Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 6/5/2019.
  Claims 1-14 are examined and rejected.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 4-9 and 11-14 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2017/0180340 to Smith et al. (hereinafter known as “Smith”) and U.S. Publication 2019/0104415 to Gehrmann et al. (hereinafter known as “Gehrmann”). 
As per claim 1 Smith teaches, a computing device comprising: 
a network element (Smith Fig 1 element 120n .. 1201 para 24 teaches IOT devices to communicate with external safety controller element 140 via network element 130) configured for receiving messages sent over a network from a control facility (Smith Fig 1 element 140 para 18-19 teaches IOt Network and external safety controller element 140 where External Safety controller is interpreted as control facility by examiner); 
a reduced instruction set computer processing (Smith Fig 1 element 120n .. 1201 para 24 teaches IOT devices where IoT device operating under safe mode is similar to claim limitation of ‘reduced instruction set’ as known in art) circuitry comprising a central processing unit (CPU) and a secure hardware-implemented module (Smith Fig 1 element 120 para 15 teaches IOT devices with computability ability), receive messages at a plurality of sequential intervals and to either switch the CPU from an operational state to a safe state, or prevent switching of the CPU from the safe state to the operational state, in one of the sequential intervals (Smith para 41-42 teaches transmission / exchange of encrypted nonce with device ID to identify state transition of the device. Para 33 teaches time interval to generate PRNG and transmit which covers sequential intervals. Along with para 44 and 55 teaching symmetric key encryption exchange at specific intervals of time which is interpreted as signed secure message received at specific time intervals to determine state of device into normal or safety mode which covers claimed limitation); 
wherein in the operational state the CPU accesses a memory address space in the processing circuitry for executing software-based commands (Smith para 41 teaches updated memory region for storage of nonce and state transition element), and in the safe state the CPU is prevented from executing the software-based commands (Smith para 41 and 44-45 teaches safety mode with levels of low, medium and high with encrypted nonce in shared non-volatile local memory region to correspond with safety state status in shared memory, which covers claimed limitation). 
Smith teaches receiving of encrypted nonce from IOT device with random number and device ID and para 44 with encryption including symmetric keys although symmetric keys can be interpreted to cover signed PKI message, examiner includes Gehrmann reference with specific teaching of signed PKI message in received messages and verification of PKI message (Gehrmann para 36 teaches SVT (software vulnerability test also interpreted as data message reporting as status of device) received with signature of SVT signed with public key, which covers signed PKI message of claim limitation. Further, Fig 9 para 56-58 Signed SVT information with PKI stored in particular memory area on nonvolatile storage covers specific storage area in memory and Fig 13 para 76-78 and mainly para 82 teaches dual boot system where depending on SVT signature (PKI based) the device will boot into safe mode or normal mode, example if the received SVT detects malware signature of SVT then device boots into safe mode and if SVT is known whitelist signature then it boots into normal mode, which covers the claimed limitation). 
Smith teaches secure operation of IoT device with encrypted nonce (signed message) with time intervals with Safety Controller with dual mode of device normal and safety mode (Fig 1). Smith does not teach however Gehrmann teaches singed PKI 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Smith before him or her, to authorize IoT device with encrypted nonce message, dual mode operation and Safety Controller with signed PKI message teachings by Gehrmann. The suggestion/motivation for doing so would have been to prevent attacks and vulnerabilities in network system to detect zero-day vulnerabilities (Gehrmann para 2). 
As per claim 2 combination of Smith – Gehrmann teaches, the computing device of claim 1, wherein the reduced instruction set computer comprises open-source instruction set architecture (Smith para 11 teaches Intel.RTM architecture which is a type of open-source instruction architecture as known in art and para 66 teaches Intel architecture for dual boot processing of IOT devices where IoT device and safe mode instructions cover reduces instruction set). 
As per claim 4 combination of Smith – Gehrmann teaches, the computing device of claim 1, wherein the processing circuitry runs the at least one computing device in a virtualized mode (Smith para 24 virtual memory address range covers virtual mode). 
As per claim 5 combination of Smith – Gehrmann teaches, the computing device of claim 1, wherein the secure hardware-implemented module detects the PKI signed message in a specified address range in a CPU register (Gehrmann para 53 teaches specific memory address to fetch signature function and patch which covers address range in CPU register). 
As per claim 6 combination of Smith – Gehrmann teaches, the computing device of claim 1, wherein the secure hardware implemented module is configured to receive instructions from the control facility via the network when in the safe state (Smith para 16 teaches safety mode in IOT device where safety mode is interpreted as safe state). 
As per claim 7 combination of Smith – Gehrmann teaches, the computing device of claim 1, wherein the PKI signed message is signed with a time stamp and with a unique identifier of the CPU (Gehrmann para 36 teaches PKI message, time stamp and resource address such as identifier). 
As per claim 8 Smith teaches, a method comprising: 
(a) connecting a computing device to a control facility via a network, wherein the computing device comprises a network element configured for receiving messages sent over the network from the control facility (Smith Fig 1 element 120n .. 1201 para 24 teaches IOT devices to communicate with external safety controller element 140 teaches via network element 130 and Fig 1 element 140 para 18-19 teaches IoT architecture), 
a reduced instruction set computer processing circuitry comprising a central processing unit (CPU) (Smith Fig 1 element 120n .. 1201 para 24 teaches IOT devices where operating under safe mode is similar to claim limitation of reduced instruction set as known in art) and a secure hardware-implemented module (Smith Fig 1 element 120 para 15 teaches IOT devices with computability ability), and the CPU comprises an operational state (Smith Fig 1 element 126 teaches normal mode operation), in which the CPU accesses a memory address space in the processing circuitry for executing software-based commands (Smith Fig 3 element 340 teaches access to memory space), and a safe state (Smith Fig 1 element 125 teaches safe mode), in which the CPU is prevented from executing the software-based commands while access to the memory address space is retained (Smith Fig 3 element 340 teaches access to memory space. Smith para 41-42 teaches transmission / exchange of encrypted nonce with device ID to identify state transition of the device. Para 33 teaches time interval to generate PRNG and transmit which covers sequential intervals. Along with para 44 and 55 teaching symmetric key encryption exchange at specific intervals of time which is interpreted as signed secure message received at specific time intervals to determine state of device into normal or safety mode which covers claimed limitation); 
(c) if the secure hardware-implemented module verifies that the PKI signed message has been received by the CPU within a sequential interval (Smith para 41-42 teaches transmission / exchange of encrypted nonce with device ID to identify state transition of the device. Para 33 teaches time interval to generate PRNG and transmit which covers sequential intervals): 
(Smith para 41-42 teaches device ID to identify state transition of the device), and repeating step (b); 
(ii) if the CPU is in the safe state, switching the computing device from the safe state into the operational state (Smith para 41-42 teaches device ID to identify state transition of the device. Smith para 41 and 44-45 teaches safety mode with levels of low, medium and high with encrypted nonce in shared non-volatile local memory region to correspond with safety state status in shared memory, which covers claimed limitation), and repeating step (b); 
(d) if the secure hardware implemented module does not verify that the PKI signed message has been received by the CPU within the sequential interval: 
(i) if the CPU is in the operational state, switching the CPU from the operational state to the safe state, (ii) if the CPU is in the safe state, maintaining the CPU in the safe state. 
Examiner describes that claim limitation(s) are interpreted as software loop or ‘if and then’ type of claim language usually known in software creation / art as ‘If and else’ loop in coding, which can be broadly interpreted to cover any scenario to cover one of the limitation of claim language. Example if steps A and B are covered then repeat step B, which can be interpreted to not necessary elements C, D and further as one loop is covered by reference. Examiner has tried to cover two out of three scenarios while only requiring one scenario which covers claimed limitation.  

(b) verifying with the secure hardware-implemented module whether a PKI signed message transmitted to the computing device from the control facility has been received by the CPU (Gehrmann para 36 teaches SVT (software vulnerability test also interpreted as data message reporting as status of device) received with signature of SVT signed with public key, which covers signed PKI message of claim limitation. Further, Fig 9 para 56-58 Signed SVT information with PKI stored in particular memory area on nonvolatile storage covers specific storage area in memory and Fig 13 para 76-78 and mainly para 82 teaches dual boot system where depending on SVT signature (PKI based) the device will boot into safe mode or normal mode, example if the received SVT detects malware signature of SVT then device boots into safe mode and if SVT is known whitelist signature then it boots into normal mode, which covers the claimed limitation). 
Smith teaches secure operation of IoT device with encrypted nonce (signed message) with time intervals with Safety Controller with dual mode of device normal and safety mode (Fig 1). Smith does not teach however Gehrmann teaches singed PKI message (para 36). Smith – Gehrmann are analogous art because they are from operation of IoT device within security system. 
 before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Smith before him or her, to authorize IoT device with encrypted nonce message, dual mode operation and Safety Controller with signed PKI message teachings by Gehrmann. The suggestion/motivation for doing so would have been to prevent attacks and vulnerabilities in network system to detect zero-day vulnerabilities (Gehrmann para 2). 
Claim 9
Claim 9 is rejected in accordance with claim 2.
Claim 11
Claim 11 is rejected in accordance with claim 4.
Claim 12
Claim 12 is rejected in accordance with claim 6.
Claim 13
Claim 13 is rejected in accordance with claim 5.
Claim 14
Claim 14 is rejected in accordance with claim 7.

Claims 3 and 10 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2017/0180340 to Smith et al. (hereinafter known as “Smith”) and U.S. Publication 2019/0104415 to Gehrmann et al. (hereinafter known as “Gehrmann”) and additionally in view of U.S. Publication 2019/0114428 to Kim et al. (hereinafter known as “Kim”). 
As per claim 3 combination of Smith – Gehrmann teaches, the computing device of claim 2. 
Smith – Gehrmann does not teach however Kim teaches wherein the reduced instruction set computer comprises the RISC-V instruction set architecture (Kim para 46 teaches RISC-V architecture on chip processor with public key pair(s)). 
Smith-Gehrmann teaches secure operation of IoT device with encrypted nonce (signed message) with time intervals and signed PKI message. Smith-Gehrmann does not teach however Kim teaches, RISC-V architecture on chip processor (Kim para 46).  Smith – Gehrmann - Kim are analogous art because they are from operation of device within security system. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art, having the teachings of Smith-Gehrmann before him or her, to authorize IoT device with encrypted nonce message, dual mode operation and Safety Controller and signed PKI message with RISC-V instruction set as taught by Kim. The suggestion/motivation for doing so would have been to prevent attacks and enhance security in system (Kim para 3). 
Claim 10
Claim 10 is rejected in accordance with claim 3.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Nix et al US Publication 2018/0144147 discloses cryptographic unit in device with shared memory and PKI key pair for authorizing device. 
Nix et al US Publication 2019/0097793 discloses secure PKI communication between M2M machine to authorization server. 
Detert et al US Publication 2019/0036706 discloses secure device memory controller with random number and device identity in non-volatile memory. 
Kravitz et al US Publication 2019/0140849 discloses device authentication based on unique ID, random number and certificate authority. 
Boulton et al US Publication 2020/0104491 discloses security risk in downloadable software code and state of device.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  


/VIRAL S LAKHIA/Examiner, Art Unit 2431