DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims  rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-24 of U.S. Patent No. 11,277,406. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims are similar or included within the patented case.

17/650767
11,277,406
1. An apparatus, comprising: 

a hardware processor to: 





store two cryptographic representations of a trust relationship between a first device and a second device, the two cryptographic representations based on two pairs of asymmetric hash-based multi-time signature keys; 

receive an attestation request message from the second device, the attestation request message comprising attestation request data for the first device from the second device and a hash-based multi-time signature generated by the second device; and 


in response to the attestation request message, to: 

verify the attestation request data; 




verify the hash-based multi-time signature generated by the second device using a public key associated with the second device; 

generate an attestation reply message using a hash-based multi-time private signature key; and 

send the attestation reply message to the second device.
1. A prover device, comprising: 

one or more processors; 

a computer-readable memory; 

signature logic to: 

store two cryptographic representations of a trust relationship between the prover device and a verifier device, the two cryptographic representations based on two pairs of asymmetric hash-based multi-time signature keys; 

receive an attestation request message from the verifier device, the attestation request message comprising attestation request data and a memory address for the prover device from the verifier device and a hash-based multi-time signature generated by the verifier device; and 

in response to the attestation request message, to: 

verify the attestation request data; 

validate the memory address for the prover device; 

verify the hash-based multi-time signature generated by the verifier device using a public key associated with the verifier device; 

generate an attestation reply message using a hash-based multi-time private signature key; and 

send the attestation reply message to the verifier device.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 8, 9, 15 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Walker et al., (US Publication No. 2012/0284518), hereinafter “Walker”, and further in view of Zhao et al., (US Publication No. 2018/0088927), hereinafter “Zhao”.

Regarding claims 1 and 8, Walker discloses 
a hardware processor [Walker, figures 1, 5] to: 
store two cryptographic representations of a trust relationship between a first device and a second device, the two cryptographic representations based on two pairs of asymmetric Walker, paragraph 27, Entity’s A and B each have public/private key pairs]; 
receive an attestation request message from the second device, the attestation request message comprising attestation request data for the first device from the second device and a Walker, paragraph 27, Entity’s A and B each have public/private key pairs, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210]; and 
in response to the attestation request message, to: 
verify the attestation request data [Walker, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210]; 
verify the Walker, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210]; 
generate an attestation reply message using a Walker, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210, paragraph 37, entity A uses its DAA private key to sign and produces DAA-Sign and sends to entity B]; and 
send the attestation reply message to the second device [Walker, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210, paragraph 37, entity A uses its DAA private key to sign and produces DAA-Sign and sends to entity B].

Walker does not specifically disclose, however Zhao teaches
hash-based multi-time signature [Zhao, paragraph 11, signature scheme].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use a well-known signature scheme to provide security for the system.

Regarding claims 2 and 9, Walker-Zhao further discloses
update an authentication path through a multi-time signature tree structure [Zhao, paragraph 17, signature scheme using a multi-time hash-based in a Merkle tree to support signature verification multiple times, paragraph 20 and figure 1].

Regarding claims 15 and 20, Walker-Zhao further discloses
a hardware processor [Walker, figures 1, 5] to: 
generate a set of attestation request data for the first device [Walker, paragraph 27, Entity’s A and B each have public/private key pairs, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210]; 
generate an attestation request message comprising the set of attestation request data and a hash-based multi-time signature [Zhao, paragraph 11, signature scheme] generated by the second device [Walker, paragraph 27, Entity’s A and B each have public/private key pairs, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210]; and 
send the attestation request message to a first device [Walker, paragraph 27, Entity’s A and B each have public/private key pairs, paragraph 35, entity A verifies the signature of B’s public key, figure 2, 206, 208, 210].

Claim(s) 3-7, 10-14, 16-19 and 21-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Walker-Zhao as applied to claims 1, 9, 15 and 20 above, and further in view of Schulz, (US Publication No. 2015/0264021).

Regarding claims 3 and 10, Walker-Zhao does not specifically disclose, however Schulz teaches
wherein the attestation request data for the second device comprises: 
a nonce [Schulz, paragraph 52]; 
a first identifier associated with the first device [Schulz, paragraphs 42-44, 51-53, figure 4]; 
a second identifier associated with the second device [Schulz, paragraphs 42-44, 51-53, figure 4]; and 
one or more attributes that specify what is to be attested [Schulz, paragraphs 42-44, 51-53, figure 4].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide a nonce to enhance security between two devices (verifier and prover) that send messages which may be used for determining whether a software update is available in order to provide security for the systems while sending messages between them.

Regarding claims 4 and 11, Walker-Zhao-Schulz further discloses
verify that the first identifier and the second identifier are not equal [Schulz, paragraphs 42-44, 54-59, figures 4, 7].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to verify the identifier’s of the source and target devices (which is obvious to verify they are not equal) to ensure the security of the system.

Regarding claims 5 and 12, Walker-Zhao-Schulz further discloses
verify that the nonce is a fresh nonce [Schulz, paragraphs 42-44 figure 4].

Regarding claims 6 and 13, Walker-Zhao-Schulz further discloses
verify that the one or more attributes specify a valid request for attestation [Schulz, paragraphs 42-44, 51-59, figures 4, 7].

Regarding claims 7 and 14, Walker-Zhao-Schulz further discloses
wherein the attestation reply message comprises: a nonce [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; 
a first identifier associated with the first device [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; 
a second identifier associated with the second device [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; and 
a hash-based multi-time signature [Zhao, paragraph 11, signature scheme].

Regarding claims 16 and 21, Walker-Zhao-Schulz further discloses
wherein the attestation request data for the first device comprises: a nonce [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; a first identifier associated with the first device [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; a second identifier associated with the second device [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; and one or more attributes that specify what is to be attested [Schulz, paragraphs 42-44, 51-59, figures 4, 7].

Regarding claims 17 and 22, Walker-Zhao-Schulz further discloses
a communication interface to receive an attestation reply message from the first device [Schulz, figure 2].

Regarding claims 18 and 23, Walker-Zhao-Schulz further discloses 
wherein the attestation reply message comprises: a nonce [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; a first identifier associated with the second device [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; a second identifier associated with the first device [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; and a hash-based multi-time signature [Zhao, paragraph 11, signature scheme].

Regarding claims 19 and 24, Walker-Zhao-Schulz further discloses 
verifying the nonce, the first identifier, and the second identifier [Schulz, paragraphs 42-44, 51-59, figures 4, 7]; and verifying the hash-based multi-time signature [Zhao, paragraph 11, signature scheme] using a public key associated with the first device [Schulz, paragraphs 42-44, 51-59, figures 4, 7].

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/William J. Goodchild/Primary Examiner, Art Unit 2433