DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1 and 5-7 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1 and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox et al. (US 2009/0359854) in view Mantyla (CN 102640160), and Iizyka et al. (US 20040193763)
Regarding claim 1, Cox teaches
An embedded device comprising a special-purpose computing system, 
firmware memory for storing firmware of the device and (Fig. 1 ((114 –secure boot code) or (144 – less secure boot code)), Figs. 4B and 5, “Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code” and [0071-72], “downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.). …  step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).)
a bootloader for verifying the integrity and authenticity of 5the firmware, whereas the bootloader checks a firmware hash against a verified reference hash, wherein the reference hash is stored in a write-once register (Fig. 1, (A/O register 112), [0038], “read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).”), which is part of an always on power domain of the embedded device. ([0078], “reading data from always-on (A/O) registers (e.g., 112). … Additionally, in one embodiment, the data may include a fingerprint (e.g., a non-secure hash value for the restart code, a secure hash value for the restart code, etc.) or other information about the restart code.” And [0081], “Step 840 involves authenticating the restart code. The restart code may be validated or authenticated by computing a non-secure hash or digest of the restart code stored on the peripheral. If the hash or digest matches the fingerprint accessed from the A/O register (e.g., 112) in step 810, then the restart code may be executed”)
wherein the write-once register is locked automatically and protected against manipulation once after programming. ([0038], “Additionally, read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).” And [0057], “step 450 involves limiting access to secure information (e.g., secret key (e.g., SBK 330), secure key (SSK), information used to generate the secure key, etc.). Such access may be limited by setting a "sticky" or persistent bit corresponding to a register (e.g., A/O registers 112)” where setting the sticky/persistent bit is automatically locking the register, thereby locking the register and protecting it.)
Cox does not teach but Mantyla teaches
wherein the bootloader checking the firmware hash against the verified reference hash comprises: the bootloader verifying a reference hash of a firmware image with a stored digital signature algorithm public root key, storing the verified reference hash in the write-once register, and calculating the firmware hash and compares it against the verified reference hash. ([0081], “verifier function 40 may be one module of the kernel 14, and it can be used for encrypted Hash calculation files (such as by using SHA-1). Hash reference is stored in the protected memory 42, and for the application identity (path name) bound on the executable file. when the new application program appears, the verifier function 40 calculates reference Hash of the application program, using the private key of the verification device to sign it and stores it in the memory 42. before the application program operation, retrieving the signature from the memory 42 reference Hash calculated validating function 40 Hash application binary 46, and the result is retrieved from the protected memory 42 reference Hash is compared.”)
Cox and Mantyla are analogous art. Mantyla is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Mantyla, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox to make compare a hash against a verified reference hash to determine if the new hash is legitimate.  Furthermore, being able to compare a hash against a verified secure hash improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Cox teaches an always-on locked register (“write-once” register) which stores a reference hash but does not teach that the hash is the same size as the hash. Mantyla teaches that a reference hash in stored in a protected memory may be a SHA-1 algorithm [0081]. Cox and Mantyla do not teach that the “write-once” register is the same size as the reference hash. Iizyka teaches that the register is the same size as the reference hash when using SHA-1. Iizyka teaches
wherein the write-once register has a same size as the verified reference hash; ([0359], “A hash value obtained as computation result data or processed data is stored in a 160-bit hash value storage register in the hash function processing circuit 330. Then, when the computation is completed, the hash value is passed from the hash value storage register to the CPU 301. In the second embodiment, SHA1 processing is executed as hash processing.” And [0390], “the hash value storage register 331 is comprised of five 32-bit registers and capable of storing 160-bit data in total.”)
Cox, Mantyla, and Iizyka are analogous art. Iizyka is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Iizyka, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox, and Mantyla to make the always on register a write-once register the same size as the hash.  Furthermore, being able to make the register the same size as the hash improves on Cox by being able to optimize/minimize the size of the register. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to minimize the size of the register.
Regarding claim 5, Cox teaches wherein at the power-on reset the 15bootloader starts executing, locates a firmware image and verifies a reference hash of the firmware image with a stored digital signature algorithm public root key, whereas the verified reference hash is stored in the write-once register and then the bootloader calculates a firmware hash of the firmware image and compares it against the verified reference hash, whereas the bootloader executes the firmware if hash values match otherwise an error state is 20indicated. (Figs. 4-9 (cold boot flow), [0071], “Step 540 involves downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.) … step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).” [0089], “Step 970 involves decrypting the less-secure boot code and/or authenticating the less-secure boot code using the SBK (e.g., 330). The SBK may be accessed from secure portion 310 of fuses 300, from key slot 210 of secure encryption engine 118, from an A/O register (e.g., 112) of device 110, etc. In one embodiment, once the less-secure boot code (e.g., 155) is decrypted (e.g., by secure encryption engine 118), it may be authenticated or validated by comparing a calculated hash or digest (e.g., calculated by engine 118 or another component of system 100) with the hash or digest associated with the less-secure boot code accessed in step 950.”)

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox in view of Mantyla, Bulusu et al (US 20190179628), and Iizyka.
Regarding claim 6, Cox’s system teaches the software reset/cold reset where updates occur and the A/O register (write-once) can be updated during the system/cold reset. 
An embedded device comprising a special-purpose computing system, 
firmware memory for storing firmware of the device and (Fig. 1 ((114 –secure boot code) or (144 – less secure boot code)), Figs. 4B and 5, “Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code” and [0071-72], “downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.). …  step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).)
and a bootloader for verifying the integrity and authenticity of 5the firmware, whereas the bootloader checks a firmware hash against a verified reference hash, wherein the reference hash is stored in a write-once register, which is part of an always on power domain of the embedded device; (Fig. 1, (A/O register 112), [0038], “read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).”), which is part of an always on power domain of the embedded device. ([0078], “reading data from always-on (A/O) registers (e.g., 112). … Additionally, in one embodiment, the data may include a fingerprint (e.g., a non-secure hash value for the restart code, a secure hash value for the restart code, etc.) or other information about the restart code.” And [0081], “Step 840 involves authenticating the restart code. The restart code may be validated or authenticated by computing a non-secure hash or digest of the restart code stored on the peripheral. If the hash or digest matches the fingerprint accessed from the A/O register (e.g., 112) in step 810, then the restart code may be executed”)
wherein the write-once register is locked automatically and protected against manipulation once after programming. ([0038], “Additionally, read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).” And [0057], “step 450 involves limiting access to secure information (e.g., secret key (e.g., SBK 330), secure key (SSK), information used to generate the secure key, etc.). Such access may be limited by setting a "sticky" or persistent bit corresponding to a register (e.g., A/O registers 112)” where setting the sticky/persistent bit is automatically locking the register, thereby locking the register and protecting it.)
wherein the write-once register is accessed at a software reset; wherein at a software reset the bootloader starts executing, triggers a ROM bootloader to select a new firmware image, locates the new firmware image and verifies a new reference hash of the new firmware image with a stored digital signature algorithm public root key, whereas the new reference hash is stored in the write-once register and then the bootloaderPage 9 of 13LPTF2568CNPCTUSP201957978 calculates a firmware hash of the new firmware image and compares it against the new reference hash, whereas the bootloader executes new firmware if hash values match otherwise an error state is indicated. (Figs. 4 and 9, [0032], “a key stored in another portion of system 100 (e.g., stored within always on (A/O) registers 112 of A/O domain 111 and accessed in response to a reset of system 100), etc.”, [0038], “ information may be temporarily or permanently moved to A/O domain 111 (e.g., stored within A/O registers 112) so that it is not lost during a reduction or termination of power to at least one component in domain 160 (e.g., during a reset”, [0048], “step 430 involves determining whether a warm boot state is set. … Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code, changing the supply potential of one or more components in the controllable supply potential domain 160, etc.).”, [0056], “in step 435 that a force recovery mode state is not set, then cold boot operations may be performed in step 440. For example, less-secure boot code (e.g., 155) may be read, decrypted, authenticated, some combination thereof, etc. in step 440 to implement a secure chain of trust (e.g., from the execution of secure boot code 114 in the secure boot mode to the execution of less-secure boot code 155 in the less-secure boot mode) for device 110 and/or system 100. Additionally, the secure key (e.g., SSK) may be calculated and/or generated as a cold boot operation in step 440. Cold boot operations may be performed in response to a power-on of device 110 and/or system 100 in one embodiment.” and [0089], “Step 970 involves decrypting the less-secure boot code and/or authenticating the less-secure boot code using the SBK (e.g., 330). The SBK may be accessed from secure portion 310 of fuses 300, from key slot 210 of secure encryption engine 118, from an A/O register (e.g., 112) of device 110, etc. In one embodiment, once the less-secure boot code (e.g., 155) is decrypted (e.g., by secure encryption engine 118), it may be authenticated or validated by comparing a calculated hash or digest (e.g., calculated by engine 118 or another component of system 100) with the hash or digest associated with the less-secure boot code accessed in step 950.”)
Cox does not teach but Mantyla teaches
wherein the bootloader checking the firmware hash against the verified reference hash comprises: the bootloader verifying a reference hash of a firmware image with a stored digital signature algorithm public root key, storing the verified reference hash in the write-once register, and calculating the firmware hash and compares it against the verified reference hash. ([0081], “verifier function 40 may be one module of the kernel 14, and it can be used for encrypted Hash calculation files (such as by using SHA-1). Hash reference is stored in the protected memory 42, and for the application identity (path name) bound on the executable file. when the new application program appears, the verifier function 40 calculates reference Hash of the application program, using the private key of the verification device to sign it and stores it in the memory 42. before the application program operation, retrieving the signature from the memory 42 reference Hash calculated validating function 40 Hash application binary 46, and the result is retrieved from the protected memory 42 reference Hash is compared.”)
Cox and Mantyla are analogous art. Mantyla is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Mantyla, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox to make compare a hash against a verified reference hash to determine if the new hash is legitimate.  Furthermore, being able to compare a hash against a verified secure hash improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Cox and Mantyla teach updating firmware during a warm reboot/software reboot but do not explicitly selecting a new firmware image. Bulusu teaches
triggers a ROM bootloader to select a new firmware image, (Fig. 3, [0048-49], “At block 310, the method 300 includes performing a warm reboot of the computing system 100 to apply the at least one update from the secondary non-volatile memory 104-2 to the BIOS firmware. In an example, the warm reboot causes the OS of the computing system 100 to restart while preserving data stored in the memory 104 of the computing system 100. During the warm reboot, the firmware manager 112 may confirm that the updates available in the secondary non-volatile memory 104-2 are authentic and do not include any malicious code. To do so, the firmware manager 112 may employ various authentication techniques such as, for example, a public-private key pair, to verify the authentication of the updates. Upon successful verification of the authentication of the updates, the firmware manager 112 may shadow an updated BIOS firmware from the secondary non-volatile memory 104-2 of the computing system 100. On the other hand, upon unsuccessful authentication of the updates, the firmware manager 112 may shadow the BIOS firmware from the primary non-volatile memory 104-1, such as the SPI memory of the computing system 100.”)
Bulusu, Cox and Mantyla are analogous art. Bulusu is cited to teach a similar concept of verification during a firmware update.  Based on Bulusu, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox and Mantyla to select, verify, and apply the firmware update during a warm boot.  Furthermore, being able to select, verify, and apply the firmware update during a warm boot improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Cox teaches an always-on locked register (“write-once” register) which stores a reference hash but does not teach that the hash is the same size as the hash. Mantyla teaches that a reference hash in stored in a protected memory may be a SHA-1 algorithm [0081]. Cox and Mantyla do not teach that the “write-once” register is the same size as the reference hash. Iizyka teaches that the register is the same size as the reference hash when using SHA-1. Iizyka teaches
wherein the write-once register has a same size as the verified reference hash; ([0359], “A hash value obtained as computation result data or processed data is stored in a 160-bit hash value storage register in the hash function processing circuit 330. Then, when the computation is completed, the hash value is passed from the hash value storage register to the CPU 301. In the second embodiment, SHA1 processing is executed as hash processing.” And [0390], “the hash value storage register 331 is comprised of five 32-bit registers and capable of storing 160-bit data in total.”)
Cox, Mantyla, and Iizyka are analogous art. Iizyka is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Iizyka, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox, and Mantyla to make the always on register a write-once register the same size as the hash.  Furthermore, being able to make the register the same size as the hash improves on Cox by being able to optimize/minimize the size of the register. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to minimize the size of the register.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cox in view of Mantyla, Iizyka, and Walmsley (US 20090319802).
Regarding claim 7, Cox teaches
An embedded device comprising a special-purpose computing system, 
firmware memory for storing firmware of the device and (Fig. 1 ((114 –secure boot code) or (144 – less secure boot code)), Figs. 4B and 5, “Device 110 and/or system 100 may be in a warm boot state in response to a reboot of device 110 and/or system 100 (e.g., in response to performing a recovery operation, loading new or updating secure boot code, loading new or updating less-secure boot code” and [0071-72], “downloading data from the one or more components. The data may include new or updated boot code (e.g., secure boot code 114, less-secure boot code 155, etc.). …  step 550 involves authenticating the downloaded data. The data may be authenticated using a secret key (e.g., SBK 330), a secure key, or the like. Additionally, the data may be authenticated and/or otherwise processed (e.g., decrypted, encrypted, etc.) in a secure environment (e.g., within secure encryption engine 118).)
a bootloader for verifying the integrity and authenticity of 5the firmware, whereas the bootloader checks a firmware hash against a verified reference hash, wherein the reference hash is stored in a write-once register (Fig. 1, (A/O register 112), [0038], “read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).”), which is part of an always on power domain of the embedded device. ([0078], “reading data from always-on (A/O) registers (e.g., 112). … Additionally, in one embodiment, the data may include a fingerprint (e.g., a non-secure hash value for the restart code, a secure hash value for the restart code, etc.) or other information about the restart code.” And [0081], “Step 840 involves authenticating the restart code. The restart code may be validated or authenticated by computing a non-secure hash or digest of the restart code stored on the peripheral. If the hash or digest matches the fingerprint accessed from the A/O register (e.g., 112) in step 810, then the restart code may be executed”)
wherein the write-once register is locked automatically and protected against manipulation once after programming. ([0038], “Additionally, read access and/or write access to A/O registers 112 may be limited (e.g., individually or in groups) by setting "sticky" or persistent bits, where the sticky bits may also reside within the A/O domain (e.g., 111).” And [0057], “step 450 involves limiting access to secure information (e.g., secret key (e.g., SBK 330), secure key (SSK), information used to generate the secure key, etc.). Such access may be limited by setting a "sticky" or persistent bit corresponding to a register (e.g., A/O registers 112)” where setting the sticky/persistent bit is automatically locking the register, thereby locking the register and protecting it.)
Cox does not teach but Mantyla teaches
wherein the bootloader checking the firmware hash against the verified reference hash comprises: the bootloader verifying a reference hash of a firmware image with a stored digital signature algorithm public root key, storing the verified reference hash in the write-once register, and calculating the firmware hash and compares it against the verified reference hash. ([0081], “verifier function 40 may be one module of the kernel 14, and it can be used for encrypted Hash calculation files (such as by using SHA-1). Hash reference is stored in the protected memory 42, and for the application identity (path name) bound on the executable file. when the new application program appears, the verifier function 40 calculates reference Hash of the application program, using the private key of the verification device to sign it and stores it in the memory 42. before the application program operation, retrieving the signature from the memory 42 reference Hash calculated validating function 40 Hash application binary 46, and the result is retrieved from the protected memory 42 reference Hash is compared.”)
Cox and Mantyla are analogous art. Mantyla is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Mantyla, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox to make compare a hash against a verified reference hash to determine if the new hash is legitimate.  Furthermore, being able to compare a hash against a verified secure hash improves on Cox by being able to provide additional security to firmware updates. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to make firmware updates secure.
Cox teaches an always-on locked register (“write-once” register) which stores a reference hash but does not teach that the hash is the same size as the hash. Mantyla teaches that a reference hash in stored in a protected memory may be a SHA-1 algorithm [0081]. Cox and Mantyla do not teach that the “write-once” register is the same size as the reference hash. Iizyka teaches that the register is the same size as the reference hash when using SHA-1. Iizyka teaches
wherein the write-once register has a same size as the verified reference hash; ([0359], “A hash value obtained as computation result data or processed data is stored in a 160-bit hash value storage register in the hash function processing circuit 330. Then, when the computation is completed, the hash value is passed from the hash value storage register to the CPU 301. In the second embodiment, SHA1 processing is executed as hash processing.” And [0390], “the hash value storage register 331 is comprised of five 32-bit registers and capable of storing 160-bit data in total.”)
Cox, Mantyla, and Iizyka are analogous art. Iizyka is cited to teach a similar concept of creating/storing hashes for security purposes.  Based on Iizyka, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox, and Mantyla to make the always on register a write-once register the same size as the hash.  Furthermore, being able to make the register the same size as the hash improves on Cox by being able to optimize/minimize the size of the register. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to minimize the size of the register.
Cox and Kennedy teach restarting the system but not specifically from a sleep state of the device. 
They do not teach but Walmsley teaches 
wherein the verified reference hash is stored in the write-once register over sleep cycles of the embedded device; ([0182], “In order to reduce the wakeup boot time (and hence the perceived print latency) certain data items are stored in the PSS block. These data items include the SHA-1 hash digest expected for the program(s) to be downloaded, the master/slave SoPEC id and some configuration parameters. All of these data items are stored in the PSS by the CPU prior to entering sleep mode. The SHA-1 value stored in the PSS is calculated by the CPU by decrypting the signature of the downloaded program using the appropriate public key stored in ROM. This compute intensive decryption only needs to take place once as part of the power-on boot sequence--subsequent wakeup boot sequences will simply use the resulting SHA-1 digest stored in the PSS. Note that the digest only needs to be stored in the PSS before entering sleep mode”)
wherein at a wakeup from sleep of the 5embedded device the bootloader starts executing, loads the verified reference hash from the write-once register and then the bootloader calculates a firmware hash of the firmware image and compares it against the verified reference hash that stored in the write-once register, whereas the bootloader executes the firmware if hash values match otherwise an error state is indicated. ([0140-145], “Wakeup describes SoPEC recovery from sleep mode with the SCB and power-safe storage (PSS) still enabled. In a single SoPEC system, wakeup can be initiated following a USB reset from the SCB.  A typical USB wakeup sequence is: 1) Execute reset sequence for sections of SoPEC in sleep mode. 2) CPU boot from ROM, if CPU-subsystem was in sleep mode. 3) Basic configuration of CPU peripherals and DIU, and DRAM initialisation, if required. 4) Download and authentication of program using results in Power-Safe Storage (PSS).”)
Walmsley, Cox, Mantyla, and Iizyka, are analogous art. Walmsley is cited to teach a similar concept of hashes for security purposes in always on memory while waking from a sleep mode.  Based on Walmsley, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Cox, Mantyla, and Iizyka to use the always on register only hashes to authenticate firmware during a wake from sleep.  Furthermore, being able to use the always on register when waking from a sleep mode improves on Cox and Kennedy by being able to reduce the wake-up time. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “[i]n order to reduce the wakeup boot time … certain data items are stored in the PSS block. … The SHA-1 value stored in the PSS is calculated by the CPU by decrypting the signature of the downloaded program using the appropriate public key stored in ROM. This compute intensive decryption only needs to take place once as part of the power-on boot sequence--subsequent wakeup boot sequences will simply use the resulting SHA-1 digest stored in the PSS.”

Response to Arguments
Applicant's arguments filed 06/21/2022 have been fully considered but they are not persuasive. The Applicant argues multiple points regarding claim 1. First, the Applicant argues that Cox does not teach the write-once register has a same size as the verified reference hash that is because Iizyka is used to teach this concept. It is then argued that Datta also, does not teach this concept or a verified reference hash. Datta is no longer used in the rejection and therefore these arguments are moot. The Applicant acknowledges that Mantyla teaches the key concepts of verifying a reference hash, with a public key, the verified reference hash is stored in a protected memory, and the that the firmware hash is calculated and compared with the verified reference hash on pg. 13 of the Applicant’s Arguments from 02/01/2022. The Applicant argues that Mantyla does not teach a write-once memory and therefore fails to teach the limitations. The Examiner uses Cox to teach the write-once register and Mantyla to teach the other concepts in the limitations.  Mantyla’s protected memory is a broad term and could be as interpreted as a write-once register.  Therefore, it is reasonable to combine Cox’s write-once register which stores a secure hash with Mantyla’s verified reference hash stored in a protected memory to teach the amended limitations. Additionally, the Applicant argues that Mantyla does not teach the write-once register has a same size as the verified reference hash that is because Iizyka is used to teach this concept. These arguments are not persuasive.
The Applicant argues that there is “no need or motivation” to combine Iizyka with Cox and Mantyla. The Examiner disagrees. Both Iizyka and Mantyla teach using a SHA-1 hash which has a size of 160 bits. Iizyka teaches that the register size is the same size as the SHA-1 hash. Mantyla teaches that the reference hash size would be 160 bits because it uses and SHA-1 hash algorithm. Cox teaches the always-on register used to store hashes. Cox also teaches that there are multiple always-on registers which can be used for many other purposes but these registers do not affect the size of the always-on register used for storing the hashes. For design purposes, the size of the register must be determined. Both Iizyka and Mantyla provide good reasons for the size of the register containing a hash being 160 bits. The motivation to combine is that it is efficient to set the size of a register only as large as it is needed otherwise space is being wasted in the system. The Applicant also mentions that Cox provides a contrary teaching but does not cite a paragraph. The Examiner was unable to find this teaching which makes that argument moot. Therefore, the argument there is no need or motivation to combine is not persuasive.  Additionally, the Applicant argues “after the size of the verified reference has is determined the size of the write-once register is determined”.  This language is not claimed. The claim language states “the write-once register has a same size as the verified reference hash” which has a different meaning. Nowhere in either the specification or the claim language does “determine” the register size occur. This argument is not persuasive. 
Applicant’s arguments, see pg. 9, filed 06/21/2022, with respect to the rejection(s) of claim(s) 6 under U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Cox, Mantyla, Bulusu, and Iizyka.
Applicant’s arguments, see pg. 9, filed 06/21/2022, with respect to the rejection(s) of claim(s) 6 under U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Cox, Mantyla, Iizyka, and Walmsley.
Applicant's arguments filed 06/21/2022 have been fully considered but they are not persuasive. The Applicant argues multiple points regarding claim 7. The Applicant argues that similar points as claim 1 related to Cox, please refer to the arguments relating to claim 1 above as they are the same arguments and are not persuasive. Kennedy is no longer used as a prior art reference; therefore the arguments are moot related to Kennedy. 
The Applicant argues that Walmsley does not teach “wherein the verified reference hash is stored in the write-once register over sleep cycles of the embedded device;”. The Examiner disagrees. In Walmsley, the PSS is equivalent to the always on register of Cox which holds the verified reference hash.  It remains powered while a portion of the system is powered down when in sleep mode. The claim limitations recite that the hash is stored in the write-once always on register “over the sleep cycles”. This action is precisely what Walmsley teaches in paragraph [0182], “subsequent wakeup boot sequences will simply use the resulting SHA-1 digest stored in the PSS. Note that the digest only needs to be stored in the PSS before entering sleep mode”. In other words, the hash is stored before sleep mode (i.e. it is stored “over the sleep cycles”. The Applicants argument is not persuasive and the claim remains rejected.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468. The examiner can normally be reached Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        September 22, 2022

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187