DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claim 1-3, 5-6, 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (US 20170277898), in view of Trusted Computing Group (TCG) et al (Implicit Identity Based Device Attestation).

	Regarding Claim 1, Powell discloses a chip comprising; (FIG 1. 102, processor); an external module; (Powell, FIG.1 104, 108, 109, 110, 115; par [0034] line 4-6, “…the processor 102 includes a processor core 104, a cache 108, and a northbridge 110…”); a security core module comprising:(Powell, FIG. 1, 130, par [0029] line1,” The processor 102 includes a security module 130.”); a memory configured to (Powell, par [0030] line 19-22,”… In the example of FIG.1, the SM firmware 132 generates and maintains five sets of keys: platform keys 134, transport keys 135, chip keys 136, launch integrity keys 137, and address space (AS) encryption keys 126...”); store a layer 1 private key; (Powell, FIG. 1 136; par [0030] line 19-21, “…the SM … maintains…chip keys 136…”); wherein the security core module is configured to prevent access to itself by the external module and by an external device outside the chip. (Powell, Par [0016] line 11-17 “By using a security module that is isolated from processor cores of the processor to perform these security operations, the processing system allows software executing to manage operations based on the authentication and encryption keys without being able to read the keys themselves, thereby preventing unauthorized access to the keys …”;Powell, Par [0022] line 1-7 “The security module is independent of the processor cores of the processor, either physically by employing separate hardware from the processor cores to execute its operations, or logically, by executing its operations using the same hardware as the processor cores, but in a different mode of execution so that software executing at the processor cores cannot access data of the security module”); 
            Powell does not disclose store a first hash of a first root public key and a unique device secret (UDS) of the chip and; a security core configured to generate a layer 1 public key and the layer 1 private key based on the first hash;
            However, TCG discloses store a first hash of a first root public key and a unique device secret (UDS) of the chip and; (TCG, page 8, section 6, “The DICE, or Device Identifier Composition Engine, is a hardware/firmware capability that generates a cryptographically unique value, called the Compound Device Identifier, based on a Unique DeviceSecret and the measurement of the First Mutable Code that runs on a platform.”; TCG, page 10, line 1-4, “The UDS must be stored in non-volatile memory on the device, e.g., eFuses, or any other suitably protected NV storage to which the DICE can restrict access.….” (Note that TCG section 2.4 defines “measurement” as “cryptographic hash of code and/or data”); a security core configured to generate a layer 1 public key and the layer 1 private key based on the first hash;(TCG, page 9, FIG 1; TCG, page 11, section 7.1 line 1-4, “…During boot, the device’s First Mutable Code receives the CDI from the DICE. First Mutable Code uses the CDI to derive the Device Identity asymmetric key pair. Since the derivation is based on the CDI, the DeviceID keys are based not only on the UDS but also the cryptographic identity of the device’s First Mutable Code.…”)
           (Note from the Examiner: In this office action, layers 0 and 1 of FIG. 1 (TCG page 9) are taken to represent layers 1 and 2 of the current application, respectively. As a result, the Device IDprivate and Device IDpublic keys in FIG. 1 correspond to layer 1 private key and layer 1 public key, respectively.)
            Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of Powell, based on the teaching of TCG to obtain the limitations mentioned in claim 1. The motivation is to combine and store Powell’s chip secret and TCG’s hashed public key on security element and to substitute Powel’s layer 1 key pair generation technique with TCG’s method to achieve the claimed result. Storing the first root public key in hashed form instead of a plaintext, and generating layer 1 public key based on the hashed root public key improves security and enhances the effort to create the “device’s statistically unique, cryptographically strong, identity.” (TCG page 5, section 1, line 3)

            Regarding Claim 2, Powell in view of TCG discloses the chip of claim 1, wherein the security core module comprises an address outside an address range that is accessible by the external module and the external device; (Powell, Par [0023] line 8-15 “The security module isolates the keys using a combination of techniques. First, the security module employs hardware isolation from the processor cores executing software. That is, the circuitry used to generate the keys cannot be accessed by the processor cores, and any registers or other storage elements used to store the keys are not addressable or otherwise accessible to any instruction executing at the processor cores.”)

            Regarding Claim 3, Powell in view of TCG discloses the chip of claim 2, wherein the memory is further configured to: store a layer 2 private key; (Powell, Par [0067] line 8-11 “…the SM firmware 132 authenticates the received guest VM based on the sender PEK key and the private PEK key stored at the security module 130...”); 
            Powell in view of TCG does not disclose wherein the security core is further configured to: generate a layer 2 public key and a layer 2 private key based on the second hash; sign a layer 2 certificate using the layer 1 private key; wherein the layer 2 certificate comprises the layer 2 public key; store a second hash of a second root public key;
            However, TCG discloses wherein the security core is further configured to: generate a layer 2 public key and a layer 2 private key based on the second hash; (TCG, page 9, FIG 1; TCG, section 7.2.1.1 “…The Alias Key pair is derived deterministically, using a standard KDF, from the CDI and the identity of Device Firmware; Page 13, section 7.3.1, line 1-5 “First Mutable Code encodes the Firmware Identity (FWID) of Device Firmware within this field.The FWID is the digest of the vendor-specified data structure that describes Device Firmware. This data structure is referred to as the Firmware Security Descriptor (FSD). In the simplest case, an FSD may simply be the Device Firmware image itself. Meaning the FWID would then be the digest of the Device Firmware Image.”; sign a layer 2 certificate using the layer 1 private key; (TCG, section 8.1 “Device Firmware is provided the following by First Mutable Code: The Alias Key certificate signed by the DeviceID private key”); wherein the layer 2 certificate comprises the layer 2 public key; (TCG section 7.3.5, “Alias Key certificates can be created with the following extensions and constraints: Alias public key and algorithm); store a second hash of a second root public key; (TCG, page 9, FIG 1; TCG, section 7.2.1.1 “…The Alias Key pair is derived deterministically, using a standard KDF, from the CDI and the identity of Device Firmware.)

             (Note from the Examiner: In this office action, Aliasprivate and Aliaspublic of FIG. 1 (TCG page 9) stand for layers 1 and 2 of the current application, respectively. Furthermore, according to the descriptions in the current application par [0132] line 1-5 and par line 2-5 [0221], the hash of first root public key is interpreted to be equivalent to the hash of the layer 1 firmware.  Similarly, as stated in the current application's descriptions in paragraph [0159] line 2-4 and paragraph [0222] line 9-13, the hash of the second root public key is interpreted to be equivalent to the hash of layer 2 firmware.)
            Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of Powell, based on the teaching of TCG to obtain the limitations mentioned in claim 3. The motivation is that “In addition to providing a strong Device Identity rooted in hardware, Device Attestation is an extension to typical attestation schemes in that it also relies, implicitly, on a device’s statistically unique, cryptographically strong, identity.” (TCG, page 5, section 1, line 1-4). Hence applying TCG’s techniques mentioned above to known Powell’s device would yield the limitations of claim 3. 
           
             Regarding Claims 5 and 13, claims 5 and 13 recite similar subject matter as claim 3, and therefore a similar prior art mapping, reasoning, and motivation in claim 3 also apply to claims 5 and 13.
            Regarding Claim 6, Powell does not disclose the chip of claim 5, wherein the security core is further configured to: sign the layer 2 certificate using the layer 1 private key; delete the layer 1 private key after the signing.  
            However, TCG discloses the chip of claim 5, wherein the security core is further configured to: sign the layer 2 certificate using the layer 1 private key; (TCG, section 8.1 “Device Firmware is provided the following by First Mutable Code: The Alias Key certificate signed by the DeviceID private key”); delete the layer 1 private key after the signing.(TCG, section 7.1, line 8-11” The private portion of the DeviceID is never exposed outside of the First Mutable Code where it is derived. Further, First Mutable Code must erase…DeviceID private key from memory, registers, etc.…”)
            Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of Powell, based on the teaching of TCG to obtain the limitations mentioned in claim 3. The motivation is to avoid direct exposure of the device identity to the external devices for increasing the security of the device identity by deleting the layer 1 private device key after signing. “The private portion of the DeviceID is never exposed outside of the First Mutable Code where it is derived.” (TCG 7.1, par 3, line 1); “… it is important to limit the potential exposure of the DeviceID key where possible.” (TCG 7.2, par 1, line 6-7)

            Regarding Claim 10, Powell discloses the chip of claim 1, further comprising a service core configured to run service core firmware; (Powell, par [0034] line 7-18, The processor core 104 is a processing unit that can execute instructions at an instruction pipeline that fetches instructions, decodes the fetched instructions into corresponding operations and, using the resources of the processing system 100, executes the operations, including memory access requests. The processor core 104 is configured to identify each memory access request as one of two types: a secure memory access request, indicating that the information corresponding to the memory access request is designated for cryptographic protection, or a non-secure memory access request, indicating that the information corresponding to the memory access request is not designated for cryptographic protection.”)
           
              Regarding Claim 11, Powell discloses the chip of claim 10, further comprising:
a first input/output (I/O) interface coupled to the security core module; and a second, I/O interface coupled to the service core; (Powell, FIG. 1 Security Module 130 has interface with Processor core 104)

            Regarding Claim 12, claim 12 recites similar subject matter as claim 1, and the same prior art mapping, reasoning, and motivation in claim 1 also apply to claim 12.            
            Regarding Claim 14, claim 14 recites similar subject matter as claim 6, and the same prior art mapping, reasoning, and motivation in claim 6 also apply to claim 14.

Claim 4, 7, 8-9, 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (US 20170277898) in view of Trusted Computing Group (TCG) et al (Implicit Identity Based Device Attestation), in view of Pearson et al (US 20180198620).

            Regarding Claim 4, Powell in view TCG discloses…the layer 1 private key …; (TCG 7.2 line 3, “…the private portion of the DeviceID key …”; ...layer 1 public key…; (TCG, section 7.3.6 “Device manufacturers or system integrators can create DeviceID certificates (i.e. analogous to layer 1 certificate) … with, for example, the following fields: DeviceID public key and algorithm”)
            Powell in view of TCG does not discloses the chip of claim 2, wherein the security core is further configured to: receive verification request information from a challenge device; run, in response to the verification request information, secure firmware to sign target data based on the layer 1 private key in order to create signed target data; and send the signed target data to the challenge device to prompt the challenge device to verify the signed target data based on the layer 1 public key.
            However, Pearson discloses the chip of claim 2, wherein the security core is further configured to: receive verification request information from a challenge device;(Pearson, FIG. 4, message 440; par [0052] line 1-4, “…a hardware security module (HSM) verifier associated with the client side device may … transmit an attestation request by transmitting a cryptographic nonce…”; Pearson, FIG. 4, message 450; par [0052] line 1-3, “…the HSM on the server may receive the cryptographic nonce and the cryptographic hash of the firmware (i.e. target data) from the client side device…”); run, in response to the verification request information, secure firmware to sign target data based on the layer 1 private key in order to create signed target data; (Pearson, FIG. 4, message 450; par [0053]“…signed response utilizing the internally stored private key of the HSM to the client side device ...”); send the signed target data to the challenge device to prompt the challenge device to verify the signed target data based on the layer 1 public key; (Pearson, FIG 4. Message 450; par [0053] line 1-4, “…the HSM on the server may …transmit a signed response “; Pearson, Fig. 4, message 460 (“VERIFY THAT CRYPTOGRAPHIC SIGNATURE OF THE RESPONSE CORRESPONDS TO AN ENTRY IN THE PUBLIC TABLE”); par [0054] line 1-3. “At operation 460, the client-side device can verify that that received cryptographic signature of the nonce does correspond to an entry in the public table…”; [0050] “At operation 420, a public table with public keys may be accessed, viewed, downloaded by the client-side device from the server.”)
            Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of Powell in view of TCG (the same motivation to modify Powell with TCG, as in claim 1, applies) based on the teaching of Pearson to obtain the limitations mentioned in claim 4. The motivation is that "needs exist for more effective and efficient systems and methods for ensuring the integrity of shared computing resources against potentially malicious activities." (Pearson, par [0006] line 1-4). 

              Regarding Claim 7, Powell in view TCG discloses… the layer 2 private key…; (TCG section 7.2, line 16 “…the private portion of the Alias Key pair…”); …layer 2 public key…;(TCG, section 7.3.5 “Alias Key certificates (i.e. analogous to layer 1 certificate) can be created with the following extensions and constraints: Alias public key and algorithm”)
            Powell in view of TCG does not discloses the chip of claim 6, wherein the security core is further configured to: receive verification request information from a challenge device; run, in response to the verification request information, secure firmware to sign target data based on the layer 2 private key in order to create signed target data; and send the signed target data to the challenge device to prompt the challenge device to verify the signed target data based on the layer 2 public key.
            However, Pearson discloses the chip of claim 6, wherein the security core is further configured to: receive verification request information from a challenge device; (Pearson, FIG. 4, message 440; par [0052] line 1-4, “…a hardware security module (HSM) verifier associated with the client side device may … transmit an attestation request by transmitting a cryptographic nonce…”; Pearson, FIG. 4, message 450; par [0052] line 1-3, “…the HSM on the server may receive the cryptographic nonce and the cryptographic hash of the firmware from the client side device…”); run, in response to the verification request information, secure firmware to sign target data based on the layer 2 private key in order to create signed target data;(Pearson, FIG. 4, message 450; par [0053]“…signed response utilizing the internally stored private key of the HSM to the client-side device ...”); and send the signed target data to the challenge device to prompt the challenge device to verify the signed target data based on the layer 2 public key; (Pearson, FIG 4. Message 450; par [0053] line 1-4, “…the HSM on the server may …transmit a signed response “; Pearson, Fig. 4, message 460 (“VERIFY THAT CRYPTOGRAPHIC SIGNATURE OF THE RESPONSE CORRESPONDS TO AN ENTRY IN THE PUBLIC TABLE”); par [0054] line 1-3. “At operation 460, the client-side device can verify that that received cryptographic signature of the nonce does correspond to an entry in the public table…”; Pearson, par [0050] “At operation 420, a public table with public keys may be accessed, viewed, downloaded by the client-side device from the server.”)
             Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of Powell in view of TCG (the same motivation to modify Powell with TCG, as in claim 1, applies) based on the teaching of Pearson to obtain the limitations mentioned in claim 7. The motivation is that "needs exist for more effective and efficient systems and methods for ensuring the integrity of shared computing resources against potentially malicious activities." (Pearson, par [0006] line 1-4). 
            
            Regarding Claims 8 and 15, claims 8 and 15 recite similar subject matter as claim 7, and therefore a similar prior art mapping, reasoning, and motivation in claim 7 also apply to claims 8 and 15. 
            Regarding Claims 9 and 16, claims 9 and 16 recite similar subject matter as claim 4, and therefore a similar prior art mapping, reasoning, and motivation in claim 4 also apply to claims 9 and 16. 

Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (US 20170277898), in view of Pearson et al (US 20180198620).

            Regarding Claims 17 Powell discloses a method comprising: storing, by a memory of a security core module of a chip, a private key; (Powell, FIG. 1 134, 136; par [0030] line 19-21, “…the SM … maintains…chip keys 136…”; par [0067] line 8-11, “…the SM firmware 132 authenticates the received guest VM based on the sender PEK key and the private PEK key stored at the security module 130…”); 
               Powell does not disclose obtaining, by a security core from a challenge device, verification request information, wherein the security core is in the security core module; running, by the security core in response to the verification request information, secure firmware to sign target data based on the private key in order to create signed target data; and sending, by the security core to the challenge device, the signed target data.
            However Pearson teaches obtaining, by a security core from a challenge device, verification request information, wherein the security core is in the security core module; (Pearson, FIG. 4, message 440; par [0052] line 1-4, “…a hardware security module (HSM) verifier associated with the client side device may … transmit an attestation request by transmitting a cryptographic nonce…”; Pearson, FIG. 4, message 450; par [0052] line 1-3, “…the HSM on the server may receive the cryptographic nonce and the cryptographic hash of the firmware from the client side device…”); running, by the security core in response to the verification request information, secure firmware to sign target data based on the private key in order to create signed target data; (Pearson, FIG. 4, message 450; par [0053]“…signed response utilizing the internally stored private key of the HSM to the client-side device ...”);  and sending, by the security core to the challenge device, the signed target data; (Pearson, FIG 4. Message 450; par [0053] line 1-4, “…the HSM on the server may …transmit a signed response “; Pearson, Fig. 4, message 460 (“VERIFY THAT CRYPTOGRAPHIC SIGNATURE OF THE RESPONSE CORRESPONDS TO AN ENTRY IN THE PUBLIC TABLE”); Pearson, par [0054] line 1-3. “At operation 460, the client-side device can verify that that received cryptographic signature of the nonce does correspond to an entry in the public table…”; Pearson, par [0050] “At operation 420, a public table with public keys may be accessed, viewed, downloaded by the client-side device from the server.”)
          Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of Powell based on the teaching of Pearson to obtain the limitations mentioned in claim 17. The same motivation to modify Powell with Pearson, as in claim 7, applies.

            Regarding Claims 18 Powell discloses the method of claim 17, wherein obtaining the verification request information comprises reading, by the security core and from a storage space of the memory, the verification request information; (par [0060] At operation 450, the HSM on the server may receive the cryptographic nonce and the cryptographic hash of the firmware from the client-side device…”; par [0052] line 1-4, “At operation 440, a hardware security module (HSM) verifier associated with the client side device may form a connection to the server ,and transmit an attestation request by transmitting a cryptographic nonce.”)

            Regarding Claims 19 Powell discloses the method of claim 18, wherein before reading the verification request information, the method further comprises receiving, by the security core from a service core of the chip, indication information instructing the security core to read the storage space; (par [0022] line 7-12, “…software executing at the processor cores may invoke operations of the security module  …Par [0027] “…the processor 102 generates memory access requests, including write requests to store data at the memory 120 and read requests to retrieve data from the memory 120. Par [0034] line 6-11, “The processor core 104 is a processing unit that can execute instructions at an instruction pipeline that fetches instructions, decodes the fetched instructions into corresponding operations and, using the resources of the processing system 100, executes the operations, including memory access requests.”)

            Regarding Claims 20 Powell in view of Pearson discloses the method of claim 17, Pearson further discloses: wherein the target data comprise firmware run by hardware in a target device that comprises the chip, a hash of the firmware, data generated in a running process of the target device, and data stored in the target device. (Pearson, Fig. 4, message 470; par [0055] line 1-6, “At operation 470, responsive to verifying the image has not been tampered with utilizing the received crypto graphic signature, the published public key, the system status flags, and / or the returned cryptographic hash (es), communication between the client and the leased computing resources may be initiated.” Pearson, Par [0037] line 9-12, “…HSM 510 may utilize the cryptographic nonce and the current hashes of the firmware and / or MTI/TNII image (s) to reply to the attestation request…”)
	The same motivation to modify with Pearson, as in claim 17, applies.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOHANNES WALLELIGN MINWUYELET whose telephone number is (571)272-6413. The examiner can normally be reached Monday-Friday 7:30am - 4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Y.W.M./Examiner, Art Unit 4173                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434