DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
This action is responsive to communication filed on 02/14/2022. Claims 1-5 and 7-23 are pending and being considered. Claim 6 has been cancelled. Claim 23 has been added. Claims 1 and 21 are independent. Thus, the claims 1-5 and 7-23 are rejected.

Response to Arguments/Remarks
Regarding claims 1, 21 and 22, applicant’s arguments/remarks filed on 2/14/2022 
have been fully considered but they are not persuasive.
Applicant’s Arguments/Remarks:
Regarding independent claim 1, Applicant argues that the cited prior art(s), Frank (US 2016/0070934 A1), fails to teach the limitation(s), such as “direct memory access controller” and “generate, in response to reading data from the memory, a hash value from the data read from the memory”, as recited in the independent claim 1. ATTORNEY DOCKET NO. Examiner acknowledged Applicant’s prospective but respectfully disagrees due to the following reason(s):
In response to the Applicant's arguments/remarks that the cited prior art(s) Frank fails to teach the recited “direct memory access controller” element of the claimed invention that functions as a feature of data processing systems that allows certain hardware subsystems within the computer to access system memory for reading and/or writing independently of a central processing unit (CPU), e.g. the cores 206, 2076 in the example of FIG. 4 (as disclosed in Para. [0028] of the immediate disclosure). The examiner respectfully disagrees because the cited prior art ‘Frank’ (In Figs. 1a-2a (Para. [0018- 0022]), schematically shows an example of a memory controller 10 (hereinafter, DMA controller) which is suitable to verify authenticity of data DATA stored in a first memory unit 15 […]. Wherein, the first processing unit 30 (of the memory controller 10, as depicted in Figs. 1b-2a) may read and write data DATA from and to the first memory unit 15 (without utilizing a core processor 40, as depicted in Fig. 2b)). Therefore, under BRI, the cited prior art ‘Frank’ clearly teaches the recited “direct memory access controller” element of the claimed invention that can directly read data from the memory, as described above.
Applicant further remarks that the “DMA controller is a term of art- that one skilled in the art would know as would be evinced by any web or google search. Accordingly, the notion that ‘DMA controller’ can be read on a normal memory controller is wholly without merit”. Examiner acknowledged Applicant’s prospective but respectfully disagrees due to the following reason(s):
Under a broadest reasonable interpretation (BRI), words of the claim must be given their plain meaning, unless such meaning is inconsistent with the specification. The plain meaning of a term means the ordinary and customary meaning given to the term by those of ordinary skill in the art at the time of the invention. The ordinary and customary meaning of a term may be evidenced by a variety of sources, including the words of the claims themselves, the specification, drawings, and prior art. However, the best source for determining the meaning of a claim term is the specification - the greatest clarity is obtained when the specification serves as a glossary for the claim terms. The presumption that a term is given its ordinary and customary meaning may be rebutted by the applicant by clearly setting forth a different definition of the term in the specification. In re Morris, 127 F.3d 1048, 1054, 44 USPQ2d 1023, 1028 (Fed. Cir. 1997) (the USPTO looks to the ordinary use of the claim terms taking into account definitions or other "enlightenment" contained in the written description);
Under BRI, the examiner further notes that the immediate disclosure (In Para. [0028]) corresponds the recited term ‘direct memory access (DMA) controller’ as a feature of data processing systems that allows certain hardware subsystems within the computer to access system memory for reading and/or writing independently of a central processing unit (CPU), e.g. the cores 206, 2076 in the example of FIG. 4. 
Therefore, contrary to Applicant’s assertion, under BRI, Frank as previously indicated, as disclosed in Figs. 1a-2a (Para. [0018- 0022] of the ‘Frank’ as a memory controller 10 (i.e., DMA controller) which is suitable to verify authenticity of data DATA stored in a first memory unit 15 […]. Wherein, the first processing unit 30 (of the memory controller 10, as depicted in Figs. 1b-2a) may read and write data DATA from and to the first memory unit 15 (without utilizing a core processor 40, as depicted in Fig. 2b). Wherein, the memory controller 10 may be for example part of a MCU (Microcontroller Unit), as depicted in Fig. 2b). Therefore, under BRI, the cited prior art ‘Frank’ teaches the recited “direct memory access controller” element of the claimed invention as a feature of data processing systems that allows certain hardware subsystems within the computer to access system memory for reading and/or writing independently of a central processing unit (CPU), consistent with the specification.
Further, in response to the applicant’s arguments/remarks that the cited prior art ‘Frank’ also fails to teach the claimed limitation “generate, in response to reading data from the memory, a hash value from the data read from the memory”, as recited in the independent claim 1. The examiner respectfully disagrees because the cited prior art Frank (In Fig. 2a (Para. [0018-0022]), clearly discloses that the first processing unit 30 (of the memory controller 10, as depicted in Figs. 1b-2a) may read and write data DATA from and to the first memory unit 15 on a block-wise basis […]. In this way the first processing unit 30 may read and write data DATA with the size of 128 or 256 bits at once. In this case the first processing unit 30 may calculate the calculated value CV (which e.g. may be the HASH calculated value cited in the above mentioned example) per each array block with the size of 128 or 256 bits at once. Wherein, the calculated value CV (which e.g. may be the HASH calculated value cited in the above mentioned example) may be a compact representation of the data DATA stored in the first memory unit 15 or of a portion of the data DATA stored in the first memory unit 15, and/or as disclosed in Para. [0023], wherein the first processing unit 30 described in FIGS. 2a is an HASH engine 32 (of the controller 10, as depicted in Fig. 2b) used to calculate the calculated HASH value CH representative for the data DATA in the non-volatile flash memory 17). Therefore, under BRI, the cited prior art ‘Frank’ clearly teaches to “generate a hash value in response to reading data from the memory”, as descibed above.
Thus, under BRI, the cited prior art ‘Frank’ teaches the claimed limitation(s) as mentioned above for the independent claim 1. Therefore, the examiner maintains the rejection for the independent claim 1, as rejected in the previous non-final rejection. The examiner suggests applicant to further amend the independent claims to overcome the current rejection under 35 U.S.C. 103.
Regrading independent claim 21, the claim recites similar limitations as mentioned above for the independent claim 1. Therefore, the independent claim 21 also remain rejected under 35 U.S.C 103 for the same reason(s) as mentioned above for the independent claim 1. Therefore, the Examiner suggests to further amend the independent claims 1 and 21 to overcome the current rejection(s) under 35 U.S.C. 103.
Regarding dependent claim 22, Applicant argues that the cited prior art(s), Frank (US 2016/0070934 A1) in view of Gail. (US 2014/0223569 A1), fails to teach the limitation(s), such as “the direct memory access controller configured to send the hash value in a message including a tag configured to be readable only by the security module”, as recited in the dependent claim 22. ATTORNEY DOCKET NO. Examiner acknowledged Applicant’s prospective but respectfully disagrees due to the following reason(s):
In response to the Applicant's arguments/remarks that the cited prior art(s) Frank fails to teach the claimed limitation(s) “the direct memory access controller configured to send the hash value in a message including a tag configured to be readable only by the security module”, as recited in the dependent claim 22. The examiner respectfully disagrees because the cited prior art ‘Frank’ (In Fig. 2b (Para. [0023]), discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface (i.e., via a private channel) implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32. Wherein, the calculated HASH value CH is only offered, as a read-only value, to the authenticated HSM 37 having a unique identification code). Therefore, under BRI, the cited prior art ‘Frank’ teaches the claimed limitation “the direct memory access controller configured to send the hash value in a message including a tag configured to be readable only by the security module”, as mentioned above.
Regarding dependent claims 2-5, 7-20 and 23 fall together accordingly, since the cited prior art(s) does disclose the limitation(s) as stated above.
Further, the objections to the drawings has been waived/withdrawn. 
In response to the electronic Terminal Disclaimer, filed and approved on 02/14/2022, the double patenting rejection has been waived/withdrawn.

Claim Objections
Claim(s) 23 is objected to because of the following informalities:  
Claim 23 (Line 1) recites “wherein top generate…”, which should read as “wherein to generate..”.
Appropriate correction is required.

Specification
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: Regarding dependent claim 23, the claim recites “to generate the hash value immediately after the data read from the memory”, which is not defined in the specification and/or drawings (Figs. 1-6).

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 23 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding dependent claim 23, the claim recites limitation “…to generate the hash value immediately after the data read from the memory”, which is not clearly described/disclosed in the specification and/or drawings (Figs. 1-6). The specification as filed must describe the claimed invention in sufficient detail so that one of ordinary skill in the art can reasonably conclude that the inventor had possession of the claimed invention. Examiner notes that the specification (Para. [0048 and 0057]) only describes a direct memory access controller 504 that is configured to read data from the memory and generate a hash value for the data read from the memory, and does not provide the process to generate a hash value immediately after the data being read from the memory. Therefore, the disclosure lacks on written description of “how” one of ordinary skill in the art can reasonably generate a hash value immediately after the data being read from the memory. Thus, the claim 23 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement(s).

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-11, 15-16 and 20-23 are rejected under 35 U.S.C. 103 as being unpatentable over Frank; Juergen et al. (US 2016/0070934 A1), hereinafter (Frank), in view of Gail; Markus et al. (US 2014/0223569 A1), hereinafter (Gail).

As per claim 1, Frank teaches a control device, comprising (Frank, Fig. 2b and Para. [0023], discloses a MCU 5 that includes the memory controller 10 described in FIG. 2a, and disclosed in Para. [0027], wherein the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5): 
an application core comprising Frank, Fig. 2a and Para. [0022], discloses that the first processing unit 30 may be embedded in a same chip with the first memory unit 15, and as disclosed in Para. [0023], FIG. 2b shows an exemplary embodiment of a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 described in FIGS. 2a is an HASH engine 32); and 
a security module coupled to the application core via a computer bus (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH may be made available to the HSM 37 via a register interface implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32 (on a same chip, see Para. [0022]). The HSM 37 may communicate within the memory controller 10 by means of the same crossbar switch XBAR or the suitable type of system bus), wherein the security module comprises at least one processor and at least one memory (Frank, Para. [0021], discloses that secure memory unit 20 and the pre-stored value PV stored therein may be part of HSM. The HSM may usually include one or more processors); 
wherein the direct memory access controller is configured to (Frank, Figs. 1a-2a and associated Para. [0018- 0022], schematically shows/disclsoes an example of a memory controller 10 (hereinafter, DMA controller) which is suitable to verify authenticity of data DATA stored in a first memory unit 15 […]. Wherein, the first processing unit 30 (of the memory controller 10, as depicted in Figs. 1b-2a) may read and write data DATA from and to the first memory unit 15 (without utilizing a core processor 40, as depicted in Fig. 2b))): read data from the memory, generate, in response to reading data from the memory, a hash value from the data read from the memory (Frank, Fig. 2a and Para. [0018-0022], discloses that the first processing unit 30 (of the memory controller 10, as depicted in Figs. 1b-2a) may read and write data DATA from and to the first memory unit 15 on a block-wise basis […]. In this way the first processing unit 30 may read and write data DATA with the size of 128 or 256 bits at once. In this case the first processing unit 30 may calculate the calculated value CV (which e.g. may be the HASH calculated value cited in the above mentioned example) per each array block with the size of 128 or 256 bits at once. Wherein, the calculated value CV (which e.g. may be the HASH calculated value cited in the above mentioned example) may be a compact representation of the data DATA stored in the first memory unit 15 or of a portion of the data DATA stored in the first memory unit 15, and/or as disclosed in Para. [0023], wherein the FIG. 2b shows MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 described in FIGS. 2a is an HASH engine 32 used to calculate the calculated HASH value CH representative for the data “DATA” in the non-volatile flash memory 17), and 
provide the hash value to the security module via the computer bus (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32 (on a same chip, see Para. [0022]). The HSM 37 may communicate within the memory controller 10 by means of the same crossbar switch XBAR or the suitable type of system bus); and 
wherein the security module is configured to process the hash value (Frank, Para. [0023], discloses that the second processing unit 35 is an HSM 37 (Hardware Security Module) used to compare the calculate HASH value CH with the pre-stored HASH value PH stored in the secure memory unit 20). 
Frank fails to explicitly disclose but Gail teaches an application core comprising a processor, a memory and a direct memory access controller (Gail, Fig. 1 and Para. [0013], discloses one or more application cores 108 such as embedded processor cores); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the system on chip SOC includes one or more application cores, as taught by Gail, in order for the ESM to perform security tasks for applications running on one or more of the application cores; Gail, Para. [0016].

As per claim 2, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module is configured to compare the hash value with a reference hash value (Frank, Para. [0023], discloses that after receiving the calculated HASH value CH from the non-volatile flash memory 17 or the HASH engine 32 of the memory controller 10 and retrieving the pre-stored HASH value PH from the secure memory unit 20, the HSM 37 compares the calculated HASH value CH with the pre-stored HASH value PH).

As per claim 3, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module is configured to verify an integrity of the data based on the hash value (Frank, Para. [0021 and 0028], discloses that the HSM may usually include one or more processors dedicated for carrying out secure cryptographic operations with which data is protected against tampering and bus probing, such as by comparing the calculated hash value CV with the pre-stored value PV to verify the authenticity of data stored in a memory unit).

As per claim 4, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the direct memory access controller is configured to provide the hash value to the security module via a private channel (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface (i.e., via a private channel) implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32. The HSM 37 may communicate within the memory controller by means of the same crossbar switch XBAR or the suitable type of system bus).

As per claim 5, Frank as modified by Gail teaches the control device of claim 1, wherein Frank fails to explicitly disclose but Gail further teaches the security module comprises an interface to connect to the computer bus and a firewall arranged between the interface and further components of the security module (Gail, Para. [0021], discloses that interface 128 of the ESM 102 (Embedded Security Module) can be a standard high bandwidth communication bridge 116 to ensure timely access to the data and code stored in external Flash memories 138, 140. The bridge 116 can include a standard firewall for restricting access to the ESM 102. The firewall can implement any standard protocol for protecting the internal components of the ESM 102 against access from outside the ESM 102.).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the security module comprises an interface to connect to the computer bus and a firewall arranged between the interface and further components of the security module, as taught by Gail, in order to protect the internal components of the ESM 102 against access from outside the ESM 102; Gail, Para. [0021].


As per claim 7, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module comprises a memory encryption unit (Frank, Para. [0021], discloses that the HSM may usually include one or more processors dedicated for carrying out secure cryptographic operations with which data is protected against tampering and bus probing. Therefore the pre-stored value PV may be stored, generated, and encrypted in the HSM as cryptographic keys. By using a HSM in the second processing unit 35, security of the memory controller 10 and of the start-up of the memory controller 10 and the first memory unit 15 is further improved).

As per claim 8, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module comprises one or more cryptographic accelerators (Frank, Para. [0021], discloses that the HSM may usually include one or more processors (i.e., accelerators) dedicated for carrying out secure cryptographic operations with which data is protected against tampering and bus probing).

As per claim 9, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the control device is a vehicle electronic control unit (Frank, Para. [0019], discloses a larger system controlling a network of devices interacting with each other. For example the MCUs and transceivers controlling the electrical features in a vehicle such as switching on/off indoor or outdoor lights, lifting-up/sliding down electrical windows, etc.).

As per claim 10, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the control device is configured to control a component of a vehicle (Frank, Para. [0019], discloses to control electrical features of a vehicle such as indoor or outdoor lights, electrical windows, etc., or see also Para. [0027, discloses that the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5. The safety system may be for example a break system. The break system may receive a break command from a central node which may be another MCU 5).

As per claim 11, Frank as modified Gail teaches the control device of claim 1, wherein Frank further teaches the data are vehicle component control data (Frank, Para. [0019], discloses the instructions for the operations of these devices may be related for example to switching on/off indoor or outdoor lights, lifting-up/sliding down electrical windows, etc. The data DATA in the first memory unit 15 may consist of said instructions for the operations of the devices in the network).

As per claim 15, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module is a hardware security module (Frank, Fig. 2b, illustrates a HSM 37).

As per claim 16, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module comprises a countermeasure against a physical attack (Frank, Para. [0027], discloses that the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5. The safety system may be for example a break system. The break system may receive a break command from a central node which may be another MCU 5. The break command may be potentially accessed by unauthorized persons and an illegal break command may be send to the break system. This may especially happen in those automotive vehicles that may be connected to new infotainment systems which may be connected to for example smartphones. By using the HSM 37 in the MCU 5 and the cryptographic algorithms implemented in the HSM 37 the break command may be protected against access by unauthorized persons).

As per claim 20, Frank as modified by Gail teaches the control device of claim 1, wherein Frank fails to disclose but Gail further teaches: further comprising: a chip comprising the application core and the security module (Gail, Fig. 1 and Para. [0013], discloses a system on chip (SOC) 100 including an embedded security module (ESM) 102 […] and one or more application processing cores 108).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the system on chip SOC includes an embedded security module and one or more application cores, as taught by Gail, in order for the ESM to perform security tasks for applications running on one or more of the application cores; Gail, Para. [0016].

As per claim 21, Frank teaches a method for securing data, the method comprising (Frank, Para. [0001], discloses a method for verifying authenticity of data stored in a memory unit and a method for controlling a memory unit, and as disclose din Para. [0003], for a secure functioning of the electronic system and to protect the data from unauthorized access or manipulation, the data of the memory unit requires to be verified): 
reading, by a direct memory access controller, data from a memory of an application core which comprises the memory, the direct memory access controller Frank, Fig. 2a and Para. [0022], discloses that the first processing unit 30 is integrated with the first memory unit 15 and the first processing unit 30 may read and write data “DATA” from and to the first memory unit 15 on a block-wise basis. For example the first processing unit 30 may be embedded in a same chip or same package with the first memory unit 15. This allows a close physical connection between the processing unit 30 and the first memory unit 15, and as disclosed in Para. [0023], FIG. 2b shows an exemplary embodiment of a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 described in FIGS. 2a is an HASH engine 32 used to calculate the calculated HASH value CH representative for the data “DATA” in the non-volatile flash memory 17); 
generating, by the direct memory access controller in response to reading data from the memory, a hash value from the data read from the memory (Frank, Fig. 2b and Para. [0023], discloses that a HASH engine 32, within memory controller 10, is used to calculate the HASH value CH representative for the data in the non-volatile flash memory 17); and 
providing the hash value to a security module via a computer bus coupling the application core and the security module (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32 (on a same chip, see Para. [0022]). The HSM 37 may communicate within the memory controller 10 by means of the same crossbar switch XBAR or the suitable type of system bus).
Frank fails to explicitly disclose but Gail teaches an application core which comprises the memory, the direct memory access controller and a processor (Gail, Fig. 1 and Para. [0013], discloses one or more application cores 108 such as embedded processor cores); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the system on chip SOC includes one or more application cores, as taught by Gail, in order for the ESM to perform security tasks for applications running on one or more of the application cores; Gail, Para. [0016].

As per claim 22, Frank as modified by Gail teaches the control device of claim 4, wherein Frank further teaches the direct memory access controller configured to provide the hash value to the security module via a private channel comprises the direct memory access controller configured to send the hash value in a message including a tag configured to be readable only by the security module (discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface (i.e., via a private channel) implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32. Wherein, the calculated HASH value CH is only offered, as a read-only value, to the authenticated HSM 37 having a unique identification code).

As per claim 23, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches top generate, in response to reading data from the memory, the hash value from the data read from the memory comprises to generate the hash value immediately after the data read from the memory (Frank, Fig. 2a and Para. [0018-0022], discloses that the first processing unit 30 (of the memory controller 10, as depicted in Figs. 1b-2a) may read and write data DATA from and to the first memory unit 15 on a block-wise basis […]. In this way the first processing unit 30 may read and write data DATA with the size of 128 or 256 bits at once. In this case the first processing unit 30 may calculate the calculated value CV (which e.g. may be the HASH calculated value cited in the above mentioned example) per each array block with the size of 128 or 256 bits at once. Wherein, the calculated value CV (which e.g. may be the HASH calculated value cited in the above mentioned example) may be a compact representation of the data DATA stored in the first memory unit 15 or of a portion of the data DATA stored in the first memory unit 15).

Claim(s) 12-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Frank in view of Gail, as applied above, and further in view of Wang; Qiyan (US 9705678 B1), hereinafter (Wang).

As per claim 12, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the data are data to be sent to another control device connected to the control device Frank, Para. [0019], discloses that the memory controller 10 of FIG. 1a may be part of a larger system controlling a network of devices interacting with each other and wherein the memory controller 10 gives instructions for operations and timing of operations to be performed by each of the devices in the network. In a context of automotive applications the memory controller 10 may be for example part of a MCU (Microcontroller Unit) and the devices in the network may be CAN (Control Area Network) or LIN (Local Interconnect Network) transceivers or other MCUs. These transceivers are controlling electrical features in a vehicle such as indoor or outdoor lights, electrical windows, etc. In this case the instructions for the operations of these devices may be related for example to switching on/off indoor or outdoor lights, lifting-up/sliding down electrical windows, etc. The data DATA in the first memory unit 15 may consist of said instructions for the operations of the devices in the network, and as disclosed in Para. [0027], the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5. The safety system may be for example a break system. The break system may receive a break command from a central node which may be another MCU 5).
However Frank as modified by Gail fails to disclose “a second computer bus” but Wang teaches wherein the data are data to be sent to another control device connected to the control device by a second computer bus (Wang, Fig. 1 and Col. 4 (Lines 16-20), discloses that all ECUs 102 are connected to a Controller Area Network (CAN) bus 104. In most cases, there are two CAN buses 104 (CAN-1 and CAN-2, as depicted in Fig. 1) on the vehicle, and they are interconnected through a bridge unit 106, which forwards messages from one CAN bus 104 to the other).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Wang’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the data are data to be sent to another control device connected to the control device by a second computer bus, as taught by Wang, in order for a CAN bus to deliver messages to interested parties (ECUs); Wang, Col. 4 (Lines 42-43).

As per claim 13, Frank as modified by Gail in view of Wang teaches the control device of claim 12, wherein Frank as modified by Gail fails to explicitly disclose but Wang teaches the control device comprises a bridge to connect to the second computer bus (Wang, Fig. 1 and Col. 4 (Lines 16-20), discloses that all ECUs 102 are connected to a Controller Area Network (CAN) bus 104. In most cases, there are two CAN buses 104 (CAN-1 and CAN-2, as depicted in Fig. 1) on the vehicle, and they are interconnected through a bridge unit 106, which forwards messages from one CAN bus 104 to the other).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Wang’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the control device comprises a bridge to connect to the second computer bus, as taught by Wang, in order to take advantage of the two CANs that are connected via a bridge unit to forwards messages from one CAN to the other; Wang, Col. 3 (Lines 58-60).

As per claim 14, Frank as modified by Gail in view of Wang teaches the control device of claim 12, wherein Frank as modified by Gail fails to explicitly disclose but Wang teaches the second computer bus is an in-vehicle bus (Wang, Fig. 1 and Col. 4 (Lines 16-20), discloses that all ECUs 102 are connected to a Controller Area Network (CAN) bus 104. In most cases, there are two CAN buses 104 (CAN-1 and CAN-2, as depicted in Fig. 1) on the vehicle, and they are interconnected through a bridge unit 106, which forwards messages from one CAN bus 104 to the other).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Wang’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the second computer bus is an in-vehicle bus, as taught by Wang, in order to take advantage of the two CANs that are connected via a bridge unit to forwards messages from one CAN to the other; Wang, Col. 3 (Lines 58-60).

Claim(s) 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Frank in view of Gail, as applied above, and further in view of Hendrik Schweppe (Security and Privacy in Automotive On-Board Networks, Submitted on 27 May 2015), hereinafter (Hendrik).

As per claim 17, Frank as modified by Gail teaches the control device of claim 16, wherein Frank as modified by Gail fails to explicitly disclose but Hendrik further teaches the countermeasure is an active sensor to detect a fault and glitching attacks (Hendrik, Page 173- 175, discloses the intrusion detection sensors). 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Hendrik’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the countermeasure is an active sensor to detect a fault and glitching attacks, as taught by Hendrik, in order to provide a security mechanisms for preventing and detecting attacks and intrusions, as well as approaches to intrusion response and containment; Hendrik, Page 20 (First Paragraph).

Claim(s) 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Frank in view of Gail, as applied above, and further in view of Westerinen; William J. et al. (US 2008/0148065 A1), hereinafter (Westerinen).

As per claim 18, Frank as modified by Gail teaches the control device of claim 1, wherein Frank as modified by Gail fails to explicitly disclose but Westerinen teaches the security module is configured to secure a communication between the memory and the direct memory access controller (Westerinen, Para. [0004], discloses to enforce the restrictions on memory, the security module may use its access to the DMA controller to write a pattern into the restricted memory and later read back the pattern to ensure that the memory is not in use by other, unauthorized programs. Because a substantial amount of memory may be involved, a cryptographic algorithm may be used to generate the pattern or verify the original contents. The cryptographic algorithm allows use of a fast block cipher, such as the Advanced Encryption Standard (AES) algorithm, to generate patterns by address, or patterns from a known seed).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Westerinen’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the security module is configured to secure a communication between the memory and the direct memory access controller, as taught by Westerinen, in order to enforce restrictions on memory and further to reduce opportunities for hackers to intervene; Westerinen, Para. [0004 and 0037].

As per claim 19, Frank as modified by Gail in view of Westerinen teaches the control device of claim 18, wherein Frank as modified by Gail fails to explicitly disclose but Westerinen further teaches the security module is configured to secure the communication by means of providing at least one cryptographic key for encrypting data exchanged between the memory and the direct memory access controller (Westerinen, Para. [0004], discloses to enforce the restrictions on memory, the security module may use its access to the DMA controller to write a pattern into the restricted memory and later read back the pattern to ensure that the memory is not in use by other, unauthorized programs. Because a substantial amount of memory may be involved, a cryptographic algorithm may be used to generate the pattern or verify the original contents. The cryptographic algorithm allows use of a fast block cipher, such as the Advanced Encryption Standard (AES) algorithm, to generate patterns by address, or patterns from a known seed, and as disclosed in Claim 11, wherein the cryptographic unit further includes cryptographic keys for use in generating a memory pattern).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Westerinen’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the security module is configured to secure the communication by means of providing at least one cryptographic key for encrypting data exchanged between the memory and the direct memory access controller, as taught by Westerinen, in order to enforce restrictions on memory and further to reduce opportunities for hackers to intervene; Westerinen, Para. [0004 and 0037].

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose telephone number is 571-272-1239. The examiner can normally be reached on 8AM-4PM (EST) Monday-Friday. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 571-272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496