CTNF 19/082,381 CTNF 87598 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. This Office Action is in response to the application 19/082381 filed on 03/18/2025. Claims 1-20 have been examined and are pending in this application. Priority 02-27 AIA Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. PCT/CN2023/103448, filed on June 28, 2023, which claims priority to Chinese Patent App. No. 202211139911.3 , filed on September 19, 2022 . Information Disclosure Statement The information disclosure statement (IDS), submitted on 04/15/2025, 04/30/2025, 08/28/2025, 10/16/2025, 11/13/2025, and 05/12/2026, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status . 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-20-02-aia AIA This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA Claim s 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith, II et al. (“Smith,” US 2018/0004953) in view of Bursell et al. (“Bursell,” US 2022/0035904) . Regarding claim 1: Smith discloses a computer device comprising: a processing chip configured to construct, based on a root of trust ( Smith: par. 0039 a processor may include a hardware root-of-trust for verified boot ); and a security chip ( Smith: par. 0026 security standards may include [] Trusted Platform Module ("TPM") devices ) configured to: operate the root of trust ( Smith: par. 0026 TPM devices may ground a root-of-trust in an industrial control system in a tamper hardened device ); boot the processing chip based on the root of trust ( Smith: par. 0031 the secure boot process provides the processor with platform firmware that stores static root-of-trust measurements, needed to ensure the integrity of boot objects, in PCRs of the hardware security module ); and perform trusted control on the processing chip ( Smith: par. 0031 the system may verify a correct set of platform integrity measurements collected during a measured boot of the processor ). Smith does not explicitly disclose a trusted execution environment (TEE) to implement confidential computing. However, Bursell discloses a trusted execution environment (TEE) to implement confidential computing ( Bursell: par. 0015 the trusted execution environment (TEE) may execute one or more processes and use hardware based encryption to isolate the data of the processes from other processes running on the data exchange device ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Bursell with the system/method of Smith to include a trusted execution environment (TEE) to implement confidential computing. One would have been motivated to enable a state of a computing system include confidential or proprietary executables and configuration information that may be loaded onto a device and executed by the device to provide a computing service ( Bursell: par. 0013 ). Regarding claim 2: Smith in view of Bursell discloses the computer device of claim 1. Bursell further discloses wherein the security chip is further configured to: obtain, using the root of trust, a firmware image ( Bursell: par. 0102 the executable image data may include a network bootable image of an operating system and the executable code executed in the trusted execution environment may control access to the network bootable image ); and further boot, after the processing chip is powered on, the processing chip using the firmware image ( Bursell: par. 0034 booting may be the process of starting the computing device and may be initiated by a hardware device (e.g., button press); par. 0035 network booting may enable a computing device to load executable image data over a computer network before or during a boot process (e.g., pre-boot loading) ). The motivation is the same that of claim 1 above. Regarding claim 3: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses wherein the root of trust comprises a root for boot, a root for measurement, or a root for encryption ( Smith: par. 0031 the secure boot process provides the processor with platform firmware that stores static root-of-trust measurements ). Regarding claim 4: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses wherein the processing chip comprises an access controller configured to: receive an access request for the root of trust ( Smith: par. 0040 the hardware in the system may be used as a "trust anchor" to establish the root-of-trust in the system ); forward the access request to the security chip when the access request has access permission ( Smith: par. 0041 the verification root-of-trust may be based on Hardware Verified Boot ("HVB") and originates in the processor. Note that a HVB may use security information (e.g., public key or hash of the public key used to sign the firmware) to verify the integrity of the boot firmware (BIOS, U-boot, etc.) prior to transferring control to that firmware ); and reject the access request when the access request does not have the access permission ( Smith: par. 0041 the processor lacks full HVB, extra precautions might be provided to prevent tampering with the boot firmware stored in persistent memory ), and wherein the security chip is further configured to respond to the access request ( Smith: par. 0042 the measurement root-of-trust may provide a secure audit trail about the firmware and software stack running on the ICS component ). Regarding claim 5: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses wherein the security chip comprises an access controller configured to: receive an access request for the root of trust ( Smith: par. 0040 the hardware in the system may be used as a "trust anchor" to establish the root-of-trust in the system ); respond to the access request when the access request has access permission ( Smith: par. 0041 the verification root-of-trust may be based on Hardware Verified Boot ("HVB") and originates in the processor [] HVB may use [] to verify the integrity of the boot firmware (BIOS, U-boot, etc.) prior to transferring control to that firmware ); and reject the access request when the access request does not have the access permission ( Smith: par. 0041 the processor lacks full HVB, extra precautions might be provided to prevent tampering with the boot firmware stored in persistent memory ). Regarding claim 6: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses wherein the processing chip comprises a first access controller configured to: receive an access request for the root of trust ( Smith: par. 0040 the hardware in the system may be used as a "trust anchor" to establish the root-of-trust in the system ); obtain permission indication information of the access request ( Smith: par. 0041 the verification root-of-trust may be based on Hardware Verified Boot ("HVB") and originates in the processor [] HVB may use [] to verify the integrity of the boot firmware (BIOS, U-boot, etc.) prior to transferring control to that firmware ); and forward the access request and the permission indication information to the security chip ( Smith: par. 0041 a measurement root-of-trust begins at hardware reset and a verification process proceeds as the system boots from reset to boot firmware (e.g., BIOS) to boot loader to OS and applications ), and wherein the security chip comprises a second access controller configured to: respond to the access request when the permission indication information indicates the access request has access permission ( Smith: par. 0041 processes may lack a hardware verified boot capability, so the verification root-of-trust may instead begin in the firmware loaded from persistent memory (e.g., flash) on the ICS controller ); and reject the access request when the permission indication information indicates the access request does not have the access permission ( Smith: par. 0041 the processor lacks full HVB, extra precautions might be provided to prevent tampering with the boot firmware stored in persistent memory ). Regarding claim 7: Smith in view of Bursell discloses the computer device of claim 1. Bursell further discloses wherein the TEE is configured to send a first access request that has access permission, and wherein second access requests from outside the TEE do not have the access permission ( Bursell: par. 0028 computing device 110B may use the trusted execution environment 120 to perform data retrieval 140, data distribution 150 [] protected content 128 may originate from computing device 110A and may be transferred from computing device 110A to computing device 110B and loaded into trusted execution environment 120; par. 0018 the trusted execution environment may be implemented and enforced by a hardware processor and may isolate the protected content and executable code from being accessed by any and all processes executed outside the trusted execution environment ). The motivation is the same that of claim 1 above. Regarding claim 8: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses wherein the processing chip comprises a first communication protector, wherein the security chip comprises a second communication protector that matches the first communication protector, and wherein the first communication protector and the second communication protector are configured to jointly protect communication between the security chip and the processing chip ( Smith: par. 0074 new processor architectures to the supported portfolio requires inclusion of dedicated security hardware (e.g., a TPM device) and adapting the platform boot software to implement secure boot technologies [] the system can then leverage the higher level security services provided by the OS, communications and security services ). Regarding claim 9: Smith in view of Bursell discloses the computer device of claim 8. Smith further discloses wherein the first communication protector and the second communication protector are further configured to further jointly protect the communication according to a key policy ( Smith: par. 0057 the system may protect the contents of the drive through message authentication code, such as a keyed Hash Message Authentication Code ("HMAC") (e.g., dm-verity) [] a TPM device may secure and protect the symmetric keys used for the file system/partition encryption or for message-authentication codes ). Regarding claim 10: Smith in view of Bursell discloses the computer device of claim 9. Smith further discloses wherein the first communication protector and the second communication protector are further configured to further jointly protect the communication according to a signature policy or a timestamp policy ( Smith: par. 0033 using package code signing tools that include signature information integrated with run-time signature verification mechanisms with appropriate public keys and correspond to private signing keys ). Regarding claim 11: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses wherein the processing chip is further configured to generate a measurement value in a boot process, and wherein the security chip is further configured to: receive the measurement value from the processing chip ( Smith: par. 0031 the system may verify a correct set of platform integrity measurements collected during a measured boot of the processor ); receive a security verification request for the TEE ( Bursell: par. 0076 establishing a trusted execution environment may involve creating a new trusted execution environment or updating an existing trusted execution environment ); generate a measurement report based on the measurement value ( Bursell: par. 0079 the verification function may take as input the attestation data and provide output that indicates whether the computing device 110B is verified (e.g., trusted) ); and feed back the measurement report based on the security verification request ( Bursell: par. 0095 control logic 524 may use or evaluate the authentication data to authenticate the recipient device and provide access to some or all of the protected content 128 ). The motivation is the same that of claim 1 above. Regarding claim 12: Smith in view of Bursell discloses the computer device of claim 1. Smith further discloses further comprising a memory chip, wherein the processing chip further comprises a memory encrypter, wherein the security chip is further configured to: generate a key using the root of trust ( Smith: par. 0026 that TPM devices may be as a root-of-trust for measurement and/or for sealing and protecting platform secrets (e.g., encryption keys used for secure local storage and for device authentication) ); and provide the key to the memory encrypter ( Smith: par. 0059 the private keys might be stored in a password protected secure key store on the embedded device ), wherein the memory encrypter is configured to: encrypt memory data using the key to obtain encrypted memory data, and provide the encrypted memory data to the memory chip ( Smith: par. 0029 objects may be stored in an encrypted store of the industrial control system in accordance with the secure audit trail. Moreover, a hardware security module coupled to or integrated with a processor of the industrial control system may secure symmetric keys used to access the encrypted storage ); or obtain the encrypted memory data from the memory chip, and decrypt the encrypted memory data using the key to obtain the memory data ( Smith: par. 0032 the processor may be placed in a trusted state and, after being placed in the trusted state, the processor may load and decrypt the objects from the encrypted storage to create the firmware and software stack ), and wherein the memory chip is configured to: store the encrypted memory data ( Smith: par. 0020 data in the encrypted storage 130 might include, for example, one or more objects that can be accessed using a symmetric key stored in the hardware security module 110 ); or provide the encrypted memory data to the memory encrypter ( Smith: par. 0021 automatically access the encrypted storage 130 to execute a trusted Operating System ("OS") to configure the components 140 for an industrial asset ). Regarding claim 13: A method comprising: operating, by a security chip of a computer device, a root of trust ( Smith: par. 0039 a processor may include a hardware root-of-trust for verified boot ); booting, by the security chip, a processing chip of the computer device based on the root of trust ( Smith: par. 0031 the secure boot process provides the processor with platform firmware that stores static root-of-trust measurements, needed to ensure the integrity of boot objects, in PCRs of the hardware security module ); performing, by the security chip, trusted control on the processing chip ( Smith: par. 0031 the system may verify a correct set of platform integrity measurements collected during a measured boot of the processor ); and constructing, by the processing chip and based on the root of trust, a trusted execution environment (TEE) to implement confidential computing ( Bursell: par. 0100 the trusted execution environment may include an encrypted memory area and may use memory encryption to isolate the executable code in the trusted execution environment from being accessed by processes executing external to the trusted execution environment ). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Bursell with the system/method of Smith to include a trusted execution environment (TEE) to implement confidential computing. One would have been motivated to enable a state of a computing system include confidential or proprietary executables and configuration information that may be loaded onto a device and executed by the device to provide a computing service ( Bursell: par. 0013 ). Regarding claim 14: Claim 14 is similar in scope to claim 2, and is therefore rejected under similar rationale. Regarding claims 15-20: Claims 15-20are similar in scope to claims 4-9, respectively, and are therefore rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439 Application/Control Number: 19/082,381 Page 2 Art Unit: 2439 Application/Control Number: 19/082,381 Page 3 Art Unit: 2439 Application/Control Number: 19/082,381 Page 4 Art Unit: 2439 Application/Control Number: 19/082,381 Page 5 Art Unit: 2439 Application/Control Number: 19/082,381 Page 6 Art Unit: 2439 Application/Control Number: 19/082,381 Page 7 Art Unit: 2439 Application/Control Number: 19/082,381 Page 8 Art Unit: 2439 Application/Control Number: 19/082,381 Page 9 Art Unit: 2439 Application/Control Number: 19/082,381 Page 10 Art Unit: 2439 Application/Control Number: 19/082,381 Page 11 Art Unit: 2439 Application/Control Number: 19/082,381 Page 12 Art Unit: 2439 Application/Control Number: 19/082,381 Page 13 Art Unit: 2439 Application/Control Number: 19/082,381 Page 14 Art Unit: 2439 Application/Control Number: 19/082,381 Page 15 Art Unit: 2439