DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/29/2020 has been entered.


Claims 1, 8, and 15 are amendedClaims 5, 6, 12, 13, and 19 are objected toClaims 1-4, 7-11, 14-18, and 20 are pending

Allowable subject matter 

Claims 5, 12, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 

Response to Arguments
1.) Applicant’s amendment to claims 1, 8, and 15 filed on 9/29/2020 regarding “identifying that an assignment of the resource of the integrated circuit from the container corresponds to assigning the resource from the first root of trust to a new root of trust associated with a second root entity, wherein the first root of trust and the new root of trust are associated with the integrated circuit, wherein the second root entity has privileges to a different group of resources than the first root entity” necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-4, 7-11, 14-18, and 20 have been considered but are moot in view of the new ground(s) of rejection.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
1.) Claims 1-3, 7-10, 14-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied reference, US 20150326543, Pochuev in view of US 10083306, Smith
	In regards to claim 1, Pochuev teaches a method comprising:receiving a container from a first root of trust associated with a first root entity, wherein the container corresponds to a mapping of a resource of an integrated circuit that is associated with the first root entity(see US 20150326543, Pochuev, para. 0019, 0021, 0023 and fig. 1, Where a CRI System Provisioning[i.e. CRISP] is a provisioning device that provides a root of trust to a CM device[106 i.e. root authority, integrated circuit] by use of a key and Identifiers [i.e. 107, container], and wherein a delegate appliance device assigns[i.e. maps] sensitive data contained in a vault[i.e. container] to CM cores); 	verifying the container based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit(see US 20150326543, Pochuev, para. 0028-0029, after the customer receives the service devices and application devices provisioned by the CRISP, an initial authentication[i.e. verification] is performed using the stored key information provided by the CRISP); 	generating a new key corresponding to the new root of trust(see US 20150326543, Pochuev, para. 0046, where the CRISP controller sends a generate command to the HSM to generate a key pair); 	storing information corresponding to the new key for the new root of trust into a memory of the integrated circuit(see US 20150326543, Pochuev, para. 0051 and fig. 6, where data information, that includes key information generated by the key jar, is stored on a removable storage device[i.e. integrated circuit]); and 	using, by a processing device, the new key corresponding to the new root of trust to delegate the resource of the integrated circuit to a subsequent container(see US 20150326543, Pochuev, para. 0021, where the service device delegates command sequences, data, and security parameters[i.e. key] destined for CM cores, wherein the delegate device is granted by the root authority to perform trusted operations and may include an hardware security module that serves as a vault[i.e. container] for safeguarding sensitive information). 	Pochuev does not teach identifying that an assignment of the resource of the integrated circuit from the container corresponds to assigning the resource from the first root of trust to a new root of trust associated with a second root entity, wherein the first root of trust and the new root of trust are associated with the integrated circuit, wherein the second root entity has privileges to a different group of resources than the first root entity (see US 10083306, Smith, col. 2, lines 45-49, col. 3, lines 1-8 and fig. 2, where a plurality of roots of trust[i.e. 1st and 2nd roots of trust{RoT}] are associated with IoT devices[i.e. root entities] and embodied on a SoC[i.e. integrated circuit] and the RoTs are configured to communicate with each other and provide resources that may vary to include the assignment of I/O resources to a unique container, storage of data and keys, etc, wherein, implicitly, the RoTs may each be configured to process their own set of resources separate from the other RoT); 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pochuev with the teaching of Smith because a user would have been motivated to enhance the network security that uses the CM device, taught by Pochuev, by using roots of trust in devices that form the network backbone in order to establish a trusted backbone(see Smith, col. 1, lines 49-55)
 	In regards to claim 2, the combination of Pochuev and Smith teach the method of claim 1, wherein the using of the new key to delegate the resource of the integrated circuit to the subsequent container comprises: 	receiving the subsequent container(see US 20150326543, Pochuev, para. 0078, where provisioning device 1200 receives a device definition request and generates device definition response that contains provisioning information[i.e. container]); and 	determining whether a signature of the subsequent container corresponds to the new root of trust based on the new key(see US 20150326543, Pochuev, para. 0055, where the processing logic validates that the device-id and the corresponding public key are present in the key jar, wherein successfully opening the key is a successful validation).
 	In regards to claim 3, the combination of Pochuev and Smith teach the method of claim 2, wherein the using of the new key to delegate the resource of the integrated circuit to the subsequent container further comprises: delegating the resource to the subsequent container in response to a verification of the signature of the subsequent container as being associated with the new root of trust based on the new key(see US 20150326543, Pochuev, para. 0075-0076 and 0078, where the Appliance module receives a message containing a CM module signed by a HSM. The Appliance processing logic verifies the message and installs the CM module on the HSM. The CM device can transfer a definition file[i.e. definition file may include device ID, signed data, configuration information, key, etc] for each service device or appliance device in the CM system to the root authorization device[i.e. root authorization device comprises an HSM that has a vault(i.e. container) and signature information].).
 	In regards to claim 7, the combination of Pochuev and Smith teach the method of claim 1, wherein the container and the subsequent container correspond to executable (see US 20150326543, Pochuev, para. 0020, where the CM infrastructure is a multi-device system of hardware and software comprising a CM core capable of executing a set of commands).
 	In regards to claim 8, Pochuev teaches a system comprising: a memory storing computer executable code(see US 20150326543, Pochuev, fig. 12, item 1204, main memory); anda processing device operatively coupled with the memory(see US 20150326543, Pochuev, fig. 12, item 1202, processor) to execute the computer executable code to:receive a container from a first root of trust associated with a first root entity, wherein the container corresponds to a mapping of a resource of an integrated circuit that is associated with the first root entity(see US 20150326543, Pochuev, para. 0019, 0021, 0023 and fig. 1, Where a CRI System Provisioning[i.e. CRISP] is a provisioning device that provides a root of trust to a CM device[106 i.e. root authority, integrated circuit] by use of a key and Identifiers [i.e. 107, container], and wherein a delegate appliance device assigns[i.e. maps] sensitive data contained in a vault[i.e. container] to CM cores);verify the container based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit(see US 20150326543, Pochuev, para. 0028-0029, after the customer receives the service devices and application devices provisioned by the CRISP, an initial authentication[i.e. verification] is performed using the stored key information provided by the CRISP);generate a new key corresponding to the new root of trust(see US 20150326543, Pochuev, para. 0046, where the CRISP controller sends a generate command to the HSM to generate a key pair); store information corresponding to the new key for the new root of trust into a memory of the integrated circuit(see US 20150326543, Pochuev, para. 0051 and fig. 6, where data information, that includes key information generated by the key jar, is stored on a removable storage device[i.e. integrated circuit]); anduse the new key corresponding to the new root of trust to delegate the resource of the integrated circuit to a subsequent container(see US 20150326543, Pochuev, para. 0021, where the service device delegates command sequences, data, and security parameters[i.e. key] destined for CM cores, wherein the delegate device is granted by the root authority to perform trusted operations and may include an hardware security module that serves as a vault[i.e. container] for safeguarding sensitive information) 	Pochuev does not teach identify that an assignment of the resource of the integrated circuit from the container corresponds to assigning the resource from the first root of trust to a new root of trust associated with a second root entity, wherein the first root of trust and the new root of trust are associated with the integrated circuit, wherein the second root entity has privileges to a different group of resources than the first root entity 	However, Smith teaches identify that an assignment of the resource of the integrated circuit from the container corresponds to assigning the resource from the first root of trust to a new root of trust associated with a second root entity, wherein the first root of trust and the new root of trust are associated with the integrated circuit, wherein (see US 10083306, Smith, col. 2, lines 45-49, col. 3, lines 1-8 and fig. 2, where a plurality of roots of trust[i.e. 1st and 2nd roots of trust{RoT}] are associated with IoT devices[i.e. root entities] and embodied on a SoC[i.e. integrated circuit] and the RoTs are configured to communicate with each other and provide resources that may vary to include the assignment of I/O resources to a unique container, storage of data and keys, etc, wherein, implicitly, the RoTs may each be configured to process their own set of resources separate from the other RoT); 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pochuev with the teaching of Smith because a user would have been motivated to enhance the network security that uses the CM device, taught by Pochuev, by using roots of trust in devices that form the network backbone in order to establish a trusted backbone(see Smith, col. 1, lines 49-55).
 	In regards to claim 9, the combination of Pochuev and Smith teach the system of claim 8, wherein the using of the new key to delegate the resource of the integrated circuit to the subsequent container comprises:  	receiving the subsequent container(see US 20150326543, Pochuev, para. 0078, where provisioning device 1200 receives a device definition request and generates device definition response that contains provisioning information[i.e. container]); and   determining whether a signature of the subsequent container corresponds to the new root of trust based on the new key(see US 20150326543, Pochuev, para. 0055, where the processing logic validates that the device-id and the corresponding public key are present in the key jar, wherein successfully opening the key is a successful validation).
 	In regards to claim 10, the combination of Pochuev and Smith teach the system of claim 9, wherein the using of the new key to delegate the resource of the integrated circuit to the subsequent container further comprises:  	delegating the resource to the subsequent container in response to a verification of the signature of the subsequent container as being associated with the new root of trust based on the new key(see US 20150326543, Pochuev, para. 0075-0076 and 0078, where the Appliance module receives a message containing a CM module signed by a HSM. The Appliance processing logic verifies the message and installs the CM module on the HSM. The CM device can transfer a definition file[i.e. definition file may include device ID, signed data, configuration information, key, etc] for each service device or appliance device in the CM system to the root authorization device[i.e. root authorization device comprises an HSM that has a vault(i.e. container) and signature information].).
 	In regards to claim 14, the combination of Pochuev and Smith teach the system of claim 8, wherein the container and the subsequent container correspond to executable code(see US 20150326543, Pochuev, para. 0020, where the CM infrastructure is a multi-device system of hardware and software comprising a CM core capable of executing a set of commands).
 	In regards to claim 15, Pochuev teaches a non-transitory computer readable medium including data that, when accessed by a processing device, cause the (see US 20150326543, Pochuev, para. 0019, 0021, 0023 and fig. 1, Where a CRI System Provisioning[i.e. CRISP] is a provisioning device that provides a root of trust to a CM device[106 i.e. root authority, integrated circuit] by use of a key and Identifiers [i.e. 107, container], and wherein a delegate appliance device assigns[i.e. maps] sensitive data contained in a vault[i.e. container] to CM cores); 	verifying the container based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit(see US 20150326543, Pochuev, para. 0028-0029, after the customer receives the service devices and application devices provisioned by the CRISP, an initial authentication[i.e. verification] is performed using the stored key information provided by the CRISP); 	generating a new key corresponding to the new root of trust(see US 20150326543, Pochuev, para. 0046, where the CRISP controller sends a generate command to the HSM to generate a key pair); 	storing information corresponding to the new key for the new root of trust into a memory of the integrated circuit(see US 20150326543, Pochuev, para. 0051 and fig. 6, where data information, that includes key information generated by the key jar, is stored on a removable storage device[i.e. integrated circuit]); and 	using the new key corresponding to the new root of trust to delegate the resource (see US 20150326543, Pochuev, para. 0021, where the service device delegates command sequences, data, and security parameters[i.e. key] destined for CM cores, wherein the delegate device is granted by the root authority to perform trusted operations and may include an hardware security module that serves as a vault[i.e. container] for safeguarding sensitive information) 	Pochuev does not teach identifying that an assignment of the resource of the integrated circuit from the container corresponds to assigning the resource from the first root of trust to a new root of trust associated with a second root entity, wherein the first root of trust and the new root of trust are associated with the integrated circuit, wherein the second root entity has privileges to a different group of resources than the first root entity  	However, Smith teaches identifying that an assignment of the resource of the integrated circuit from the container corresponds to assigning the resource from the first root of trust to a new root of trust associated with a second root entity, wherein the first root of trust and the new root of trust are associated with the integrated circuit , wherein the second root entity has privileges to a different group of resources than the first root entity(see US 10083306, Smith, col. 2, lines 45-49, col. 3, lines 1-8 and fig. 2, where a plurality of roots of trust[i.e. 1st and 2nd roots of trust{RoT}] are associated with IoT devices[i.e. root entities] and embodied on a SoC[i.e. integrated circuit] and the RoTs are configured to communicate with each other and provide resources that may vary to include the assignment of I/O resources to a unique container, storage of data and keys, etc, wherein, implicitly, the RoTs may each be configured to process their own set of resources separate from the other RoT); 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pochuev with the teaching of Smith because a user would have been motivated to enhance the network security that uses the CM device, taught by Pochuev, by using roots of trust in devices that form the network backbone in order to establish a trusted backbone(see Smith, col. 1, lines 49-55).
 	In regards to claim 16, the combination of Pochuev and Smith teach the non-transitory computer readable medium of claim 15, wherein the using of the new key to delegate the resource of the integrated circuit to the subsequent container comprises:  	receiving the subsequent container(see US 20150326543, Pochuev, para. 0078, where provisioning device 1200 receives a device definition request and generates device definition response that contains provisioning information[i.e. container]); and     determining whether a signature of the subsequent container corresponds to the new root of trust based on the new key(see US 20150326543, Pochuev, para. 0055, where the processing logic validates that the device-id and the corresponding public key are present in the key jar, wherein successfully opening the key is a successful validation).
 	In regards to claim 17, the combination of Pochuev and Smith teach the non-transitory computer readable medium of claim 16, wherein the using of the new key to delegate the resource of the integrated circuit to the subsequent container further comprises: (see US 20150326543, Pochuev, para. 0075-0076 and 0078, where the Appliance module receives a message containing a CM module signed by a HSM. The Appliance processing logic verifies the message and installs the CM module on the HSM. The CM device can transfer a definition file[i.e. definition file may include device ID, signed data, configuration information, key, etc] for each service device or appliance device in the CM system to the root authorization device[i.e. root authorization device comprises an HSM that has a vault(i.e. container) and signature information].).
 	In regards to claim 20, the combination of Pochuev and Smith teach the non-transitory computer readable medium of claim 15, wherein the container and the subsequent container correspond to executable code(see US 20150326543, Pochuev, para. 0020, where the CM infrastructure is a multi-device system of hardware and software comprising a CM core capable of executing a set of commands).
2.) Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied references, US 20150326543, Pochuev in view of US 10083306, Smith and further in view of US 20140195807, Bar-Lev
 	In regards to claim 4, the combination of Pochuev and Smith teach the method of claim 1. The combination of Pochuev and Smith do not teach wherein the key that (see US 20140195807, Bar-Lev, para. 0173, where an ICV RoT may comprise an asymmetric master key that is composed of two key shares: a first key share which may be fixed in register-transfer level[i.e. IC] and a second key share which may be programmed into a one-time-programmable memory). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Pochuev and Smith with the teaching of Bar-Lev because a user would have been motivated to enhance provisioning rights taught, taught by the combination of Pochuev and Smith, by using public keys of an electronic device and a second provisioning server, taught by Bar-Lev, to provide cryptographic assets to an electronic device(see, Bar-Lev, para. 0006)
 	 	In regards to claim 11, the combination of Pochuev and Smith teach the system of claim 8. The combination of Pochuev and Smith do not teach wherein the key that corresponds to the first root of trust is stored by interconnect of the integrated circuit and the new key is stored in a one-time programmable (OTP) memory of the integrated 	However, Bar-Lev teaches wherein the key that corresponds to the first root of  (see US 20140195807, Bar-Lev, para. 0173, where an ICV RoT may comprise an asymmetric master key that is composed of two key shares: a first key share which may be fixed in register-transfer level and a second key share which may be programmed into a one-time-programmable memory). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Pochuev and Smith with the teaching of Bar-Lev because a user would have been motivated to enhance provisioning rights taught, taught by the combination of Pochuev and Smith, by using public keys of an electronic device and a second provisioning server, taught by Bar-Lev, to provide cryptographic assets to an electronic device(see, Bar-Lev, para. 0006)
 	 	In regards to claim 18, the combination of Pochuev and Smith teach the non-transitory computer readable medium of claim 15. The combination of Pochuev and Smith do not teach wherein the key that corresponds to the first root of trust is stored by interconnect of the integrated circuit and the new key is stored in a one-time programmable (OTP) memory of the integrated circuit 	However, Bar-Lev teaches wherein the key that corresponds to the first root of trust is stored by interconnect of the integrated circuit and the new key is stored in a one-time programmable (OTP) memory of the integrated circuit (see US 20140195807, Bar-Lev, para. 0173, where an ICV RoT may comprise an asymmetric master key that is composed of two key shares: a first key share which may be fixed in register-transfer level and a second key share which may be programmed into a one-time-programmable memory). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Pochuev and Smith with the teaching of Bar-Lev because a user would have been motivated to enhance provisioning rights taught, taught by the combination of Pochuev and Smith, by using public keys of an electronic device and a second provisioning server, taught by Bar-Lev, to provide cryptographic assets to an electronic device(see, Bar-Lev, para. 0006)
 	
CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 
/GREGORY A LANE/                                              Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                  


/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438