REMOTE PROVISIONING OF CERTIFICATES FOR MEMORY SYSTEM PROVENANCE

§102 §103

DETAILED ACTION Claims 1-13 and 20-26 are pending in this action. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-4 and 7-13, 20-23 and 26 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Contreras Munoz et al. (US PGPUB No. 2022/0012187) [hereinafter “Contreras Munoz”]. As per claim 1, Contreras Munoz teaches an apparatus, comprising: at least one processor; and memory coupled with the at least one processor, the memory and the at least one processor configured to cause the apparatus to: receive a first certificate comprising a first public key that corresponds to a first private key of a memory system, a first signature generated based at least in part on the first private key of the memory system, and an indication of a characteristic of the memory system ([0050]-[0052], receiving a certificate or a chain certificates including attributes of a memory module – each are cryptographically signed see [0017]); verify, using the first public key, whether the first signature included in the first certificate is endorsed by a certificate authority associated with the first private key of the memory system ([0049], using the public key to verify the certificate or the chain of certificates); verify whether the characteristic of the memory system is included in a set of characteristics stored at the apparatus ([0067] and [0077], directly verifying the attributes associated with the certificates to authenticate the memory module); generate, based at least in part on verifying that the first signature included in the first certificate is endorsed by the certificate authority associated with the first private key and that the characteristic of the memory system is included in the set of characteristics stored at the apparatus, a second certificate that comprises the first public key and a second signature, the second signature generated based at least in part on a second private key stored at the apparatus; and transmit the second certificate ([0054], last certificate in the chain is signed by vendor after verifying the previous certificate see [0049] and after verifying the measurements of the memory module with the GET_MEASUREMENTS command). As per claim 2, Contreras Munoz teaches the apparatus of claim 1, wherein the memory and the at least one processor are further configured to cause the apparatus to: identify that the characteristic of the memory system is an updated version of a prior characteristic of the memory system, wherein verifying that the characteristic of the memory system is included in the set of characteristics stored at the apparatus is based at least in part on identifying that the characteristic is the updated version of the prior characteristic ([0078], verifying an updated firmware of a memory module by using measurements). As per claim 3, Contreras Munoz teaches the apparatus of claim 1, wherein, to verify that the characteristic of the memory system is included in the set of characteristics stored at the apparatus, the memory and the at least one processor are configured to cause the apparatus to: determine that the characteristic of the memory system matches a characteristic included in the set of characteristics stored at the apparatus ([0078]-[0079], requesting measurements to verify them with the attribute data in the attribute certificate see [0063]-[0064]). As per claim 4, Contreras Munoz teaches the apparatus of claim 1, wherein the memory and the at least one processor are further configured to cause the apparatus to: receive a request to verify that the memory system is endorsed by a second certificate authority (Examiner Note: instant specification at [0017], [0019] and [0040], a certificate authority can be many things including the private key itself, the device itself, the manufacturer, etc.) associated with the second private key stored at the apparatus, wherein transmitting the second certificate is based at least in part on receiving the request to verify that the memory system is endorsed by the second certificate authority ([0017], transmitting multiple certificates to be verified via a private key, a manufacturer or vendor, see [0053]-[0054]) also (Examiner note: a private key, manufacturer, vendor, etc. are are all examples of a CA according to the instant specification [0017], [0019] and [0040]). As per claim 7, the combination of Contreras Munoz and Benedict teaches the apparatus of claim 6, wherein memory and the at least one processor are further configured to cause the apparatus to: receive a request for two or more certificates of the plurality of certificates; and transmit the two or more requested certificates in response to the request (Benedict; [0027], accessing the multiple certificates stored on an identification component for the memory module like the SPD hub see Fig. 1). As per claim 8, Contreras Munoz teaches the apparatus of claim 1, wherein the set of characteristics comprises characteristics that have been validated by the apparatus ([0020], ensuring that reported attributes of a DIMM are correct). As per claim 9, Contreras Munoz teaches the apparatus of claim 1, wherein the characteristic of the memory system comprises or is based at least in part on a characteristic of one or more hardware components of the memory system (Examiner Note: these are optional features so only one citation is required however to expedite prosecution both citations will be provided) ([0021], verifying attributes of hardware represented by hardware identities), a characteristic of firmware or software for operating the memory system or a system that includes the memory system ([0021], verifying measurements of firmware identities), or any combination thereof see id. As per claim 10, Contreras Munoz teaches the apparatus of claim 9, wherein the characteristic of the memory system comprises a hash value generated based at least in part on the characteristic of the one or more hardware components of the memory system ([0020], hashing various component attributes for verification of the authenticity of a memory module) (Examiner Note: these are optional features so only one citation is required however to expedite prosecution both citations will be provided) ([0021], verifying attributes of hardware represented by hardware identities), the characteristic of the firmware or the software for operating the memory system or the system that includes the memory system ([0021], verifying measurements of firmware identities), or any combination thereof. As per claim 11, Contreras Munoz teaches the apparatus of claim 1, wherein the second private key stored at the apparatus is associated with a manufacturer of the memory system ([0051], private key associated with the manufacturer and one for the vendor see [0054]). As per claim 12, Contreras Munoz teaches the apparatus of claim 1, wherein the second certificate further comprises information associated with a second public key corresponding to the second private key (Examiner Note: these are optional features so only one citation is required however to expedite prosecution both citations will be provided) ([0053], MINIM manufacture certificate and attribute certificate both have a private key stored separately from the public key included with each certificate see [0050]), a second indication of the characteristic of the memory system ([0053], various identifiers indicate the attribute associated with the certificate including a serial number), or both see id. As per claim 13, Contreras Munoz teaches the apparatus of claim 1, wherein the memory and the at least one processor are further configured to cause the apparatus to: receive a third certificate (Examiner Note: this claim appears to be a recursive step mirroring claim 1 – accordingly it is rejected in a similar fashion) comprising a third public key that corresponds to a third private key of the memory system, a third signature generated based at least in part on the third private key of the memory system, and an indication of an updated characteristic of the memory system ([0050]-[0052], receiving a certificate or a chain certificates including attributes of a memory module – each are cryptographically signed [0017]); verify, using the third public key, whether the third signature included in the third certificate is endorsed by the certificate authority associated with the third private key of the memory system ([0049], using the public key to verify the certificate or the chain of certificates); verify whether the updated characteristic associated with the memory system is included in the set of characteristics or an updated set of characteristics stored at the apparatus ([0067] and [0077], directly verifying the attributes associated with the certificates to authenticate the memory module); and generate, based at least in part on verifying that the third signature included in the third certificate is endorsed by the certificate authority associated with the first private key and that the updated characteristic of the memory system is included in the set of characteristics or the updated set of characteristics stored at the apparatus, a fourth certificate that comprises the third public key and a fourth signature, the fourth signature generated based at least in part on the second private key stored at the apparatus ([0054], last certificate in the chain is signed by vendor after verifying the previous certificate see [0049] and after verifying the measurements of the memory module with the GET_MEASUREMENTS command) (Examiner Note: same private key is used for the signature see [0051] – also numbering of keys in Contreras Munoz may vary from the claim language). As per claim 20, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale. As per claim 21, the substance of the claimed invention is identical or substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale. As per claim 22, the substance of the claimed invention is identical or substantially similar to that of claim 3. Accordingly, this claim is rejected under the same rationale. As per claim 23, the substance of the claimed invention is identical or substantially similar to that of claim 4. Accordingly, this claim is rejected under the same rationale. As per claim 26, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 5-6 and 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over Contreras Munoz in view of Benedict et al. (US PGPUB No. 2021/0349836) [hereinafter “Benedict”]. As per claim 5, Contreras Munoz teaches the apparatus of claim 4. Contreras Munoz does not explicitly teach store the second certificate for a duration between generating the second certificate and receiving the request to verify that the memory system is endorsed by the second certificate authority. Benedict teaches store the second certificate for a duration between generating the second certificate and receiving the request to verify that the memory system is endorsed by the second certificate authority ([0027], storing certificates at a identification component of the memory module and accessed to verify the certificates provided the respective CA’s) (Examiner Note: as stated earlier the instant specification at [0017], [0019] and [0040] states a certificate authority can be many things including the private key itself, the device itself, the manufacturer, etc.). At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Contreras Munoz with the teachings of Benedict, store the second certificate for a duration between generating the second certificate and receiving the request to verify that the memory system is endorsed by the second certificate authority, to provide all authentication data in an easily accessed location for verification purpose by the computer platform. As per claim 6, Contreras Munoz teaches the apparatus of claim 1 as well as generate a plurality of certificates ([0049], generating certificates for authenticating the memory modules), wherein each certificate of the plurality of certificates comprises a unique public key corresponding to a unique private key that is associated with a respective memory system of a plurality of memory systems ([0049], each certificate has an associated public key and private key) and further comprises a signature generated based at least in part on the second private key stored at the apparatus ([0017] and [0049], using private key to generate signature for verification of certificate). Contreras Munoz does not explicitly teach generate a plurality of certificates a unique private key that is associated with a respective memory system of a plurality of memory systems and further comprises a signature generated based at least in part on the second private key stored at the apparatus; and store the plurality of certificates at the apparatus. Benedict teaches and store the plurality of certificates at the apparatus (Fig. 1, [0002] and [0014], certificates are stored at the SPD hub for verification and authentication of the memory module). At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Contreras Munoz with the teachings of Benedict, generate a plurality of certificates, wherein each certificate of the plurality comprises a unique public key corresponding to a unique private key that is associated with a respective memory system of a plurality of memory systems and further comprises a signature generated based at least in part on the second private key stored at the apparatus; and store the plurality of certificates at the apparatus, to provide all authentication data in an easily accessed location for verification purpose by the computer platform. As per claim 24, the substance of the claimed invention is identical or substantially similar to that of claim 5. Accordingly, this claim is rejected under the same rationale. As per claim 25, the substance of the claimed invention is identical or substantially similar to that of claim 6. Accordingly, this claim is rejected under the same rationale. Response to Arguments Applicant's arguments with respect to the rejection of claims 1-13 and 20-26 under 35 U.S.C. 102 and 103 have been fully considered but they are not persuasive. As per claim 1, Applicant argues that the cited prior art reference, Contreras Munoz, does not teach “a first certificate comprising … an indication of a characteristic of the memory system.” Applicant reasons that while the message response signal of Contreras Munoz contains an indication of a characteristic, it cannot be construed to be a part of the first certificate and thus does not teach this feature. Examiner submits that while Contreras Munoz may discuss a measurement response, it also discusses an attribute certificate that includes an identifier that is based on the attribute. See Contreras Munoz at [0050]-[0054]. Examiner interprets this identifier to be an indication of the measurement, i.e. characteristic. Applicant further argues that Contreras Munoz does not teach “verify whether the characteristic … is included in a set of characteristics stored at the apparatus.” Applicant reasons are based on the above argument that Contreras Munoz does not teach a certificate with an indication of a characteristic. Examiner submits that in Contreras Munoz the attribute in the attribute certificate are verified with measurements that are either read or retrieved from the SPD hub. See [0003] and [0077]. Applicant further argues that Contreras Munoz does not teach generating a second certificate that comprises the first public key and a second signature.” Applicant reasons that the root certificate, the attribute certificate and leaf certificate can not be considered a second certificate. Examiner submits that while each of these certificates are distinct, Contreras Munoz does generally describe a chain of certificates which each certificate comprising a public key and are signed by various entities along the chain. To distinguish from the current references of record and to expedite prosecution, Examiner suggests either to include further details about the characteristic in the certificate or to include further details regarding the usage of the second certificate. To expedite prosecution, Examiner is open to conducting an after-final interview to discuss claim amendments to overcome the current rejection and/or place the application in condition for allowance. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Taveira et al. (US PGPUB No. 2024/0036744), Kehlet et al. (US PGPUB No. 2022/0116206), Kanda (US PGPUB No. 2005/0102522), Ponsini et al. (US PGPUB No. 2017/0118196), KAKIZAKI et al. ("A New Method for Reducing the Revocation Delay in the Attribute Authentication," The Second International Conference on Availability, Reliability and Security (ARES'07), Vienna, Austria, 2007, pp. 1175-1182, doi: 10.1109/ARES.2007.10), Park et al. ("Binding identities and attributes using digitally signed certificates," Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00), New Orleans, LA, USA, 2000, pp. 120-127, doi: 10.1109/ACSAC.2000.898865) and Berbecaru ("Verification of X.509 Attribute Certificates for Attribute-based Authorization: A Practical Approach," 2021 25th International Conference on System Theory, Control and Computing (ICSTCC), Iasi, Romania, 2021, pp. 346-351, doi: 10.1109/ICSTCC52150.2021.9607273) all disclose various aspects of the claimed invention including generating certificates for authenticating components of a device. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PETER C SHAW/Primary Examiner, Art Unit 2493 February 25, 2026