Office Action Predictor
Last updated: April 15, 2026
Application No. 18/531,059

STORAGE SYSTEM INCLUDING STORAGE DEVICE AND HOST PROVISIONING CERTIFICATE INTO THE STORAGE DEVICE, SYSTEM INCLUDING THE STORAGE SYSTEM, AND METHOD OF OPERATING THE SYSTEM

Non-Final OA §103
Filed
Dec 06, 2023
Examiner
KONG, ALAN LINGQIAN
Art Unit
2494
Tech Center
2400 — Computer Networks
Assignee
Samsung Electronics Co., LTD.
OA Round
1 (Non-Final)
79%
Grant Probability
Favorable
1-2
OA Rounds
2y 9m
To Grant
99%
With Interview

Examiner Intelligence

Grants 79% — above average
79%
Career Allow Rate
81 granted / 102 resolved
+21.4% vs TC avg
Strong +38% interview lift
Without
With
+37.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
20 currently pending
Career history
122
Total Applications
across all art units

Statute-Specific Performance

§101
3.2%
-36.8% vs TC avg
§103
71.0%
+31.0% vs TC avg
§102
6.7%
-33.3% vs TC avg
§112
15.1%
-24.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 102 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after 16 March 2013, is being examined under the first inventor to file provisions of the AIA . This action is in reply to papers filed on 06 December 2023. Claims 1, 9, and 16 are independent. Claims 1-20 are pending. Priority Acknowledgment is made of Applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). This application claims the foreign priority of foreign patent application KR10-2023-0009027, filed 20 January 2023. Receipt is acknowledged of certified copies required by 37 CFR 1.55. Information Disclosure Statement The information disclosure statements (IDS) submitted on 06 December 2023 and 12 June 2024 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “… first device … configured to …” in claims 1-5 and 9. “… second device … configured to …” in claims 1, 4, and 9. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 9-10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Zhao et al., US 10,516,654 B2 (hereinafter, “Zhao ‘654”), in view of Nix et al., US 2022/0006625 A1 (hereinafter, “Nix ‘625”), and further in view of Dewan et al., US 2019/0044708 A1 (hereinafter, “Dewan ‘708”). As per claim 1, Zhao ‘654 discloses: A system comprising: a storage device configured to execute a software image (under the broadest reasonable interpretation, “execute a software image” encompasses executing software, firmware, or bootloader code to perform operations; child device 120 is an IoT edge device that executes sub-flow operations including protocol operations involving cryptographic computations, where such operations necessarily require execution of software or firmware code; the protocol method is performed by hardware, software, and/or firmware [Zhao ‘654, Col.2 lines 18-44, Col.4 lines 40-65, Col.8 lines 37-47, Col.9 line 23-Col.10 line 2]); a first device storing a first secret key and a first public key associated with the first secret key (guardian device 130/315 stores a secret key and a corresponding public key, where the guardian device has a private Diffie-Hellman (DH) key and public DH key used in the SIGMA protocol [Zhao ‘654, Col.7 lines 11-17, Col.8 line 60-Col.9 line 15; Fig.3]); and a second device configured to store a first key and a second key (parent device 110/310 acts as a key provisioning server and stores a parent key kek (first key) and generates key material k (second key) [Zhao ‘654, Col.7 lines 32-42, Col.8 lines 14-36; Fig.1, Fig.3]), receive the first public key from the first device (parent device 310 receives the public key from guardian device 315 during the SIGMA mutual authentication protocol [Zhao ‘654, Col.7 lines 11-23; Fig.3]), the first device being configured to obtain (guardian device 130/315 obtains the key material k by decrypting token α based on the shared key ek derived during the SIGMA protocol, where token α is encrypted using the guardian’s public key [Zhao ‘654, Col.7 lines 29-36; Fig.3]) and provide (guardian device 130/315 forwards token β containing the key material k to child device 120/305 [Zhao ‘654, Col.7 lines 37-42, Col.9 line 23-Col.10 line 2; Fig.3]), the storage device being further configured to obtain (child device 120/305 decrypts token β to obtain the key material k using its parent key kek (first key), where the parent key kek is provisioned into the child device during manufacture [Zhao ‘654, Col.3 lines 3-22, Col.7 lines 58-59, Col.8 lines 14-36, Col.9 line 23-Col.10 line 2]), and the first device being further configured to provision, based on the second key, a certificate for a unique key of the storage device into the storage device (after establishing the shared key sk derived from key material k, guardian device 130/315 and child device 120/305 have established a trust relationship with certificate verification mechanisms in place, enabling subsequent certificate provisioning operations for the child device’s unique key [Zhao ‘654, Col.8 lines 1-13, Col.8 line 60-Col.9 line 22; Col.10 lines 13-18; Fig.3]). As stated above, Zhao ‘654 does not explicitly disclose the limitations: “... generate a first ciphertext for an updated software image and the second key, based on the first key, and generate a second ciphertext for the first ciphertext and the second key, based on the first public key ... the first device being configured to obtain the first ciphertext and the second key ... and provide the first ciphertext and the second key ... the storage device being further configured to obtain the updated software image and the second key by decrypting the first ciphertext based on the first key ...”. Nix ‘625, however, discloses: ... generate a (server encrypts firmware image using a firmware key to generate ciphertext firmware [Nix ‘625, ¶¶24, 28, 170]) generate a second ciphertext for (server encrypts the firmware key using a mutually derived symmetric ciphering key to generate ciphertext firmware key, where the mutually derived symmetric ciphering key is derived using the primary platform’s public key through an Elliptic Curve Diffie Hellman (ECDH) key exchange [Nix ‘625, ¶¶23-24]) ... the first device being configured to obtain the second key ... and provide the second key (the server provides the ciphertext firmware key to the device [Nix ‘625, ¶24]) ... the storage device being further configured to obtain the updated software image and the second key (primary platform receives and decrypts the ciphertext firmware key to obtain the plaintext firmware key, then uses the plaintext firmware key to decrypt the ciphertext firmware to obtain the updated firmware image [Nix ‘625, ¶¶26-28, 170]) Zhao ‘654 and Nix ‘625 are analogous art because they are from the same field of endeavor, namely that of securely distributing cryptographic keys and software/firmware to resource-constrained devices in a multi-party architecture. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 and Nix ‘625 before them, to modify the key distribution system of Zhao ‘654 to include the teachings of Nix ‘625, namely to implement the key distribution protocol of Zhao ‘654 where the parent device 110 not only distributes the key material k but also distributes updated firmware to the child device 120, where the firmware is encrypted with a firmware key and the firmware key is separately encrypted using the guardian device’s public key, as disclosed in Nix ‘625, creating a bound image structure that bundles the encrypted firmware and encrypted firmware key together for secure delivery. A motivation for doing so would be to enable secure firmware updates to IoT devices while preventing unauthorized interception or substitution attacks during transmission, where the multi-layer encryption ensures that only the authorized guardian device can access the firmware key and only the authorized child device can access the firmware itself, thereby improving security of firmware distribution in IoT deployments (see Nix ‘625, ¶¶2-3, 8, 24). As stated above, Zhao ‘654 in view of Nix ‘625 does not explicitly disclose the limitations: “... generate a first ciphertext for an updated software image and the second key, based on the first key ... generate a second ciphertext for the first ciphertext and the second key, based on the first public key ... the first device being configured to obtain the first ciphertext and the second key ... and provide the first ciphertext and the second key ... the storage device being further configured to obtain the updated software image and the second key by decrypting the first ciphertext based on the first key ...”. Dewan ‘708, however, discloses: ... generate a first ciphertext for an updated software image and the second key, based on the first key (a sensor device key (manufacturing key, analogous to first key) is embedded in the firmware of the sensor, and sets of encrypted symmetric keys (analogous to second key) may be embedded in the firmware, where the firmware containing the embedded keys is encrypted to create encrypted firmware (first ciphertext) using the sensor device key [Dewan ‘708, ¶¶41, 54, 58]) ... generate a second ciphertext for the first ciphertext and the second key, based on the first public key (the encrypted firmware containing the embedded encrypted symmetric keys is further encrypted using public key cryptography [Dewan ‘708, ¶¶54, 58]) ... the first device being configured to obtain the first ciphertext and the second key (the server receives and can access the encrypted firmware containing the embedded keys [Dewan ‘708, ¶¶54, 58]) ... and provide the first ciphertext and the second key (the server provides the encrypted firmware bundle to the sensor device [Dewan ‘708, ¶¶54, 58]) ... the storage device being further configured to obtain the updated software image and the second key by decrypting the first ciphertext based on the first key (the sensor device decrypts the encrypted firmware using its sensor device key (manufacturing key) to obtain both the firmware and the embedded encrypted symmetric keys [Dewan ‘708, ¶¶41, 54, 58]) ... Zhao ‘654 (modified by Nix ‘625) and Dewan ‘708 are analogous art because they are from the same field of endeavor, namely that of securely distributing cryptographic keys and firmware to resource-constrained IoT devices. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625) and Dewan ‘708 before them, to modify the key and firmware distribution system of Zhao ‘654 (modified by Nix ‘625) to include the teachings of Dewan ‘708, namely to implement the bound image structure of Nix ‘625 where the firmware key (key material k) is not transmitted separately from the encrypted firmware, but rather is embedded within the encrypted firmware itself, as disclosed in Dewan ‘708, such that when the parent device 110 generates token β for the child device 120, the token β contains encrypted firmware with the session key embedded within it, where the entire bundle is encrypted using the child device’s manufacturing key (parent key kek), and where this encrypted firmware bundle is then further encrypted using the guardian device’s public key for secure transmission through the guardian device 130. A motivation for doing so would be to enable secure provisioning of both firmware updates and session keys to IoT devices while reducing the number of separate encrypted payloads that must be transmitted and managed, where embedding the session key within the encrypted firmware ensures that the firmware and the session key are cryptographically bound together and cannot be separated or substituted during transmission, thereby preventing mix-and-match attacks where an adversary might attempt to combine old firmware with new keys or vice versa (see Dewan ‘708, ¶¶41, 54, 58). As per claim 9, Zhao ‘654 discloses: A method of operating a system, the system comprising a storage device storing a first key and configured to execute a software image, a first device configured to control the storage device, and a providing, by the second device, the first device with (parent device 110/310 acting as a key provisioning server provides guardian device 130/315 with key material k (second key) encrypted together in token β as a first ciphertext, where token β is encrypted using the parent key kek (first key) provisioned into child device 120/305 during manufacture [Zhao ‘654, Col.3 lines 3-22, Col.7 lines 37-43, Col.15 lines 43-46; Fig.3]); providing, by the first device, the first ciphertext to the storage device (guardian device 130/315 forwards token β containing the encrypted key material k to child device 120/305 [Zhao ‘654, Col.9 line 23-Col.10 line 2; Fig.3]); encrypting, by the second device, the second key based on a public key received from the first device (parent device 110/310 encrypts key material k in token α using the shared key ek derived from guardian device’s public key during SIGMA protocol [Zhao ‘654, Col.7 lines 11-23, Col.7 lines 34-36; Fig.3]); decrypting, by the first device, the encrypted second key based on a secret key associated with the public key (guardian device 130/315 decrypts token α to obtain key material k using the shared key ek derived from guardian’s secret key [Zhao ‘654, Col.7 lines 45-48, Col.9 lines 16-22; Fig.3]); obtaining, by the storage device, (child device 120/305 decrypts token β to obtain key material k using its parent key kek (first key) provisioned during manufacture [Zhao ‘654, Col.7 lines 58-59, Col.9 line 23-Col.10 line 2, Col.15 lines 43-46]); establishing a secure session between the first device and the storage device based on the second key (after guardian device 130/315 and child device 120/305 both obtain key material k (second key), the protocol concludes with successful establishment of a secret shared key sk derived from key material k, establishing a trust relationship and secure session between guardian and child [Zhao ‘654, Col.7 lines 53-57, Col.8 lines 1-13, Col.10 lines 13-18; Fig.3]); and provisioning, by the first device, a certificate for a unique key of the storage device into the storage device within the secure session (after establishing the trust relationship and secure session based on shared key sk, guardian device 130/315 provisions a certificate for child device 120/305’s unique key, where certificate operations are performed within the established secure context using certificate verification mechanisms [Zhao ‘654, Col.8 lines 1-13, Col.8 line 60-Col.9 line 15, Col.9 lines 16-22; Fig.3]). As stated above, Zhao ‘654 does not explicitly disclose the limitations: “… second device configured to generate the software image … providing, by the second device, the first device with a second key and an updated software image that are encrypted based on the first key as a first ciphertext ... obtaining, by the storage device, the updated software image and the second key by decrypting the first ciphertext based on the first key ...”. Nix ‘625, however, discloses: ... second device configured to generate the software image (image maker 299 creates and generates firmware images for the primary platform, where the image maker generates or processes firmware 106 for primary platform 101 operating in the device [Nix ‘625, ¶¶16, 159-161]) ... providing, by the second device, the first device with updated software image that are encrypted (server 103 acting as intermediary provides the device with encrypted firmware and encrypted firmware key, where the firmware is updated firmware for the primary platform, and where server 103 receives the firmware from image maker 299 [Nix ‘625, ¶¶24, 26-28, 170]) ... obtaining, by the storage device, the updated software image and Zhao ‘654 and Nix ‘625 are analogous art because they are from the same field of endeavor, namely that of securely distributing cryptographic keys and software/firmware to resource-constrained devices in a multi-party architecture. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 and Nix ‘625 before them, to modify the key distribution method of Zhao ‘654 to include the teachings of Nix ‘625, namely to implement the key distribution protocol of Zhao ‘654 where the parent device 110 (acting as key provisioning server) not only distributes the key material k but also distributes updated firmware generated by an image maker to the child device 120, where the firmware is encrypted with a firmware key and the firmware key is separately encrypted using the guardian device’s public key, as disclosed in Nix ‘625, creating a bound image structure that bundles the encrypted firmware and encrypted firmware key together for secure delivery. A motivation for doing so would be to enable secure firmware updates to IoT devices while preventing unauthorized interception or substitution attacks during transmission, where the multi-layer encryption ensures that only the authorized guardian device can access the firmware key and only the authorized child device can access the firmware itself, thereby improving security of firmware distribution in IoT deployments (see Nix ‘625, ¶¶2-3, 8, 16, 24). As stated above, Zhao ‘654 in view of Nix ‘625 does not explicitly disclose the limitations: “providing, by the second device, the first device with a second key and an updated software image that are encrypted based on the first key as a first ciphertext ... obtaining, by the storage device, the updated software image and the second key by decrypting the first ciphertext based on the first key ...”. Dewan ‘708, however, discloses: ... providing, by the second device, the first device with a second key and an updated software image that are encrypted based on the first key as a first ciphertext (a sensor device key (manufacturing key, analogous to first key) is embedded in the firmware of the sensor, and sets of encrypted symmetric keys (analogous to second key) may be embedded in the firmware, where the firmware containing the embedded keys is encrypted to create encrypted firmware (first ciphertext) using the sensor device key, and where the sensor is provisioned with the sensor device key during manufacture and the encrypted firmware bundle is provided to the sensor via a server [Dewan ‘708, ¶¶24, 41, 54, 58]) ... obtaining, by the storage device, the updated software image and the second key by decrypting the first ciphertext based on the first key (the sensor device decrypts the encrypted firmware using its sensor device key (manufacturing key) to obtain both the firmware and the embedded encrypted symmetric keys [Dewan ‘708, ¶¶41, 54, 58]) ... Zhao ‘654 (modified by Nix ‘625) and Dewan ‘708 are analogous art because they are from the same field of endeavor, namely that of securely distributing cryptographic keys and firmware to resource-constrained IoT devices. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625) and Dewan ‘708 before them, to modify the key and firmware distribution method of Zhao ‘654 (modified by Nix ‘625) to include the teachings of Dewan ‘708, namely to implement the bound image structure of Nix ‘625 where the firmware key (key material k) is not transmitted separately from the encrypted firmware, but rather is embedded within the encrypted firmware itself, as disclosed in Dewan ‘708, such that when the parent device 110 provides encrypted firmware and keys to guardian device 130 (which forwards to child device 120), the firmware and session key are bundled together and encrypted using the child device’s manufacturing key (parent key kek) provisioned during manufacture, as taught by both Zhao ‘654 and Dewan ‘708, and where this encrypted firmware bundle is then further encrypted using the guardian device’s public key for secure transmission through the guardian device 130. A motivation for doing so would be to enable secure provisioning of both firmware updates and session keys to IoT devices while reducing the number of separate encrypted payloads that must be transmitted and managed, where embedding the session key within the encrypted firmware ensures that the firmware and the session key are cryptographically bound together and cannot be separated or substituted during transmission, thereby preventing mix-and-match attacks where an adversary might attempt to combine old firmware with new keys or vice versa (see Dewan ‘708, ¶¶24, 41, 54, 58). As per claim 10: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 9, as stated above, from which claim 10 is dependent upon. Furthermore, Zhao ‘654 discloses: wherein the establishing of the secure session comprises: providing, by the first device, a first request for the establishing of the secure session to the storage device (guardian device 315 initiates the key provisioning session with child device 305; messages 320-330 [Zhao ‘654, Col.8 lines 14-59; Fig. 3]); providing, by the storage device, the first device with a first response comprising a first hash value generated based on the second key for data (guardian device 315 generates a keyed hash based on the nonces and the shared key [Zhao ‘654, Col.8 line 60-Col.9 line 15]); comparing, by the first device, the first hash value with a second hash value generated based on the second key for the data, and transmitting, by the first device, a second request comprising the second hash value to the storage device (parent device 310 further generates its own keyed hash to verify the MAC on the fifth message [Zhao ‘654, Col.8 line 60-Col.9 line 15]); and comparing, by the storage device, the first hash value with the second hash value, and providing, by the storage device, a second response indicating completion of the establishing of the secure session to the first device (guardian device 315 validates token from P indeed contains the same key material authenticated by the session information; child device sends verification message 370 to enable guardian device 315 to verify the session information and derive the shared key sk; sub-flows 365, 380, 395 [Zhao ‘654, Col.9 line 23-Col.10 line 18]). As per claim 16, Zhao ‘654 discloses: A storage system comprising: a storage device storing a first key provisioned during manufacture and configured to execute a software image (child device 120/305 is an IoT edge device that stores parent key kek (first key) provisioned during manufacture, where the parent key is provisioned to the child device during manufacture of the child device, and where the child device executes sub-flow operations including protocol operations involving cryptographic computations, where such operations necessarily require execution of software or firmware code [Zhao ‘654, Col.3 lines 3-22, Col.4 lines 40-65, Col.8 lines 14-47, Col.9 line 23-Col.10 line 2, Col.15 lines 43-46; Fig.1, Fig.3]); and a host storing a secret key and configured to receive (guardian device 130/315 (host) stores a secret key and corresponding public key, and is configured to receive from parent device 110/310: (1) token β (first ciphertext) containing updated software image and key material k (second key) encrypted based on parent key kek (first key), and (2) token α (second ciphertext) containing key material k encrypted based on guardian’s public key [Zhao ‘654, Col.7 lines 34-43, Col.8 line 60-Col.9 line 15; Fig.3]) and obtain the second key by decrypting the second ciphertext based on the secret key (guardian device 130/315 obtains key material k (second key) by decrypting token α (second ciphertext) using the shared key ek derived from guardian’s secret key [Zhao ‘654, Col.7 lines 45-48, Col.9 lines 16-22; Fig.3]), the storage device being further configured to obtain the (child device 120/305 obtains key material k (second key) by decrypting token β (first ciphertext) using parent key kek (first key) provisioned during manufacture [Zhao ‘654, Col.7 lines 58-59, Col.9 line 23-Col.10 line 2, Col.15 lines 43-46]), and the host being further configured to provision, based on the second key, a certificate for a unique key of the storage device into the storage device (after guardian device 130/315 (host) and child device 120/305 (storage device) both obtain key material k (second key), they establish a trust relationship with a shared secret key sk derived from key material k, enabling guardian device to provision a certificate for child device’s unique key, where certificate operations are performed using certificate verification mechanisms [Zhao ‘654, Col.8 lines 1-13, Col.8 line 60-Col.9 line 22, Col.10 lines 13-18; Fig.3]). As stated above, Zhao ‘654 does not explicitly disclose the limitations: “... a host ... configured to receive a first ciphertext encrypted for an updated software image and a second key, based on the first key ... the storage device being further configured to obtain the updated software image and the second key by decrypting the first ciphertext based on the first key ...”. Nix ‘625, however, discloses: ... a host ... configured to receive a first ciphertext encrypted for an updated software image and a second key, (device 102 with PBL agent acting as intermediary host receives from server 103 encrypted firmware (updated firmware for primary platform) and encrypted firmware key for forwarding to the primary platform, where the server receives the firmware from image maker 299 that generates the updated firmware [Nix ‘625, ¶¶16, 24, 26-28, 58, 159-161, 170]) ... the storage device being further configured to obtain the updated software image and the second key (primary platform 101 receives and decrypts the ciphertext firmware key to obtain the plaintext firmware key, then uses the plaintext firmware key to decrypt the ciphertext firmware to obtain the updated plaintext firmware, and sends an updated firmware status to the device [Nix ‘625, ¶¶26-28, 170]) ... Zhao ‘654 and Nix ‘625 are analogous art because they are from the same field of endeavor, namely that of securely distributing cryptographic keys and software/firmware to resource-constrained devices in a multi-party architecture. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 and Nix ‘625 before them, to modify the key distribution system of Zhao ‘654 to include the teachings of Nix ‘625, namely to implement the key distribution protocol of Zhao ‘654 where the parent device 110 not only distributes the key material k but also distributes updated firmware generated by an image maker to the child device 120 via guardian device 130, where the firmware is encrypted with a firmware key and the firmware key is separately encrypted using the guardian device’s public key, as disclosed in Nix ‘625, where the guardian device (host) receives these encrypted payloads and forwards them to the child device (storage device), creating a bound image structure that bundles the encrypted firmware and encrypted firmware key together for secure delivery. A motivation for doing so would be to enable secure firmware updates to IoT devices while preventing unauthorized interception or substitution attacks during transmission, where the multi-layer encryption ensures that only the authorized guardian device can access the firmware key and only the authorized child device can access the firmware itself, thereby improving security of firmware distribution in IoT deployments (see Nix ‘625, ¶¶2-3, 8, 16, 24). As stated above, Zhao ‘654 in view of Nix ‘625 does not explicitly disclose the limitations: “... a host ... configured to receive a first ciphertext encrypted for an updated software image and a second key, based on the first key ... the storage device being further configured to obtain the updated software image and the second key by decrypting the first ciphertext based on the first key ...”. Dewan ‘708, however, discloses: ... a host ... configured to receive a first ciphertext encrypted for an updated software image and a second key, based on the first key (a server (analogous to host) receives encrypted firmware (first ciphertext) containing both the firmware and embedded encrypted symmetric keys (second key), where the firmware bundle is encrypted using the sensor device key (manufacturing key, analogous to first key), and where the encrypted firmware bundle is provided by the server to the sensor device [Dewan ‘708, ¶¶24, 41, 54, 58]) ... the storage device being further configured to obtain the updated software image and the second key by decrypting the first ciphertext based on the first key (the sensor device decrypts the encrypted firmware (first ciphertext) using its sensor device key (manufacturing key, analogous to first key) provisioned during manufacture to obtain both the firmware and the embedded encrypted symmetric keys (second key) [Dewan ‘708, ¶¶24, 41, 54, 58]) ... Zhao ‘654 (modified by Nix ‘625) and Dewan ‘708 are analogous art because they are from the same field of endeavor, namely that of securely distributing cryptographic keys and firmware to resource-constrained IoT devices. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625) and Dewan ‘708 before them, to modify the key and firmware distribution system of Zhao ‘654 (modified by Nix ‘625) to include the teachings of Dewan ‘708, namely to implement the bound image structure of Nix ‘625 where the firmware key (key material k) is not transmitted separately from the encrypted firmware, but rather is embedded within the encrypted firmware itself, as disclosed in Dewan ‘708, such that when the parent device 110 provides encrypted firmware and keys that the guardian device 130 (host) receives and forwards to child device 120 (storage device), the firmware and session key are bundled together and encrypted using the child device’s manufacturing key (parent key kek) provisioned during manufacture, as taught by both Zhao ‘654 and Dewan ‘708, and where this encrypted firmware bundle is then further encrypted using the guardian device’s public key for secure transmission through the guardian device 130. A motivation for doing so would be to enable secure provisioning of both firmware updates and session keys to IoT devices while reducing the number of separate encrypted payloads that must be transmitted and managed, where embedding the session key within the encrypted firmware ensures that the firmware and the session key are cryptographically bound together and cannot be separated or substituted during transmission, thereby preventing mix-and-match attacks where an adversary might attempt to combine old firmware with new keys or vice versa (see Dewan ‘708, ¶¶24, 41, 54, 58). Claims 2-5, 11-13, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Noce, US 2024/0106634 A1 (hereinafter, “Noce ‘634”) As per claim 2: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 2. Noce ‘634, however, discloses: wherein the first device is further configured to generate a third ciphertext by encrypting the certificate based on the second key (the access control device 110 transmits a message 280 that includes authentication information (e.g., a signature concatenated by a certificate) to the client device 120, where the message 280 can be encrypted by the shared secret or shared session key [Noce ‘634, ¶59]), and the storage device is further configured to obtain the certificate by decrypting the third ciphertext based on the second key (the client device 120 verifies the authenticity of the access reader 210 by decrypting the message 280 [Noce ‘634, ¶59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 to include encrypting the certificate using the session key (second key), as disclosed in Noce ‘634. A motivation for doing so would be to protect the certificate from unauthorized access during transmission by encrypting the message containing the certificate with the shared session key (see Noce ‘634, ¶¶2-3, 59). As per claim 3: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Noce ‘634 discloses all limitations of claims 1-2, as stated above, from which claim 3 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 3. Noce ‘634, however, discloses: wherein the first device is further configured to transmit, to the storage device, the second ciphertext and token information that is valid for a reference time period (ephemeral keys represent keys that are session specific and that expire and are no longer usable after some condition is satisfied (e.g., after a threshold period of time elapses) [Noce ‘634, ¶53]), and the first device is further configured to provide the third ciphertext to the storage device if the first device receives the unique key and the token information from the storage device within the reference time period (the access control device and client device exchange authentication information within the session established using the ephemeral keys [Noce ‘634, ¶¶53, 59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) to include the teachings of Noce ‘634. As per claim 4: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Noce ‘634, discloses all limitations of claims 1-3, as stated above, from which claim 4 is dependent upon. Furthermore, Zhao ‘654 discloses: wherein the first device is further configured to provide the token information to the second device (guardian device 315 forwards token β to child device 305 [Zhao ‘654, Col.8 lines 14-59; Fig. 3]), the second device is further configured to generate a fourth ciphertext by encrypting the token information based on the first key (parent device 310 generates token β for child device 305, which includes the key material k, encrypted by the existing parent key kek between P and C [Zhao ‘654, Col.7 lines 37-42]) and provide the fourth ciphertext to the storage device via the first device (guardian device 315 forwards token β to child device 305 in Message 7 [Zhao ‘654, Col.7 lines 49-52; Fig. 3]), and the storage device is further configured to obtain the token information by decrypting the fourth ciphertext based on the first key (child device 305 may decrypt key material k using its parent key kek [Zhao ‘654, Col.9 line 23-Col.10 line 2]). As per claim 5: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 5. Noce ‘634, however, discloses: wherein the storage device is further configured to encrypt a certificate signing request comprising the unique key based on the second key and provide the encrypted certificate signing request to the first device (the client device 120 generates a message 290 that includes a signature of the user device 220 and credential of the user device 220, where the message 290 can be encrypted by the shared secret and sent to the access reader 210 [Noce ‘634, ¶59]), the first device is further configured to decrypt the encrypted certificate signing request based on the second key (the access reader 210 receives and decrypts the encrypted message 290 using the shared session key [Noce ‘634, ¶¶59, 62]), encrypt a certificate chain comprising a plurality of signatures related to the certificate signing request, based on the second key, and provide the encrypted certificate chain to the storage device (the access control device 110 transmits a message 280 that includes authentication information (e.g., a signature concatenated by a certificate) encrypted by the shared session key [Noce ‘634, ¶59]), and the storage device is further configured to decrypt the encrypted certificate chain based on the second key and store the certificate chain (the client device 120 decrypts the message 280 [Noce ‘634, ¶59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure authentication and certificate exchange systems. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to apply Noce ‘634’s teaching of bidirectional encrypted message exchange using a shared session key to the certificate signing request and certificate chain exchange in Zhao ‘654. A motivation for doing so would be to protect all authentication-related communications by encrypting them with the shared session key (see Noce ‘634, ¶¶2-3). As per claim 11: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claims 9-10, as stated above, from which claim 11 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 11. Noce ‘634, however, discloses: wherein the provisioning of the certificate into the storage device comprises: generating, by the first device, a second ciphertext by encrypting the certificate based on the second key (the access control device 110 transmits a message 280 that includes authentication information (e.g., a signature concatenated by a certificate), where the message 280 can be encrypted by the shared session key [Noce ‘634, ¶59]); providing, by the first device, the second ciphertext to the storage device (the message 280 is transmitted to the client device 120 [Noce ‘634, ¶59]); and obtaining, by the storage device, the certificate by decrypting the second ciphertext based on the second key (the client device 120 verifies the authenticity by decrypting the message 280 [Noce ‘634, ¶59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) to include the teachings of Noce ‘634. As per claim 12: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Noce ‘634 discloses all limitations of claims 9-11, as stated above, from which claim 12 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 12. Noce ‘634, however, discloses: further comprising: transmitting, by the first device, token information that is valid for a reference time period and the first ciphertext to the storage device (ephemeral keys represent keys that are session specific and that expire and are no longer usable after some condition is satisfied (e.g., after a threshold period of time elapses) [Noce ‘634, ¶53]); providing, by the first device, the second ciphertext to the storage device based on the first device receiving the unique key and the token information from the storage device within the reference time period (authentication information is exchanged within the session established using the time-limited ephemeral keys [Noce ‘634, ¶¶53, 59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) to include the teachings of Noce ‘634. As per claim 13: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Noce ‘634, discloses all limitations of claims 9-12, as stated above, from which claim 13 is dependent upon. Furthermore, Zhao ‘654 discloses: further comprising: providing, by the first device, the token information to the second device (guardian device 315 receives token information from parent device 310 [Zhao ‘654, Col.8 lines 14-59; Fig. 3]); providing, by the second device, a third ciphertext generated by encrypting the token information based on the first key to the storage device via the first device (parent device 310 generates token β for child device 305, which includes the key material k, encrypted by the existing parent key kek between P and C, and forwards via guardian device; message 360 [Zhao ‘654, Col.7 lines 37-42; Fig. 3]); and obtaining, by the storage device, the token information by decrypting the third ciphertext based on the first key (child device 305 may decrypt key material k using its parent key kek; sub-flow 365 [Zhao ‘654, Col.9 line 23-Col.10 line 2]). As per claim 17: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 16, as stated above, from which claim 17 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 17. Noce ‘634, however, discloses: wherein the host is further configured to provide the storage device with a request comprising a third ciphertext generated by encrypting the certificate based on the second key (the access control device 110 transmits a message 280 that includes authentication information (e.g., a signature concatenated by a certificate), where the message 280 can be encrypted by the shared session key [Noce ‘634, ¶59]), and the storage device is further configured to obtain the certificate by decrypting the third ciphertext based on the second key (the client device 120 verifies the authenticity by decrypting the message 280 [Noce ‘634, ¶59]) and provide the host with a response that notifies storing of the certificate (the client device 120 generates a message 290 that includes a signature and credential and sends it to the access reader 210 [Noce ‘634, ¶59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) to include the teachings of Noce ‘634. As per claim 18: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Noce ‘634 discloses all limitations of claims 16-17, as stated above, from which claim 18 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 17. Noce ‘634, however, discloses: wherein the host is further configured to transmit token information that is valid for a reference time period and the second ciphertext to the storage device (ephemeral keys represent keys that are session specific and that expire and are no longer usable after some condition is satisfied (e.g., after a threshold period of time elapses) [Noce ‘634, ¶53]), and provide the third ciphertext to the storage device based on the host receiving the unique key and the token information from the storage device within the reference time period (authentication information is exchanged within the session established using the time-limited ephemeral keys [Noce ‘634, ¶¶53, 59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. For the reasons stated in claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) to include the teachings of Noce ‘634. As per claim 19: Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 16, as stated above, from which claim 19 is dependent upon. Zhao ‘654 in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 19. Noce ‘634, however, discloses: wherein the storage device is further configured to encrypt, based on the second key, a certificate signing request comprising the unique key and provide the encrypted certificate signing request to the host (the client device 120 generates a message 290 that includes a signature and credential of the user device 220, where the message 290 can be encrypted by the shared secret and sent to the access reader 210 [Noce ‘634, ¶59]), the host is further configured to decrypt the encrypted certificate signing request based on the second key (the access reader 210 receives and processes the encrypted message 290 [Noce ‘634, ¶59]), encrypt a certificate chain comprising a plurality of signatures related to the certificate signing request, based on the second key, and provide the encrypted certificate chain to the storage device (the access control device 110 transmits message 280 including authentication information encrypted by the shared session key [Noce ‘634, ¶59]), and the storage device is further configured to decrypt the encrypted certificate chain based on the second key and store the certificate chain (the client device 120 decrypts the message 280 [Noce ‘634, ¶59]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 are analogous art because they are from the same field of endeavor, namely that of secure key distribution and authentication systems. For the reasons stated in claim 5, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Noce ‘634 before them, to modify the certificate provisioning process of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) to include the teachings of Noce ‘634. Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Edgecombe et al., US 2019/0158277 A1 (hereinafter, “Edgecombe ‘277”) As per claim 6: Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 6. Edgecombe ‘277, however, discloses: wherein the first key is included in the storage device at a time the storage device is manufactured (the secret key 210 may be pre-provisioned to the sensor 134, for example by a manufacturer or vendor of the sensor 134 or device 136: “the secret key 210 may be pre-provisioned to the sensor 134, for example by being embedded in the sensor 134 during manufacturing” [Edgecombe ‘277, ¶¶19, 31]), and the second key is valid until the certificate is stored in the storage device (the session key 216 has an expiration and is valid for a limited period during which cryptographic operations including provisioning are performed: “the manageability engine 132 determines whether the session key 216 has expired. Each session key 216 may have an expiration date/time” and “After the session key 216 has expired, the secure enclave 214 no longer performs cryptographic operations using the session key 216”; ; the session key is used for provisioning operations and expires upon completion of such operations [Edgecombe ‘277, ¶¶33-34]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Edgecombe ‘277 are analogous art because they are from the same field of endeavor, namely that of secure key provisioning and management for device authentication systems. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Edgecombe ‘277 before them, to modify the system in Zhao ‘654 such that the first key (manufacturing key) is provisioned during device manufacture and the second key (session key) is valid until the certificate provisioning operation is complete, as taught in Edgecombe ‘277. A motivation for doing so would be to enhance security by ensuring that the manufacturing key is securely embedded during a trusted manufacturing process and that session keys have limited validity periods, thereby reducing the window of opportunity for unauthorized access and ensuring keys are only valid during their intended use for provisioning operations (see Edgecombe ‘277, ¶¶19, 33-34). As per claim 14: Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 9, as stated above, from which claim 14 is dependent upon. Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 14. Edgecombe ‘277, however, discloses: wherein the first key is included in the storage device at a time the storage device is manufactured (the secret key is pre-provisioned to the device during manufacturing: “each of the sensors 134 or peripheral devices 136 may be pre-provisioned with a master secret key, for example by a manufacturer or vendor of the sensor 134 or device 136” and “the secret key 210 may be pre-provisioned to the sensor 134, for example by being embedded in the sensor 134 during manufacturing” [Edgecombe ‘277, ¶¶19, 31]), and the second key is valid until the certificate is stored in the storage device (the session key has a limited validity period and expires after provisioning operations are complete: “Each session key 216 may have an expiration date/time, and in some embodiments the expiration time may be relatively short” and “the manageability engine 132 allows expiration of the session key 216. After the session key 216 has expired, the secure enclave 214 no longer performs cryptographic operations using the session key 216”]; the session key validity is tied to the duration of the provisioning session [Edgecombe ‘277, ¶¶33-34). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Edgecombe ‘277 are analogous art because they are from the same field of endeavor, namely that of secure key provisioning and management for device authentication. For the reasons stated in claim 6, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Edgecombe ‘277 before them, to modify the method in Zhao ‘654 to include the teachings of Edgecombe ‘277. Claims 7-8, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Vaswani et al., US 2022/0222348 A1 (hereinafter, “Vaswani ‘348”) As per claim 7: Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 7. Vaswani ‘348, however, discloses: wherein the storage device is further configured to generate the unique key based on a hash value for the updated software image (the device generates a unique Device Identifier (DevID) key pair based on a Compound Device Identifier (CDI), where the CDI is derived from a cryptographic hash of Layer 0 firmware: “CDI = KDF[UDS](HASH(L0))” and “DevID = asym_keygen(KDF[CDI](“Identity”))” [Vaswani ‘348, ¶¶41, 46, 49; Fig. 4]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Vaswani ‘348 are analogous art because they are from the same field of endeavor, namely that of secure device identity and firmware management for storage systems. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Vaswani ‘348 before them, to modify the storage device in Zhao ‘654 to generate a unique device identifier key based on a hash of the firmware image, as disclosed in Vaswani ‘348. A motivation for doing so would be to cryptographically bind the device identity to the specific firmware version, enabling attestation that the correct firmware is running and ensuring that firmware updates result in new verifiable device credentials (see Vaswani ‘348, ¶¶23, 49). As per claim 8: Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708, and further in view of Vaswani ‘348 discloses all limitations of claims 1, and 7, as stated above, from which claim 8 is dependent upon. Zhao ‘654, in view of Dewan ‘708, and further in view of Vaswani ‘348 does not explicitly disclose the limitations of claim 8. Nix ‘625, however, discloses: wherein the software image comprises a bootloader that is first executed based on the storage device booting (the firmware transfer process involves a Primary Boot Loader (PBL) that manages initial boot operations and communications with the primary platform when the device powers on [Nix ‘625, ¶¶137, 164]). Zhao ‘654 (modified by Dewan ‘708 and Vaswani ‘348) and Nix ‘625 are analogous art because they are from the same field of endeavor, namely that of secure firmware management and boot processes for storage devices. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Dewan ‘708 and Vaswani ‘348) and Nix ‘625 before them, to modify the system in Zhao ‘654 (modified by Dewan ‘708 and Vaswani ‘348) to include the teachings of Nix ‘625, namely that the software image includes a bootloader that executes first upon device boot. A motivation for doing so would be to streamline the device booting process (see Nix ‘625, ¶¶137, 164). As per claim 15: Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 9, as stated above, from which claim 15 is dependent upon. Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 15. Vaswani ‘348, however, discloses: further comprising generating, by the storage device, the unique key based on the updated software image (the device generates a unique Device Identifier (DevID) key pair based on a Compound Device Identifier (CDI), where the CDI is derived from the firmware image using a cryptographic hash function and key derivation function: “CDI = KDF[UDS](HASH(L0))” [Vaswani ‘348, ¶¶41, 46, 49; Fig. 4]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Vaswani ‘348 are analogous art because they are from the same field of endeavor, namely that of secure device identity and firmware management. For the reasons stated in claim 7, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Vaswani ‘348 before them, to modify the method in Zhao ‘654 to include the teachings of Vaswani ‘348. As per claim 20: Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 discloses all limitations of claim 16, as stated above, from which claim 20 is dependent upon. Zhao ‘654, in view of Nix ‘625, and further in view of Dewan ‘708 does not explicitly disclose the limitations of claim 20. Vaswani ‘348, however, discloses: wherein the storage device is further configured to generate the unique key based on the updated software image (the device generates a unique Device Identifier (DevID) key pair based on a Compound Device Identifier (CDI), where the CDI is derived from the firmware image using a cryptographic hash function: “CDI = KDF[UDS](HASH(L0))” and “DevID = asym_keygen(KDF[CDI](“Identity”))” [Vaswani ‘348, ¶¶41, 46, 49; Fig. 4]). Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Vaswani ‘348 are analogous art because they are from the same field of endeavor, namely that of secure device identity and firmware management for storage systems. For the reasons stated in claim 7, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zhao ‘654 (modified by Nix ‘625 and Dewan ‘708) and Vaswani ‘348 before them, to modify the storage system in Zhao ‘654 to include the teachings of Vaswani ‘348. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Mondello et al., US 11323275 B2: identifier is associated with an identity of the computing device, and the certificate is generated using the message. The computing device sends the identifier, the certificate, and the key to the host device. The host device verifies the identity of the computing device using the identifier, the certificate, and the key. Gifre et al., US 20240281244 A1: a software image is received at an update agent within the secure element. The update agent implements an authentication and integrity scheme by verifying various signatures contained within the installation package and installing the software image in case of successful authentication and integrity verification. Vlot et al., US 20160006724 A1: receive a protected software image of the client software module and to initiate the installation of the client software module in the device upon having decrypted and/or validated the software image by means of a link key authenticated using the registered public key or by means of a key of a key ladder derived from the authenticated link key. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN L KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ALAN L KONG/ Examiner, Art Unit 2494 /SHANTO ABEDIN/Primary Examiner, Art Unit 2494
Read full office action

Prosecution Timeline

Dec 06, 2023
Application Filed
Dec 24, 2025
Non-Final Rejection — §103
Jan 20, 2026
Interview Requested
Feb 05, 2026
Examiner Interview Summary
Feb 05, 2026
Applicant Interview (Telephonic)
Mar 27, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12596806
METHODS, SYSTEMS, AND DEVICES FOR TRUSTED EXECUTION ENVIRONMENTS AND SECURE DATA PROCESSING AND STORAGE ENVIRONMENTS
2y 5m to grant Granted Apr 07, 2026
Patent 12568115
CONTENT-BASED DEEP LEARNING FOR INLINE PHISHING DETECTION
2y 5m to grant Granted Mar 03, 2026
Patent 12554855
Generative Artificial Intelligence Model Protection Using Prompt Blocklist
2y 5m to grant Granted Feb 17, 2026
Patent 12547780
COMMUNICATION APPARATUS, METHOD, SYSTEM, DEVICE, MEDIUM, ENCRYPTION SYSTEM, AND SERVER
2y 5m to grant Granted Feb 10, 2026
Patent 12530475
SYSTEM AND METHOD FOR OBJECT RECOGNITION AND PRIVACY PRESERVATION
2y 5m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
79%
Grant Probability
99%
With Interview (+37.7%)
2y 9m
Median Time to Grant
Low
PTA Risk
Based on 102 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month