Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This action is in response to the correspondence filed 06/28/2024.
Claims 1-20 are presented for examination.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are: “security subsystem configured to…” and “authority assignment device configured to…” in claims 1-4 and 6-8.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As to claims 1-4 and 6-8, claim limitations “security subsystem configured to…” and “authority assignment device configured to…” invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
As to claims 9 and 19, the claims recite the limitation "in case of assigning the authority" in the “obtaining” element. However, authority was assigned in the prior element. Therefore, the scope of the claim cannot be determined as it is unclear as to whether this based on the assigning presented in the prior element or it is a newly introduced assigning. For purposes of examination, this element has been interpreted as reading “obtaining, from a processor key management device of the electronic device, a key related to the application processor or the communication processor based on the authority assigned to access the security subsystem to the application processor or the communication processor”.
As to claims 5, 10-18 and 20, claims 5, 10-18 and 20 do not cure the deficiency of claims 1, 9 and 19 and are rejected under 35 USC § 112 for their dependency upon claims 1, 9 and 19.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-9, 11-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 11,126,753 to Zhu et al. (hereinafter Zhu) (Applicant’s IDS) in view of US 2009/0150631 to Wilsey et al. (hereinafter Wilsey) in further view of US 2016/0255079 to Harrison et al. (hereinafter Harrison).
As to claim 1, Zhu teaches An electronic device (Col 3, line 32, mobile terminal) comprising: an application processor (Col 3, lines 44-48, application processor); a communication processor (Col 3, lines 44-48, communication processor); a security subsystem configured to process a security function (Col 3, lines 44-48, secure memory and element); wherein the security subsystem is configured to: process a security function related to the application processor or the communication processor (Col 5, line 46 to Col 6, line 8, process of executing a secure application in the trusted execution environment).
Zhu does not explicitly teach an authority assignment device configured to assign authority to access the security subsystem to the application processor or the communication processor; and a processor key management device configured to provide the security subsystem with a first key related to the application processor or a second key related to the communication processor, based on the application processor or the communication processor assigned the authority to access the security subsystem from the authority assignment device, wherein the security subsystem is configured to: process a security function by using the first key or the second key provided from the processor key management device, based on the authority assignment device assigning the authority to access the security subsystem to the application processor or the communication processor.
However, Wilsey teaches an authority assignment device configured to assign authority to access the security subsystem to the application processor or the communication processor (paragraphs 20 and 35, distributed keys to individual computer systems which are granted access); and a processor key management device configured to provide the security subsystem with a first key related to the application processor or a second key related to the communication processor, based on the application processor or the communication processor assigned the authority to access the security subsystem from the authority assignment device (paragraphs 20 and 35, multiple keys [includes 1st and 2nd keys] which are distributed to individual computer systems [application and/or communication processor] to grant access), wherein the security subsystem is configured to: process a security function by using the first key or the second key provided from the processor key management device, based on the authority assignment device assigning the authority to access the security subsystem to the application processor or the communication processor (paragraphs 35 and 37, wherein access is allowed based on the provided correct key [when included in the system of Zhu, access granted allows execution of the secure application in the trusted execution environment]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Zhu to include the protected storage and key based access as taught by Wilsey in order to individually control access and enable strict access control policies preventing unauthorized access and security functions, thus optimizing the overall security of the system.
Wilsey teaches returning the authority to access (paragraphs 20 and 35, access is revoked). Zhu and Wilsey do not explicitly teach initializing data related to the application processor or the communication processor, based on returning the authority to access the security subsystem assigned to the application processor or the communication processor.
However, Harrison teaches initializing data related to the application processor or the communication processor, based on returning the authority to access the security subsystem assigned to the application processor or the communication processor (paragraphs 34 and 36, changing authentication credentials in response to being revoked, generating one or more keys with the new authentication credentials or generated indication that one or more keys have been revoked).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Zhu and Wilsey to include the method of initializing data based on returning access authority as taught by Harrison in order to prevent unauthorized subsequent access or use a lost or stolen access key, thus optimizing the overall security of the system.
As to claims 9 and 19, Zhu teaches an operating method of an electronic device and one or more non-transitory computer-readable storage media storing one or more computer programs including computer-executable instructions that, when executed by one or more processors of an electronic device individually or collectively, cause the electronic device to perform operations comprising an application processor (Col 3, lines 44-48, application processor) and a communication processor (Col 3, lines 44-48, communication processor), the operating method comprising: processing a security function related to the application processor or the communication processor through the security subsystem (Col 5, line 46 to Col 6, line 8, process of executing a secure application in the trusted execution environment by the application processor via access to the secure memory and element).
Zhu does not explicitly teach assigning, by an authority assignment device of the electronic device, authority to access a security subsystem configured to process a security function to the application processor or the communication processor; obtaining, from a processor key management device of the electronic device, a key related to the application processor or the communication processor in case of assigning the authority to access the security subsystem to the application processor or the communication processor; and processing a security function based on the key related to the application processor or the communication processor.
However, Wilsey teaches assigning, by an authority assignment device of the electronic device, authority to access a security subsystem configured to process a security function to the application processor or the communication processor (paragraphs 20 and 35, distributed keys to individual computer systems which are granted access); obtaining, from a processor key management device of the electronic device, a key related to the application processor or the communication processor in case of assigning the authority to access the security subsystem to the application processor or the communication processor (paragraphs 20 and 35, multiple keys [includes 1st and 2nd keys] which are distributed to individual computer systems [application and/or communication processor] to grant access); and processing a security function based on the key related to the application processor or the communication processor (paragraphs 35 and 37, wherein access is allowed based on the provided correct key [when included in the system of Zhu, access granted allows execution of the secure application in the trusted execution environment]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Zhu to include the protected storage and key based access as taught by Wilsey in order to individually control access and enable strict access control policies preventing unauthorized access and security functions, thus optimizing the overall security of the system.
Wilsey teaches returning the authority to access (paragraphs 20 and 35, access is revoked). Zhu and Wilsey do not explicitly teach initializing data related to the application processor or the communication processor, based on returning the authority to access the security subsystem assigned to the application processor or the communication processor.
However, Harrison teaches initializing data related to the application processor or the communication processor, based on returning the authority to access the security subsystem assigned to the application processor or the communication processor (paragraphs 34 and 36, changing authentication credentials in response to being revoked, generating one or more keys with the new authentication credentials or generated indication that one or more keys have been revoked).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Zhu and Wilsey to include the method of initializing data based on returning access authority as taught by Harrison in order to prevent unauthorized subsequent access or use a lost or stolen access key, thus optimizing the overall security of the system.
As to claims 3 and 11, Zhu teaches wherein the authority assignment device is further configured to assign the authority to access the security subsystem to the application processor or the communication processor, based on time of receiving an access request in case of receiving a request signal related to the authority to access the security subsystem from the application processor and/or the communication processor (paragraph 28, access is denied for a predetermined time period, if access is received during that time access is not granted).
As to claims 4 and 12, Zhu teaches wherein the authority assignment device is further configured to assign the authority to access the security subsystem to the application processor or the communication processor, based on priority in the authority to access the security subsystem in case of receiving a plurality of request signals related to the authority to access the security subsystem from the application processor and the communication processor (Col 9, lines 17-21, wherein the requests with the security attribute are processed with higher priority).
As to claim 5, Harrison teaches wherein the communication processor is configured to return the authority to access the security subsystem regardless of completely processing the security function related to the communication processor in case that a designated reference time expires based on time when the authority to access the security subsystem is assigned from the authority assignment device (paragraphs 24 and 25, wherein the access key may have an expiration date and/or time and once expired may no longer be used).
As to claims 6 and 13, Harrison teaches wherein the security subsystem is further configured to: delete the first key and data related to the security function of the application processor in case of receiving information related to return of the authority to access the security subsystem assigned to the application processor from the authority assignment device; and delete the second key and data related to the security function of the communication processor in case of receiving information related to return of the authority to access the security subsystem assigned to the communication processor from the authority assignment device (paragraphs 24 and 25, after determining whether the access key has expired by comparing the date and/or time, the access key and/or any storage keys protected by the access key are removed).
As to claims 7 and 16, Harrison teaches wherein the authority assignment device is further configured to provide the processor key management device with information related to assignment of the authority to access the security subsystem to the application processor in case of assigning the authority to the application processor, and wherein the processor key management device is configured to transmit the first key related to the application processor to the security subsystem, based on the information related to the assignment of the authority to the application processor (paragraph 5, wherein the key is sent based on the received information including an authentication credential, a unique client device identifier associated with the client device and a unique user identifier associated with the user in view of the application processor of Zhu).
As to claims 8, Harrison teaches wherein the authority assignment device is further configured to provide the processor key management device with information related to assignment of the authority to access the security subsystem to the communication processor in case of assigning the authority to the communication processor, and wherein the processor key management device is further configured to transmit the second key related to the communication processor to the security subsystem, based on the information related to the assignment of the authority to the communication processor.
As to claim 14, Wilsey teaches wherein the obtaining of the key related to the communication processor comprises obtaining a root key related to the communication processor through a processor key management device separate from the security subsystem in case that the authority to access the security subsystem is assigned to the communication processor (paragraph 36, wherein it is not a requirement that the encryption key be stored on the host system, the key can be provided as a “disconnected key” therefore separate from the security subsystem in view of the communication processor of Zhu).
As to claims 15 and 20, Wilsey teaches obtaining a root key related to the application processor through a processor key management device separate from the security subsystem in case that the authority to access the security subsystem is assigned to the application processor; and processing the security function related to the application processor through the security subsystem, based on the key related to the application processor (paragraph 36, wherein it is not a requirement that the encryption key be stored on the host system, the key can be provided as a “disconnected key” therefore separate from the security subsystem in view of the application processor of Zhu).
As to claim 18, Harrison teaches withdrawing, by the authority assignment device, authority to access the security function by the application processor or the communication processor; and transmitting, from the authority assignment device to the application processor or the communication processor, information indicating that the authority to access the security function has been returned (paragraphs 34 and 36, revoking the access key and an indication that one or more current access keys have been revoked or an indication to remove one or more current access keys associated with the client device).
Claims 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Zhu in view of Wilsey in view of Harrison in further view of US 11,743,201 to Azulay et al. (hereinafter Azulay).
As to claims 2 and 10, Zhu, Wilsey and Harrison do not explicitly teach wherein the authority assignment device is further configured to alternately assign the authority to access the security subsystem to the application processor or the communication processor in case of receiving a plurality of request signals related to the authority to access the security subsystem from the application processor and the communication processor.
However, Azulay teaches alternately assigning the authority to access the security subsystem to the application processor or the communication processor in case of receiving a plurality of request signals related to the authority to access the security subsystem from the application processor and the communication processor (Col 9, lines 14-24, access is granted in a first set of alternating time slots).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Zhu, Wilsey and Harrison with the method of alternating access as taught by Azulay in order to optimize the efficiency of handling a higher-than-expected or dynamic number of requests (Col 9, lines 25-39).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Zhu in view of Wilsey in view of Harrison in further view of US 2018/0191706 to Hobson et al. (hereinafter Hobson).
As to claim 17, Zhu, Wilsey and Harrison do not explicitly teach upon completion of the processing of the security function, transmitting a request from the communication processor or the application processor to the authority assignment device, the request indicating return of authority to the authority assignment device.
However, Hobson teaches upon completion of the processing of the security function, transmitting a request from the communication processor or the application processor to the authority assignment device, the request indicating return of authority to the authority assignment device (paragraphs 6 and 45, upon completion, the token is returned).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Zhu, Wilsey and Harrison with the method of returning a token upon completion of processing as taught by Hobson in order to indicate that another or next access may be initiated therefore optimizing the efficiency of handling a higher-than-expected or dynamic number of requests (paragraph 45).
Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
CN 113 449 331 Feng et al. (Applicant’s IDS) (Provided English translation) teaches a cryptographic engine unit configured to execute a cryptographic algorithm; a control unit connected to the cryptographic engine unit, wherein the control unit is configured to: receive a plurality of access requests, the plurality of access requests respectively from a plurality of execution environments; and in response to one of the plurality of access requests, instruct the cryptographic engine unit to execute a cryptographic algorithm.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566. The examiner can normally be reached Monday-Friday 930a-330p; 430p-630p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
MALCOLM . CRIBBS
Examiner
Art Unit 2497
/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497