DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
This communication is in response to
Application amendment filed on 12/15/2020.
Authorization for this examiner’s amendment was given via phone and internet communications 03/15/2021-03/18/2021 with Attorney David Wilson (Reg. No. 56,790), who received approval for the Examiner’s Amendment from Attorney of Record Brian Graham (Reg. No. 67,387).

Response to Amendment
The amendment filed 12/15/2020 has been entered. 
Applicant’s amendments to independent claims 1 and 14, arguments, Pages 6-7 of the Remarks filed on 12/15/2020 and further claim amendments result into withdrawal of the 35 USC § 103 rejection previously set forth in the Office Action mailed on 09/16/2020.

Examiner’s Amendment
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Note: Proposed amendments marked manually with underlining and 
Claims Amendments:
1.	(Currently Amended) A system-on-chip (SoC) comprising:

a processor;
a bus subsystem coupled to the processor, and comprising:
a hardware firewall module; and
a security manager coupled to the hardware firewall module, and comprising:
security control registers comprising: 
security flags for security critical assets of the SoC, wherein: 
each security flag comprises multiple bits;
a first of the security control registers is a DMSC firewall bypass register configured to:
set the hardware firewall module to a bypass mode based on a value of a first security flag of the first of the security control registers, and;
 of the first of the security control registers; and
once locked, via the second security flag, the first of the security control registers can be changed only after execution of a power-on reset.
2.	(Currently Amended) The SoC of claim 1, wherein each of the security flags consists of four bits.
3.	(Currently Amended) The SoC of claim 2, wherein a value of the four bits is 0xA, indicating access enabled if the security flag having the value of 0xA controls access and indicating unlocked if the security flag having the value of 0xA is a lock flag for a security control register.
4.	(Currently Amended) The SoC of claim 1, wherein values of the multiple bits of each of the security flags are equal Hamming distance apart.
t least one of the security flags is 
6.	(Currently Amended) The SoC of claim 1, wherein at least one of the security flags is 
7.	(Currently Amended) The SoC of claim 1, wherein the second security flag controls access to the first security flag.
8.	(Currently Amended) The SoC of claim 7, wherein another security mechanism also controls access to the first security flag.
9.	(Original) The SoC of claim 8, wherein the another security mechanism is a hardware firewall of the SoC.
10.	(Original) The SoC of claim 1, wherein a set of security critical bits is signaled from a configuration storage of the SoC with a set of validation bits to be used to validate the set of security critical bits.
11.	(Original) The SoC of claim 10, wherein a value of the set of validation bits is an inverse of a value of the set of security critical bits.
12.	(Original) The SoC of claim 10, wherein the set of security critical bits comprises a device type of the SoC.
13.	(Original) The SoC of claim 1, wherein the SoC comprises latching circuitry to latch a power on reset (POR) signal received by the SoC to prevent reassertion of the POR signal until POR processing in the SoC is complete.
14.	(Currently Amended) A method of operating a system-on-chip (SoC), the method comprising:

reading values of security flags for security critical assets of the SoC from a configuration storage of the SoC responsive to the first POR signal; and
storing the values of the security flags in security control registers of the SoC, wherein:
each security flag value comprises multiple bits;
a first of the security control registers is a device management security controller (DMSC) firewall bypass register configured to:
set a hardware firewall module to a bypass mode based on a value of a first security flag of the first of the security control registers, and
 of the first of the security control registers; and
once locked, via the second security flag, of the security control registers can be changed only after receiving a second power-on reset in the SoC.
15.	(Original) The method of claim 14, wherein each security flag value consists of four bits.
16.	(Currently Amended) The method of claim 15, wherein a value of the four bits is 0xA, indicating access enabled if the value is stored as a security flag that controls access and indicating unlocked if the value is stored as a security flag that is a lock flag for a security control register.
17.	(Currently Amended) The method of claim 14, wherein values of the multiple bits of each security flag value are equal Hamming distance apart.
t least one of the security flags is 
19.	(Currently Amended) The method of claim 14, wherein at least one of the security flags is 
20.	(Currently Amended) The method of claim 14, wherein the second security flag controls access to the first security flag.
21.	(Currently Amended) The method of claim 20, wherein another security mechanism also controls access to the first security flag.
22.	(Original) The method of claim 21, wherein the another security mechanism is a hardware firewall of the SoC.
23.	(Original) The method of claim 14, further comprising:
reading a set of security critical bits and a set of validation bits from the configuration storage; and
using the set of validation bits to validate the set of security critical bits.
24.	(Original) The method of claim 23, wherein using the set of validation bits comprises determining if a value of the set of validation bits is an inverse of a value of the set of security critical bits.
25.	(Original) The method of claim 23, wherein the set of security critical bits comprises a device type of the SoC.
26.	(Original) The method of claim 14, further comprising latching the POR signal to prevent reassertion of the POR signal until POR processing is complete.

Allowable Subject Matter
Above Claims 1-26 are allowed. Claims 1-8, 14 and 16-21 have been amended. 
The following is a statement of reasons for indication of allowable subject matter.
Cited and relevant prior art of record:
i. Heinrich et al. (US 6,460,139 B1, hereinafter “Heinrich”),
ii. Vooka et al. (US 2016/0146888 A1, hereinafter “Vooka”)
iii. Foley et al. (US 2010/0017893 A1, hereinafter “Foley”)
Heinrich discloses receiving a power on reset signal, reading values of security flags for security critical assets of the system from a configuration storage of the system responsive to the POR signal, and storing the values of the security flags in a security control register of the system, where each security flag value comprises multiple bits. Vooka teaches a value indicating access enabled if the security flag controls access and indicating unlocked if the security flag is a lock flag for a security control register, wherein the security flag is used by a hardware module of the SoC and a first security flag controls access to a second security flag. Foley teaches wherein another security mechanism controls access to a security flag.
While Heinrich-Vooka-Foley teaches the aforementioned limitations, however, none of the above prior arts, individually or in combination, teaches the claim limitations in the manner described in the independent claims for security control registers comprising security flags for security critical assets of an SoC, wherein each security flag comprises multiple bits, a first of the security control registers is a DMSC firewall bypass register configured to set the hardware firewall module to a bypass mode based on a value of a first security flag of the first of the security control registers and lock the first of the security control registers based on a value of a second security flag of the first of the security control registers, and once locked, via the second security flag, the first of the security control registers can be 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHANIE S HAM whose telephone number is (571)272-4377.  The examiner can normally be reached on Monday - Friday 8:30 am - 4:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI A SHIFERAW can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497