Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/06/2021 has been entered.


Response to Arguments
In response to communication filed on 01/06/2021, applicant amends claims 1 and 13.  The following claims, 1-3, 5-17, 19, and 20 are presented for examination.   

Applicant’s arguments, see Pages 9-12, filed January 06, 2021, with respect to the rejection(s) of claim(s) 1-3, 5-17, 19, and 20 under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  newly found prior art reference, Khisti et al. (US10638202 B1, file date 03/15/2013).


Upon further consideration and based on claim amendments, a new ground of rejection of claims 1-3, 5-17, 19, and 20 is set forth below.  



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 5-17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ulrich et al. (US 2015/0347738 A1, publish date 12/03/2015) in view of Velusamy (US 2017/0085546 A1, file date 09/17/2015) further in view of Khisti et al. (US10638202 B1, file date 03/15/2013).

Claim 1:
With respect to claim 1, Ulrich et al. discloses a method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system (a process for a proximity unlock operation, 0010, Figure 5) (a packet that contains a message, header, payload, Figure 11),  the method comprising:
receiving a message via a communication network (electronic device 202 initiates the proximity unlock operation by generating and broadcasting an advertisement 
message, 0066, Figure 5, 502), the message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066) (packet, header, payload, Figure 11) comprising an unencrypted message header and an encrypted message payload (electronic device 202 may send an advertisement message that includes data (service identifiers, request flags, header or payload fields, etc.) that indicate that the advertisement message is requesting responses from devices that provide a proximity unlock operation service, 0056) (the information from the connection request is encrypted and the first electronic device decrypts the information using a key acquired during a preliminary pairing operation between the first electronic device and the second electronic device (e.g., a "cloud pairing" operation, as described below), 0024) (the advertisement message is encrypted using the above-described encryption key from the pairing information, 0066);
determining, by one or more processors, that the message is an unlock message configured to access one or more protected functions of the embedded node (locked operating state, one or more functions of electronic device 202 are disabled, in the locked operating state, the user may be unable to access home screens/a desktop presented on a display of electronic device 202, access some or all application programs provided by electronic device 202, access some or all files stored in electronic device 202, access functions performed by electronic device 202 (e.g., cellular telephone functions, camera functions, etc.), and/or otherwise interact with electronic device 202.   In the unlocked operating state, the above-described one or more functions of electronic device 202 are enabled, 0037) based on a bit sequence of one or more bits in the message unencrypted header (the indication may be included in an encoded format such as being represented by one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service is the service that is being searched for, 0066) (The advertisement message is formatted and handled in accordance with the underlying protocol (e.g., limited to a corresponding number of bits/bytes, 0067) (electronic device 202 receives a connection request message comprising a connection request from authorized electronic device 204 , connection request message is formatted and handled in accordance with the underlying protocol (e.g., limited to a corresponding number of bits/bytes, 0072) (Upon receiving the connection request message, electronic device 202 can extract information from the connection request (e.g., a device identifier, a user account identifier, a certificate, etc.), extracts the information from the decrypted connection request message, compare the extracted information to information in the list of devices that are permitted to enable the proximity unlock operation, electronic device 202 transitions from the locked operating state to the unlocked operating state, 0073);
determining, by one or more processors, whether a manual control mechanism has been placed in a particular state by a human operator (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500); and
based upon (i) the determination that the message is an unlock message, and (ii) the determination of whether the manual control mechanism has been placed in the particular state, determining either to cause or not to cause, by one or more processors, the embedded node to enter an unlocked state (Upon approving the connection request, electronic device 202 transitions from the locked operating state to the unlocked operating state, 0073) (electronic device 202 presents an unlocking interface on a display of electronic device 202, the user can be required to enter a password, fingerprint, perform a voice unlock, 0068) (Figure 5, 506, 510). 

Ulrich et al. does not disclose receiving the message from a source external to the secure subsystem as claimed. 

However, Velusamy teaches remote unlocking a user device, the unlock request is initiated on the user device manually via a secure connection with an authentication server, which, upon authentication contacts an integrity server having a policy engine of the wireless communication carrier (0018), receiving the message from a source external to the secure subsystem (the policy engine 126 may transmit an unlock command 128 to the user device 102, The unlock command 128 may instruct the modem 112 to disable the SIM lock engine 116 from performing the carrier verification check at each boot time of the user device, 0030-0031) (the implementation of the unlock information may cause the modem 112 to cease the execution of carrier code verification, i.e., the matching of the device carrier code 118 to the SIM carrier code 120 at boot time of the user device 102, 0062-0063).

Ulrich et al. and Velusamy are analogous art because they are from the same field of endeavor of unlock messages/commands.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Velusamy in Ulrich et al. for receiving the message from a source external to the secure subsystem as claimed for purposes of enhancing the unlock operation system of Ulrich et al. by excluding malicious third parties/spoofing and allowing unlock in shorter time. (Velusamy see 0020-0021)

Neither Ulrich et al. and Velusamy discloses in response to determining to cause the embedded node to enter an unlocked state, modifying, by the one or more processors, at least a portion of the bit sequence in the unencrypted message header of the message; and forwarding, by the one or more processors, the modified message to the embedded node, causing the embedded node to enter the unlocked state as claimed. 

However Khisti et al. teaches where a request is received from an internet protocol enabled device to pair with a target device, such as, for example, pairing IPD 150 with CED 130 (Column 5, lines 35-66, Figure 3), in response to determining to cause the embedded node to enter an unlocked state (a state change event message from the target device is received, Column 9. Lines 59-61), modifying, by the one or more (state information manager 220 checks or any existing semaphore lock on propagation of messages from subscribed to CED 132, Any lock may indicate there are previous messages from subscribed to CED 132 being propagated to subscribed IPD 152, If there is no semaphore lock, then state information manager 220 does a semaphore lock, State reflection manager 250 in turn receives the message and sends a success response to state information manager 220.  State information manager 220 releases its semaphore lock. If there are subscribers IPD 152 then state reflection manager 250 converts the JSON message to byte array.  State reflection manager 250 does a check for semaphore lock.  If the semaphore lock does not exist then state reflection manager 250 does a semaphore lock.  State reflection manager 250 then propagates the enhanced subscribed to CED 132 messages to subscribed IPD 152.  Once this is done, state reflection manager 250 releases its semaphore lock. Column 5, lines 60-column 6, line 27).

Ulrich et al., Velusamy, and Khisti et al. teaches are analogous art because they are from the same field of endeavor of unlock messages/commands.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Khisti et al. teaches in Ulrich et al. and Velusamy for in response to determining to cause the embedded node to enter an unlocked state, 

Claim 2:
With respect to claim 2, Ulrich et al. discloses wherein causing or not causing the embedded node to enter an unlocked state includes either:
in response to determining (i) that the message is an unlock message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066), and (ii) that the manual control mechanism has been placed in the particular state, causing the embedded node to enter the unlocked state (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500); or
in response to determining (i) that the message is an unlock message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066), and (ii) that the manual control mechanism has not been placed in the particular state, not causing the embedded node to enter the unlocked state (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500).

Claims 3, 16:
With respect to claims 3, 16, Ulrich et al. discloses wherein causing or not causing the embedded node to enter an unlocked state includes either:
in response to determining (i) that the message is an unlock message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066), and (ii) that the manual control mechanism has been placed in the particular state, forwarding the unlock message to either the embedded node or a controller that is a parent of the embedded node (electronic device 202 next presents an identifier for authorized electronic device 204 in a list of devices that can enable the proximity unlock operation (step 406), 0059); or


Claims 5, 14:
With respect to claims 5, 14, Ulrich et al. discloses wherein determining that the message is an unlock message based on a bit sequence of one or more bits in the unencrypted message header includes determining that the message is an unlock message based on a bit sequence of one or more bits in an Ethertype field of the unencrypted message header (an Ethernet networking system, 0031).

Claim 6:
With respect to claim 6, Ulrich et al. discloses wherein the embedded node is a controller (caches/cache controllers, 0020) (controllers, 0031) (electronic device 100 can be controller, 0035).

Claim 7:
With respect to claim 7, Ulrich et al. discloses wherein: the embedded node is a child node of a controller (Figure 2);
causing or not causing the embedded node to enter an unlocked state includes, in response to determining (i) that the message is an unlock message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066), and (ii) that the manual control mechanism has been placed in the particular state, causing the child node to enter the unlocked state (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500); and
causing the child node to enter the unlocked state includes modifying, at the controller, the bit sequence in the unencrypted message header to contain a value recognized by the child node, and after modifying the bit sequence in the unencrypted message header, forwarding the message from the controller to the child node (the first electronic device decrypts the information using a key acquired during a preliminary pairing operation, 0024) (some or all of the information in the connection response message is encrypted using a corresponding key from the pairing information.  Thus, authorized electronic device 204 may decrypt the information in the advertising message using a corresponding key to determine that authorized electronic device 204 is authorized to participate in the proximity unlock operation before sending the connection request, 0057) (the indication may be included in an encoded format such as being represented by one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service is the service that is being searched for… the advertisement message is encrypted using the above-described encryption key from the pairing information, 0066).

Claims 8, 19:
With respect to claims 8, 19, Ulrich et al. discloses wherein: causing the child node to enter the unlocked state further includes, prior to forwarding the message from the controller to the child node, decrypting the encrypted message payload, and modifying a bit sequence of one or more bits in the decrypted message payload to a value that is recognized by the child node as an unlock message indicator (the information from the connection request is encrypted and the first electronic device decrypts the information using a key acquired during a preliminary pairing operation between the first electronic device and the second electronic device, 0024) (some or all of the information in the advertisement message is encrypted using a corresponding key from the pairing information, authorized electronic device 204 may decrypt the information in the advertising message using a corresponding key to determine that authorized electronic device 204 is authorized to participate in the proximity unlock operation before sending the connection request, 0056-0057).

Claim 9:
With respect to claim 9, Ulrich et al. discloses wherein: determining that the message is an unlock message based on a bit sequence of one or more bits in the unencrypted message header includes determining that the message is an unlock message based (an Ethernet networking system, 0031).

Claim 10:
With respect to claim 10, Ulrich et al. discloses wherein the child node is a logic solver (programmable-logic devices, 0020).

Claim 11:
With respect to claim 11, Ulrich et al. discloses wherein determining that the message in an unlock message based on a bit sequence of one or more bits in the unencrypted message header includes comparing the bit sequence in the unencrypted message header to a bit sequence that is known to correspond to unlock messages (the first electronic device compares information from the connection request (e.g., a device identifier) to a record of authorized devices to determine that there is a match between the information from the connection request and a device in the record of authorized devices, 0024) (Electronic device 202 can then compare the extracted information to information in the list of devices that are permitted to enable the proximity unlock operation, 0073).



Claims 12, 15:
With respect to claims 12, 15, Ulrich et al. discloses wherein determining whether a manual control mechanism has been placed in a particular state by a human operator includes determining whether a physical button is currently being pressed by a human operator (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500).

Claim 13:
With respect to claim 13, Ulrich et al. discloses an intrusion protection device (a process for a proximity unlock operation, 0010, Figure 5) (a packet that contains a message, header, payload, Figure 11), comprising: 
a manual control mechanism (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500); and
one or more processors configured to:
(electronic device 202 initiates the proximity unlock operation by generating and broadcasting an advertisement 
message, 0066, Figure 5, 502), the message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066) (packet, header, payload, Figure 11) comprising an unencrypted message header and an encrypted message payload (electronic device 202 may send an advertisement message that includes data (service identifiers, request flags, header or payload fields, etc.) that indicate that the advertisement message is requesting responses from devices that provide a proximity unlock operation service, 0056) (the information from the connection request is encrypted and the first electronic device decrypts the information using a key acquired during a preliminary pairing operation between the first electronic device and the second electronic device (e.g., a "cloud pairing" operation, as described below), 0024) (the advertisement message is encrypted using the above-described encryption key from the pairing information, 0066);
determine whether the message is an unlock message configured to access one or more protected functions of an embedded node (locked operating state, one or more functions of electronic device 202 are disabled, in the locked operating state, the user may be unable to access home screens/a desktop presented on a display of electronic device 202, access some or all application programs provided by electronic device 202, access some or all files stored in electronic device 202, access functions performed by electronic device 202 (e.g., cellular telephone functions, camera functions, etc.), and/or otherwise interact with electronic device 202.   In the unlocked operating state, the above-described one or more functions of electronic device 202 are enabled, 0037) in the secure subsystem based on a bit sequence of one or more bits in the message header (the indication may be included in an encoded format such as being represented by one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service is the service that is being searched for, 0066) (The advertisement message is formatted and handled in accordance with the underlying protocol (e.g., limited to a corresponding number of bits/bytes, 0067) (electronic device 202 receives a connection request message comprising a connection request from authorized electronic device 204 , connection request message is formatted and handled in accordance with the underlying protocol (e.g., limited to a corresponding number of bits/bytes, 0072) (Upon receiving the connection request message, electronic device 202 can extract information from the connection request (e.g., a device identifier, a user account identifier, a certificate, etc.), extracts the information from the decrypted connection request message, compare the extracted information to information in the list of devices that are permitted to enable the proximity unlock operation, electronic device 202 transitions from the locked operating state to the unlocked operating state, 0073),
determine whether the manual control mechanism has been placed in a particular state by a human operator (While in the locked operating state, electronic device 202 
receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500), 
when determining that the message is an unlock message, and that the manual
control mechanism has been placed in the particular state, (i) determine to cause the embedded node to enter an unlocked state (Upon approving the connection request, electronic device 202 transitions from the locked operating state to the unlocked operating state, 0073) (electronic device 202 presents an unlocking interface on a display of electronic device 202, the user can be required to enter a password, fingerprint, perform a voice unlock, 0068) (Figure 5, 506, 510).

Ulrich et al. does not disclose receiving the message from a source external to the secure subsystem as claimed. 

However, Velusamy teaches remote unlocking a user device, the unlock request is initiated on the user device manually via a secure connection with an authentication server, which, upon authentication contacts an integrity server having a policy engine of the wireless communication carrier (0018), receiving the message from a source external to the secure subsystem (the policy engine 126 may transmit an unlock command 128 to the user device 102, The unlock command 128 may instruct the modem 112 to disable the SIM lock engine 116 from performing the carrier verification check at each boot time of the user device, 0030-0031) (the implementation of the unlock information may cause the modem 112 to cease the execution of carrier code verification, i.e., the matching of the device carrier code 118 to the SIM carrier code 120 at boot time of the user device 102, 0062-0063)

Ulrich et al. and Velusamy are analogous art because they are from the same field of endeavor of unlock messages/commands.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Velusamy in Ulrich et al. for receiving the message from a source external to the secure subsystem as claimed for purposes of enhancing the unlock operation system of Ulrich et al. by excluding malicious third parties/spoofing and allowing unlock in shorter time. (Velusamy see 0020-0021)

Neither Ulrich et al. and Velusamy discloses (ii) modifying at least a portion of the bit sequence in the unencrypted message header of the message; and (iii)  forwarding the modified message to the embedded node, causing the embedded node to enter the unlocked state as claimed. 

However Khisti et al. teaches where a request is received from an internet protocol enabled device to pair with a target device, such as, for example, pairing IPD 150 with CED 130 (Column 5, lines 35-66, Figure 3), in response to determining to cause the embedded node to enter an unlocked state (a state change event message from the target device is received, Column 9. Lines 59-61), (ii) modifying at least a portion of the bit sequence in the unencrypted message header of the message; and (iii)  forwarding the modified message to the embedded node, causing the embedded node to enter the unlocked state (state information manager 220 checks or any existing semaphore lock on propagation of messages from subscribed to CED 132, Any lock may indicate there are previous messages from subscribed to CED 132 being propagated to subscribed IPD 152, If there is no semaphore lock, then state information manager 220 does a semaphore lock, State reflection manager 250 in turn receives the message and sends a success response to state information manager 220.  State information manager 220 releases its semaphore lock. If there are subscribers IPD 152 then state reflection manager 250 converts the JSON message to byte array.  State reflection manager 250 does a check for semaphore lock.  If the semaphore lock does not exist then state reflection manager 250 does a semaphore lock.  State reflection manager 250 then propagates the enhanced subscribed to CED 132 messages to subscribed IPD 152.  Once this is done, state reflection manager 250 releases its semaphore lock. Column 5, lines 60-column 6, line 27).

Ulrich et al., Velusamy, and Khisti et al. teaches are analogous art because they are from the same field of endeavor of unlock messages/commands.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Khisti et al. teaches in Ulrich et al. and Velusamy for (ii) 

Claim 17:
With respect to claim 17, Ulrich et al. discloses a secure subsystem of a process control system, the secure subsystem comprising:
a controller including one or more controller processors configured to implement one or more process control modules (caches/cache controllers, 0020) (controllers, 0031) (electronic device 100 can be controller, 0035);
a logic solver including one or more logic solver processors (programmable-logic devices, 0020) configured to support a plurality of functions, wherein the plurality of functions includes one or more protected functions (locked operating state, one or more functions of electronic device 202 are disabled, in the locked operating state, the user may be unable to access home screens/a desktop presented on a display of electronic device 202, access some or all application programs provided by electronic device 202, access some or all files stored in electronic device 202, access functions performed by electronic device 202 (e.g., cellular telephone functions, camera functions, etc.), and/or otherwise interact with electronic device 202.   In the unlocked operating state, the above-described one or more functions of electronic device 202 are enabled, 0037), and wherein the logic solver is coupled to the controller as a child node of the controller; and
an intrusion protection device including a manual control mechanism (While in the locked operating state, electronic device 202 receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500), and
one or more intrusion protection processors configured to:
receiving a message via a communication network (electronic device 202 initiates the proximity unlock operation by generating and broadcasting an advertisement 
message, 0066, Figure 5, 502), the message (one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service, 0066) (packet, header, payload, Figure 11) comprising an unencrypted message header and an encrypted message payload (electronic device 202 may send an advertisement message that includes data (service identifiers, request flags, header or payload fields, etc.) that indicate that the advertisement message is requesting responses from devices that provide a proximity unlock operation service, 0056) (the information from the connection request is encrypted and the first electronic device decrypts the information using a key acquired during a preliminary pairing operation between the first electronic device and the second electronic device (e.g., a "cloud pairing" operation, as described below), 0024) (the advertisement message is encrypted using the above-described encryption key from the pairing information, 0066);
determining whether the message is an unlock message based on a bit sequence of one or more bits in the message unencrypted header (the indication may be included in an encoded format such as being represented by one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service is the service that is being searched for, 0066) (The advertisement message is formatted and handled in accordance with the underlying protocol (e.g., limited to a corresponding number of bits/bytes, 0067) (electronic device 202 receives a connection request message comprising a connection request from authorized electronic device 204 , connection request message is formatted and handled in accordance with the underlying protocol (e.g., limited to a corresponding number of bits/bytes, 0072) (Upon receiving the connection request message, electronic device 202 can extract information from the connection request (e.g., a device identifier, a user account identifier, a certificate, etc.), extracts the information from the decrypted connection request message, compare the extracted information to information in the list of devices that are permitted to enable the proximity unlock operation, electronic device 202 transitions from the locked operating state to the unlocked operating state, 0073);
determine whether the manual control mechanism has been placed in a particular state by a human operator (While in the locked operating state, electronic device 202 
receives an activation input from a user, a user can press a key on a keyboard of electronic device 202, swipe a touch-sensitive screen or entry device on/coupled to electronic device 202, speak a given command to the electronic device 202, move an input device such as a mouse coupled to electronic device 202, and/or perform another operation to enter the activation input, 0065, Figure 5, 500), and
when determining that the message is an unlock message, and that the manual control mechanism has been placed in the particular state, forward the message to the controller, (electronic device 202 next presents an identifier for authorized electronic device 204 in a list of devices that can enable the proximity unlock operation (step 406), 0059),
wherein the one or more logic solver processors are configured to, when the message is forwarded to the logic solver, determine whether the message is an unlock message based on a bit sequence of one or more bits in either the encrypted message payload or a decrypted message payload (the first electronic device decrypts the information using a key acquired during a preliminary pairing operation, 0024) (some or all of the information in the connection response message is encrypted using a corresponding key from the pairing information.  Thus, authorized electronic device 204 may decrypt the information in the advertising message using a corresponding key to determine that authorized electronic device 204 is authorized to participate in the proximity unlock operation before sending the connection request, 0057) (the indication may be included in an encoded format such as being represented by one or more bits being set to predetermined values in a particular portion of a header and/or payload of the advertisement message to indicate that the proximity unlock operation service is the service that is being searched for… the advertisement message is encrypted using the above-described encryption key from the pairing information, 0066), and
when determining that the message is an unlock message, unlocking at least one of the one or more protected functions (locked operating state, one or more functions of electronic device 202 are disabled, in the locked operating state, the user may be unable to access home screens/a desktop presented on a display of electronic device 202, access some or all application programs provided by electronic device 202, access some or all files stored in electronic device 202, access functions performed by electronic device 202 (e.g., cellular telephone functions, camera functions, etc.), and/or otherwise interact with electronic device 202.   In the unlocked operating state, the above-described one or more functions of electronic device 202 are enabled, 0037) (Upon approving the connection request, electronic device 202 transitions from the locked operating state to the unlocked operating state, 0073) (electronic device 202 presents an unlocking interface on a display of electronic device 202, the user can be required to enter a password, fingerprint, perform a voice unlock, 0068) (Figure 5, 506, 510). 

Ulrich et al. does not disclose receiving the message from a source external to the secure subsystem as claimed. 

However, Velusamy teaches remote unlocking a user device, the unlock request is initiated on the user device manually via a secure connection with an authentication (0018), receiving the message from a source external to the secure subsystem (the policy engine 126 may transmit an unlock command 128 to the user device 102, The unlock command 128 may instruct the modem 112 to disable the SIM lock engine 116 from performing the carrier verification check at each boot time of the user device, 0030-0031) (the implementation of the unlock information may cause the modem 112 to cease the execution of carrier code verification, i.e., the matching of the device carrier code 118 to the SIM carrier code 120 at boot time of the user device 102, 0062-0063)

Ulrich et al. and Velusamy are analogous art because they are from the same field of endeavor of unlock messages/commands.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Velusamy in Ulrich et al. for receiving the message from a source external to the secure subsystem as claimed for purposes of enhancing the unlock operation system of Ulrich et al. by excluding malicious third parties/spoofing and allowing unlock in shorter time. (Velusamy see 0020-0021)

Neither Ulrich et al. and Velusamy discloses wherein the one or more controller processors are further configured to, when the message is forwarded to the controller, modify the bit sequence in the unencrypted message header of the message to contain 

However Khisti et al. teaches where a request is received from an internet protocol enabled device to pair with a target device, such as, for example, pairing IPD 150 with CED 130 (Column 5, lines 35-66, Figure 3 wherein the one or more controller processors are further configured to, when the message is forwarded to the controller (a state change event message from the target device is received, Column 9. Lines 59-61), modify the bit sequence in the unencrypted message header of the message to contain a value recognized by the logic solver, and after modifying the bit sequence in the unencrypted message header, forward the message to the logic solver (state information manager 220 checks or any existing semaphore lock on propagation of messages from subscribed to CED 132, Any lock may indicate there are previous messages from subscribed to CED 132 being propagated to subscribed IPD 152, If there is no semaphore lock, then state information manager 220 does a semaphore lock, State reflection manager 250 in turn receives the message and sends a success response to state information manager 220.  State information manager 220 releases its semaphore lock. If there are subscribers IPD 152 then state reflection manager 250 converts the JSON message to byte array.  State reflection manager 250 does a check for semaphore lock.  If the semaphore lock does not exist then state reflection manager 250 does a semaphore lock.  State reflection manager 250 then propagates the enhanced subscribed to CED 132 messages to subscribed IPD 152.  Once this is done, state reflection manager 250 releases its semaphore lock. Column 5, lines 60-column 6, line 27).

Ulrich et al., Velusamy, and Khisti et al. teaches are analogous art because they are from the same field of endeavor of unlock messages/commands.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Khisti et al. teaches in Ulrich et al. and Velusamy for wherein the one or more controller processors are further configured to, when the message is forwarded to the controller as claimed for purposes of for managing state synchronization between two-way connected consumer electronic devices. (see Khisti et al. Column 1, lines 20-29)

Claim 20:
With respect to claim 20, Ulrich et al. discloses wherein the one or more controller processors are configured to forward the message to the logic solver without first decrypting any portion of the message (the pairing information exchanged during the preliminary paring operation includes information such as one or more of the public address of each of electronic device 202 and authorized electronic device 204, the protocol version of a network interface to be used to communicate between electronic device 202 and authorized electronic device 204, desired pairing encryption and/or identification keys (which are sometimes referred to as `pairing keys`), the desired long-term encryption-key LTK length (which is sometimes referred to as a `key length`), human-readable device names, device identifiers (UUIDs, MAC addresses, etc.) and/or other information, 0051).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO-Form 892)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to jeffrey c pwu whose telephone number is (571)272-6798.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm., every other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433