DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 10/28/2021.
Claims 25, 27-28, 30, 35, 37, 42 and 44-48 have been amended and all other claims are previously presented.
Claims 26, 29, 36 and 43 have been canceled.
Claims 25, 27-28, 30-35, 37-42 and 44-48 are submitted for examination.
Claims 25, 27-28, 30-35, 37-42 and 44-48 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment filed on October 28, 2021 has claims 25, 27-28, 30, 35, 37, 42 and 44-48 amended, claims 26, 29, 36 and 43 canceled, and all other claims are previously presented. Among the amended claims, claims 25, 28, 35 and 42 are independent ones.
Applicant’s remark, filed on October 28, 2021 at page 9, indicates, “Claims 42-48 were rejected under 35 U.S.C. §101 as allegedly being directed to non- statutory subject matter. Applicant traverses this rejection. Nevertheless, in an effort to advance prosecution on the merits of the instant application, the claims have been amended to recite "[a]t least one non-transitory computer readable medium," as suggested in the Office Action. Accordingly, Applicant requests that the Examiner withdraw the instant rejection.”
Applicant’s argument has been considered and is found persuasive in light of the amendments. Therefore, the rejection under 35 U.S.C. 101 to claims 42 and 44-48 has been withdrawn.
Applicant’s remark, filed on October 28, 2021, on pages 9-11, indicates, “Applicant respectfully submits that Grieco and Riera, both alone and in combination, fail to disclose, teach, suggest or render obvious every recited feature of claims 25, 28, 35 and 42. As a result, Applicant submits that claims 25, 28, 35 and 42 are patentable over Grieco and Riera.”
Applicant’s argument has been considered and is found NOT persuasive.
Examiner respectfully traverses the arguments made by the Applicant. Specifically, Grieco discloses a method that includes receiving a first encrypted software image configured to program a field programmable circuit or device in a computing device that contains the field programmable circuit, wherein a plurality of keys are stored in the computing device. In addition, Grieco teaches that the field programmable device (FPD) has an associated configuration non-i.e., secure storage area). The keys stored on tamper proof chip may be supplied to processor and FPD for the authentication, encryption, and decryption techniques, and the keys may be supplied by way of tamper proof chip and not stored on the field programmable device.  Based on the teaching from Grieco, a person having ordinary skill in the art would recognize that keys could be generated remotely (i.e., manufacturer or vendor) and then provided to the FPD by way of the secure storage area for configuration and encryption/decryption purposes.  (See Parags. [0010-0015] and [0023-26] of Grieco).  Therefore, Examiner submits that the teaching from Grieco still renders the features of claim 25, “…an electronic processing system, comprising: a processor; persistent storage media communicatively coupled to the processor; a reconfigurable device communicatively coupled to the processor … and to securely store a remotely generated bitstream security key in the provisioned secure storage area …”, obvious.
Regarding the teaching from Riera, Applicant asserts that the applied reference does not discloses the limitation regarding “… the physically isolated trusted communication channel.” Examiner also respectfully disagrees with the Applicant’s argument.  Specifically, Riera discloses a method to protect data (i.e., bitstream key, configuration, etc.) in a secure storage by way of an isolated one-way or peripheral-to-peripheral communication link (i.e., path/channel) (See Fig. isolated one-way communications link as a type of physically isolated path or channel.  Thus, Examiner submits that Riera still teaches the claimed limitation “… the physically isolated trusted communication channel”.
Regarding the further amended limitations in the claim 25, “… wherein the secure provisioner is further to partition an enclave for the secure storage area; associate an enclave identifier with the enclave; and provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path…” (which is previously presented as dependent claim 26), Applicant asserts that the combination of Grieco, Riera and Langhammer does not disclose the claimed limitation. 
Upon further review of the combination, Examiner respectfully traverses the Applicant’s argument.  Specifically, Langhammer discloses that a field programmable gate array (FPGA) can include multiple memory blocks and partition those blocks among multiple independent reconfigurable regions (i.e., partition a secure storage area/enclave). Access to these memory blocks and partition may be restricted so that only authorized access to particular memory partitions is allowed (See abstract).  Based on the teaching and figure 19 from Langhammer, it shows a secure storage area (Security RAM) that stores encrypted/decrypted data, keys, etc., and the secure area is partitioned to with partitions (i.e., partitions 1941 and 1942).  Langhammer, in Parag. [0118] further start and stop address in parag. [0119].  Examiner submits that access to particular data stored in the various memory blocks would require a start and stop address of the particular region of the memory to be identified first prior to access of the data can take a place.  Therefore, Examiner submits that the partition information, start and stop address, of a storage is the actual identifier of the enclave or memory.
Subsequent to the partition information is obtained, a controller manages the partitioned areas and controls access to the configuration data of the particular memory block based on the assigned address of the particular portion or block. Thus, Examiner submits that the secure memory provides the same or similar functions as the claimed enclave, and the combination of Grieco, Riera and Langhammer would still render the claimed limitation “… wherein the secure provisioner is further to: partition an enclave for the secure storage area; associate an enclave identifier with the enclave; and provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path…”, obvious.
Applicant’s remarks regarding amended independent claims 28, 35 and 42 has been considered and is addressed based on the same rationale presented for the amended claim 25. In addition, Examiner submits that the reference by Riera still discloses some feature limitations on claims 28, 35 and 42. Please refer to the rejection to the claims in details below.
Applicant further recites similar remarks as listed above for dependent claims, 27, 30-34, 37-41, and 44-48. 
Regarding claims, 30-31, 33-34, 37-38, 40-41, 44-45 and 47-48, please refer to the aforementioned response, which addresses how the combination of prior-art references by Grieco, Riera and Langhammer would render the claimed limitations obvious.
Regarding claims 27, 32, 39, 46 are allowable subject matter. Please see the reasons below.  

Claim Objections
Claim 25 is objected to because of the following informalities:  Claim 25 recites “... a reconfigurable device communicatively coupled to the processor over a physically isolated trusted communication channel …  provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path …”. Examiner recommends the use of same terminology though the whole claim, as well on dependent ones. Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

  Claims 25, 28, 30-31, 33-35, 37-38, 40-42, 44-45 and 47-48 are rejected under 35 U.S.C. 103 as being unpatentable over Grieco et al. (US 2014/0344581) hereinafter Grieco in view of Riera et al. (US 9,311,506) hereinafter Riera and further in view of Langhammer (US 2016/0248588).
As per Claim 25, Grieco teaches an electronic processing system, comprising: 
a processor (Grieco, Parag. [0010]; “Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory.”); 
persistent storage media communicatively coupled to the processor (Grieco, Parag. [0010]; “The memory 120 may be of any type of tangible processor readable memory (e.g., random access, read-only, etc.) that is encoded with or stores instructions, such as FPD Update Manager software 300.”); 
a reconfigurable device communicatively coupled to the processor over a physically [isolated trusted] communication channel (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity.”); 
a secure provisioner communicatively coupled to the processor and the reconfigurable device to provision a secure storage area (Grieco, Parag. [0010]; “Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity, and a tamper proof chip 130.” … Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.”) and to securely store a remotely generated bitstream security key in the provisioned secure storage area (Grieco, Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.” … Parag. [0035]; “An apparatus is provided comprising a field programmable circuit; an image storage circuit configured to store software images for programming the field programmable circuit; a key storage circuit configured to store a plurality of keys.”); 
wherein the secure provisioner is further (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity, and a tamper proof chip 130.” … Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.”) to: 
[partition an enclave for the secure storage area]; 
[associate an enclave identifier with the enclave]; and 
[provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path]; and
a device configurer to configure the reconfigurable device with a remotely generated bitstream and the remotely generated bitstream security key (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory.” Examiner submit that “configuration PROM 150” is the device that will be storing the encrypted configuration data, which can be decrypted by using the stored shared key, for configuring the programmable device, see Fig. 1).
However, Grieco does not expressly teaches:
… over a physically isolated trusted communication channel;
partition an enclave for the secure storage area; 
associate an enclave identifier with the enclave; and 
provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path
But, Riera teaches:
… over a physically isolated trusted communication channel (Riera, Col. 3, lines 25-27; “An isolated direct point to point communications (bus mastering) is used to transfer the secure data from peripheral-to-peripheral.” … Col. 3, lines 40-45; “for example a field-programmable gate array (FPGA), representing the HardWallet, HardSafe, and HardMobile IP with PCIe carrier (Peripheral Component Interconnect Express high-speed serial computer expansion bus), or any other form of interconnect Such as InifiniBand, FSB, QPI. HyperTransport.” … Col. 3, lines 64-67; “HardWallet system, is a two-part system with the computer system 14 being a first part and the Hard Wallet 10 being the second part and having a one-way trusted hard ware interface 13 from a peripheral bus 17.”).
provide [the enclave identifier] to the reconfigurable device over the physically isolated trusted communication path (Riera, Col. 3, lines 25-27; “An isolated direct point to point communications (bus mastering) is used to transfer the secure data from peripheral-to-peripheral.” … Col. 3, lines 40-45; “for example a field-programmable gate array (FPGA), representing the HardWallet, HardSafe, and HardMobile IP with PCIe carrier (Peripheral Component Interconnect Express high-speed serial computer expansion bus), or any other form of interconnect Such as InifiniBand, FSB, QPI. HyperTransport.” … Col. 3, lines 64-67; “HardWallet system, is a two-part system with the computer system 14 being a first part and the Hard Wallet 10 being the second part and having a one-way trusted hard ware interface 13 from a peripheral bus 17.”)
Grieco and Riera are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for configuring reconfigurable programmable device bitstream and key authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Riera system into Grieco system, with a motivation to provide a method for storing and transmitting data across a computer network to one or more destinations is disclosed including storing source data on a secure data storage of a secondary device connected to a computing device (Riera, Abstract).
However, the combination of Grieco and Riera does not expressly teach
… further to: 
partition an enclave for the secure storage area; 
associate an enclave identifier with the enclave; and

But, Langhammer teaches:
… further to: partition an enclave for the secure storage area (Langhammer, Parag. [0117]; “In various embodiments, the configuration controller 1960 is configured to partition the one or more memory blocks 1940, 1944, 1946 to allocate different memory partitions to the multiple independently reconfigurable regions (e.g., regions 1952 and 1954). FIG. 19 shows partitions 1941 and 1942 as examples.”); 
associate an enclave identifier with the enclave (Langhammer, Parag. [0118]; “FPGA 1910 includes n memory blocks (e.g., memories 1940, 1944, and 1946) and m independently reconfigurable regions (e.g., including regions 1952 and 1954), where m>n… Parag. [0119]; “Partition information including a start and stop address, and/or memory size, for each configurable region may be stored, e.g., as part of the start up data, first configuration data, or default data.” Examiner submits that the partition information, such as, start and stop address, of a storage is the unique identifier of the enclave or memory.); and
provide the enclave identifier to the reconfigurable device (Langhammer, Parag. [0118]; “FPGA 1910 includes n memory blocks (e.g., memories 1940, 1944, and 1946) and m independently reconfigurable regions (e.g., including regions 1952 and 1954), where m>n.” … Parag. [0119]; “Partition information including a start and stop address, and/or memory size, for each configurable region may be stored, e.g., as part of the start up data, first configuration data, or default data.” Parag. [0121]; “FPGA 1910 is designed so that all memory accesses must go through configuration controller”. Examiner submits that the partition information is required by the reconfigurable device and provided (stored) to the reconfigurable device as shown in Fig. 19).
Grieco, Riera and Langhammer are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for configuring reconfigurable programmable device bitstream and key authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Langhammer system into Grieco-Riera system, with a motivation to provide a method for storing data on an integrated circuit and more particularly to protecting data stored in a battery powered memory on a field programmable gate array (FPGA) (Langhammer, Parag. [0002]).

As per claim 28, Grieco teaches a configurable apparatus, comprising:
a configurable device (Grieco, Parag. [0010]; “Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity.”);
a secure provisioner communicatively coupled to the configurable device to provision a secure storage area (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity, and a tamper proof chip 130.” … Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.”) and to securely store a remotely generated bitstream security key in the provisioned secure storage area (Grieco, Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.” … Parag. [0035]; “An apparatus is provided comprising a field programmable circuit; an image storage circuit configured to store software images for programming the field programmable circuit; a key storage circuit configured to store a plurality of keys.”);
[a secure communicator communicatively coupled to the configurable device and the secure provisioner to establish a trusted communication path between the provisioned secure storage area and the configurable device]; 
wherein the secure provisioner is further (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity, and a tamper proof chip 130.” … Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.”)to: 
partition an enclave for the secure storage area; 
associate an enclave identifier with the enclave; and 
provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path; and
a device configurer communicatively coupled to the configurable device to configure the configurable device with a remotely generated bitstream and the remotely generated bitstream security key (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory.” Examiner submit that “configuration PROM 150” is the device that will be storing the encrypted configuration data, which can be decrypted by using the stored shared key, for configuring the programmable device, see Fig. 1).
Grieco does not expressly teaches:

partition an enclave for the secure storage area; 
associate an enclave identifier with the enclave; and 
provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path
But, Riera teaches:
a secure communicator communicatively coupled to the configurable device and the secure provisioner to establish a trusted communication path between the provisioned secure storage area and the configurable device (Riera, Fig. 1 and Col. 4, lines 18-47; “The HardWallet 10 (and the HardSafe described hereinafter) is adapted for bus mastering, encrypted DMA streams, data sync operation (for Federal Information Processing Standard Level 4--FIPS L4), SWARM routing (for FIPS L4), USB/Ethernet (Common Internet File System--CIFS)/(Serial Advanced Technology Attachment--SATA) interfacing, and time/priority scheduling. … the system 5 uses a one-way entrance to the HardWallet 10 via a trusted hardware interface 13 to store sensitive data (see also FIG. 7 described in more detail hereinafter). The data entered into the HardWallet 10 is initially and remains encrypted with a local encryption process of encryption module 21, as is the encryption key 11 itself, and thus both are fully secure from any system read or recovery method or mechanism. To use (i.e., read) the sensitive data from the secure HardWallet 10, the data consumer on the other hardware-connected end must have the same encryption key 11 in order to receive the data. At all points along the hardware path to the data consumer, the data is encrypted and secure. As disclosed in further detail with respect to FIG. 3a, a secure key management system (SKMS) 22 may be provided to store encryption keys and to manage key utilization”.  Col. 7, lines 45-53; “The method 72 may be a computer-implemented for secure key management utilizing a secondary device (i.e., SKMS 22) comprising a programmable hardware component (i.e., control circuit 360) and an associated secure data storage device 361. The method comprises receiving input unilaterally via a one-way communications link (i.e., trusted hardware interface 13) from a computing device 14 to the secondary device, at 74.”);
… over a physically isolated trusted communication channel (Riera, Col. 3, lines 25-27; “An isolated direct point to point communications (bus mastering) is used to transfer the secure data from peripheral-to-peripheral.” … Col. 3, lines 40-45; “for example a field-programmable gate array (FPGA), representing the HardWallet, HardSafe, and HardMobile IP with PCIe carrier (Peripheral Component Interconnect Express high-speed serial computer expansion bus), or any other form of interconnect Such as InifiniBand, FSB, QPI. HyperTransport.” … Col. 3, lines 64-67; “HardWallet system, is a two-part system with the computer system 14 being a first part and the Hard Wallet 10 being the second part and having a one-way trusted hard ware interface 13 from a peripheral bus 17.”).
provide [the enclave identifier] to the reconfigurable device over the physically isolated trusted communication path (Riera, Col. 3, lines 25-27; “An isolated direct point to point communications (bus mastering) is used to transfer the secure data from peripheral-to-peripheral.” … Col. 3, lines 40-45; “for example a field-programmable gate array (FPGA), representing the HardWallet, HardSafe, and HardMobile IP with PCIe carrier (Peripheral Component Interconnect Express high-speed serial computer expansion bus), or any other form of interconnect Such as InifiniBand, FSB, QPI. HyperTransport.” … Col. 3, lines 64-67; “HardWallet system, is a two-part system with the computer system 14 being a first part and the Hard Wallet 10 being the second part and having a one-way trusted hard ware interface 13 from a peripheral bus 17.”).
Grieco and Riera are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for configuring reconfigurable programmable device bitstream and key authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Riera system into Grieco system, with a motivation to provide a method for storing and transmitting data across a computer network to one or more destinations is disclosed including storing source data on a secure data storage of a secondary device connected to a computing device (Riera, Abstract).
However, the combination of Grieco and Riera does not expressly teach
… further to: 
partition an enclave for the secure storage area; 
associate an enclave identifier with the enclave; and
provide the enclave identifier to the reconfigurable device [over the physically isolated trusted communication path].

…further to: partition an enclave for the secure storage area (Langhammer, Parag. [0117]; “In various embodiments, the configuration controller 1960 is configured to partition the one or more memory blocks 1940, 1944, 1946 to allocate different memory partitions to the multiple independently reconfigurable regions (e.g., regions 1952 and 1954). FIG. 19 shows partitions 1941 and 1942 as examples.”); 
associate an enclave identifier with the enclave (Langhammer, Parag. [0118]; “FPGA 1910 includes n memory blocks (e.g., memories 1940, 1944, and 1946) and m independently reconfigurable regions (e.g., including regions 1952 and 1954), where m>n… Parag. [0119]; “Partition information including a start and stop address, and/or memory size, for each configurable region may be stored, e.g., as part of the start up data, first configuration data, or default data.” Examiner submits that the partition information, start and stop address, of a storage is the actual identifier of the enclave or memory.); and
provide the enclave identifier to the reconfigurable device (Langhammer, Parag. [0118]; “FPGA 1910 includes n memory blocks (e.g., memories 1940, 1944, and 1946) and m independently reconfigurable regions (e.g., including regions 1952 and 1954), where m>n.” … Parag. [0119]; “Partition information including a start and stop address, and/or memory size, for each configurable region may be stored, e.g., as part of the start up data, first configuration data, or default data.” Parag. [0121]; “FPGA 1910 is designed so that all memory accesses must go through configuration controller”. Examiner submits that the partition information is required by the reconfigurable device and provided (stored) to the reconfigurable device as shown in Fig. 19).
Grieco, Riera and Langhammer are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for configuring reconfigurable programmable device bitstream and key authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Langhammer system into Grieco-Riera system, with a motivation to provide a method for storing data on an integrated circuit and more particularly to protecting data stored in a battery powered memory on a field programmable gate array (FPGA) (Langhammer, Parag. [0002]).

As per claim 30, the combination of Grieco, Riera and Langhammer teaches the apparatus of claim 28.  Riera further teaches wherein the secure communicator is further to provide a physically isolated communication channel (Riera, Col. 3, lines 25-27; “An isolated direct point to point communications (bus mastering) is used to transfer the secure data from peripheral-to-peripheral.”) for the trusted communication path (Riera, Col. 5, lines 50-55; “The secondary device (i.e., HardWallet 10) may be connected to a computing device 14. The computing device 14 may be configured to operate via an operating system 19 with a CPU 15. The secondary device (i.e., HardWallet 10) may be adapted to receive input unilaterally via trusted hardware interface 13 from the computing device 14, store the input as source data on the secure data storage device 12”.  Col. 7, lines 45-53; “The method 72 may be a computer-implemented for secure key management utilizing a secondary device (i.e., SKMS 22) comprising a programmable hardware component (i.e., control circuit 360) and an associated secure data storage device 361. The method comprises receiving input unilaterally via a one-way communications link (i.e., trusted hardware interface 13) from a computing device 14 to the secondary device, at 74.”).

As per claim 31, the combination of Grieco, Riera and Langhammer teaches the apparatus of claim 28.  Grieco teaches the secure provisioner (Grieco, Parag. [0010]; “FIG. 1 shows an example block diagram of a computing device 100 configured according to the techniques described herein. Computing device 100 may comprise a processor 110, a field programmable device (FPD) 140 with an associated configuration non-volatile memory (NVM) 150, e.g., a Programmable Read-only Memory (PROM) or flash memory, one or more network interfaces 125 for network connectivity, and a tamper proof chip 130.” … Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.”); 
remotely generate a bitstream security key [at the source system] for the remotely generated bitstream security key (Grieco, Parag. [0025]; “the vendor inserts a unique symmetric key into each FPGA at the time of manufacturing and then encrypts each FPGA image. The manufacturer is required to maintain these unique keys so that if a field upgrade of the FPGA bitstream is needed, each unique key can be used to deliver a uniquely encrypted bit stream to the device in the field.” … Parag. [0028]; “storing the appropriate keys on the host device, unique keys can be used for each field programmable device. Namely, a unique symmetric key can be programmed into each FPGA, thereby conserving FPGA logic and permitting manufacture of large Volumes of FPGAs. In other words, each FPD has a unique symmetric key for encryption and decryption of the image executed by the FPGA. The unique symmetric key is not used in any other FPGA and may be stored in the host device or the FPGA itself, or both.” Examiner submit that the encryption key is generated or created by the vendor and then is provided to the FPGA, therefore the key is generated remotely from the FPGA.); and 
provide the remotely generated bitstream security key to the secure provisioner (Grieco, Parag. [0012]; “the tamper proof chip 130 may be a tamper proof cryptography chip (TPCC) that securely stores authentication, encryption keys, and decryption keys. The keys stored on tamper proof chip 130 may be supplied to processor 110 and FPD 140 for the authentication, encryption, and decryption techniques described herein.” … Parag. [0035]; “An apparatus is provided comprising a field programmable circuit; an image storage circuit configured to store software images for programming the field programmable circuit; a key storage circuit configured to store a plurality of keys.”).
Riera further teaches the apparatus further including a source system (Riera, Col. 5, lines 50-55; “The secondary device (i.e., HardWallet 10) may be connected to a computing device 14. The computing device 14 may be configured to operate via an operating system 19 with a CPU 15. The secondary device (i.e., HardWallet 10) may be adapted to receive input unilaterally via trusted hardware interface 13 from the computing device 14, store the input as source data on the secure data storage device 12.”) to: establish a secure Riera, Col. 7, lines 45-53; “The method 72 may be a computer-implemented for secure key management utilizing a secondary device (i.e., SKMS 22) comprising a programmable hardware component (i.e., control circuit 360) and an associated secure data storage device 361.  The method comprises receiving input unilaterally via a one-way communications link (i.e., trusted hardware interface 13) from a computing device 14 to the secondary device, at 74.”); and
provide the remotely generated bitstream security key … over the secure communication channel. (Riera, Col. 3, lines 25-27; “An isolated direct point to point communications (bus mastering) is used to transfer the secure data from peripheral-to-peripheral.” … Col. 3, lines 40-45; “for example a field-programmable gate array (FPGA), representing the HardWallet, HardSafe, and HardMobile IP with PCIe carrier (Peripheral Component Interconnect Express high-speed serial computer expansion bus), or any other form of interconnect Such as InifiniBand, FSB, QPI. HyperTransport.” … Col. 3, lines 64-67; “HardWallet system, is a two-part system with the computer system 14 being a first part and the Hard Wallet 10 being the second part and having a one-way trusted hard ware interface 13 from a peripheral bus 17”. Col. 7, lines 45-55, “The method 72 may be a computer-implemented for secure key management utilizing a secondary device (i.e., SKMS 22) comprising a programmable hardware component (i.e., control circuit 360) and an associated secure data storage device 361. The method comprises receiving input unilaterally via a one-way communications link (i.e., trusted hardware interface 13) from a computing device 14 to the secondary device, at 74. The method further comprises generating and storing encryption keys on the secure data storage device 361 via an encryption key generator 362, at 76”).

As per claim 33, the combination of Grieco, Riera and Langhammer teaches the apparatus of claim 28. Grieco further teaches wherein the configurable device comprises a reconfigurable device (Grieco, Parag. [0002]; “Field programmable devices, e.g., FPGAs offer advantages over other approaches such as one-time programmable devices in that they are reconfigurable or reprogrammable during startup of their host device.”).

As per claim 34, the combination of Grieco, Riera and Langhammer teaches the apparatus of claim 33. Grieco further teaches wherein the reconfigurable device comprises a field programmable gate array device (Grieco, Parag. [0002]; “Field programmable devices, e.g., FPGAs offer advantages over other approaches such as one-time programmable devices in that they are reconfigurable or reprogrammable during startup of their host device.”).

As per claim 35, it is a method claim that recites similar limitations to those of claim 28, and therefore it is rejected for the same rationale applied to claim 28.

As per claim 37, the rejection of claim 35 is incorporated.  In addition, it is a method claim that recites similar limitations to those of claim 30, and therefore it is rejected for the same rationale applied to claim 30.

As per claim 38, the rejection of claim 35 is incorporated.  In addition, it is a method claim that recites similar limitations to those of claim 31, and therefore it is rejected for the same rationale applied to claim 31.

As per claim 40, the rejection of claim 35 is incorporated.  In addition, it is a method claim that recites similar limitations to those of claim 33, and therefore it is rejected for the same rationale applied to claim 33.

As per claim 41, the rejection of claim 40 is incorporated.  In addition, it is a method claim that recites similar limitations to those of claim 34, and therefore it is rejected for the same rationale applied to claim 34.

As per claim 42, it is a computer readable medium claim that recites similar limitations to those of claim 28, and therefore, claim 42 is rejected for the same rationale applied to claim 28.

As per claim 44, the rejection of claim 42 is incorporated.  In addition, it is a computer readable medium claim that recites similar limitations to those of claim 30, and therefore it is rejected for the same rationale applied to claim 30.

45, the rejection of claim 42 is incorporated.  In addition, it is a non-transitory computer readable medium claim that recites similar limitations to those of claim 31, and therefore it is rejected for the same rationale applied to claim 31.

As per claim 47, the rejection of claim 42 is incorporated.  In addition, it is a non-transitory computer readable medium claim that recites similar limitations to those of claim 33, and therefore it is rejected for the same rationale applied to claim 33.

As per claim 48, the rejection of claim 47 is incorporated.  In addition, it is a non-transitory computer readable medium claim that recites similar limitations to those of claim 34, and therefore it is rejected for the same rationale applied to claim 34.

Allowable Subject Matter
Claims 27, 32, 39 and 46 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Specifically, Applicant’s argument has been considered and is found persuasive.  The prior-art reference by Trimberger discloses using the address provided on a header to determine where the next data will be store or read, and encrypting a bitstream/data with an encryption key.  Yet, the prior-art reference by Trimberger does not expressly teach the limitation about “… wherein the remotely generated bitstream is encoded 
Claim 27 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as the combination of Grieco, Riera, Langhammer and Trimberger does not disclose the claim limitation “… wherein the remotely generated bitstream is encoded with the enclave identifier and encrypted with the remotely generated bistream security key”; 
Claim 32 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as the combination of Grieco, Riera, Langhammer and Trimberger does not disclose the claim limitation “… a bitstream encoder to remotely encode the bitstream with the enclave identifier at the source system; and a bitstream encrypter to remotely encrypt the bitstream with the bitstream security key at the source system”;
Claim 39 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as the combination of Grieco, Riera, Langhammer and Trimberger does not disclose the claim limitation “… remotely encoding the bitstream with the enclave identifier at the source system; and remotely encrypting the bitstream with the bitstream security key at the source system”; and
Claim 46 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as the combination of Grieco, Riera, Langhammer and Trimberger does not discloses the claim limitation “… remotely encode the bitstream with the enclave identifier at the source system; and remotely encrypt the bitstream with the bitstream security key at the source system”.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hunt, S. et al.; (US 2017/0093572): relates to systems, methods, and devices for utilizing hardware assisted protection for media content, such as video content or audio content. For example, a secure enclave may be utilized within a user device (e.g., a computing device) to create a protected media distribution system.
Johnson, S. et al.; (US 8,972,746): relates to a technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
Costa, M.; (US 2018/0211054): relates to techniques for instantiating an enclave from dependent enclave images are presented. The techniques include .

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498 

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498