Secure Identity Chaining between Components of Trusted Computing Base

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is responsive to application 18/771,871 that the Applicant filed on July 12, 2024 and presented 20 claims. Original claims 1-20 remain pending in the application. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The following conventions apply to the mapping of the prior art to the claims: Italicized text – claim language. Parenthetical plain text – Examiner’s citation and explanation. Citation without an explanation – an explanation has been previously provided for the respective limitation(s). Quotation marks – language quoted from a prior art reference. Underlining – language quoted from a claim. Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference. Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context. Numbered superscript – a first phrase to be moved upwards to the primary reference analysis. Lettered superscript – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last. A. Claims 1-2, 9-10, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Vidyadhara et al. (US 2022/0350717, “Vidyadhara”) in view of Cisneros et al. (US 2018/0260568, “Cisneros”), and further in view of Bernat et al. (US 2019/0230002, “Bernat”). Regarding Claim 1 Vidyadhara discloses A device (Fig. 1, ¶ [0018], “Referring now to the drawings, FIG. 1 is a block diagram of an exemplary information handling system [device] 100…”), comprising: an integrated circuit package (Fig. 1, ¶ [0018], “As shown in FIG. 1, [device] IHS 100 may generally include [as an integrated circuit package] at least one central processing unit (CPU) 110 (e.g., a host processor), a system memory 120, a graphics processor unit (GPU) 130, a display device 140, a platform controller hub (PCH) 150, BIOS flash 154 containing BIOS firmware 155, a trusted platform module 156, a non-volatile memory express (NVMe) storage resource 160, a computer readable storage device 170, a network interface card (NIC) 180, and an embedded controller (EC) 190.”); a secure memory region enclosed within the integrated circuit package and configured to store component information (Fig. 1, ¶ [0018], “TPM may further include storage resources [secure memory region] for storing various keys and platform configuration registers (PCRs) [to store component information].”; and ¶ [0020], “TPM 156 may include a cryptographic processor that includes a random number generator, an asymmetric key generator, a secure hash generator [or digest as component information], and a digital signature module. ”); a non-secure memory region enclosed within the integrated circuit package (Fig. 1, ¶ [0022], “For example, computer readable storage device [non-secure memory region] 170 may be configured to store an operating system (OS) 171 for the IHS,…”; and ¶ [0021], “The NVMe [as a further element of the non-secure memory region] 160 illustrated in FIG. 1 has been configured with a boot partition 162.”) and configured to store…1 and a second component (¶ [0021], “The NVMe 160 illustrated in FIG. 1 has been configured with a boot partition 162. The boot partition 162 illustrated in FIG. 1 includes an embedded OS kernel 163 and one or diagnostic OS 164 [collectively the various aspects of the OS comprises a second component] described in more detail below.”); and a controller enclosed within the integrated circuit package (Fig. 1, ¶ [0020], “TPM [as a controller or one element thereof] 156 may include a cryptographic processor [as a controller or another element thereof] that includes a random number generator, an asymmetric key generator, a secure hash generator, and a digital signature module.”) and 2 … based on validating the second component using the component information and a validated digest of the second component (¶¶ [0026]-[0028], “Referring now to FIG. 3, a chained loading method 300 for loading a diagnostic OS in a secure manner that protects the diagnostic OS integrity and confidentiality is illustrated. Generally, chained loading sequence [i.e., the generated compound identifier is based on validating the two digests] 300 downloads diagnostic OS modules [second component], measures them [i.e., compares a validated digest with the stored component information/stored digest within the PCRs], extends their measurements into a TPM, and then uses a DTRM-authenticated measured launch environment (MLE) 350 to launch correctly-measured modules for the diagnostic OS so that those are protected from other OS code and also authenticated.”, i.e., after this validation, the generation of the compound identifier of the first component/bootloader may proceed), 3 …. Vidyadhara doesn’t disclose 1 …a first component… 2 configured to generate a compound identifier of the first component… 3 wherein a compound identifier of the second component is based on the compound identifier of the first component. Cisneros, however, discloses 1 …a first component… (Fig. 2, ¶ [0034], “Processor 104 may be coupled to non-volatile storage 106. Non-volatile storage 106 store comprise service OS 110. At boot-time, processor 104 may read a bootloader [first component] 202, which helps to load, and refers to the location of the currently-installed service OS 110.”) Regarding the combination of Vidyadhara and Cisneros, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the trusted computing system of Vidyadhara to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the trusted computing system of Vidyadhara, upon which the claimed invention can be seen as an “improvement” through the use of a bootloader; 2) the prior art contained a “comparable” system, namely the appliance system of Cisneros, that has been improved in the same way as the claimed invention through the bootloader; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the bootloader to the base trusted computing system of Vidyadhara, and the results would have been predictable to one of ordinary skill in the art. Bernat, however, discloses 2 configured to generate a compound identifier of the first component… (¶ [0029], “The DICE measures [i.e., creates a digest or hash] a first mutable code of the component 206 (e.g., part or all of the firmware [first component, e.g., a bootloader of Cisneros Fig.2, ¶ [0034]] 210) and securely combines the measurement with a unique device secret (e.g., using a hash or one-way function) to generate a compound device identifier (CDI). The component 206 derives an asymmetric key pair based on the CDI that is used as a device identity for the component 206, and generates a certificate [as a compound identifier] based on that key pair.”, i.e., the compound device identifier is used to create the certificate that subsequently acts as a compound identifier) 3 wherein a compound identifier of the second component (¶ [0029], i.e., the second CDI produced for the diagnostic OS modules yields the compound identifier of the second component) is based on the compound identifier of the first component (¶¶ [0028]-[0029], “Thus, the component certificate may be indicative of the firmware 210 version of the component 206, particular hardware or firmware [first or second component as a bootloader and diagnostic OS modules, respectively] features of the component 206, or other attributes of the component 206.”; and Fig 3. ¶¶ [0032]-[0033], “In block 324, the edge appliance device 102 a generates an appliance certificate. The appliance certificate is based on an aggregate certificate [that includes the first and second compound identifiers, and thus the compound identifiers of the first and second components are based on each other] of all of the component certificates and the current utilization of the edge appliance device 102 a. For example, the edge appliance device 102 a may concatenate the certificates of all the components 206 along with the current utilization, and then generate the appliance certificate over that concatenation.”). Regarding the combination of Vidyadhara-Cisneros and Bernat, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the trusted computing system of Vidyadhara-Cisneros to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the trusted computing system of Vidyadhara-Cisneros, upon which the claimed invention can be seen as an “improvement” through the use of a compound identifier; 2) the prior art contained a “comparable” system, namely the boot system of Bernat, that has been improved in the same way as the claimed invention through the compound identifier; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the compound identifier to the base trusted computing system of Vidyadhara-Cisneros, and the results would have been predictable to one of ordinary skill in the art. Regarding Claim 2 Vidyadhara in view of Cisneros, and further in view of Bernat (“Vidyadhara-Cisneros-Bernat”) discloses the device of claim 1, and Vidyadhara further discloses further comprising: an interface configured to communicate with a host system over a connection between the host system and the device (Fig. 1, ¶¶ [0020]-[0021], “Platform controller hub [interface] (PCH) 150 is coupled to CPU [of the device] 110 and configured to handle I/O operations for the IHS. As such, PCH 150 may include a variety of communication interfaces and ports for communicating with various system components, input/output (I/O) devices, expansion bus(es), and so forth.” and “NIC 180 enables IHS 100 to communicate with one or more remotely located [host] systems and/or services 184 via an external network 182 using one or more communication protocols.”); wherein the device is configured to secure, based on cryptography, access through the interface to the secure memory region (Fig. 1, ¶ [0020], “The PCH 150 illustrated in FIG. 1 interfaces with a serial peripheral interface (SPI) bus 152, to which a BIOS flash 154, containing BIOS firmware 155, and a trusted platform module 156 are coupled. TPM [that includes the secure memory region] is a secure cryptoprocessor for securing system resources via cryptographic keys.”). Regarding Independent Claims 9 and 17 and Dependent Claims 10 and 18 With respect to claims 9-10 and 17-18, a corresponding reasoning as given earlier for claims 1 and 2 applies, mutatis mutandis, to the subject matter of claims 9-10 and 17-18. Therefore, claims 9-10 and 17-18 are rejected, for similar reasons, under the grounds set forth for claims 1 and 2. B. Claims 3-8, 11-16, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vidyadhara in view of Cisneros and Bernat, and further in view of Kelly et al. (US 2020/0344625, “Kelly”). Regarding Claim 3 Vidyadhara-Cisneros-Bernat discloses the device of claim 1, and Vidyadhara further discloses wherein the component information (Fig. 1, ¶¶ [0018], [0020]) includes…1; and the controller (¶ [0020], “TPM [as a controller or one element thereof] 156 may include a cryptographic processor [as a controller or another element thereof] that includes a random number generator, an asymmetric key generator, a secure hash [digest] generator, and a digital signature module.”) is configured to retrieve content from the storage location to compute a second digest and compare the first digest and the second digest to validate the second component (Figs. 1& 3, ¶¶ [0027]-[0029], “Generally, chained loading sequence 300 downloads [retrieves content from the NVMe 160as a storage location] diagnostic OS modules [as a second component], measures them [by comparing two digests], extends their measurements into a TPM, and then uses a DTRM-authenticated measured launch environment (MLE) 350 to launch correctly-measured modules for the diagnostic OS so that those are protected from other OS code and also authenticated.”). Vidyadhara-Cisneros-Bernat doesn’t disclose 1 …a first digest and identifies a storage location of at least a portion of the second component in the non-secure memory region; Kelly, however, discloses 1 …a first digest and identifies a storage location of at least a portion of the second component in the non-secure memory region (¶ [0027], “In one example, the platform hash may be kept in the platform firmware manifest (PFM) and the component hashes [first digest] may be kept in respective component firmware manifests [as a further teaching or implementation of component information] (CFMs).”; and “The manifest may include addresses [storage location], buses, firmware versions, digests, and public keys associated with the components [i.e., the second component].”); Regarding the combination of Vidyadhara-Cisneros-Bernat and Kelly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the trusted computing system of Vidyadhara-Cisneros-Bernat to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C). To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C): 1) the prior art contained a base system, namely the trusted computing system of Vidyadhara-Cisneros-Bernat, upon which the claimed invention can be seen as an “improvement” through the use of a manifest feature; 2) the prior art contained a “comparable” system, namely the attestation system of Kelly, that has been improved in the same way as the claimed invention through the manifest; and 3) one of ordinary skill in the art could have applied the known improvement technique of applying the manifest feature to the base trusted computing system of Vidyadhara-Cisneros-Bernat, and the results would have been predictable to one of ordinary skill in the art. Regarding Claim 4 Vidyadhara in view of Cisneros and Bernat, and further in view of Kelly (“Vidyadhara-Cisneros-Bernat-Kelly”) discloses the device of claim 3, and Bernat further discloses wherein the compound identifier of the second component is based at least in part on the second digest (¶ [0029], “The DICE measures a first mutable code of the [second] component [that yields a second digest] 206 (e.g., part or all of the firmware 210) and securely combines the measurement with a unique device secret (e.g., using a hash or one-way function) to generate a compound device identifier (CDI). The component 206 derives an asymmetric key pair based on the CDI that is used as a device identity for the component 206, and generates [to be based on] a certificate [as the compound identifier of the second component] based on that key pair.”, i.e., incorporating the hash/digest into the certificate teaches the compound identifier being based on the digest). Regarding the combination of Vidyadhara-Cisneros and Bernat, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 4. Regarding Claim 5 Vidyadhara-Cisneros-Bernat-Kelly discloses the device of claim 4, and Vidyadhara further discloses wherein the component information (Fig. 1, ¶¶ [0018], [0020]) includes,…1 Bernat further discloses 1 …and the compound identifier of the second component based on, one or more identifications of: a manufacturer of the second component; a version of the second component (¶¶ [0028]-[0029], “Thus, the [second] component certificate [as a compound identifier] may be indicative of the firmware 210 version of the [second] component 206, particular hardware or firmware features of the component 206, or other attributes of the component 206.”); a build of the second component; or a level of the second component; or any combination thereof. Regarding the combination of Vidyadhara-Cisneros and Bernat, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 5. Regarding Claim 6 Vidyadhara-Cisneros-Bernat-Kelly discloses the device of claim 5, and Vidyadhara further discloses wherein the first component is a {bootloader (Cisneros Fig. 2, ¶ [0034]), “Processor 104 may be coupled to non-volatile storage 106. Non-volatile storage 106 store comprise service OS 110. At boot-time, processor 104 may read a bootloader [first component] 202, which helps to load, and refers to the location of the currently-installed service OS 110.”} of the host system (Fig. 1, ¶¶ [0020]-[0021], “NIC 180 enables IHS 100 to communicate with one or more remotely located [host] systems and/or services 184 via an external network 182 using one or more communication protocols.”); and the second component is an {operating system (Bernat ¶ [0029], i.e., the second CDI produced for the diagnostic OS modules yields the compound identifier of the second component))} of the host system (Fig. 1, ¶¶ [0020]-[0021]). Regarding the combination of Vidyadhara and Bernat, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 6. Regarding the combination of Vidyadhara-Cisneros and Bernat, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 6. Regarding Claim 7 Vidyadhara-Cisneros-Bernat-Kelly discloses the device of claim 5, and Vidyadhara further discloses wherein the first component is an operating system of the host system; and the second component is an application configured to run in the host system (¶¶ [0021]-[0022], “The NVMe 160 illustrated in FIG. 1 has been configured with a boot partition 162. The boot partition 162 illustrated in FIG. 1 includes an embedded OS kernel 163 and one or diagnostic OS [operating system of the host system] 164 described in more detail below.”; and “For example, computer readable storage device 170 may be configured to store an operating system (OS) [application configured to run in the host system] 171 for the IHS, in addition to other software and/or firmware modules and user data. As known in the art, OS 171 may contain program instructions (or computer program code), which may be executed by CPU 110 to perform various tasks and functions for the information handling system and/or for the user.”). Regarding Claim 8 Vidyadhara-Cisneros-Bernat-Kelly discloses the device of claim 7, and Bernat further discloses further comprising: a unique device secret, wherein the compound identifier of the first component is derived based on the unique device secret (¶ [0029], "The DICE measures a first mutable code of the component 206 (e.g., part or all of the firmware 210) and securely combines the measurement with a unique device secret (e.g., using a hash or one-way function) to generate a compound device identifier (CDI). The component 206 derives an asymmetric key pair based on the CDI that is used as a device identity for the component 206, and generates a certificate [compound identifier] based on that key pair [and thereby the unique device secret]."). Regarding the combination of Vidyadhara-Cisneros and Bernat, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 8. Regarding Dependent Claims 11-16 With respect to claims 11-16, a corresponding reasoning as given earlier for claims 3-8 applies, mutatis mutandis, to the subject matter of claims 11-16. Therefore, claims 11-16 are rejected, for similar reasons, under the grounds set forth for claims 3-8. Regarding Dependent Claim 19 With respect to claim 19, a corresponding reasoning as given earlier for claims 3 and 4 applies, mutatis mutandis, to the subject matter of claim 19. Therefore, claim 19 is rejected, for similar reasons, under the grounds set forth for claims 3 and 4. Regarding Dependent Claim 20 With respect to claim 20, a corresponding reasoning as given earlier for claims 5 and 6 applies, mutatis mutandis, to the subject matter of claim 20. Therefore, claim 20 is rejected, for similar reasons, under the grounds set forth for claims 5 and 6. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, AMIR MEHRMANESH can be reached at (571)270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /D'Arcy Winston Straub/Primary Examiner, Art Unit 2491