DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
This Action is in response to communications filed 09/19/2022.
Claims 1-2, 10 and 18-19 have been amended.
Claims 1-20 are pending.
Claims 1-20 are rejected.

Response to Arguments
In Remarks filed on 09/19/2022, Applicant substantially argues:
The applied references Zatko and Van Antwerpen fail to disclose the amended limitations of claim 1, and similarly amended claims 10 and 18, of communicating with a trusted authority via a network for authenticating a processing device and storing self-authentication information such that the processing device may authenticate without communicating with the trusted authority. Applicant’s arguments filed have been fully considered but they are moot in view of the current rejections made in response to Applicant’s amendments.
Additional prior art references cited fail to disclose the limitations of respective dependent claims 2-9, 11-17 and 19-20 by virtue of dependency on independent claims for reasons identified above. Applicant’s arguments filed have been fully considered but they are moot in view of the current rejections made in response to Applicant’s amendments.
All arguments by the applicant are believed to be covered in the body of the office action; thus, this action constitutes a complete response to the issues raised in the remarks dated September 19, 2022.


Claim Rejections - 35 USC § 103

Claims 1-3, 8-10, 13-16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over O’Hare et al. (US 2016/0150047) in view of Van Antwerpen et al. (US 10,868,679).

Regarding claim 1, O’Hare discloses in the italicized portions, a method comprising: using a trusted authority to establish authentication of a processing device, the processing device comprising a hardware circuit configured to communicate with the trusted authority via an intervening network; storing self-authentication information in a keystore of the processing device responsive to the authentication established by the trusted authority ([0118] These devices are designed to prevent easy duplication of key material by unauthorized parties. Keys may be generated by a trusted authority and distributed to users, or generated within the hardware. Additionally, key storage systems may provide multi-factor authentication, where use of the keys requires access both a physical object (token) and a passphrase or biometric. While dedicated hardware-based storage may be desirable for high-security deployments or applications, other deployments may elect to store keys directly on local hardware (e.g., disks, RAM or non-volatile RAM stores such as USB drives). [0142] The CPU 1206 comprises a processor, such as one or more conventional microprocessors and one or more supplementary co-processors such as math co-processors for offloading workload from the CPU 1206. The CPU 1206 is in communication with the communications interface unit 1208 and the input/output controller 1210, through which the CPU 1206 communicates with other devices such as other servers, user terminals, or devices. The communications interface unit 1208 and the input/output controller 1210 may include multiple communication channels for simultaneous communication with, for example, other processors, servers or client terminals. The processors may include any combination of hardware and software processors. Hardware processors include processing circuitry, which may include any combination of digital circuits, integrated circuits, ASICs, microchips, and the like. The processors are in communication with one or more non-transient computer-readable memory units, which may be local or remote to the processors.); and subsequently self-authenticating the processing device using the self-authentication information in the keystore without communicating with the trusted authority via the intervening network. Herein it is disclosed by O’Hare the use of a trusted authority for generating authentication keys for use by the device. Additionally, it is indicated that the keys may be stored on the device after generation. O’Hare does not explicitly disclose using the stored information for self-authentication wherein the trusted authority is not communicated with; however, regarding this limitation, Van Antwerpen discloses in Column 4, lines 4-18 “A key store 118 can store key values which can be used to control access to regions (120-0 to -n), Key store 118 can include nonvolatile storage circuits which may or may not be part of nonvolatile memory section 114. As in the case of region configuration store 116, key store 118 can store key values securely, being accessible only with predetermined procedures, and in the embodiment shown, is accessible by access control circuits 112. Access control circuits 112 can read key values from key store 118 when determining whether a region (120-0 to -n) can be accessed or not. A key store 118 can store multiple key values for each region (120-0 to -n). In some embodiments, such keys can be one-time, or limited time use keys, to enable the generation of ephemeral session keys for transactions between host device 104 and memory device 102.” Herein it is disclosed by Van Antwerpen that the key store located on the device may store keys, which is interpreted as the authentication information, to then authorize access to areas of the device without thereby not requiring communication with another device to determine whether the access should be allowed. It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to store locally authentication information and subsequently use the information as disclosed by Van Antwerpen and O’Hare to then authenticate the device for use according to security configurations (Van Antwerpen Figure 8B and corresponding disclosure). O’Hare and Van Antwerpen are analogous art because they are from the same field of endeavor of managing authentication for use of a device. The Examiner notes that the current recitation of “self-authentication” is not explicit as to what is entailed by the operation and therefore the authentication as performed by O’Hare and Van Antwerpen is interpreted to meet the requirements of the language.
Regarding claim 2, O’Hare further discloses the method of claim 1, wherein the trusted authority is a remote server which communicates with the processing device over the network, the authentication of the processing device establishing a trust boundary that includes at least the remote server and the processing device, and the self-authentication information generated from information supplied by the trusted authority to the processing device ([0118] and [0142]). Herein it is disclosed that the trusted authority may be a server and furthermore that secure communications may be transferred between devices thereby creating a trust boundary as claimed and as interpreted in view of the Specification as filed. This is viewed in context of the trusted authority as generating keys only for trusted devices in the system and therefore what may be considered as a trust boundary is formed between the authority and respective devices.
Regarding claim 3, O’Hare further discloses the method of claim 1, wherein the using, storing and subsequently authenticating steps are carried out by execution of firmware by a programmable processor of the processing device, the firmware stored in a firmware store of the processing device ([0117-119]). Herein it is disclosed that hardware and software based solutions may be employed for providing the previously cited services of key generation and storage. In view of Van Antwerpen, it would be obvious to one of ordinary skill in the art for the system as described by O’Hare to perform the subsequent authentication as disclosed by Van Antwerpen for authorizing access to the device. The Examiner notes that the authenticating step has been amended in the independent claim to recite self-authenticating and that the recitation herein is invoking that limitation.
Regarding claim 8, Van Antwerpen further discloses the method of claim 1, wherein the processing device is a data storage device comprising a controller and a non-volatile memory (NVM) ([Col. 6 ln. 53-64] Referring to FIG. 7, a memory device 702 according to another embodiment is shown in a block diagram. In some embodiments, memory device 702 can be a more 0.5 detailed version of any of those memory devices shown in FIGS. 1-4. A memory device 702 can include a NOR flash array 714, memory interconnect (I/C) 748, diagnostic circuits 750, safe boot circuits 752, I/F and data CRC circuits 708, reset circuits 754, ECC circuits 756, array configuration circuits 716, authentication/cryptography (auth/crypt) circuits 724, counter circuits 726, secure boot circuits 758, key store 718, packet buffer 760, a processor section 762, and serial communications controller 764.). Herein it is disclosed that the device is memory including nonvolatile storage and control circuitry which may be considered as a controller.
Regarding claim 9, Van Antwerpen further discloses the method of claim 8, wherein the data storage device comprises a selected one of a solid-state drive (SSD), a hard disc drive (HDD) or a hybrid data storage device (HDSD) ([Col. 3 ln. 29-34] Nonvolatile memory section 114 can include one or more arrays of nonvolatile memory cells organized into multiple regions 120-0 to -n, Regions (120-0 to -n) can have predefined limits or be configurable by a user. In some embodiments, regions (120-0 to -n) can be composed of flash memory cells in a NOR configuration.). Herein it is disclosed by Van Antwerpen that the nonvolatile memory may be flash memory which fulfills the claim of a solid-state drive. However, its noted by the Examiner that beyond the recitation of the HDD or HDSD, it would be obvious to one of ordinary skill in the art that the nonvolatile memory may be any suitable form.
Regarding claim 10, O’Hare discloses in the italicized portions, a processing device, comprising: a memory; and a programmable processor having associated programming stored in the memory  and which, when executed, configures the programmable processor to communicate with a trusted authority over a network to perform an authentication operation, to store self- authentication information in a keystore responsive to the authentication operation ([0118] and [0142]), and to thereafter operate in an untrust mode by performing self- authentication operations using the self-authentication information in the keystore without further communications with the trusted authority via the network. Herein it is disclosed by O’Hare the use of a trusted authority for generating authentication keys for use by the device. Additionally, it is indicated that the keys may be stored on the device after generation. O’Hare does not explicitly disclose using the stored information for self-authentication wherein the trusted authority is not communicated with; however, regarding this limitation, Van Antwerpen discloses in Column 4, lines 4-18 that the key store located on the device may store keys, which is interpreted as the authentication information, to then authorize access to areas of the device without thereby not requiring communication with another device to determine whether the access should be allowed. Furthermore by using the key store for authentication purposes, it is considered as operating in an untrusted mode as claimed. This is further depicted in Figure 8B and the corresponding disclosure as referring to different modes of operation wherein authentication may or may not be required and further instances of differing levels of permissions being set for controlling access to the device. Claim 10 is rejected on a similar basis as claim 1.
Regarding claim 13, O’Hare further discloses the processing device of claim 10, wherein the memory comprises a rotatable magnetic recording disc ([0143] The CPU 1206 is also in communication with the data storage device. The data storage device may comprise an appropriate combination of magnetic, optical or semiconductor memory, and may include, for example, RAM 1202, ROM 1204, flash drive, an optical disc such as a compact disc or a hard disk or drive. The CPU 1206 and the data storage device each may be, for example, located entirely within a single computer or other computing device; or coupled to each other by a communication medium, such as a USB port, serial port cable, a coaxial cable, an Ethernet cable, a telephone line, a radio frequency transceiver or other similar wireless or wired medium or combination of the foregoing. For example, the CPU 1206 may be coupled to the data storage device via the communications interface unit 1208. The CPU 1206 may be configured to perform one or more particular processing functions.). Herein it is disclosed that the memory as disclosed as part of the device may comprise magnetic storage.
Regarding claim 14, Van Antwerpen further discloses the processing device of claim 10, wherein the keystore comprises non- volatile memory so that the self-authentication information is retained during a power cycle event during which the processing device transitions between a deactivated state and an initialized state ([Col. 4 lns. 4-18]). Herein it is disclosed that the key store can include nonvolatile storage.
Regarding claim 15, O’Hare further discloses the processing device of claim 10, wherein the keystore comprises volatile memory so that the self-authentication information is automatically lost from the keystore responsive to a power cycle event during which the processing device transitions between a deactivated state and an initialized state ([0118]). Herein it is disclosed that the memory may be in the form of volatile memory such as RAM wherein the memory stores the keys. This may include the authentication information as previously indicated to be disclosed by O’Hare which thereby presents that the information is lost on power loss as per the function of volatile memory.
Regarding claim 16, O’Hare further discloses the processing device of claim 10, wherein the trusted authority is a remote server with which the programmable processor communicates over a network, the authentication of the processing device establishing a trust boundary around the remote server and the processing device ([0118] and [0142]). Claim 16 is rejected on a similar basis as claim 2.
Regarding claim 18, O’Hare discloses in the italicized portions, a system, comprising: a server: and a data storage device configured to perform a data exchange with the server over an intervening network to authenticate the data storage device by establishing a trust boundary that includes the server and the data storage device, to store self-authentication information in a keystore of the data storage device responsive to the established trust boundary ([0118] and [0142]), to thereafter operate in an untrust mode by subsequently performing self- authentication operations using the self-authentication information in the keystore without further communications with the server during the untrust mode. Herein it is disclosed by O’Hare the use of a trusted authority for generating authentication keys for use by the device. By generating the keys for the device, a trust relationship is formed between the device and server as the server does not provision keys to devices that are not trusted for security purposes. Additionally, it is indicated that the keys may be stored on the device after generation. O’Hare does not explicitly disclose using the stored information for self-authentication wherein the trusted authority is not communicated with; however, regarding this limitation, Van Antwerpen discloses in Column 4, lines 4-18 that the key store located on the device may store keys, which is interpreted as the authentication information, to then authorize access to areas of the device without thereby not requiring communication with another device to determine whether the access should be allowed. Claim 18 is rejected on a similar basis as claim 10.

Claims 6, 12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over O’Hare in view of Van Antwerpen and further in view of Zatko et al. (US 2016/0188909).

Regarding claim 6, O’Hare further discloses the method of claim 1, wherein the processing device comprises a programmable processor and memory ([0141]); however, O’Hare and Van Antwerpen do not explicitly disclose the programmable processor incorporated into a system on chip (SOC) integrated circuit device, the keystore comprising an embedded memory location within the SOC. Regarding this aspect of the limitation, Zatko discloses in Paragraph [0190] “The computing machine 2000 may be implemented as a conventional computer system, an embedded controller, a laptop, a server, a mobile device, a smartphone, a set-top box, a kiosk, a vehicular information system, one more processors associated with a television, a customized machine, any other hardware platform, or any combination or multiplicity thereof. [0198] The processor 2010 may be connected to the other elements of the computing machine 2000 or the various peripherals discussed herein through the system bus 2020. It should be appreciated that the system bus 2020 may be within the processor 2010, outside the processor 2010, or both. According to some embodiments, any of the processor 2010, the other elements of the computing machine 2000, or the various peripherals discussed herein may be integrated into a single device such as a system on chip (“SOC”), system on package (“SOP”), or ASIC device.” Herein it is disclosed that the elements previously referenced may be packaged as a system on chip (SoC) device. It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to embody the system as disclosed Zatko for performing the steps as disclosed by O’Hare and Van Antwerpen as to make use of the benefits provided by the single device structure that comprises the SOC. O’Hare, Van Antwerpen and Zatko are analogous art because they are from the same field of endeavor of managing authentication for use of a device.
Regarding claim 12, Van Antwerpen further discloses the processing device of claim 10, characterized as a solid-state drive (SSD), the memory comprising NAND flash memory (Van Antwerpen [Col. 3 ln. 29-34]), but O’Hare and Van Antwerpen do not explicitly disclose the keystore comprising embedded memory in a system on chip (SOC) that incorporates the programmable processor. Regarding these limitations, Zatko discloses in Paragraphs [0190] and [0198] incorporating the elements onto a SOC. Claim 12 is rejected on a similar basis as presented in claims 6 and 9.
Regarding claim 20, Van Antwerpen further discloses the system of claim 18, wherein the data storage device comprises a controller and an array of data storage devices (Van Antwerpen [Col. 3 ln. 29-34]), but O’Hare and Van Antwerpen do not explicitly disclose the keystore incorporated into a system on chip (SOC) integrated circuit device that also incorporates the controller. Regarding these limitations, Zatko discloses in Paragraphs [0190] and [0198] incorporating the elements onto a SOC. Claim 12 is rejected on a similar basis as presented in claims 6 and 9. Claim 20 is rejected on a similar basis as claim 12.

Claims 4-5, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over O’Hare in view of Van Antwerpen and further in view of Jeansonne et al. (US 2016/0055338).

Regarding claim 4, O’Hare and Van Antwerpen do not explicitly disclose the method of claim 3, wherein the firmware is characterized as test firmware used during a manufacturing operation upon the processing device, and the method further comprises subsequently replacing the test firmware with normal firmware used by the programmable processor during field operation of the processing device and removing access, by the programmable processor, to the keystore. Regarding these limitations, Jeansonne discloses in Paragraphs [0069-0070], [0072], and [0074] “[0069] Upon first boot of the computing system 200 at the factory, the system firmware 207 can send a command to the embedded controller 202 to set the EC_MPM parameter 252 (in the secondary non-volatile memory 216) to the enabled state, to cause a transition from state 402 to state 404. State 404, represented by the MPM parameter 250 and the EC_MPM parameter 252 both being in the enabled state, corresponds to the manufacture programming mode of the computing system 200. [0070] In the manufacture programming mode in state 404, service personnel can modify system data in the primary non-volatile memory 204 as desired. At some point, the system firmware 207 can exit the manufacture programming mode of state 404. The system firmware 207 triggers the exit from the manufacture programming mode by setting the MPM parameter 250 to the disabled state. This causes the MPM parameter 250 to be set at the disabled state, while the EC_MPM parameter 252 remains at the enabled state. The foregoing combination triggers a transition from state 404 to state 406. [0072] In state 406, the system firmware 207 can send a command to the embedded controller 202 to copy machine unique data from the primary non-volatile memory 204 to the secondary non-volatile memory 216. In addition, the system firmware 207 can send a command to the embedded controller 202 to set the EC_MPM parameter 252 in the disabled state, which causes a transition from state 406 to state 408. [0074] Note that state 408, corresponding to both the MPM parameter 250 and EC_MPM parameter 252 being in the disabled state, is the state of normal operation of the computing system 200 in the field by a user.” Herein it is disclosed by Jeansonne that during the manufacturing process a version of firmware can be executed for allowing access to a section of data that, when the system transitions to a user mode, is no longer accessible. In this manner, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that the keystore may only be accessible for authentication purposes when one version of the firmware is being executed and otherwise is not accessed when executing another version of firmware such that data integrity is maintained during user operation of the device and the secured data may be utilized for recovery purposes if necessary in the event of data corruption (Jeansonne [0051-0052]). These is further supported by Van Antwerpen in Column 5 lines 41-46 “While embodiments can include various methods and circuits for assigning key values to particular regions of a nonvolatile memory device, embodiments can also include selectively enabling or disabling access to regions by a manufacturer by enabling or disabling keys known by the manufacturer (i.e., RMA keys).” and Column 5 line 55 – Column 6 line 4 “FIGS. 5A to 5C are diagrams showing how access to regions of a nonvolatile memory device by a manufacturer can be enabled or disabled. FIG. 5A is a flow diagram of a method 540 according to an embodiment. A method 540 can include a customer designating one or more regions as not accessible by a manufacturer 540-0. The regions can be regions of a nonvolatile memory device as described for embodiments herein, or equivalents. Such an action can be used to ensure that sensitive information is not accessible if or when a memory device is returned to a manufacturer. For those regions so designated, keys known by a manufacturer (e.g., RMA keys) can be disabled by the customer 540-1. Such an action can include a customer erasing, overwriting or otherwise disabling keys known by the manufacturer for the designated regions. Keys can be accessed for such modification according to any of the embodiments shown herein or equivalents.” As such, these RMA keys which are used for authentication may only be used by the manufacturer and are otherwise disabled for the user. Therefore, this discloses the keystore which cannot be accessed by the normal firmware for the user. O’Hare, Van Antwerpen, and Jeansonne are analogous art because they are from the same field of endeavor of securing device data.
Regarding claim 5, O’Hare and Van Antwerpen do not explicitly disclose the method of claim 1, wherein the using, storing and subsequently authenticating steps by the firmware place the processing device in an untrust mode, and wherein the firmware is further configured to transition the processing device to a trust mode where the trusted authority is used and the keystore is not used to subsequently authenticate the processing device. Regarding these limitations, Jeansonne discloses in Paragraph [0063] “As further depicted in FIG. 2, an MPM parameter 250 (relating to the manufacture programming mode) is stored in the primary non-volatile memory 204, and a copy of the MPM parameter is stored in the policy store in the secondary non-volatile memory 216, as the EC_MPM parameter 252. A default setting for the EC_MPM parameter is a disabled setting (which indicates that the manufacture programming mode is disabled). More generally, the MPM and EC_MPM parameters are indicators stored in the primary and secondary non-volatile memories for use in transitioning to various states associated with the manufacture programming mode.” Herein it is disclosed by Jeansonne that the firmware may transition between execution modes such that secured areas may no longer be accessed once in a user mode. It would be obvious one of ordinary skill in the art before the effective filing date of the claimed invention that the keystore as disclosed by Van Antwerpen wherein certain keys are used for authentication purposes may be considered as an untrust mode.
Regarding claim 11, O’Hare and Van Antwerpen do not explicitly disclose the processing device of claim 10, wherein the programmable processor operates in an untrust mode during use of the self-authentication information, and wherein the programmable processor subsequently transitions to a trust mode in which the programmable processor performs authentication operations with reference to the trusted authority and without further reference to the keystore. Regarding these limitations, Jeansonne discloses in Paragraph [0063] that the firmware may transition between execution modes such that secured areas may no longer be accessed once in a user mode. Claim 11 is rejected on a similar basis as claim 5.
Regarding claim 17, O’Hare and Van Antwerpen do not explicitly disclose the processing device of claim 10, wherein the associated programming comprises specially configured test firmware loaded to the processing device during device manufacturing, and wherein the memory subsequently stores replacement normal firmware that, when executed, configures the programmable processor to perform subsequent authentication operations using the trusted authority and not using the self-authentication information. Regarding these limitations, Jeansonne discloses in Paragraphs [0069-0070], [0072], and [0074] that during the manufacturing process a version of firmware can be executed for allowing access to a section of data that, when the system transitions to a user mode, is no longer accessible. As indicated in previously presented rejections, O’Hare discloses the mode of authentication with communication of a trusted source and therefore it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that authentication as disclosed by Van Antwerpen for accessing certain keys may be executed via one version of firmware as disclosed by Jeansonne and server authentication as disclosed by O’Hare may be executed by another version of firmware. Claim 17 is rejected on a similar basis as claim 4.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over O’Hare in view of Van Antwerpen and further in view of Kumar et al. (US 2015/0312046).

Regarding claim 7, O’Hare and Van Antwerpen do not explicitly disclose the method of claim 6, wherein the keystore comprises at least one one- time-programmable (OTP) element to store the self-authentication information, and wherein the method further comprises activating the OTP element to render the self-authentication information inaccessible to the programmable processor. Regarding the OTP element and activating the element, Kumar discloses in Paragraphs [0021] and [0063] “[0021] As previously described, the key from a signed message may be compared against a key stored in a memory of the device. For example, the memory may be a one-time programmable (OTP) memory. In general, OTP memory may be a type of digital memory where the setting of each bit of the OTP memory is locked by a fuse (e.g., an electrical fuse associated with a low resistance and designed to permanently break an electrically conductive path after the programming or setting of a corresponding bit) or an antifuse (e.g., an electrical component associated with an initial high resistance and designed to permanently create an electrically conductive path after the programming or setting of a corresponding bit). As an example, each bit of the OTP memory may start with an initial value of ‘0’ and may be programmed or set to a later value of ‘1’ (or vice versa). Thus, in order to program or set a key with a value of ‘10001’ into the OTP memory, two bits of the OTP memory may be programmed from the initial value of ‘0’ to the later value of ‘1.’ Once the two bits of the OTP memory have been programmed to the later value of ‘1’, then the two bits may not be programmed back to the value of ‘0.’ [0063] Although the above examples illustrate an OTP memory storing a key and/or an integrity check value, additional information associated with a key may be stored in the OTP memory. For example, the OTP memory may further store privilege information (e.g., eligible operations of a device that are associated with the key) and identity information (e.g., an identification of an entity associated with the key) for one or more of the keys that are stored in the OTP memory.” Herein it is disclosed by Kumar that OTP memory may be configured to store keys for security purposes as once the OTP has been programmed via activation, it cannot be reprogrammed. In this case, programmed keys are no longer accessible by any means. It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use OTP memory to store the keystore in order to secure stored therein keys and subsequently revoke access to the keys and prevent further access (Kumar [0022-23]). O’Hare, Van Antwerpen and Kumar are analogous art because they are from the same field of endeavor of authenticating devices.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over O’Hare in view of Van Antwerpen and further in view of Jeansonne and still further in view of Kumar.

Regarding claim 19, O’Hare and Van Antwerpen do not explicitly disclose the system of claim 18, wherein the data storage device is further configured to switch from the untrust mode to a trust mode by performing a second data exchange with the server over the intervening network to establish a second trust boundary that includes the server and the data storage device, and to destroy the self-authentication information in the keystore upon transition to the trust mode. Regarding switching modes when exchanging data with the server, Jeansonne discloses in Paragraph [0063] that the firmware may transition between execution modes such that secured areas may no longer be accessed once in a user mode. Claim 19 is rejected on a similar basis as claims 5 and 11. Regarding destroying the information when transitioning to trust mode, Kumar discloses in Paragraphs [0032-33]  “[0032] Referring to FIG. 2, the hash value corruption module 250 may corrupt one or more hash values stored in the OTP memory. For example, a signed message corresponding to a request to revoke a key or an indication that a key has been revoked may be received. In response to the request to revoke the key, a hash valued stored in the OTP memory that corresponds to the revoked key may be corrupted. For example, the OTP memory may store a first hash value that corresponds to a first key and a second hash value that corresponds to a second key. A request to revoke the first key may be received. In response to the request, the first hash value may be corrupted while the second hash value is not corrupted. The corrupting of the first hash value may be accomplished by programming one or more bits of the OTP memory that corresponds to the first hash value. For example, all (or some) of the bits of the first hash value may be programmed so that each bit is associated with a value of ‘1’ (or a value of ‘0’). Further details with regard to the corrupting of a hash value are described in additional detail below. [0033] The new hash value module 260 may store a new hash value in the OTP memory. For example, a signed message may be received to create a new hash value to be stored in the OTP memory in response to the provisioning of a new key. Subsequently, the new key may be received in a later signed message, a hash value may be computed for the new key, and the computed hash value for the new key may then match the new hash value that is stored in the OTP memory.” Herein it is disclosed when a key is to be revoked, the key is corrupted such that a new key is to be provisioned when necessary. It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to revoke keys distributed to devices in order to avoid security issues with older keys attempting to be utilized to authenticate a device when they are outdated.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER J YOON whose telephone number is (408)918-7629.  The examiner can normally be reached on Monday-Friday 8am-3pm ET. The examiner’s email is alexander.yoon2@uspto.gov.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sanjiv Shah can be reached on 571-272-4098.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALEXANDER YOON/
Examiner, Art Unit 2135


/YAIMA RIGOL/Primary Examiner, Art Unit 2135