DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Priority
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2021-06-24 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


35 USC § 112(f)
The following is a quotation of 35 U.S.C. 112(f):
ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof..


Claim limitation “confirmation unit” that confirms authorization as recited in independent claims 11, 18, and 19 has been interpreted under 35 U.S.C. 112(f), because it uses a non-structural term “confirmation unit” coupled with functional language (authorization confirmation) without reciting sufficient structure to achieve the function.  Similarly, claim limitation “processing unit configured for ...” as recited in independent claim 18 (and similarly in claim 19) has been interpreted under 35 U.S.C. 112(f), because it uses a non-structural term “processing unit” coupled with functional language (all of the steps recited in the claim) without reciting sufficient structure to achieve the function.  Furthermore, the non-structural terms are not preceded by a structural modifier.  The claimed “confirmation unit” and “processing unit” are non-structural terms having no specific structural meaning, and thus may be a substitute for “means for”.
Since this claim limitations invoke 35 U.S.C. 112(f), claims 11, 18, and 19 (and their dependent claims) are interpreted to cover the corresponding structure described in the specification that achieves the claimed functions, and equivalents thereof.  
A review of the specification is unclear as to the corresponding structure or acts described in the specification for the 35 U.S.C. 112(f) limitations.  
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not wish to have the claim limitations treated under 35 U.S.C. 112(f), applicant may amend the claims so that they will clearly not invoke 35 U.S.C. 112(f) or present a sufficient showing that the claims recite sufficient structure, material, or acts for performing the claimed functions to preclude application of 35 U.S.C. 112(f).
For more information, see Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 11-19 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.  Specifically, with regard to claims 11, 18, and 19, claim element “confirmation unit” that confirms authorization invokes 35 U.S.C. 112(f), and with regard to claim 18 (and similarly claim 19), claim element “processing unit configured for ...” performing all of the steps recited in the claim invokes 35 U.S.C. 112(f).  However, the written description fails to disclose the corresponding structure, material, or acts for performing the claimed function(s) and to clearly link the structure, material, or acts to the function(s).  In particular, the Specification does not appear to disclose the structure for performing the means of the units, or at the least, does not explicitly disclose what structure performs the claimed functions.  Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b).
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f); 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function.  For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above.

Claims 11-19 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.  Specifically, claim 11 recites the limitation “checking by the HSM of an authorization of the caller to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit”, and the limitation is ambiguous and contradictory.
In particular, there are three issues with the limitation.  First, because the limitation recites that the HSM checks the authorization and then recites that “a confirmation unit” confirms the authorization, it’s unclear what the relationship is between the “HSM” and “confirmation unit”, i.e. whether they are the same element, and if not, how they interact given that they’re both recited as performing what appears to be the same function.  Second, the claim recites that the confirmation unit (possibly the HSM) is “differing from the control unit”, but the claim previously recites that the HSM is an element of the control unit, and it is contradictory for an element of the control unit to differ from the control unit.  Third, dependent claim 13 recites that the HSM authenticates the confirmation unit via challenge-response, but parent claim 11 indicates that it is the caller, not the confirmation unit, that is being authorized.  As for claim interpretation with respect to prior art, the caller, confirmation unit, and HSM will be treated as interchangeable on a limitation-by-limitation basis in such a manner that the claims are comprehensible.
Claims 18-19 are rejected under a similar rationale.  The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 11, 14, and 17-19 are rejected under 35 U.S.C. 102(a)(2) as being clearly anticipated by Thom et al. (US Pre-Grant Publication No. 20210263746-A1, hereinafter “Thom”).

With respect to independent claim 11, Thom discloses a method for securely updating a control unit {para. 0030: “storage memory device 200 may also implement the Trusted Computing Group TPM library specification, DICE, Cerberus, or some other security implementation with a memory-mapped interface, for example, to allow ‘safe’ updates to the ‘safe’ boot code”}, which includes a host that is configured to execute an update program and at least one application program, a memory, which contains programs and data, and a hardware security module (HSM) configured to block and to unblock a write access to the memory {paras. 0021-0033 & Fig. 2: “an example storage memory device 200 providing a resilient boot controller 212”, wherein “the storage memory device 200 may require a validated cryptographic key exchange between the host computing device and the trusted platform module 214 before allowing read and/or write access to one or both of the storage memory banks”}, the method comprising the following steps:
starting the host and the HSM {paras. 0022-0034 & 0049: “booting a host computing device”, wherein “resilient boot controller 212 is included in the trusted platform module 214”}.
blocking, by the HSM, the write access to the memory {paras. 0030-0033: “storage memory device 200 may require a validated cryptographic key exchange between the host computing device and the trusted platform module 214 before allowing read and/or write access to one or both of the storage memory banks”}.
starting the update program {para. 0032: “the resilient boot controller 212 can read the proposed program code update from the RAM 216”}.
determining by the update program whether a request of a caller to carry out an update is present {para. 0032: “host computing machine can store a proposed program code update and authorization information (e.g., a digital signature from a code publisher or other authority) in the RAM 216”}.
based on the request being present, checking by the HSM of an authorization of the caller to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit {paras. 0030-0033: “the storage memory device 200 may require a validated cryptographic key exchange between the host computing device and the trusted platform module 214”; the host computing device is a separate machine confirming itself to the TPM; further note that this claim limitation and the next are contingent limitations that are not required by the prior art; See MPEP § 2111.04(II)}.
based on establishing during the check of authorization that the caller is authorized, unblocking, by the HSM, the write access to the memory and re-writing at least a portion of the memory by the update program {para. 0033: “If the program code update satisfies one or more predetermined cryptographic conditions enforced by the trusted platform module 214, then the trusted platform module 214 can indicate to the resilient boot controller 212 to allow the write access of the program code update through the storage memory controller 208 to the high integrity storage memory bank 204”}.

With respect to dependent claim 14, Thom discloses after the starting of the update program, executing at least one of the at least one application program by the host when no request is present {para. 0029: “the host device can execute or continue to execute code (e.g., OS code, application code) read from a low integrity storage memory bank 206 behind the storage memory controller 210”; also note that the limitation is a contingent limitation that is not required by the prior art; See MPEP § 2111.04(II)}.

With respect to dependent claim 17, Thom discloses stopping the host and/or sending or outputting an error message, when it is established that the caller is not authorized {para. 0033: “If the program code update does not satisfy the one or more predetermined cryptographic conditions, then the trusted platform module 214 indicates to the resilient boot controller 212 to prevent the write access through the storage memory controller 208”}.

With respect to claims 18-19, a corresponding reasoning as given earlier in this section with respect to claim 11 applies, mutatis mutandis, to the subject matter of claims 18-19; therefore, claims 18-19 are rejected, for similar reasons, under the grounds as set forth for claim 11.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Thom et al. (US Pre-Grant Publication No. 20210263746-A1, hereinafter “Thom”) in view of Stumpf et al. (US Pre-Grant Publication No. 20160344705-A1, hereinafter “Stumpf”).

With respect to dependent claim 12, although Thom teaches authentication such as via a validated cryptographic key exchange, Thom does not explicitly disclose that the authentication includes challenge-response; however, Stumpf discloses wherein the check of the authorization includes a challenge-response authentication {para. 0026: “a challenge and response, between hardware security module 40 and an external debugger”}.

Thom and Stumpf are analogous art because they are from the same field of endeavor or problem-solving area of authentication by a trusted platform module.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Thom and Stumpf before him or her, to modify/develop the host computer authentication of Thom’s system to utilize challenge-response authentication.  The suggestion and/or motivation for doing so would have been because it is combining prior art elements according to known methods to yield predictable results, i.e. use of a common authentication mechanism by showing ownership of a particular cryptographic key.  Therefore, it would have been obvious to combine the host computer authentication in Thom’s system with challenge-response authentication to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 13, Stumpf discloses wherein a challenge for the challenge-response authentication is posed by the HSM, and a response to the challenge is provided by the confirmation unit {para. 0026: “a challenge and response, between hardware security module 40 and an external debugger”}.


Claims 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Thom et al. (US Pre-Grant Publication No. 20210263746-A1, hereinafter “Thom”) in view of Cottrell et al. (US Pre-Grant Publication No. 20060143600-A1, hereinafter “Cottrell”).

With respect to dependent claim 15, although Thom teaches unlocking secure memory to perform an update, Thom does not explicitly disclose relocking the memory after the update is complete; however, Cottrell discloses where, when it is established during the check of the authorization that the caller is authorized, blocking, by the HSM, the write access to the memory after the rewriting {para. 0009: “After the updating is complete, the memory is locked; thereby, preventing unauthorized access to the updated firmware image”} and subsequently executing at least one of the at least one application program by the host {para. 0021: “application programs 17, for example, word processing, accounting, e-mail, MP3 programs, browsers and other suitable programs or combinations thereof that are transferred to the processor 12 for execution”, which occurs after boot}.

Thom and Cottrell are analogous art because they are from the same field of endeavor or problem-solving area of secure memory updating.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Thom and Cottrell before him or her, to modify/develop the boot controller of Thom’s system to utilize relocking of the unlocked memory after an update is complete.  The suggestion and/or motivation for doing so would have been because it is combining prior art elements according to known methods to yield predictable results, i.e. re-securing the memory after the update for which it was unsecured is completed.  Therefore, it would have been obvious to combine the boot controller in Thom’s system with relocking of the unlocked memory after an update is complete to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 16, Cottrell discloses requesting and checking a password before unblocking the write access to the memory {paras. 0026 & 0033: “a determination is made as to whether the new firmware has been authenticated. This is accomplished, for example, by extracting the signature (e.g. new firmware update credentials)”; Official Notice is given that passwords are a common form of credential and that it would be obvious to use them as the credential}.




Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is (571)270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/Primary Examiner, Art Unit 2491