DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant’s election without traverse of Group I (Claims 1-10, 11-15) in the reply filed on 11/12/2025 is acknowledged.
Claims 16-20 withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected (Group II), there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 11/12/2025.
Allowable Subject Matter
Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8, 10, 11-15 are rejected under 35 U.S.C. 103 as being unpatentable over Oerton et al (Pub. No. US 2023/0379699) in view of Ko et al (Pub. No. US 2023/0131060).
As per claim 1, Oerton discloses a method comprising: receiving, by at least one processing device, an attestation report corresponding to a root of trust of a computing system, wherein the attestation report is cryptographically signed using a private key unique to the root of trust (…the request for registration includes a report comprising attestation data for the device…this includes measurements of the root of trust on the device…the attestation report received from the device…the request may be signed using an attestation private key that was provisioned on the device during manufacture…see par. 92-93); verifying, by the at least one processing device, the attestation report using a public key corresponding to the private key (…generating and store one set of asymmetric cryptographic keys…once the keys are generated, the device contacts the distributed ledger network as part of a request for registration…the request for registration includes a report comprising attestation for the device…this includes measurements of the root of trust on the device such as hash value computed for the device and can include public keys generated by the device…a node of the attestation channel obtains the request for registration, and can execute chaincode to verify the attestation data against information stored in the attestation channel distributed ledger, such as the attestation public key…see par. 92-93). Oerton does not explicitly disclose based at least upon successful verification of the attestation report, issuing, by at least one processing device, an entitlement token for the root of trust allowing the root of trust to take one or more actions with respect to a system component secured by the root of trust. However Ko discloses based at least upon successful verification of the attestation report, issuing, by at least one processing device, an entitlement token for the root of trust allowing the root of trust to take one or more actions with respect to a system component secured by the root of trust (…the API call includes the attestation token that is used to further validate by the data storage that the secure enclave is the trusted source requesting the information/data via the API call…the confidential/sensitive data and information can be provided to the secure enclave for provision to the requestor if the API call source is validated by the data storage…the attestation service generates the attestation token for the secure enclave that includes a hashed value of the public key in the secure quote…the API call is made from the secure enclave to the data storage to establish a secure communication session based on the signed certificate for the secure enclave… …see par. 29). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ko in Oerton for including the above limitations because one ordinary skill in the art would recognize it would further improve secure authentication and authorization of accessing to data…see Ko, par. 3.
As per claim 11, Oerton discloses a system comprising: a memory device; and a processing device coupled to the memory device (see fig.2), wherein the processing device is configured to perform operations comprising: receiving an attestation report corresponding to a root of trust of a computing system, wherein the attestation report is cryptographically signed using a private key unique to the root of trust (…the request for registration includes a report comprising attestation data for the device…this includes measurements of the root of trust on the device…the attestation report received from the device…the request may be signed using an attestation private key that was provisioned on the device during manufacture…see par. 92-93); verifying the attestation report using a public key corresponding to the private key (…generating and store one set of asymmetric cryptographic keys…once the keys are generated, the device contacts the distributed ledger network as part of a request for registration…the request for registration includes a report comprising attestation for the device…this includes measurements of the root of trust on the device such as hash value computed for the device and can include public keys generated by the device…a node of the attestation channel obtains the request for registration, and can execute chaincode to verify the attestation data against information stored in the attestation channel distributed ledger, such as the attestation public key…see par. 92-93). Oerton does not explicitly disclose based at least upon successful verification of the attestation report, issuing an entitlement token for the root of trust allowing the root of trust to take one or more actions with respect to a system component secured by the root of trust. However Ko discloses based at least upon successful verification of the attestation report, issuing an entitlement token for the root of trust allowing the root of trust to take one or more actions with respect to a system component secured by the root of trust (…the API call includes the attestation token that is used to further validate by the data storage that the secure enclave is the trusted source requesting the information/data via the API call…the confidential/sensitive data and information can be provided to the secure enclave for provision to the requestor if the API call source is validated by the data storage…the attestation service generates the attestation token for the secure enclave that includes a hashed value of the public key in the secure quote…the API call is made from the secure enclave to the data storage to establish a secure communication session based on the signed certificate for the secure enclave…see par. 29). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ko in Oerton for including the above limitations because one ordinary skill in the art would recognize it would further improve secure authentication and authorization of accessing to data…see Ko, par. 3.
As per claims 2, 12, the combination of Oerton and Ko discloses wherein the attestation report includes a signing certificate of the root of trust, the method further comprising: determining the public key corresponding to the private key using the signing certificate (Oerton: see par. 52).
As per claims 3, 13, the combination of Oerton and Ko discloses wherein the attestation report includes at least one state measurement (Oerton: see par. 93), and wherein the entitlement token that is issued comprises the at least one state measurement (Ko: see par. 70). The motivation for claims 3, 13 is the same motivation as in claims 1, 11.
As per claims 4, 14, the combination of Oerton and Ko discloses wherein the attestation report includes at least one state measurement, and wherein verifying the attestation report comprises: determining whether the at least one state measurement satisfies a security policy (Oerton: see par. 93).
As per claim 5, the combination of Oerton and Ko discloses wherein the at least one state measurement comprises at least one of a device identifier or a firmware version, and wherein the security policy indicates whether at least one of the device identifier (Oerton: see par. 93) or the firmware version is authorized to receive an entitlement token.
As per claims 6, 15, the combination of Oerton and Ko discloses transmitting a request to the computing system for an attestation report from the root of trust, wherein the request comprises an authentication challenge and wherein the authentication challenge is included in the attestation report that is cryptographically signed (Oerton: see par. 52).
As per claim 7, the combination of Oerton and Ko discloses transmitting the entitlement token to the computing system for installation by the root of trust; and receiving a confirmation that the entitlement token was successfully installed by the root of trust (Ko: see par. 71-72). The motivation for claim 7 is the same motivation as in claim 1 above.
As per claim 8, the combination of Oerton and Ko discloses issuing a request to the root of trust to remove the entitlement token; and receiving a confirmation that the entitlement token was successfully removed by the root of trust (Ko: see par. 80-81). The motivation for claim 8 is the same motivation as in claim 1 above.
As per claim 10, the combination of Oerton and Ko discloses wherein the one or more actions comprise at least one of: affecting a change in a software of the system component, or configuring a feature provided by the software of the system component (Ko: see par. 92-93). The motivation for claim 10 is the same motivation as in claim 1.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to improve managing the software and/or features available on components of a computer system.
Juels et al (Pat. No. US 9659177); “Authentication Token with Controlled Release of Authentication Information Based on Client Attestation”;
-Teaches the attestation checker is configured to consume one or more platform attestations generated by the authentication token, in order to support mutual attestation checking by the authentication token and the client…see col.5 lines 9-11.
Muller et al (Pub. No. US 2020/0026857); “Host Software Metadata Verification During Remote Attestation”;
-Teaches TPM is configured to generate cryptographic data in response to measuring the running software components of software platform…see par. 15.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499