DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1-3, 5, 7-18, and 20 are pending.
The U.S.C. 101 rejections have been corrected and the rejections are withdrawn.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 5, 7 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hursti (US 20140195804) in view of Hofstee et al. (US 20070179904)

Regarding claim 1, Hursti teaches
A verification extension method for a device, the method comprising: 
obtaining, in response to a request to verify a signature associated with first data, an asymmetric verifier application from off-device storage; ([0015], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 using techniques such as a digital signature, challenge-response handshake, client-side key verification, and/or other possible techniques.”, and ([0028-29], “the client device 106 may provide the dispatch service 121 with a service request … In response to the service request, the dispatch service 121 may deliver the cryptographic application 131 via the network 109.”)
loading the asymmetric verifier application obtained from the off-device storage; ([0028-29], “the client device 106 may provide the dispatch service 121 with a service request …In response to the service request, the dispatch service 121 may deliver the cryptographic application 131 via the network 109. In response to obtaining the cryptographic application 131 through the browser 161 or other client application, execution of the cryptographic application 131”)
verifying, using the asymmetric verifier application, the signature associated with the first data using asymmetric-key cryptography. ([0030], “the cryptographic application 131 will manipulate one or more public keys 135 encoded in the JavaScript.RTM. Object Notation (JSON) Web Key (JWK) format, and the communications between the client device 106 and the computing environment 103 will then be integrity protected using the digital signatures” and [0031], “After the cryptographic application 131 verifies the integrity of the virtual machine 163 and/or the client device 106, the cryptographic application 131 may then retrieve the remaining functions, modules, components, functions and/or portions of the cryptographic application 131 from the computing environment 103 necessary for complete operation of the cryptographic application 131. The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)
Hursti teaches a verification application loaded from an external device but does not specifically teach verifying the verifier application before executing the application.
Hofstee teaches
prior to executing the asymmetric verifier application, verifying the asymmetric verifier application using a first hashing function and an initial asymmetric verifier application hash retrieved from on-device storage; (Figs. 3-5, [0064], “The authentication core key in the core key(s) 240, as well as other authentication security keys discussed hereafter, only need to be randomly generated for a symmetric key cryptographic algorithm for example. By using a cryptographic hash value as the authentication check, modified software cannot be authenticated using the same hash value. Thus, for example, any change to the loader module will cause a different hash value to be generated. Therefore, when the authentication mechanism 255 generates a hash value based on a modified loader module, it will not match the hash value attached with the loader module and the authentication mechanism 255 will not permit the modified loader module to be loaded into the protected portion of local store 225.”)
in response to a positive verification result, executing the asymmetric verifier application; and (Fig. 3 and Fig. 5 (620-640), [0096], “If the application module is authentic, the application module is loaded into the protected execution environment (step 630). The data used by the application module may then be decrypted using the second decryption key and the application module may be run on the decrypted data (step 640).”)
Hursti and Hofstee are analogous art. Hofstee is cited to teach a similar concept of device security.  Based on Hofstee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to verify the verifier application before it is used (i.e. during the boot verification).  Furthermore, being able to verify the verifier application improves on Hursti by being able to maintain a secure device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to maintain security on the device.
Regarding claim 2, Hursti teaches wherein the signature associated with the first data is a signature of a hash of the first data. ([0031], “The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)
Regarding claim 3, Hursti teaches wherein the first data is a further application. ([0031], “the cryptographic application 131 verifies the integrity of the virtual machine 163”)
Regarding claim 5, Hursti teaches an asymmetric verifier but does not teach the verifier is verified using a master bootloader. Hofstee teaches wherein the asymmetric verifier application is verified using a master bootloader of the device. ([0065-66], “Once the initial piece of software, e.g., the loader module, is decrypted and authenticated using the on-chip core key(s) 240, loaded into the protected portion of local store 225, and started by the processor 210, the initial piece of software may load other software and data. This other software and data may be obtained from system storage 260 or another on-chip or off-chip code/data source … This encrypted portion of the initial piece of software is encrypted using the core decryption key of the core key(s) 240 for a symmetric key algorithm or a complementary key for an asymmetric key algorithm and an encryption algorithm corresponding to decryption mechanism 250, for example. If the authentication of this other software and/or data succeeds, the software/data may be decrypted using a decryption key stored in the encrypted portion of the initial piece of software and loaded into the protected portion of local store 225 for processing in the protected execution environment 245. This other software itself may contain an encrypted authentication security key and decryption key for authenticating and decrypting a third piece of software or data”)
Regarding claim 7, Hurst does not teach but Hofstee teaches wherein the initial application hash is embedded on the device during manufacture or assembly of the device. ([0017], “cryptographic hashing, i.e. hashing in which only entities having knowledge of the hash key may correctly generate a hash value, may be used to generate an authentication value that is based on the core key and the first software module.” And [0023], “on-chip core authentication key to authenticate and load a first piece of software may comprise generating an authentication value based on the on-chip core authentication key and contents of the first piece of software. Generating an authentication value may comprise generating a hash value of the contents of the first piece of software using a hash function and the core authentication key as a key for the hash function.” And Abstract “a hardware controlled authentication and decryption mechanism is provided that is based on a hardware core key.” Where a hardware core key is interpreted as the hash being embedded during manufacture).
Hursti and Hofstee are analogous art. Hofstee is cited to teach a similar concept of device security.  Based on Hofstee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti to verify the verifier application with a hash located on chip before use.  Furthermore, being able to verify the verifier application with a hash located on chip before use improves on Hursti by being able to maintain a secure device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification to maintain security on the device.
Regarding claim 14, Hursti teaches wherein responsive to a positive verification of the signature associated with the first data, the first data is loaded. (Fig. 2, [0051-52], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 as it executes in the client device 106. The data integrity check may be carried out with the cooperation of the dispatch service 121 (FIG. 1) and/or the operator of the client device 106 using techniques such as a digital signature, challenge-response handshake, client-side certificate verification, and/or other possible techniques as can be appreciated. … if the data integrity check completes successfully, in block 209, the cryptographic application 131 obtains the plaintext data to be encrypted.” And [0054], “block 224, the cryptographic application 131 may transmit the ciphertext data 141 and associated metadata (e.g., hash values, identifiers, etc.) for remote storage”)
Regarding claim 15, Hursti teaches wherein the signature associated with the first data is a signature of a hash of the first data and responsive to a positive verification of the signature associated with the first data, the hash of the first data is stored on the device. ([0031], “The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)
Regarding claim 16, Hursti teaches wherein the signature associated with the first data is a signature of a hash of the first data and responsive to a positive verification of the signature associated with the first data, the hash of the first data is stored on the device. ([0031], “After the cryptographic application 131 verifies the integrity of the virtual machine 163 and/or the client device 106, the cryptographic application 131 may then retrieve the remaining functions, modules, components, functions and/or portions of the cryptographic application 131 from the computing environment 103 necessary for complete operation of the cryptographic application 131. The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)
Regarding claim 17, Hursti teaches wherein responsive to positive verification of the first data, the first data is executed or made available for use by executable code, optionally wherein after the first data has been executed or made available for use by executable code the hash of the first data is removed from the device. (Figs. 2-3, [0031], “After the cryptographic application 131 verifies the integrity of the virtual machine 163 and/or the client device 106, the cryptographic application 131 may then retrieve the remaining functions, modules, components, functions and/or portions of the cryptographic application 131 from the computing environment 103 necessary for complete operation of the cryptographic application 131. The integrity of the virtual machine 163 and/or client device 106 may be verified according to a number of approaches, such as comparing file signatures for the virtual machine 163 generated with cryptographic hash functions with known valid signatures stored in the computing environment 103.”)

As to claims 18-20, Hursti and Hofstee teach these claims according to the reasoning provided in claim 1.

Claims 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Hursti and Hofstee in view of Li et al. (US 20190007835).
Regarding claim 8, Hursti teaches an asymmetric verifier application that verifies a signature but does not mention whether the keys are stored in on-device storage but Li teaches wherein the asymmetric verifier application verifies the signature using one or more keys stored in on-device storage (Fig. 2A (274)). (Fig. 2A, [0050], “Public keys can be stored in a key store 274. The key store 274, in some embodiments, resides in non-volatile memory and key values are burned into the key store 274 at the time of manufacture of the SE 103.”)
Hursti, Hofstee and Li are analogous art. Li is cited to teach a similar concept of device security using keys.  Based on Li, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti and Hofstee to use keys burned in during manufacture to an on-device storage.  Furthermore, being able to use keys burned in during manufacture to an on-device storage improves on Hursti and Hofstee by being able to prevent modification to the keys on the device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification by being able to prevent modification to the keys on the device.
Regarding claim 9, Hursti does not teach that the keys are associated with a privilege level but Li teaches wherein a plurality of keys are stored in on-device storage, wherein each of the keys is associated with a privilege level, and wherein restrictions associated with the privilege level of the key which verifies the signature associated with the first data are applied to that first data. (Table 2, [0058], “For the signature embodiment, the SE maintains a key-privilege table. Each row of the table associates a privilege level with a public key.”)
Hursti, Hofstee, and Li are analogous art. Li is cited to teach a similar concept of device security using keys.  Based on Li, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti and Hofstee to use keys which have a privilege level associated with them.  Furthermore, being able to use keys with a privilege improves on Hursti and Hofstee by being able to determine whether to accept or reject a profile installation after comparing the profile type with the determined privilege level. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification by being able to someone without privilege to access the device.
Regarding claim 10, Hursti teaches a plurality of keys but does not teach that the keys are embedded at the time of manufacture. Li teaches wherein the one or more keys are embedded on the device during manufacture or assembly of the device. ([0050], “Public keys can be stored in a key store 274. The key store 274, in some embodiments, resides in non-volatile memory and key values are burned into the key store 274 at the time of manufacture of the SE 103.”)
Hursti, Hofstee, and Li are analogous art. Li is cited to teach a similar concept of device security using keys.  Based on Li, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti and Hofstee to use keys burned in during manufacture to an on-device storage.  Furthermore, being able to use keys burned in during manufacture to an on-device storage improves on Hursti and Hofstee by being able to prevent modification to the keys on the device. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification by being able to prevent modification to the keys on the device.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Hursti and Hofstee in view of Takagi et al (US 20170366525)
Regarding claim 11, Hursti teaches verifying the signature using keys but does not teach that the keys are embedded in the application. Takagi teaches herein the asymmetric verifier application verifies the signature using one or more keys embedded in the asymmetric verifier application. (Fig. 9 (103,104), [0145], “delivers the software 111a with the obfuscated public key embedded”)
Hursti, Hofstee, and Takagi are analogous art. Takagi is cited to teach a similar concept of device security using keys.  Based on Takagi, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Hursti and Hofstee to embed the keys on the application1.  Furthermore, being able to embed keys in the application improves on Hursti and Hofstee by being able to transfer the keys needed with the application to the client. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “the public key 13 corresponding to the private key 14 is embedded into the client application 17 to be delivered to the client 4. Only when the private key 14 used for generating the signature 16a, 16b corresponds to the public key 13 used in the verification of the signature 16a, 16b, the signature 16a, 16b is verified successfully. Therefore, use of an unauthorized client application leads to a failure in the verification of the signature 16a, 16b. This means that it is possible to reduce a risk of covering up an inappropriate authentication process performed by an unauthorized client application on the basis of falsified profile data.”, [0063]

Claims 12-13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Hursti and Hofstee in view of Nelson (US 20200084042)
Regarding claim 12, Hursti teaches a positive or negative verification but does not teach unloading the verifier application afterwards. Nelson teaches wherein responsive to a positive or a negative verification (Hursti, [0015], “the cryptographic application 131 may include the ability to confirm the data integrity of the cryptographic application 131 using techniques such as a digital signature”) of the signature associated with the first data the asymmetric verifier application is unloaded. (Nelson, [0019], “a failure to match a unique identifier of a verification signature 34 at an information handling system 10 may initiate a variety of protective measures, such as locking the information handling system, deleting the application”)
As to claim 13, Hursti, Hofstee, and Nelson teaches this claim according to the reasoning provided in claim 1.

Response to Arguments
Applicant’s arguments, see pg. 1, filed 06/16/2022, with respect to the rejection(s) of claim(s) 1, 18, and 20 under U.S.C. 102 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Hursti in view of Hofstee.
Applicant's arguments filed 06/16/2022 have been fully considered but they are not persuasive. The Applicant’s representative argues that it is not reasonable to combine Hofstee and Hursti because of the limited memory in the Applicant’s device and that neither Hursti or Hofstee solve this problem. The Examiner respectfully disagrees.
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., constrained memory storage capacity, processing power, and communication bandwidth) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Therefore, the arguments are not persuasive.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 




Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468. The examiner can normally be reached Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        September 23, 2022

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187