Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This action is in response to the correspondence filed 06/11/2024.
Claims 1-20 are presented for examination.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As to claims 1, 8 and 15, the scope of the claims cannot be clearly determined and are therefore indefinite. Specifically, the elements including “wherein the group certificate was previously provided by an issuer to the subject device based on anonymized attestation evidence,” “wherein the group certificate is generated by the issuer based on the anonymized attestation evidence provided from a group of requesting devices including the subject device” and “wherein respective anonymized attestation evidence provided from a respective device of the group of requesting devices is produced by the respective device but does not uniquely identify the respective device” are interpreted as a combination of intended use language and negatively recited limitations as they are performed by an issuer that is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry. Further, these limitations do not require steps to be performed, nor do they limit the claim to a particular structure, therefore not further limiting the scope of the claims.
As to claims 2-5, 7, 9-12, 14, 16-19, the scope of the claims cannot be clearly determined and are therefore indefinite as the claims include limitations that are interpreted as a combination of intended use language and negatively recited limitations as they are performed by an issuer that is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry; similar to those of their respective independent claim 1, 8 or 15 as discussed above. Therefore, these claims are rejected for reasons similar to those of claims 1, 8 and 15.
As to claims 6, 13 and 20, claims 6, 13 and 20 do not cure the deficiency of claims 1, 8 and 15 and are rejected under 35 USC § 112 for their dependency upon claims 1, 8 and 15.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
As to claims 1, 8 and 15, the claims recite obtain attestation evidence provided from a subject device, wherein the attestation evidence is signed with a group certificate, and wherein the group certificate was previously provided by an issuer to the subject device based on anonymized attestation evidence; attempt verification of the attestation evidence provided from the subject device; and perform at least one computing operation, in response to successful verification of the attestation evidence provided from the subject device; wherein the group certificate is generated by the issuer based on the anonymized attestation evidence provided from a group of requesting devices including the subject device, and wherein respective anonymized attestation evidence provided from a respective device of the group of requesting devices is produced by the respective device but does not uniquely identify the respective device.
The limitation of “obtaining attestation evidence,” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “processing circuitry” and “memory device” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “processing circuitry” and “memory device” language, “obtaining” in the context of this claim encompasses the user collecting or gathering data visually.
The limitation of “attempting verification,” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “processing circuitry” and “memory device” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “processing circuitry” and “memory device” language, “verification” in the context of this claim encompasses the user mentally and/or visually comparing or confirming data. Similarly, the limitation of “performing at least one computing operation,” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of “processing circuitry” and “memory device” as “computing” in the context of this claim encompasses the user mentally inferring based on the verification.
If claim limitations, under their broadest reasonable interpretation, cover performance of the limitations in the mind but for the recitation of generic computer components, then it falls in the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the “processing circuitry” and “memory device” limitations are generic computer components. The step of performing a computer operation, if not interpreted as being of the mind, is a step to apply the judicial exception and constitute insignificant extra solution activity rather than a meaningful application. Further, the “processing circuitry” performs operations of obtaining data and performing computing operations which are well-known, routine, and conventional operations that do not amount to significantly more. Accordingly, the abstract idea is not integrated into a practical application as the elements do not impose any meaningful limits on practicing the abstract idea. Therefore, the claims are not patent eligible.
As to claims 2-7, 9-14 and 16-20, the claims do not cure the deficiency of claims 1, 8 and 15 and are rejected under 35 USC § 101 for their dependency upon claims 1, 8 and 15 while not integrating the abstract idea into practical application nor include elements that amount to significantly more than the abstract idea.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2017/0185814 to Smith et al. (hereinafter Smith) (Applicant’s IDS).
As to claims 1, 8 and 15, Smith teaches an apparatus, comprising: processing circuitry; and a memory device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry (FIG. 1 and paragraph 19, processor and memory including instructions which are loaded and executed by the processor), configure the processing circuitry to perform operations to: obtain attestation evidence provided from a subject device (FIGS. 1 and 5, paragraph 74, signed nonce and an identifier of the affiliation sent to the reader), wherein the attestation evidence is signed with a group certificate (paragraphs 14 and 74, the private key used to sign is associated with the affiliation issued to each member of the group), and wherein the group certificate was previously provided by an issuer to the subject device based on anonymized attestation evidence (paragraph 14, the unique identity of a given member of the group might not necessarily be communicated by merely signing with its private therefore anonymized); attempt verification of the attestation evidence provided from the subject device (paragraph 75, verification of the signature of the nonce); and perform at least one computing operation, in response to successful verification of the attestation evidence provided from the subject device (FIG. 5 and paragraph 76, desired operation is allowed if successful); wherein the group certificate is generated by the issuer based on the anonymized attestation evidence provided from a group of requesting devices including the subject device (paragraphs 14 and 74, the private key is associated with the affiliation and issued to each member of the group and the unique identity of a given member of the group might not necessarily be communicated by merely signing with its private therefore anonymized and of each member of the group), and wherein respective anonymized attestation evidence provided from a respective device of the group of requesting devices is produced by the respective device but does not uniquely identify the respective device (paragraph 14, the unique identity of a given member of the group might not necessarily be communicated by merely signing with its private therefore anonymized; paragraph 24, the devices may remain anonymous within the group) (the examiner notes that, although taught by Smith, the limitations including “wherein the group certificate was previously provided by an issuer to the subject device based on anonymized attestation evidence,” “wherein the group certificate is generated by the issuer based on the anonymized attestation evidence provided from a group of requesting devices including the subject device” and “wherein respective anonymized attestation evidence provided from a respective device of the group of requesting devices is produced by the respective device but does not uniquely identify the respective device” are interpreted as a combination of intended use language and negatively recited limitations as they are performed by an issuer that is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry as discussed above with respect to the 35 USC 112(b) rejection).
As to claims 2, 9 and 16, Smith teaches wherein the group certificate is generated by the issuer based on verifying that the group of requesting devices includes at least a threshold number of members to maintain anonymity (as discussed above with reference to the 35 USC 112(b) rejection, this limitation is performed by the issuer which is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry and therefore does not further limit the scope of the claim).
As to claims 3, 10 and 17, Smith teaches wherein the group certificate is generated by the issuer based on a join protocol used by the group of requesting devices, and wherein the issuer refrains from providing the group certificate if the group of requesting devices does not include at least the threshold number of members to maintain anonymity (as discussed above with reference to the 35 USC 112(b) rejection, this limitation is performed by the issuer which is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry and therefore does not further limit the scope of the claim).
As to claims 4, 11 and 18, Smith teaches wherein the group certificate is generated by the issuer based on identification information for respective devices of the group of requesting devices that conforms to the Enhanced Privacy ID (EPID) family of standards (paragraphs 12 and 14, utilizes EPID, further, as discussed above with reference to the 35 USC 112(b) rejection, this limitation is performed by the issuer which is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry and therefore does not further limit the scope of the claim).
As to claims 5, 12 and 19, Smith teaches wherein the group certificate is generated by the issuer based on identification information for respective devices of the group of requesting devices that includes or is based on a Trusted Computing Base (TCB) Component Identifier (TCI), and wherein the attestation evidence indicates trustworthiness of a TCB layer of the respective devices (as discussed above with reference to the 35 USC 112(b) rejection, this limitation is performed by the issuer which is not claimed as being included as a part of the apparatus, method or instructions performed by the processing circuitry and therefore does not further limit the scope of the claim).
As to claims 6, 13 and 20, Smith teaches wherein the group certificate includes information based on the anonymized attestation evidence (paragraphs 12 and 14, utilizes EPID).
As to claims 7 and 14, Smith teaches wherein the apparatus is a computing device that operates in a verifier role, and wherein the issuer operates in a certificate authority role (paragraph 12, reader performs verification, therefore a verifier role).
Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US 20210037042 A1 to Fu et al. teaches remote attestation in a network. Embodiments provide a method comprising: attesting a first node in a network, by a node adjacent to the first node in the network; and generating an attestation result of the first node. A plurality of attestation results of the first node generated by a plurality of nodes adjacent to the first node in the network are combined to determine a credibility of the first node. In such embodiments, a fixed verifier for other nodes is eliminated, and a risk of a collapse due to a failure of such fixed verifier may be avoided.
US 20200145415 A1 to Berdy et al. teaches an IoT hub comprising one or more servers and databases is configured to automatically assign Internet of Things (IoT) enabled devices to IoT solutions based on a subnet to which the IoT devices are connected. A user interface is configured to enable a user to define subnets within the customer's network environment and assign each subnet to an IoT solution. Upon the user setting up an IoT device's network connection to a network device, such as a router, the IoT device transmits its network information to the IoT hub. The IoT device is configured to automatically initiate the attestation procedures for validation with the IoT hub upon establishing the connection to the network, such that the IoT device is configured to operate upon validation and is rejected from communicating with the IoT solution if validation fails.
US 20200106774 A1 to Lerch et al. teaches a device implementing a trusted device establishment system includes at least one processor configured to receive, via a direct wireless connection and from an other device, a public key associated with the other device and an indication of a data item previously provided to the other device via an out-of-band channel. The at least one processor is further configured to verify that the indication of the data item corresponds to the data item previously provided to the other device, and store, in a secure memory region, the public key in association with an identifier corresponding to the other device when the indication of the data item is verified. The at least one processor is further configured to authorize the public key to access a secure device based at least in part on the public key being stored in the secure memory region.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566. The examiner can normally be reached Monday-Friday 930a-330p; 430p-630p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
MALCOLM . CRIBBS
Examiner
Art Unit 2497
/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497