The method and System are used by applications (e.g., network browsers, network Servers) to automatically download and install software components from code depositories on computer networks (e.g., the Internet, or local corporate intranets) to provide dynamic and truly interactive multimedia to a user).

	References Tang/Wadhwa and Parthasarathy are considered to be analogous art because they both relate to software provisioning systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the software provisioning system of Tang/Wadhwa with the automatic installation of software components of Parthasarathy in order to gain the benefit of having the ability to provide the user interactive multimedia content.

Regarding Claim 15:
	Tang/Wadhwa discloses Claim 11.
	Claim 15 is drawn to the computer system corresponding to the method of using same as claimed in Claim 9 except that Claim 15 further recites additional limitations by virtue of being dependent from Claim 11 which were shown to be disclosed by Tang/Wadhwa above. Therefore, system Claim 15 corresponds to method Claim 9 up to these additional limitations which are also met by Tang/Wadhwa, and is rejected for the same reasons of motivation/combination of references Tang/Wadhwa/Parthasarathy as used above in Claim 9. 

Regarding Claim 16:
	Tang/Wadhwa discloses Claim 11.
	Claim 16 is drawn to the computer system corresponding to the method of using same as claimed in Claim 10 except that Claim 16 further recites additional limitations by virtue of being dependent from Claim 11 which were shown to be disclosed by Tang/Wadhwa above. Therefore, system Claim 16 corresponds to method Claim 10 up to these additional limitations which are also met by Tang/Wadhwa, and is rejected for the same reasons of motivation/combination of references Tang/Wadhwa/Parthasarathy as used above in Claim 10. 

Regarding Claim 19:
	Tang/Wadhwa discloses Claim 17.
	Claim 19 is drawn to the non-transitory computer readable medium corresponding to the system same as claimed in Claim 15 except that Claim 19 further recites additional limitations by virtue of being dependent from Claim 17 which were shown to be disclosed by Tang/Wadhwa above. Therefore, non-transitory computer readable medium Claim 19 corresponds to system Claim 15 up to these additional limitations which are also met by Tang/Wadhwa, and is rejected for the same reasons of motivation/combination of references Tang/Wadhwa/Parthasarathy as used above in Claim 15.

Regarding Claim 20:
	Tang/Wadhwa discloses Claim 17.
	Claim 20 is drawn to the non-transitory computer readable medium corresponding to the system same as claimed in Claim 16 except that Claim 20 further recites additional limitations by virtue of being dependent from Claim 17 which were shown to be disclosed by Tang/Wadhwa above. Therefore, non-transitory computer readable medium Claim 20 corresponds to system Claim 16 up to these additional limitations which are also met by Tang/Wadhwa, and is rejected for the same reasons of motivation/combination of references Tang/Wadhwa/Parthasarathy as used above in Claim 16.
	
Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Poiesz et al. (U.S. Patent No. 8,886,933 B1) – Includes methods regarding software provisioning using a Uniform Resource Identifier
 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                       
03/11/2022                                                                                                                                                                                 /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431