Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
1.	The information disclosure statement (IDS) submitted on 7/1/2019 was filed after the mailing date of the application on 7/1/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
2.	The information disclosure statement (IDS) submitted on 3/15/2021 was filed after the mailing date of the application on 7/1/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowable Subject Matter
Claims 7, 12 and 22 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 24 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 24 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
In particular, claim 24 claims “A computer program product ...” See Applicant’s Specification (paragraph 59); and is thus non-statutory for that reason. The medium claim is evidence that the claim could be software. The software claimed as computer listings per se, i.e., the descriptions or expressions of the programs are not physical 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-6, 8-10, 12-21 and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Martel (Us Patent Pub. 20150347746) in view of Wang (US Patent Pub. 2009/0104890).


As per claim 1 and 24-25:  (Original) Martel method of providing a security profile for programming at least one target device, the method implemented on a computing device and comprising (See Abstract):
obtaining a base security profile, the base security profile defining at least one security parameter having a configurable value (Paragraph 18; a base security profile (also referred to as a sandbox profile or simply a profile) is precompiled and maintained by an operating system. The base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system),
generating a first security profile from the base security profile in response to receiving input from a user via an input device of the computing device, wherein generating the first security profile comprises, for each of the at least one security parameter, assigning the security parameter with a value of a first set of values Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system);
generating a second security profile from the base security profile in response to receiving further input from a user via said input device, wherein generating the second security profile comprises, for each of the at least one security parameter, assigning the security parameter with a value of a second set of values (Paragraph 36; claim 6; dynamically generating a secondary security profile for the application based on the entitlements extracted from the application, wherein the base security profile, the secondary security profile)
outputting, the first security profile for programming at least one target device for use by a first type of user (Paragraph 35; processes 301-303 are launched and executed within sandboxed operating environments 311-313 as sandboxed processes, respectively. Sandboxes 311-313 are configured based on security profiles 321-323, respectively); and 
outputting the second security profile for programming at least one target device for use by a second type of user different to the first type of user (Paragraph 35; processes 301-303 are launched and executed within sandboxed operating environments 311-313 as sandboxed processes, respectively. Sandboxes 311-313 are configured based on security profiles 321-323, respectively).

Wang discloses security operations or security parameters are reset to any of the following: last configured values; initialized security parameters values; or a certain past setting/configuration values indexed by a parameter in the RESET message; examples of security parameters being reset include the security keys, the HFN or MSB values of the COUNT parameter…(Paragraph 40).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Martel and Wang in it’s entirety, to modify the technique of Martel for base profile contains a set of base rules that are generated based on a set of base entitlements by adopting Wang's teaching for configuration values indexed by a parameter... The motivation would have been to improve providing a security profile for programming at least one target device.
As per claim 2:  (Original) The method of claim 1, wherein the at least one security parameter comprises at least one digital certificate parameter associated with a digital certificate for programming onto the at least one target device (See Martel, Paragraph 24; signed by the authorization entity using a digital certificate).
As per claim 3:  (Original) The method of claim 2 wherein the at least one digital certificate parameter comprises one or more of: an issuer name parameter having a configurable value defining an issuer of the digital certificate; a validity period parameter having a configurable value defining a validity period of the digital certificate; a subject name parameter having a configurable value defining a subject of the digital certificate (see Wang, Paragraph 40, setting/configuration values indexed by a parameter);
a public key parameter having a configurable value defining a public key of the digital certificate; a device serial number parameter having a configurable value defining the target device onto which the digital certificate is to be programmed; and a certificate signature parameter having a configurable value defining a signature of the digital certificate.
As per claim 4:  (Currently Amended) The method of claim 1, wherein the at least one security parameter comprises at least one cryptographic key parameter associated with a cryptographic key for programming onto the at least one target device (Paragraph 42; security parameters being reset include the security keys).
As per claim 5:  (Original) The method of claim 4 wherein the at least one cryptographic key parameter comprises one or more of:
at least one symmetric key parameter having a configurable value defining a symmetric key (See Wang; Paragraph 42; examples of security parameters being reset include the security keys); and
at least one private key parameter having a configurable value defining a private key of an asymmetric key pair.
As per claim 6:  (Currently Amended) The method of claim 1, wherein the at least one security parameter comprises at least one processor parameter for programming a processing unit on each of the at least one target device (see Wang, Paragraph 40, setting/configuration values indexed by a parameter).
As per claim 8:  (Currently Amended) The method of claim 1, wherein a data store is coupled to the computing device, the data store comprising the first data storage location and the second data storage location (See Martel, Paragraph 53; a machine-readable (e.g., computer-readable) medium includes a machine (e.g., a computer) readable storage medium (e.g., read only memory ("ROM"), random access memory ("RAM"), magnetic disk storage media, optical storage media, flash memory devices)).
As per claim 9:  (Original) The method of claim 8 wherein the data store is a secured data store (See Martel Paragraph 49; a storage device (e.g., a hard drive, a flash memory device)).
As per claim 10:  (Currently Amended) The method of claim 1, wherein an unsecured data store and a secured data store are coupled to the computing device, the unsecured data store comprising the first data storage location and the secured data store comprising the second data storage location (See Martel, Paragraph 53; a machine-readable (e.g., computer-readable) medium includes a machine (e.g., a computer) readable storage medium (e.g., read only memory ("ROM"), random access memory ("RAM"), magnetic disk storage media, optical storage media, flash memory devices)).
As per claim 11:  (Currently Amended) The method of claim 9, wherein the secured data store is a hardware security module (See Martel Paragraph 49; a storage device (e.g., a hard drive, a flash memory device)).
As per claim 13:  (Currently Amended) The method of claim 1, wherein the method comprises: 
outputting the first security profile for delivery to a first data package generation module, the first data package generation module configured to generate a first programming data package based on the first security profile for output to a first device programming module for programming the at least one target device (See Martel Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system); and 
outputting the second security profile for delivery to a second data package generation module, the second data package generation module configured to generate a second programming data package for output to a second device programming module for programming the at least one target device (See Martel; Paragraph 36; claim 6; dynamically generating a secondary security profile for the application based on the entitlements extracted from the application, wherein the base security profile, the secondary security profile).
As per claim 14:  (Original) The method of claim 13, wherein the first security profile comprises at least one security parameter associated with a respective instruction, and 
for each of the at least one security parameter associated with a respective instruction, the first data package generation module acting on the instruction associated with the security parameter to obtain the value of the first set of values and set the configurable value of the security parameter using the obtained value (See Martel; Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system).
As per claim 15:  (Original) The method of claim 13, wherein the first security profile comprises a plurality of security parameters each associated with a respective instruction, and the first data package generation module is distributed across multiple computing devices including said computing device and at least one remote computing device, the method further comprising:
outputting the first security profile to a component of the first data package generation module on said computing device;
for one or more of the plurality of security parameters each associated with a respective instruction, said component of the first data package generation module (i) acting on the instruction associated with the security parameter to obtain the value of the first set of values and set the configurable value of the security parameter using the obtained value; and then (ii) outputting the first security profile to a further See Martel; Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system).
As per claim 16:  (Currently Amended) The method of claim 13, wherein the first security profile is output via a communications interface of the computing device for delivery to at least one remote computing device comprising the first data package generation module.
As per claim 17:  (Currently Amended) The method of claim 13, wherein the second security profile comprises at least one security parameter associated with a respective instruction, and the second data package generation module is implemented on said computing device, the method further comprising:
for each of the at least one security parameter associated with a respective instruction, the second data package generation module acting on the instruction associated with the security parameter to obtain the value of the second set of values and set the configurable value of the security parameter using the obtained value (See Martel; Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system).
As per claim 18:  (Currently Amended) The method of claim 13, wherein the second security profile comprises a plurality of security parameters each associated with a respective instruction, and the second data package generation module is distributed across multiple computing devices including said computing device and at least one remote computing device, the method further comprising: outputting the second security profile to a component of the second data package generation module on said computing device (See Martel; Paragraph 36; claim 6; dynamically generating a secondary security profile for the application based on the entitlements extracted from the application, wherein the base security profile, the secondary security profile);
for one or more of the plurality of security parameters each associated with a respective instruction, said component of the second data package generation module (i) acting on the instruction associated with the security parameter to obtain the value of the second set of values and set the configurable value of the security parameter using the obtained value; and then (ii) outputting the second security profile to a further component of the second data package generation module on a remote computing device of at least one remote computing device (See Martel; Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system).
As per claim 19:  (Currently Amended) The method of claim 13, wherein the second security profile is output via a communications interface of the computing device for delivery to at least one remote computing device comprising the second data package generation module (See Martel; Paragraph 24; when launch module 102 receives a request for launching application 101, launch module 102 obtains and/or determines extended entitlements 106 from application 101. The extended entitlements 106 may specify one or more resources of a data processing system that application 101 is entitled to access).
As per claim 20:  (Currently Amended) The method of claim 13, wherein the first data package generation module is the same as the second data package generation module, and the first device programming module is the same as the second device programming module (See Martel; Paragraph 24; when launch module 102 receives a request for launching application 101, launch module 102 obtains and/or determines extended entitlements 106 from application 101. The extended entitlements 106 may specify one or more resources of a data processing system that application 101 is entitled to access).
As per claim 21:  (Currently Amended) The method of claim 13, wherein the first data package generation module and the second data package generation module are separate modules, and the first device programming module and the second device programming module are separate modules (See Martel; Paragraph 24; when launch module 102 receives a request for launching application 101, launch module 102 obtains and/or determines extended entitlements 106 from application 101. The extended entitlements 106 may specify one or more resources of a data processing system that application 101 is entitled to access).
As per claim 23:  (Currently Amended) The method of claim 1, wherein the base security profile defines at least one security parameter having a non-configurable value (See Martel; Paragraph 18; base profile contains a set of base rules that are generated based on a set of base entitlements (also referred to as base entitlements) for accessing resources (also referred to as base resources) of a data processing system. The base profile may be configured as part of standard components or configuration files that are developed and bundled with an operating system).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472.  The examiner can normally be reached on 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433