Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Margolis et al (2012/0331290) in views of Autiosalo et al (2022/0263668) and Bray (8812860).
For claim 1, Margolis teaches a device (external device) connected to a platform (processor) (par.21, lines 1-3), the device comprising: a security system (MAA module 116 ) including device real time clock (RTC) data (par.19, lines 1-3 and par.25, lines 1-6 para 32, MAC module receiving RTC value); and a memory device (119 as in memory storage as shown in fig.1) configured to execute main firmware (device 118 and 119 considered to be the main firmware that are part of element 104 as Margolis teaches in par.29) communicating with the platform (the examiner notes that Margolis teaches that device 118 and 119 considered to be the main firmware that are part of element 104 which communicates with the platform which is element 102 as Margolis teaches in par.30), system is configured to generate a device hash (the examiner notes that Margolis teaches that mac module includes Hash-based Message Authentication Code (HMAC) as Margolis teaches in par.25, lines 8-12) from the device RTC data and a main firmware hash (the examiner notes that Margolis teaches that MAC module 116 which is hash device generates a MAC i.e., device hash for the received message using the MAK 119 stored in storage module 118 and When ED 104 receives a valid request for an RTC, ED 104 generates a MAC for the RTC value with MAC module 116 using the MAK 119 stored in storage module as Margolis teaches in par.32, lines 1-5)and the memory device is configured to provide a response including the device hash to the platform (the examiner notes that Margolis teaches that message which includes hash containing the MAC, the RTC value, and a value from the status register is sent to host processor as Margolis teaches in par.32, lines 1-6).
Margolis fails to teach the security system comprising at least one processor, a security system configured to communicate with the platform through an interface; the at least one processor is configured to generate a device hash from the device RTC data and a main firmware hash.
Autiosalo teaches, similar system, the security system comprising at least one processor (the data security module 100 may also comprise a processor and/or a memory as Autiosalo teaches in par.49), the at least one processor is configured to generate a device hash from the device RTC data and a main firmware hash (Autiosalo teaches that least one processor to cause the measuring device to perform the association of the digital calibration certificate with the measurement result taken under processing by generating a hash of the digital calibration certificate and by including the generated hash in the measurement result taken under processing, such that at least one processor 202 to cause the measuring device 200A to generate a timestamp for the signed measurement result using the real-time clock 150. The timestamp produced using the real-time clock 150 may be used, for example, as an alternative for a timestamp produced using a blockchain, data security module which includes processor, hardware and/or software and which may be provided as part of the measuring device 200A producing measurement results or connected between the measuring device 200B producing measurement results and the communications network as Autiosalo teaches in par.46, 49, 74). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include the at least one processor is configured to generate a device hash from the device RTC data and a main firmware hash as taught and suggested by Autiosalo for the purpose of producing measurement results may easily and cost-efficiently attach to their products a functionality by means of which the devices automatically sign the produced measurement results using a digital calibration certificate defined for the device during or after manufacture as a certificate of signing of the measurement results and enabling the measurement results to be offered for purchasing by other organizations in a data market (Autiosalo, par.30).
Margolis, as modified by Autiosalo, does not explicitly teach security system configured to communicate with the platform through an interface. Bray teaches, similar system, security system configured to communicate with the platform through an interface (Bray teaches that network 222 as interface may facilitate communication between computing device 212 as platform and authentication server 232 as security system that include RTC as Bray teaches in col.6, lines 4-10). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include security system configured to communicate with the platform through an interface as taught and suggested by Bray for the purpose of facilitating communication or data transfer using wireless or wired connections by include a time synchronized authentication code. (Bray, Abstract, col.6, lines 8-9).
For claim 2, Margolis in views of Autiosalo and Bray, further teaches wherein: the main firmware is configured to receive a firmware hash measurement request signal including nonce data from the platform (the examiner notes that Margolis teaches that host processor 102 generates nonce 111 using RNG module 110 and appends the nonce to a command to be sent to ED 104 as Margolis teaches in par.49, lines 2-5), and the security system is configured to generate the device hash from the device RTC data, the main firmware hash, and the nonce data based on the firmware hash measurement request signal (nonce 111 (the examiner notes that Margolis teaches that in the message, element 4B04 of FIG. 4B shows the format of this message, the command field of message 4B04 indicates that message 4B04 contains a response from ED 104 containing the values of the MC and status register of SRTC module 114 and ED 104 generates a MAC for message 4B04 ("MAC2") with MAC module 116 using MAK 119 generated by storage module as Margolis teaches in par.57, lines 1-6).
Margolis fails to teach at least one processor of the security system.
Autiosalo further teaches at least one processor of the security system (the data security module 100 may also comprise a processor and/or a memory as Autiosalo teaches in par.49). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include the at least one processor of the security system as taught and suggested by Autiosalo for the purpose of producing measurement results may easily and cost-efficiently attach to their products a functionality by means of which the devices automatically sign the produced measurement results using a digital calibration certificate defined for the device during or after manufacture as a certificate of signing of the measurement results and enabling the measurement results to be offered for purchasing by other organizations in a data market (Autiosalo, par.30).
For claim 6, Margolis in views of Autiosalo and Bray, further teaches wherein the security system is configured to generate the device hash when a security function is used (the examiner notes that Margolis teaches that ED 104 also includes a MAC module 116 for generating a message authentication code (MAC) and an storage module 118 storing a key used to authenticate the message that includes MC, RTC, and control/status data as Margolis teaches in par.25, lines 8-12).
Margolis fails to teach at least one processor of the security system.
Autiosalo further teaches at least one processor of the security system (the data security module 100 may also comprise a processor and/or a memory as Autiosalo teaches in par.49). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include the at least one processor of the security system as taught and suggested by Autiosalo for the purpose of producing measurement results may easily and cost-efficiently attach to their products a functionality by means of which the devices automatically sign the produced measurement results using a digital calibration certificate defined for the device during or after manufacture as a certificate of signing of the measurement results and enabling the measurement results to be offered for purchasing by other organizations in a data market (Autiosalo, par.30).
Claim(s) 3-5, and 7-10 are rejected under 35 U.S.C. 103 as being unpatentable over Margolis et al (2012/0331290) in views of Autiosalo et al (2022/0263668) and Bray (8812860) as applied to claims above, and further in view of Shah et al (2016/0373265).
For claim 3, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein the device RTC data is synchronized with platform RTC data of the platform when the device is booted.
Shah teaches, similar RTC system, wherein the device RTC data is synchronized with platform RTC data of the platform when the device is booted (the external time synch synchronized the RTC of device 240 as shown in fig.2 and the platform RTC of 255 as shown in fig.2 as Shah teaches in par.42 and 43 as well as the system is booted). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo and Bray, to include RTC data is synchronized with platform RTC data as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 4, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein the at least one processor of the security system is configured to electronically sign the device hash using on a device private key.
Shah further teaches wherein the at least one processor of the security system is configured to electronically sign the device hash using on a device private key (par.60 and 61). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo and Bray, to include electronically signed based on a device private key as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 5, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein the at least one processor of the security system is configured to encrypt the device hash based on a platform public key.
Shah further teaches wherein the at least one processor of the security system is configured to encrypt the device hash based on a platform public key (par.58 and par.65). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo and Bray, to include electronically signed based on a platform public key as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 7, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein: the memory device is configured to receive a verification result hash including platform RTC data from the platform, and the at least one processor is configured to determine whether the platform RTC data is within an effective range.
Shah further teaches wherein: the memory device is configured to receive a verification result hash including platform RTC data from the platform (par.98), and the at least one processor is configured to determine whether the platform RTC data is within an effective range (period or time range) (par.99). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo and Bray, to include verification result hash including platform RTC data from the platform as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 8, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein the at least one processor is configured to verify an electronic signature of the verification result hash based on a platform public key.
Shah further teaches wherein the at least one processor is configured to verify an electronic signature of the verification result hash based on a platform public key (par.41 and 65). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo and Bray, to include an electronic signature of the verification result hash based on a platform public key as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 9, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein the at least one processor is configured to perform a normal sequence operation when the platform RTC data is within the effective range.
Shah further teaches wherein the at least one processor is configured to perform a normal sequence operation when the platform RTC data is within the effective range (period or time range) (par.98 and 99). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo and Bray, to include platform RTC data is within the effective range as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 10, Margolis, as modified by Autiosalo and Bray, teaches all the limitations as previously set forth except for wherein the at least one processor is configured to perform an error sequence operation when the platform RTC data deviates from the effective range.
Shah further teaches wherein the at least one processor is configured to perform an error sequence operation (incorrect) when the platform RTC data deviates from the effective range (period or time range) (par.74). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis and Bray, as modified by Autiosalo, to include the security system performs an error sequence operation as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
Claim(s) 11-17 are rejected under 35 U.S.C. 103 as being unpatentable over Margolis et al (2012/0331290) in views of Autiosalo et al (2022/0263668), Shah et al (2016/0373265) and Bray (8812860).
For claim 11, Margolis teaches a platform (par.21, lines 1-3), comprising: a platform root of trust (RoT) comprising processor (Margolis teaches of having processor that includes verification system that verify and authenticate the hash where host processor 102 verifies the MAC which includes the hash of the response, to verify the MAC, host processor generates a MAC for the response and verifies that the generated MAC matches the received MAC as Margolis teaches in par.26 and 50); and a hash storing a main firmware hash (device 118 and 119 considered to be the main firmware that are part of element 104 as Margolis teaches in par.29) of the device (Margolis teaches that ED 104 generates a MAC for the RTC value with MAC module 116 using the MAK 119 stored in storage module as Margolis discloses in par.32), wherein the processor of the platform RoT is configured to verify an integrity of a device hash based on real time clock (RTC) data and the main firmware hash (Margolis teaches that host processor 102 verifies the message received from ED which includes the hash of the main firmware or MAC of element 118 and 119 and the hash of RTC by generating MAC value using MAC module 108 and comparing the generated MAC with received MAC as Margolis teaches in par.32 and 50), and wherein the device hash is generated from the main firmware hash and RTC data of a security system configured to communicate with the platform (the examiner notes that Margolis teaches that mac module includes Hash-based Message Authentication Code (HMAC) and that MAC module 116 which is hash device generates a MAC i.e., device hash for the received message using the MAK 119 stored in storage module 118 and When ED 104 receives a valid request for an RTC, ED 104 generates a MAC for the RTC value with MAC module 116 using the MAK 119 stored in storage module as Margolis teaches in par.32, lines 1-5).
Margolis teaches of having memory with RTC and communicating with platform but fails to teach a memory device configured to store a hash table including a main firmware hash of an external device that is external to the platform, and platform real time clock (RTC) data and security system configured to communicate with the platform through an interface.
Autiosalo further teaches a memory device configured to store a hash including a main firmware hash of an external device that is external to the platform (the at least one memory 204 and the computer program code 205 are further configured with the at least one processor 202 to cause the measuring device 200A to generate a hash of the signed measurement result and store the generated hash in a blockchain. The blockchain used may be for example ethereum or hyperledger fabric. Storing the generated hash of the signed measurement result in a blockchain provides for example the advantage of indicating that the measurement result was at the latest created when storing in the blockchain was performed, because the blockchain cannot be changed afterwards as Autiosalo teaches in par.73 and in connection with the data security module 100 means that the data security module 100 is implemented as an external module with respect to the measuring device as Autiosalo teaches in par.87). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include an external device that is external to the platform as taught and suggested by Autiosalo for the purpose of producing measurement results may easily and cost-efficiently attach to their products a functionality by means of which the devices automatically sign the produced measurement results using a digital calibration certificate defined for the device during or after manufacture as a certificate of signing of the measurement results and enabling the measurement results to be offered for purchasing by other organizations in a data market (Autiosalo, par.30). Margolis, as modified by Autiosalo, do not explicitly teach hash table and platform real time clock (RTC) data and security system configured to communicate with the platform through an interface.
Shah is used to teach that a hash table (par.72 and 77) and platform real time clock (RTC) data (par.98). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo, to include platform real time clock (RTC) data as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41). Margolis, as modified by Autiosalo and Shah, does not explicitly teach security system configured to communicate with the platform through an interface.
Bray teaches, similar system, security system configured to communicate with the platform through an interface (Bray teaches that network 222 as interface may facilitate communication between computing device 212 as platform and authentication server 232 as security system that include RTC as Bray teaches in col.6, lines 4-10). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include security system configured to communicate with the platform through an interface as taught and suggested by Bray for the purpose of facilitating communication or data transfer using wireless or wired connections (Bray, col.6, lines 8-9).
For claim 12, Margolis, as modified by Autiosalo, Shah and Bray, further teaches wherein the processor is configured to generate a firmware hash measurement request signal including nonce data and verify the integrity of the device hash based on the nonce data (the examiner notes that Margolis teaches that host processor 102 generates nonce 111 using RNG module 110 and appends the nonce to a command to be sent to ED 104 as Margolis teaches in par.33 and par.49, lines 2-5).
For claim 13, Margolis, as modified by Autiosalo, Shah and Bray, teaches all the limitations as previously set forth except for wherein the processor is configured to determine whether device RTC data of the device hash is within an effective range.
Shah further teaches wherein the processor is configured to determine whether device RTC data of the device hash is within an effective range (period or time range) (par.98 and 99). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo, Shah and Bray, to include within the effective range as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 14, Margolis, as modified by Autiosalo, Shah and Bray, teaches all the limitations as previously set forth except for wherein the processor is configured to perform a normal sequence operation when the device RTC data is within the effective range.
Shah further teaches wherein the processor is configured to perform a normal sequence operation when the device RTC data is within the effective range (period or time range) (par.98 and 99). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo, Shah and Bray, to include within the effective range as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 15, Margolis, as modified by Autiosalo, Shah and Bray, teaches all the limitations as previously set forth except for wherein the processor is configured to perform an error sequence operation when the device RTC data deviates from the effective range.
Shah further teaches wherein the processor is configured to perform an error sequence operation when the device RTC data deviates from the effective range (period or time range) (par.74). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo, Shah and Bray, to include the security system performs an error sequence operation as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 16, Margolis, as modified by Autiosalo, Shah and Bray, teaches all the limitations as previously set forth except for wherein the processor is configured to verify an electronic signature of the device hash based on a device public key.
Shah further teaches wherein the processor is configured to verify an electronic signature of the device hash based on a device public key (par.41 and 65). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo, Shah and Bray, to include an electronic signature as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
For claim 17, Margolis, as modified by Autiosalo, Shah and Bray, teaches all the limitations as previously set forth except for wherein the processor is configured to generate a verification result hash electronically signed based on a platform private key and provides the electronically signed verification result hash to the device.
Shah further teaches wherein the processor is configured to generate a verification result hash electronically signed based on a platform private key and provides the electronically signed verification result hash to the device (par.41 and 65). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis, as modified by Autiosalo, Shah and Bray, to include an electronic signature of the verification result hash based on a platform public key as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41).
Claim(s) 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Margolis et al (2012/0331290) in views of Shah et al (2016/0373265) and Bray (8812860).
For claim 18, Margolis teaches method of verifying integrity of a device connected to a platform (par.21, lines 1-3), the method comprising: the device generating a device hash from the device RTC data and a main firmware hash of the device ((device 118 and 119 considered to be the main firmware that are part of element 104 as Margolis teaches in par.29 and furthermore, the examiner notes that Margolis teaches that MAC module 116 which is hash device generates a MAC for the received message using the MAK 119 stored in storage module 118 and When ED 104 receives a valid request for an RTC, ED 104 generates a MAC for the RTC value with MAC module 116 using the MAK 119 stored in storage module as Margolis teaches in par.32, lines 1-5); and verifying, by a processor of the platform, integrity of the device hash based on the platform data and a firmware hash stored in the platform (the examiner notes that Margolis teaches that message which includes hash containing the MAC, the RTC value, and a value from the status register is sent to host processor as Margolis teaches in par.31, lines 2-6 and furthermore, a firmware hash, such as the hash of element 118 and 119 are stored in the platform 102 storage 108 since the Message Authentication Keys (MAKs) 113 and 119 are generated during manufacturing of the chips for host processor 102 and ED 104 and are stored, respectively, in storage modules 112 and 118 so that each pair of manufactured host processor 102 and ED 104 chips contain corresponding, identical keys as Margolis teaches in par.29).
Margolis teaches of having device with RTC and communicating with platform Margolis fails to teach synchronizing platform real time clock (RTC) data with device RTC data, platform RTC data and communicating, by the processor of the platform and through an interface, with the device.
Shah further teaches synchronizing platform real time clock (RTC) data with device RTC data (the external time synch synchronized the RTC of device 240 as shown in fig.2 and the platform RTC of 255 as shown in fig.2 as Shah teaches in par.42 and 43), platform RTC data (par.98). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include synchronizing platform real time clock (RTC) data as taught and suggested by Shah for the purpose of providing a secure record of the time of certain events, or data entries, in the form of a time certificate or signatures of time related data, as outputs to a requesting entity (Shah, par.41). Margolis, as modified by Shah, does not explicitly teach communicating, by the processor of the platform and through an interface, with the device.
Bray teaches, similar system, communicating, by the processor of the platform and through an interface, with the device (Bray teaches that network 222 as interface may facilitate communication between computing device 212 as platform and authentication server 232 as security system that include RTC as Bray teaches in col.6, lines 4-10). It would have been obvious to one ordinary skill in the art before effective filling date to modify Margolis to include security system configured to communicate with the platform through an interface as taught and suggested by Bray for the purpose of facilitating communication or data transfer using wireless or wired connections (Bray, col.6, lines 8-9).
For claim 19, Margolis, as modified by Shah and Bray, further teaches wherein the generating of the device hash is performed in response to a firmware hash measurement request signal generated by the processor (par.32).
For claim 20, Margolis, as modified by Shah and Bray, further teaches wherein: the firmware hash measurement request signal comprises nonce data, and wherein the processor verifies an integrity of the device hash is verified by the platform based on the nonce data (the examiner notes that Margolis teaches that in the message, element 4B04 of FIG. 4B shows the format of this message, the command field of message 4B04 indicates that message 4B04 contains a response from ED 104 containing the values of the MC and status register of SRTC module 114 and ED 104 generates a MAC for message 4B04 ("MAC2") with MAC module 116 using MAK 119 generated by storage module as Margolis teaches in par.57, lines 1-6).
Response to Amendments/Arguments
Applicant's arguments filed 01/02/2026 have been fully considered but they are not persuasive.
With respect to the applicant’s arguments in page 3, regarding amendment limitation in claim 11, that neither Margolis or Autiosalo, either alone or in combination, discloses ““wherein device hash is generated from the main firmware hash and RTC data of a security system.” However, examiner explains that Margolis teaches that MAC module, as element 116 as shown in fig.1, is a Hash-based Message Authentication Code, which means as Hash device, element 114, as shown in fig.1, as RTC data, and elements 118 and 119 as shown in fig.1, as main firmware and element 104 generates MAC, RTC is on an External Device (ED) that is designed to support stringent customer power requirements, RTC portion containing a value to be programmed into the RTC containing the value of the status register of SRTC module 114, and a message authentication code (MAC) and send the message, which includes MAC as hash, to the device 104, and ED 104 verifies the MAC of the messages from both RTC and elements 118 and 119 as firmware device, as the MAC module 116 which is hash device generates a MAC i.e., device hash for the received messages as hash from both RTC and elements 118 and 119 as firmware device and When ED 104 receives the messages from RTC and firmware, ED 104 is configured to send the messages as hash to host processor 102 after reprogramming ED 104 in response to a valid reprogram command module as Margolis teaches in par.29-32 and 42-43.
With respect to applicant’s arguments in page 4 that Autiosalo fails to disclose or render obvious the subject matter of claim 1 missing from Margolis. However, examiner respectfully disagrees with applicant because Margolis teaches that MAC module, as element 116 as shown in fig.1, is a Hash-based Message Authentication Code, which means as Hash device, element 114, as shown in fig.1, as RTC data, and elements 118 and 119 as shown in fig.1, as main firmware and element 104 generates MAC, RTC is on an External Device (ED) that is designed to support stringent customer power requirements, RTC portion containing a value to be programmed into the RTC containing the value of the status register of SRTC module 114, and a message authentication code (MAC) and send the message, which includes MAC as hash, to the device 104, and ED 104 verifies the MAC of the message from RTC and elements 118 and 119 as firmware device, MAC module 116 which is hash device generates a MAC i.e., device hash for the received message using the MAK 119 stored in storage module 118 and When ED 104 receives a valid value message from RTC and firmware, ED 104 is configured to send a message to host processor 102 after reprogramming ED 104 in response to a valid reprogram command module. However, Margolis fails to teach security system comprising at least one processor, a security system configured to communicate with the platform through an interface; the at least one processor is configured to generate a device hash from the device RTC data and a main firmware hash. The secondary reference, Autiosalo, teaches that least one processor to cause the measuring device to perform the association of the digital calibration certificate with the measurement result taken under processing by generating a hash of the digital calibration certificate and by including the generated hash in the measurement result taken under processing, such that at least one processor 202 to cause the measuring device 200A to generate a timestamp for the signed measurement result using the real-time clock 150. The timestamp produced using the real-time clock 150 may be used, for example, as an alternative for a timestamp produced using a blockchain, data security module which includes processor, hardware and/or software and which may be provided as part of the measuring device 200A producing measurement results or connected between the measuring device 200B producing measurement results and the communications network as Autiosalo teaches in par.46, 49, 74. Therefore, the combination of Margolis with Autiosalo meets the claim 1 limitations.
With respect to applicant’s arguments in page 4 that a person of ordinary skill would not have been motivated to modify Margolis in view of Autiosalo. However, examiner respectfully disagrees with applicant Margolis teaches that MAC module, as element 116 as shown in fig.1, is a Hash-based Message Authentication Code, which means as Hash device, element 114, as shown in fig.1, as RTC data, and elements 118 and 119 as shown in fig.1, as main firmware and element 104 generates MAC, RTC is on an External Device (ED) that is designed to support stringent customer power requirements, RTC portion containing a value to be programmed into the RTC containing the value of the status register of SRTC module 114, and a message authentication code (MAC) and send the message, which includes MAC as hash, to the device 104, and ED 104 verifies the MAC of the message from RTC and elements 118 and 119 as firmware device, MAC module 116 which is hash device generates a MAC i.e., device hash for the received message using the MAK 119 stored in storage module 118 and When ED 104 receives a valid value message from RTC and firmware, ED 104 is configured to send a message to host processor 102 after reprogramming ED 104 in response to a valid reprogram command module. However, Margolis fails to teach security system comprising at least one processor, a security system configured to communicate with the platform through an interface; the at least one processor is configured to generate a device hash from the device RTC data and a main firmware hash. The secondary reference, Autiosalo, teaches that least one processor to cause the measuring device to perform the association of the digital calibration certificate with the measurement result taken under processing by generating a hash of the digital calibration certificate and by including the generated hash in the measurement result taken under processing, such that at least one processor 202 to cause the measuring device 200A to generate a timestamp for the signed measurement result using the real-time clock 150. The timestamp produced using the real-time clock 150 may be used, for example, as an alternative for a timestamp produced using a blockchain, data security module which includes processor, hardware and/or software and which may be provided as part of the measuring device 200A producing measurement results or connected between the measuring device 200B producing measurement results and the communications network as Autiosalo teaches in par.46, 49, 74. Therefore, the combination of modifying Margolis with Autiosalo improves of producing measurement results may easily and cost-efficiently attach to their products a functionality by means.
With respect to applicant’s arguments in page 5 that neither Margolis or Autiosalo, either alone or in combination, discloses ““wherein device hash is generated from the main firmware hash and RTC data” and Bray and Shah do not cure the deficiencies of Margolis and Autiosalo. However, examiner respectfully disagrees with applicant because Margolis teaches that MAC module, as element 116 as shown in fig.1, is a Hash-based Message Authentication Code, which means as Hash device, element 114, as shown in fig.1, as RTC data, and elements 118 and 119 as shown in fig.1, as main firmware and element 104 generates MAC, RTC is on an External Device (ED) that is designed to support stringent customer power requirements, RTC portion containing a value to be programmed into the RTC containing the value of the status register of SRTC module 114, and a message authentication code (MAC) and send the message, which includes MAC as hash, to the device 104, and ED 104 verifies the MAC of the message from RTC and elements 118 and 119 as firmware device, MAC module 116 which is hash device generates a MAC i.e., device hash for the received message using the MAK 119 stored in storage module 118 and When ED 104 receives a valid value message from RTC and firmware, ED 104 is configured to send a message to host processor 102 after reprogramming ED 104 in response to a valid reprogram command module. However, Margolis fails to teach a memory device configured to store a hash table including a main firmware hash of an external device that is external to the platform, and platform real time clock (RTC) data and security system configured to communicate with the platform through an interface. The secondary reference, Autiosalo, teaches that least Storing the generated hash of the signed measurement result in a blockchain provides for example the advantage of indicating that the measurement result was at the latest created when storing in the blockchain was performed, because the blockchain cannot be changed afterwards as Autiosalo teaches in par.73 and in connection with the data security module 100 means that the data security module 100 is implemented as an external module with respect to the measuring device as Autiosalo teaches in par.87). the prior art, Bray, teaches of interface may facilitate communication between computing device 212 as platform and authentication server 232 as security system that include RTC as Bray teaches in col.6, lines 4-10. The prior art, Shah, teaches a hash table and platform real time clock (RTC) data in par.77 and 98. Therefore, the combination of Margolis with Autiosalo, Bray, and Shah meets the claims limitations.
Regarding dependent claims arguments, said arguments are moot because the applied references are not considered to have alleged differences, and therefore are considered to properly show that for which they were cited.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYUB A MAYE whose telephone number is (571)270-5037. The examiner can normally be reached Monday-Friday 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AYUB A MAYE/Examiner, Art Unit 2436 /AMIE C. LIN/Primary Examiner, Art Unit 2436