Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. This action is responsive to: an original application filed on 13 September 2024 with acknowledgement that this application is a continuation of a 371 US, PCT file 12 April 2022.
2. Claims 1-15 are currently pending. Claims 1, 7, and 13, are independent claims.
3. The IDS submitted on 10 October 2024 has been considered.
Specification
4. The disclosure is objected to because of the following informalities: The background of the invention is incomplete and a brief summary of the invention is missing from the specification. The Examiner notes: The BACKGROUND OF THE INVENTION: See MPEP § 608.01(c). The specification should set forth the Background of the Invention in two parts:
(1) Field of the Invention: A statement of the field of art to which the invention pertains. This statement may include a paraphrasing of the applicable U.S. patent classification definitions of the subject matter of the claimed invention. This item may also be titled “Technical Field.”
(2) Description of the Related Art including information disclosed under 37 CFR 1.97 and 37 CFR 1.98: A description of the related art known to the applicant and including, if applicable, references to specific related art and problems involved in the prior art which are solved by the applicant' s invention. This item may also be titled “Background Art.”
The BRIEF SUMMARY OF THE INVENTION: See MPEP § 608.01(d). A brief summary or general statement of the invention as set forth in 37 CFR 1.73. The summary is separate and distinct from the abstract and is directed toward the invention rather than the disclosure as a whole. The summary may point out the advantages of the invention or how it solves problems previously existent in the prior art (and preferably indicated in the Background of the Invention). In chemical cases it should point out in general terms the utility of the invention. If possible, the nature and gist of the invention or the inventive concept should be set forth. Objects of the invention should be treated briefly and only to the extent that they contribute to an understanding of the invention.
What appears in the Applicant’s specification appears to be a rambling of features well known with trusted platform module (TPM). The Examiner notes it appears based on paragraphs 17-20 the application is trying to improve security with TPMs. It is recommended that contents from these paragraphs be moved into the Background of the Invention. Also, the Examiner requests a brief summary of the invention be provided. Appropriate correction is required.
Claim Rejections - 35 USC § 112
5. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
6. Claims 1-6 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Below in independent claim 1, the Examiner has underlined twice the phrases that are indefinite. An explanation is provided after the claim.
Claim 1 - A computing device comprising: a component, wherein the component is to perform a cryptographic operation, and wherein the component is to store an indication of a measured state of the computing device obtained during booting of the computing device; firmware stored in a first memory of the computing device; and a processor to: obtain a secret for use by the component, wherein the firmware is to control obtaining of the secret, wherein the secret is obtainable from information stored in a second memory of the computing device, and wherein the secret is associated with the computing device; install an administration credential in the firmware; and transmit the secret to the component via the firmware.
It is not clear, therefore indefinite what is the “an administration credential” as well as how or why the credential is installed in firmware. In addition, the claim does not explain how the administration credential relates to the step of transmit the secret to the component via firmware. As understood by the Applicant’s claim, firmware is code executing i.e. BIOS that obtains the secret stored in the second memory. According to Applicant’s disclosure paragraphs 33-34, the firmware authorizes the release of data based on the installed administration credential. In some examples … the firmware 112 may be set up to provide a user with the option (e.g., via a firmware menu displayed on a GUI associated with the computing device 100) to provide a user credential via a user input associated with the computing device 100. The user credential is to unlock the firmware 112 such that the secret (controlled by the firmware 112) can be transmitted to the component 102 to facilitate access to the component 102 (based on a comparison of the user credential with the administration credential 118). It appears that claim 1 is missing steps to make sense. Below is a suggestion to amend claim 1 in order to overcome the 112 rejection. The Examiner notes this amendment will not overcome the prior art rejection below.
[Examiner’s Proposed Amendment] 1. A computing device comprising: a component, wherein the component is to perform a cryptographic operation, and wherein the component is to store an indication of a measured state of the computing device obtained during booting of the computing device; firmware stored in a first memory of the computing device that includes an installed administration credential; and a processor to: obtain a secret for use by the component, wherein the firmware is to control obtaining of the secret, wherein the secret is obtainable from information stored in a second memory of the computing device, and wherein the secret is associated with the computing device; providing the user an option to enter a user credential via a Graphic User Interface (GUI); comparing the user credential with the administrative credential if the user credential matches the administrative credential [[and]] transmit the secret to the component via the firmware.
Appropriate Correction to independent claim 1, is required.
7. To expedite a complete examination of the instant application the claims rejected under 35 U.S.C. 101 (nonstatutory) as well as 35 U.S.C. 112 above are further rejected as set forth below in anticipation of applicant amending these claims to overcome the above rejections.
Claim Rejections – 35 USC § 103
8. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
9. Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Novoa et al. U.S. Patent Application Publication No. 2007/0101156 (hereinafter ‘153) cited in the IDS received 10 October 2024 in view of Mese et al. U.S. Patent Application Publication No. 2006/00593363 (hereinafter ‘363).
As to independent claim 1, “A computing device comprising: a component, wherein the component is to perform a cryptographic operation, and wherein the component is to store an indication of a measured state of the computing device obtained during booting of the computing device” is taught in ‘156 paragraphs 12 and 14, note the component is the security chip such as the TPM;
“firmware stored in a first memory of the computing device; and a processor to: obtain a secret for use by the component, wherein the firmware is to control obtaining of the secret, wherein the secret is obtainable from information stored in a second memory of the computing device; and wherein the secret is associated with the computing device” is shown in ‘156 paragraphs 13-16, note the firmware stored is the BIOS;
“and transmit the secret to the component via the firmware” is disclosed in ‘156 paragraph 19, note “the BIOS 106 to pass in the hashed value of the unsealed secret to the TPM”;
Although ‘156 states in paragraph 16 “For example, the non-volatile memory 108 may be lockable using a password-controlled procedure” which suggests an administration credential is installed in the firmware, since the exact phrase “install an administration credential in the firmware” is not used it could be argued, the following is not explicitly taught in ‘156:
“install an administration credential in the firmware” however ‘363 teaches a stored password 210 is stored on the computerized device 106 intended for delivery to end user 110. Stored password 210 is preferably stored in a secure location of the device. This secure location could be, for example, encrypted on a hard drive, in a secured area of BIOS, or within a trusted platform module (TPM)” in paragraph 21;
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of method for controlling access to a computerized device taught in ‘363 to include a means install an administration credential in the firmware. One of ordinary skill in the art would have been motivated to perform such a modification because methods and techniques for controlling initial access to a computerized device have significant drawbacks improvements are needed see ‘363 paragraphs 4-5.
As to dependent claim 2, “The computing device of claim 1, where the processor is to: generate the information for obtaining the secret, wherein the information is generated via the firmware; and store the information in the second memory” is taught in ‘156 paragraphs 15-16.
As to dependent claim 3, “The computing device of claim 1, wherein the component is to generate, and store in the component, a first hash based on the secret and the measured state of the computing device obtained prior to transmission of the secret, wherein an access control policy implemented by the component is to: block access to user data stored in the component in response to the component determining that a second hash generated by the component does not match the first hash, wherein the second hash is based on a re-obtained version of the secret transmitted to the component by the processor, and wherein the re-obtained version of the secret is obtained after the access control policy is implemented; and provide the processor with access to the user data stored in the component in response to the component determining that the second hash matches the first hash” is shown in ‘156 paragraphs 17-19.
As to dependent claim 4, “The computing device of claim 3, where the processor is to: provide the user data to the component prior to implementing the access control policy; and instruct the component to implement the access control policy” is disclosed in ‘156 paragraphs 19-20.
As to dependent claim 5, “The computing device of claim 3, where the component comprises a trusted platform module (TPM), and where the processor is to: transmit the secret to the TPM with a command to instruct the TPM to generate the first hash, wherein the first hash is based on the secret” is taught in ‘156 paragraphs 15-17.
As to dependent claim 6, “The computing device of claim 5, where the processor is to: in response to determining that the TPM is implementing the access control policy, re-obtain the secret from the information; and transmit the re-obtained secret to the TPM with a command to instruct the TPM to: generate the second hash, wherein the second hash is based on the re-obtained secret; and release the user data stored therein to the processor in response to the TPM determining that the second hash matches the first hash” is shown in ‘156 paragraphs 15-19.
As to independent claim 7, “A computing device comprising: a cryptoprocessor; firmware stored in a memory of the computing device” is taught in ‘156 paragraphs 12 and 14;
“wherein: in the first permission state, the firmware is to block the cryptoprocessor from receiving a secret obtainable by the firmware; and in the second permission state, the firmware is to transmit the secret to the cryptoprocessor” is shown in ‘156 paragraph 19;
Although ‘156 states in paragraph 16 “For example, the non-volatile memory 108 may be lockable using a password-controlled procedure” which suggests comparing user credentials to trusted credentials, since the exact phrase “first permission state, receive a user credential…matches a trusted credential” is not used it could be argued, the following is not explicitly taught in ‘156:
“and a processor to: where the firmware is in a first permission state, receive a user credential; in response to verifying that the user credential matches a trusted credential, instruct the firmware to change its permission state to a second permission state” however ‘363 teaches comparing the supplied password with the stored password and if they are the same full access (i.e. second permission state) is provided. In addition is the passwords do not match the end user may be given limited access in paragraph 26.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of method for controlling access to a computerized device taught in ‘363 to include a means to change permission state if a user credential matches a trusted credential. One of ordinary skill in the art would have been motivated to perform such a modification because methods and techniques for controlling initial access to a computerized device have significant drawbacks improvements are needed see ‘363 paragraphs 4-5.
As to dependent claim 8, “The computing device of claim 7, wherein the processor is to transmit the secret to the cryptoprocessor with a command to instruct the cryptoprocessor to generate a hash from the secret, wherein the hash is generated based on a state of the computing device measured during booting of the computing device” is taught in ‘156 paragraph 17.
As to dependent claim 9, “The computing device of claim 8, wherein the command is to instruct the cryptoprocessor to: release user data stored in the cryptoprocessor in response to the cryptoprocessor determining that the hash matches a previously-generated hash generated and stored in the cryptoprocessor, wherein the previously generated hash is based on the secret and a state of the computing device measured during a previous boot of the computing device” is shown in ‘156 paragraphs 17-20.
As to dependent claim 10, “The computing device of claim 9, where the processor is to: in response to the cryptoprocessor releasing the user data, receive the user data from the cryptoprocessor for use by the computing device” is disclosed in ‘363 paragraphs 32-35.
As to dependent claim 11, “The computing device of claim 8, wherein the cryptoprocessor comprises a trusted platform module (TPM), and the command comprises a TPM extend command to instruct the hash to be stored in: a platform configuration register (PCR) of the TPM; or a non-volatile random-access memory (NVRAM) location of the TPM” is taught in ‘156 paragraph 17.
As to independent claim 12, “A non-transitory machine-readable medium storing instructions readable and executable by a processor of a computing device to:” and “acquire a secret from information stored in a memory of the computing device via the firmware” is taught in ‘156 paragraphs 13-16 and 19; Although ‘156 states in paragraph 16 “For example, the non-volatile memory 108 may be lockable using a password-controlled procedure” which suggests an administration credential is installed in the firmware, since the exact phrase “install an administration credential in the firmware” is not used it could be argued, the following is not explicitly taught in ‘156:
“in response to determining that a user credential matches an administration credential installed in firmware of the computing device” and “in response to determining that the user credential does not match the administration credential, block acquiring of the secret via the firmware; in response to acquiring the secret, provide the secret to a cryptoprocessor of the computing device” however ‘363 teaches a stored password 210 is stored on the computerized device 106 intended for delivery to end user 110. Stored password 210 is preferably stored in a secure location of the device. This secure location could be, for example, encrypted on a hard drive, in a secured area of BIOS, or within a trusted platform module (TPM)” in paragraph 21 and 363 teaches comparing the supplied password with the stored password and if they are the same full access (i.e. second permission state) is provided. In addition is the passwords do not match the end user may be given limited access in paragraph 26.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of method for controlling access to a computerized device taught in ‘363 to include a means install an administration credential in the firmware and include a means to change permission state if a user credential matches a trusted credential. One of ordinary skill in the art would have been motivated to perform such a modification because methods and techniques for controlling initial access to a computerized device have significant drawbacks improvements are needed see ‘363 paragraphs 4-5
As to dependent claim 13, “The non-transitory machine-readable medium of claim 12, wherein the processor is to: receive data released by the cryptoprocessor in response to the cryptoprocessor being provided with the secret; and implement a function of the computing device based on the data” is taught in ‘156 paragraph 19.
As to dependent claim 14, “The non-transitory machine-readable medium of claim 13, where the processor is to: in response to the computing device receiving a disable request after receiving the data: disable a control policy implemented by the cryptoprocessor, where the control policy is to control whether the cryptoprocessor is to release or block release of the data stored therein; and disable further use of the secret by the firmware” is shown in ‘262 paragraph 26.
As to dependent claim 15, “The non-transitory machine-readable medium of claim 12, where the processor is to: instruct the cryptoprocessor to generate a digest based on the secret provided to the cryptoprocessor, wherein the digest is extended from a previously-obtained digest of a measured state of the computing device received by the cryptoprocessor during booting of the computing device, and wherein the extended digest is usable by the cryptoprocessor to permit data to be released from the cryptoprocessor for transmission to the processor of the computing device” is disclosed in ‘156 paragraphs 17-19.
Conclusion
10. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ELLEN TRAN/Primary Examiner, Art Unit 2433 9 January 2026