DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-7, 9, 11-13, and 15-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Harada et al. (US PGPub No. 2008/0052534), hereinafter known as HARADA.

Consider Claim 1,
HARADA teaches an electronic device comprising:
a processor (HARADA, e.g., Fig 14:101a, shows processing elements.); 

a memory controller for controlling access to the memory (HARADA, e.g., Fig 14: 20a is used to control access to memory.); 
a hardware security module (HARADA, e.g., Fig 14:114a, MMU); and 
a bus system, to which the processor, the memory controller, and the hardware security module are connected (HARADA, e.g., Fig 14, bus system connects these elements via a bus interface (109a) and other related interconnections.), 
wherein: 
the processor is configured to send requests over the bus system (HARADA, e.g., Fig 15:S604, access memory via bus interface.); 
the hardware security module has a connection to the bus system and is configured to use this connection to detect requests on the bus system that are sent by the processor (HARADA, e.g., Fig 14, system of interconnections (i.e., bus connections) are used to detect processor requests.); 
the hardware security module has a secure state and a non-secure state (HARADA, e.g., ¶0078, operates to issue either secure or non-secure requests based on whether it is receiving a signal to operate in secure or non-secure mode.); 
the hardware security module is configured, when in the secure state, to add a secure- state signal to requests sent by the processor over the bus system (HARADA, e.g., ¶0078;¶0221, secure-state signal is provided upon indication of a secure access (i.e., when a secure mode is requested).);
 the memory controller is configured to receive memory-access requests over the bus system, and to determine whether the received memory-access requests 
the memory controller is configured to grant access to a secure region of the memory in response to receiving a memory-access request that includes the secure-state signal (HARADA, e.g., Fig 18:S714(yes);¶0285-0288, grant access if secure.); and 
the memory controller is configured to deny access to the secure region of the memory in response to receiving a memory-access request that does not include the secure-state signal (HARADA, e.g., Fig 18:S714(no);¶0285-0288, end processing if not secure.).

Consider Claim 2,
HARADA further teaches wherein the processor does not inherently support a secure state and a non-secure state (HARADA, e.g., ¶0210, processor does not have a secure mode.).

Consider Claim 3,
HARADA further teaches wherein the memory controller is configured to deny one or more of: write access to the secure region, data read access to the secure region, and execution access to the secure region, when receiving memory- access requests that do not include the secure-state signal (HARADA, e.g., Gig 18:S714(no); ¶0285-0288, attempted access to a secure region is ended (i.e., denied).).


Consider Claim 4,
HARADA further teaches wherein the hardware security module is configured to start in the secure state after the device is reset (HARADA, e.g.,¶0219-0222, after power on (e.g., upon reset), responsive to receiving a secure state signal, the module is configured to enter the secure state.).

Consider Claim 5,
HARADA further teaches wherein the hardware security module is configured to be switched from the secure state to the non-secure state by software executed by the processor (HARADA, e.g., ¶0210, the processor does not have a secure mode; ¶0219-0222, describe programmatic mechanisms for providing a secure function in the absence of a hardware configuration (i.e., something the processor does not have).  These programmatic mechanisms are considered analogous to the claimed software executed by the processor.).

Consider Claim 6,
HARADA further teaches wherein the memory stores software which, when executed by the processor, causes the processor to instruct the hardware security module to switch to the non-secure state (HARADA, e.g., Fig 16:S611-S613, acquire and manage read-data secure attribute; Fig 17:S701-S705, use read-data secure attribute to direct activity to a secure or non-secure state.).

Claim 7,
HARADA further teaches wherein the secure-state signal is sent over a secure-state signal line in the bus system (HARADA, e.g., Fig 14-16, describes sending a secure-state signal over a bus.).

Consider Claim 9,
HARADA further teaches a peripheral that supports memory-mapped input access or output access, wherein the peripheral comprises access logic configured to grant access to a function of the peripheral in response to receiving a request over the bus system that includes the secure-state signal, and to deny access to the function in response to receiving a request over the bus system that does not include the secure-state signal (HARADA, e.g., Fig 14(60a);Fig 20; ¶0249-0253, secure module permits access only if a secure state signal is received/present.).

Consider Claim 11,
HARADA further teaches wherein the hardware security module is configured, when in the secure state, to prevent the processor from fetching instructions stored outside the secure region (HARADA, e.g., ¶0219-0222, the controller is used to attach a secure state signal to an address used to prevent the processor from fetching instructions stored outside the secure region.).

Consider Claim 12,


Consider Claim 13,
HARADA further teaches wherein the hardware security module is configured to switch from the secure state to the non-secure state in response to a switch-to-non-secure command from the processor, or wherein the hardware security module is configured to switch from the non-secure state to the secure state in response to a switch-to-secure command from the processor (HARADA, e.g., ¶0220-0222, switch to secure output mode from a non-secure mode when element 114a receives a read-data secure attribute signal indicating secure mode is required.).

Consider Claim 15,
HARADA further teaches wherein the hardware security module is configured to receive said command from the processor at least partly as one or more bus transfers initiated by the processor over the bus system (HARADA, e.g., ¶0220-0222, receive state-switching signal (i.e., command) based on a bus transfer output by the fetch unit.).

Consider Claim 16,


Consider Claim 17,
HARADA further teaches wherein the hardware security module is configured to switch from the non-secure state to the secure state at least partly in response to the processor initiating an instruction-fetch bus transfer for fetching an instruction from a predetermined trigger address, wherein the predetermined trigger address is determined in accordance with a value stored in a configuration register of the hardware security module (HARADA, e.g., ¶0219-0222, switch to secure state occurs based on if the recording position of the instruction code is contained among a plurality of predetermined trigger addresses within the secure module (i.e., from module Fig 6:202).).

Consider Claim 18,
HARADA further teaches wherein the hardware security module is configured to receive said command from the processor at least partly over a connection, separate from the bus system, to an internal register of the processor or to a point in the processor that 

Consider Claim 19,
HARADA further teaches wherein the hardware security module comprises sensing logic for sensing the contents of said internal register or for sensing the logic level at said point in the processor, and wherein the hardware security module is configured to receive said command from the processor at least partly by sensing a predetermined sequence of one or more values of said internal register or of the logic level at said point, over time, wherein the predetermined sequence of one or more values corresponds to a predetermined sequence of one or more software instructions which, when executed by the processor, cause the contents of the internal register or the logic level at said point in the processor to have said predetermined sequence of one or more values over time (HARADA, e.g., ¶0219-0222, describes performing a data fetch based on the values sensed by element 114a regarding the logic levels present in at least the temporary storage/staging area described above.).

Consider Claim 22,

a processor (HARADA, e.g., Fig 14:101a, shows processing elements.); 
a memory (HARADA, e.g., Fig 14:30a, shows a memory.);
a memory controller for controlling access to the memory (HARADA, e.g., Fig 14: 20a is used to control access to memory.); 
a hardware security module (HARADA, e.g., Fig 14:114a, MMU); and 
a bus system, to which the processor, the memory controller, and the hardware security module are connected (HARADA, e.g., Fig 14, bus system connects these elements via a bus interface (109a) and other related interconnections.), 
and the method comprising: 
the processor sending requests over the bus system (HARADA, e.g., Fig 15:S604, access memory via bus interface.); 
the hardware security module using a connection to the bus system to detect said requests (HARADA, e.g., Fig 14, system of interconnections (i.e., bus connections) are used to detect processor requests.); 
the hardware security module being in a secure state and, when in the secure state, detecting a first memory-access request sent by the processor over the bus system and adding a secure-state signal to the first memory-access request over the bus system (HARADA, e.g., ¶0078;¶0221, secure-state signal is provided upon indication of a secure access (i.e., when a secure mode is requested).);
the memory controller receiving the first memory-access request over the bus system, detecting that the secure-state signal has been added to the first memory-
the hardware security module being in a non-secure state and, when in the non-secure state, detecting a second memory-access request sent by the processor over the bus system and not adding the secure-state signal to the second memory-access request over the bus system (HARADA, e.g., ¶0078;¶0221, normal-state signal is provided upon indication of a non-secure access.); and 
the memory controller receiving the second memory-access request over the bus system, detecting that the secure-state signal has not been added to the second memory-access request, and, in response to said detecting, denying access to the secure region of the memory (HARADA, e.g., Fig 18:S714(no);¶0285-0288, end processing if not secure.).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 10, 20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over HARADA.

Consider Claim 10,
HARADA teaches the electronic device of claim 1, and further teaches wherein the secure region of the memory is defined or is definable by one or more configuration parameters stored in a non-volatile memory of the electronic device (HARADA, e.g., Fig 6:202;¶0136, store configuration of secure area.), and wherein the hardware security module and memory controller are configured to prevent the processor from writing to said one or more configuration parameters when the hardware security module is in the non-secure state (HARADA, e.g., Fig 17:S713-S714; ¶0285-0287, end processing if 
	HARADA fails to describe wherein the configuration parameters are stored in a non-volatile memory.  However, the examiner notes that there are only two possibilities for describing storage at this breadth: volatile and non-volatile.  Given that HARADA describes storing secure area boundaries in the secure area management unit and that is the only mechanism described to validate memory accesses, it would have been obvious to a person of ordinary skill in the art, prior to the effective filing date of the claimed invention, to use non-volatile memory in the secure storage area of HARADA because it preserves secure area boundaries upon a system reset thus ensuring data security after a power loss or other system restart event.

Consider Claim 20,
HARADA discloses the electronic device of claim 1, but fails to describe wherein the hardware security module is configured to detect an error in a received command to switch to or from the secure state, and is configured to trigger a reset of the electronic device in response to such detection.  The examiner takes official notice of the fact that restarting a compute element responsive to unexpected operation (including errors) is notoriously well-known in the art and a common troubleshooting method.  It would have been obvious to a person of ordinary skill in the art, prior to the effective filing date of the claimed invention, to modify the security module of HARADA such that a reset occurs in response to an error, because it is a notoriously well-known manner of 

Consider Claim 21,
HARADA teaches the electronic device of claim 1,and further discloses wherein the hardware security module comprises configuration logic for reading one or more configuration parameters from a memory of the electronic device after a reset of the electronic device (HARADA, e.g., Fig 6:202;¶0136, store configuration of secure area.), and further describes wherein the module comprises reset logic for holding the processor in reset until after the configuration logic has read the one or more configuration parameters (HARADA, e.g., Fig 17:S706; Fig 18:S717, processing is holding for read-data responsive to action by element 114a (HW security module).).  HARADA fails to describe the use of non-volatile memory or wherein the logic is reset logic.  However, the examiner notes that there are only two possibilities for describing storage at this breadth: volatile and non-volatile.  Further, the examiner takes official notice of the fact that reset logic is notoriously well-known in the art. Given that HARADA describes storing secure area boundaries in the secure area management unit and that is the only mechanism described to validate memory accesses, it would have been obvious to a person of ordinary skill in the art, prior to the effective filing date of the claimed invention, to use non-volatile memory in the secure storage area of HARADA and include reset logic to prevent CPU activity because it preserves secure area boundaries upon a system reset and prevents the processor from operating in a .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
[A] KOBRES (US PGPub No. 2014/0188732) – discloses systems and methods for accessing a secure element using a separate I/O security module.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Gary W Cygiel whose telephone number is (571)270-1170. The examiner can normally be reached Monday - Thursday 11am-3pm PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arpan P Savla can be reached on (571) 272-1077. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/Gary W. Cygiel/Primary Examiner, Art Unit 2137