Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. The following is a non-Final Office Action in response to applicant’s arguments/filing filed on August 21, 2024
Claims 1-7 are pending
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/17/2025 was filed prior to the mailing date of the first office action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 9/8/2025 was filed prior to the mailing date of the first office action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 8/21/2024 was filed prior to the mailing date of the first office action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
Acknowledgment is made of applicant’s drawings submitted on 8/21/2024.
Oath/Declaration
Acknowledgment is made of applicant’s oath submitted on 8/21/2024
Application Data Sheet
Acknowledgment is made of applicant’s application data sheet submitted on 8/21/2024.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
1) Claims 5-7 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20190103972, Pope
In regards to claim 5, Pope teaches a generation device comprising generation circuitry configured to generate model common firmware used for challenge-response authentication by writing a predetermined random number and index information indicating an area to be subjected to hash calculation in a free space of the firmware(US 20190103972, Pope, para. 0152-0154: [0152] In step T1, the driver picks a number at random (nonce) and a value of N. N may be an index of the memory. For example, N may be byte index or block index. In some embodiments an index range may be selected. This may be selected at random in some embodiments. In other embodiments, a particular index or index range may be selected. In some embodiments, N may be incremented for every challenge.
[0153] In step T2, the device driver send the nonce to the NIC firmware along with the value of N.
[0154] In step T3, the NIC firmware encrypts the nonce using the NIC private key { nonce} priv-nic and applies the function f to the value N. The function may be a one way hash function.).
In regards to claim 6, Pope teaches a generation method performed by a generation device, the generation method comprising generating model common firmware used for challenge- response authentication by writing a predetermined random number and index information indicating an area to be subjected to hash calculation in a free space of the firmware(US 20190103972, Pope, para. 0152-0154: [0152] In step T1, the driver picks a number at random (nonce) and a value of N. N may be an index of the memory. For example, N may be byte index or block index. In some embodiments an index range may be selected. This may be selected at random in some embodiments. In other embodiments, a particular index or index range may be selected. In some embodiments, N may be incremented for every challenge.
[0153] In step T2, the device driver send the nonce to the NIC firmware along with the value of N.
[0154] In step T3, the NIC firmware encrypts the nonce using the NIC private key { nonce} priv-nic and applies the function f to the value N. The function may be a one way hash function.).
In regards to claim 7, Pope teaches a non-transitory computer-readable recording medium storing therein a generation program for causing a computer to execute generating model common firmware used for challenge-response authentication by writing a predetermined random number and index information indicating an area to be subjected to hash calculation in a free space of the firmware(US 20190103972, Pope, para. 0152-0154: [0152] In step T1, the driver picks a number at random (nonce) and a value of N. N may be an index of the memory. For example, N may be byte index or block index. In some embodiments an index range may be selected. This may be selected at random in some embodiments. In other embodiments, a particular index or index range may be selected. In some embodiments, N may be incremented for every challenge.
[0153] In step T2, the device driver send the nonce to the NIC firmware along with the value of N.
[0154] In step T3, the NIC firmware encrypts the nonce using the NIC private key { nonce} priv-nic and applies the function f to the value N. The function may be a one way hash function.).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
1) Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over US 20190103972, Pope in view of US 20180097614, Sherman
In regards to claim 1, Pope teaches an authentication system including a generation device that generates firmware, a verifier device that verifies integrity, and a prover device that proves the integrity, wherein:the generation device includes generation circuitry configured to generate model common firmware used for challenge-response authentication by writing a predetermined random number and index information indicating an area to be subjected to hash calculation in a free space of the firmware(US 20190103972, Pope, para. 0152-0154: [0152] In step T1, the driver picks a number at random (nonce) and a value of N. N may be an index of the memory. For example, N may be byte index or block index. In some embodiments an index range may be selected. This may be selected at random in some embodiments. In other embodiments, a particular index or index range may be selected. In some embodiments, N may be incremented for every challenge.
[0153] In step T2, the device driver send the nonce to the NIC firmware along with the value of N.
[0154] In step T3, the NIC firmware encrypts the nonce using the NIC private key { nonce} priv-nic and applies the function f to the value N. The function may be a one way hash function.); Pope does not teach the verifier device includes verifier circuitry configured to generate a challenge for the prover device on the basis of the model common firmware held by the verifier device; and the prover device includes prover circuitry configured to generate a response to the verifier device on the basis of the model common firmware held by the prover device However, Sherman teaches the verifier device includes verifier circuitry configured to generate a challenge for the prover device on the basis of the model common firmware held by the verifier device(US 20180097614, Sherman, para. 0060, In protocol element 730, the verifier selects a random value alpha α, as shown in protocol element 734, and provides a in a message 736 to the prover. In protocol element 740, values for t.sub.1 and e.sub.1 are determined using the value α and are provided to the verifier in message 742. In protocol element 750, the verifier selects a challenge value Ch from the set of values 0 and 1, as shown in protocol element 752, and provides the Ch value to the prover.sub.i in message 754.); and the prover device includes prover circuitry configured to generate a response to the verifier device on the basis of the model common firmware held by the prover device(US 20180097614, Sherman, para. 0034, In block 240, the prover shares v, F(s), c.sub.0, c.sub.1, and c.sub.2 with a verifier to verify the prover's identity. In block 250, the verifier produces a challenge Ch to verify the prover's identity. In block 260, the prover provides a response Rsp for the verifier to validate.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pope with the teaching of Sherman because a user would have been motivated to provide enhanced protection for the system components taught by Pope by employee protection ring layers in order to facilitate different levels of access to system resources(Sherman, para. 0026)
2.) Claims 2 is rejected under 35 U.S.C. 103 as being unpatentable over US 20190103972, Pope in view of US 20180097614, Sherman and further in view of US 20210365592, Rabbani
In regards to claim 2, the combination of Pope and Sherman teach the authentication system according to claim 1. The combination of Pope and Sherman do not teach wherein the generation circuitry configured to generate the model common firmware by generating the random number common to each model of the prover device and the index information including a head address and size of a memory area to be subjected to hash calculation and writing the random number and the index information in the free space However, Rabbani teaches wherein the generation circuitry configured to generate the model common firmware by generating the random number common to each model of the prover device(US 20210365592, Rabbani, para. 010, In order to ensure the freshness of the response, a cryptographic nonce (i.e. an arbitrary number that can only be used once) generated by the verifier is included in the checksum.) and the index information including a head address and size of a memory area to be subjected to hash calculation and writing the random number and the index information in the free space(US 20210365592, Rabbani, para. 0057, In the approach according to the invention the attestation challenge and the nonce correspond to the code that is sent by the verifier to fill the entire memory of the configurable device wherein the prover is implemented. The verifier is assumed to know the exact size of the configuration memory in this approach.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Pope and Sherman with the teaching of Rabbani because a user would have been motivated to enhance device security in the system taught by the combination of Pope and Sherman by using a bit stream and nonce information in a configuration memory, taught by Rabbani, in order to self-attestation of system devices(Rabbani, para. 0024 and 0025)
3.) Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190103972, Pope in view of US 20180097614, Sherman and further in view of US 20140281525, Acar
In regards to claim 3, the combination of Pope and Sherman teach the authentication system according to claim 1. The combination of Pope and Sherman do not teach wherein the verifier circuitry configured to read target data of hash calculation by using the index information included in the model common firmware held by the verifier device, executes hash calculation by using information specific to the prover device and the target data, and generates the challenge However, Acar teaches wherein the verifier circuitry configured to read target data of hash calculation by using the index information included in the model common firmware held by the verifier device, executes hash calculation by using information specific to the prover device and the target data, and generates the challenge(US 20140281525, Acar, para. 0240 and 0241: [0240]- For each undisclosed yet committed attribute index i, random values o.sub.i, {tilde over (w)}.sub.i are generated from the subgroup .sub.q and then, used to compute a commitment {tilde over (c)}.sub.i and a hash value a.sub.i.[0241]- The following refers to one example implementation for generating a challenge value for verifying the user identifier's commitment:). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Pope and Sherman with the teaching of Acar because a user would have been motivated to enhance access security for the system taught by the combination of Pope and Sherman by using membership in a blacklist and/or whitelist, taught by Acar, in order to control access to a system’s resources(Acar, para. 0287)
In regards to claim 4, the combination of Pope and Sherman teach the authentication system according to claim 1. The combination of Pope and Sherman do not teach wherein the prover circuitry configured to read target data of hash calculation by using the index information included in the model common firmware held by the prover device, executes hash calculation by using information specific to the prover device and the target data, and generates the response Howevere, Acar teaches wherein the prover circuitry configured to read target data of hash calculation by using the index information included in the model common firmware held by the prover device, executes hash calculation by using information specific to the prover device and the target data, and generates the response (US 20140281525, Acar, para. 0240 and 0261: [0240]- For each undisclosed yet committed attribute index i, random values o.sub.i, {tilde over (w)}.sub.i are generated from the subgroup .sub.q and then, used to compute a commitment {tilde over (c)}.sub.i and a hash value a.sub.i.[0261]- According to the above description, the prover computes a response value r' for an committed and undisclosed attribute in C that corresponds to the user identifier x.sub.id. Computing one example response value r' may involve performing a transformation on the hash challenge c' based upon a commitment {tilde over (c)}.sub.id corresponding to the user identifier x.sub.id. The prover uses the hash value c' and an opening o.sub.id corresponding to the user identifier x.sub.id in computing the response value r'.[i.e. note: where the generated hash value by the prover is used in the generation of the response]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Pope and Sherman with the teaching of Acar because a user would have been motivated to enhance access security for the system taught by the combination of Pope and Sherman by using membership in a blacklist and/or whitelist, taught by Acar, in order to control access to a system’s resources(Acar, para. 0287)
CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469. The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/GREGORY A LANE/Examiner, Art Unit 2438
/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438