DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/676,655 filed on 11/07/2021.
Claims 1-20 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 8/13/2021, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
	
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1-3, 15-18, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hiltgen (US 2021/0019061).
Regarding claim 1, Hiltgen teaches a system for authenticating a user using an application specific integrated circuit embedded within a user device, the system comprising: an application specific integrated circuit embedded in a user device, wherein the application specific integrated circuit comprises (Hiltgen: Fig. 2, Para. [0029], In some embodiments, an application may be retrieved from non-volatile memory 210 when such an application is triggered to be executed, may be stored in the register 218 or cache 220 (of ASIC 202) once retrieved, and may be processed and executed by processor 214 or processor 216 (of ASIC 202). The application may be designated to be stored in a specific memory area of the cache 220 or register 218. In some embodiments, the obtained input data (obtained via such an application stored and processed by the ASIC 202) may be temporarily stored in a hardware-separated environment of the network device 104. For example, the obtained input data may be stored in a physical memory area of a temporary storage of the network device 104.): at least one application specific non-transitory storage device; at least one application specific processing device; and at least one application specific communication device; at least one non-transitory storage device; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured to (Hiltgen: Fig. 2, Para. [0027], As illustrated in FIG. 2, the network device 104 may include an Application-Specific Integrated Circuit (ASIC) 202, processor 204, bus 206, volatile memory 208, non-volatile memory 210, display 212, network interface 222, sensors 224, or other components. ASIC 202 may include processor 214, processor 216, register 218, cache 220, or other components.): 
receive an indication that a user has initiated an application on the user device (Hiltgen: Para. [0028], the network device 104 may obtain input data via a user interface of an application accessed on the network device 104. This application (including, for example, display data associated with the application) accessed on the network device 104 may be stored and processed in a hardware-separated environment (for example, ASIC 202) of the network device 104. For example, a network device 104 may include a display 212 via which a user interface of an application may be displayed. A user may interact (for example, via a touchscreen) with the user interface of the application to enter the input data. Para. [0029], an application may be retrieved from non-volatile memory 210 when such an application is triggered to be executed, may be stored in the register 218 or cache 220 (of ASIC 202) once retrieved, and may be processed and executed by processor 214 or processor 216 (of ASIC 202). Para. [0044], For instance, when an application (to authenticate a user, authorize a user, or approve a user's initiated action) is triggered, the ASIC 202 may operate in a first mode such that the application is stored and processed by the ASIC 202 and the data obtained via such an application is also visualized, obtained, and stored by the ASIC 202.); 
determine that the application is associated with the application specific integrated circuit embedded within the user device (Hiltgen: Para. [0029], In some embodiments, an application may be retrieved from non-volatile memory 210 when such an application is triggered to be executed, may be stored in the register 218 or cache 220 (of ASIC 202) once retrieved, and may be processed and executed by processor 214 or processor 216 (of ASIC 202).); 
activate the application specific integrated circuit based on at least determining that the application is associated with the application specific integrated circuit (Hiltgen: Para. [0031], In other words, in some embodiments, ASIC 202 may be designated to store data obtained via one or more applications stored and processed by the ASIC 202, to process the one or more applications (or data obtained via the one or more applications) stored and processed by the ASIC 202, and may be inaccessible to other applications accessed on the network device 104.); 
receive an indication that the user has initiated an execution of an action, via the application, with an entity (Hiltgen: Para. [0033], The data processed by an application may include input data obtained via a user interface of an application stored and processed by the ASIC 202. The data processed by an application may also include data resulting from the processing of the input data. For example, data processed by an application may include data indicating whether or not the input data (for example, credential data) matches stored credential data (for example, stored in register 218, cache 220, or non-volatile memory 210) in order to determine whether to authenticate a user, authorize (or causing other services to authorize) access (for example, access to the network device 104, access to network resources on a secure network, including access to email accounts, bank accounts, document repositories, network attached storage devices, and various other network-accessible services accessible on a secure network, Para. [0037], the processor 214 or 216 may generate a confirmation message (confirming the identity of the user) and such a confirmation message may be transmitted to the server 102 so to authenticate a user, authorize (or causing other services to authorize) access (for example, access to the network device 104, access to network resources on a secure network, including access to email accounts, bank accounts, document repositories, network attached storage devices, and various other network-accessible services accessible on a secure network, access to the application via which the identification information is received, or access to another application accessed on one or more network devices 104 (for example, different from the network device 104 via which the identification information was obtained or the same network device 104 via which the identification information was obtained)), or approve a user's initiated action (for example, initiated action to change contact data, pin or password, payment data, etc.). In some embodiments, once the comparison is performed within the ASIC 202, the results of the comparison may be transmitted to the server 102 (for example, as a confirmation message) and the server 102 may authenticate a user, authorize access, or approve a user's initiated action (as noted above). [entity may include network resource, or server, such as email, bank account, repository et cetera; action may include initiating authentication on app]); and 
execute the action using the application specific integrated circuit based on at least receiving the indication that the user has initiated the execution of the action (Hiltgen: Para. [0037], In some embodiments, once the comparison is performed within the ASIC 202, the results of the comparison may be transmitted to the server 102 (for example, as a confirmation message) and the server 102 may authenticate a user, authorize access, or approve a user's initiated action (as noted above).).
Regarding claim 2, Hiltgen teaches the system of claim 1, wherein the at least one processing device is further configured to: receive the indication that the user has initiated the execution of the action via the application (Hiltgen: Para. [0028], the network device 104 may obtain input data via a user interface of an application accessed on the network device 104.); and 
initiate, via the application specific integrated circuit, an authentication subroutine configured to authenticate the user (Hiltgen: Para. [0028], the network device 104 may obtain input data via a user interface of an application accessed on the network device 104. This application (including, for example, display data associated with the application) accessed on the network device 104 may be stored and processed in a hardware-separated environment (for example, ASIC 202) of the network device 104. For example, a network device 104 may include a display 212 via which a user interface of an application may be displayed. A user may interact (for example, via a touchscreen) with the user interface of the application to enter the input data.), wherein authenticating the user comprises: 
initiating a request for one or more authentication credentials from the user (Hiltgen: Para. [0025], In such a use case, as discussed above, a user may be prompted to enter a pin or other credential data (for example, a password, pattern lock, biometric data (for example, fingerprint data, facial data, iris data)) via the second application accessed on the second network device 104 (controlling access to a digital authenticator previously registered with the server 102). Para. [0017], The message may include a request for authentication. In response to scanning the first code (for example, a QR code) via the second network device 104, a user (of the second network device 104) may be prompted to enter a pin (a first factor authentication) or other credential data (for example, a password, a pattern lock, biometric data (for example, fingerprint data, facial data, iris data)) via a second application accessed on the second network device 104 (controlling access to a digital authenticator previously registered with the server 102).); 
receiving, from the user, the one or more authentication credentials in response to the request (Hiltgen: Para. [0025], This obtained data (for example, entered pin or other credential data) and the second application (including, for example, display data associated with the second application) accessed, for example, on the second network device 104 may be stored and processed in a hardware-separated environment of the second network device 104.Para. [0017], In response to entering the correct pin (or other credential data), a confirmation message (indicating possibly via a response code that the user has confirmed his/her identity) may be directly sent by the second network device 104 to the server 102 via the network 150.); 
validating the one or more authentication credentials received from the user (Hiltgen: Para. [0036], For instance, the processor 214 or 216 may retrieve the input data from the cache 220 or register 218 and compare the input data to other data stored in the cache 220, register 218, or non-volatile memory 210. The other data may also include a username and password combination, a pattern lock, a pin, biometric data (for example, fingerprint data, facial data, iris data), or other credential data suitable to authenticate a user, authorize (or causing other services to authorize) access (for example, access to the network device 104,); and verify a user identity based on at least validating the one or more authentication credentials (Hiltgen: Para. [0037], In some embodiments, the processor 214 or 216 may determine whether the input data matches the other data and in response to the determination that the input data matches the other data, the processor 214 or 216 may generate a confirmation message (confirming the identity of the user) and such a confirmation message may be transmitted to the server 102 so to authenticate a user, authorize (or causing other services to authorize) access).
Regarding claim 3, Hiltgen teaches the system of claim 2, wherein at least one application specific communication device is configured to establish a communication link with a back-end processing system associated with the entity to receive reference data associated with the user to be stored on the at least one application specific non-transitory storage device (Hiltgen: Para. [0037], In some embodiments, once the comparison is performed within the ASIC 202, the results of the comparison may be transmitted to the server 102 (for example, as a confirmation message) and the server 102 may authenticate a user, authorize access, or approve a user's initiated action (as noted above). Alternatively, the processor 214 or 216 may generate a code, as discussed above in the two use cases, in response to the determination that the input data matches the other data, and such a code may be transmitted to the server 102 in order for the server 102 to authenticate a user, authorize access, or approve a user's initiated action (as noted above). [code may include reference data]), wherein the reference data is used (Hiltgen: Para. [0037], Alternatively, the processor 214 or 216 may generate a code, as discussed above in the two use cases, in response to the determination that the input data matches the other data, and such a code may be transmitted to the server 102 in order for the server 102 to authenticate a user, authorize access, or approve a user's initiated action (as noted above).
Regarding claim 15, Hiltgen teaches the system of claim 1, wherein the at least one processing device is further configured to program the application specific integrated circuit, wherein programming further comprises determining one or more applications to be associated with the application specific integrated circuit (Hiltgen: Para. [0032], In some embodiments, the ASIC 202 (for example, processor 214 or processor 216) may be designated to process a set of applications, where the set of applications may include one or more applications. The set of applications may be stored in a non-volatile memory 210 and the address of the instructions corresponding to the set of applications stored in a non-volatile memory 210 may be stored in cache 220 or register 218.), wherein associating further comprises processing an execution of one or more actions initiated via the one or more determined applications using the application specific integrated circuit (Hiltgen: Para. [0044], For instance, when an application (to authenticate a user, authorize a user, or approve a user's initiated action) is triggered, the ASIC 202 may operate in a first mode such that the application is stored and processed by the ASIC 202 and the data obtained via such an application is also visualized, obtained, and stored by the ASIC 202.).
Regarding claims 16-18, claims 16-18 are rejected under the same rational as claims 1-3, respectively.
Regarding claim 20, claims 20 is rejected under the same rational as claim 1.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 4-7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hiltgen (US 2021/0019061) in view of Yamamoto (US 2011/0185183).
Regarding claim 4, Hiltgen teaches the system of claim 3. Hiltgen does not explicitly teach wherein the one or more authentication credentials comprises at least an authentication chip, wherein the authentication chip comprises an identity verification chip and a personal authorization chip, wherein the identity verification chip and the personal authorization chip comprises at least one or more digital certificates.  
In an analogous art, Yamamoto teaches wherein the one or more authentication credentials comprises at least an authentication chip, wherein the authentication chip comprises an identity verification chip and a personal authorization chip (Yamamoto: Fig. 1, Fig. 2, Para. [0043], The USB host 109 is connected to the NFC-R/W 9 via a USB cable (bus) 112. The USB host 109 may use the NFC-R/W 9 to access an NFC token of an IC card 113, an RFID 114, another NFC-R/W 115, Para. [0048], In order to access the NFC token 5, the NFC-R/W 9 connected to the USB host 109 is used. The CPU 102 is connected to the NFC-R/W 9 via the north bridge 101, the PCI bus 111, the USB host 109, and the USB cable 112. The CPU 102 sends commands to the NFC-R/W 9 for control thereof. The NFC-R/W 9 then communicates with an NFC token of the IC card 113, the RFID 114, or the like.), wherein the identity verification chip and the personal authorization chip comprises at least one or more digital certificates (Yamamoto: Para. [0056], As was described in connection with FIG. 1, the NFC token 5 or the NFC-equipped mobile terminal 7 stores the certificate information 6 or 8, respectively. In the case of using an application relying on a certificate, an application screen for using a certificate is displayed (step S101).).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Yamamoto with the system and method of Hiltgen to include wherein the one or more authentication credentials comprises at least an authentication chip, wherein the authentication chip comprises an identity verification chip and a personal authorization chip, wherein the identity verification chip and the personal authorization chip comprises at least one or more digital certificates because this functionality provides for improvement of network security and data security on a user-specific basis without the need for having the certificate installed on the device (Yamamoto: Para. [0082]). 
Regarding claim 5, Hiltgen, in combination with Yamamoto, teaches the system of claim 4, wherein the processing device is further configured to: receive the authentication chip via a chip card receiver operatively coupled to the user device (Yamamoto: Para. [0043], The USB host 109 may use the NFC-R/W 9 to access an NFC token of an IC card 113, an RFID 114, another NFC-R/W 115, or the NFC-equipped mobile terminal 7), wherein the chip card receiver is configured to communicate directly and only with the application specific integrated circuit (Yamamoto: Para. [0043], The controller 100 includes a north bridge (hereinafter referred to as an NB) 101, a CPU 102, a RAM 103, and an ASIC 104. The CPU 102, the RAM 103, and the ASIC 104 are connected to the NB 101. The NB 101 is further connected to a serial bus 105, an NIC (network interface card) 106, a wireless LAN (hereinafter referred to as a WLAN) 106, a USB device 108, a USB host 109, and a memory-card I/F 110 through a PCI bus 111. These are used to establish connection for serial communication, network communication, wireless communication, and USB devices. The USB host 109 is connected to the NFC-R/W 9 via a USB cable (bus) 112. The USB host 109 may use the NFC-R/W 9 to access an NFC token of an IC card 113, an RFID 114, another NFC-R/W 115, or the NFC-equipped mobile terminal 7).
Regarding claim 6, Hiltgen, in combination with Yamamoto, teaches the system of claim 4, wherein the processing device is further configured to: initiate, via the user (Yamamoto: Para. [0048], The NFC-R/W 9 then communicates with an NFC token of the IC card 113, the RFID 114, or the like. Network association information, pairing information, user authentication information, and key information for accessing authentication information are transmitted through a communication line connected to the USB host 109. Hiltgen: Para. [0028]); and receive, via the user device, the primary authentication credential from the user (Hiltgen: Para. [0028], A user may interact (for example, via a touchscreen) with the user interface of the application to enter the input data. The input data may include a username and password combination, a pattern lock, a pin, biometric data (for example, fingerprint data, facial data, iris data), or other credential data suitable to authenticate a user, authorize (or causing other services to authorize) access).
Regarding claim 7, Hiltgen, in combination with Yamamoto, teaches the system of claim 6, wherein the processing device is further configured to: determine an authentication level required to execute the action (Hiltgen: Para. [0025], Alternatively, in response to determining a match between the obtained data and other stored data (for example, stored credential data), a second code (for example, a challenge response security code) may be generated by the second application accessed on the second network device 104, [second factor corresponds to second authentication level]); determine that the primary authentication credential does not satisfy the authentication level required to execute the action (Hiltgen: Para. [0025], Alternatively, in response to determining a match between the obtained data and other stored data (for example, stored credential data), a second code (for example, a challenge response security code) may be generated by the second application accessed on the second network device 104,); and initiate, via the user device, a request to receive a secondary authentication credential (Hiltgen: Para. [0025], and this second code (a second factor authentication, which is recognized by the server 102 , e.g. as a valid response generated with a previously registered digital authenticator) may be manually entered into the first application accessed on the first network device 104 and the second code may be communicated by the first network device 104 to the server 102. [second factor received at user device]).
Regarding claim 19, claim 19 is rejected under the same rational as claim 4. 

Claim(s) 8 is rejected under 35 U.S.C. 103 as being unpatentable over Hiltgen (US 2021/0019061) in view of Yamamoto (US 2011/0185183) in view of Brown et al. (US 2007/0028118; Hereinafter “Brown”).
Regarding claim 8, Hiltgen, in combination with Yamamoto, teaches the system of claim 7, wherein the processing device is further configured to: receive, from the authentication chip, the secondary authentication credential (Hiltgen: Para. [0017], Alternatively, a second code (for example, a challenge response security code) may be generated and displayed by the second application accessed on the second network device 104, and this second code (a second factor authentication, which is recognized by the server 102, e.g. as a valid response generated with a previously registered digital authenticator) may be manually entered into the first application accessed on the first network device 104 and the second code may be communicated by the first network device 104 to the server 102.).
Hiltgen, in combination with Yamamoto, does not explicitly teach wherein the second authentication credential comprises a pseudo-random number generated using a pseudo-random number generator associated with the authentication chip.  
In an analogous art, Brown teaches wherein the second authentication credential comprises a pseudo-random number generated using a pseudo-random number generator associated with the authentication chip (Brown: Para. [0020], At step 210, optionally upon receipt of a request for authentication received from the smart card reader 150, the smart card 110 generates a challenge comprising at least the public key 124, but most preferably the public key 124 and a nonce generated using the generation function 126, and transmits this challenge to the smart card reader 150, which in turn signals the input device 160 to request authentication information (e.g., a PIN) from the user at step 215. Para. [0019], The smart card 110 would further be configured to utilize the temporarily stored nonce for a single authentication attempt; if the verification step failed, then the smart card 110, if configured to issue a further challenge to the user, would generate a new nonce and transmit this new nonce as part of the further challenge. By incorporating a nonce, the likelihood of a replay attack is minimized; even if a rogue smart card reader 150 captured the encrypted authentication information and a malicious user attempted to replay this encrypted authentication information at a later time, the verification would not be successful.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Brown with the system and method of Hiltgen and Yamamoto to include wherein the second authentication credential comprises a pseudo-random number generated using a pseudo-random number generator associated with the authentication chip because this functionality of incorporating a nonce provides enhanced security by decreasing the likelihood of a replay attack even if a rogue smart card reader captured the encrypted authentication information (Brown: Para. [0019]). 

Claim(s) 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Hiltgen (US 2021/0019061) in view of Cruzado et al. (US 2013/0207783; Hereinafter “Cruzado”).
Regarding claim 10, Hiltgen teaches the system of claim 2, wherein the at least one processing device is further configured to: determine an authentication level required to execute the action (Hiltgen: Para. [0025], Alternatively, in response to determining a match between the obtained data and other stored data (for example, stored credential data), a second code (for example, a challenge response security code) may be generated by the second application accessed on the second network device 104, and this second code (a second factor authentication, which is recognized by the server 102 , e.g. as a valid response generated with a previously registered digital authenticator) may be manually entered into the first application accessed on the first network device 104 and the second code may be communicated by the first network device 104 to the server 102. [2FA includes a higher authentication level to access a resource or perform an action]); and 
(Hiltgen: Para. [0041], In other words, since a specific application is designated to access the ASIC 202 and be stored in the ASIC 202, since a particular memory area is designated to store data associated with the specific application, and since other applications are prevented from accessing the particular memory area, hacking of credential data may be prevented. [functionality of accessing memory portion of device may be restricted] Para. [0046]).
Hiltgen does not explicitly teach determine one or more functionalities of one or more embedded devices associated with the user device, wherein the one or more functionalities of the one or more embedded devices present an opportunity for exposure in the execution of the action. 
In an analogous art, Cruzado teaches determine one or more functionalities of one or more embedded devices associated with the user device, wherein the one or more functionalities of the one or more embedded devices present an opportunity for exposure in the execution of the action (Cruzado: Para. [0101], In one example, processor 16 initiates the authentication of the physical volume of electronics package 10 by executing or causing to be executed the functions outlined in the flow chart of FIG. 4, which includes communicating with RFID devices 36 (202) and detecting the absence of any of a list of RFID devices defined in a model configuration as associated with chassis 12 of electronics package 10 (204) or detecting that the locations of any of RFID devices 36 are different than a plurality of predetermined locations defined in the model configuration for the RFID devices (206). Para. [0108], Para. [0109], For example, processor 64 of RFID device 28A may be configured to communicate with RFID devices 28A-28E, 30A-30C, 32, and 34 (302) and determine if one or more of the components associated with the RFID devices has been tampered with based on the communications. In one example, processor 64 of RFID device 28A transmits signals to RFID devices 28B-28E, 30A-30C, 32, and 34 via RF antenna 66 to request that each RFID device respond with the unique identification code for that device. Para. [0110], In any event, processor 16 may determine based on the comparison between the unique identification codes of each of each of RFID devices 28B-28E, 30A-30C, 32, and 34 received from RFID device 28A and the identification codes of the RFID devices in the model configuration whether one or more RFID devices prescribed by the model configuration are completely missing or have been substituted with other, e.g., used or counterfeit RFID devices. In one example, such missing or substituted RFID devices indicated by the comparison executed by processor 16 may be interpreted as unauthorized tampering with package 10.).
restrict the one or more functionalities of the one or more embedded devices associated with the user device (Cruzado: Para. [0113], if processor 16 determines, e.g., using the technique shown in FIG. 5, that one or more components of package 10 are not authentic (106), e.g., because the absence of a component of package 10 is detected (304), processor 16 may disable or reduce the functionality of one or more components (e.g., all of the components or a critical component, such as processor 16) of package 10 (112).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Cruzado with the system and method of Hiltgen to include determine one or more functionalities of one or more embedded devices associated with the user device, wherein the one or more functionalities of the one or more embedded devices present an opportunity for exposure in the execution of the action because this functionality enables proper configuration and authentication of individual components of an integrated circuit (Cruzado: Para. [0023]). 
Regarding claim 11, Hiltgen, in combination with Cruzado teaches the system of claim 10, wherein restricting the one or more functionalities of the one or more embedded devices associated with the user device comprises deactivating at least a portion of the one or more embedded devices, wherein deactivating further comprises deactivating one or more non-essential functionalities of the one or more embedded devices (Cruzado: Para. [0113], if processor 16 determines, e.g., using the technique shown in FIG. 5, that one or more components of package 10 are not authentic (106), e.g., because the absence of a component of package 10 is detected (304), processor 16 may disable or reduce the functionality of one or more components (e.g., all of the components or a critical component, such as processor 16) of package 10 (112). Hiltgen: Para. [0041], [functionality of accessing memory portion of device may be restricted]), (Hiltgen: Para. [0041], Specifically, even if unauthorized actors get access to the network device 104, they may not be able to get access to the ASIC 202 (i.e., the hardware-separated environment that stores the input data) because the ASIC 202 is inaccessible to any application that has not been previously authorized. [normal device operation is still intact, but area of ASIC is restricted to unauthorized or authenticated access attempts]).
Regarding claim 12, Hiltgen, in combination with Cruzado teaches the system of claim 10, wherein deactivating further comprises deactivating one or more essential functionalities of the one or more embedded devices, wherein the one or more essential functionalities are used in an operation of the user device (Cruzado: Para. [0121], For example, processor 16 and/or another processing device may disable operation of one or more of the components of electronics package 10 or set one or more of the components of the package to operate in a reduced functionality mode (112) in response to detecting the removal or rearrangement of any of RFID devices 36 associated with chassis 12, the absence of any of the correct components of package 10, or that the configuration of any of the components of package 10 does not comply with the configurations specified in the model configuration for the package prescribed by the OEM.).
Regarding claim 13, Hiltgen, in combination with Cruzado teaches the system of claim 12, wherein the at least one processing device is further configured to initiate control, using the application specific integrated circuit, of one or more operations of the user device previously performed by the one or more essential functionalities of the one or more embedded devices in response to deactivating the one or more essential functionalities of the one or more embedded devices (Cruzado: Para. [0113], Referring again to the example method illustrated in FIG. 3, if processor 16 determines, e.g., using the technique shown in FIG. 5, that one or more components of package 10 are not authentic (106), e.g., because the absence of a component of package 10 is detected (304), processor 16 may disable or reduce the functionality of one or more components (e.g., all of the components or a critical component, such as processor 16) of package 10 (112).).
Regarding claim 14, Hiltgen, in combination with Cruzado teaches the system of claim 10, wherein the at least one processing device is further configured to: determine one or more encryption protocols based on at least determining the authentication level required to execute the action (Cruzado: Para. [0071], In another example, the key manager module of electronics package 10 may execute another algorithm that employs the key splits of processors 16, 18, and 24, and FPGA 20 to define the encryption/decryption key, e.g. the algorithm generates an encryption/decryption key that is based on but does not necessarily include the key splits of the individual components of the package. Para. [0072], In one example, a key split employed by processing nodes, e.g. processors 16, 18, and 24, and FPGA 20 of package 10 is a quantity that is encrypted multiple times, e.g. an Advanced Encryption Standard (AES) wrapped key could be a 192 bit encrypted quantity that, once unwrapped would include a 128 bits of key material.); 
receive, from the user, information to execute the action (Hiltgen: Para. [0028], the network device 104 may obtain input data via a user interface of an application accessed on the network device 104. This application (including, for example, display data associated with the application) accessed on the network device 104 may be stored and processed in a hardware-separated environment (for example, ASIC 202) of the network device 104. For example, a network device 104 may include a display 212 via which a user interface of an application may be displayed. A user may interact (for example, via a touchscreen) with the user interface of the application to enter the input data.); and 
encrypt, using the application specific integrated circuit, the information received from the user using at least one of the one or more encryption protocols (Cruzado: Para. Para. [0093], In another example, inter-component communications may be encrypted and various component combinations may be configured to encrypt and decrypt messages with encryption keys stored in memory of electronics package 10. [messages may be encrypted/decrypted by stored encryption keys generated in accordance with key manager defining encrypting keys] [0093], key manager module 50, which may be configured to receive a number of key splits from processors 16 and 18, FPGA 20, and memory 22 on electronics card 14A, as well as other components of electronics package 10, and assemble the key splits to generate an encryption/decryption key for encrypting and decrypting configuration files associated with individual components and/or electronics package 10 as a whole.).

Allowable Subject Matter
 	Regarding claim 9, Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571) 272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NELSON S. GIDDINS/            Primary Examiner, Art Unit 2437