Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. The following is a Final Office Action in response to applicant’s arguments filed on February 4, 2026
Claims 13 and 14 are cancelled
Claims 1, 3, 9, 10 and 12 are amended
Claims 15-22 are newClaim 1-12 are pending
Response to Arguments
Applicant’s amendment to claims 1 and 10 filed on 2/4/2026 regarding, “…verifying the integrity of an attester device by an attestation proxy (AP), which is separate from the attester device and acts as an intermediary between the attester device and a remote relying party (RP)“ necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection.
Applicant’s arguments filed on 2/4/2026 regarding the 35 U.S.C. 101 rejection of claims 10, 13 and 14 have been fully considered and is persuasive. Therefore, the rejections are withdrawn
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
1.) Claims 1 and 10-12 are rejected under 35 U.S.C 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019)
In regards to claim 1, Shunter teaches an attestation method for verifying the integrity of an attester device by an attestation proxy (AP), which is separate from the attester device and acts as an intermediary between the attester device and a remote relying party (RP)(US 20080256595, Schunter, fig. 4 and para. 0065, item 32 [attestation proxy], verified platform A[remote relying party], and item 33[attester device]):the attestation method further comprising the AP:receiving the TPM quote(US 20080256595, Schunter, para. 0072-0073, [0072]-It is assumed that the verified platform A knows the public key VP as the key of a trusted verification proxy and continues by requesting a TPM quote.[0073]- In a third step, the verified platform A requests and receives the AIK-authenticated quote qu using the challenge c.); sending the TPM quote to a remote relying party the (RP) to prompt the RP to: verify the TPM quote is as expected, then return a remote attestation indicator to the AP(US 20080256595, Schunter, para. 0073, the verified platform A requests and receives the AIK-authenticated quote qu using the challenge c.); receiving the remote attestation indicator(US 20080256595, Schunter, para. 0080, Finally, the verification proxy 32 returns an authenticated message S34 containing the platform verification request and the properties that can be assured.); and producing an attestation result based on the remote attestation indicator, wherein the attestation result is negative when the remote attestation indicator is negative(US 20080256595, Schunter, para. 0080, The verifier 33 checks whether this response is authenticated with a key which its policy considers to belong to a trusted verification proxy. If so, the verifier 33 trusts that the properties returned can currently be guaranteed by the verified platform A associated with the attestation identity key AIK under the announced trust policy TP.sub.V.[i.e. note: inherently, trust is not established if authentication of the response fails]); Shunter does not teach sending a trusted platform module (TPM) quote request message directly to a virtual TPM (vTPM) uniquely associated with the attester device, to prompt the vTPM to: produce a set of platform configuration register (PCR) values based on measurements requested and received by the vTPM directly from the attester device, then send a TPM quote comprising the set of PCR values directly to the AP; However, Hu teaches sending a trusted platform module (TPM) quote(US 20220237295, Hu, para. 0009, Each unit in this application is actually a unit including a Trusted Platform Module (TPM) chip. For example, the first unit includes a first TPM chip, and the second unit includes a second TPM chip) request message(US 20220237295, Hu, para. 0099, a measurement request message 1 to the leader unit 311, where the measurement request message 1 may be considered as a “challenge” when remote attestation is performed in a challenge-response manner, and is used to request trustworthiness attestation on the composite device. S32:) directly to a virtual TPM (vTPM) uniquely associated with the attester device(US 20220237295, Hu, fig. 5 and para. 0137, where a request message containing measurement information is transmitted to and stored in a virtual TPM), to prompt the vTPM to: produce a set of platform configuration register (PCR) values based on measurements requested and received by the vTPM directly from the attester device(US 20220237295, Hu, para. 0099, if a measurement process such as startup is a determinate process, the basis for trustworthiness attestation may be a PCR reference value. For another example, if another measurement process after startup is an uncertain process, the basis for trustworthiness attestation may be a baseline value A of a standard that does not change with the measurement process. S33: The verifier 202 includes a PCR reference value 1 and/or the baseline value A corresponding to the leader unit 312 and the subsidiary units 321, 322, . . . in a response message 1, and sends the response message 1 to the leader unit 311, where the baseline value A and the PCR reference value 1 are trustworthy baseline values and PCR reference values of the units.), then send a TPM quote comprising the set of PCR values directly to the AP(US 20220237295, Hu, para. 0099 and fig. 5, step S35, The leader unit 311 separately sends measurement request messages 2 to the leader unit 312 and the subsidiary units 321, 322, . . . , to request measurement information of the leader unit 312 and the subsidiary units 321, 322, . . . from the leader unit 312 and the subsidiary units 321, 322, . . . , where the measurement information includes at least a PCR value 1 recorded in a TCB module in each unit, the measurement information may further include a measurement log, and the measurement log records a baseline value a and information about a process of extending the baseline value a to obtain the PCR value 1. S35: The leader unit 312 and the subsidiary units 321, 322, . . . separately include the measurement information of the leader unit 312 and the subsidiary units 321, 322, . . . in measurement response messages 2, and send the measurement response messages 2 to the leader unit 311.); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schunter with the teaching of Hu because a user would have been motivated to appraise the trustworthiness of a system components, taught by Hu, in order to insure the reliability of components to perform attestation in the system taught by Schunter(Hu, para. 0005).
In regards to claim 10, Schunter teaches a data processing system configured to verify the integrity of an attester device by an attestation proxy (AP), which is separate from the attester device and is configured as an intermediary between the attester device and a remote relying party (RP) (US 20080256595, Schunter, fig. 4 and para. 0065, item 32 [attestation proxy], verified platform A[remote relying party], and item 33[attester device]), the data processing system comprising a computer device for running the AP(US 20080256595, Schunter, fig. 4 and para. 0065, A verification proxy 32 is also a part of the property attestation architecture.)such that the AP is configured to: wherein the AP is further configured to: receive the TPM quote(US 20080256595, Schunter, para. 0072-0073, [0072]-It is assumed that the verified platform A knows the public key VP as the key of a trusted verification proxy and continues by requesting a TPM quote.[0073]- In a third step, the verified platform A requests and receives the AIK-authenticated quote qu using the challenge c.); send the TPM quote to the RP to prompt the RP to: verify the TPM quote is as expected, then return a remote attestation indicator to the AP(US 20080256595, Schunter, para. 0073, the verified platform A requests and receives the AIK-authenticated quote qu using the challenge c.);receive the remote attestation indicator(US 20080256595, Schunter, para. 0080, Finally, the verification proxy 32 returns an authenticated message S34 containing the platform verification request and the properties that can be assured.); andproduce an attestation result based on the remote attestation indicator, wherein the attestation result is negative when the remote attestation indicator is negative(US 20080256595, Schunter, para. 0080, The verifier 33 checks whether this response is authenticated with a key which its policy considers to belong to a trusted verification proxy. If so, the verifier 33 trusts that the properties returned can currently be guaranteed by the verified platform A associated with the attestation identity key AIK under the announced trust policy TP.sub.V.[i.e. note: inherently, trust is not established if authentication of the response fails]); Schunter does not teach send a trusted platform module (TPM) quote request message directly to a virtual TPM (vTPM) uniquely associated with the attester device, to prompt the vTPM to:
Produce a set of platform configuration register (PCR) values based on measurements requested and received by the vTPM directly from the attester device, then send a TPM quote comprising the set of PCR values directly to the AP; However, Hu teaches send a trusted platform module (TPM) quote(US 20220237295, Hu, para. 0009, Each unit in this application is actually a unit including a Trusted Platform Module (TPM) chip. For example, the first unit includes a first TPM chip, and the second unit includes a second TPM chip) request message(US 20220237295, Hu, para. 0099, a measurement request message 1 to the leader unit 311, where the measurement request message 1 may be considered as a “challenge” when remote attestation is performed in a challenge-response manner, and is used to request trustworthiness attestation on the composite device. S32:) directly to a virtual TPM (vTPM) uniquely associated with the attester device(US 20220237295, Hu, fig. 5 and para. 0137, where a request message containing measurement information is transmitted to and stored in a virtual TPM), to prompt the vTPM to:
Produce a set of platform configuration register (PCR) values based on measurements requested and received by the vTPM directly from the attester device(US 20220237295, Hu, para. 0099, if a measurement process such as startup is a determinate process, the basis for trustworthiness attestation may be a PCR reference value. For another example, if another measurement process after startup is an uncertain process, the basis for trustworthiness attestation may be a baseline value A of a standard that does not change with the measurement process. S33: The verifier 202 includes a PCR reference value 1 and/or the baseline value A corresponding to the leader unit 312 and the subsidiary units 321, 322, . . . in a response message 1, and sends the response message 1 to the leader unit 311, where the baseline value A and the PCR reference value 1 are trustworthy baseline values and PCR reference values of the units.), then send a TPM quote comprising the set of PCR values directly to the AP(US 20220237295, Hu, para. 0099 and fig. 5, step S35, The leader unit 311 separately sends measurement request messages 2 to the leader unit 312 and the subsidiary units 321, 322, . . . , to request measurement information of the leader unit 312 and the subsidiary units 321, 322, . . . from the leader unit 312 and the subsidiary units 321, 322, . . . , where the measurement information includes at least a PCR value 1 recorded in a TCB module in each unit, the measurement information may further include a measurement log, and the measurement log records a baseline value a and information about a process of extending the baseline value a to obtain the PCR value 1. S35: The leader unit 312 and the subsidiary units 321, 322, . . . separately include the measurement information of the leader unit 312 and the subsidiary units 321, 322, . . . in measurement response messages 2, and send the measurement response messages 2 to the leader unit 311.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schunter with the teaching of Hu because a user would have been motivated to appraise the trustworthiness of a system components, taught by Hu, in order to insure the reliability of components to perform attestation in the system taught by Schunter(Hu, para. 0005)
In regards to claim 11, the combination of Schunter and Hu teach a network gateway device comprising the data processing system of claim 10(US 20220237295, Hu, para. 0084, The attester 201 is a terminal, an IoT gateway, or a network device on which remote attestation needs to be performed,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schunter with the teaching of Hu because a user would have been motivated to appraise the trustworthiness of a system components, taught by Hu, in order to insure the reliability of components to perform attestation in the system taught by Schunter(Hu, para. 0005)
In regards to claim 12, the combination of Schunter and Hu teach a non-transitory computer-readable storage medium storing a computer program comprising instructions which, when the program is executed by a computer, cause the computer to carry out the method of any of claims 1 to 9 claim 1(US 20220237295, Hu, para. 0005, embodiments of this application provide a remote attestation method for a composite device and a related device, to appraise system trustworthiness of the composite device through remote attestation on the composite device, thereby improving reliability of an entire system.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schunter with the teaching of Hu because a user would have been motivated to appraise the trustworthiness of a system components, taught by Hu, in order to insure the reliability of components to perform attestation in the system taught by Schunter(Hu, para. 0005)
2.) Claims 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019) and further in view of US 20220116387, Pan
In regards to claim 2, the combination of Schunter and Hu teach the attestation method of claim 1. The combination of Schunter and Hu teach do not teach further comprising the AP:obtaining an indication that a user wishes the attester device to join a network in which the AP is comprised, the step of sending the TPM quote request message being in response to obtaining said indication; and determining whether to validate the attester device for joining the network in dependence on the attestation result, wherein the AP prevents the attester device from joining the network when the attestation result is negative However, Pan teaches further comprising the AP:obtaining an indication that a user wishes the attester device to join a network in which the AP is comprised, the step of sending the TPM quote request message being in response to obtaining said indication(US 20220116387, Pan, fig. 4, step 401, indication information is sent from an attester to verifier); and determining whether to validate the attester device for joining the network in dependence on the attestation result, wherein the AP prevents the attester device from joining the network when the attestation result is negative(US 20220116387, Pan, para. 0008 and 0554: [0008]- the method may further include: The first network device sends first measurement information to the second network device in the second remote attestation mode, where the first measurement information is used to verify system trustworthiness of the first network device.[0554]- When the system is untrustworthy, BRSKI protocol-based identity validity verification may not be performed, but the network device is directly prevented from accessing the network.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Pan because a user would have been motivated to use an attestation mode negotiation method, taught by Pan, in order provide flexibility for facilitating different attestation requirements for devices used by Hu(Pan, para. 0005) In regards to claim 15, the combination of Schunter and Hu teach the data processing system of claim 11. The combination of Schunter and Hu do not teach wherein the AP is further configured to: obtain an indication that a user wishes the attester device to join a network in which the AP is comprised, the sending of the TPM quote request message being in response to obtaining said indication; and determine whether to validate the attester device for joining the network in dependence on the attestation result, wherein the AP is configured to prevent the attester device from joining the network when the attestation result is negative However, Pan teaches wherein the AP is further configured to: obtain an indication that a user wishes the attester device to join a network in which the AP is comprised, the sending of the TPM quote request message being in response to obtaining said indication(US 20220116387, Pan, fig. 4, step 401, indication information is sent from an attester to verifier); and determine whether to validate the attester device for joining the network in dependence on the attestation result, wherein the AP is configured to prevent the attester device from joining the network when the attestation result is negative(US 20220116387, Pan, para. 0008 and 0554: [0008]- the method may further include: The first network device sends first measurement information to the second network device in the second remote attestation mode, where the first measurement information is used to verify system trustworthiness of the first network device.[0554]- When the system is untrustworthy, BRSKI protocol-based identity validity verification may not be performed, but the network device is directly prevented from accessing the network.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Pan because a user would have been motivated to use an attestation mode negotiation method, taught by Pan, in order provide flexibility for facilitating different attestation requirements for devices used by Hu(Pan, para. 0005).
3.) Claim 3, 4, 9, 16, 17 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019) and further in view of US 20210037060, Robison
In regards to claim 3, the combination of Schunter and Hu teach the attestation method of either of claims 1. Hu does not teach wherein the AP is a node of a distributed ledger (DL) network and the RP has read access to the DL, the attestation method further comprising the AP:publishing the set of PCR values received in the TPM quote to the DL However, Robison teaches wherein the AP is a node of a distributed ledger (DL) network and the RP has read access to the DL(US 20210037060, Robison, para. 0016, In the embodiments described herein, the policy information point within each network endpoint node may store a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node may execute the smart contract to determine whether the client device should be granted access, ), the attestation method further comprising the AP:publishing the set of PCR values received in the TPM quote to the DL(US 20210037060, Robison, para. 0034, When a client device requests access to internal network 50, the client device may be asked to provide information about the client device (i.e., “client information”) to one or more of the policy decision points 30. If the client device is subsequently granted access to internal network 50, at least a portion of the client information may be appended to the distributed ledger stored within each of the policy information points 20. Examples of client information include, but are not limited to, client identity information, Trusted Platform Module (TPM) Platform Configuration Register (PCR) values,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Hu with the teaching of Robison because a user would have been motivated to use a distributed ledger for storing policy information, taught by Robison, in order to provide greater security for the network policy information required for accessing network devices taught by Hu(Robison, para. 0042)
In regards to claim 4, the combination of Schunter, Hu and Robison teach the attestation method of claim 3, further comprising the AP retrieving the attester device's network access requirements from the DL(US 20210037060, Robison, para. 0016, In the embodiments described herein, the policy information point within each network endpoint node may store a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions.); wherein the attestation result is produced based on said network access requirements(US 20210037060, Robison, para. 0016, Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node may execute the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schunter and Hu with the teaching of Robison because a user would have been motivated to use a distributed ledger for storing policy information, taught by Robison, in order to provide greater security for the network policy information required for accessing network devices taught by Hu(Robison, para. 0042)
In regards to claim 9, Schunter and Hu teach the attestation method of claim 1, wherein the local attestation indicator is negative when the set of PCR values retrieved from the local copy of the DL does not match the set of PCR values received in the TPM quote(US 20220237295, Hu, para. 0099 and 0133: [0099]- In another case, for the uncertain measurement process, the leader unit 311 first calculates a PCR value 2 based on the measurement log, that is, calculates the PCR value 2 based on the information about the process recorded in the measurement log for the baseline value a, determines through comparison whether the PCR value 1 is consistent with the PCR value 2, and determines through comparison whether the baseline value a in the measurement log is consistent with the baseline value A. S37: The leader unit 311 includes the attestation result 1 in a measurement response message 1, and sends the measurement response message 1 to the verifier 201, where the measurement response message 1 may be considered as a “response” to the “challenge” when remote attestation is performed in the challenge-response manner, that is, a response message of the measurement request message 1 in S31.[0133]- If the verifier determines, based on the attestation result 2, that the unit 10 is untrustworthy, the verifier needs to feed back the attestation result 2 to a device (for example, an RP) that can be viewed by a user, to notify the user that the unit 10 in the composite device is untrustworthy.); wherein the attestation result is negative when the local attestation indicator is negative(US 20220237295, Hu, para. 0010, if the first PCR value is inconsistent with the PCR reference value, the first attestation result represents that the second unit is untrustworthy.); the combination of Schunter and Hu do not teach wherein the AP is a node of a distributed ledger (DL) network, that DL network being the DL network of claim 3 when dependent thereon; the attestation method further comprising the AP:retrieving, from a local copy of the DL, a latest set of PCR values recorded for the attester device; and comparing that set of PCR values retrieved from the local copy of the DL with the set of PCR values received in the TPM quote to produce a local attestation indicator, However, Robison teaches wherein the AP is a node of a distributed ledger (DL) network that DL network being the DL network of claim 3 when dependent thereon (US 20210037060, Robison, para. 0016, In the embodiments described herein, the policy information point within each network endpoint node may store a distributed ledger including one or more client policies that must be satisfied to access the network,); the attestation method further comprising the AP:retrieving, from a local copy of the DL, a latest set of PCR values recorded for the attester device(US 20210037060, Robison, para. 0046, In some embodiments, a copy of the TPM's public key can be stored in the distributed ledger, or shared along with a TPM quote (TPM signed ledger). In the embodiments described above, the smart contract may grant network access to the client device if the TPM PCR values included within the client information match the desired TPM PCR measurement,); and comparing that set of PCR values retrieved from the local copy of the DL with the set of PCR values received in the TPM quote to produce a local attestation indicator(US 20210037060, Robison, para. 0015, In some embodiments, said attesting may include comparing one or more Trusted Platform Module (TPM) Platform Configuration Register (PCR) values included within the client information to one or more desired TPM PCR measurements, which are stored within the smart contract, and verifying the client information if the one or more TPM PCR values included within the client information match the one or more desired TPM PCR measurements.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schunter and Hu with the teaching of Robison because a user would have been motivated to use a distributed ledger for storing policy information, taught by Robison, in order to provide greater security for the network policy information required for accessing network devices taught by Hu(Robison, para. 0042) In regards to claim 16, the combination of Schunter and Hu teach the data processing system of claim 11. The combination of Schunter and Hu do not teach wherein: the AP is a node of a distributed ledger (DL) network and the RP has read access to the DL, the AP is further configured to publish the set of PCR values received in the TPM quote to the DL However, Robison teaches wherein: the AP is a node of a distributed ledger (DL) network and the RP has read access to the DL(US 20210037060, Robison, para. 0016, In the embodiments described herein, the policy information point within each network endpoint node may store a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node may execute the smart contract to determine whether the client device should be granted access, ), the AP is further configured to publish the set of PCR values received in the TPM quote to the DL(US 20210037060, Robison, para. 0034, When a client device requests access to internal network 50, the client device may be asked to provide information about the client device (i.e., “client information”) to one or more of the policy decision points 30. If the client device is subsequently granted access to internal network 50, at least a portion of the client information may be appended to the distributed ledger stored within each of the policy information points 20. Examples of client information include, but are not limited to, client identity information, Trusted Platform Module (TPM) Platform Configuration Register (PCR) values,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Robison because a user would have been motivated to use a distributed ledger for storing policy information, taught by Robison, in order to provide greater security for the network policy information required for accessing network devices taught by Hu(Robison, para. 0042).
In regards to claim 17, the combination of Schunter, Hu and Robison teach the data processing system of claim 16, wherein: the AP is further configured to retrieve the attester device's network access requirements from the DL(US 20210037060, Robison, para. 0016, In the embodiments described herein, the policy information point within each network endpoint node may store a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions.); and the attestation result is produced based on said network access requirements(US 20210037060, Robison, para. 0016, Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node may execute the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Robison because a user would have been motivated to use a distributed ledger for storing policy information, taught by Robison, in order to provide greater security for the network policy information required for accessing network devices taught by Hu(Robison, para. 0042).
In regards to claim 22, the combination of Schunter and Hu teach the data processing system of claim 11, wherein the local attestation indicator is negative when the set of PCR values retrieved from the local copy of the DL does not match the set of PCR values received in the TPM quote(US 20220237295, Hu, para. 0099 and 0133: [0099]- In another case, for the uncertain measurement process, the leader unit 311 first calculates a PCR value 2 based on the measurement log, that is, calculates the PCR value 2 based on the information about the process recorded in the measurement log for the baseline value a, determines through comparison whether the PCR value 1 is consistent with the PCR value 2, and determines through comparison whether the baseline value a in the measurement log is consistent with the baseline value A. S37: The leader unit 311 includes the attestation result 1 in a measurement response message 1, and sends the measurement response message 1 to the verifier 201, where the measurement response message 1 may be considered as a “response” to the “challenge” when remote attestation is performed in the challenge-response manner, that is, a response message of the measurement request message 1 in S31.[0133]- If the verifier determines, based on the attestation result 2, that the unit 10 is untrustworthy, the verifier needs to feed back the attestation result 2 to a device (for example, an RP) that can be viewed by a user, to notify the user that the unit 10 in the composite device is untrustworthy.); wherein the attestation result is negative when the local attestation indicator is negative(US 20220237295, Hu, para. 0010, if the first PCR value is inconsistent with the PCR reference value, the first attestation result represents that the second unit is untrustworthy.); the combination of Schunter and Hu do not teach wherein the AP is a node of a distributed ledger (DL) network; and the AP is further configured to: retrieve, from a local copy of the DL, a latest set of PCR values recorded for the attester device; and compare that set of PCR values retrieved from the local copy of the DL with the set of PCR values received in the TPM quote to produce a local attestation indicator However, Robison teaches wherein the AP is a node of a distributed ledger (DL) network(US 20210037060, Robison, para. 0016, In the embodiments described herein, the policy information point within each network endpoint node may store a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node may execute the smart contract to determine whether the client device should be granted access, ); and the AP is further configured to: retrieve, from a local copy of the DL, a latest set of PCR values recorded for the attester device(US 20210037060, Robison, para. 0046, In some embodiments, a copy of the TPM's public key can be stored in the distributed ledger, or shared along with a TPM quote (TPM signed ledger). In the embodiments described above, the smart contract may grant network access to the client device if the TPM PCR values included within the client information match the desired TPM PCR measurement,); and compare that set of PCR values retrieved from the local copy of the DL with the set of PCR values received in the TPM quote to produce a local attestation indicator US 20210037060, Robison, para. 0015, In some embodiments, said attesting may include comparing one or more Trusted Platform Module (TPM) Platform Configuration Register (PCR) values included within the client information to one or more desired TPM PCR measurements, which are stored within the smart contract, and verifying the client information if the one or more TPM PCR values included within the client information match the one or more desired TPM PCR measurements.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Robison because a user would have been motivated to use a distributed ledger for storing policy information, taught by Robison, in order to provide greater security for the network policy information required for accessing network devices taught by the combination of Schunter and Hu (Robison, para. 0042).
4.) Claims 5 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019) and further in view of US 20220116387, Pan and further in view of US 20170180433, Gupta
In regards to claim 5, the combination of the combination of Schunter, Hu and Pan teach the attestation method of claim 2, wherein the AP is a movable network element which resides on a network- attached device, the attestation method further comprising:determining that performance of the network-attached device on which the AP resides does not satisfy an AP performance criterion(US 20220116387, Pan, para. 0554, When the system is untrustworthy, BRSKI protocol-based identity validity verification may not be performed, but the network device is directly prevented from accessing the network.); and the combination of the combination of Schunter, Hu and Pan do not teach responsive thereto, initiating transfer of the AP to an alternative network-attached device However, Gupta teaches responsive thereto, initiating transfer of the AP to an alternative network-attached device (US 20170180433, Gupta, para. 0058, Accordingly, upon detecting an event for transferring of hotspot session, the host access point determines and selects an electronic device as a target access point. The event can be user-input, unavailability of the host access point, unavailability of a network in the host access point, failure of at least one functionality of the host access point, low power in the host access point, low memory space in the host access point, availability of a higher performance electronic device in proximity to the host access point, scheduled time of transferring the hotspot session, exceeding data limit, and introduction of at least one functionality to the host access point.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of the combination of Schunter, Hu and Pan with the teaching of Gupta because a user would have been motivated to enhance network connectivity, in the system taught by the combination of Schunter, Hu and Pan, by providing allowing access point transfers, taught by Gupta, in order to safeguard from a host network access point device power outage(Gupta, para. 0014)
In regards to claim 18, the combination of Schunter, Hu and Pan teach the data processing system of claim 15, wherein: the AP is a movable network element which resides on a network-attached device(US 20080256595, Schunter, para. 0065, A verification proxy 32 is also a part of the property attestation architecture.); and the data processing system is configured to determine that performance of the network- attached device on which the AP resides does not satisfy an AP performance criterion(US 20220116387, Pan, para. 0554, When the system is untrustworthy, BRSKI protocol-based identity validity verification may not be performed, but the network device is directly prevented from accessing the network.); and the combination of Schunter, Hu and Pan do not teach responsive thereto, initiate transfer of the AP to an alternative network-attached device However, Gupta teach responsive thereto, initiate transfer of the AP to an alternative network-attached device (US 20170180433, Gupta, para. 0058, Accordingly, upon detecting an event for transferring of hotspot session, the host access point determines and selects an electronic device as a target access point. The event can be user-input, unavailability of the host access point, unavailability of a network in the host access point, failure of at least one functionality of the host access point, low power in the host access point, low memory space in the host access point, availability of a higher performance electronic device in proximity to the host access point, scheduled time of transferring the hotspot session, exceeding data limit, and introduction of at least one functionality to the host access point.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of the combination of Schunter, Hu and Pan with the teaching of Gupta because a user would have been motivated to enhance network connectivity, in the system taught by Hu and Pan, by providing allowing access point transfers, taught by Gupta, in order to safeguard from a host network access point device power outage(Gupta, para. 0014).
5.) Claims 6 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019) and further in view of US 20220116387, Pan and further in view of US 20230066427, Aigner In regards to claim 6, the combination of Hu and Pan teach the attestation method of claim 2. The combination of Hu and Pan do not teach wherein the vTPM is a movable network element which resides on a network- attached device, the attestation method further comprising:determining that performance of the network-attached device on which the vTPM resides does not satisfy a vTPM performance criterion; and responsive thereto, initiating transfer of the vTPM to an alternative network-attached device However, Aigner teaches wherein the vTPM is a movable network element which resides on a network- attached device, the attestation method further comprising:determining that performance of the network-attached device on which the vTPM resides does not satisfy a vTPM performance criterion(US 20230066427, Aigner, para. 0030, When the VM is to be transferred (e.g., via migration, based on a fail-over condition of the server, etc.) to another server,); and responsive thereto, initiating transfer of the vTPM to an alternative network-attached device(US 20230066427, Aigner, para. 0030, When the VM is to be transferred (e.g., via migration, based on a fail-over condition of the server, etc.) to another server, the state of the virtual TPM needs to transfer along with the VM, and this also implies that the cryptographic security key (KeyA) stored in the physical TPM needs to transfer along with the VM.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Hu and Pan with the teaching of Aigner because a user would have been motivated to use distributed security key management, taught by Aigner, in or to provide enhanced protection of key information used by the system taught by the combination of Hu and Pan(Aigner, para. 0003) In regards to claim 19, the combination of Schunter, Hu and Pan teach the data processing system of claim 15, wherein: wherein the vTPM is a movable network element which resides on a network-attached device(US 20220237295, Hu, para. 0009, Each unit in this application is actually a unit including a Trusted Platform Module (TPM) chip. For example, the first unit includes a first TPM chip, and the second unit includes a second TPM chip); and the combination of Schunter, Hu and Pan do not teach the data processing system is configured to determine that performance of the network-attached device on which the vTPM resides does not satisfy a vTPM performance criterion; andresponsive thereto, initiate transfer of the vTPM to an alternative network-attached device However, Aigner teaches the data processing system is configured to determine that performance of the network-attached device on which the vTPM resides does not satisfy a vTPM performance criterion(US 20230066427, Aigner, para. 0030, When the VM is to be transferred (e.g., via migration, based on a fail-over condition of the server, etc.) to another server,); andresponsive thereto, initiate transfer of the vTPM to an alternative network-attached device(US 20230066427, Aigner, para. 0030, When the VM is to be transferred (e.g., via migration, based on a fail-over condition of the server, etc.) to another server, the state of the virtual TPM needs to transfer along with the VM, and this also implies that the cryptographic security key (KeyA) stored in the physical TPM needs to transfer along with the VM.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Hu and Pan with the teaching of Aigner because a user would have been motivated to use distributed security key management, taught by Aigner, in or to provide enhanced protection of key information used by the system taught by the combination of Hu and Pan(Aigner, para. 0003).
6.) Claims 7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019) and further in view of US 20170250972, Ronda
In regards to claim 7, Hu teaches the attestation method of claim 1, further comprising the AP:prior to sending the TPM quote to the RP, establishing a communication session with the RP by sending a first remote attestation nonce to the RP and receiving a second remote attestation nonce from the RP(US 20220237295, Hu, para. 0085 and 0149: [0085]- The attester 201 calculates and collects measurement information of the attester 201 by using a root of trust, and provides the measurement information to the RP 203. S12: The RP 203 receives the measurement information sent by the attester 201, [0149]- the measurement request message 4 carries the following information: Nonce, [i.e. note: where a session is established with the RP using measurement information containing a nonce]); wherein the attestation result is negative when verification of either of the first and second remote attestation nonces fails(US 20220237295, Hu, para. 0161, when the check result 1 indicates that the signature of the unit 20 is incorrect, and/or the check result 2 indicates that the process of performing trustworthiness attestation by the unit 10 on the unit 20 is inaccurate, the attestation result 3 indicates that the check performed by the verifier on the attestation result 1 fails.[i.e. note: attestation fail, for example, due to nonce failure]); and Hu did not teach sending the first and second remote attestation nonces to the RP together with the TPM quote, to prompt the RP to verify the first and second remote attestation nonces it received together with the TPM quote match the first and second remote attestation nonces previously exchanged with the AP However, Ronda teaches sending the first and second remote attestation nonces to the RP together with the TPM quote, to prompt the RP to verify the first and second remote attestation nonces it received together with the TPM quote match the first and second remote attestation nonces previously exchanged with the AP(US 20170250972, Ronda, para. 0413, Additionally, to verify identity attributes have been cryptographically attested, RP server 310 can compute a cryptographic hash of the data (e.g., identity attribute) received in the response data bundle using the blinding factors (e.g., nonces) found in the ledger entries. If the hashes computed in this way match those in the response data bundle, this is confirmation that the data is valid and attested.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Hu with the teaching of Ronda because a user would have been motivated to enhance identification reliability in the system taught by Hu by using a identity management system, taught by Ronda, to facilitate a more reliable means of providing identity credentials(Ronda, para. 0181) In regards to claim 20, the combination of Schunter and Hu teach the data processing system of claim 11, wherein the AP is further configured to: prior to sending the TPM quote to the RP, establish a communication session with the RP by sending a first remote attestation nonce to the RP and receive a second remote attestation nonce from the RP(US 20220237295, Hu, para. 0085 and 0149: [0085]- The attester 201 calculates and collects measurement information of the attester 201 by using a root of trust, and provides the measurement information to the RP 203. S12: The RP 203 receives the measurement information sent by the attester 201, [0149]- the measurement request message 4 carries the following information: Nonce, [i.e. note: where a session is established with the RP using measurement information containing a nonce]); wherein the attestation result is negative when verification of either of the first and second remote attestation nonces fails(US 20220237295, Hu, para. 0161, when the check result 1 indicates that the signature of the unit 20 is incorrect, and/or the check result 2 indicates that the process of performing trustworthiness attestation by the unit 10 on the unit 20 is inaccurate, the attestation result 3 indicates that the check performed by the verifier on the attestation result 1 fails.[i.e. note: attestation fail, for example, due to nonce failure]); and the combination of Schunter and Hu do not teach send the first and second remote attestation nonces to the RP together with the TPM quote, to prompt the RP to verify the first and second remote attestation nonces it received together with the TPM quote match the first and second remote attestation nonces previously exchanged with the AP(US 20170250972, Ronda, para. 0413, Additionally, to verify identity attributes have been cryptographically attested, RP server 310 can compute a cryptographic hash of the data (e.g., identity attribute) received in the response data bundle using the blinding factors (e.g., nonces) found in the ledger entries. If the hashes computed in this way match those in the response data bundle, this is confirmation that the data is valid and attested.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Ronda because a user would have been motivated to enhance identification reliability in the system taught by the combination of Schunter and Hu by using a identity management system, taught by Ronda, to facilitate a more reliable means of providing identity credentials(Ronda, para. 0181).
7.) Claims 8 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080256595, Schunter in view of US 20220237295, Hu (priority date: 10/17/2019) and further in view of US 20120266252, Spiers
In regards to claim 8, Hu teaches the attestation method of claim 1, further comprising the AP, prior to sending the TPM quote to the RP:securely sending a session secret to the RP(US 20220237295, Hu, para. 0085, The attester 201 calculates and collects measurement information of the attester 201 by using a root of trust, and provides the measurement information to the RP 203. S12: The RP 203 receives the measurement information sent by the attester 201, and verifies an identity of the attester 201 through signature authentication. ); and Hu does not teach encrypting the TPM quote using a symmetric cipher based on the session secret However, Spiers teaches encrypting the TPM quote using a symmetric cipher based on the session secret (US 20120266252, Spiers, para. 0078, Key migration may allow use of tenant provided keys to encrypt the TPM transport session, rather than using key generated by a vendor, cloud provider or some other entity. The TPM Bound key or migration key may be used to establish a TPM transport session between the tenant and TPM 344 to encrypt the communication to retrieve the TPM quote.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Hu with the teaching of Spiers because a user would have been motivated to use tenant-controlled cloud DMZ, taught by Spiers, in order to provide enhanced cloud protection used with the network data taught by Hu (Spiers, para. 0036) In regards to claim 21, the combination of Schunter and Hu teach the data processing system of claim 11, wherein the AP is further configured to, prior to sending the TPM quote to the RP: securely send a session secret to the RP(US 20220237295, Hu, para. 0085, The attester 201 calculates and collects measurement information of the attester 201 by using a root of trust, and provides the measurement information to the RP 203. S12: The RP 203 receives the measurement information sent by the attester 201, and verifies an identity of the attester 201 through signature authentication. ); and the combination of Schunter and Hu do not teach encrypt the TPM quote using a symmetric cipher based on the session secret However, Spiers teaches encrypt the TPM quote using a symmetric cipher based on the session secret (US 20120266252, Spiers, para. 0078, Key migration may allow use of tenant provided keys to encrypt the TPM transport session, rather than using key generated by a vendor, cloud provider or some other entity. The TPM Bound key or migration key may be used to establish a TPM transport session between the tenant and TPM 344 to encrypt the communication to retrieve the TPM quote.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Schunter and Hu with the teaching of Spiers because a user would have been motivated to use tenant-controlled cloud DMZ, taught by Spiers, in order to provide enhanced cloud protection used with the network data taught by the combination of Schunter and Hu (Spiers, para. 0036).
CONCLUSION
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469. The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/GREGORY A LANE/ Examiner, Art Unit 2438
/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438