DETAILED ACTION
This office action is in response to the application filed on 12/14/2018. Claims 1-16 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant's claim for foreign priority based on an application No. 16178608.2 filed in Japan on July 8, 2016. It is noted that the applicant has filed a certified copy of the application as required by 37 CFR 1.55.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.


Claims 11 and 16 are  rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the 
  Applicant may cancel the claims, amend the claims to place the claims in proper dependent form, rewrite the claims in independent form, or present a sufficient showing that the dependent claims complies with the statutory requirements.

Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b)

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 8-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

Regarding claim 8, the limitation "wherein the data of the real-time operating system or the data of the general purpose operating system comprises data available on the real-time operating system or the general purpose operating system." recited in claim is unclear which renders the claim indefinite. 

The limitation "wherein the data of the real-time operating system or the data of the general purpose operating system comprises data available on the real-time 

Regarding claim 9, dependent claim 9 is rejected based on its dependency from the rejected claim 8.

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151 , or in an application for patent published or deemed published under section 122(b) , in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-2, 5, 8-12 and 16, are rejected under AIA  35 U.S.C. 102(a) (1) as being unpatentable over S. Pinto (Free TEE: When real-time and security meet, September 2015, IEEE, Pages: 1-4, referred to as Pinto). 

Regarding claims 1 and 12, Pinto teaches:
performing a secure communication between a real-time operating system comprising a first open platform communications interface and a general purpose operating system comprising a second open platform communications interface, the Page: 2, Figure: 1, Items: Normal world (general purpose operating system comprising a second open platform communications interface), secure world (a real-time operating system comprising a first open platform communications interface), Monitor layer (virtual machine monitor); Section III. Free TEE), the method comprising: 
receiving a request in the virtual machine monitor from a user via the first or the second open platform communications interface to access data of the real-time operating system from the general purpose operating system or to access data of the general purpose operating system from the real-time operating system (Page 2; Section III. Free TEE, Paragraph A. secure world software, “the system starts booting on the secure world side” (request to access data of the general purpose operating system from the real-time operating system); 
establishing a secure communication path via a software bus between the first and the second open platform communications interfaces according to the request (Page: 2; Section III. Free TEE, Paragraph B Normal world software, 2) TZAPI Kernel Module (secure communication path via a software bus), “The TZ kernel module implemented for the GPOS (Linux) provides a pseudo-character device that implements a logical communication channel (between the normal world and the secure world) on top of the real communication channel, and provides the functional foundation to implement the normal world TZAPI library. It provides a set of specific IOCTLs that semantically understands parameters, allocates memory buffers, encodes and decodes data, prepares the requests and establishes the communication”); and
Pages: 1-2; Section II. ARM TrsutZone; Paragraph B. TrustZone API, “The TrustZone API (TZAPI) [14] is an application API which specifies how normal applications running on the rich OS interact with the isolated execution environment. Basically, following a client-server model, the API defines a set of abstract software interfaces by which non-secure client applications (NSCApps) can interact with the secure services. The API allows clients to send commands and requests to a secure
service, and exchange data between both worlds.”).

Regarding claims 11 and 16, claims 11 and 16 are respectively rejected under the same reasoning as claims 1 and 12, since they respectively depend on the execution of the method of claim 1 and the apparatus of claim 12.

Regarding claim 2, Pinto teaches all the features of claim 1, as outlined above.
Pinto further teaches:
wherein communication via the established secure communication path is based on a first communication protocol and a second communication protocol (Page: 2; Section III. Free TEE, Paragraph B Normal world software, 2) TZAPI Kernel Module (secure communication path via a software bus), “The TZ kernel module implemented for the GPOS (Linux) provides a pseudo-character device that implements a logical communication channel (between the normal world and the secure world) (a first communication protocol) on top of the real communication channel (a second communication protocol), and provides the functional foundation to implement the ”)

Regarding claim 5, Pinto teaches all the features of claim 1, as outlined above.
Pinto further teaches:
wherein the secure communication comprises an encrypted communication (Page: 2; Section III. Free TEE, Paragraph B Normal world software, 2) TZAPI Kernel Module, “The TZ kernel module implemented for the GPOS (Linux) provides a pseudo-character device that implements a logical communication channel (between the normal world and the secure world) on top of the real communication channel, and provides the functional foundation to implement the normal world TZAPI library. It provides a set of specific IOCTLs that semantically understands parameters, allocates memory buffers, encodes (encrypted communication) and decodes data, prepares the requests and establishes the communication”).

Regarding claim 8, Pinto teaches all the features of claim 1, as outlined above.
Pinto further teaches:
wherein the data of the real-time operating system or the data of the general purpose operating system comprises data available on the real-time operating system or the general purpose operating system (Page: 2, Figure: 1, Section III. Free TEE).

Regarding claim 9, Pinto teaches all the features of claim 8, as outlined above.
Pinto further teaches:
wherein the secure communication for accessing the data comprises access to the real-time operating system or the general purpose operating system, to which the data to be accessed belongs (Page: 2, Figure: 1, Section III. Free TEE; EN: Figure 1 illustrates Non-secure Client app which belongs to GPOS and secures services which belongs to RTOS.).

Regarding claim 10, Pinto teaches all the features of claim 1, as outlined above.
Pinto further teaches:
retrieving the data from a device being connected to the real-time operating system or the general purpose operating system, to which the data to be accessed belongs, and accessing the data via the real-time operating system or the general purpose operating system, to which the data to be accessed belongs (Page: 2, Figure: 1, Section III. Free TEE; EN: Figure 1 illustrates Non-secure Client app which belongs to GPOS and secures services which belongs to RTOS and they are being retrieved and accessed by both operating systems.).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Pinto  in view of Roy et al. (U.S Pub No. 2015/0,264,047 A1, referred to as Roy).

Regarding claim 4, Pinto teaches all the features of claim 1, as outlined above.
Pinto does not explicitly disclose, however Roy teaches:
wherein the secure communication comprises a communication comprising at least one of: a certificate and a signature (ROY: Figures: 3, 4, 9 and 23; ¶ 0060; ¶ 0068; ¶ 0089).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pinto by Roy and pre-sign an application with a particular signature, in order to allow only signed application to access a secure operating system.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Pinto  in view of Lucchesi et al. (U.S Patent No. 9,100,361 B1, referred to as Lucchesi).

Regarding claim 6, Pinto teaches all the features of claim 1, as outlined above.
Pinto does not explicitly disclose, however Lucchesi teaches:
wherein the data of the real-time operating system or the data of the general purpose operating system comprises data available as subscribed data via the software bus (Lucchesi: Figure 7; Step 756;  Column 20, “ in step 756, the message is converted by components of the trusted input/output module 210 to the proper transmission format.”).
 Pinto by Lucchesi and convert data into a proper transmission format in order to ensure a secure data communication. (Lucchesi: Figure 7; Column 20).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Pinto  in view of McLaughlin et al. (U.S Pub No. 2017/0,163,444 A1, referred to as McLaughlin).

Regarding claim 13, Pinto teaches all the features of claim 12, as outlined above.
Pinto does not explicitly disclose, however McLaughlin teaches:
the first open platform communications interface; and the second open platform communications interface comprises an open platform communications unified architecture (McLaughlin: Figure. 1; ¶ 0034- ¶ 0035; “he IoT Edge secure gateway 160 is a platform based on a suitable embedded real-time operating system (OS) (such as a reduced form of LINUX). On the real-time OS, a common protocol machine is layered to deliver “downstream” connectivity to on premise physical devices and systems using open protocols. These protocols can include Ethernet/IP, OPC UA (an open platform communications unified architecture)”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pinto by McLaughlin and locate an IoT Edge gateway at various layers in a control system, in order to provide (McLaughlin: ¶ 0035).

Claims 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Pinto in view of Barker (U.S Pub No. 2006/0,282,836 A1, referred to as Barker).

Regarding claim 14, Pinto teaches all the features of claim 12, as outlined above.
Pinto does not explicitly disclose, however Barker teaches:
the first open platform communications interface and the second open platform communications interface comprises a publish subscribe interface (Baker: Figure. 1; ¶ 0005, “A typical approach to designing real-time systems requires that the system be a federation of autonomous components (100, 110, 120), having common policies and protocols to provide aggregate functionality. Each processor (140) in a single or distributed real-time system will typically host multiple application (e.g., software modules (150), a real-time operating system (RTOS) (170) and, optionally, a middleware layer (160). Real-time applications can be developed using a client/server, dataflow, publish/subscribe or other models. ”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pinto by Baker to provide a system and method for implementing priority inheritance globally across a distributed and/or open system to support performance as a real-time system. (Baker: ¶ 0014).

Regarding claim 15, Pinto teaches all the features of claim 12, as outlined above.
Pinto does not explicitly disclose, however Barker teaches:
wherein at least one of: the first open platform communications interface and the second open platform communications interface comprise a client/server interface  the first open platform communications interface and the second open platform communications interface comprises a publish subscribe interface (Baker: Figure. 1; ¶ 0005; ¶ 0009;  “A typical approach to designing real-time systems requires that the system be a federation of autonomous components (100, 110, 120), having common policies and protocols to provide aggregate functionality. Each processor (140) in a single or distributed real-time system will typically host multiple application (e.g. software modules (150), a real-time operating system (RTOS) (170) and, optionally, a middleware layer (160). Real-time applications can be developed using a client/server, dataflow, publish/subscribe or other models. ”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Pinto by Baker to provide a system and method for implementing priority inheritance globally across a distributed and/or open system to support performance as a real-time system. (Baker: ¶ 0014).

Allowable Subject Matter
Claims 3 and 7 would be allowable if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is an examiner’s statement of reasons for identifying allowable subject matter.	

The closest prior arts made of records are S. Pinto (Free TEE: When real-time and security meet, September 2015, IEEE, Pages: 1-4, referred to as Pinto), Lucchesi et al. (U.S Patent No. 9,100,361 B1, referred to as Lucchesi) and Barker (U.S Pub No. 2006/0,282,836 A1, referred to as Barker).

Pinto discloses a TrustZone hardware architecture which can be seen as a dual virtual system, which splits all the system’s physical resources into two possible virtual environments. The major changes introduced in the hardware architecture include the ability to tag system resources as belonging to the secure or normal world.

Lucchesi discloses a routing module in a secure routing and communication architecture to receive and transmit data of varied protocols, convert the data protocols to an internet protocol for routing on a local area network.

Baker discloses an invention which generally relates to the field of distributed real-time systems. More particularly, this invention relates to a system and method for implementing priority inheritance in distributed real-time systems.

However, regarding claim 3, the prior art of Pinto, Lucchesi  and baker when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the 

Regarding claim 7, the prior art of Pinto, Lucchesi  and baker when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the secure communication for accessing the data comprises direct access to the subscribed data without access to the real-time operating system or the general purpose operating system to which the data to be accessed belongs.”.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408.  The examiner can normally be reached on Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HASSAN SAADOUN/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435