DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to communication: response to original application filed on 06/11/2024.
Claims 1-20 are currently pending in this application.
The IDS filed on 06/12/2024 has been accepted.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hardin et al. US Patent Application Publication 2021/0273812 (Hardin), in view of Curtis et al. US Patent Application Publication 2019/0349346 (Curtis).
As per claim 1, Hardin teaches a method comprising: receiving, from a first provisioning entity, a request for first secure data, wherein the first secure data is associated with one or more provisioning operations by a second provisioning entity (paragraph 8 with receiving a request to access information); determining whether the first provisioning entity has permission to access the first secure device data (paragraph 8 with checking whether party/application has permission to access data from previously provisioned data and to perform computations ; see also Figure 6); based on determining that the first provisioning entity has permission to access the first secure device data, providing the first provisioning entity the first secure device data (paragraph 8 with providing data to application; also see Figure 6);
Although Hardin teaches utilizing provisioning data, Hardin does not explicitly teach wherein the data is related to a semiconductor device. However, this would have been obvious. For example, see Curtis (paragraph 176, 180, 183-185, 190 wherein provisioning data of supply chain is saved and may be accessed; all actions performed on the device is saved in history; data includes provenance in multiple supply chain stages such as silicon, chipset, oem, os, etc). Curtis thus further teaches receiving, from the first provisioning entity, second secure device data associated with one or more provisioning operations performed by the first provisioning entity on the semiconductor device (paragraph 185, 190, and throughout with registry saving everything performed on the asset/device by particular parties; see also paragraphs 178).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hardin with Curtis. One of ordinary skill in the art would have been motivated to perform such an addition to enhance security (Curtis paragraph 29)
As per claim 2, the Hardin combination teaches wherein the first secure device data comprises at least one measurement value that represents an object or state of the semiconductor device, or a secure data asset (Hardin paragraph 8 with confidential data; also see Curtis paragraph 176 and 178 with data regarding silicon, chipsets, etc such as chip id, software, root of trust, public key, uri, etc).
As per claim 3, the Hardin combination teaches generating an authentication report comprising a recorded trail of the first secure device data and the second secure device data (Curtis paragraph 176, 178, and throughout with provenance of every asset through each supply chain stage).
As per claim 4, the Hardin combination teaches wherein the authentication report further comprises third secure device data associated with a composite device, wherein the composite device comprises the semiconductor device and at least one other semiconductor device (Curtis paragraph 176-178 with multiple different stages of supply chain including silicon, chipset, oem, etc).
As per claim 5, it would have been obvious over the Hardin combination wherein maintaining, in a data structure, metadata indicative of access permissions for particular secure device data with respect to each provisioning entity of a plurality of provisioning entities (Curtis paragraph 188 with permission registry which defines what parties may perform what functions; also see throughout Hardin such as paragraph 77, 102, and throughout).
As per claim 6, the Hardin combination teaches wherein the first provisioning entity and the second provisioning entity are each operations along a supply chain associated with producing a composite device comprising the semiconductor device and at least one other semiconductor device (see Curtis paragraphs 176 and 178 with multiple stages including silicon, chipset, oem, and wherein the devcies may be combined/linked; )
As per claim 7, it would have been obvious over the Hardin combination wherein the first secure device data and the second secure device data are stored in a cloud-based environment (see throughout Curtis where information is saved in cloud, for example, paragraphs 91 and 92; see also throughout Hardin, such as paragraph 128, wherein data is stored on cloud-based storage).
As per claim 8, it would have been obvious over the Hardin combination wherein the first secure data is used by the first provisioning entity or by one or more subsequent provisioning entities to perform at least one of an authentication operation or an attestation operation to verify authenticity of the semiconductor device (Curtis paragraph 178, wherein each party appends new entry, and current pay may check past entries to verify authenticticy).
Claim 9 is rejected using the same basis of arguments used to reject claim 1 above.
Claim 10 is rejected using the same basis of arguments used to reject claim 2 above.
Claim 11 is rejected using the same basis of arguments used to reject claim 3 above.
Claim 12 is rejected using the same basis of arguments used to reject claim 4 above.
Claim 13 is rejected using the same basis of arguments used to reject claim 5 above.
Claim 14 is rejected using the same basis of arguments used to reject claim 6 above.
Claim 15 is rejected using the same basis of arguments used to reject claim 7 above.
Claim 16 is rejected using the same basis of arguments used to reject claim 8 above.
Claim 17 is rejected using the same basis of arguments used to reject claim 1 above.
Claim 18 is rejected using the same basis of arguments used to reject claim 2 above.
Claim 19 is rejected using the same basis of arguments used to reject claim 3 above.
Claim 20 is rejected using the same basis of arguments used to reject claim 5 above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431. The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/JASON K GEE/Primary Examiner, Art Unit 2495