Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/29/2022 has been entered.
Claims 1-20 are pending and are being considered.
Claims 1, 4, 6, 10, 12, 15 and 17 have been amended.
 
Response to 103
	Applicants arguments filed on 08/29/2022 have been fully considered and are partially persuasive but are moot in view of new grounds of rejection. 
	In response to applicants arguments on page 11 last para of remarks that Phan does not teach provisioning a new system owner public key as a platform root of trust public key. The examiner respectfully disagrees because the term “platform root of trust public key (ROTPK)” is defined as a public part of public/private key pair for validation purpose in view of [0023] of instant application. Similarly, Phan also teaches public part of public/private key pair for performing validation as platform root of trust public key. See Phan on [0069] teaches a user, which can be identified by its public key of public /private key pair (i.e. public key as a platform  root of trust key ROTPK in view of [0023] of instant application), as his first primary owner once it is verified that he knows a secret code which is associated to the device. See on [0088] teaches verifying the status of ownership of the device using its public key (i.e. equivalent to public key as a platform root of trust key). See also on [0116] teaches the terminal is provisioned with public/private key pair.

In response to applicant’s argument on page 16-17 that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, the applicant argues that the examiner fails to establish prima facie case of obviousness. The examiner respectfully disagrees because the reason for combining each document with proper motivation was explained in the previous office action. For example, Phan fails to teach the limitation “replacing a current system owner public key of the current system owner public/private key pair with the new system owner public key as the platform ROTPK” as claimed in claim 2 and 5. The examiner relied on Thom to teach the limitation (i.e. first criteria of elements/limitation being taught by certain document as argued by the applicant). Next the outcome of the proposed combination as reasonable expectation of success because the once the ownership of the system is changed from current owner to the new owner, the current public key is replaced with new public key for successful transferring operation (i.e. second criteria of reasonable outcome of the combination as argued by the applicant). Finally, the person of ordinary skills in the art would combine the teaching of Thom of replacing root of trust public key with new root of trust public key into the teaching of transferring ownership based on public/private key pair of the current owner and new owner as taught by Phan. one would be motivated to do so in order to securely transfer ownership of the system to a new ownership of the system based on replaced key with new key (i.e. final criteria of motivation for combining as argued by the applicant). Therefore, applicants arguments regarding the office fails to establish prima facie case of obviousness are not persuasive. For more detail see the rejection below regarding established criteria of obviousness for each new reference cited in the office action. 

In response to applicant's argument on page 17 that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
Applicants argument that the cited references UR, Thom, Smith and Ayoub fails to teach the amended limitation are moot because the above references were not cited to teach the amended limitation.
In response to applicant’s argument on page 22 of remarks that Ayoub (i.e. cited reference) also does not teach the amended limitation of 
“the platform ROTPK to be utilized to validate a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device “The examiner acknowledges applicants’ point of view but respectfully disagrees because due to following reasons:
The above limitation is intended use/result of the platform ROTPK which is “to be utilized to validate” a particular firmware owner ROTPK. In other words, the intended use of ROTPK is to validate firmware ROTPK. The validation performed by the platform ROTPK is not positively claimed. For examination purpose the limitation is give broadest reasonable interpretation (BRI) in view of spec.
Based on the BRI as explained above the prior art Ayoub teaches the above argued limitation. Ayoub on [0068-0070] teaches the embedded device 104 may verify the digital signature that the server 102 had used to digitally sign the encrypted firmware upgrade and/or the encrypted firmware key (310). The embedded device 104 may use the server public key to verify the digital signature. By verifying the digital signature, the device 104 verifies that no modifications were made to the firmware upgrade and/or firmware key (i.e. equivalent to validating the firmware ROTPK based in platform ROTPK). See [0010, 0026 and 0035] teaches the embedded device have a memory 110 for storing the firmware, wherein the memory may be non-volatile memory, the memory 110 of embedded device and the memory 126 of controller have similar component and may be encrypted memory.

Claim Objections
Claim 1, 6 and 17 objected to because of the following informalities
Claims 1 and 12 recites “…..wherein, subsequent to the cryptographically associating the particular computing device with the new system owner, the platform ROTPK to be utilized to validate a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device” should be further amended to positively claim the subject matter. The limitation should read as “validating using the platform ROTPK a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device” OR “in response to the cryptographically associating the particular computing device with the new system owner, validating using the platform ROTPK a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device”
Claim 6 recites “…the particular computing device firmware” and claim 1 recites “particular firmware” its not clear if the particular computing device firmware refers back to the particular firmware recites in claim. It seems like claim 6 should read as “a particular computing device firmware” Furthermore it looks like claim 6 should be dependent on claim 1 not on claim 5.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claim 1, 3, 4, 12 and 14-15 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1, 3, 5, 12, 15 and 169of copending Application No. 17511387 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY V BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ONPETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
This is a provisional nonstatutory double patenting rejection because the patentably indistinct
claims have not in fact been patented.

Current application 17/000148
Reference application 17/511387
1. A method, comprising: via a processor of a particular computing device, cryptographically associating the particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair associated with a current system owner,
 wherein the cryptographically associating the particular computing device with the new system owner comprises provisioning the new system owner public key as a platform root of trust public key (ROTPK) for the particular computing device, wherein, subsequent to the cryptographically associating the particular computing device with the new system owner, the platform ROTPK to be utilized to validate a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device.
1. A method, comprising: cryptographically associating a particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair, including: 


prior to finalizing provision of the new system owner public key as a new system owner root of trust public key (ROTPK),
 initiating, via a processor of the particular computing device, execution of one or more operations to disable or erase specified computing device firmware or specified content, or a combination thereof.
12.  An apparatus, comprising: at least one processor to include at least one execution circuit to:
 Cryptographically associate a particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair associated with a current system owner, 

wherein, to cryptographically associate the particular computing device with the new system owner, the at least one processor to provision the new system owner public key as a platform root of trust public key (ROTPK) for the particular computing device, wherein, subsequent to the particular computing device being cryptographically associated with the new system owner, the platform ROTPK to be utilized to validate a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device.
12.  An apparatus, comprising: at least one processor to: 

cryptographically associate a particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair, wherein the at least one processor to: 

prior to finalizing provision of the new system owner public key as a new system owner root of trust public key (ROTPK), initiate execution of one or more operations to disable or erase specified computing device firmware or specified content, or a combination thereof.

All the limitations of independent claims 1 and 12 are taught by the reference application except for the underlined limitation, which is taught by Ayoub et al (US 20200151335) on [0010, 0026 and 0068-0070] teaches validating the particular firmware key using the new system owner platform ROTPK and provision the firmware in a non-volatile secure storage. One would be motivated to do so in order to prevent, unauthorized access to the firmware upgrade while also verifying and authenticating the integrity and the source of the firmware upgrade (Ayoub on [0004]).
Dependent claims
Current application 17000148
3
4
14
15
Reference application 17511387
3
5
14
16


                                               Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Phan (US 20190149558) in view of Ayoub et al (hereinafter Ayoub) (US 20200151335).

Regarding claim 1 Phan teaches A method, comprising (Phan on [0001] teaches a method and an apparatus for managing the ownership of a mobile device);
 via a processor of a particular computing device, cryptographically associating the particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair associated with a current system owner (Phan on [0152-0155 and 0162- 0173] teaches transferring ownership of IoT device (i.e. equivalent to associating particular computing device with new ownership) from user1 (i.e. current system owner) to user2 (i.e. new system owner) using private key of user1 (i.e. current system owner private key) and public key of user2 (i.e. new system owner public key). See on [0011] teaches transfer the ownership of a device securely and efficiently from a first owner to a second owner. See on [0075] teaches terminal device such as computer or laptop (i.e. equivalent to apparatus having processor));
 wherein the cryptographically associating the particular computing device with the new system owner comprises provisioning the new system owner public key as a platform root of trust public key (ROTPK) for the particular computing device (Phan on [0017] teaches the identifier of the new owner is the public key (ROTPK in view of [0022] ROTPK refers to public part of asymmetric pair of cryptographic keys) belonging to a pair of keys comprising a public key and a private key). See on [0069] teaches a user, which can be identified by its public key (i.e. public key as a root of trust key), as his first primary owner once it is verified that he knows a secret code which is associated to the device. See on [0088] teaches verifying the status of ownership of the device using its public key (i.e. equivalent to public key as root of trust key). See also on [0116] teaches the terminal is provisioned with public/private key pair).
	Although Phan teaches cryptographically associating the particular computing device with the new system owner, but fails to explicitly teach validating the firmware key using the public key after provisioning the public key as root of trust key, however Ayoub from analogous art teaches 
wherein, subsequent to the cryptographically associating the particular computing device with the new system owner, the platform ROTPK to be utilized to validate a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device (Ayoub on [0068-0070] teaches after the embedded device 104 determines that a firmware upgrade is necessary, the embedded device 104 may obtain the encrypted firmware upgrade and/or the encrypted firmware key (308). The embedded device 104 may also receive the server public key and/or the public key certificate (i.e. this process is equivalent to public key as root of trust because public key of server will be utilized to verify the firmware signature and the key). The embedded device 104 may verify the digital signature that the server 102 had used to digitally sign the encrypted firmware upgrade and/or the encrypted firmware key (310). The embedded device 104 may use the server public key to verify the digital signature. By verifying the digital signature, the embedded device 104 verifies that no modifications were made to the firmware upgrade and/or firmware key. See [0010, 0026 and 0035] teaches the embedded device have a memory 110 for storing the firmware, wherein the memory may be non-volatile memory, the memory 110 of embedded device and the memory 126 of controller have similar component and may be encrypted memory).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ayoub into the teaching of Phan by validating the firmware key using the public key of the server and storing the firmware in a secure non-volatile memory. One would be motivated to do so in order to prevent, unauthorized access to the firmware upgrade while also verifying and authenticating the integrity and the source of the firmware upgrade (Ayoub on [0004]).

Regarding claim 12 Phan teaches An apparatus, comprising: (Phan on [0001] teaches a method and an apparatus for managing the ownership of a mobile device);
at least one processor to: cryptographically associate a particular computing device with a new system owner based at least in part on a new system owner public key of a new system owner public/private key pair and a current system owner private key of a current system owner public/private key pair associated with a current system (Phan on [0152-0155 and 0162- 0173] teaches transferring ownership of IoT device (i.e. equivalent to associating particular computing device with new ownership) from user1 (i.e. current system owner) to user2 (i.e. new system owner) using private key of user1 and public key of user2. See on [0011] teaches transfer the ownership of a device securely and efficiently from a first owner to a second owner. See on [0075] teaches terminal device such as computer or laptop (i.e. equivalent to apparatus having processor)).
wherein to cryptographically associate the particular computing device with the new system owner the at least one processor to provision the new system owner public key as a platform root of trust public key (ROTPK) for the particular computing device (Phan on [0017] teaches the identifier of the new owner is the public key (ROTPK in view of [0022] ROTPK refers to public part of asymmetric pair of cryptographic keys) belonging to a pair of keys comprising a public key and a private key). See on [0069] teaches a user, which can be identified by its public key (i.e. public key as a root of trust key), as his first primary owner once it is verified that he knows a secret code which is associated to the device. See on [0088] teaches verifying the status of ownership of the device using its public key (i.e. equivalent to public key as root of trust key). See also on [0116] teaches the terminal is provisioned with public/private key pair).

Although Phan teaches cryptographically associating the particular computing device with the new system owner, but fails to explicitly teach validating the firmware key using the public key after provisioning the public key as root of trust key, however Ayoub from analogous art teaches 
wherein, subsequent to the cryptographically associating the particular computing device with the new system owner, the platform ROTPK to be utilized to validate a particular firmware owner ROTPK in an operation to provision particular firmware in a secure non-volatile storage of the particular computing device (Ayoub on [0068-0070] teaches after the embedded device 104 determines that a firmware upgrade is necessary, the embedded device 104 may obtain the encrypted firmware upgrade and/or the encrypted firmware key (308). The embedded device 104 may also receive the server public key and/or the public key certificate (i.e. this process is equivalent to public key as root of trust because public key of server will be utilized to verify the firmware signature and the key). The embedded device 104 may verify the digital signature that the server 102 had used to digitally sign the encrypted firmware upgrade and/or the encrypted firmware key (310). The embedded device 104 may use the server public key to verify the digital signature. By verifying the digital signature, the embedded device 104 verifies that no modifications were made to the firmware upgrade and/or firmware key. See [0010, 0026 and 0035] teaches the embedded device have a memory 110 for storing the firmware, wherein the memory may be non-volatile memory, the memory 110 of embedded device and the memory 126 of controller have similar component and may be encrypted memory).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ayoub into the teaching of Phan by validating the firmware key using the public key of the server and storing the firmware in a secure non-volatile memory. One would be motivated to do so in order to prevent, unauthorized access to the firmware upgrade while also verifying and authenticating the integrity and the source of the firmware upgrade (Ayoub on [0004]).


Claims 2 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Phan (US 20190149558) in view of Ayoub et al (hereinafter Ayoub) (US 20200151335) and further in view of Thom et al (hereinafter Thom) (US 20190080299).

Regarding claim 2 and 13 the combination of Phan and Ayoub teaches all the limitations of claim 1 and 12 above, the combination fails to explicitly teach wherein the provisioning the new system owner public key as the platform ROTPK comprises replacing a current system owner public key of the current system owner public/private key pair with the new system owner public key as the platform ROTPK, however Thom from analogous art teaches wherein the provisioning the new system owner public key as the platform ROTPK comprises replacing a current system owner public key of the current system owner public/private key pair with the new system owner public key as the platform ROTPK (Thom on [0070 and 0080] teaches replacing 526 the owner public key (previously associated with a public cryptographic key of the transferor entity) with a transfer public cryptographic key of the generated transfer cryptographic key pair).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Thom into the combined teaching of Phan and Ayoub by replacing the current system owner key with new system owner public key. One would be motivated to do so in order securely transfer ownership of the system to a new ownership of the system using public key which replaces the previous public key owned by previous owner (Thom on [0002]).

Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Phan (US 20190149558) in view of Ayoub et al (hereinafter Ayoub) (US 20200151335) and further in view of UR et al (hereinafter UR) (US 20210150527).

Regarding claim 3 and 14  the combination of Phan and Ayoub  teaches all the limitations of claims 1 and 12 above, the combination fails to explicitly teach wherein provisioning the new system owner public key as the platform ROTPK comprises: transmitting the new system owner public key from the particular computing device to a current system owner computing device for signature of the new system owner public key using the current system owner private key and obtaining a signed new system owner public key from the current system owner computing device, however UR from analogous art teaches 
wherein the cryptographically associating the particular computing device with the new system owner comprises: transmitting the new system owner public key from the particular computing device to a current system owner computing device for signature of the new system owner public key using the current system owner private key (UR on [0032-0033, 0074, 0093 and 0160] teaches transmitting the transaction request including a public key of the subsequent owner and being signed by a private key of the current owner);
and obtaining a signed new system owner public key from the current system owner computing device (UR on [0032-0033, 0074, 0093 and 0160] teaches the transaction request may include a public key of the subsequent owner and being signed by a private key of the current owner (i.e. obtaining signed public key)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of UR into the combined teaching of Phan and Ayoub by signing ROTPK using private key. One would be motivated to do so in order to manage transaction between devices while maintaining high level of data security using public key of the system as root of trust key (UR on [0002]). 


Claims 4-6 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Phan (US 20190149558), in view of Ayoub et al (hereinafter Ayoub) (US 20200151335) in view of UR et al (hereinafter UR) (US 20210150527) and further in view of Brown et al (hereinafter Brown) (US 20200296088).
Regarding claim 4 and 15 the combination of Phan, Ayoub and UR teaches all the limitations of claim 3 and 14, UR further teaches verifying the signed new system owner public key against a platform ROTPK associated with the current system owner (UR on [0033] teaches the transaction request may include a public key of the subsequent owner and being signed by a private key of the current owner; authenticating the signature of the current owner, according to a public key of the current owner).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of UR into the combined teaching of Phan by signing ROTPK using private key and verifying the signed public key. One would be motivated to do so in order to manage transaction between devices while maintaining high level of data security using public key of the system as root of trust key (UR on [0002]). 
Although the combination of Phan, Ayoub, UR teaches storing public key in a secure storage but fails to explicitly teach storing the signed new system owner public key in the secure non-volatile storage of the particular computing device, however Brown from analogous art teaches 
storing the signed new system owner public key in the secure non-volatile storage of the particular computing device (Brown on [0040] teaches a remote access controller 220a of a managed IHS 215s may include a secure storage device. In certain embodiments, the secure storage of the remote access controller 220a may be used to store a public key signed by an authority trusted by the remote management console 205).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Brown into the combined teaching of Phan, Ayoub and UR by signing ROTPK using private key and storing the signed public key via trusted authority. One would be motivated to do so in order to perform authentication based on the stored signed public key (Brown on [0004-0005]). 

 Regarding claim 5 and 16 the combination of Phan, Ayoub, UR and Brown teach all the limitations of claim 4 and 15 above, Brown further teaches wherein the in the secure non-volatile storage comprises storing the signed new system owner public key in the secure non-volatile storage via a trust authority service (Brown on [0040] teaches a remote access controller 220a of a managed IHS 215s may include a secure storage device. In certain embodiments, the secure storage of the remote access controller 220a may be used to store a public key certificate signed by an authority trusted by the remote management console 205).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Brown into the combined teaching of Phan, Ayoub and UR by signing ROTPK using private key and storing the signed public key via trusted authority. One would be motivated to do so in order to perform authentication based on the stored signed public key (Brown on [0004-0005]). 
Regarding claim 6 and 17 the combination of Phan, Ayoub, UR and Brown teaches all the limitations of claim 5 and 16 above, Ayoub further teaches further comprising the processor of the particular computing device establishing cryptographic control of the particular computing device firmware in the new system owner via the 3provisioning the new system owner public key as the platform ROTPK for the particular computing device (Ayoub on [0069-0070] teaches the server public key and/or public key certificate is pre-stored or already stored within the embedded device 104. For example, the server public key and/or public key certificate may be pre-installed within the embedded device 104 during manufacturing, provisioning and/or distribution of the embedded device 104. The embedded device 104 may use the server public key to verify the digital signature. By verifying the digital signature, the embedded device 104 verifies that no modifications were made to the firmware upgrade and/or firmware key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ayoub into the teaching of Phan, UR and Brown by validating the firmware key using the public key of the server and storing the firmware in a secure non-volatile memory. One would be motivated to do so in order to prevent, unauthorized access to the firmware upgrade while also verifying and authenticating the integrity and the source of the firmware upgrade (Ayoub on [0004]).

Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Phan (US 20190149558), in view of Ayoub et al (hereinafter Ayoub) (US 20200151335), in view of UR et al (hereinafter UR) (US 20210150527) in view of Brown et al (hereinafter Brown) (US 20200296088) and further in view of Moon et al (hereinafter Moon) (US 20190163910).
 
Regarding claim 7 and 18 the combination of Phan, Ayoub, UR and Brown teaches all the limitation of claim 6 and 17 above, the combination fails to explicitly teach wherein the particular computing device firmware comprises one or more firmware images cryptographically signed by one or more respective firmware owner ROTPKs under one or more respective signing domains, however Moon from analogous art teaches wherein the particular computing device firmware comprises one or more firmware images cryptographically signed by one or more respective firmware owner ROTPKs under one or more respective signing domains (Moon on [0006] teaches signature generation processing unit 333 receives the original firmware image as input data, and generates a firmware signature value using the public key of the authentication key pair, that is an authentication public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Moon into the combined teaching of Phan, Ayoub UR and Brown by signing the firmware image using the public key of public-private key pair. One would be motivated to do so in order to authenticating and validating firmware package by digitally signing the firmware package using public key (Moon on [0005]).

Regarding claim 8 and 19 the combination of Phan, Ayoub, UR, Brown and Moon teaches all the limitations of claim 7 and 18 above Ayoub further teaches wherein the establishing cryptographic control of the particular computing device firmware in the new system owner comprises the processor of the particular computing device: obtaining the one or more respective firmware owner's ROTPKs; and cryptographically signing the one or more respective firmware owner's ROTPKs with a new system owner private key of the new system owner public/private key pair (Ayoub on [0040-0042 and 0058] teaches server 102 may obtain one or more firmware upgrades one or more firmware key and the server private key from the memory 116 and use to the server private key to digitally sign the firmware upgrade and/or the firmware key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ayoub into the combined teaching of Phan, UR and Brown by signing firmware key with private key of the system. One would be motivated to do so in order to prevent, unauthorized access to the firmware upgrade while also verifying and authenticating the integrity and the source of the firmware upgrade (Ayoub on [0004]).

Regarding claim 9 the combination of Phan, Ayoub UR, Brown and Moon teaches all the limitations of claim 7 above, Moon further teaches wherein the one or more firmware images cryptographically signed by the one or more respective firmware owner ROTPKs under the one or more respective signing domains comprises one or more firmware images cryptographically signed by one or more current firmware owner ROTPKs  (Moon on [0006] teaches signature generation processing unit 333 receives the original firmware image as input data, and generates a firmware signature value using the public key of the authentication key pair, that is an authentication public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Moon into the combined teaching of Phan, Ayoub UR and Brown by signing the firmware image using the public key of public-private key pair. One would be motivated to do so in order to authenticating and validating firmware package by digitally signing the firmware package using public key (Moon on [0005]).

Regarding claim 10 the combination of Phan, Ayoub UR, Brown and Moon teaches all the limitations of claim 9 above, Ayoub further teaches further comprising the processor of the particular computing device: obtaining a new firmware owner ROTPK from a new firmware owner computing device; and cryptographically signing the new firmware owner ROTPK with the new system owner private key (Ayoub on [0058] teaches server 102 may obtain the server private key from the memory 116 and use to the server private key to digitally sign the firmware upgrade and/or the firmware key. Further teaches one or more firmware upgrade signed by the server. See on [0040-0042] teaches one or more firmware upgrades and one or more firmware keys digitally signed by the server).
The motivation for combination is same as set forth above in claim 8.

Regarding claim 11 the combination of Phan, Ayoub UR, Brown and Moon teaches all the limitations of claim 10 above, Ayoub further teaches further comprising the processor of the particular computing device: verifying the signed new firmware owner ROTPK against platform ROTPK; and - 91 -Docket No.: 252.P144/P06359US.family storing the signed new firmware owner ROTPK in a key database in the secure non-volatile storage of the particular computing device (Ayoub on [0058] teaches the server 102 may obtain the server private key from the memory 116 and use to the server private key to digitally sign the firmware upgrade and/or the firmware key, the digital signature may be verified to ensure that the firmware upgrade and/or the firmware key have not been modified and that the source of the firmware upgrade and/or the firmware key is the server. See on [0010, 0026, 0035 and 0040] teaches the embedded device have a memory 110 for storing the firmware, wherein the memory may be non-volatile memory, the memory 110 of embedded device and the memory 126 of controller have similar component and may be encrypted memory).
The motivation for combination is same as set forth above in claim 8.

Regarding claim 20 the combination of Phan, Ayoub UR, Brown and Moon teaches all the limitations of claim 19 above, Ayoub further teaches wherein the at least one process further to: obtain a new firmware owner ROTPK from a new firmware owner computing device; cryptographically sign the new firmware owner ROTPK with the new system owner private key; verify the signed new firmware owner ROTPK against platform ROTPK; and store the signed new firmware owner ROTPK in a key database in the secure non-volatile storage of the particular computing device  (Ayoub on [0058] teaches the server 102 may obtain the server private key from the memory 116 and use to the server private key to digitally sign the firmware upgrade and/or the firmware key, the digital signature may be verified to ensure that the firmware upgrade and/or the firmware key have not been modified and that the source of the firmware upgrade and/or the firmware key is the server. See on [0010, 0026, 0035 and 0040] teaches the embedded device have a memory 110 for storing the firmware, wherein the memory may be non-volatile memory, the memory 110 of embedded device and the memory 126 of controller have similar component and may be encrypted memory).
The motivation for combination is same as set forth above in claim 19.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Samuel et al (US 20200097658) is directed towards a boot process of a computing device may be initiated. The computing device may include a plurality of hardware components. The process may select a component of the plurality of hardware components, read a firmware of the component, calculate a measurement (e.g., hash) of the firmware, and perform a comparison of the measurement with a pre-determined measurement stored in a table of approved firmware. The table may be stored in a basic input output system (BIOS) of the computing device.
Gulati et al (US 10673638) is directed towards secure programming system can receive a job control package having a security kernel and a target payload of content for programming into a pre-defined set of trusted devices. A device programmer can install a security kernel on the trusted devices and reboot the trusted devices using the security kernel to validate the proper operation of the security kernel. The target payload can then be securely installed on the trusted devices and validated.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MOEEN KHAN/Examiner, Art Unit 2436