Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 9/11/2019. Claims 1-16 are pending.

Objection
Claim 14 is objected to, because the claim recites the VPN client is an Internet of Things, instead of “the client device is an Internet of Things”

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder 
 Such claim limitation(s) are: “an authentication unit configured for exchanging a key ...” in claims 1 and thus its dependent claims; “a hash unit configured for hashing the message ...” in claim 3.
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
A review of the specifications discloses

[8] “In one implementation, the authentication unit may include a circuit configured for2 
performing an elliptic curve digital signature algorithm (ECDSA) and a Rivest Shamir Adleman (RSA) algorithm. “

“[31] A term "unit" used herein may refer to a hardware component, a collection of hardware components, and/or a circuit, such as a field-programmable gate array (FPGA) or applicatition specific integrated circuit (ASIC)”.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1-8 recite two instances of “a key” in lines 3 and 6 (claim 1 and dependent claims), and multiple instances of “the key” (in  claim 1 and dependent claims, additionally in claim 3), which renders the latter indefinite as it is unclear to what instance of “a key” they refer to.
Claims 1-8 also recite “an AES engine core configured for performing a function of encrypting a message using a key ... and a function of encrypting the key or decrypting the key ...
The function of encrypting/decrypting a key using AES means in view of the claim language: 1) the key exchanged using authentication unit is encrypted using the 
AES being a symmetric algorithm, the examiner understands its use in encrypting/decrypting a message but it is not understood its use to encrypt/decrypt a key, i.e used as a key encryption key. Clarification of the claims is kindly requested.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over P.  Urien “Introducing TLS/DTLS Secure Access Modules for IoT Frameworks: Concepts and Experiments”, 2017, IEEE, 8 pages, in view of US 20190109848 to Clark et al., hereinafter Clark, and further in view of US 20150295713 to Oxford, hereinafter Oxford.
Regarding claim 1, Urien teaches:
A system-on-chip for performing a message encryption operation based on a transport layer security (TLS), the system-on-chip comprising (p. 2, under III and p. 3, under A):  an authentication unit configured for exchanging a key used for the message encryption operation and performing authentication for a subject to perform communication (p. 4, under Fig. 4, secure elements performing certificates exchanges for authentication); an advanced encryption standard (AES) engine core configured for performing a function of encrypting a message using a key or decrypting the encrypted message (Fig. 2 AES coprocessor or Fig. 3 Cryptographic API for performing AES  encryption see p.3 , right column second bullet; also p.4, under Fig. 4, 3rd bullet); and  a controller configured for controlling the AES engine core and the authentication unit based on a operating system (RTOS) for performing the message encryption operation (p.1, under A, p. 4, under C: CPU controlling the different elements of the circuit, (see Fig. 2), based on the operating system (Linux, Unix, Android, throughout the art)).  
Urien does not explicitly teach a real time operating system (RTOS) and firmware. 
In an analogous art, Clark discloses devices including IoT devices ([0004], Fig. 2, [0539]) comprising a real time operating system (RTOS), and firmware ([0474]: BIOS, or [0539]); the IoT devices also communicating encrypted packets through secure tunnels (SSL/TLS) [0018][0529]). It would have been obvious to a skilled artisan before the instant application was filed to implement a RTOS in the devices of Urien and control encryption and authentication because a RTOS would ensure the efficient and on-time executions of applications.
Urien in view of Clark does not explicitly teach the AES engine with a function of encrypting the key or decrypting the encrypted key.
In an analogous art, Oxford discloses nodes generating session key to encrypt/decrypt messages [0108], and encrypting the session key also using symmetric encryption [0111]). Therefore Oxford teaches performing a function of encrypting a message using a key or decrypting the encrypted message and a function of encrypting the key or decrypting the encrypted key. It would have been obvious to a skilled artisan before the instant application was filed to have the AES engine of Urien also perform encryption/decryption of the key because symmetric encryption of the key or of messages would ensure confidentiality and would be performed quicker than asymmetric encryption.

Regarding claim 2, Urien in view of Clark and Oxford discloses the system-on-chip of claim 1, wherein the authentication unit includes a circuit configured for performing an elliptic curve digital signature algorithm (ECDSA) (Urien p. 4, paragraph starting with “Figure 7’) and a Rivest Shamir Adleman (RSA) algorithm (Urien, p. 4, paragraph under Fig. 4).

Regarding claim 3, Urien in view of Clark and Oxford discloses the system-on-chip of claim 1, further comprising: a random number generator configured for generating a random number used for the message encryption operation (Urien p.4, last paragraph in left column and first paragraph in right column) ; a hash unit configured for hashing the message or the key (Urien, paragraph on right column, above Fig. 5); and private key storage configured for storing a private key (Urien p.7. right column, paragraph starting with “Key provisioning “).  

Regarding claim 7, Urien in view of Clark and Oxford discloses the system-on-chip of claim 1, wherein information about a physical or logical address indicating a memory region at which a file is capable of being input or output is recorded in the 
 Regarding claim 8, Urien in view of Clark and Oxford discloses an  electronic device including the system-on-chip of claim 1 (Urien,  p.1, under II, on right: IoT device).  

Claim 4 is rejected under 35 USC 103 as being unpatentatble over Urien, Clark and Oxford, in view of “A type-safe, TPM backed TLS infrastructure”, by Li et al., 2012, 16 pages, hereinafter Li.
Regarding claim 4, Urien in view of Clark and Oxford discloses the system-on-chip of claim 3, further comprising:  a micro controller unit (MCU) including the AES engine core, the random number generator, and the hash unit (Urien p.3, right column Fig. 3 Cryptographic API including RNG, SHA1 and  AES); and a module including the authentication unit and the private key storage (Urien, p.7: right column, paragraph starting with “Key provisioning”: private key stored in SIM).  
Urien in view of Clark and Oxford does not explicitly teach a trusted platform module (TPM). In an analogous art, Li discloses a TPM backed TLS infrastructure, where the private key is stored in a TPM (p.3 paragraph above and below 2.2, on left).
It would have been obvious to a skilled artisan before the instant application was filed to have implement a TPM as taught by Li to store the private key used during the TLS establishing because it is a secure hardware storage difficult to break and would protect the key.

Claim 5 is rejected under 35 USC 103 as being unpatentatble over Urien, Clark and Oxford, in view of “ConFirm: Detecting Firmware Modifications in Embedded Systems using Hardware Performance Counters”, by Wang et al., 2015, pages 544-551, hereinafter Wang.

Regarding claim 5, Urien in view of Clark and Oxford discloses the system-on-chip of claim 1, further comprising a memory, a software application for receiving an X.509 certificate are stored in the memory (Urien, p.4, paragraph above and below Fig. 4, on left: application for authentication using X509 certificates loaded in RAM).  Urien combined to Clark and Oxford does not teach the memory comprising the RTOS and firmware.
Wang, in an analogous art, discloses an embedded system comprising firmware containing a RTOS (p. 548, on right, at 1) Case study 1)   loaded  in memory (RAM) at runtime by bootloader  (p.545, , under C, on right). It would have been obvious to a skilled artisan before the instant application was filed to store the RTOS and firmware in memory (RAM) at runtime as taught by Wang, along with applications receiving the certificates as taught by Urien/Clark and Oxford, because loading software in RAM at runtime is well-known in the art and is standard operation.

Claims 9, 12-14 and 16 are rejected under 35 USC 103 as being unpatentatble over “Enabling VPN and Secure Remote Access using TLS Protocol”, by Badra et al, 2006, IEEE, pages 308-314, hereinafter Badra, in view of Urien and further view of Clark.
Regarding claim 9, Barda discloses 
A system for transmitting a message through a virtual private network, the system comprising: a client device configured for generating the message; a VPN client configured for performing an encryption operation based on a TLS on a message received from the client device through a communication channel to output an encapsulated message;  a VPN server configured for receiving the encapsulated message from the VPN client through the VPN tunnel and for decrypting the encapsulated message; and a server configured for receiving the decrypted message from the VPN server (p. 308, under I: deploy TLS within VPN for two endpoints to mutually authenticate and share a secret for encrypting/decrypting messages; p. 312 on left: MTLS packet header and encrypted content using blockcipher). 
Barda does not explicitly teach: wherein the VPN client includes a system-on-chip for performing the encryption operation based on the TLS.
  Urien in an analogous art, discloses a system-on-chip for performing the encryption operation based on the TLS  a device comprising a secure element which is a SoC (p.3 under A, on left), with a  TLS stack (p.3, under B, on right) and performing AES encryption  (Fig, 2-3). It would have been obvious to a skilled artisan before the instant application was filed to implement the VPN client of Barda in a Soc as taught by Urien because a  SoC  ‘s small size is well suited for devices such as IoT.
Barda in view of Urien does not teach explicitly a system based on a real time operating system (RTOS) and firmware.
In an analogous art, Clark discloses devices including IoT devices ([0004], Fig. 2, [0539]) comprising a real time operating system (RTOS), and firmware ([0474]: BIOS, or [0539]); the IoT devices also communicating encrypted packets through secure tunnels (SSL/TLS) [0018][0529]). It would have been obvious to a skilled artisan before the instant application was filed to implement a RTOS in the devices of Barda-Urien and control encryption and authentication because a RTOS would ensure the efficient and on-time executions of applications.

Regarding claim 12, Barda in view of Urien and Clark discloses the system of claim 9, wherein the communication channel includes at least one of an Ethernet, a long term evolution (LTE), a universal serial bus (USB), or a wireless fidelity (WIFI) (Barda, p.310, under B: TLS in wireless networks).  

Regarding claim 13, Barda in view of Urien and Clark discloses the system of claim 9, wherein the VPN client is embedded in the client device (Barda, Fig. 2: MTLS client in client device).  
Regarding claim 14, Barda in view of Urien and Clark discloses the system of claim 9, wherein the VPN client is an Internet of Things device (Urien, Abstract, and Fig. 13).  
Regarding claim 16, Barda in view of Urien and Clark discloses the system of claim 9, wherein information about a physical or logical address indicating a memory region at which a file is capable of being input or output is recorded in the firmware 

Claim 10 is rejected under 35 USC 103 as being unpatentatble over Badra, Urien and Clark, in further view of Oxford.

Regarding claim 10, Barda in view of Urien and Clark discloses the system of claim 9, wherein the system-on-chip includes a micro controller unit (MCU), wherein the MCU includes: an advanced encryption standard (AES) engine core configured for performing a function of encrypting a message using a key or decrypting the encrypted message ; a random number generator configured for generating a random number used for the encryption operation based on the TLS; and a hash unit configured for hashing the message or the key (Urien p.3, right column Fig. 3 Cryptographic API including RNG, SHA1 and  AES).  
Barda in view of Urien and Clark does not explicitly teach a function of encrypting the key or decrypting the encrypted key.
In an analogous art, Oxford discloses nodes generating session key to encrypt/decrypt messages [0108], and encrypting the session key also using symmetric encryption [0111]). Therefore Oxford teaches performing a function of encrypting a message using a key or decrypting the encrypted message and a function of encrypting the key or decrypting the encrypted key. It would have been obvious to a skilled artisan before the instant application was filed to have the AES engine of Urien also perform encryption/decryption of the key because symmetric encryption of the key 

Claim 11 is rejected under 35 USC 103 as being unpatentatble over Badra, Urien, Clark and Oxford, in further view of Li.
Regarding claim 11, Barda in view of Urien and Clark discloses the system of claim 10; additionally Urien discloses a circuit configured for performing an elliptic curve digital signature algorithm 20(ECDSA) and a Rivest Shamir Adleman (RSA) algorithm (Urien p. 4, paragraph starting with “Figure 7’) and a Rivest Shamir Adleman (RSA) algorithm (Urien, p. 4, paragraph under Fig. 4), and private key storage configured for storing a private key (Urien p.7. right column, paragraph starting with “Key provisioning “). 
However, the combined cited art does not teach the system-on-chip further includes a trusted platform module (TPM) including ECDSA, RSA and private key storage configured for storing a private key. In an analogous art, Li discloses a TPM backed TLS infrastructure, where the private key is stored in a TPM (p.3 paragraph above and below 2.2, on left). It would have been obvious to a skilled artisan before the instant application was filed to have implement a TPM as taught by Li to store the private key used during the TLS establishing because it is a secure hardware storage difficult to break and would protect the key.

Allowable Subject Matter
Regarding claims 6 and 15, the claims recite allowable subject matter, as no prior art of the record teaches: firmware includes a code or a function for replacing signal delivery performed in a commercial or general-purpose operating system for the message encryption operation with message delivery in the RTOS.  
Claims 6 and 15 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
McGough 20200322148 discloses improvement of TLS, for IoT, and handshake between client devices, and implementation of a VPN tumnnel between a sender and a receiver.
Link 20170272945 discloses generating pre-shared keys for application and data session in SIM , and  handshake between client-serverfor implementing TLS session.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138.  The examiner can normally be reached on Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        7/16/2021