DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Remarks
Claims 1-19 and 23 are pending.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 8 and 10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As per claim 8 and 10, these claims respectively recite the limitation "notify the verification certification data", and how this type of notification can be properly evaluated is not clear. The specification @ paragraph [0066] appears to describe this feature, but throughout the specification various devices are notified but never data; it is not clear how data could be notified since it is not functionally capable of receiving a notification. Therefore, the claim does not point out distinctly what the applicant regards as his invention.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-19 and 23 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by LORESKAR et al. (‘LORESKAR’ hereinafter) (Publication Number 20200259668).
As per claim 1, LORESKAR teaches
An installation control device comprising: at least one memory storing a set of instructions; and at least one processor configured to execute the set of instructions to: (paragraph [0041])
receive verification certification data including first authenticity information of target software and indicating that safety of the target software has been verified; (software provider certificate signed showing application can be trusted, paragraph [0040])
compare the first authenticity information included in the verification certification data with second authenticity information of the target software; (software provider certificate hash verified by comparing against hash of application code to be installed, paragraph [0040], where application code can include application certificate, see paragraphs [0037]-[0038])
and perform control in such a way that the target software is installed when the first authenticity information is same as the second authenticity information. (install corresponding application, paragraph [0040])
As per claim 2, LORESKAR teaches
receive the verification certification data in response to receiving an instruction to install the target software” (installation command, paragraph [0032]; before installing the certificate is provided, paragraph [0040]).
As per claim 3, LORESKAR teaches
perform control in such a way that installation of the target software is not executed when the verification certification data is not obtained (before installing the certificate is provided, paragraph [0040]).
As per claim 4, LORESKAR teaches
perform control in such a way that installation of the target software is not executed when the first authenticity information and the second authenticity information do not match. (software provider certificate hash verified by comparing against hash of application code to be installed, paragraph [0040], where application code can include application certificate, see paragraphs [0037]-[0038]; install corresponding application, paragraph [0040])
As per claim 5, LORESKAR teaches
acquire the verification certification data, the target software, and the second authenticity information; and receive the verification certification data from a sharing system that holds the verification certification data. (software provider certificate, application, application certificate, paragraphs [0040],[0045])
As per claim 6, LORESKAR teaches
execute installation of the target software according to control by the installation control device. (install application, paragraph [0040])
As per claim 7, LORESKAR teaches
A system including a sharing system and the installation control device according to claim 1, the sharing system comprising: at least one second memory storing a set of instructions and at least one second processor configured to execute the set of instructions to: receive verification certification data including first authenticity information of target software and indicating that safety of the target software has been verified; notify the installation control device of the verification certification data. (third party who manages the certificates associated with the chain of trust, paragraph [0036])
As per claim 8, LORESKAR teaches
notify the verification certification data in response to receiving a request for the verification certification data from the installation control device. (paragraph [0046],[0050])
As per claim 9, LORESKAR teaches
receive the target software and the first authenticity information; provide the target software and the first authenticity information to a verification device that verifies safety of the target software; and receive the verification certification data from the verification device. (software provider certificate, application, application certificate, paragraphs [0040],[0045]; validate the specified application using the software provider certificate, to determine whether the provider of the application can be trusted or the application code can be trusted, paragraph [0040)
As per claim 10, LORESKAR teaches
store the received target software and the received first authenticity information in the information storage; provide the target software and the first authenticity information read from the information storage; store the received verification certification data in the information storage; and notify the verification certification data read from the information storage. (receive application code, paragraph [0040]; store application certificate locally and make available later, paragraph [0037])
As per claim 11, LORESKAR teaches
the installation control device executes installation of the target software when determining that installation of the target software is permitted. (application code installation, paragraph [0040])
As per claims 12-19
These claims are rejected on grounds corresponding to the reasons given above for rejected claims 1-8 and are similarly rejected.
As per claim 23
This claim is rejected on grounds corresponding to the reasons given above for rejected claim 1 and is similarly rejected.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Barrett et al. (‘Barrett’ hereinafter) (Publication Number 20180184250) teaches:
“If the identity verification module 214 receives a certificate (or a value) from a user device 120, the identity verification module 214 compares the received certificate (or value) to a certificate associated with the dedicated application that is stored in the identity data store 216 or to a predetermined value to verify the authenticity of the dedicated application. When the two certificates (e.g., X.509 certificates) match or when the received certificate (or value) matches the predetermined value, the identity verification module 214 confirms that authenticity of the dedicated application installed on the user device 120. In other words, the dedicated application installed on the user device is not tampered or modified by any means” (Barrett, paragraph [0034]).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY A MORRISON whose telephone number is (571)272-7112. The examiner can normally be reached on Monday - Friday, 8:00 am - 4:00 pm ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Trujillo K James, can be reached at telephone number (571)272-3677. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/JAY A MORRISON/Primary Examiner, Art Unit 2151