DETAILED ACTION
This Office Action is in response to application 16/844,053 filed on April 09, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/09/2020, 05/07/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 10-11, 14, 16-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ansari et al. (Ansari) U.S. Pub. Number 2021/0144517 in view of Guo et al. (Gou) U.S. Pub. Number 2017/0090909. 
Regarding claim 1; Ansari discloses a data processing system, comprising:
a management processor  (para. [0091] PMC 110 is a hardwired circuit block on SoC 100);
a programmable logic device (PLD) coupled to the management processor (para. [0091] PMC 110 is a hardwired circuit block on SoC 100);
a non-transitory machine-readable medium (MRM) (para. [0093] one or more processors 612 are dedicated to executing code stored in ROMs 606. The ROM dedicated processor(s) 612, corresponding to the first subset of processors 612, are the first processors of SoC 100 that are active out of reset during boot of SoC 100);
a PLD configuration image in the MRM, the PLD configuration image to configure the PLD with image-defined logic that comprises self-verification logic and an image-defined management interface to enable the management processor to communicate with the self- verification logic in the PLD (para. [0137] PMC 110 is the Root-of-Trust within the SoC 100. PMC 110 is capable of building a chain of trust by ensuring that any external code/data loaded by PMC 110 for configuring any portion of SoC 100 is authenticated and decrypted (if required). For example, PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption block 646);
a cryptographic signature in the MRM, the cryptographic signature based on the PLD configuration image (para. [0137] PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption block 64); and

use the address for the PLD configuration image to retrieve the PLD configuration image from the PLD via the image-defined management interface of the PLD (para. [0056] PMC 110 configures address space mappings; para. [0098] PMC processing unit 602 is connected to interconnect 616. PMC processing unit 602 is capable of communicating with other components within PMC 110 and SoC 100 by way of interconnect 616. Interconnect 616 may include a plurality of memory mapped switches and interfaces; para. [0099] PMC shared RAM 618 may be used to store configuration data (e.g., a PDI) and/or other data for SoC 100 during processing and as general-purpose data-processing RAM for PMC 110);
retrieve an address for the PLD configuration image from the PLD via the image-defined management interface of the PLD (para. [0118] PMC 110 operates as a slave. In cases where PMC 110 operates as a master, PMC 110 is retrieving configuration data for SoC 100 from a particular location such as an external Flash, an external RAM, via USB, or the like; para. [0143] PMC 110 further writes the list of allowed SMIDs and/or the permitted addresses and/or address ranges that each SMID is permitted to access into the configuration registers of PPCs 818).

Ansari does not disclose, which Guo discloses retrieve the cryptographic signature from the PLD via the image-defined management interface of the PLD (Guo: para. [0006] receiving the patch code image post-manufacturing via a signal received at the SoC… determining the authentication status of the patch code image during execution of pre-boot loader code and based at least in part on a digital signature and a public key; para. [0010] SoC may further include means for receiving the patch code image post-manufacturing via a signal received at the SoC); and
(Guo: para. [0010]  determining the authentication status of the patch code image during execution of pre-boot loader code and based at least in part on a digital signature and a public key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Ansari to provide retrieve the cryptographic signature from the PLD via the image-defined management interface of the PLD and use the cryptographic signature and a cryptographic key of a trusted entity to authenticate the PLD configuration image, as taught by Guo. The motivation would be to provide enable and disable write access to a content addressable memory (CAM) based on the authentication of the patch code image (i.e. to determine an authentication status of a patch code image, for securely writing patch code to the memory of the SoC, if the authentication status of the patch code image is authenticated).

Regarding claim 10; Ansari discloses a non-transitory machine-readable medium (MRM) comprising:
a programmable logic device (PLD) configuration image to configure a PLD of a data processing system with image-defined logic that comprises an image-defined management interface, the image-defined management interface to enable management processor in the data processing system to communicate with the image-defined logic in the PLD (para. [0137] PMC 110 is the Root-of-Trust within the SoC 100. PMC 110 is capable of building a chain of trust by ensuring that any external code/data loaded by PMC 110 for configuring any portion of SoC 100 is authenticated and decrypted (if required). For example, PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption block 646); 
(para. [0137] PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption block 64); and
wherein the image-defined logic comprises self-verification logic to enable the management processor [[to utilize the image-defined management interface of the PLD]] to retrieve from the PLD:
an address for the PLD configuration image (para. [0143] PMC 110 further writes the list of allowed SMIDs and/or the permitted addresses and/or address ranges that each SMID is permitted to access into the configuration registers of PPCs 818); the PLD configuration image (para. [0118] PMC 110 operates as a slave. In cases where PMC 110 operates as a master, PMC 110 is retrieving configuration data for SoC 100 from a particular location such as an external Flash, an external RAM, via USB, or the like).
Ansari does not disclose, which Guo discloses to utilize the image-defined management interface of the PLD (Guo: para. [0047] a portion of SoC control logic for the registers 52a, 52b, 52c, 54, the configuration bits 18, 19, and the JTAG interface 180. As such, the write access control circuit 46 is configured to read values from the registers 52a, 52b, 52c and/or 54, the configuration bits 18, 19, and/or the JTAG interface 180) and the cryptographic signature (Guo: para. [0010]  determining the authentication status of the patch code image during execution of pre-boot loader code and based at least in part on a digital signature and a public key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Ansari to provide to utilize the image-defined management interface of the PLD and cryptographic signature, as taught by Guo. The motivation would be to provide enable and disable write access to a content addressable memory (CAM) based on the authentication of the patch code image (i.e. to determine an authentication status 

Regarding claim 11; the combination of Ansari and Gou discloses the MRM of claim 10, wherein:
the PLD comprises hardened logic coupled to the MRM (Ansari: para. [0054] PMC 110 is responsible for managing SoC 100. PMC 110 is capable of maintaining a safe and secure environment, booting SoC 100, and managing SoC 100 during normal operation);
the image-defined logic comprises embedded random access memory (ERAM) (Ansari: para. [0047] PMC 110 using write requests. Configuration data for NoC 108 can be stored in a non-volatile memory (NVM), e.g., as part of a programming device image (PDI), and provided to NPI 210 for programming NoC 108 and/or other endpoint circuits); and
the self-verification logic enables the PLD to:
obtain a page of the PLD configuration image from the MRM via the hardened logic (Ansari: para. [0209] PMC in die 1410 has access to I/Os to obtain data, e.g., firmware and/or PDIs, from sources external to IC structure 1400. As such, any firmware and/or PDIs used by the PMC in die 1415 are first retrieved by the PMC in die 1410 and provided to die 1415 by the PMC in die 1410); and
copy the page to the ERAM in the image-defined logic (Ansari: para. [0188] RAM PMC processor is capable of loading the PS boot loader from an external source, authenticating the PS boot loader, and copying the PS boot loader to OCM 530 in PS 106 for execution by PS processor(s)).

Regarding claim 14; the combination of Ansari and Gou discloses MRM of claim 10, wherein the image-defined management interface enables the PLD to:
(Ansari: para. [0137] PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption); and
decrypt data received from the management bus by the PLD (Ansari: para. [0137] PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption).

Regarding claim 16; Ansari discloses a non-transitory machine-readable medium (MRM) comprising instructions that upon execution cause a management processor of a data processing system to: utilize an image-defined management interface of a programmable logic device (PLD) in the data processing system to retrieve an address for a PLD configuration image for the PLD, after the PLD has used the PLD configuration image to instantiate image- defined logic comprising self-verification logic and the image-defined management interface (para. [0137] PMC 110 is the Root-of-Trust within the SoC 100. PMC 110 is capable of building a chain of trust by ensuring that any external code/data loaded by PMC 110 for configuring any portion of SoC 100 is authenticated and decrypted (if required). For example, PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption block 646);
utilize the image-defined management interface of the PLD to retrieve an address for a cryptographic signature from the PLD, [[wherein the cryptographic signature is based on the PLD configuration image ]] (para. [0143] PMC 110 further writes the list of allowed SMIDs and/or the permitted addresses and/or address ranges that each SMID is permitted to access into the configuration registers of PPCs 818);;
utilize the image-defined management interface and the address for the PLD configuration image to retrieve the PLD configuration image from the PLD (para. [0143] PMC 110 further writes the list of allowed SMIDs and/or the permitted addresses and/or address ranges that each SMID is permitted to access into the configuration registers of PPCs 818);
utilize the image-defined management interface and the address for the cryptographic signature to retrieve the cryptographic signature from the PLD (Guo: para. [0006] receiving the patch code image post-manufacturing via a signal received at the SoC… determining the authentication status of the patch code image during execution of pre-boot loader code and based at least in part on a digital signature and a public key; para. [0010] SoC may further include means for receiving the patch code image post-manufacturing via a signal received at the SoC; para. [0047] a portion of SoC control logic for the registers 52a, 52b, 52c, 54, the configuration bits 18, 19, and the JTAG interface 180. As such, the write access control circuit 46 is configured to read values from the registers 52a, 52b, 52c and/or 54, the configuration bits 18, 19, and/or the JTAG interface 180); and
utilize the cryptographic signature and a cryptographic key of a trusted entity to authenticate the PLD configuration image (Guo: para. [0010]  determining the authentication status of the patch code image during execution of pre-boot loader code and based at least in part on a digital signature and a public key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Ansari to provide utilize the image-defined management interface and the address for the cryptographic signature to retrieve the cryptographic signature from the PLD; utilize the cryptographic signature and a cryptographic key of a trusted entity to authenticate the PLD configuration image, as taught by Guo. The motivation would be to provide enable and disable write access to a content addressable memory (CAM) based on the authentication of the patch code image (i.e. to determine an authentication status of a patch code image, for securely writing patch code to the memory of the SoC, if the authentication status of the patch code image is authenticated). 
Regarding claim 17; the combination of Ansari and Gou discloses the MRM of claim 16, wherein the instructions upon execution cause the management processor to authenticate the PLD configuration image during a boot process of the data processing system (Ansari: para. [0054] PMC 110 receiving NoC programming data at boot time. The NoC programming data may be a part of a PDI. PMC 110 is responsible for managing SoC 100. PMC 110 is capable of maintaining a safe and secure environment, booting SoC 100).

Regarding claim 18; the combination of Ansari and Gou discloses the MRM of claim 17, wherein the instructions upon execution cause the management processor to prevent a central processing unit of the data processing system from entering a working state until the PLD configuration image has been authenticated (Ansari: para. [0175] state-clear operation is performed on PMC 110 … POR circuit 666 is capable of authenticating the BootROM stored in ROM(s) 606. The BootROM may be authenticated using hash circuit block 650 of PMC 110).

Regarding claim 20; the combination of Ansari and Gou discloses the MRM of claim 16, wherein the instructions upon execution cause the management processor to:
encrypt management-processor data before the management-processor data reaches a management bus in the data processing system (Ansari: para. [0137] PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption); and
decrypt PLD data received from the management bus (Ansari: para. [0137] PMC 110 is capable of performing authentication using authentication block 648 and/or hash block 650 and performing decryption using encryption/decryption).

Claims 3 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Ansari et al. (Ansari) U.S. Pub. Number 2021/0144517 in view of Guo et al. (Gou) U.S. Pub. Number 2017/0090909 and further in view of Marinet, U.S. Pub. Number 2020/0394337.
Regarding claim 3; the combination of Ansari and Gou discloses the MRM of claim 1, wherein in response to receiving a read request from the management processor, wherein the read request specifies a page of the PLD configuration image, the self-verification logic uses the command sequence table to obtain the specified page from hardened logic in the PLD (Ansari: para. [0209] PMC in die 1410 has access to I/Os to obtain data, e.g., firmware and/or PDIs, from sources external to IC structure 1400. As such, any firmware and/or PDIs used by the PMC in die 1415 are first retrieved by the PMC in die 1410 and provided to die 1415 by the PMC in die 1410).
The combination above does not discloses, which Marinet discloses wherein: the self-verification logic comprises a finite-state machine (FSM) to access non- volatile storage, and the FSM comprises a command sequence table (Marinet: para. [0073]  before the decryption of the encrypted data stored in the read-only memory 34, the finite state machine 38 can further carry out a test making it possible to verify whether the encrypted data are decrypted correctly. An exemplary test can be as follows. The finite state machine 38 can for example verify whether a decrypted datum is correct relative to a reference datum. If this value is correct, then the finite state machine 38 is authorized to decrypt the data requested by the processor 32).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Ansari, in view of Gou to provide a finite-state machine (FSM) to access non- volatile storage, and the FSM comprises a command sequence table, as taught by Marinet. The motivation would be to provide making it possible to verify whether the encrypted data are decrypted correctly (i.e. makes it possible to determine the memory in which the processor must look for the startup and/or authentication data).
Regarding claim 15; claim 15 is direct to a MRM which has similar scope as claim 3. Therefore, claim 15 remains un-patentable for the same reason.

Allowable Subject Matter
Claims 2, 4-9, 12-13 and 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Examiner’s remarks to overcome the rejection above
The Examiner encourage to contact the examiner to discuss claim’s amendment before responding to this Office Action to expedite prosecution.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pat. Number 11,216,591 to Burton-Burton teaches a circuit may include memory configured to store a signature S, a second hash H.sub.2, and a first data chunk C.sub.1. Signature S may be signed on a first hash H.sub.1. H.sub.1 may be the hash for H.sub.2 and C.sub.1. If signature S passes verification, a hash engine may perform hash functions on C.sub.1 and H.sub.2 to generate a hash H.sub.1′. H.sub.1′ may be compared with H.sub.1 to indicate whether C.sub.1 has been tampered with or not. By using incremental authentication, a signature that appears at the beginning of the image may be extended to the entire image while only using a small internal buffer. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708. The examiner can normally be reached M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VU V TRAN/Primary Examiner, Art Unit 2491                                                                                                                                                                                                        
































Regarding claim 10; the combination of Ansari and Gou discloses the data processing system of claim 1, wherein:
the self-verification logic of the PLD comprises a read status register (para. [0091] PMC 110 is a hardwired circuit block on SoC 100); and
the PLD authentication instructions, when executed by the management processor, cause the management processor to retrieve the PLD configuration image from the PLD by retrieving multiple consecutive pages of the PLD configuration image from the PLD via the image-defined management interface (para. [0091] PMC 110 is a hardwired circuit block on SoC 100), wherein to retrieve each page comprises to:
send a read request to the self-verification logic of the PLD, wherein the read request comprises an address for the page to be retrieved (para. [0091] PMC 110 is a hardwired circuit block on SoC 100);

after sending the read request, monitor the read status register to determine whether read data is ready (para. [0091] PMC 110 is a hardwired circuit block on SoC 100); and
in response to the read status register indicating that read data is ready, retrieve the page from the self-verification logic of the PLD (para. [0091] PMC 110 is a hardwired circuit block on SoC 100).