DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-7, 21-29 are pending.  Claims 8-20 are cancelled.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5, 22-26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho et al (PGPUB 2015/0288528), and further in view of Kumar et al (PGPUB 2020/0192659).

Regarding Claims 1 and 22:
Cho teaches a method for enabling hardware verification testing of a software and a system, comprising (abstract, method includes receiving an application by an electronic device, determining an application signature key included in the application, if the application signature key matches a development signature key among the development signature key and a commercial signature key, verifying the application signature key in relation to whether the electronic device corresponds to information on a test electronic device defined in the application signature key):
a memory to store data and instructions (paragraph 74, memory with instructions); and
a processor operable to communicate with the memory, wherein the processor is operable to (paragraph 74, processor receiving instructions from memory): 
receive the software to modify an application that includes a standard mode and a test mode (paragraph 174, development application written in a software development kit (SDK); paragraph 109, communication interface receives application; paragraph 114, application certificate module verifies application signature key in relation to whether electronic device receiving the application corresponds to information on a test electronic device defined in the application signature key, i.e. “test mode”; paragraph 119-120, alternatively, if the application signature key matches a commercial signature key, the processor installs the application to the electronic device, i.e. “standard mode”), wherein the software includes a payload with code for modifying the application (paragraph 41, an application according to various embodiments of the present disclosure may include execution code, data referenced by the execution code, a resource for screen configuration, application authority information defining data or functions that the application accesses, an entire application signature value, an open key for certifying an application signature key, an authority open key for certifying the open key, or the device unique ID (DUID) of a test electronic device; paragraph 71-78, electronic device including processor and memory comprising software; paragraph 42-43, electronic device receives and installs application); 
generate a platform signature using a platform private key and the software (paragraph 174, operation terminal may sign a development application with an application signature key; user may load the application signature key from the SDK and sign the development application with the application signature key; paragraph 167, RSA key pair); 
adding the platform signature to the payload (paragraph 41, application according to various embodiments of the present disclosure may include execution code, data referenced by the execution code, an entire application signature value, an open key for certifying an application signature key; paragraph 174, operation terminal may sign a development application with an application signature key; user may load the application signature key from the SDK and sign the development application with the application signature key), and
generating a signed version of the software using the platform signature to authenticate the software (paragraph 41, application according to various embodiments of the present disclosure may include execution code, data referenced by the execution code, an entire application signature value, an open key for certifying an application signature key; paragraph 174, operation terminal may sign a development application with an application signature key; user may load the application signature key from the SDK and sign the development application with the application signature key; paragraph 109-120, application certificate module verifies application signature key according to whether the received key matches a development signature key or a commercial signature key using separate processes; paragraph 43, installation of development applications is limited through the certification of the application signature), wherein authenticating the software includes using a first set of verification checks for authenticating the software for the standard mode of the application and using a second set of verification checks for authenticating the software for the test mode of the application (paragraph 109-120, application certificate module verifies application signature key according to whether the received key matches a development signature key or a commercial signature key using separate processes), wherein the second set of verification checks of the test mode does not require a signature other than the platform signature to authenticate the software but the first set of verification checks of the standard mode requires a signature other than the platform signature to authenticate the software (paragraph 109-120, application certificate module verifies application signature key according to whether the received key matches a development signature key or a commercial signature key using separate processes; if the application signature key matches the development signature key, the commercial signature key is not required; if the application signature key matches the commercial signature key, the development signature key is not required).
Cho does not explicitly teach wherein the software is a firmware update patch; and
wherein the application is firmware.
However, Kumar teaches the concept wherein a software is a firmware update patch (paragraph 32, uCode capsule package includes authentication information and payload containing uCode firmware volume; paragraph 2-4, firmware volumes for updating platform firmware); and
wherein an application is firmware (paragraph 2-4, firmware volumes for updating platform firmware; paragraph 28, BIOS region divided into three firmware volumes; paragraph 33, System Management Interrupt handler defined to parse uCode patch from capsule image; SMI handler configured to check integrity of update image by validating signature from either OEM/ODM/platform vendor or cloud customers).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the firmware update of a firmware teachings of Kumar with the test platform signature generation teachings of Cho.  Firmware is a subcategory of software generally, which typically runs at the lowest level of device hardware, and can therefore be considered especially vulnerable to programming errors and malicious exploits; therefore, a person of ordinary skill in the art would have considered combining the methods of Cho with the firmware system of Kumar in order to be able to test firmware prior to official release, thereby detecting and eliminating bugs, unforeseen problems, and potential attacks before any field devices become damaged or vulnerable due to installing untested firmware.

Regarding Claims 2 and 23:
Cho in view of Kumar teaches the method of claim 1 and the system of claim 22.  In addition, Cho teaches wherein a developer built the payload and adding the platform signature to the software does not require re-building the payload (paragraph 167, development application written by the SDK; paragraph 174, user loads application signature key from the SDK and signs development application with application signature key); and
Kumar teaches wherein the software is the firmware update patch (paragraph 32, uCode capsule package includes authentication information and payload containing uCode firmware volume; paragraph 2-4, firmware volumes for updating platform firmware).
The rationale to combine Cho and Kumar is the same as provided for claims 1 and 22 due to the overlapping subject matter between claims 1 and 2, 22 and 23.

Regarding Claims 3 and 24:
Cho in view of Kumar teaches the method of claim 1 and the system of claim 22.  In addition, Kumar teaches wherein the payload comprises a payload header (paragraph 32, UEFI capsule header).
The rationale to combine Cho and Kumar is the same as provided for claims 1 and 22 due to the overlapping subject matter between claims 1 and 3, 22 and 24.

Regarding Claim 4 and 25:
Cho in view of Kumar teaches the method of claim 1 and the system of claim 22.  In addition, Kumar teaches wherein the firmware is a Basic Input/Output System (BIOS) or a Unified Extensible Framework Interface (UEFI) (paragraph 47, under a modular firmware architecture, such as UEFI, the firmware (BIOS uCode) comprises a combination of core UEFI components and extensions implemented as UEFI modules that are also referred to as images, such as UEFI driver images and UEFI application images; a uCode patch may be targeted to a particular UEFI module).
The rationale to combine Cho and Kumar is the same as provided for claims 1 and 22 due to the overlapping subject matter between claims 1 and 4, 22 and 25.

Regarding Claims 5 and 26:
Cho in view of Kumar teaches the method of claim 4 and the system of claim 25.  In addition, Kumar teaches wherein the firmware update patch is a UEFI runtime patch (URP) capsule (paragraph 31, the uCode patch is encapsulated into a capsule format and a capsule firmware update interface is used to update the uCode regions in BIOS flash; the capsule format uCode image can be built by either an offline phase or online phase to support flexible integrity check method; the capsule formats comply with the capsule format defined by an applicable UEFI specification).
The rationale to combine Cho and Kumar is the same as provided for claims 4 and 25 due to the overlapping subject matter between claims 4 and 5, 25 and 26.

Claim(s) 6, 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Kumar, and further in view of Fassino et al (PGPUB 2019/0163465).

Regarding Claims 6 and 27:
Cho in view of Kumar teaches the method of claim 1 and the system of claim 22.
Neither Cho nor Kumar explicitly teaches wherein the processor is further operable to: 
add a platform public key to the firmware update patch, wherein the platform public key can authenticate the platform signature.
However, Fassino teaches the concept of adding a platform public key to the firmware update patch, wherein the platform public key can authenticate the platform signature (abstract, method provides a firmware update to an electronic device; paragraph 49, firmware update provided with the signing certificate of the master key; device verifies the signature of the signing key on the firmware update; paragraph 57, method includes generating an updated signing key and providing the public part of the updated signing key in the firmware update).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine public key provisioning teachings of Fassino with the test platform signature generation teachings of Cho in view of Kumar, in order to provide the public key used to verify the firmware update with the update itself, with the benefit of improving efficiency and security by eliminating the need to seek and acquire the public key as a separate step, as well as confirming the receiving device was using the most up-to-date keys and certificates, and that the public key certificate had not been revoked.

Claim(s) 7, 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Kumar, and further in view of Peng et al (PGPUB 2012/0297178).

Regarding Claims 7 and 28:
Cho in view of Kumar teaches the method of claim 1 and the system of claim 22.
Neither Cho nor Kumar explicitly teaches wherein the test mode of the firmware can be selected only in a startup menu of the firmware.
However, Peng teaches the concept wherein a test mode of a firmware can be selected only in a startup menu of the firmware (abstract, method automatically switches from a manufacture mode to a user mode on a BIOS chip of a motherboard; paragraph 4, motherboard is tested under manufacture mode, i.e. “test mode”; paragraph 15, configuring module configures BIOS setting file to manufacture mode by configuring options in BIOS setup menu; paragraph 18, configuring module saves configuration into BIOS chip when BIOS chip starts).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the firmware startup menu teachings of Peng with the test platform signature generation teachings of Cho in view of Kumar.  It is well-known in the art that low-level firmware/BIOS settings can typically only be accessed during the startup of a device, before more complex OS elements or interfaces are loaded.  Therefore, a person of ordinary skill in the art would have considered combining the menu teachings of Peng with the system of Cho and Kumar in order to conform to the standards and practices which are common in the art and thereby improve compatibility and usability of the system to the typical user.

Claim(s) 21, 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cho and Kumar, and further in view of Stewart et al (PGPUB 2018/0239900).

Regarding Claims 21 and 29:
	Cho in view of Kumar teaches the method of claim 1 and the system of claim 22.
	Neither Cho nor Kumar explicitly teaches wherein the signature other than the platform signature is generated in response to the firmware update patch passing firmware verification testing.
	However, Stewart teaches the concept wherein a signature other than a platform signature is generated in response to a firmware update patch passing firmware verification testing (paragraph 6-7, firmware/firmware update may be test firmware or production firmware; production firmware is that which has been built, tested, and/or passed a quality-control process; paragraph 19, firmware signed with private key; firmware designated as test signed with test private key, and firmware designated as production signed with production private key).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the production signature following test teachings of Stewart with the test platform signature generation teachings of Cho in view of Kumar.  Cho in view of Kumar teaches generating signatures for firmware updates to be used on test platforms.  It follows that once a firmware update has passed all necessary testing requirements, that a signature is used to authenticate quality-approved software, thereby improving user safety, security, and convenience by providing a cryptographically ensured method of identifying validated production firmware prior to updating.
	
Response to Arguments
Applicant's arguments filed 11/14/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 101:
Applicant’s amendments have overcome the previous 35 USC 101 rejection, which is therefore withdrawn.

Regarding the rejection of claims under 35 USC 103:
Regarding Applicant’s arguments, page 8 paragraph 4-page 9 paragraph 1, the Examiner responds:  The Examiner disagrees.  Cho clearly teaches at least generating a signed version of the software (paragraph 174, operation terminal signs development application with application signature key; paragraph 41, application includes application signature value).  The further claimed limitations, i.e. “to authenticate the software”, and “wherein authenticating the software includes… wherein the second set of verification checks of the test mode…” are statements of intended use, as the elements are never performed as part of the method of claim 1 or performed by any element of the system of claim 22.  Applicant’s specification clearly shows the authentication functions being performed at the receiving system, e.g. the tester (paragraph 46-47) and the nodes of the data center (paragraph 52), neither of which are part of claims 1 and 22.  Claims 1 and 22 appear directed to the Computing System Operator (Fig. 1, element 150), which performs signing functions for the firmware update.  Therefore, the limitations directed to authentication are intended use, and have no patentable weight.
However, even if the limitations at issue were to be considered, Examiner notes that the claimed features are taught by Cho: Cho teaches that the signature is used to authenticate the software (e.g. paragraph 43, certification of application signature), and first and second sets of verification checks for a standard and test mode (paragraph 109-120, verification check in standard and test mode involves verifying commercial and development signature keys respectively), and wherein the second set of verification checks of the test mode does not require a signature other than the platform signature to authenticate the software (paragraph 43, 109-120, application signed with development signature key; certification of application signature to install development application) but the first set of verification checks of the standard mode requires a signature other than the platform signature to authenticate the software (paragraph 109-120, detection of commercial signing key indicates signature of commercial application).  Therefore, Cho in view of Kumar teaches the limitations of claim 1 argued above.

	Applicant’s arguments with regard to independent claim 22 are similar to those regarding claim 1 and are therefore responded to in a similar way.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491