DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the arguments/remarks filed on 12/02/2020. Claims 1 – 20 are presently pending in the application and have been examined below, of which claims 1, 7, and 17 are presented in independent form. 
Claims 1 – 20 are pending for consideration.

Information Disclosure Statement
The information disclosure statement (IDS) dated 09/03/2020 has been received and considered.

Response to Arguments
Applicant’s arguments with respect to claims 1 – 20 have been considered but they are not persuasive.
Applicant argues on pp.6, 7 of the Remarks, that there is no teaching, nor any suggestion in Krumel that the device ID or LEGAL02/40265865v16serial number is generated by the PLD used to update the network protocol. Krumel thus fails to teach or suggest "A programmable device, comprising...a first circuit configured to generate an identifier", as recited, in part, in claim 1
In response to the above arguments, Examiner respectfully disagrees with the Applicant's interpretation of the prior art. The generation of device ID or serial number is met by the issuing the PNUT, i.e. PLD-based network update transport protocol, command comprising the device ID and serial number (Krumel, in Para. [0131] discloses “PNUT-type commands for each PNUT-enabled device preferably begin with the device ID or serial number, which identifies the PNUT-enabled device, and the op code for the particular command”). 
On p. 7 Applicant argues that Krumel also fails to "transmit...at least one response ... wherein at least a portion of the at least one response is based at least in part on the identifier", as recited in part, in claim 1.
Examiner respectfully disagrees. The response transmission is met by a communication of the PNUT command in the network (Krumel, in Para. [0056] discloses “PNUT type commands may be transmitted between an update station and a PNUT-enabled device in accordance with the present invention”).
On p. 7 Applicant states that contrary to the Examiner's assertions, Kang is from a non- analogous technical field…Kang has no relevance to an FPGA architecture and programming and thus is non-analogous art.
Examiner respectfully disagrees. The FPGA is a specific part of the secure Internet-of-Thing inter communication and operations. Kang is focused on detecting an obfuscated and de-obfuscated codes affecting communication in a network that is relevant to the subject.
a person of ordinary skill in the art attempting to update a network transport protocol using a PLD, as mentioned in Krumel, would have had no motivation toLEGAL02/40265865v17 combine Krumel with Kang-which is directed to detecting a malicious web page and de- obfuscating the obfuscated malicious code in the web page.
Examiner respectfully disagrees. Programming computer/device implementing de obfuscating functions also includes code/device identification at step 503 (Kang, in Para. [0057] discloses “The obfuscated code is deobfuscated using the deobfuscation function inserted into the source code (step 413). Kang, in Para. [0060] discloses “Upon determining that the obfuscated code is found, a dangerous script function using the obfuscated code is identified (step 503).
For the one having ordinary skills in the art would have been obvious to modify Kremel, in view of the teaching of Kang which discloses implementation of deobfuscation function in the code comprising identification procedure.
The 103 rejections of independent claims 1, 7, and 17 have been maintained.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 4 are rejected under 35 U.S.C. 103 as being unpatentable over Krumel (US 2002/0080771 A1) (hereafter Krumel) and in view of Kang et al. (US 2010/0024033 A1) (here after Kang).

Regarding claim 1 Krumel teaches: A programmable device, comprising: an external interface; (Krumel, in Para. [0077] discloses “ Such embodiments may be considered to provide an external interface, for instance, to the Internet, to external network 12, and one or more internal network interfaces, such as to internal network 20 and/or to bastion network 15” Krumel, in Para. [0093] discloses “This approach preferably utilizes a programmable logic device (PLD) that includes low latency, high-speed ROM and RAM blocks”); a first circuit configured to generate an identifier (Examiner note: It is understood that terms such as "first", "second", “third”, "top", "bottom" and the like, are words of convenience and are not to be construed as limiting terms unless specifically stated to the contrary; ) (Krumel, in Para. [0100] discloses “Each protocol that requires stateful packet filtering preferably has protocol handlers in the form of front-end and back-end logic, which decide when to issue a pass signal for a packet or store the identifying characteristics of a bitstream for later reference.” Krumel, in Para. [0131] discloses “PNUT-type commands for each PNUT-enabled device preferably begin with the device ID or serial number, which identifies the PNUT-enabled device, and the op code for the particular command.”); a second circuit configured to transmit through the external interface at least one response to one or more messages received through the external interface, wherein at least a portion of the at least one response is based at least in part on the identifier (Examiner note: information, i.e. data/messages, transfer through the network interface is met by the configurable network update transport protocol (PNUT) controlling network traffic; as noted above, the PNUT includes identification information) (Krumel, in Para. [0007] discloses “The present invention provides what is referred to herein as a PLD-based network update transport (PNUT) protocol that preferably utilizes UDP or other protocols for transmitting update or other commands or information over a packet-based or IP network.” Krumel, in Para. [0056] discloses “PNUT type commands may be transmitted between an update station and a PNUT-enabled device in accordance with the present invention”);
Krumel fails to explicitly teach: a third circuit configured to perform a de-obfuscating function on a bitstream, wherein the de-obfuscating function is based at least in part on the identifier.
Kang from the analogous technical field teaches: a third circuit configured to perform a de-obfuscating function on a bitstream, wherein the de-obfuscating function is based at least in part on the identifier (Examiner note: a code to be executed is a stream of data in binary form, i.e. a bitstream) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.” Kang, in Para. [0057] discloses “The obfuscated code is deobfuscated using the deobfuscation function inserted into the source code (step 413). Kang, in Para. [0060] discloses “Upon determining that the obfuscated code is found, a dangerous script function using the obfuscated code is identified (step 503)).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to improve protection of the programmable devices (Kang, [0048, 0057, 0060]).

Regarding claim 2 Krumel teaches: The programmable device of claim 1, wherein the programmable device is a field programmable gate array (FPGA) (Examiner note: as noted above, the PLD stands for a programmable logic device) (Krumel, in Para. [0141] discloses “the PLD or FPGA ( consisting of one or a plurality of PLD or FPGA devices) utilizes a plurality of logic areas, one or more of which may be updated with the new configuration data.”).

Regarding claim 3 Krumel teaches: The programmable device of claim 1, wherein: at least a portion of the identifier is based on a plurality of selectively blown fuses in the programmable device (Examiner note: fuses are used for programming/configuration of the PLD/FPGA, Para. [0049]; fuses are met by physical switches or toggles) (Krumel, in Para. [0109] discloses “variety of physical switches or toggles 176, 180, 181 and 182 may be coupled to PLD 162 or controller 164. As illustrated by update button 176, toggles may be used to control the updating of the PLD code (for instance, to reconfigure or update the system, providing updated filtering algorithms).”).

Regarding claim 4 Krumel teaches: The programmable device of claim 1, wherein: at least a portion of the identifier has a value that varies over time (Examiner note: as noted above, the PNUT includes identifier; the PNUT comprises a time-dependent component) (Krumel, in Para. [0132] discloses “It should be noted that PNUT-enabled device 268 desirably may wait a predetermined or other amount of time, such as 3 seconds, for a processed command packet from update station 274 in order to confirm that the configuration data had been correctly received by update station 274.”).

Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Krumel (US 2002/0080771 A1) (hereafter Krumel), in view of Kang et al. (US 

Regarding claim 5 Krumel as modified fails to explicitly teach: The programmable device of claim 1, wherein: the third circuit comprises at least one sub-circuit configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier.
Bussel from the analogous technical field teaches: The programmable device of claim 1, wherein: the third circuit comprises at least one sub-circuit configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier (Examiner note: the third circuit is met by the device 200, and a sub-circuit is met by the encoding unit 240) (Bussel, in Para. [0087] discloses “The device 200 can also be formed as a third device…The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id” Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel as modified by Kang, in view of the teaching of Bussel which discloses a bit permutation procedure of a bitstream associated (identified) to a specific device in order to improve device access security (Bussel, [0087, 0088]). 

Regarding claim 6 Krumel as modified fails to explicitly teach: The programmable device of claim 5, wherein: the third circuit comprises a plurality of sub-circuits, connected in series, wherein each of the plurality of sub-circuits is configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier.
Busser from the analogous technical field teaches: The programmable device of claim 5, wherein: the third circuit comprises a plurality of sub-circuits, connected in series, wherein each of the plurality of sub-circuits is configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier. (Examiner note: as noted above, the third circuit is met by the device 200 and the sub-circuit is met by the encoding unit 240; the coding system may comprise a plurality of units 240) (Busser, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Busser, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, as modified by Kang, in view of the teaching of Busser, which discloses a bit permutation procedure of a bitstream associated (identified) to the specific device comprising a plurality of encoding units (i.e. cub-circuits) in order to improve device operation security (Busser, [0087, 0088, 0092]). 





Claims 7, 8, and 12 – 16 are rejected under 35 U.S.C. 103 as being unpatentable over Krumel (US 2002/0080771 A1) (hereafter Krumel) and in view of Busser et al. (US 2018/0203709 A1) (hereafter Busser).

Regarding claim 7 Krumel teaches: A method of securely programming a programmable device, the method comprising: obtaining an identifier from the programmable device (Examiner note: as noted above, information, i.e. data/messages, transfer through the network interface is met by the configurable network update transport protocol (PNUT) controlling network traffic; as noted above, the PNUT includes identification information) (Krumel, in Para. [0007] discloses “The present invention provides what is referred to herein as a PLD-based network update transport (PNUT) protocol that preferably utilizes UDP or other protocols for transmitting update or other commands or information over a packet-based or IP network.” Krumel, in Para. [0077] discloses “ Such embodiments may be considered to provide an external interface, for instance, to the Internet, to external network 12, and one or more internal network interfaces, such as to internal network 20 and/or to bastion network 15” Krumel, in Para. [0093] discloses “This approach preferably utilizes a programmable logic device (PLD) that includes low latency, high-speed ROM and RAM blocks”);
Krumel fails to explicitly teach: obfuscating a bitstream based at least in part on the identifier; and sending the obfuscated bitstream to the programmable device 
Busser from the analogous technical field teaches: obfuscating a bitstream based at least in part on the identifier; and sending the obfuscated bitstream to the programmable device (Examiner note: device 200 is a programmable device) (Busser, in Para. [0009] discloses “a device (200) which contains at least one programmable circuit element (210) and whose circuit consists of individual components that are configured by loading a bitstream” Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.” Busser, in Para. [0088] discloses “The method, the apparatus and the device can also save the device-specific identifier G-Id in a masked or obfuscated form on the device 200.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Busser which discloses an obfuscation of a bitstream including identifier in order to improve protection of the programmable devices (Busser, [0022, 0088]). 

Regarding claim 8 Krumel teaches: The method of claim 7, wherein obtaining the identifier comprises: sending a sequence of challenges to the programmable device; receiving a sequence of responses to the sequence of challenges from the programmable device (Examiner note: sending, requesting, receiving challenge messages is met by the Internet Control Message Protocol, ICMP ) (Kremel, in Para. [0089] discloses “This data preferably includes one of the following ICMP message types: 5 for redirect; 8 for echo request; 10 for router solicitation; 13 for timestamp request; 15 for information request; or 17 for address mask request.” Kremel, in Para. [0099] discloses “These interactions may also take place at lower levels in the protocol stack, such as ARP and ICMP request/response.”); and determining, based on the sequence of responses, the identifier for the programmable device (Examiner note: response analysis and device/processes identification are met by the rule dispatcher 134) (Kremel, in Para. [0094] discloses “Rules dispatcher 134 uses a lookup code to determine the filtering rules to be applied to a packet and then places the identifiers of the rules to be run in queues 138-1 to 138-N for each of the rules engines 140-1 to 140-N.”).

Regarding claim 12 Krumel fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream comprises: permutating the bitstream.
Busser from the analogous technical field teaches: The method of claim 7, wherein obfuscating the bitstream comprises: permutating the bitstream (Examiner note: as noted above, device 200 is a programmable device) (Busser, in Para. [0009] discloses “a device (200) which contains at least one programmable circuit element (210) and whose circuit consists of individual components that are configured by loading a bitstream” Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.” Busser, in Para. [0088] discloses “The method, the apparatus and the device can also save the device-specific identifier G-Id in a masked or obfuscated form on the device 200.” Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Busser which discloses an obfuscation of a bitstream including identifier and permutation the bitstream in order to improve protection of programmable devices (Busser, [0009, 0022, 0088]).

Regarding claim 13 Krumel fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream comprises: iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier.
Busser from the analogous technical field teaches:  The method of claim 7, wherein obfuscating the bitstream comprises (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.”): iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier (Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Busser which discloses permutation the obfuscated bitstream in association with the identifier in order to improve protection of programmable devices (Busser, [0022, 0088]).

Regarding claim 14 Krumel fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream further comprises: generating a key based on the identifier;  - 37 -WO 2017/161305PCT/US2017/023017 obfuscating the bitstream by performing a plurality of obfuscation functions, each of the plurality of obfuscation functions being based on the key.
Busser from the analogous technical field teaches:  The method of claim 7, wherein obfuscating the bitstream further comprises (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.”): generating a key based on the identifier;  - 37 -WO 2017/161305PCT/US2017/023017 obfuscating the (Examiner note: as noted above the coding system may comprise a plurality of units 240) (Bussel, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id”. Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Bussel, in Para. [0049] discloses “In such a device a secret key, for example, that represents a device-specific identifier is never known outside the device” Bussel, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Busser which discloses bitstream obfuscation based on a plurality of key generation processes including device-specific identifier in order to improve protection of programmable devices (Busser, [0022, 0049, 0087, 0088, 0092]).

Regarding claim 15 Krumel fails to explicitly teach: The method of claim 14, wherein performing a plurality of obfuscation functions comprises: iteratively permutating 
Busser from the analogous technical field teaches:  The method of claim 14, wherein performing a plurality of obfuscation functions comprises: iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the key (Examiner note: as noted above the coding system may comprise a plurality of units 240) (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.” Bussel, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id”. Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Bussel, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.” Busser, in Para. [0076] discloses “the generation of personalized bitstreams, i.e. a bitstream that contains a device-specific identifier such as, for example, a cryptographic key, is illustrated.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Busser which discloses bitstream obfuscation based on a plurality of key generation processes including device-specific identifier in order to improve protection of programmable devices (Busser, [0022, 0049, 0076, 0087, 0088, 0092]).

Regarding claim 16 Krumel as modified fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream based on the at least one identifier comprises: applying a plurality of permutation levels, the plurality of permutation levels further comprising a first level, a second level and a third level, wherein: the first level comprises permutation of portions of the bitstream that specify an input ordering of a look up table (LUT); the second level comprises permutation of the portion of the bitstream that specifies a content of the LUT; the third level comprises a block based permutation of the entire bitstream.
Busser from the analogous technical field teaches:  The method of claim 7, wherein obfuscating the bitstream based on the at least one identifier comprises (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.”): applying a plurality of permutation levels, the plurality of permutation levels further comprising a first level, a second level and a third level, wherein: the first level comprises permutation of portions of the bitstream that specify an input ordering of a look up table (LUT); the second level comprises permutation of the portion of the bitstream that specifies a content of the LUT; the third level comprises a block based permutation of the entire bitstream (Examiner note: It is understood that terms "first level", "second level", “third level”, etc. are words of convenience and are not to be construed as limiting terms; a standard procedure for a lookup table generation of data array that is based on bit array permutation, comprises permutation of selected portions (i.e. first level and second level) and permutation of the entire content (i.e.  third level) of the bitstream; bitstream obfuscation based on the permutation procedure including lookup table generation is performed by the synthesis tool) (Busser, in Para. [0004] discloses “A bitstream of the integrated components, e.g. of lookup tables or flip-flops and associated connecting structures is then generated with a synthesis tool, taking particular account of the hardware resources of the target FPGA Busser, in Para. [0013] discloses “Through the assignment, and thus with the binding, of each bit of the reference identifier to a specific component of the programmable circuit element, e.g. a flip-flop, a lookup table or a Block RAM, a clear and in particular linear relationship between the bits of the reference identifier in the circuit and the bits of the bitstream generated from this by a synthesis tool is achieved.” Busser, in Para. [0040] discloses “Any arbitrary device-specific identifier can thus be encoded directly in the bitstream without having to create a corresponding bitstream from a circuit that contains the device-specific identifier using a synthesis tool.” Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Bussel, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, in view of the teaching of Busser which discloses bitstream obfuscation based on lookup table generation using multilevel permutation procedure in order to improve protection of programmable devices (Busser, [0004, 0013, 0040, 0088, 0092]).

Claims 9 – 11 are rejected under 35 U.S.C. 103 as being unpatentable over Krumel (US 2002/0080771 A1) (hereafter Krumel), in view of Busser et al. (US 2018/0203709 A1) (hereafter Busser), and in view of Pedersen (US 2018/0060561 A1) (hereafter Pedersen)

Regarding claim 9 Krumel as modified fails to explicitly teach: The method of claim 7, further comprising: authenticating the programmable device based on the identifier in relation with an authorized identifier list.
Pedersen from the analogous technical field teaches: The method of claim 7, further comprising: authenticating the programmable device based on the identifier in relation with an authorized identifier list (Examiner note: programmable device is met by a programmable integrated circuit that could be authenticated by authentication of embedded firmware) (Pedersen, in Para. [0004] discloses “Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device”. Pedersen, in Para. [0019] discloses “the integrated circuits may be programmable integrated circuits that contain programmable logic circuitry. The present invention will generally be described in the context of integrated circuits such as programmable logic device (PLD) integrated circuits as an example.” Pedersen, in Para. [0049] discloses “authentication application 400 may be implemented as specialized software or circuitry on computer system 200 to authenticate the embedded firmware stored on integrated circuit 100…Persons skilled in the art would appreciate that authentication application 400 may be implemented with any combination of the above-mentioned submodules on computer system 200.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, as modified by Busser, in view of the teaching of Pedersen which discloses programmable device authentication using unique identifier in order to improve protection of the programmable devices (Pedersen, [0004, 0019, 0049]). 

Regarding claim 10 Krumel as modified fails to explicitly teach: The method of claim 9, wherein authenticating the programmable device based on the identifier in relation with an authorized identifier list comprises: obtaining the authorized identifier list from an external source.
Pedersen from the analogous technical field teaches: The method of claim 9, wherein authenticating the programmable device based on the identifier in relation with an authorized identifier list comprises: obtaining the authorized identifier list from an external source.

(Examiner note: the identifier list is met by additional processor instructions or associated data) (Pedersen, in Para. [0002] discloses “This programmable logic and routing can be configured with a configuration bitstream that can be loaded into the PLD from an external source…the ROM may contain processor instructions and other associated data that allows the FPGA to go through an initial boot process, and that boot process may include loading the RAM with additional processor instructions or associated data from an external source (such as header data contained in the external bitstream).” Pedersen, in Para. [0004] discloses “Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device”. Pedersen, in Para. [0049] discloses “authentication application 400 may be implemented as specialized software or circuitry on computer system 200 to authenticate the embedded firmware stored on integrated circuit 100…Persons skilled in the art would appreciate that authentication application 400 may be implemented with any combination of the above-mentioned submodules on computer system 200.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, as modified by Busser, in view of the teaching of Pedersen which discloses programmable device authentication using additional data from external source (i.e. identifier list) in order to improve protection of the programmable devices (Pedersen, [0002, 0004, 0049]). 

Regarding claim 11 Krumel as modified fails to explicitly teach: The method of claim 10, wherein obtaining the authorized identifier list from an external source comprises: communicating with the external source using secure communications.
Pedersen from the analogous technical field teaches: The method of claim 10, wherein obtaining the authorized identifier list from an external source comprises: (Examiner note: secure communication with external source is met by embedding and securing the specified firmware on PLD loaded from external source; as noted above, the identifier list is met by additional processor instructions or associated data) (Pedersen, in Para. [0002] discloses “This programmable logic and routing can be configured with a configuration bitstream that can be loaded into the PLD from an external source. For modern PLDs, this configuration is mediated by one or more programmable processors and associated firmware embedded in the PLD.” Pedersen, in Para. [0004] discloses “a key component of securing PLDs is to ensure that the embedded firmware is secure against intrusion. Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device”.)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kremel, as modified by Busser, in view of the teaching of Pedersen which discloses secure communication of programmable device with external source (i.e. secure loading and embedding firmware) in order to improve protection of the programmable devices (Pedersen, [0002, 0004]). 

Claims 17, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Busser et al. (US 2018/0203709 A1) (hereafter Busser) and in view of Kang et al. (US 2010/0024033 A1) (here after Kang)

Regarding claim 17 Busser teaches: A method of securely operating a programmable device that receives a programming bitstream, the method comprising generating a pseudo-random identifier (Examiner note: generating a pseudo-random identifier is met by generation of an identifier by random (or pseudo-random) number generator) (Busser, in Para. [0043] discloses “It comprises moreover a random number generator that generates a device-specific identifier, and an encoding unit that generates a device-specific bitstream making use of the table from the reference bitstream and the device-specific identifier.”); transmitting a sequence of responses based on the identifier in response to receiving a sequence of challenges, wherein at least a portion of the sequence of responses is based at least in part on the identifier (Examiner note: transmission of a sequence of challenges/responses is a device specific binary signal processing (i.e. bitstream), Para. [0042, 0045], which is met by the transfer of device-specific identifier to the programming unit 210 for processing) (Busser, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device-specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id using the table T, and transfers it into the programmable circuit element 210.” Busser, in Para. [0080] discloses “The apparatus 100 illustrated in FIG. 6 for the generation of a device-specific programming of a device with a programmable circuit element 210 comprises a generation unit 110, an insertion unit 120 and an assignment unit 150.”);
Busser fails to explicitly teach: de-obfuscating a received bitstream based on the identifier; and programming programmable circuitry within the programmable device based on the de- obfuscated bitstream
Kang from the analogous technical field teaches: de-obfuscating a received bitstream based on the identifier; and programming programmable circuitry within the programmable device based on the de- obfuscated bitstream (Examiner note: as noted above, a code to be executed is a stream of data in binary form, i.e. a bitstream) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to improve protection of the programmable devices (Kang, [0048]).

Regarding claim 18 Busser fails to explicitly teach: The method of claim 17, wherein de-obfuscating the bitstream based on the identifier comprises:
Kang from the analogous technical field teaches:  The method of claim 17, wherein de-obfuscating the bitstream based on the identifier comprises: (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.”).
Busser further teaches: permutating the bitstream based on the identifier (Bussel, in Para. [0087] discloses “The device 200 can also be formed as a third device…The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id” Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to improve protection of the programmable devices (Kang, [0048]).

Regarding claim 20 Busser fails to explicitly teach: The method of claim 17, wherein de-obfuscating the bitstream based on the identifier comprises 
Kang from the analogous technical field teaches:  The method of claim 17, wherein de-obfuscating the bitstream based on the identifier comprises (Examiner note: as noted above, a code to be executed is a stream of data in binary form, i.e. a bitstream) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.”).
Busser further teaches: applying a plurality of permutation levels, the plurality of permutation levels further comprising a first de-obfuscation level, a second de-obfuscation level and a third de-obfuscation level, wherein: the first de-obfuscation level comprises permutating the bitstream on a first portion of the programmable device; the second de-obfuscation level comprises permutating the bitstream on a second portion of the programmable device; the third de-obfuscation level comprises permutating the bitstream on a third portion of the programmable device (Examiner note: as noted above, it is understood that terms "first level", "second level", “third level”, etc. are words of convenience and are not to be construed as limiting terms; a standard procedure for a lookup table generation of data array that is based on bit array permutation, comprises permutation of selected portions (i.e. first level and second level) and permutation of the entire content (i.e.  third level) of the bitstream; bitstream obfuscation based on the permutation procedure including lookup table generation is performed by the synthesis tool) (Busser, in Para. [0004] discloses “A bitstream of the integrated components, e.g. of lookup tables or flip-flops and associated connecting structures is then generated with a synthesis tool, taking particular account of the hardware resources of the target FPGA”. Busser, in Para. [0013] discloses “Through the assignment, and thus with the binding, of each bit of the reference identifier to a specific component of the programmable circuit element, e.g. a flip-flop, a lookup table or a Block RAM, a clear and in particular linear relationship between the bits of the reference identifier in the circuit and the bits of the bitstream generated from this by a synthesis tool is achieved.” Busser, in Para. [0040] discloses “Any arbitrary device-specific identifier can thus be encoded directly in the bitstream without having to create a corresponding bitstream from a circuit that contains the device-specific identifier using a synthesis tool.” Bussel, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Bussel, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to improve protection of the programmable devices (Kang, [0048]).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Busser et al. (US 2018/0203709 A1) (hereafter Busser), in view of Kang et al. (US 2010/0024033 A1) (here after Kang), and in view of Krumel (US 2002/0080771 A1) (hereafter Krumel).

Regarding claim 19 Busser, as modified, fails to explicitly teach: The method of claim 17, wherein de-obfuscating the bitstream based on the identifier comprises: 
Krumel from the analogous technical field teaches: The method of claim 17, wherein de-obfuscating the bitstream based on the identifier comprises: transforming the bitstream based on a plurality of fuses in the programmable device that are selectively blown (Examiner note: as noted above, fuses are used for programming and/or configuration of the PLD/FPGA, Para. [0049]; fuses are met by physical switches or toggles) (Krumel, in Para. [0109] discloses “variety of physical switches or toggles 176, 180, 181 and 182 may be coupled to PLD 162 or controller 164. As illustrated by update button 176, toggles may be used to control the updating of the PLD code (for instance, to reconfigure or update the system, providing updated filtering algorithms).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, as modified by Kang, in view of the teaching of Krumel which discloses usage of switches or toggles (equivalent to fuses) in order to improve programming/configuration of programmable devices (Krumel, [0049, 0109]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Applicant's amendment necessitated the new ground(s) of rejection presented in
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP

CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE
MONTHS from the mailing date of this action. In the event a first reply is filed within
TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published 

/V.I.G./Examiner, Art Unit 2431         

/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431