DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-16 are pending.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

2.	Claim(s) 1-16 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kreft [US 20190140852].
As per claim 1:	Kreft teach a firmware security verification device, comprising: 
a processor, and a read-only memory for storing processor executable instructions, which when executed by the processor, cause the processor to: 
acquire firmware data and a digital signature; [Kreft: para 0182; providing security in an autonomously and self-reliant in unfriendly environments. Such a system is considered as general suitable to protect cryptographic artifacts like keys for AES, ECC, or HASHes, digital signatures in certificates, and special algorithms or business logic coded in firmware which has to be executed in a secured and controlled environment and other IP based arbitrary data. See also para 0217-0218, 0259, 0305]
verify the digital signature with a pre-stored public key; and [Kreft: para 0068; a signature can be applied to a bit-string (representing the data record/message to be signed) by using a hash function to calculate a hash value of the bit-string and to encrypt the hash value using a private signing key of the signing party. The encrypted hash value forms the so-called signature of the bit-string. Authenticity of the bit-string can be verified by a party by freshly calculating the hash value of the bit-string using the same hash function as used in signing the bit-string, and comparing the freshly generated hash value with the decrypted hash value of the signature—if the hash values match each other, the bit-string has not been altered. For decryption of the encrypted hash value (i.e. the signature), the counterpart public key of the private signing key of the signing party is used. More examples of various types of signature verification on para 0070-0071, 0092, 0172, 0204-0213, 0230, 0239]
in the case of determining that the digital signature passes the verification, run the firmware data. [Kreft: para 0224-0230; verification of the entity block's integrity of the other software module's integrity protected entity block and execution of the other software module's entity block, only in case the integrity of the other software module's entity block is verified successfully. Further, an example of verification of the public keys signed by a Root Certification Authority using a private signing key (part) of a signing key-pair, the public key of which is provided immune against counterfeit in the hardware to execute the software module]
Claim 2:  Kreft: para 0206, 0215; discussing the firmware security verification device of claim 1, further comprising a one-time programmable memory, the one-time programmable memory is configured to store the public key.
Claim 3:  Kreft: para 0266 [CASTOR may further include power management circuitry, also includes a volatile and non-volatile Random Access Memory (RAM), e.g. an SRAM, DRAM, EEPROM, FLASH, MRAM, PCRAM, PRAM]; discussing the firmware security verification device of claim 2, wherein the one-time programmable memory is further configured to store processor executable instructions, the processor is configured to execute the instructions to: in the case of monitoring that the processor receives a power supply or receives new firmware data, start execution of the instructions stored in the read-only memory.
Claim 4:  Kreft: para 0265-0266, 0269; discussing the firmware security verification device of claim 1, wherein acquiring the firmware data and the digital signature for public key by the processor includes: reading the firmware data and the digital signature from a programmable read-only memory, wherein the programmable read-only memory is electrically connected to the processor.
Claim 5:  Kreft: para 0070-0071, 0328; discussing the firmware security verification device of claim 1, wherein verifying the digital signature for public key by the processor with the pre-stored public key includes: acquiring the public key used for verifying the digital signature; in the case of determining that the public key used for verifying the digital signature matches the pre-stored public key, determining a digital signature to be verified according to the firmware data and the public key; and in the case of determining that the digital signature to be verified matches the digital signature, determining that the digital signature passes the verification.
Claim 6:  Kreft: para 0290; discussing the firmware security verification device of claim 1, wherein verifying the digital signature by the processor with the pre-stored public key includes: determining an encryption algorithm used to generate the digital signature; performing a self-test on the encryption algorithm; and in the case of determining that a result from the self-test is correct, verifying the digital signature with the pre-stored public key.
Claim 7:  Kreft: para 0252-0256, 0269; discussing the firmware security verification device of claim 1, wherein before acquiring the firmware data and the digital signature, the processor is further configured to: turn off physical interfaces with debug functions on the processor.
Claim 8:  Kreft: para 0316, 0579; discussing the firmware security verification device of claim 1, wherein the firmware data includes data for a new firmware or upgrading data for an original firmware.
As per claim 9:	Kreft teach a firmware security verification method, comprising: 
acquiring firmware data and a digital signature; [Kreft: para 0182; providing security in an autonomously and self-reliant in unfriendly environments. Such a system is considered as general suitable to protect cryptographic artifacts like keys for AES, ECC, or HASHes, digital signatures in certificates, and special algorithms or business logic coded in firmware which has to be executed in a secured and controlled environment and other IP based arbitrary data. See also para 0217-0218, 0259, 0305] 
verifying the digital signature with a pre-stored public key; and [Kreft: para 0068; a signature can be applied to a bit-string (representing the data record/message to be signed) by using a hash function to calculate a hash value of the bit-string and to encrypt the hash value using a private signing key of the signing party. The encrypted hash value forms the so-called signature of the bit-string. Authenticity of the bit-string can be verified by a party by freshly calculating the hash value of the bit-string using the same hash function as used in signing the bit-string, and comparing the freshly generated hash value with the decrypted hash value of the signature—if the hash values match each other, the bit-string has not been altered. For decryption of the encrypted hash value (i.e. the signature), the counterpart public key of the private signing key of the signing party is used. More examples of various types of signature verification on para 0070-0071, 0092, 0172, 0204-0213, 0230, 0239]
in the case of determining that the digital signature passes the verification, running the firmware data. [Kreft: para 0224-0230; verification of the entity block's integrity of the other software module's integrity protected entity block and execution of the other software module's entity block, only in case the integrity of the other software module's entity block is verified successfully. Further, an example of verification of the public keys signed by a Root Certification Authority using a private signing key (part) of a signing key-pair, the public key of which is provided immune against counterfeit in the hardware to execute the software module]

Claim 10:  Kreft: para 0265-0266, 0269; discussing the firmware security verification method of claim 9, wherein acquiring the firmware data and the digital signature for public key includes: reading the firmware data and the digital signature from a programmable read-only memory.
Claim 11:  Kreft: para 0070-0071, 0328; discussing the firmware security verification method of claim 9, wherein verifying the digital signature for public key with the pre-stored public key includes: acquiring the public key used for verifying the digital signature; in the case that the public key used for verifying the digital signature matches the pre-stored public key, determining a digital signature to be verified according to the firmware data and the public key; and in the case of determining that the digital signature to be verified matches the digital signature, determining that the digital signature passes the verification.
As per claim 12:	Kreft teach a firmware data encryption method, comprising:
encrypting firmware data, a public key and a private key with an asymmetrical encryption algorithm to generate a digital signature; and [Kreft: para 0182; providing security in an autonomously and self-reliant in unfriendly environments suitable to protect cryptographic artifacts like keys for AES, ECC, or HASHes, digital signatures in certificates, and special algorithms or business logic coded in firmware which has to be executed in a secured and controlled environment. See also para 0217-0218, 0259] 
sending the firmware data, the public key, and the digital signature. [Kreft: para 0239; obtaining a certificate comprising one or more public keys, wherein the one or more public keys are signed by a Root Certification Authority using a signing key-pair's private signing key. See also para 0326, 0331]
Claim 13:  Kreft: para 0182-0183, 0218; discussing the data encryption method of claim 12, wherein encrypting the firmware data, the public key and the private key with the asymmetrical encryption algorithm to generate the digital signature includes: encrypting the firmware data to generate encrypted firmware data; encrypting a user identification, elliptic curve parameters and the public key to generate a first intermediate value; encrypting the encrypted firmware data and the first intermediate value to generate a second intermediate value; and encrypting the second intermediate value and the private key to generate the digital signature. [Kreft: para 00326-0328; To validate the TRUSTLET, the bootstrapping chip/device is first using the counterpart public key to the RCA's private key for encryption to decrypt the random key which has been used previously to encrypt (i.e. second encryption) the entity block and its digital signature]
Claim 14:  Kreft: para 0088; discussing a firmware data encryption device, comprising: a processor and a memory for storing processor executable instructions, while executing the instructions, the processor is configured to perform the method of claim 12.
Claim 15:  Kreft: para 0043; discussing a non-transient computer read-only storage medium, when instructions in the storage medium are executed by a processor, the instructions cause the processor to perform the method of claim 9.
Claim 16:  Kreft: para 0114, 0182; discussing an electronic apparatus, comprising the firmware security verification device of claim 1.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435