DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/13/2022 has been entered.


Response to Arguments
This action is in reply to papers filed on 07/13/2022. Claims 1-20 are pending. Claims 1, 4, 6, 8, 11, 13, 15, and 19 were amended. Claims 1, 8, and 15 are independent.
Applicant's arguments ("REMARKS") filed 07/13/2022, presented on pp. 8-11, with respect to the rejections(s) of claim(s) under 35 U.S.C. §103 with respect to Shukla, US 2019/0121886 A1 and Gonzalez Diaz et al., US 2017/0177245 A1 have been fully considered and are persuasive. Therefore, the rejections have been withdrawn. However, upon further consideration, a new ground of rejection is made in view of Levin et al., US 10,891,140 B1. See Claim Rejections – 35 USC §103 below for details.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 3-4, and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Levin et al., US 10,891,140 B1 (hereinafter, “Levin ‘140”) in view of Gonzalez Diaz et al., US 2017/0177245 A1 (hereinafter, “Gonzalez ‘245”).

As per claim 1: Levin ‘140 discloses: 
A method comprising: 
retrieving a device tree binary (retrieving a configuration state (also referred to as a configuration model), of a connected device 106, 122 of a system 100, where the configuration state is a model describing one or more devices of the system 100 and comprises device configuration values, and where the configuration state is the result of applying a ‘test model’ to a connected device 106, 122 [Levin ‘140, Col. 2 lines 5-11, Col. 4 lines 8-16, Col. 7 lines 48-64, Col. 15 lines 18-34; Fig. 1, Fig. 7]) from a system (the configuration state of the connected device 106, 122 is retrieved from a device connected to a host device 102, 104 of the system 100, where the host device 102, 104 may be provided within the resource environment 110 of the system 100; i.e., the connected device 106, 122, the host device 102, 104, and the resource environment 110 are all part of the same system 100 [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 2 lines 23-45, Col. 2 lines 58-62, Col. 3 line 65-Col. 4 line 8; Fig. 1]);
generating a golden copy of the device tree binary of the system (generating an updated ‘golden model’ of a configuration state (also referred to as the ‘new’ configuration model), comprising of ‘expected’ or ‘updated’ device configuration values, of a connected device 106, 122 of the system 100, where the updated ‘golden model’ is generated based on the configuration state of a connected device 106, 122, and where the configuration state is the result of applying a ‘test model’ to a connected device 106, 122 [Levin ‘140, Col. 1 line 64-Col. 2 line 11, Col. 4 lines 4-16, Col. 7 line 46-64, Col. 15 lines 18-36; Fig. 7);
storing the golden copy of the device tree binary of the system (storing the updated ‘golden model’ of a configuration state (also referred to as the ‘new’ configuration model) within the system 100, where the updated ‘golden model’ may be stored within the model repository 118 of the resource environment 110 of the system 100 [Levin ‘140, Col. 1 lines 64-67, Col. 3 line 60-Col. 4 line 1, Col. 4 lines 12-16, Col. 7 lines 32-35, Col. 15 lines 34-39; Fig. 1, Fig. 7]); 
identifying whether one or more parameters of a running copy of the device tree binary of the system (identifying one or more actual device configuration values of a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) are different from corresponding parameters of the golden copy by comparing the running copy with the golden copy (comparing the device configuration values of the snapshot of the current configuration state and the updated ‘golden model’ to find any discrepancies and differences [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 5 line 66-Col. 6 line 3, Col. 7 lines 6-16, Col. 7 line 67-Col. 8 line 7, Col. 13 line 61-Col. 8 line 11; Fig. 5, Fig. 6]); and 
performing a corrective action responsive to an indication that at least one of the one or more parameters of the running copy are different from the corresponding parameters of the golden copy (upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action, such as adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, etc. [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5, Fig. 6]).

Levin ‘140, as stated above, does not explicitly disclose: “storing the golden copy … in a trusted execution environment in the system”.
Gonzalez ‘245, however, discloses: 
storing the golden copy (System Manage Mode (SMM) authentication Information Element (IE) 148; the SMM authentication IE 148 is derived from a master copy of the SMM Control Routine 134 [Gonzalez ‘245, ¶30; Fig. 1]) … in a trusted execution environment in the system (the SMM authentication IE 148 is stored in the Trusted Execution Environment (TEE) Storage 146 in TEE 140 of a system [Gonzalez ‘245, ¶¶18-19, 26, 30; Fig. 1]).

Levin ‘140 and Gonzalez ‘245 are analogous art because they are from the same field of endeavor, namely that of ensuring the integrity and proper management of data and values within a computing system. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 and Gonzalez ‘245 before them, to modify the method in Levin ‘140 to include the teachings of Gonzalez ‘245, namely to store the updated ‘golden model’ or the model repository 118, as disclosed in Levin ‘140, in a trusted execution environment (TEE) in the system, as disclosed in Gonzalez ‘245. The motivation for doing so would be to provide a secure environment for processing and/or storing sensitive information such as master/golden copies of data (see Gonzalez ‘245, ¶32).

As per claim 3: Levin ‘140 in view of Gonzalez ‘245 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Furthermore, Levin ‘140 discloses: 
wherein performing the corrective action (upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action [Levin ‘140, Col. 1 line 54-Col. 2 line 5; Fig. 5, Fig. 6]) includes at least one of: 
quarantining a component of the system associated with the one or more parameters; evaluating each of the one or more parameters of the running copy identified as different from the corresponding parameters of the golden copy; or notifying a user of the system (corrective actions include analyzing configuration values of the snapshot of a current configuration state of the connected device 106, 122 identified as different from the configuration values of the updated ‘golden model’ that are different, adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, and notifying technicians, clients, or customers of the system 100 [Levin ‘140, Col. 4 lines 1-8, Col. 7 lines 6-16, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5]). 

As per claim 4: Levin ‘140 in view of Gonzalez ‘245 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Furthermore, Levin ‘140 discloses: 
further comprising generating the running copy of the device tree binary on the system (generating a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]).

As per claim 6: Levin ‘140 in view of Gonzalez ‘245 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Furthermore, Levin ‘140 discloses: 
further comprising receiving the running copy of the device tree binary (receiving a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) from a non-trusted execution environment of the system (executing a software component within the connected device 106, 122 that generates and transmits the snapshot; under the broadest reasonable interpretation, the connected device 106, 122 itself is interpreted to be a “non-trusted execution environment” within the corresponding host device 102, 104 [Levin ‘140, Col. 6 line 6-Col. 7 line 5; Fig. 1]).


Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245 and further in view of Kobres, US 10,887,296 B2 (hereinafter, “Kobres ‘296”).

As per claim 2: Levin ‘140 in view of Gonzalez ‘245 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Levin ‘140 in view of Gonzalez ‘245 does not explicitly disclose the limitations of claim 2.
Kobres ‘296, however, discloses:
 further comprising decrypting the device tree binary of the system (secure provisioning manifest 250; decrypting the secure provisioning manifest 250 using a private key 245 [Kobres ‘296, Col. 9 line 10, Col. 11 line 49; Fig. 4, Fig. 5]), wherein the device tree binary is a data structure describing one or more hardware components of the system (the secure provisioning manifest 250 is a data structure that includes information identifying hardware peripherals that are attached to the computer system [Kobres ‘296, Col. 3 line 51, Col. 6 line 53, Col. 12 line 63; Fig. 4, Fig. 5]).

Levin ‘140 (modified by Gonzalez ‘245) and Kobres ‘296 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Kobres ‘296 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) to include the teachings of Kobres ‘296, namely to perform decryption, as disclosed in Kobres ‘296, on a configuration state of a connected device 106, 122 of a system 100, as disclosed in Levin ‘140. The motivation for doing so would be to provide secure communications with authenticated hardware peripherals attached to the computer system (see Kobres ‘296, Col. 1 line 62, Col. 9 line 18).


Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140, in view of Gonzalez ‘245, and further in view of Radjabi et al., US 10,922,068 B1 (hereinafter, “Radjabi ‘068”).

As per claim 5: Levin ‘140 in view of Gonzalez ‘245 discloses all limitations of claims 1 and 4, as stated above, all from which claim 5 is dependent upon. Furthermore, Levin ‘140 discloses: 
wherein generating the running copy of the device tree binary (generating a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) further comprises recording one or more parameters associated with one or more components of the system (recording configuration values associated with connected devices 106, 122 of the system 100 within a set of key-value pairs, a comma separated list, or some other format [Levin ‘140, Col. 6 line 64-Col. 7 line 5])

Levin ‘140 in view of Gonzalez ‘245, as stated above, does not explicitly disclose: “… one or more parameters associated with one or more components of the system … wherein the one or more parameters are presented in a kernel pseudo file.”
Radjabi ‘068, however, discloses: 
one or more parameters associated with one or more components of the system (device data file 114 includes information about kernel subsystems and hardware devices coupled to the computer system [Radjabi ‘068, Col. 6 lines 27-33; Fig. 1]) … wherein the one or more parameters are presented in a kernel pseudo file (the device data file is presented as a pseudo file capable of exporting information from the device model of the kernel [Radjabi ‘068, Col. 6 lines 33-40; Fig. 1]).

Levin ‘140 (modified by Gonzalez ‘245) and Radjabi ‘068 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Radjabi ‘068 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) to include the teachings of Radjabi ‘068, namely to implement the format of the snapshot, as disclosed in Levin ‘140, as pseudo files capable of exporting information from the device model of the kernel, as disclosed in Radjabi ‘068. The motivation for doing so would be to make hardware device information easily available to the user space through virtual files (see Radjabi ‘068, Col. 6 lines 36-40).


Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245 and further in view of Truskovsky et al., US 2013/0326614 A1 (hereinafter, “Truskovsky ‘614”).

As per claim 7: Levin ‘140 in view of Gonzalez ‘245 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Furthermore, Levin ‘140 discloses:
 further comprising(a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) 

Levin ‘140 in view of Gonzalez ‘245, as stated above, does not explicitly disclose: “determining that a timer has been attacked based on an indication that … has not been generated or received before the timer expired.”
Truskovsky ‘614, however, discloses:
 determining that a timer has been attacked (determining that a hacker has modified the system clock to manipulate a ticket’s period of validity [Truskovsky ‘614, ¶¶131-132]) based on an indication that … has not been generated or received before the timer expired (expired time-limited tickets are recorded in a list of revoked tickets, and an attempt to use a revoked time-limited ticket indicates that the ticket’s period of validity has been manipulated [Truskovsky ‘614, ¶¶130-132]).

Levin ‘140 (modified by Gonzalez ‘245) and Truskovsky ‘614 are analogous art because they are from the same field of endeavor, namely that of controlling access to data and ensuring the integrity of devices. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Truskovsky ‘614 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) to include the teachings of Truskovsky ‘614, namely to use time-limited tickets in Truskovsky ‘614 to control the access and availability of the snapshot of a current configuration state of the connected device in Levin ‘140, and to determine whether the ticket’s period of validity has been tampered with by checking if tickets are on a list of revoked tickets. The motivation for doing so would be to provide additional security measures when sensitive information, such as the snapshot, is accessed, and to determine whether sensitive information is compromised due to manipulation of a time-limited ticket’s period of validity (see Truskovsky ‘614, ¶¶130-132).


Claims 8, 10-11, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140, in view of Gonzalez ‘245, and further in view of Posini, US 2015/0268952 A1 (hereinafter, “Posini ‘952”).

As per claim 8: Levin ‘140 discloses: 
A system for detecting an attack to an internet-of-things (IoT) enabled device (a system for detecting problems or sub-optimal configurations of an internet-enabled device, where the problems may negatively impact the performance of the systems [Levin ‘140, Col. 3 lines 3-32, Col. 5 lines 24-37]), the system comprising: 
one or more memory devices having instructions stored thereon that, when executed by one or more processors, cause the one or more processors to perform operations (memory for storing instructions that are executed by a processing unit or performing operations [Levin ‘140, Col. 15 lines 40-58’ Fig. 8]) comprising:  

retrieving a device tree binary (retrieving a configuration state (also referred to as a configuration model), of a connected device 106, 122 of a system 100, where the configuration state is a model describing one or more devices of the system 100 and comprises device configuration values, and where the configuration state is the result of applying a ‘test model’ to a connected device 106, 122 [Levin ‘140, Col. 2 lines 5-11, Col. 4 lines 8-16, Col. 7 lines 48-64, Col. 15 lines 18-34; Fig. 1, Fig. 7]) of the system (the configuration state of the connected device 106, 122 is retrieved from a device connected to a host device 102, 104 of the system 100, where the host device 102, 104 may be provided within the resource environment 110 of the system 100; i.e., the connected device 106, 122, the host device 102, 104, and the resource environment 110 are all part of the same system 100 [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 2 lines 23-45, Col. 2 lines 58-62, Col. 3 line 65-Col. 4 line 8; Fig. 1]);
generating a golden copy of the device tree binary of the system (generating an updated ‘golden model’ of a configuration state (also referred to as the ‘new’ configuration model), comprising of ‘expected’ or ‘updated’ device configuration values, of a connected device 106, 122 of the system 100, where the updated ‘golden model’ is generated based on the configuration state of a connected device 106, 122, and where the configuration state is the result of applying a ‘test model’ to a connected device 106, 122 [Levin ‘140, Col. 1 line 64-Col. 2 line 11, Col. 4 lines 4-16, Col. 7 line 46-64, Col. 15 lines 18-36; Fig. 7);
storing the golden copy of the device tree binary of the system (storing the updated ‘golden model’ of a configuration state (also referred to as the ‘new’ configuration model) within the system 100, where the updated ‘golden model’ may be stored within the model repository 118 of the resource environment 110 of the system 100 [Levin ‘140, Col. 1 lines 64-67, Col. 3 line 60-Col. 4 line 1, Col. 4 lines 12-16, Col. 7 lines 32-35, Col. 15 lines 34-39; Fig. 1, Fig. 7]) 
identifying whether one or more parameters of a running copy of the device tree binary of the system are different (identifying one or more actual device configuration values of a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) from corresponding parameters of the golden copy by comparing the running copy with the golden copy (comparing the device configuration values of the snapshot of the current configuration state and the updated ‘golden model’ to find any discrepancies and differences [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 5 line 66-Col. 6 line 3, Col. 7 lines 6-16, Col. 7 line 67-Col. 8 line 7, Col. 13 line 61-Col. 8 line 11; Fig. 5, Fig. 6]); and 
performing a corrective action responsive to an indication that at least one of the one or more parameters of the running copy are different from the corresponding parameters of the golden copy (upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action, such as adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, etc. [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5, Fig. 6]).

Levin ‘140, as stated above, does not explicitly disclose: “loading an operating system in a trusted execution environment of a system, wherein at least part of the operating system is used as a root of trust … storing the golden copy … in the trusted execution environment”.
Gonzalez ‘245, however, discloses: 

storing the golden copy (System Manage Mode (SMM) authentication Information Element (IE) 148; the SMM authentication IE 148 is derived from a master copy of the SMM Control Routine 134 [Gonzalez ‘245, ¶30; Fig. 1]) … in the trusted execution environment (the SMM authentication IE 148 is stored in the Trusted Execution Environment (TEE) Storage 146 in TEE 140 [Gonzalez ‘245, ¶¶18-19, 26, 30; Fig. 1]).

Levin ‘140 and Gonzalez ‘245 are analogous art because they are from the same field of endeavor, namely that of ensuring the integrity and proper management of data and values within a computing system. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 and Gonzalez ‘245 before them, to modify the method in Levin ‘140 to include the teachings of Gonzalez ‘245.

Levin ‘140 in view of Gonzalez ‘245, as stated above, does not explicitly disclose: “loading an operating system in a trusted execution environment of a system, wherein at least part of the operating system is used as a root of trust …”
Posini ‘952, however, discloses: 
loading an operating system in a trusted execution environment of a system (a trusted operating system (OS) 305 is loaded in a trusted execution environment (TEE) 301 of a system [Posini ‘952, ¶¶31-32, 41; Fig. 3]), wherein at least part of the operating system is used as a root of trust (the system-on-chip (SoC) 300 includes a trusted OS 305, where the root of trust provided by the SoC 300 can guarantee that the trusted OS 305 is the only component  on the SoC 300 that is able to derive secrets [Posini ‘952, ¶¶35, 41; Fig. 3]).

Levin ‘140 (modified by Gonzalez ‘245) and Posini ‘952 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Posini ‘952 and Posini ‘952 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) and Posini ‘952 to include the teachings of Posini ‘952, namely to perform the method described above, as disclosed in Levin ‘140, in a trusted execution environment (TEE) where is operating system (OS) is loaded an used as a root of trust, as disclosed in Posini ‘952. The motivation for doing so would be to provide a secure environment for processing and/or storing sensitive information and guarantee that only authorized code can be executed in the TEE (see Posini ‘952, ¶¶35, 41).

As per claim 10: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 discloses all limitations of claim 8, as stated above, from which claim 10 is dependent upon. Furthermore, Levin ‘140 discloses: 
wherein performing the corrective action (upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action [Levin ‘140, Col. 1 line 54-Col. 2 line 5; Fig. 5, Fig. 6]) includes at least one of: 
quarantining a component of the system associated with the one or more parameters; evaluating each of the one or more parameters of the running copy identified as different from the corresponding parameters of the golden copy; or notifying a user of the system (corrective actions include analyzing configuration values of the snapshot of a current configuration state of the connected device 106, 122 identified as different from the configuration values of the updated ‘golden model’ that are different, adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, and notifying technicians, clients, or customers of the system 100 [Levin ‘140, Col. 4 lines 1-8, Col. 7 lines 6-16, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5]).

As per claim 11: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 discloses all limitations of claim 8, as stated above, from which claim 11 is dependent upon. Furthermore, Levin ‘140 discloses: 
further comprising generating the running copy of the device tree binary on the system (generating a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]).

As per claim 13: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 discloses all limitations of claim 8, as stated above, from which claim 13 is dependent upon. Furthermore, Levin ‘140 discloses: 
further comprising receiving the running copy of the device tree binary (receiving a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) from a non-trusted execution environment of the IoT enabled device (executing a software component within the connected 106, 122 that generates and transmits the snapshot; under the broadest reasonable interpretation, the connected device 106, 122 itself is interpreted to be a “non-trusted execution environment” within the corresponding internet-enabled device host device 102, 104 [Levin ‘140, Col. 6 line 6-Col. 7 line 5; Fig. 1]).


Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kobres ‘296.

As per claim 9: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 discloses all limitations of claim 8, as stated above, from which claim 9 is dependent upon. Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 does not explicitly disclose the limitations of claim 9.
Kobres ‘296, however, discloses: 
further comprising decrypting the device tree binary of the system (secure provisioning manifest 250; decrypting the secure provisioning manifest 250 using a private key 245 [Kobres ‘296, Col. 9 line 10, Col. 11 line 49; Fig. 4, Fig. 5]), wherein the device tree binary is a data structure describing one or more hardware components of the system (the secure provisioning manifest 250 is a data structure that includes information identifying hardware peripherals that are attached to the computer system [Kobres ‘296, Col. 3 line 51, Col. 6 line 53, Col. 12 line 63; Fig. 4, Fig. 5]).

Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952) and Kobres ‘296 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952) and Kobres ‘296 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952) to include the teachings of Kobres ‘296.


Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 and further in view of Radjabi ‘068.

As per claim 12: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 discloses all limitations of claims 8 and 11, as stated above, all from which claim 12 is dependent upon. Furthermore, Levin ‘140 discloses: 
wherein generating the running copy of the device tree binary (generating a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) further comprises recording one or more parameters associated with one or more components of the system (recording configuration values associated with connected devices 106, 122 of the system 100 within a set of key-value pairs, a comma separated list, or some other format [Levin ‘140, Col. 6 line 64-Col. 7 line 5])

Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, as stated above, does not explicitly disclose: “… one or more parameters associated with one or more components of the system … wherein the one or more parameters are presented in a kernel pseudo file.”
Radjabi ‘068, however, discloses: 
one or more parameters associated with one or more components of the system (device data file 114 includes information about kernel subsystems and hardware devices coupled to the computer system [Radjabi ‘068, Col. 6 lines 27-33; Fig. 1]) … wherein the one or more parameters are presented in a kernel pseudo file (the device data file is presented as a pseudo file capable of exporting information from the device model of the kernel [Radjabi ‘068, Col. 6 lines 33-40; Fig. 1]).

Levin ‘140 (modified by Gonzalez ‘245) and Radjabi ‘068 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. For the reasons stated in claim 5, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Radjabi ‘068 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) to include the teachings of Radjabi ‘068.


Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Truskovsky ‘614.

As per claim 14: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 discloses all limitations of claim 8, as stated above, from which claim 14 is dependent upon. Furthermore, Levin ‘140 discloses: 
further comprising(a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) 

Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, as stated above, does not explicitly disclose: “determining that a timer has been attacked based on an indication that … has not been generated or received before the timer expired.”
Truskovsky ‘614, however, discloses: 
determining that a timer has been attacked (determining that a hacker has modified the system clock to manipulate a ticket’s period of validity [Truskovsky ‘614, ¶¶131-132]) based on an indication that … has not been generated or received before the timer expired (expired time-limited tickets are recorded in a list of revoked tickets, and an attempt to use a revoked time-limited ticket indicates that the ticket’s period of validity has been manipulated [Truskovsky ‘614, ¶¶130-132]).

Levin ‘140 (modified by Gonzalez ‘245) and Truskovsky ‘614 are analogous art because they are from the same field of endeavor, namely that of controlling access to data and ensuring the integrity of devices. For the reasons stated in claim 7, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Truskovsky ‘614 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) to include the teachings of Truskovsky ‘614.


Claims 15-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952 and further in view of Kahana et al., US 2016/0063281 A1 (hereinafter, “Kahana ‘281”).

As per claim 15: Levin ‘140 discloses: A method comprising: 

retrieving a device tree binary (retrieving a configuration state (also referred to as a configuration model), of a connected device 106, 122 of a system 100, where the configuration state is a model describing one or more devices of the system 100 and comprises device configuration values, and where the configuration state is the result of applying a ‘test model’ to a connected device 106, 122 [Levin ‘140, Col. 2 lines 5-11, Col. 4 lines 8-16, Col. 7 lines 48-64, Col. 15 lines 18-34; Fig. 1, Fig. 7]) of the system (the configuration state of the connected device 106, 122 is retrieved from a device connected to a host device 102, 104 of the system 100, where the host device 102, 104 may be provided within the resource environment 110 of the system 100; i.e., the connected device 106, 122, the host device 102, 104, and the resource environment 110 are all part of the same system 100 [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 2 lines 23-45, Col. 2 lines 58-62, Col. 3 line 65-Col. 4 line 8; Fig. 1]);
generating a golden copy of the device tree binary of the system (generating an updated ‘golden model’ of a configuration state (also referred to as the ‘new’ configuration model), comprising of ‘expected’ or ‘updated’ device configuration values, of a connected device 106, 122 of the system 100, where the updated ‘golden model’ is generated based on the configuration state of a connected device 106, 122, and where the configuration state is the result of applying a ‘test model’ to a connected device 106, 122 [Levin ‘140, Col. 1 line 64-Col. 2 line 11, Col. 4 lines 4-16, Col. 7 line 46-64, Col. 15 lines 18-36; Fig. 7);
storing the golden copy of the device tree binary of the system (storing the updated ‘golden model’ of a configuration state (also referred to as the ‘new’ configuration model) within the system 100, where the updated ‘golden model’ may be stored within the model repository 118 of the resource environment 110 of the system 100 [Levin ‘140, Col. 1 lines 64-67, Col. 3 line 60-Col. 4 line 1, Col. 4 lines 12-16, Col. 7 lines 32-35, Col. 15 lines 34-39; Fig. 1, Fig. 7]) 

determining whether a running copy of the device tree binary of the system is received or generated (determining, by the configuration manager, whether one or more actual device configuration values of a snapshot of a current configuration state of the connected device 106, 122 of the system 100 is received [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 6 line 52-Col. 7 line 5, Col. 14 lines 22-33; Fig. 1, Fig. 6])
performing(upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action, such as adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, etc. [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5, Fig. 6]).

Levin ‘140, as stated above, does not explicitly disclose: “loading an operating system in a trusted execution environment of a system, wherein at least part of the operating system is used as a root of trust; … storing the golden copy … in the trusted execution environment; initiating a timer with a randomly generated period of time; determining whether a running copy … is received or generated before the timer expires; and performing, based on determination that the running copy is not received or generated before the timer expires, a corrective action.”
Gonzalez ‘245, however, discloses: 

… storing the golden copy (System Manage Mode (SMM) authentication Information Element (IE) 148; the SMM authentication IE 148 is derived from a master copy of the SMM Control Routine 134 [Gonzalez ‘245, ¶30; Fig. 1]) … in the trusted execution environment (the SMM authentication IE 148 is stored in the Trusted Execution Environment (TEE) Storage 146 in TEE 140 [Gonzalez ‘245, ¶¶18-19, 26, 30; Fig. 1]); 




Levin ‘140 and Gonzalez ‘245 are analogous art because they are from the same field of endeavor, namely that of ensuring the integrity and proper management of data and values within a computing system. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 and Gonzalez ‘245 before them, to modify the method in Levin ‘140 to include the teachings of Gonzalez ‘245.

Levin ‘140 in view of Gonzalez ‘245, as stated above, does not explicitly disclose: “loading an operating system in a trusted execution environment of a system, wherein at least part of the operating system is used as a root of trust; initiating a timer with a randomly generated period of time; determining whether a running copy … is received or generated before the timer expires; and performing, based on determination that the running copy is not received or generated before the timer expires, a corrective action”.
Posini ‘952, however, discloses: 
loading an operating system in a trusted execution environment of a system (a trusted operating system (OS) 305 is loaded in a trusted execution environment (TEE) 301 [Posini ‘952, ¶¶31-32, 41; Fig. 3]), wherein at least part of the operating system is used as a root of trust (the system-on-chip (SoC) 300 includes a trusted OS 305, where the root of trust provided by the SoC 300 can guarantee that the trusted OS 305 is the only component  on the SoC 300 that is able to derive secrets [Posini ‘952, ¶¶35, 41; Fig. 3]).

Levin ‘140 (modified by Gonzalez ‘245) and Posini ‘952 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245) and Posini ‘952 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245) to include the teachings of Posini ‘952.

Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, as stated above, does not explicitly disclose: “initiating a timer with a randomly generated period of time; determining whether a running copy … is received or generated before the timer expires; and performing, based on determination that the running copy is not received or generated before the timer expires, a corrective action”.
Kahana ‘281, however, discloses: 
initiating a timer with a randomly generated period of time (the monitor module sets a timer and requests information from a core on the system on chip (SoC), where the timer interval may be randomly selected [Kahana ‘281, ¶¶29-30, 66-67]); 
determining whether a running copy … is received or generated before the timer expires (determining whether the monitor module receives the information prior to the expiration of the timer or whether the generated information is expected [Kahana ‘281, ¶¶29-30]); and 
performing, based on determination that the running copy is not received or generated before the timer expires, a corrective action (if the monitor module does not receive the information prior to the expiration of the timer or if the generated information is not expected, security measures may be initiated [Kahana ‘281, ¶¶29-30]).

Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952) and Kahana ‘281 are analogous art because they are from the same field of endeavor, namely that of managing and insuring the integrity data within of hardware/devices within a computing environment. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952) and Kahana ‘281 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952) to include the teachings of Kahana ‘281, namely to determine whether the snapshot of a current configuration state of the connected device 106, 122 of the system 100, as disclosed in Levin ‘140 is compromised based on whether it is generated or received prior to the expiration of a timer, as disclosed in Kahana ‘281. The motivation for doing so would be to provide more robust, flexible, and cost-effective security for devices that places minimal burden on power consumption and hardware footprint without reliance on external hardware (see Kahana ‘281, ¶¶28, 31, 69).

As per claim 16: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281 discloses all limitations of claim 15, as stated above, from which claim 16 is dependent upon. Furthermore, Levin ‘140 discloses:
 further comprising: 
identifying whether one or more parameters of the device tree binary of the system (identifying one or more actual device configuration values of a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) are different from corresponding parameters of the golden copy by comparing the running copy with the golden copy (comparing the device configuration values of the snapshot of the current configuration state and the updated ‘golden model’ to find any discrepancies and differences [Levin ‘140, Col. 1 line 56-Col. 2 line 5, Col. 5 line 66-Col. 6 line 3, Col. 7 lines 6-16, Col. 7 line 67-Col. 8 line 7, Col. 13 line 61-Col. 8 line 11; Fig. 5, Fig. 6]); and 
performing a corrective action responsive to an indication that at least one of the one or more parameters of the running copy are different from the corresponding parameters of the golden copy (upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action, such as adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, etc. [Levin ‘140, Col. 1 line 54-Col. 2 line 5, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5, Fig. 6]).

As per claim 17: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281 discloses all limitations of claim 15, as stated above, from which claim 17 is dependent upon. Furthermore, Levin ‘140 discloses: 
wherein performing the corrective action (upon identifying a discrepancy or difference between the snapshot and the updated ‘golden model’, performing a corrective action [Levin ‘140, Col. 1 line 54-Col. 2 line 5; Fig. 5, Fig. 6]) includes at least one of: 
quarantining a component of the system associated with the one or more parameters; evaluating each of the one or more parameters of the running copy identified as different from the corresponding parameters of the golden copy; or notifying a user of the system (corrective actions include analyzing configuration values of the snapshot of a current configuration state of the connected device 106, 122 identified as different from the configuration values of the updated ‘golden model’ that are different, adjusting/updating the current configuration values of the connected device, replacing the connected device, installing new firmware, and notifying technicians, clients, or customers of the system 100 [Levin ‘140, Col. 4 lines 1-8, Col. 7 lines 6-16, Col. 7 line 67-Col. 8 line 4, Col. 8 lines 24-41, Col. 14 lines 1-11; Fig. 5]).

As per claim 19: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281 discloses all limitations of claim 15, as stated above, from which claim 19 is dependent upon. Furthermore, Levin ‘140 discloses: 
further comprising generating the running copy of the device tree binary on the system (generating a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]).


Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281, and further in view of Kobres ‘296.

As per claim 18: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281 discloses all limitations of claim 15, as stated above, from which claim 18 is dependent upon. Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281 does not explicitly disclose the limitations of claim 18.
Kobres ‘296, however, discloses: 
further comprising decrypting the device tree binary of the system (secure provisioning manifest 250; decrypting the secure provisioning manifest 250 using a private key 245 [Kobres ‘296, Col. 9 line 10, Col. 11 line 49; Fig. 4, Fig. 5]), wherein the device tree binary is a data structure describing one or more hardware components of the system (the secure provisioning manifest 250 is a data structure that includes information identifying hardware peripherals that are attached to the computer system [Kobres ‘296, Col. 3 line 51, Col. 6 line 53, Col. 12 line 63; Fig. 4, Fig. 5]).

Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952 & Kahana ‘281) and Kobres ‘296 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952 & Kahana ‘281) and Kobres ‘296 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952 & Kahana ‘281) to include the teachings of Kobres ‘296.


Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281, and further in view of Radjabi ‘068.

As per claim 20: Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281 discloses all limitations of claims 15 and 19, as stated above, all from which claim 20 is dependent upon. Furthermore, Levin ‘140 discloses: 
wherein generating the running copy of the device tree binary (generating a snapshot of a current configuration state of the connected device 106, 122 of the system 100 [Levin ‘140, Col. 6 line 52-Col. 7 line 5, Col. 13 lines 40-49; Fig. 5]) further comprises recording one or more parameters associated with one or more components of the system (recording configuration values associated with connected devices 106, 122 of the system 100 within a set of key-value pairs, a comma separated list, or some other format [Levin ‘140, Col. 6 line 64-Col. 7 line 5])

Levin ‘140 in view of Gonzalez ‘245, and further in view of Posini ‘952, and further in view of Kahana ‘281, as stated above, does not explicitly disclose: “… one or more parameters associated with one or more components of the system … wherein the one or more parameters are presented in a kernel pseudo file”.
Radjabi ‘068, however, discloses: 
one or more parameters associated with one or more components of the system (device data file 114 includes information about kernel subsystems and hardware devices coupled to the computer system [Radjabi ‘068, Col. 6 lines 27-33; Fig. 1]) … wherein the one or more parameters are presented in a kernel pseudo file (the device data file is presented as a pseudo file capable of exporting information from the device model of the kernel [Radjabi ‘068, Col. 6 lines 33-40; Fig. 1]).

Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952 & Kahana ‘281) and Radjabi ‘068 are analogous art because they are from the same field of endeavor, namely that of managing hardware/devices within a computing environment. For the reasons stated in claim 5, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952 & Kahana ‘281) and Radjabi ‘068 before them, to modify the method in Levin ‘140 (modified by Gonzalez ‘245 & Posini ‘952 & Kahana ‘281) to include the teachings of Radjabi ‘068.

Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Basavaraju et al., US 2009/0198842 A1: a method for identifying lost hardware devices connected to a system by obtaining data structures associated with last detected connected hardware devices and comparing obtained data structures associated with the current connected hardware devices.
Graham, US 2007/0038891 A1: a system for recovering a computing system's hardware state by simulating the replacement of the hardware device onto the bus and executing a configuration program.
Shukla, US 2019/0121886: comparing the elements of the structured data with the standard elements of the standard structured data to identify any element differences by comparing the element difference against a registry of element comparisons.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 8:30am-6:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494