DETAILED ACTION
The following claims are pending in this office action: 1-20
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 04/06/2021 are accepted.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/06/2021 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 04/06/2021 is attached to the instant Office action. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 9-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claims 9-14 do not fall within at least one of the four categories of patent eligible subject matter because, using the broadest reasonable interpretation, the claims are directed to software per se and signals per se.  Claims 9-14 recites a system comprising a processing resource and a machine-readable medium.  However, the specification states “the processing resource 108 may be a physical device” – see para. 0022.  Furthermore, “The machine-readable medium 110 may be non-transitory”.  Nothing in the specification limits the system to be implemented by a hardware processor, or memory.  The Examiner suggests that the Applicant change claim 1 to read “A system comprising: a hardware processing resource; a non-transitory machine-readable medium storing instructions that, when executed by the hardware processing resource, cause the hardware processing resource to…”
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-13, 15-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sovio et al. (US Pub. 2020/0019695) (hereinafter “Sovio”) in view of Goldman (US Pub. 2017/0353313) (hereinafter “Goldman”).

As per claim 1, Sovio teaches a method comprising: identifying, by a processor-based system ([Sovio, para. 0030; Fig. 1] “Fig. 1 illustrates a block diagram of an exemplary computing apparatus 100 [a processor-based system] incorporating aspects of the disclosed embodiments”), an untrusted component ([para. 0005] “new or updated applications [untrusted component] may require use of secure services provided by the trusted application 114 and will therefore require authentication determinations”) in a trusted execution environment, wherein the trusted execution environment allows execution and isolation of a trusted component; ([para. 0050] “the SEE 112 [trusted execution environment] is configured to host [execute] and protect [isolation] trusted applications 114 and other secure or services 124 [trusted component]”.  Identifying an untrusted component in a boot sequence is taught by Goldman below) 
restricting, by the processor-based system, the untrusted component from accessing hardware resources; ([Sovio, para. 0040]  the hypervisor 108 [part of the computing apparatus 100 taught above] can restrict, or prevent, the guest applications [untrusted component] from accessing or even discovering computer resources [hardware resources])
obtaining, by the processor-based system, an image digest ([Sovio, para. 0060] “the hypervisor 108 [part of the computing apparatus 100 taught above] … generates a measured value corresponding to the client application … the measured value may include a hash of the client application [an image digest]”) and privilege rights associated with the untrusted component in an untrusted execution environment, ([para. 0060] “incorporate additional meta-data into the measured value … The meta-data may include … data embedded in a digital certificate [privilege rights as a digital certificate is used to denote privileges of an application] associated with the client application”) wherein the privilege rights include access to the hardware resources, ([para. 0045] “the additional meta-data may then be included in a measured value to help identify and ultimately authorize the client application 104”; [para. 0039; para. 0050] upon authorization using the meta-data, the client application is allowed access to portions of memory that contain the secure services [hardware resources]) and wherein the untrusted execution environment allows execution of the untrusted component and the trusted component; ([para. 0038] “the hypervisor 108 is included in the REE 230 [untrusted execution environment] to provide basic software services and to manage the computer hardware and other computing resource … the hypervisor generates the measurement value”; [para. 0063] “Once it is determined that the client application 104 is authorized to access the requested secure services [a determination allowed by the REE hypervisor], the trusted application may [allowed by the REE hypervisor] perform [execution] the requested secure operations and return the result to the client application 104 [an execution of the untrusted component]”)
sending, by the processor-based system, a request including the image digest and the privilege rights to a central node ([Sovio, para. 0013] “the processor is configured to send a request for authorization from the authorization service to a network based authorization server [central node], where the request for authorization includes the measured value [image digest and the privilege rights”) over a secure connection; ([para. 0054] In one embodiment the communication channel 134 between the authorization service 118 and the external authorization service 120 is cryptographically secured) 
receiving, by the processor-based system, a response including approved privileges from the central node ([Sovio, para. 0013] “the processor receives an authorization result [approved privileges from the network based authorization server [central node] and determines whether the client application is authorized to access the requested secure services based on the authorization result”. Receiving a signature based on the image digest from the central node is taught by Goldman below)
transferring, by the processor-based system, the approved privileges from the untrusted execution environment to the trusted execution environment; ([Sovio, para. 0032] “the term REE … generally encompasses all hardware … of the computing apparatus 100 with the exception of the hardware, firmware, and/or software that is incorporated within and protected by the SEE 112”; [Fig. 1] a network interface/bus [hardware that is not incorporated within and protected by the SEE] is used to transport information from the authorization server to the SEE portion of the computing apparatus 100.  Transferring the signature is taught by Goldman below)
providing, by the processor-based system, access to the hardware resources to the untrusted component in the trusted execution environment based on the approved privileges.  ([Sovio, para. 0013] “the processor receives an authorization result from the network based authorization server and determines whether the client application is authorized to access [providing access to the untrusted component] the requested secure services based on the authorization result”; [para. 0039; para. 0050] upon authorization, the client application is allowed access to portions of memory that contain the secure services [hardware resources])
Sovio does not clearly teach identifying an untrusted component in a boot sequence; deferring, by the processor-based system, a secure boot authentication of the untrusted component for a predetermined period; receiving a signature based on the image digest from the central node; transferring the signature, and authenticating, by the processor-based system, the untrusted component in the trusted execution environment using the signature before expiry of the predetermined period.   
However, Goldman teaches identifying an untrusted component in a boot sequence; ([Goldman, para. 0046] “a trusted platform module of the data processing system records the measurements of each software module [identifying an untrusted component] during boot [in a boot sequence]”)
deferring, by the processor-based system, ([Goldman, para. 0017] “data processing environments are provided in which illustrative embodiments may be implemented”) a secure boot authentication of the untrusted component ([para. 0047] “illustrative embodiments will not allow a software module to execute on a data processing system [a secure boot as the process is for starting an initial boot of an operating system/software module– see para. 0050 and para. 0058] until illustrative embodiments receive from a trusted third party server [deferring to the third party] permission to proceed or continue with the process of preparing the software module for execution”) for a predetermined period; ([para. 0047] “embodiments may take into consideration a context associated with preparing a software module for execution, such as, for example, time of day [a predetermined time period]”)
receiving a signature based on the image digest from the central node; ([Goldman, para. 0056] “Server computer 302 utilizes software module measurement and context analyzer 320 to analyze the information contained in authorization request 318 [based on the image digest] to verify the integrity of software module 306 prior to execution of software module 306 by client device 304. After analyzing the information contained in authorization request 318, server computer 302 [receiving, from the central node] sends digitally signed authorization response 322 [signature based on the image digest] to client computer 304”)
transferring the signature, and ([Goldman, para. 0056]” Client device 304 analyzes digitally signed [the signature] authorization response 322 using [transferring] trusted platform module 308”) 
authenticating, by the processor-based system, the untrusted component in the trusted execution environment using the signature ([Goldman, para. 0056] “Trusted platform module 308 determines whether digitally signed authorization response 322 satisfies security policy 324 … If trusted platform module 308 [part of the processor-based system] determines [authenticating] that digitally signed [using the signature] authorization response 322 satisfies security policy 324, then trusted platform module 308… continue with the process of preparing software module 306 [the untrusted component [for execution]”) before expiry of the predetermined period.   ([Para. 0070] “the computer generates an authorization response based on analysis of [before expiry of as an analysis determines whether the execution is before the after the time of day] … the context [the predetermined period – see above and para. 0047]”) 
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Sovio with the teachings of Goldman to include identifying an untrusted component in a boot sequence; deferring, by the processor-based system, a secure boot authentication of the untrusted component for a predetermined period; receiving a signature based on the image digest from the central node; transferring the signature, and authenticating, by the processor-based system, the untrusted component in the trusted execution environment using the signature before expiry of the predetermined period.  One of ordinary skill in the art would have been motivated to make this modification because 1) such a signature represents a message from the trusted third party server indicating that the trusted third party server has verified the integrity of the software module to allow the secure boot operation to continue and 2) such context, such as a predetermined time period, allows for the server computer to provide more than a simple proceed/proceed not with preparing a software for executing, such as allowing the server computer to reply with a risk level corresponding to execution of the software after the expiry of (determined during the analysis) the predetermined period (time of day).  (Goldman, para. 0034; para. 0047)

As per claim 2, Sovio in view of Goldman teaches claim 1.
Sovio also teaches storing, by the processor-based system, the approved privileges in a memory.  ([Sovio, para. 0062] “the authorization service 118 updates the locally maintained [storing, by the processor-based system, in a memory] access control list based on information returned [approved privileges] returned from the external authorization service 120”)
Sovio does not clearly teach storing, by the processor-based system, the signature in a memory.  
However, Goldman teaches storing, by the processor-based system, the signature in a memory. ([Goldman, para. 0022] “storage 108 may store [storing, by the processor-based system, in a memory] authentication credential data [the signature]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Sovio and Goldman for the same reasons as disclosed above.

As per claim 3, Sovio in view of Goldman teaches claim 1.  
Sovio also teaches wherein the untrusted component includes one or more of a bootloader, an operating system, a kernel, a driver, and a master boot record. (Examiner interprets “include one or more of” as requiring one or more of the limitations following to be disclosed.  [Sovio, para. 0041, Fig. 1] the guest application [untrusted component] includes a kernel, an OS, and other client applications in the kernel)

As per claim 4, Sovio in view of Goldman teaches claim 1.  
Sovio does not clearly teach wherein the privilege rights includes one or more of access to storage, input-output bus, radio resources, ethernet LAN port, and a validity period. 
However, Goldman teaches wherein the privilege rights includes one or more of access to storage, input-output bus, radio resources, ethernet LAN port, and a validity period.  (Examiner interprets “one or more of” as requiring one or more of the limitations following to be disclosed.  [Goldman, para. 0034] “restricted execution authorization [privilege rights] may represent permission for data processing system 200 to proceed with preparation of software module 222 for execution, but to execute software module 222 with a limited capability …  Limited capability may mean, for example, that data processing system 200 allows software module 222 restricted or no access to resources, such as networks [ethernet LAN port/input-output bus] or encrypted drives [storage]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Sovio with the teachings of Goldman to include wherein the privilege rights includes one or more of access to storage, input-output bus, radio resources, ethernet LAN port, and a validity period.  One of ordinary skill in the art would have been motivated to make this modification because this allows the system to prevent (or allow) an unauthorized software module from executing on a data processing system rather than just reporting the presence of the unauthorized software module.  (Goldman, para. 0047)

As per claim 5, Sovio in view of Goldman teaches claim 4.
Sovio does not clearly teach erasing, by the processor-based system, the untrusted component from a storage responsive to expiry of the validity period.
However, Goldman teaches erasing, by the processor-based system, the untrusted component from a storage responsive to expiry of the validity period.  ([Goldman, para. 0034] “the authorization response may include an instruction from the trusted third party server to terminate [erasing the untrusted component from runtime memory] the process of preparing software module 222 for execution based on analyses of the software module measurement log 224 and context 228 [expiry of the validity period as explained in claim 1 above]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Sovio with the teachings of Goldman to include erasing, by the processor-based system, the untrusted component from a storage responsive to expiry of the validity period.  One of ordinary skill in the art would have been motivated to make this modification because this allows the system to prevent (or allow) an unauthorized software module from executing on a data processing system rather than just reporting the presence of the unauthorized software module.  (Goldman, para. 0047)

As per claim 7, Sovio in view of Goldman teaches claim 1.  
Sovio does not clearly teach analyzing, by the processor-based system, a defect using the untrusted component based on the approved privileges.
However, Goldman teaches analyzing, by the processor-based system, a defect using the untrusted component based on the approved privileges. ([Goldman, para. 0062] “the authorization response may include other information, such as an explanation [a defect] for the restricted execution authorization [using the untrusted component based on the approved privileges]”; [para. 0056] “Client device 304 analyzes digitally signed authorization response 322 [analyzing, by the processor-based system, the defect]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Sovio with the teachings of Goldman to include analyzing, by the processor-based system, a defect using the untrusted component based on the approved privileges.  One of ordinary skill in the art would have been motivated to make this modification because by doing so, the processor-based system may determine whether the authorization response satisfies the security policy thereby allow secure access to computer hardware resources.  (Goldman, para. 0035)

As per claim 8, Sovio in view of Goldman teaches claim 1.  
Sovio also teaches wherein the request further includes a system certificate and a system identifier. ([Sovio, para. 0045] “meta-data [included in the request] may, for example, include information such as … application name [a system identifier] … a digital certificate signed by a trusted certificate authority [a system certificate])

As per claim 9, Sovio teaches a system comprising: a processing resource; and a machine-readable medium storing instructions that, when executed by the processing resource, cause the processing resource to perform steps.  (For clarity, the broadest reasonable interpretation of processing resource is a commonly known term in the art with structure [not a generic placeholder which invokes 112f] which is not software in light of para. 0022 of the instant application: “… a physical device…” and a subsequent list of processor structures; [Sovio, para. 0067] “The processor 210 is configured to read program instructions from a memory 212 and perform the methods and processes described herein”)
The system claim comprises a processing resource that performs the steps of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  

As per claim 10, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 11, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 12, Sovio in view of Goldman teaches claim 9.  
Sovio also teaches wherein the processing resource executes one or more of the instructions to establish a secure channel for encrypting the signature and the approved privileges during the transferring from the untrusted execution environment to the trusted execution environment.  ([Sovio, para. 0054] “the communication channel 134 [a secure channel] between the authorization service 118 and the external authorization service 120 is cryptographically secured [encrypting the approved privileges and signature as taught by Goldman in claim 1]”; [para. 0015] Conventional security solutions [such as described above] are designed to run … a rich execution environment [untrusted execution environment] and … a secure execution environment [trusted execution environment] … secure communication channels to transfer messages [transferring] between these environments)

As per claim 13, Sovio in view of Goldman teaches claim 9.  
Sovio does not clearly teach a display unit configured to display a plurality of options associated with privilege rights for user selection wherein the privilege rights include one or more of access to storage, input-output bus, radio resources, ethernet LAN port, and a validity period. 
However, Goldman teaches a display unit configured to display a plurality of options associated with privilege rights for user selection ([Goldman, para. 0037] “Display 216 [a display unit] provides a mechanism to display information to a user and may include touch screen capabilities to allow the user to make on-screen selections [for user selection] through user interfaces or input data, for example”; [para. 0062] “The authorization response may include [information], for example, a full execution of the software module authorization, or a restricted execution of the software module authorization … the authorization response may include other information, such as an explanation for the restricted execution authorization, or an explanation for terminating the process… [a plurality of options associated with privilege rights]) wherein the privilege rights include one or more of access to storage, input-output bus, radio resources, ethernet LAN port, and a validity period.  (Examiner interprets “one or more of” as requiring one or more of the limitations following to be disclosed.  [para. 0034] “restricted execution authorization [privilege rights] may represent permission for data processing system 200 to proceed with preparation of software module 222 for execution, but to execute software module 222 with a limited capability …  Limited capability may mean, for example, that data processing system 200 allows software module 222 restricted or no access to resources, such as networks [ethernet LAN port/input-output bus] or encrypted drives [storage]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Sovio with the teachings of Goldman to include a display unit configured to display a plurality of options associated with privilege rights for user selection wherein the privilege rights include one or more of access to storage, input-output bus, radio resources, ethernet LAN port, and a validity period.  One of ordinary skill in the art would have been motivated to make this modification because this allows the system to prevent (or allow) an unauthorized software module from executing on a data processing system rather than just reporting the presence of the unauthorized software module.  (Goldman, para. 0047)

As per claim 15, Sovio teaches non-transitory machine-readable medium storing instructions executable by a processing resource.  ([Sovio, para. 0068] “The memory 212 stores computer program instructions that may be accessed and executed by the processor 210 to cause the processor to perform a variety of desirable computer implemented processes or methods such as the methods for protecting secure services described herein”)
The non-transitory machine-readable medium claim includes instructions to perform the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus the computer-readable medium claim is rejected with the same rational applied against claim 1.  

As per claim 16, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 17, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 18, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4

As per claim 20, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.

Claims 6, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Sovio in view of Goldman as applied to claims 1, 9, and 15 above, and further in view of Hartley et al. (US Pub. 2014/0205092) (hereinafter “Hartley”).

As per claim 6, Sovio in view of Goldman teaches claim 1.  
Sovio in view of Goldman does not clearly teach wherein authenticating the untrusted component comprises: verifying, by the processor-based system, the signature using a public key associated with the untrusted component.
However, Hartley teaches wherein authenticating the untrusted component comprises: ([Hartley, para. 0024]  “Prior to downloading the provisioning information, a cryptographic exchange using the message signing key pair is performed to ensure that the electronic circuit [untrusted component] is an authentic [authenticating] electronic circuit”) verifying, by the processor-based system, ([para. 0052] the electronic circuit 300 can be a system on a chip … based on a suitable processor [processor-based system]) the signature using a public key associated with the untrusted component.  ([para. 0023] “Asymmetric public key cryptography involves the use of a mathematically related key pair, including a "private key" and a "public key" to sign and to verify a signature, respectively”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Sovio in view of Goldman with the teachings of Hartley to include wherein authenticating the untrusted component comprises: verifying, by the processor-based system, the signature using a public key associated with the untrusted component.  One of ordinary skill in the art would have been motivated to make this modification because such a technique denies a contracted manufacture full control over the device so that they cannot violate a contract with an OEM concerning the fabrication of a chip.  (Hartley, para. 0106)

As per claim 14, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.

As per claim 19, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Dewan et al. (US Pub. 2019/0045016) discloses a device 120 in communication with a remote server 150 where the device, during a secure boot procedure, initiates communication with the remote server, to send state information concerning untrusted software, and the server sends back a determination whether or not to allow the untrusted software to be executed at the device.  
Lee et al. (US Pub. 2017/0041794) discloses validating authorization for use of a set of features of a device where an authorization server sends back a proof with it’s private key as a signature, and the network node validates the first proof with a public key.  
Duval et al. (US Pub. 2022/0129559) discloses endpoint authentication based on boot-time binding of multiple components, where at boot time, a secure memory device is configured to determine cryptographic measure of instructions and generate a certificate containing the measurement to a remote server for authentication.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493