DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/9/2021 has been entered.
The claim interpretation related to 35 U.S.C. 112(f) regarding to claim 1 is maintained. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 7-8. 11-12, 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2017/0279619 A1 (Yang) and U.S. Publication No. 2015/0007262 A1 (Aissi).
Referring to claim 1, Yang discloses an embedded processing system comprising: processing circuitry configured to execute a plurality of computer executable instructions (page 4, paragraph 50).  Yang discloses a device which includes an embedded card with an operating system, hardware including the circuitry to execute the instructions.  The operating system and hardware provides processing circuitry to carry out computer executable instructions.  Yang discloses a memory system configured to store a plurality of configuration items (Figure 1A, page 6, paragraph 66).  Yang discloses logic and storing of certificate function, certification information in the device 110, Yang disclose wherein at least one of the configuration items comprises a sequence of computer executable instructions. (Figure 1A, page 6, paragraph 66, [0131], claim 12, store programs, utilities, processes or instructions to be executed.)
Yang discloses and an authentication control configured to: authenticate an immutable anchor associated with the embedded processing system (page 1, paragraph 2, page 1, paragraph 8, paragraph 11, page 2, paragraph 18) and the immutable anchor is encoded in read-only storage; ([0118][0131][0136] non-volatile memory is used by the certificate function to store certificates for eUICC, ROM store programs, etc. to be executed in a non-volatile manner).  The immutable anchor is the eUICC and the authentication process determines the validity of the certificate arriving for the eUICC.  Yang discloses authenticate integrity of a reconfigurable entity map associated with the memory system of the embedded processing system (page 1, paragraph 11, 13, 129).  The reconfigurable entity map is the CRL which is maintained by the device and is therefore associated with the memory system.  Checking the CRL for identity of certificate is authenticating the integrity and validity of the certificate with the CRL. The CRL list can be updated with servers. Note: the reconfigurable is not a functional language and therefore is not much patent weight, please further clarify the reconfigurable entity map using functional language. 
Yang discloses locating the configuration items in the memory system 
based on accessing a list of address ranges in the reconfigurable entity map after         performing integrity authentication of the reconfigurable entity map; (para 11-14, 17-19) after validating the CRL arriving at the device, pull certificates from CAs to updating the pinning policy which refers hash values stored in the trusted list or pinning table and implied the list or table is identified.
Yang discloses authenticate the configuration items based on locating the 
configuration items in the memory system using the list of address ranges in the reconfigurable entity map (page 2, paragraph 11, 13, 17, 18, 59-61) Certificate the pinning policy by referring the hash values in the trusted list or pinning list in the CRL,  Yang discloses certificates which are authenticated based on the pinning table or trusted lists which are the CRL or reconfigurable entity maps which store the validated certificates.  Yang discloses performing an accommodation measure based on an authentication failure of at least one of the configuration items (page 7, paragraph 76).  The new certificate can be requested in response to an authentication failure of the certificate for the server.  
But Yang fail to explicitly disclose “wherein authentication of the immutable anchor is performed upon receiving a reset signal; wherein integrity authentication of the reconfigurable entity map is performed upon successful authentication of the immutable anchor.”
	Aissi disclose wherein authentication of the immutable anchor is performed upon receiving a reset signal; (Fig. 7A, [0004][0005] [0043] [0056][0109]-[0112] due to the application module reset, or watchdog timer expired, etc. the update of the root of trust is updated in response to the event and is verified) wherein integrity authentication of the reconfigurable entity map is performed upon successful authentication of the immutable anchor. (Fig. 7A, [0074] [0111]-[0115] if the verification of the root of trust is successful, the trust chain is re-established, here it discloses the condition to execute the software) 
It would have been obvious to one having ordinary skill in the art before the effective filing data of the claimed invention was made to incorporate Aissi’s secure execution and update of application module into Yang’s invention as they are related to the same field endeavor of verification of the eUICC and servers which includes a sequence of executable instructions. The motivation to combine these arts, as proposed above, at least because Aissi’s capability to provide a trigger condition to execute the code would provide more software control to Yang’s system. Therefore it would have been obvious to one having ordinary skill in the art before the effective filing data of the claimed invention was made that provide a trigger condition to execute the code would protect the system to make it more secure.  
	Referring to claim 2, Yang, Aissi disclose the immutable anchor is hardware or software that establishes a root and chain of trust in authentication (page 4, paragraphs 51, 52).  The root and chain of certification information is sent and established with the eUICC.
Referring to claim 7, Yang, Aissi disclose that the accommodation measure comprises one or more of resetting the embedded processing system, switching the embedded processing system to a fail-safe mode of operation, and transmitting an authentication failure message on a communication interface (Yang, page 8, paragraph 88).
	Referring to claim 8, Yang, Aissi disclose that the authentication comprises one or more asymmetric cryptographic methods using unique key pairs that result in an authentication failure based on an incorrect key, a missing key, or software that is tampered with resulting in the authentication failure (Yang, page 6, paragraph 73).  Yang discloses public key encryption process with a public and private key which is used to determine authentication failure based on software that is tampered with resulting in authentication failure.
Referring to claim 11, Yang discloses a method comprising: authenticating, by an 
authentication control of an embedded processing system, an immutable anchor associated with the embedded processing system (page 4, paragraph 50, Figure 1A, page 6, paragraph 66, The immutable anchor is the eUICC and the authentication process determines the validity of the certificate arriving for the eUICC), and the immutable anchor is encoded in read-only storage; ([0118][0131]  non-volatile memory is used by the certificate function to store certificates for eUICC, ROM store programs, etc. to be executed in a non-volatile manner)  authenticating, by the authentication control, integrity of a reconfigurable entity map associated with a memory system of the embedded processing system (page 1, paragraph 11, The reconfigurable entity map is the CRL which is maintained by the device and is therefore associated with the memory system.  Checking the CRL for identity of certificate is authenticating the integrity and validity of the certificate with the CRL); 13106293US01 (U421539US) Yang discloses locating, by the authentication control,  the configuration items in the memory system based on accessing a list of 
address ranges in the reconfigurable entity map after performing integrity authentication of the reconfigurable entity map; (para 11-14, 17-19) after validating the CRL arriving at the device, pull certificates from CAs to updating the pinning policy which refers hash values stored in the trusted list or pinning table and implied the list or table is identified; authenticating, by the authentication control, a plurality of configuration items in the memory system based on the reconfigurable entity map (page 2, paragraph 18, certificates which are authenticated based on the pinning table or trusted lists which are the CRL or reconfigurable entity maps which store the validated certificates. ); and performing an accommodation measure based on an authentication failure of at least one of the configuration items (page 7, paragraph 76, The new certificate can be requested in response to an authentication failure of the certificate for the server.).  
	But Yang fail to explicitly disclose “wherein authentication of the immutable anchor is performed upon receiving a reset signal; wherein integrity authentication of the reconfigurable entity map is performed upon successful authentication of the immutable anchor.”
	Aissi disclose wherein authentication of the immutable anchor is performed upon receiving a reset signal; (Fig. 7A, [0004][0005] [0043] [0056][0109]-[0112] due to the application module reset, or watchdog timer expired, etc. the update of the root of trust is updated in response to the event and is verified) wherein integrity authentication of the reconfigurable entity map is performed upon successful authentication of the immutable anchor. (Fig. 7A, [0074] [0111]-[0115] if the verification of the root of trust is successful, the trust chain is re-established, here it discloses the condition to execute the software) 
It would have been obvious to one having ordinary skill in the art before the effective filing data of the claimed invention was made to incorporate Aissi’s secure execution and update of application module into Yang’s invention as they are related to the same field endeavor of verification of the eUICC and servers which includes a sequence of executable instructions. The motivation to combine these arts, as proposed above, at least because Aissi’s capability to provide a trigger condition to execute the code would provide more software control to Yang’s system. Therefore it would have been obvious to one having ordinary skill in the art before the effective filing data of the claimed invention was made that provide a trigger condition to execute the code would protect the system to make it more secure.  
But Yang, Aissi fail to explicitly disclose “locating the configuration items in 
the memory system based on accessing a list of address ranges in the reconfigurable   entity map after performing integrity authentication of the reconfigurable entity map;” 

Referring to claim 12, Yang and Aissi disclose the immutable anchor is hardware or software that establishes a root and chain of trust in authentication (page 4, paragraphs 51, 52).  The root and chain of certification information is sent and established with the eUICC.
Referring to claim 17, Yang and Aissi disclose that the accommodation measure comprises one or more of resetting the embedded processing system, switching the embedded processing system to a fail-safe mode of operation, and transmitting an authentication failure message on a communication interface (Yang, page 8, paragraph 88).
	Referring to claim 18, Yang and Aissi disclose that the authentication comprises one or more asymmetric cryptographic methods using unique key pairs that result in an authentication failure based on an incorrect key, a missing key, or software that is tampered with resulting in the authentication failure (Yang, page 6, paragraph 73).  Yang discloses public key encryption process with a public and private key which is used to determine authentication failure based on software that is tampered with resulting in authentication failure.
Claims 4-5, 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2017/0279619 A1 (Yang), Aissi and U.S. Publication No. 2014/0359239 A1 (Hiremane).
	Referring to claims 4, 14, Yang, Hiremane, Aissi disclose that the list of address ranges comprises a plurality of memory addresses which would indicate at least two or more address ranges for one of the configuration items (Hiremane, page 2, paragraph 21).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to learn from Hiremane that the list of memory addresses would include at least two or more address ranges for one of the configuration items.  These list of addresses are associated with the configuration item system software 108.
	Referring to claims 5, 15, Yang and Hiremane, Aissi disclose two or more different accommodation measures are defined for the list of address ranges (Hiremane, page 4, paragraph 47).  Hiremane describes sending an interrupt signal to a reporting agent and manageability engine causing the display of failure to the user.  All three of these represent accommodation measures which are associated with an authentication failure.
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Yang, Hiremane, Aissi and U.S. Patent No. 9,292,206 B2 (Frost).
Referring to claims 6, 16, Yang and Hiremane, Aissi do not disclose that the reconfigurable entity map identifies at least one of the address ranges to skip authentication.  Frost discloses that the reconfigurable entity map identifies at least one of the address ranges to skip authentication (column 13, lines 38-44).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to learn from Frost that the reconfigurable entity map identifies at least one of the address ranges to skip authentication.  Yang discloses discarding the certification if it is determined to be valid thereby suggesting that authentication at the eUICC is skipped (page 1, paragraph 11).
Claims 9 and 19  are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2017/0279619 A1 (Yang) and U.S. Publication No. 2015/0007262 A1 (Aissi) in view of US Publication No. 20140289537 A1 (Parson)
Referring to claim 9, Yang, Aissi fail to disclose that one or more of the configuration items are stored in an encrypted format within the memory system, and the one or more of the configuration items are decrypted and written to volatile memory of the memory system upon authentication during a start-up process.
Parson disclose that one or more of the configuration items are stored in an encrypted format within the memory system, and the one or more of the configuration items are decrypted and written to volatile memory of the memory system upon authentication during a start-up process.  ([0013]-[0017] [0030]-[0038[0042] [0052] decrypt codes from the encrypted codes and store in the volatile storage of the memory upon start-up process)
It would have been obvious to one having ordinary skill in the art before the effective filing data of the claimed invention was made to incorporate Parson’s encryption system into Aissi and Yang’s invention as they are related to the same field endeavor of verification of the eUICC and servers which includes a sequence of executable instructions. The motivation to combine these arts, as proposed above, at least because Parson’s capability to decrypt the code upon booting the system would add more control to the Aissi and Yang’s system. Therefore it would have been obvious to one having ordinary skill in the art before the effective filing data of the claimed invention was made that the ability to extract secretes would make the system more secure.  
Referring to claim 19, claim 19 is a method claim corresponding to the system claim 9 above and, therefore, are rejected for the same reasons set forth in the rejections of claim 9.
Claims 10, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Yang, Aissi and U.S. Publication No. 2020/0204374 A1 (Skertic).
Referring to claims 10, 20,  Yang, Aissi do not disclose that the embedded processing system is a controller of a gas turbine engine, and at least one of the configuration items comprises an application configured to control operation of the gas turbine engine.  Skertic discloses that the embedded processing system is a controller of a gas turbine, and at least one of the configuration items comprises an application configured to control operation of the gas turbine engine (page 1, paragraph 9).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to learn from Skertic that the embedded processing system is a controller of a gas turbine engine, and at least one of the configuration items comprises an application configured to control operation of the gas turbine engine.  Yang discloses devices in which the eUICC can be implemented including gas meters or automobiles (page 6, paragraph 67).  One of ordinary skill in the art would know to learn from Skertic further implementations for the embedded processing system taught in Aissi, Yan.

Response to Arguments
Applicant’s arguments with respect to claims 1-20 filed on 11/9/2021 have been considered but are moot because the arguments do not apply to the current rejection.
Applicant's arguments filed on 11/9/2021 have been fully considered but they are not persuasive.
With respect to claim 1, the applicant argues Yang fail to disclose “a reconfigurable entity map associated with the memory system of the embedded processing system”. The examiner respectfully disagrees.  Please see above rejection for the explanation. Therefore, the applicant’s argument is not persuasive.

Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure. 
PATENT PUB. #	PUB. DATE	INVENTOR(S)	TITLE

US 20180189493 A1 	July 5, 2018 		SCHILDER et al.
SECURE DEVICE STATE APPARATUS AND METHOD AND LIFECYCLE MANAGEMENT
SCHILDER et al. disclose a semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware… see abstract. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to XUYANG XIA whose telephone number is (571)270-3045.  The examiner can normally be reached on Monday-Friday 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jennier Welch can be reached on 571-272-7212.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


XUYANG XIA
Primary Examiner
Art Unit 2143


/XUYANG XIA/Primary Examiner, Art Unit 2143