STORAGE DEVICE, AND METHOD AND SYSTEM FOR VERIFYING AND AUTHORIZING BY USING STORAGE DEVICE

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/11/2025 has been entered. Information Disclosure Statement The 1/6/2026 IDS document has been considered by the examiner. Response to Amendment / Arguments Regarding claims rejected under 35 USC 103: Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-15 and 17-20 rejected under 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph, as based on a disclosure which is not enabling. The disclosure does not enable one of ordinary skill in the art to practice the invention without describing the specific implementation of “in response to the electronic device determining that the predetermined hardware information matches device hardware information of the electronic device” as in independent claims 1, 9, and 17. Specifically, neither the claims nor the specification describe how the “storage device” is made to know that the electronic device has determined that “the predetermined hardware information matches device hardware information of the electronic device.” The claims are drawn to a storage device providing at least one image file “in response to” this determination made by another device, but do not specify any communication of the determination back to the storage device on behalf of the electronic device. Where the specification concerns this “in response to” claim element, it likewise fails to describe how the storage device is made aware of the determination. Paragraphs [0006], [0038], [0046], and [0049] of the specification concern this claim limitation. But they use the same language (i.e., generic “in response to”) or state that “[c]orrespondingly, the storage device 12 may determine that the predetermined hardware information matches the device hardware information of the electronic device 13,” where the storage device itself makes its own separate the determination of this match. At best, the specification merely describes the storage device providing the image after its own determination of a successful match. However, the specification is silent as to the electronic device notifying the storage device of its determination. The dependent claims do not fix this deficiency and are therefore likewise rejected with their respective parent claims. Claims 1-8 and 17-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Independent claim 1 is drawn to the apparatus of “[a] storage device,” with the claim describing what “the storage device is configured to” do. However, claim 1 further recites “to cause the electronic device to decrypt the certificate using the public key to obtain predetermined hardware information and service information of the service from the certificate” and “in response to the electronic device determining that the predetermined hardware information matches device hardware information of the electronic device, [provide the at least one image file to the electronic device] to cause the electronic device to run the at least one image file to access the service.” Except for the bracketed portion, all of this language is directed to functionality of the electronic device rather than the claimed storage device. Since the claim is not drawn to the electronic device (which is outside of the claim scope), then one of ordinary skill in the art would not be able to interpret the metes and bounds of the claims so as to understand how to avoid infringement, in particular in view of prosecution estoppel and applicant amending and arguing language directed to an external device outside the scope of the claim. Independent claim 17 is drawn to a “verification and authorization system, comprising a storage device” and “a product server.” However, claim 17 recites substantially the same language as in claim 1 regarding an electronic device: i.e., “providing the public key to the electronic device to cause the electronic device to decrypt the certificate using the public key to obtain the predetermined hardware information and the service information of the service from the certificate” and “in response to the electronic device determining that the predetermined hardware information matches device hardware information of the electronic device, [providing the at least one image file to the electronic device] to cause the electronic device to run the at least one image file to access the service.” Since the system of independent claim 17 does not comprise the “electronic device,” then it is likewise rejected for the same reasons as claim 1 above. Specifically, one of ordinary skill in the art would not be able to interpret the scope of the claim with respect to “decrypt the certificate using the public key to obtain the predetermined hardware information and the service information,” “in response to the electronic device determining that the predetermined hardware information matches device hardware information of the electronic device,” and “to cause the electronic device to run the at least one image file to access the service.” The dependent claims do not fix the identified deficiencies, and are therefore likewise rejected with their respective parent claims. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-2, 4-10, and 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Azema (US 2004/0025010 A1) in view of Doyle (US 2009/0063849 A1). Regarding claim 1, Azema discloses: A storage device (external memory 14 in FIG. 1 of Azema), storing a public key (public keys stored in certificate in TABLE 1 and FIG. 1-2 of Azema—e.g., manufacturer’s public key), a certificate (certificates stored in the external memory as in FIG. 1 of Azema—e.g., manufacturer’s certificate), and at least one image file corresponding to a service (system boot firmware stored in the external memory as in FIG. 1 of Azema—also see application software in FIG. 1), the storage device is configured to: in response to determining that the storage device is connected (e.g., 54 in FIG. 3 and [0054] of Azema concerning power-on and connection) to an electronic device (particular computing device in Azema—e.g., FIG. 1), provide the public key to the electronic device (e.g., [0058] of Azema) to cause the electronic device to decrypt the certificate using the public key to obtain predetermined hardware information (e.g., DIE_ID in TABLE 1 of Azema); and Refer to at least [0051]-[0053], [0063], and [0066] of Azema with respect to decrypting the manufacturer’s certificate as part of the process of verifying integrity. Refer to at least [0074]-[0077] of Azema with respect to obtaining the DIE_ID after the decryption step as part of the process of verifying integrity. in response to the electronic device determining that the predetermined hardware information matches device hardware information of the electronic device, provide the at least one image file to the electronic device to cause the electronic device to run the at least one image file to access the service, Refer to at least the abstract, [0064], and [0077]-[0078] of Azema with respect to only ensuring only valid firmware is loaded to the particular electronic device based on the process of verifying integrity (i.e., including matching the DIE_ID as in [0077] of Azema). Azema does not specify: further obtaining and service information of the service from the certificate (the manufacturer certificate); wherein the service information of the service indicates that the electronic device is authorized to use the service. However, Azema in view of Doyle discloses: further obtaining and service information of the service from the certificate (the manufacturer certificate); wherein the service information of the service indicates that the electronic device is authorized to use the service. Refer to at least 160 in FIG. 1, 190 in FIG. 2, [0011]-[0012], and [0026]-[0028] of Doyle with respect to an encrypted certificate (e.g., manufacturer certificate) and extensions generated for a specific distribution of a virtual appliance to a specific customer. The extensions comprise configuration parameters and constraints, including for licensure control. The teachings of both Azema and Doyle concern secure software installation using certificate-based verification, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Azema to further implement the device certificate and extensions of Doyle to allow for more granular software distribution rights (e.g., [0032] of Doyle with respect to a specific customer and configuration associated with a given virtual appliance). Regarding claim 2, Azema-Doyle discloses: The storage device according to claim 1, wherein the at least one image file comprises a product image file (firmware 30 in Azema) corresponding to an operating environment of the service (virtual environment 230 in Doyle), and the storage device is further configured to: in response to determining that the storage device is connected to the electronic device, provide the product image file to cause the electronic device to run the product image file to operate the operating environment of the service (e.g., virtual environment / OS 230 for virtual applicant 240 in FIG> 2 of Doyle). Refer to at least FIG. 1 and [0035] of Azema with respect to system boot firmware 30 (i.e., for booting an OS). Refer to at least the abstract, [0035]-[0036], and [0080] of Azema with respect to additionally verifying integrity for application software and data files. This claim would have been obvious for substantially the same reasons as claim 1 above. Regarding claim 4, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations and obviousness rationale). Regarding claim 5, Azema-Doyle discloses: The storage device according to claim 1, wherein the predetermined hardware information comprises a predetermined hardware manufacturing serial number, and the device hardware information comprises a device hardware manufacturing serial number, wherein in response to determining that the predetermined hardware manufacturing serial number matches the device hardware manufacturing serial number, it is determined that the predetermined hardware information matches the device hardware information of the electronic device. Refer to at least TABLE 1, [0051]-[0053], and [0077] of Azema with respect to matching the DIE_ID as part of verifying integrity. It is noted that the cited portions also concern additional values such as an IMEI. Regarding claim 6, it is rejected for substantially the same reasons as claim 5 above. Regarding claim 7, Azema-Doyle discloses: The storage device according to claim 1, wherein the service information of the service comprises an authorization period of the service, and in response to determining that a system time of the electronic device is within the authorization period, it is determined that the service information of the service indicates that the electronic device is authorized to use the service. Refer to at least [0040] of Azema with respect to expiration dates for certificates as they are known in the art. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Azema-Doyle to additionally implement expiration dates as part the certificate-based verification because design incentives or market forces provided a reason to make an adaptation (i.e., renting or leasing rights for a time; preventing use of expired software products), and the invention resulted from application of the prior knowledge in a predictable manner (checking certificate expiration date). Regarding claim 8, Azema-Doyle discloses: The storage device according to claim 1, wherein the storage device is a portable storage device. Refer to at least 14 in FIG. 1 of Azema with respect to external non-volatile memory. Refer to at least [0010] and [0013] of Doyle with respect to known in the art memory devices, including flash memory cards/sticks. The claim would have been obvious because the particular known technique of using a portable storage device as external memory was recognized as part of the ordinary capabilities of one skilled in the art. Regarding independent claim 9, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations and obviousness rationale). Regarding dependent claims 10 and 12-15, they are substantially similar to claims 2 and 4-7 above, and are therefore likewise rejected. Claim(s) 3 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Azema-Doyle as applied to claims 1-2, 4-10, and 12-15 above, and further in view of Sapuntzakis (US 8,527,982 B1). Regarding claim 3, Azema-Doyle does not specify: in response to determining that the predetermined hardware information matches the device hardware information of the electronic device, cause the electronic device to provide a user interface in the operating environment, wherein the user interface has a service menu, and the service menu comprises a service option corresponding to the service; and in response to determining that the service option is selected, cause the electronic device to determine whether the service information of the service indicates that the electronic device is authorized to use the service. However, Azema-Doyle in view of Sapuntzakis discloses: in response to determining that the predetermined hardware information matches the device hardware information of the electronic device, cause the electronic device to provide a user interface in the operating environment, wherein the user interface has a service menu, and the service menu comprises a service option corresponding to the service; and in response to determining that the service option is selected, cause the electronic device to determine whether the service information of the service indicates that the electronic device is authorized to use the service. Refer to at least Col. 6, LI. 37-67, Col. 7, LI. 4-10, and Col. 9, LI. 5-14 of Sapuntzakis with respect to access controls associated with a user interface that allows selection of relevant software associated with a peripheral. The teachings of Sapuntzakis likewise concern secure software installation using certificate-based verification, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant's invention to modify the teachings of Azema-Doyle to further implement a user interface and associated access controls for at least the purpose of providing support for having multiple host devices' software installed on a single peripheral. In that way, a single peripheral can conveniently be used to work with multiple host devices. Regarding claim 11, it is substantially similar to claim 3 above, and is therefore likewise rejected. Claim(s) 17 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Azema (US 2004/0025010 A1) in view of Doyle (US 2009/0063849 A1) and Hughes (US 2008/0319779 A1). Regarding independent claim 17, it is substantially similar to independent claim 1 where it recites “A verification and authorization system, comprising: a storage device” and "wherein the storage device is configured to execute… wherein the service information of the service indicates that the electronic device is authorized to use the service." As such, these limitations are rejected under the same citations as in claim 1 above. Azema discloses the remaining limitations as follows: [the system being] configured to generate a public key and a private key (e.g., [0037] of Azema with respect to generating asymmetric keys), and generate at least one image file based on the service information of the service (e.g., [0035] of Azema with respect to storing firmware and software to the external non-volatile memory); and generate a certificate based on the private key, the predetermined hardware information (e.g., [0047]-[0054] of Azema with respect to generating the manufacturer’s certificate), and store the public key, the certificate, and the at least one image file in the storage device (e.g., 36 and TABLE 1 in Azema with respect to storing the manufacturer’s certificate in the external non-volatile memory). Azema does not specify: a product server; in response to a service application request, obtain predetermined hardware information and service information of a service that is applied; generating the keys corresponding to the service application request; generating the manufacturer’s certificate further based on the service information of the service. However, Azema in view of Doyle discloses: generating the manufacturer’s certificate further based on the service information of the service. Refer to at least FIG. 1 and [0023] of Doyle with respect to generating the device certificate at the manufacturer including its extensions. The extensions comprise configuration parameters and constraints, including for licensure control (e.g., [0028] of Doyle). The teachings of both Azema and Doyle concern secure software installation using certificate-based verification, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Azema to further implement generating and validating the device certificate and extensions of Doyle to allow for more granular software distribution rights (e.g., [0032] of Doyle with respect to a specific customer and configuration associated with a given virtual appliance). Azema-Doyle does not specify: in response to a service application request, obtain predetermined hardware information and service information of a service that is applied; generating the keys corresponding to the service application request. However, Azema-Doyle in view of Hughes discloses: in response to a service application request, obtain predetermined hardware information and service information of a service that is applied; Refer to at least [0034], [0039]-[0041], and [0046]-[0048] of Hughes with respect to a request to the server to associate hardware with a particular application program. generating the keys corresponding to the service application request. Refer to at least [0033], [0046], and [0061]-[0062] of Hughes with respect to generating keys associated with the application program. The teachings of Hughes likewise concern secure software installation using certificate-based verification, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Azema-Doyle to further implement generating the certificate and key pair responsive to a request because design incentives or market forces provided a reason to make an adaptation (i.e., providing software on-demand), and the invention resulted from application of the prior knowledge in a predictable manner (obtaining the input values for generation from a given source). Regarding claims 19-20, they are substantially similar to claims 5-7 above, and are therefore likewise rejected. Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Azema-Doyle-Hughes as applied to claims 17 and 19-20 above, and further in view of Sapuntzakis (US 8,527,982 B1). Regarding claim 18, it is substantially similar to elements of claims 2-4, and is therefore rejected under the same analyses as claims 2-4 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432 /V.S/Examiner, Art Unit 2432