STORAGE DEVICE, METHOD OF OPERATING STORAGE CONTROLLER, AND UFS SYSTEM

DETAILED ACTION This Office Action, based on application 18/600,853 filed 11 March 2024, is responsive to applicant’s amendment and remarks filed 23 December 2025. Claims 1-8 and 10-21 are currently pending and have been fully considered below. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s remarks, submitted 23 December 2025 in response to the Office Action entered 24 September 2025, have been fully considered below. Specification Objection The Office withdraws the previous objection in response to applicant’s amendment and remarks. Claim Interpretation Contrary to applicant’s section title, the claims are not rejected (e.g. under 35 U.S.C. § 112(a) or (b)) but merely interpreted under 35 U.S.C. § 112(f) and the previous Office Action presented notice as such. While the applicant further quotes a portion of ¶[0062], the portion quoted merely recites that the memory group may perform the function of storing multiple entities including various functions, I/O data, and applications. As such, the portion quoted merely recites the memory group may perform various functions without reciting any structure being used to perform the function(s). The Office reminds the applicant of the following should the applicant wish to persuade the Office to reconsider or withdraw any interpretation under 35 U.S.C. § 112(f): If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections under 35 U.S.C. § 103 The applicant traverses the prior art rejection to the claims alleging cited prior art fails to disclose or suggest Claim 1 as amended. The applicant discusses the teachings of SHINER and alleges “SHINER is silent as to generating multiple keys, let alone keys based on different secrets”; the Office respectfully disagrees. The Office notes SHINER at ¶[0132] recites “<sic> can include the use of multiple secret keys and verification codes signed using the secret keys” and further explicitly discusses using a “device identification secret key” and “alias secret key” including generating corresponding cryptographic keys in the course of a validation process. While applicant’s amendment is further directed to “the PDS being a general key” and “the UDS being a unique key”, the Office asserts the distinction between a key being ‘general’ versus ‘unique’ is merely an intended use of the key and does not further limit the key to any particular form or structure. Put another way, one cannot ascertain whether not the key is ‘general’ or ‘unique’ merely by looking at the key. As such, the Office asserts whether not a key is ‘general’ or ‘unique’ is not a limiting distinction of the key. The Office maintains a prior art rejection in view of previously cited prior art based on grounds now presented in the rejection of record responsive to applicant’s amendment. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: a ‘memory group’ as recited in Claims 1-8 and 10-21. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. With respect to the ‘memory group’ performing the function of “stor{ing} UDS data and PDS data”, the Office notes ¶[0062] recites “For example, the memory group may include the OTP memory 145 that stores UDS data and PDS data. In some example embodiments, the memory group may include the OTP memory 145 that stores the UDS data and the ROM 149 that stores PDS data.” providing sufficient structure to perform the claimed function. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claim(s) 1-8 and 10-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over SHINER et al (US PGPub 2022/0129390) in further view of SKELTON et al (US PGPub 2022/0181012). With respect to Claim 1, SHINER discloses a storage device comprising: a memory group configured to store unique device secret (UDS) data comprising a UDS, and pre-installed device secret (PDS) data comprising a PDS (Fig 1, Integrated Circuit Memory Device 130 may comprise Unique Device Secret 101; ¶[0055] – “in addition to the unique device secret, the memory device can store additional data to represent the data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed); and a processor configured to receive a first endorsement generated based on first data including the PDS being a general key and a first firmware image (¶[0107-0109] – ’The secret cryptographic key 105 {‘first endorsement’} in the memory device 130 is generated using the unique device secret 101 in the memory device; and the corresponding cryptographic key 106 used to validate a verification code signed using the secret cryptographic key 105 of the memory device 130 is generated in the security server 140 from the corresponding unique device secret 101“; “The secret cryptographic key 105 of the memory device 130 used to demonstrate the identity of the memory device 130 can be generated based on not only the unique device secret 101, but also device information 121 accessible to the memory device 130.”; “For example, the device information 121 can include … a hash value of the firmware configured to control/operate the memory device 130”), perform a first integrity check for the first firmware image based on the PDS of the PDS data, the first firmware image, and the first endorsement (Fig 4; ¶[0107] – “To authenticate that the memory device 130 and/or the endpoint 150 has the identity represented by the unique identification 111, the security server 140 validates a message containing the unique identification 111 (and other data 127) via a verification code of the message signed using a secret cryptographic key 105 of the memory device.”), and SHINER may not explicitly disclose generate a second endorsement based on second data including the UDS being a unique key and the first firmware image in response to a pass result of the first integrity check, the first data and the second data being different. However, SKELTON discloses generate a second endorsement based on second data including the UDS being a unique key and the first firmware image in response to a pass result of the first integrity check, the first data and the second data being different (Fig 5, Step 504 – “Perform first integrity check on the stored software” => Step 508 – “PASS?” => ‘YES’ => Step 512 – “Perform second integrity check on the installed software”; SHINER at ¶[0132] discloses verification “can include the use of multiple secret keys and verification codes signed using the secret keys”; thus, multiple endorsements/integrity checks may use different secret keys). SHINER and SKELTON are analogous art because they are from the same field of endeavor of data integrity and security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of SHINER and SKELTON before him or her, to modify the integrity check of SHINER to include a second integrity check as taught by SKELTON. A motivation for doing so would have been to mitigate the opportunity for external hacking while the integrity check is being performed and offer a layer of redundancy in checking the integrity of the software (¶[0014]). Therefore, it would have been obvious to combine SHINER and SKELTON to obtain the invention as specified in the instant claims. With respect to Claim 10, SHINER discloses a method of operating a storage controller, the method comprising: receiving a first endorsement generated based on first data including a pre-installed device secret (PDS) being a universal key and a first firmware image (¶[0107-0109] – ’ The secret cryptographic key 105 {‘first endorsement’} in the memory device 130 is generated using the unique device secret 101 in the memory device; and the corresponding cryptographic key 106 used to validate a verification code signed using the secret cryptographic key 105 of the memory device 130 is generated in the security server 140 from the corresponding unique device secret 101“; “The secret cryptographic key 105 of the memory device 130 used to demonstrate the identity of the memory device 130 can be generated based on not only the unique device secret 101, but also device information 121 accessible to the memory device 130.”; “For example, the device information 121 can include … a hash value of the firmware configured to control/operate the memory device 130”); performing a first integrity check for the first firmware image based on the PDS of pre-stored PDS data, the first firmware image, and the first endorsement and receiving a pass result (Fig 4; ¶[0107] – “To authenticate that the memory device 130 and/or the endpoint 150 has the identity represented by the unique identification 111, the security server 140 validates a message containing the unique identification 111 (and other data 127) via a verification code of the message signed using a secret cryptographic key 105 of the memory device.”). SHINER may not explicitly disclose in response to the pass result of the first integrity check, generating a second endorsement based on second data including a unique device secret (UDS) being a unique key of pre-stored UDS data and the first firmware image, the first data and the second data being different. However, SKELTON discloses in response to the pass result of the first integrity check, generating a second endorsement based on second data including a unique device secret (UDS) being a unique key of pre-stored UDS data and the first firmware image, the first data and the second data being different (Fig 5, Step 504 – “Perform first integrity check on the stored software” => Step 508 – “PASS?” => ‘YES’ => Step 512 – “Perform second integrity check on the installed software”; SHINER at ¶[0132] discloses verification “can include the use of multiple secret keys and verification codes signed using the secret keys”; thus, multiple endorsements/integrity checks may use different secret keys). SHINER and SKELTON are analogous art because they are from the same field of endeavor of data integrity and security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of SHINER and SKELTON before him or her, to modify the integrity check of SHINER to include a second integrity check as taught by SKELTON. A motivation for doing so would have been to mitigate the opportunity for external hacking while the integrity check is being performed and offer a layer of redundancy in checking the integrity of the software (¶[0014]). Therefore, it would have been obvious to combine SHINER and SKELTON to obtain the invention as specified in the instant claims. With respect to Claim 17, SHINER discloses a universal flash storage (UFS) system comprising: a UFS host configured to generate a first endorsement based on first data including a pre-installed device secret (PDS) being a universal key and a first firmware image and transmit the first endorsement and the first firmware image (¶[0107-0109] – ’ The secret cryptographic key 105 {‘first endorsement’} in the memory device 130 is generated using the unique device secret 101 in the memory device; and the corresponding cryptographic key 106 used to validate a verification code signed using the secret cryptographic key 105 of the memory device 130 is generated in the security server 140 from the corresponding unique device secret 101“; “The secret cryptographic key 105 of the memory device 130 used to demonstrate the identity of the memory device 130 can be generated based on not only the unique device secret 101, but also device information 121 accessible to the memory device 130.”; “For example, the device information 121 can include … a hash value of the firmware configured to control/operate the memory device 130”); and a UFS device configured to update firmware based on the first endorsement and the first firmware image, the UFS device comprising a memory group configured to store unique device secret (UDS) data comprising a UDS being a unique key and PDS data including the PDS (Fig 1, Integrated Circuit Memory Device 130 may comprise Unique Device Secret 101; ¶[0055] – “in addition to the unique device secret, the memory device can store additional data to represent the data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed); a processor configured to perform a first integrity check for the first firmware image based on the PDS of the PDS data, the first firmware image, and the first endorsement (Fig 4; ¶[0107] – “To authenticate that the memory device 130 and/or the endpoint 150 has the identity represented by the unique identification 111, the security server 140 validates a message containing the unique identification 111 (and other data 127) via a verification code of the message signed using a secret cryptographic key 105 of the memory device.”); and a non-volatile memory configured to store the second endorsement and the first firmware image (Fig 1, Cryptographic Keys 105). SHINER may not explicitly disclose in response to a pass result of the first integrity check, generate a second endorsement based on second data including the UDS, the first data and the second data being different. However, SKELTON discloses in response to a pass result of the first integrity check, generate a second endorsement based on second data including the UDS, the first data and the second data being different (Fig 5, Step 504 – “Perform first integrity check on the stored software” => Step 508 – “PASS?” => ‘YES’ => Step 512 – “Perform second integrity check on the installed software”; SHINER at ¶[0132] discloses verification “can include the use of multiple secret keys and verification codes signed using the secret keys”; thus, multiple endorsements/integrity checks may use different secret keys). SHINER and SKELTON are analogous art because they are from the same field of endeavor of data integrity and security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of SHINER and SKELTON before him or her, to modify the integrity check of SHINER to include a second integrity check as taught by SKELTON. A motivation for doing so would have been to mitigate the opportunity for external hacking while the integrity check is being performed and offer a layer of redundancy in checking the integrity of the software (¶[0014]). Therefore, it would have been obvious to combine SHINER and SKELTON to obtain the invention as specified in the instant claims. With respect to Claim 2, the combination of SHINER and SKELTON disclose the storage device of claim 1. SHINER further discloses a non-volatile memory configured to store a second firmware image (Fig 16 – ‘an update to first firmware’; ¶[0004] – “memory sub-system can include one or more memory devices that store data. The memory devices can be, for example, non-volatile memory devices and volatile memory devices”), wherein the processor is configured to output a UDS-based endorsement (¶[0107] – “The secret cryptographic key 105 {‘first endorsement’} in the memory device 130 is generated using the unique device secret 101 in the memory device”), a write command instructing to store the first endorsement and the first firmware image, and an address to the non-volatile memory, before the first integrity check is performed (¶[0107] – “To authenticate that the memory device 130 and/or the endpoint 150 has the identity represented by the unique identification 111, the security server 140 validates a message containing the unique identification 111 (and other data 127) via a verification code of the message signed using a secret cryptographic key 105 of the memory device”; since the key is used for the validation, the key must be generated before the validation). With respect to Claim 3, the combination of SHINER and SKELTON disclose the storage device of claim 2. SHINER further discloses wherein, based on the storage device being re-booted, the processor is configured to load the first endorsement and the first firmware image stored in the non-volatile memory (Fig 1, Integrated Circuit Memory Device 130 may comprise Unique Device Secret 101; ¶[0055] – “in addition to the unique device secret, the memory device can store additional data to represent the data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed; ¶[0070] – “To generate the identity data, the identity engine uses the cryptographic engine to generate a secret cryptographic key from the unique device secret and other data stored in the memory device and/or collected by the memory device (e.g., during the boot up process of the computing device)”). SKELTON further discloses perform a second integrity check for the first firmware image based on the UDS, the first firmware image, and the UDS-based endorsement (Fig 5, Step 504 – “Perform first integrity check on the stored software” => Step 508 – “PASS?” => ‘YES’ => Step 512 – “Perform second integrity check on the installed software”). With respect to Claim 4, the combination of SHINER and SKELTON disclose the storage device of claim 3. SHINER further discloses wherein the processor is configured to generates a measurement from the UDS and the first firmware image based on a message authentication code (MAC)-based crypto algorithm, and perform the second integrity check based on determining whether the measurement and the UDS-based endorsement are identical to each other (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). With respect to Claim 5, the combination of SHINER and SKELTON disclose the storage device of claim 3. SKELTON further discloses wherein the UDS-based endorsement comprises an invalid value, and the processor is configured to perform the first integrity check in response to a failure result of the second integrity check (Fig 5, Step 512 – “Perform second integrity check on the installed software” => Step 514 – “PASS?” => NO => Step 518 – ‘Keep Device Disabled”; ¶[0069] – “A user may re-try a software install to see if it works on a second attempt”). With respect to Claim 6, the combination of SHINER and SKELTON disclose the storage device of claim 1. SHINER further discloses wherein the processor is configured to generate a measurement from the PDS and the first firmware image of the PDS data based on a message authentication code (MAC)-based crypto algorithm, and perform the first integrity check based on determining whether the measurement and the first endorsement are identical to each other (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). With respect to Claim 7, the combination of SHINER and SKELTON disclose the storage device of claim 1. SHINER further discloses wherein the processor is configured to generate the second endorsement from the UDS and the first firmware image based on a message authentication code (MAC)-based crypto algorithm, and the second endorsement corresponds to a UDS-based endorsement comprising a valid value (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). With respect to Claim 8, the combination of SHINER and SKELTON disclose the storage device of claim 1. SHINER further discloses wherein the memory group comprises at least one non-volatile memory configured to store the UDS data and the PDS data (Fig 1, Integrated Circuit Memory Device 130 may comprise Unique Device Secret 101; ¶[0055] – “in addition to the unique device secret, the memory device can store additional data to represent the data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed; ¶[0668-0669] – memory devices may include non-volatile memory devices). With respect to Claim 11, the combination of SHINER and SKELTON disclose the method of claim 10. SHINER further discloses before the performing of the first integrity check, controlling a non-volatile memory to store a UDS-based endorsement, the first endorsement, and the first firmware image in the non-volatile memory (¶[0107] – “To authenticate that the memory device 130 and/or the endpoint 150 has the identity represented by the unique identification 111, the security server 140 validates a message containing the unique identification 111 (and other data 127) via a verification code of the message signed using a secret cryptographic key 105 of the memory device”; since the key is used for the validation, the key must be generated before the validation). With respect to Claim 12, the combination of SHINER and SKELTON disclose the method of claim 11. SHINER further disclose (Fig 1, Integrated Circuit Memory Device 130 may comprise Unique Device Secret 101; ¶[0055] – “in addition to the unique device secret, the memory device can store additional data to represent the data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed; ¶[0070] – “To generate the identity data, the identity engine uses the cryptographic engine to generate a secret cryptographic key from the unique device secret and other data stored in the memory device and/or collected by the memory device (e.g., during the boot up process of the computing device)”; The function of “loading the UDS-based endorsement …” is not required to be performed under the Broadest Reasonable Interpretation of the claim because the function is performed contingent on “in response to a re-booting performed …” and the contingency is not met {or required} by the claim. See EXAMINER’S NOTE below). SKELTON further discloses performing a second integrity check for the first firmware image based on the UDS, the first firmware image, and the UDS-based endorsement (Fig 5, Step 504 – “Perform first integrity check on the stored software” => Step 508 – “PASS?” => ‘YES’ => Step 512 – “Perform second integrity check on the installed software”). With respect to Claim 13, the combination of SHINER and SKELTON disclose the method of claim 12. SHINER further discloses wherein the performing of the second integrity check comprises: generating a measurement from the UDS and the first firmware image based on a message authentication code (MAC)-based crypto algorithm; and determining whether the measurement and the UDS-based endorsement are identical to each other (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). With respect to Claim 14, the combination of SHINER and SKELTON disclose the method of claim 13. SKELTON further discloses wherein, in the performing of the first integrity check, the first integrity check is performed in response to a failure result indicating that the measurement and the UDS-based endorsement are different from each other (Fig 5, Step 512 – “Perform second integrity check on the installed software” => Step 514 – “PASS?” => NO => Step 518 – ‘Keep Device Disabled”; ¶[0069] – “A user may re-try a software install to see if it works on a second attempt”). With respect to Claim 15, the combination of SHINER and SKELTON disclose the method of claim 10. SHINER further discloses wherein the performing of the first integrity check comprises: generating a measurement from the PDS and the first firmware image of the PDS data based on a message authentication code (MAC)-based crypto algorithm; and determining whether the measurement and the first endorsement are identical to each other (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). With respect to Claim 16, the combination of SHINER and SKELTON disclose the method of claim 10. SHINER further discloses controlling a non-volatile memory to store the second endorsement and the first firmware image in the non-volatile memory (Fig 1, Integrated Circuit Memory Device 130 may comprise Unique Device Secret 101; ¶[0055] – “in addition to the unique device secret, the memory device can store additional data to represent the data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed; ¶[0668-0669] – memory devices may include non-volatile memory devices). With respect to Claim 18, the combination of SHINER and SKELTON disclose the UFS system of claim 17. SHINER further discloses wherein the processor is configured to generate a measurement from the PDS of the PDS data and the first firmware image based on a message authentication code (MAC)-based crypto algorithm, and perform the first integrity check based on determining whether the measurement and the first endorsement are identical to each other (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). With respect to Claim 19, the combination of SHINER and SKELTON disclose the UFS system of claim 17. SHINER further discloses wherein the processor is configured to generate the second endorsement from the UDS and the first firmware image based on a message authentication code (MAC)-based crypto algorithm (¶[0124] – “ the verification code 133 of the secret key 137 and the message 131 can be constructed and/or validated using various techniques, such as hash digest, a digital signature, or a hash-based message authentication code, symmetric cryptography, and/or asymmetric cryptography. Thus, the verification code 133 is not limited to a particular implementation”). Claim(s) 20 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over SHINER in further view of SKELTON and WELLS et al (US Patent 6,488,585). With respect to Claim 20, the combination of SHINER and SKELTON disclose the UFS system of claim 17. SHINER further discloses read-only memory (ROM) configured to store the PDS data (¶[0669] – “memory device can be based on … EEPROM”). SHINER and SKELTON may not explicitly disclose wherein the memory group comprises: one-time programmable (OTP) memory configured to store the UDS data. However, WELLS discloses wherein the memory group comprises: one-time programmable (OTP) memory configured to store the UDS data (Col 8, Lines 1-4 – “Preferably, the information stored in OTP/AO memory includes information that can be used for error or data integrity checks such as cyclic redundancy check (CRC) information, one or more parity bits or the like”). SHINER, SKELTON, and WELLS are analogous art because they are from the same field of endeavor of data integrity and security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of SHINER, SKELTON, and WELLS before him or her, to modify the integrity check of the combination of SHINER and SKELTON to include verification data to be stored on OTP memory as taught by WELLS. A motivation for doing so would have been to assist in preventing or reducing the likelihood of an improper download (Col 7, Line 61 through Col 8, Line 26). Therefore, it would have been obvious to combine SHINER, SKELTON, and WELLS to obtain the invention as specified in the instant claims. With respect to Claim 21, the combination of SHINER and SKELTON disclose the UFS system of claim 17. SHINER and SKELTON may not explicitly disclose wherein the memory group comprises one-time programmable (OTP) memory configured to store the UDS data and the PDS data. However, WELLS discloses wherein the memory group comprises one-time programmable (OTP) memory configured to store the UDS data and the PDS data (Col 8, Lines 1-4 – “Preferably, the information stored in OTP/AO memory includes information that can be used for error or data integrity checks such as cyclic redundancy check (CRC) information, one or more parity bits or the like”). SHINER, SKELTON, and WELLS are analogous art because they are from the same field of endeavor of data integrity and security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of SHINER, SKELTON, and WELLS before him or her, to modify the integrity check of the combination of SHINER and SKELTON to include verification data to be stored on OTP memory as taught by WELLS. A motivation for doing so would have been to assist in preventing or reducing the likelihood of an improper download (Col 7, Line 61 through Col 8, Line 26). Therefore, it would have been obvious to combine SHINER, SKELTON, and WELLS to obtain the invention as specified in the instant claims. EXAMINER’S NOTE The Office reminds the applicant of MPEP 2111.04(II) with respect to process or method claims reciting contingent limitations: The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. For example, assume a method claim requires step A if a first condition happens and step B if a second condition happens. If the claimed invention may be practiced without either the first or second condition happening, then neither step A or B is required by the broadest reasonable interpretation of the claim. If the claimed invention requires the first condition to occur, then the broadest reasonable interpretation of the claim requires step A. If the claimed invention requires both the first and second conditions to occur, then the broadest reasonable interpretation of the claim requires both steps A and B. The broadest reasonable interpretation of a system (or apparatus or product) claim having structure that performs a function, which only needs to occur if a condition precedent is met, requires structure for performing the function should the condition occur. The system claim interpretation differs from a method claim interpretation because the claimed structure must be present in the system regardless of whether the condition is met and the function is actually performed. See Ex parte Schulhauser, Appeal 2013-007847 (PTAB April 28, 2016) for an analysis of contingent claim limitations in the context of both method claims and system claims. In Schulhauser, both method claims and system claims recited the same contingent step. When analyzing the claimed method as a whole, the PTAB determined that giving the claim its broadest reasonable interpretation, "[i]f the condition for performing a contingent step is not satisfied, the performance recited by the step need not be carried out in order for the claimed method to be performed" (quotation omitted). Schulhauser at 10. When analyzing the claimed system as a whole, the PTAB determined that "[t]he broadest reasonable interpretation of a system claim having structure that performs a function, which only needs to occur if a condition precedent is met, still requires structure for performing the function should the condition occur." Schulhauser at 14. Therefore "[t]he Examiner did not need to present evidence of the obviousness of the [ ] method steps of claim 1 that are not required to be performed under a broadest reasonable interpretation of the claim (e.g., instances in which the electrocardiac signal data is not within the threshold electrocardiac criteria such that the condition precedent for the determining step and the remaining steps of claim 1 has not been met);" however to render the claimed system obvious, the prior art must teach the structure that performs the function of the contingent step along with the other recited claim limitations. Schulhauser at 9, 14. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC T LOONAN whose telephone number is (571)272-6994. The examiner can normally be reached M-F 8am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arpan Savla can be reached at 571-272-1077. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ERIC T LOONAN/Examiner, Art Unit 2137