Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continuation
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on January 05, 2021 has been entered.


Response to Arguments
Applicant’s arguments filed January 05, 2021 have been fully considered. A new ground(s) of rejection is presented due to Applicant’s amendment. 

The Examiner notes Applicant is aware of relevant prior art and has not made that prior art available to The Examiner. As a result, The Examiner is unable to efficiently and effectively examine the current claims. The action below represents The Examiner’s best effort despite not having all relevant prior art known to Applicant. In order to effectively examine this application requirements for submission of all known prior art known to Applicant will not be held in abeyance.
The Examiner notes Applicant refers to prior art document ISO 26262 in the disclosure but did not provide a copy of this document. The Examiner requests Applicant provide a copy of this document and all other relevant prior art known to Applicant.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1 – 6, 8 – 15 and 17 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over AAPA (Applicant Admitted Prior Art as disclosed in the background of Applicant’s disclosure) in view of Ramirez (US Pub. No. 2007/0271437 A1) in view of Lewis (US Pub. No. 2009/0094421 A1).

Per claim 1, AAPA suggests an apparatus for (reads on any of the exemplary apparatus that perform the dedicated actions and include their own processors and memory which can be susceptible to authorized access, see AAPA para 0004 – 0005) performing a dedicated function (reads on any of the exemplary dedicated functions associated with the exemplary dedicated apparatus that perform functions such as pressure sensing, temperature sensing and braking actuating, see AAPA para 0005), the apparatus comprising at least one processor (reads on any of the exemplary apparatus that may include their own processors and memory which can be susceptible to authorized access, see AAPA para 0005);  firmware in communications with the processor (reads on program instructions stored in component memory, see AAPA para 0005);  programmable non-volatile memory coupled to the firmware, the programmable non-volatile memory having programmable operational characteristics (see AAPA para 0006);  and instructions stored on the firmware and executable by the processor to: configure a first partition of the programmable non-volatile memory (reads on component circuitry that generates a separate block of memory that is locked down after a downstream process writes to it, see AAPA para 0008), implement a first set of safety features of the programmable non-volatile memory in the first partition, wherein the first set of safety features includes preventing alteration of data in the first partition after completion of a first manufacturing process (reads on components that store data are subject to functional safety standards and other regulations that require assurance that data and program instructions stored in component memory is protected from unauthorized access, see AAPA para 0006);  facilitate performance of the dedicated function (reads on program instructions of any of the exemplary dedicated functions 
[0005] Complex systems that include electronic control units, and other dedicated electronic apparatus, especially those that include wireless communication capabilities, can be susceptible to unauthorized access that could degrade system safety and performance.  Such unauthorized access may be possible during the system's operation, or even in the manufacturing process of the system or system components. 
 
[0006] In some industries, including the automotive industry, components that store data are subject to functional safety standards and other regulations that require manufacturers to assure that data and program instructions stored in component memory is protected from unauthorized access.  Component manufacturers can comply with these standards and regulations by implementing 
component circuitry that locks down component memory and prevents unauthorized reading or alteration of data and program instructions after they are stored in the memory. 
 
[0008] Traditionally, component manufacturers have included separate blocks of memory in a component in which one block of memory can be locked down after an upstream manufacturing process so that data stored in that block cannot be altered.  Another block of the memory in the component remains accessible to downstream processes.  Multiple downstream processes may sequentially write to and then lock down their own block of memory in the component, for example.  However, providing separate blocks of memory for different access during sequential manufacturing processes is inefficient from both a cost and data storage perspective. 


Ramirez suggests 
determines partition boundaries of the first partition (reads on an intelligent system that determines and builds a partition that is an optimal size for that system, see Ramirez para 0002, 0009, 0021, 0024 and 0042) and the second partition based on data storage requirements of the first manufacturing process and the second manufacturing 
Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the separate block of memory teachings of the prior art of record by integrating the dynamic partitioning teachings of Ramirez to realize the instant limitation. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. As in Ramirez, it is within the capabilities of one of ordinary skill in the art to substitute one known in the art method of blocking/partitioning for another known in the art method of blocking/partitioning that accomplishes the same result of having separate blocks of memory. The teachings of Ramirez implement a separate block of memory/a partition via a dynamic procedure that is optimized for a particular system/manufacturing process, in a system similar to that of the prior art of record in order to realize the expected benefit of increasing efficiency by blocking/partitioning/allocating just enough space that is needed (see Ramirez para 0010). The combined teachings suggest to one of ordinary skill in the art that the multiple separate blocks of memory in the prior art can be implemented via the notoriously well-known technology of dynamic partitioning, in such a way that any time a separate block of memory is needed during the manufacturing process, it is implemented via the dynamic partitioning process in order to tailor the size of the block of memory to the specific process/system. The motivation to combine the references similarly applies to all dependent claims under this heading.
Lewis suggests 

[0001] The present invention generally relates to system firmware maintenance and, more particularly, to setting and write protecting non-volatile memory in an electronic device.

[0002] System firmware, for example, basic input/output system (BIOS) or core system software code is typically maintained within a non-volatile memory of a corresponding electronic device, for example, a desktop computer, laptop computer, personal digital assistant (PDA), set top boxes, servers, point-of-sale (POS) devices, automated teller machines (ATMs), wireless communication devices, for example, cellular telephones and other suitable devices and combinations thereof. The system firmware is operative to recognize and initialize the hardware subsystems and components of the electronic device and transfer control of the electronic device to an applicable operating system, upon completion of the initialization process. During the initialization process, sometimes referred to as the power on self test (POST) process, the electronic device retrieves firmware from a predetermined location within the non-volatile memory and loads it into the system memory, commonly referred to as Random Access Memory or RAM. The initialization process ultimately transfers device control to the operating system.

[0003] The firmware is typically written to a section of non-volatile memory of the electronic device, such as flash memory, during the manufacturing process. During this process the non-volatile memory must necessarily be write-enabled. A typical, though not exclusive manufacturing process, could include, for example, the assembly of various components of an electronic device, including a non-volatile memory. The non-volatile memory could be loaded with a baseline version of firmware such that the assembled electronic device would be capable of functioning (e.g. have code instructions from memory executed by a processor, with input and output functions operable for the device to communicate with a user). However, the baseline firmware may or may not be the final production version, complete with all code and data intended for final production of the electronic device. Firmware includes executable code as well as data. One piece of data may include a platform identification or platform ID that is a unique identifier of the specific platform or assembly of the electronic device. Such data as well as updates or modifications of the executable code of the firmware may need to be added to the non-volatile memory in order to arrive at the final production version of the firmware.

[0004] It is therefore desirable to allow certain untrusted code or code that is not part of the firmware, to have access and write privileges to portions of the non-volatile memory during a manufacturing phase of the electronic device to update firmware executable code, data, platform IDs, etc. However, after the manufacturing phase, when the electronic device is in production phase, for example, when it is transferred to or otherwise under the control of an it is desirable to have portions or sectors of the non-volatile memory write-protected before any untrusted code is executed. Protecting the non-volatile memory, in part, helps secure and protect the operational integrity of the electronic device.

[0008] Another advantage provided by the present invention is that it provides an efficient manufacturing process that allows writing to non-volatile memory during a manufacturing mode, but provides write-protection of such non-volatile memory after finalizing and setting the non-volatile memory; thereby placing the electronic device into production mode.

[0030] FIG. 2 is a flow chart illustrating the relevant portion of the reset vector 200 performed by the computer 100 to provide for initialization of the firmware and secure execution and write protection of the flash memory according to the present invention. In other words, the method 200 illustrated in FIG. 2, when executed by the computer 100, either: (i) allows modification of the Sectors 151-155 as needed in manufacturing mode, so that a system manufacturer may load the final production version of code and data into the non-volatile memory 150 according to steps 220 and 400; or (ii) does not allow modification of the Sectors 151-155, and sets write-protection for certain Sectors 151-155 of the non-volatile memory 150. The write-protected mode may prevent untrusted software programs from writing to portions of the non-volatile memory 150, such as BIOS or other core system software, and is intended to protect the memory from malicious software attacks.

[0037] Step 220 includes execution routines that write the production version of code to the non-volatile memory, for example, the final firmware version, platform ID, and/or other code and data. One of skill in the art should recognize that this procedure may be used to modify any software in non-volatile memory of the computer 100, and not merely software that is in flash memory.
[0038] According to one embodiment of the present invention, step 220 may include logic for setting the final configuration of the non-volatile memory that requires multiple passes through the reset vector 200. This is indicated by dotted path 221 which loops back to the beginning of the reset vector 200. Provided that step 400 has not been executed, the signature byte should remain at the default value, and so the manufacturing configuration procedure of step 220 will be entered repeatedly until configuration is complete.
[0040] After step 400, certain portions of the non-volatile memory are write-protected in step 230. Write-protecting the non-volatile memory, such as sectors 151-155 (FIG. 1), may be done by any suitable methods as may be known in the art. For example flash memory may be write-protected using flash program commands. Alternatively, one may use chipset write-protect registers to write protect memory. Another method of write-protecting includes, for example, using CPU registers to prevent writes from going to the specified regions of memory. Yet another method includes using 
[0043] According to one embodiment, the write-protection of the non-volatile memory that contains the firmware is effectively controlled by the firmware, for example, by setting and locking the state of a general purpose output that has been connected to a pin or pins of the non-volatile memory device that control write-protection of the sectors of the non-volatile memory. By connecting and locking the state of the general purpose output to the appropriate pin or pins, the Operating System will be unable to change the write-protection on the memory. This is advantageous in preventing untrusted third parties from exploiting Operating System services to attack the firmware.

Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the firmware and memory teachings of the prior art of record by integrating the firmware and memory teachings of Lewis to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. As in Lewis, it is within the capabilities of one of ordinary skill in the art to explicitly teach what was suggested by the prior art of record (The Examiner construes it to be an obvious limitation of the dedicated apparatus of AAPA performing its function via the use of stored program instructions because one of ordinary skill in the art would know the instructions would have to be written in some manner to the component in order for the component to contain the program instructions, see AAPA para 0004 – 0007). Lewis explicitly teaches a manufacturing process comprising writing instructions to firmware (reads on the firmware for the electronic device to function is written during the manufacturing process, see Lewis para 0003) for preventing alteration of data (reads on 



Per claim 2, the prior art of record further suggests comprising instructions stored on the firmware and executable by the processor to: configure an nth partition of the programmable non-volatile memory (reads on components that store data are subject to functional safety standards and other regulations that require assurance that data and program instructions stored in manufacturing/system specific dynamically partitioned component memory is protected from unauthorized access, see AAPA para 0006 and Ramirez para 0002, 0009, 0021, 0024 and 0042);  and implement an nth set of safety features of the programmable non-volatile memory in the third partition, wherein the nth 
Per claim 3, the prior art of record further suggests wherein the dedicated function comprises sensing a pressure (The Examiner construes this to be an obvious limitation of the known in the art pressure sensor, see AAPA para 0004). 
Per claim 4, the prior art of record further suggests wherein the dedicated function comprises switching an electrical pathway (The Examiner construes this to be an obvious limitation of the known in the art ECUs, actuators, circuitry and sensors, see AAPA para 0004).  
Per claim 5, the prior art of record further suggests wherein the programmable non-volatile memory comprises an electrically erasable programmable read-only memory 
Per claim 6, the prior art of record further suggests wherein the first set of safety features include instructions in the firmware configured to prevent unauthorized alteration of the firmware (reads on components that store data are subject to functional safety standards and other regulations that require assurance that data and program instructions stored in manufacturing/system specific dynamically partitioned component memory is protected from unauthorized access, see AAPA para 0006 and Ramirez para 0002, 0009, 0021, 0024 and 0042 and Lewis para 0003, 0008 and 0043). 
Per claim 8, the prior art of record further suggests wherein the first set of safety features and the second set of safety features comply with a standard of functional safety for electrical and/or electronic systems in production automobiles (reads on components that store data are subject to functional safety standards and other regulations that require assurance that data and program instructions stored in manufacturing/system specific dynamically partitioned component memory is protected from unauthorized access, see AAPA para 0006 and Ramirez para 0002, 0009, 0021, 0024 and 0042). 
Per claim 9, the prior art of record further suggests wherein the standard of functional safety comprises International Organization for Standardization (ISO) standard 26262 (reads on ISO 26262 is a known in the art international functional safety standard, see AAPA para 0010 and 0011).
Claim 10 is analyzed with respect to claim 1.
Claim 11 is analyzed with respect to claim 2.
Claim 12 is analyzed with respect to claim 3.
Claim 13 is analyzed with respect to claim 4.
Claim 14 is analyzed with respect to claim 5.
Claim 15 is analyzed with respect to claim 6.
Claim 17 is analyzed with respect to claim 8.
Claim 18 is analyzed with respect to claim 9.
Claim 19 is analyzed with respect to claim 1.
Claim 20 is analyzed with respect to claim 2.




Contact

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Brian Shaw whose telephone number is (571)270-5191.  The examiner can normally be reached on Mon-Thurs from 6:00 AM-3:30 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's Supervisor, Ashok Patel can be reached on (571) 272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For 


/BRIAN F SHAW/Primary Examiner, Art Unit 2491