DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the amendment filed on 10/13/2022.
 Claims 1-4, 6-10, 14-16 and 18-20 are currently pending in this application. Claims 1, 2, 4, 6, 10, 14, 16 and 18 have been amended. Claims 5, 11-13 and 17 are cancelled.
No new IDS has been filed.

Examiner’s Note
Applicant is suggested to include information of the figures 2A-4B with associated text of the specification (e.g., the secure signature, additional memory space, etc.) to the claims to improve the application for providing a better condition for an allowance.

Response to Arguments
The previous objections to the claims 1 and 14 have been withdrawn in response to the applicants’ amendments/remarks.

Regarding the previous 112(b) rejections, the applicants have amended the claims and have, in pages 7-10 of the remarks, argued that “… applicant has amended claims … paragraph 0059 of applicant’s specification states that … when device 300 adds device ID 304 and device timestamp 306 to access-request package 308, it also copies them to memory 320 in a dedicated space for validation. As such, those copies become validation device ID 322 and validation timestamp 324 … paragraphs 0032 and 0055 …”.
Applicants’ these arguments are not persuasive.
First of all, it is noted that the features upon which applicants argue (e.g., coping information for validation, etc. or information included in the paragraphs 0032, 0055 and 0059 of the specification) is NOT recited in the claims. Although the claims are interpreted in light of the specification, limitations for the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Moreover, the amendments to the claims do not overcome all of the rejections and the updated rejections are stated below.

Regarding the 102 rejections, the claims are amended to include obtaining the access-request package (and the updated timestamp) and the validation package in different memories and the applicants have, in pages 10-11 of the remarks, argued that “… Messerges does not disclose the above/amended features …”.
Examiner respectfully disagrees with the argument.
As taught in Messerges, Messerges clearly teaches that the device 200 includes a plurality of memories (e.g., the code ROM 212, character ROM 214, RAM 204, flash memory 216, cryptographic engine 230, etc.) – see fig. 2 and col. 7, line 48 – col. 8, line 14. Moreover, the information (e.g., the device ID or the updated device ID, timestamps, secured timestamps, TLS certificate, etc.) are stored/executed in different memories – see col. 5, lines 34-56; col. 6, lines 67; col. 7, lines 58-67; col. 8, lines 1-14, 36-52. Therefore, it is clear that Messerges clearly teaches information used in debugging validation process are obtained from two different memories (e.g., a first memory and a second memory of the device as claimed). See the 102-rejection section below for detail.
 
The applicants’ arguments for claim 14 and dependent claims 2-4, 6-10, 15, 16 and 18-20 regarding the limitations of the claim 1 responded above are not persuasive and the response for these arguments are similar to the response for the claim 1 above.

Thus, the applicants’ arguments are not persuasive. Please see amended rejections below for the amended claims. This action is final.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 1-4, 6-10, 14-16 and 18-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claims 1 and 14 recite “… obtaining an access-request package from a first memory … comprises … and a request timestamp … a validation timestamp … obtaining an updated timestamp from the first memory on the device …”, however, it is not clear whether “an updated timestamp” is the updated timestamp of “a request timestamp” included before, for example, the request timestamp is updated at later time or updating any timestamp not related to the claimed limitations, for example, the first memory storing two different timestamps (or it is not clear to define a boundary of the claimed limitation). 
Claims 2-4, 6-10, 15, 16 and 18-20 depend from the claim 1 or 14, and are analyzed and rejected accordingly.

Claim 2 recites “… wherein the signature is encrypted and was created using a hashed version of the request timestamp and … decrypting the signature … comparing the decrypted signature and the hashed validation package”, however, it is not clear (1) whether the signature was created using a hashed version of the request timestamp or the encryption was created using a hashed version of the request timestamp; (2) how the signature (not encrypted signature) is decrypted - note: only an encrypted data can be decrypted; (2) how to compare two different types of data (e.g., the decrypted signature and the hashed validation package).
Claim 3 recites “… storing … the access-request package on the device, resulting in the validation package …”, however, it is not clear (1) how storing the access-result package results the validation package – note: the access-request package and the validation package contain different contents.
Claim 4 recites “… wherein obtaining the validation package comprises combining the updated device ID and the validation timestamp …”, however, it is not clear how the validation package comprises combination as the validation package only comprise the validation timestamp – see the claim 1 (or the validated device ID is combined to the validation package).
Claim 6 (claim 18 includes similar limitations) recites “… comparing a validation device ID and the updated device ID …”, it is not clear how the validation device ID and the updated device ID are related or it is comparing two independent device ID or not (or it is not clear to define a boundary of the claimed limitation).
Claim 8 recites “… obtaining a further updated timestamp …”, it is not clear whether “a further updated timestamp” is obtained by updating “the updated timestamp” or not.
Claim 10 recites “… revalidating the validation timestamp further comprises revalidating the signature”, it is not clear how the revalidating of the validation timestamp becomes the revalidating the signature -note: the timestamp and signature are different information (or it is not clear to define a boundary of the claimed limitation).

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-4, 6-10, 14-16 and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Messerges (US 9,450,947 B2).

As per claim 1, Messerges teaches a method comprising:
obtaining an access-request package from a first memory on a device, wherein the access-request package comprises a request device identifier ID and a request timestamp; transmitting the access-request package to a trusted authority [figs. 1-3; col. 3, lines 37-64; col. 4, lines 13-27; col. 5, lines 34-38; col. 7, lines 58-62; col. 8, lines 36-52 of Messerges teaches obtaining an access-request package (e.g., response information for the establishment request) from a first memory (e.g., the ROM 212 storing data that may be transmitted or received by device 200 or one of the memory 214, 204 or 216) of a device, wherein the access-request package comprises a request device ID (e.g., the unique identifier associated with the device) and a request timestamp (e.g., the secured expiration value or the timestamp); transmitting the access-request package to a trusted authority (e.g., the certificate authority)];
receiving an access-key package, wherein the access-key package comprises a signature; obtaining a validation package from a second memory on the device, wherein the validation package comprises a validation timestamp [col. 4, lines 27-30, 41-47; col. 5, lines 34-58; col. 8, lines 4-13, 36-52 of Messerges teaches receiving an access-key package (e.g., a part of the transport layer security TLS certificate), wherein the access-key package comprises a signature; obtaining a validation package (e.g., the validity fields of the transport layer security TLS certificate) from a second memory (e.g., the secure element such as an advanced crypto engine integrated chip or maintained by a trusted execution environment TEE) on the device, wherein the validation package comprises a validation timestamp (e.g., the secured expiration value/timestamp included in the validity fields of the TLS certificate)];
validating the signature in the access-key package; obtaining an updated timestamp from the first memory on the device; and comparing the validation timestamp to the updated timestamp [col. 4, lines 2-6, 58-66; col. 5, lines 1-25; col. 7, lines 4-12; col. 8, lines 4-14, 36-52 of Messerges teaches validating the signature (e.g., ensure to have a valid signature) in the access-key package; obtaining an updated timestamp (e.g., time in the specified validity range of time or MAC value, note the MAC is created over the expiration value stored in the first memory described above) from the first memory on the device; and comparing the validation timestamp (e.g., the secured expiration value/timestamp included in the validity fields of the TLS certificate) to the updated timestamp (e.g., the specified validity range of time or MAC value)].

As per claim 2, Messerges teaches the method of claim 1. 
Messerges further teaches, wherein the signature is encrypted and was created using a hash version of the request timestamp and wherein the validating comprises: hashing the validation package, resulting in a hashed validation package; decrypting the signature, resulting in a decrypted signature; and comparing the decrypted signature and the hashed validation package [col. 3, lines 65-67; col. 4, lines 1-30, 58-61; col. 5, lines 25-33 of Messerges teaches wherein the signature is encrypted and was created using a hash version of the request timestamp and wherein the validating comprises: hashing the validation package (e.g., the validity fields of the transport layer security TLS certificate), resulting in a hashed validation package (e.g., using the cryptographic hash algorithm, the digital signature and an encryption algorithm); decrypting the signature, resulting in a decrypted signature; and comparing (e.g., to verify) the decrypted signature and the hashed validation package (e.g., hashed validity fields of the transport layer security TLS certificate)].

As per claim 3, Messerges teaches the method of claim 1. 
Messerges further teaches storing, after the transmitting, the access-request package on the device, resulting in the validation package; wherein the validation package is obtained from the device [col. 5, lines 38-56 of Messerges teaches storing, after the transmitting, the access-request package (e.g., the part of the transport layer security TLS certificate) on the device (e.g., the device 102), resulting in the validation package (e.g., the validity fields or information used in validation process of the transport layer security TLS certificate); wherein the validation package is obtained from the device (e.g., the device 102)].

As per claim 4, Messerges teaches the method of claim 1. 
Messerges further teaches obtaining, from the device, an updated device ID; wherein obtaining the validation package comprises combining the validation device ID and the validation timestamp [col. 4, lines 62-66; col. 5, lines 3-15 of Messerges teaches obtaining, from the device, an updated device ID (e.g., the identifier in the signed TSL certificate); wherein obtaining the validation package comprises combining the validation device ID and the validation timestamp (e.g., the validity fields or information used in validation process of the transport layer security TLS certificate)]. 

As per claim 6, Messerges teaches the method of claim 5. 
Messerges further teaches obtaining, from the first memory on the device, an updated device ID; comparing a validating device ID and the updated device ID, wherein the validation ID is obtained from the validation package [col. 4, lines 62-66; col. 5, lines 3-15; col. 8, lines 36-52 of Messerges teaches obtaining, from the first memory on the device, an updated device ID (e.g., the identifier used with the updated timestamp value – see also rejections to the claim 1); comparing (or matching) a validating device ID (e.g., the device ID used in the validation process) and the updated device ID (e.g., the identifier used with the updated timestamp value), wherein the validation ID is obtained from the validation package (e.g., the device ID included in the validity fields of the TLS certificate)].
 
As per claim 7, Messerges teaches the method of claim 1. 
Messerges further teaches wherein comparing the validation timestamp to the updated timestamp comprises: subtracting the validation timestamp from the updated timestamp, resulting in a timestamp delta; and determining whether the timestamp delta is within an authentication range [col. 4, line 67 - col. 5, line 43 of Messerges teaches wherein comparing the validation timestamp to the updated timestamp comprises: subtracting the validation timestamp (e.g., the secured expiration value/timestamp included in the validity fields of the TLS certificate) from the updated timestamp (e.g., the time in the specified validity range of time or MAC value), resulting in a timestamp delta; and determining whether the timestamp delta is within an authentication range (e.g., within the specified validity range)].

As per claim 8, Messerges teaches the method of claim 1. 
Messerges further teaches revalidating the validation timestamp, the revalidation comprising: obtaining a further updated timestamp; and comparing the further updated timestamp to the validation timestamp [col. 4, line 67 - col. 5, line 43; col. 6, lines 2-21 of Messerges teaches revalidating the validation timestamp (e.g., validating process using an updated timestamp value), the revalidation comprising: obtaining a further updated timestamp (e.g., the updated timestamp value); and comparing the further updated timestamp to the validation timestamp – see also rejections to the claim 1].

As per claim 9, Messerges teaches the method of claim 8. 
Messerges further teaches wherein the revalidating is performed periodically [col. 3, lines 58-61; col. 4, line 67 - col. 5, line 43; col. 6, lines 2-21 of Messerges teaches wherein the revalidating (e.g., validating process using an updated timestamp value) is performed periodically (e.g., a time period set in the expiration value)].

As per claim 10, Messerges teaches the method of claim 8. 
Messerges further teaches wherein the revalidating the validation timestamp further comprises revalidating the signature [col. 3, lines 58-61; col. 4, line 58 - col. 5, line 43; col. 6, lines 2-21 of Messerges teaches wherein the revalidating the validation timestamp further comprises revalidating the signature (e.g., validation time or expiration range processes include ensuring that the signed TLS certificate has a valid signature and ensuring that a secured expiration value in the TLS certification is valid)].

Claims 14-16 and 18-20 are system claims that correspond to the method claims 1, 2 and 4, 6-8, and are analyzed and rejected accordingly - see figs. 1, 2 and col. 3 for the system components (e.g., processor, memory, etc.).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495