EVENT LOG-BASED ATTESTATION FOR DISTRIBUTED EDGE DEVICES

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment This action is in response to the communications and remarks filed on 3/9/2026. Claims 1-45 are presently pending for examination. Response to Arguments Applicant’s arguments, see pages 22-27, filed 3/9/2026, regarding the U.S.C. 103 rejections of Claims 1-4, 7-9, 16-19, 22-24, 31-34, and 37-39 have been fully considered and are not persuasive. Applicant argues that "There is no mention anywhere in Costello of any technique for establishing trustworthiness of an Edge Computing Device, as claimed herein." Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. The examiner agrees that the Costello does not explicitly teach the above quoted limitation however, the Sohail reference teaches, [paragraph 0044, In the cloud computing system 230, the certificate service 231 serves as a trusted entity that issues digital certificates, wherein a digital certificate certifies the ownership of a public key by a named subject of the digital certificate. In the system 200 of FIG. 2, the certificate service 231 implements methods to validate the identity of the edge trust center 220 and bind the edge securing tiering management system 220 to cryptographic keys through the issuance of a digital certificate. More specifically, in some embodiments, as part of a registration process, the edge trust center 220 will generate a certificate signing request (via the device enrollment service 225) and transmit the request to certificate service 231 of the cloud computing system 230, wherein the client certificate signing request comprises a message to request the signing of a public key and other relevant information of the edge trust center 220. The request is signed using a private key of the edge trust center 220 to prove that the edge trust center 220 has control of the private key that corresponds to the public key included in the certification signing request. Once the information in the certificate signing request passes a vetting process and domain control is established, the certificate service 231 of the cloud computing system 230 (or any other recognized Certificate Authority utilized by the service provider of the cloud computing system 230) will sign the public key of the edge trust center 220 so that the public key of the edge trust center 220 can be trusted – teaches a process to determine the trustworthiness of “the edge trust center” which is equivalent to the “edge computing device”] Therefore, the rejection is maintained. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1, 3, 7-8, 16, 18, 22-23, 31, 33, and 37-38 are rejected under 35 U.S.C. 103 as being unpatentable over Costello, JR. et al., (US 20180067845 A1) hereinafter referred to as Costello in view of Sohail et al., (US 20220292221 A1) hereinafter referred to as Sohail. Regarding Claims 1, 16, and 31, Costello discloses the method comprising: at one or more storage devices, storing expected values [Abstract, The server performs a first execution of the baseline test script against each of the browser-based applications to extract one or more expected values associated with user interface components that correspond to the empty user interface component values, and stores the expected values] at one or more hardware processing devices: receiving the expected values; [Abstract, The server performs a first execution of the baseline test script against each of the browser-based applications to extract one or more expected values associated with user interface components that correspond to the empty user interface component values, and stores the expected values] receiving an Event Log from the Edge Computing Device; extracting actual values from the Event Log; [Abstract, The server performs a second execution of the baseline test script against the browser-based applications to extract one or more actual values associated with user interface components that correspond to the empty user interface component values] and comparing the actual values with the expected values to determine whether the actual values match the expected values; [Abstract, The server compares the actual values against the expected values] and at one or more communication devices, responsive to determining whether the actual values match the expected values, transmitting an indication of whether the Edge Computing Device is trustworthy. [Abstract, and if the values do not match, the server generates a message indicating a test failure] wherein the expected values are derived independently of the actual values[Abstract, The server performs a first execution of the baseline test script against each of the browser-based applications to extract one or more expected values associated with user interface components that correspond to the empty user interface component values, and stores the expected values. The server performs a second execution of the baseline test script against the browser-based applications to extract one or more actual values associated with user interface components that correspond to the empty user interface component values] Costello does not explicitly teach A computer-implemented method for establishing trustworthiness of an Edge Computing Device, pertaining to aspects of the Edge Computing Device. Sohail teaches A computer-implemented method for establishing trustworthiness of an Edge Computing Device, pertaining to aspects of the Edge Computing Device [paragraph 0044, In the cloud computing system 230, the certificate service 231 serves as a trusted entity that issues digital certificates, wherein a digital certificate certifies the ownership of a public key by a named subject of the digital certificate. In the system 200 of FIG. 2, the certificate service 231 implements methods to validate the identity of the edge trust center 220 and bind the edge securing tiering management system 220 to cryptographic keys through the issuance of a digital certificate. More specifically, in some embodiments, as part of a registration process, the edge trust center 220 will generate a certificate signing request (via the device enrollment service 225) and transmit the request to certificate service 231 of the cloud computing system 230, wherein the client certificate signing request comprises a message to request the signing of a public key and other relevant information of the edge trust center 220. The request is signed using a private key of the edge trust center 220 to prove that the edge trust center 220 has control of the private key that corresponds to the public key included in the certification signing request. Once the information in the certificate signing request passes a vetting process and domain control is established, the certificate service 231 of the cloud computing system 230 (or any other recognized Certificate Authority utilized by the service provider of the cloud computing system 230) will sign the public key of the edge trust center 220 so that the public key of the edge trust center 220 can be trusted – teaches a process to determine the trustworthiness of “the edge trust center” which is equivalent to the “edge computing device”] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Sohail with the disclosure of Costello. The motivation or suggestion would have been "for secure data management in a network computing environment." (Abstract) Regarding Claims 3, 18, and 33, Costello discloses further comprising, prior to receiving the expected values: at the one or more communication devices, receiving the expected values from the Edge Computing Device; and at the one or more storage devices, storing the expected values. [Abstract, The server performs a first execution of the baseline test script against each of the browser-based applications to extract one or more expected values associated with user interface components that correspond to the empty user interface component values, and stores the expected values] Regarding Claims 7, 22, and 37, Costello discloses further comprising, prior to receiving the expected values: at the one or more communication devices, receiving additional expected values from a plurality of additional…Devices; at the one or more hardware processing devices, generating a database comprising the expected values and the additional expected values; and at the one or more storage devices, storing the database. [Abstract, The server performs a first execution of the baseline test script against each of the browser-based applications to extract one or more expected values associated with user interface components that correspond to the empty user interface component values, and stores the expected values] Costello does not explicitly teach Edge Computing Devices. Sohail teaches Edge Computing Devices [paragraph 0018, IoT data is generated by edge sensors and/or edge devices] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Sohail with the disclosure of Costello. The motivation or suggestion would have been "for secure data management in a network computing environment." (Abstract) Regarding Claims 8, 23, and 38, Costello discloses wherein generating the database [paragraph 0009, The computer program product includes instructions operable to cause the server computing device to store the expected values for each of the browser-based applications in a repository] comprises organizing the expected values and the additional expected values according to properties of the…Device and the additional…devices, [paragraph 0012, the server computing device recognizes a pattern in the browser-based application and extracts the expected values based upon the recognized pattern] selected from the group consisting of: a device model of the…Device and the additional…devices; a UEFI version of the…Device and the additional…devices; and an EVE version of the…Device and the additional…devices. [paragraph 0004, the system uses built-in intelligence to recognize patterns in the user interface components and extract expected values that are applicable to the specific platform or layout. The system can store the expected values in a repository for future use] Costello does not explicitly teach Edge Computing Device, Edge Computing devices, Edge Computing Device, Edge Computing devices, Edge Computing Device, Edge Computing devices, Edge Computing Device, Edge Computing devices. Sohail teaches Edge Computing Device, Edge Computing devices, Edge Computing Device, Edge Computing devices, Edge Computing Device, Edge Computing devices, Edge Computing Device, Edge Computing devices[paragraph 0018, IoT data is generated by edge sensors and/or edge devices] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Sohail with the disclosure of Costello. The motivation or suggestion would have been "for secure data management in a network computing environment." (Abstract) Claims 2, 17, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Costello in view of Sohail, as applied to Claims 1, 16, and 31, respectively, above, and further in view of Charan et al., (US 10762183 B1) hereinafter referred to as Charan. Regarding Claims 2, 17, and 32, Costello does not explicitly teach Edge Computing Device, Edge Computing Device. Sohail teaches Edge Computing Device, Edge Computing Device [paragraph 0018, IoT data is generated by edge sensors and/or edge devices] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Sohail with the disclosure of Costello. The motivation or suggestion would have been "for secure data management in a network computing environment." (Abstract) The combination of Costello and Sohail does not explicitly teach wherein: determining whether the actual values match the expected values comprises determining that the actual values match the expected values; and transmitting the indication comprises indicating that the…Device is trustworthy; and the method further comprises, at the one or more communication devices, responsive to transmitting the indication, transmitting secret information stored on the…Device. Charan teaches wherein: determining whether the actual values match the expected values comprises determining that the actual values match the expected values; [Column 19, lines 6-12, Non-secure data module 28A or 28B may also determine an actual structure of the first data packet and compare the actual structure with the expected structure. If non-secure data module 28A or 28B determines that the actual structure of the first data packet matches the expected structure of the first data packet] and transmitting the indication comprises indicating that the…Device is trustworthy; and the method further comprises, at the one or more communication devices, responsive to transmitting the indication, transmitting secret information stored on the…Device. [Column 19, lines 12-14, non-secure data module 28A or 28B may determine that the first data packet passes the integrity check and send the first data packet to the host device via port 12C – the transmission of the data packet is both indication of the device being trustworthy as well as transmitting “secret information”. The fact that the data packet is only transmitted if there is a match between the “actual structure of the first data packet” and the “expected structure of the first data packet” goes to showing that the information in this data packet is “secret”] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Charan with the disclosures of Costello and Sohail. The motivation or suggestion would have been for “handling and processing secured data.” (Column 1, lines 18-19) Claims 4, 9, 19, 24, 34, and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Costello in view of Sohail, as applied to Claims 1, 16, and 31, respectively, above, and further in view of Hu et al., (CN 113627735 A) hereinafter referred to as Hu. Regarding Claims 4, 19, and 34, Costello discloses wherein storing the expected values comprises generating a database [Abstract, The server performs a first execution of the baseline test script against each of the browser-based applications to extract one or more expected values associated with user interface components that correspond to the empty user interface component values, and stores the expected values] The combination of Costello and Sohail does not explicitly teach of expected measurement digests of one or more of: a GRUB binary of each released operating system version of the Edge Computing Device; a kernel command line of each released operating system version of the Edge Computing Device; a kernel rootf of each released operating system version of the Edge Computing Device; and an initrd binary of each released operating system version of the Edge Computing Device. Hu teaches of expected measurement digests of one or more of: a GRUB binary of each released operating system version of the Edge Computing Device; a kernel command line of each released operating system version of the Edge Computing Device; a kernel rootf of each released operating system version of the Edge Computing Device; and an initrd binary of each released operating system version of the Edge Computing Device. [the processing of the monitoring data comprises a coarse error analysis of the monitoring data based on the improved Grubs criterion and interpolation processing of missing data in the monitoring data based on cubic spline interpolation method; the safety of the risk assessment data comprises obtaining the expected value of the risk safety data] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Hu with the disclosures of Costello and Sohail. The motivation or suggestion would have been for a pre-warning system for project risk safety. Regarding Claims 9, 24, and 39, Costello discloses wherein extracting actual values from the Event Log [paragraph0007, The server computing device performs a second execution of the baseline test script in a testing mode against each of the plurality of browser-based applications to extract, for each browser-based application, one or more actual values associated with user interface components] The combination of Costello and Sohail does not explicitly teach comprises extracting one or more of: a UEFI digest of the Edge Computing Device; a GRUB digest of the Edge Computing Device; a kernel digest of the Edge Computing Device; and a GRUB command lines digest of the Edge Computing Device. Hu teaches comprises extracting one or more of: a UEFI digest of the Edge Computing Device; a GRUB digest of the Edge Computing Device; a kernel digest of the Edge Computing Device; and a GRUB command lines digest of the Edge Computing Device. [the processing of the monitoring data comprises a coarse error analysis of the monitoring data based on the improved Grubs criterion and interpolation processing of missing data in the monitoring data based on cubic spline interpolation method; the safety of the risk assessment data comprises obtaining the expected value of the risk safety data] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Hu with the disclosures of Costello and Sohail. The motivation or suggestion would have been for a pre-warning system for project risk safety. Allowable Subject Matter Claims 5-6, 10-15, 20-21, 25-30, 35-36, and 40-45 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is an examiner’s statement of reasons for allowance: Regarding Claims 5-6, 10-15, 20-21, 25-30, 35-36, and 40-45, the closest prior art of record, does not explicitly teach nor suggest in detail, the limitations of these claims in view of other limitations of the intervening claims. Thus the prior arts of record taking singly or in combination do not teach or suggest the above-stated limitations taking wholly in combination with all the elements of each independent claim. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANDREW J STEINLE/Primary Examiner, Art Unit 2497