Detailed Action 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101

The claim 17 is directed solely toward to computer program product. The computer program product in broadest reasonable interpretation falls under software per se. Software does not fall under the four statuary categories of inventions which are: process, machine, manufacture or composition of matter. Claimed invention does fall within these statuary categories of the invention and is not eligible for patenting. Computer software are programs and are ineligible for patentability. Gottschalk v. Benson, 409 U.S. at 72, 175 USPQ at 676-77.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 5, 6, 7, 11 recites the limitation " the check step " in line 1-2.  There is insufficient antecedent basis for this limitation in the claim.


Claim Objections
Claim 2-16 objected to because of the following informalities: 
“A device according to” should be referring to previous claims, i.e. it should be “The device.”.  Appropriate correction is required.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-5, 11, 16-17 is/are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Westerinen et al. [US 20090113210]

As to claim 1, 
Westerinen et al. [US 20090113210] teaches  A device (1) such as a connected object comprising a first electronic circuit (2) comprising: - a first processing unit (6) configured to execute a program, - 
a first memory (8) configured to memorize data from the program or manipulated by the program during its execution [par. 15-16, Fig. 1; “Components of computer 110 may include, but are not limited to, a processor 120, a system memory 130”. “RAM 132 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processor 120”) and 0031; “In order to read data in the computer memory 130 without the threat of malicious code running on the processor 120 ”- code executing in processor 120 ] , - 
a debug port (10) dedicated to checking the execution of the program from outside the first circuit [(0028: “The processor 202 may, when the system processor 120 of FIG. 1 supports it, use a debug interface 210 to communicate with a processor debug port. The processor 202 may additionally use a serial peripheral interface (SPI) bus interface 211 to support communication between the I/O Interface 122 of FIG. 1 with a basic input/output system (BIOS) memory, e.g. BIOS 133 of FIG. 1. ” , and 0037: “after receiving the hash values over the secure link 322, the security module 316 may calculate a hash of the executable code 319 over link 326 and compare the hash with the value received from the trusted source 306 ”- checking is performed outside of 110 , futher see 20-33: debug port ] , 
the device (1) further comprising a second electronic circuit (4) connected to the debug port (10), the second electronic circuit (4)  [ 0033: “The security module 200, upon receipt of the signal, may access the system processor 120 via the debug interface 210.”  And 0027: “security module 200 may have many functions that contribute to either secure operation, metered operation, or subsidized operation, the following discussion highlights the use of the security module 200 in enforcing that executable code of interest is both un-tampered and actually being executed. The reasons for assuring both integrity and operation of executable code may include verification of executable code ” Westerinen: par. 20, 27-28, Figs 1-3; a security module uses “a debug interface 210 to communicate with a processor debug port”, the security module “enforcing that executable code of interest is both un-tampered and actually being executed”. And 0033: “Because validation of code is only part of assuring that the executable code of interest is un-tampered and executing, a second step may be required, that of verifying actual execution of the code. ” See also par. 28-40) ] comprising: -
 a second memory (14) memorizing reference data related to the program (Westerinen: par. 28-32, Fig. 2; secure memory 204),, 
- a second processing unit (12) configured to implement the following steps automatically and autonomously via the debug port (10) (Westerinen: par. 28, 31, Fig. 2; processor 202 and 0033: “The security module 200, upon receipt of the signal, may access the system processor 120 via the debug interface 210. Processors that support a debug interface allow a direct read out of internal registers, for example, the location of a program counter. ”- when signal is received it is performed automatically): 
checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data[ ( 0036: “The trusted source 306 may establish a secure channel 322 with the security module 316 in order to transfer a trusted copy of the hash values for the executable code 310 and the HVR 312. The server may transfer copies of the executable code 310 and the HVR 312 over unsecured link 324 to create the computer copies of the executable code 319 and the HVR 320 ” -  data has been transferred or second device memorizes data of the first device and 0037: “after receiving the hash values over the secure link 322, the security module 316 may calculate a hash of the executable code 319 over link 326 and compare the hash with the value received from the trusted source 306 ”- code and data has been transferred to check integrity or validity  and 0041: “At block 402, validation of an executable code 319 in a computer memory 318 may be performed. Validating the executable code 318 may include receiving a known hash of the executable code 319 from a trusted source 306. ” and 0033: “The security module 200, upon receipt of the signal, may access the system processor 120 via the debug interface 210. Processors that support a debug interface allow a direct read out of internal registers, for example, the location of a program counter. ”   and 0027: “security module 200 may have many functions that contribute to either secure operation, metered operation, or subsidized operation, the following discussion highlights the use of the security module 200 in enforcing that executable code of interest is both un-tampered and actually being executed. The reasons for assuring both integrity and operation of executable code may include verification of executable code ” and 44: “the HVR 320 may then calculate a hash of the executable code 319 and forward that hash value to the security module 316 for comparison to a known hash of the executable code 319 received from the trusted source 306. Further see . 47-49].
But does not explicitly teach debug a debug port (10) dedicated to checking the execution of the program from outside the first circuit

As to claim 2, 
Westerinen et al. [US 20090113210] teaches the steps implemented automatically and autonomously by the second processing unit further comprise a program suspension command, the integrity check and/or compliance step being implemented while the program is suspended [ 0039: “The executable code 319 may cause an interrupt to run an interrupt service routine 332 that may send a signal 334 to the security module 316. The security module 316 may then read internal data from the processor 314 using a debug port (not depicted), as described above. ” see  par. 45-47; Fig. 4; executing during interrupt  and 0047: “The security module 316 may set a delay period for the next validation cycle by directly writing a value to a register used by the executable code 319 as a seed for calculating the next interval. Execution may then proceed normally until the next interrupt is asserted by the executable code 319 at the expiration of the interval. ”- delaying is equivalent to suspending].

As to claim 3, 
Westerinen et al. [US 20090113210] teaches the suspension command comprises the placement of a stop point at a predetermined location in the program, so as to suspend the program at the predetermined location, or the placement of an observation point on a variable of the program, so as to suspend the program when the variable is modified [ 0046: “after validation of the executable code 319 is complete, the executable code 319 may be run. During the operation of the executable code 319, at block 406, an interrupt may be asserted. This assumes the executable code 319 has been modified in anticipation of such validation. The interrupt may be asserted when the executable code 319 is at a point of execution having a known state and to be critical to proper execution of the executable code. ” and 0047: “The security module 316 may set a delay period for the next validation cycle by directly writing a value to a register used by the executable code 319 as a seed for calculating the next interval. Execution may then proceed normally until the next interrupt is asserted by the executable code 319 at the expiration of the interval. ”].

As to claim 4, 
Westerinen et al. [US 20090113210] teaches the steps implemented automatically and autonomously by the second processing unit (12) comprise a step consisting of verifying whether a condition independent of the way in which the program is being executed has been met, such as verifying whether a predetermined period of time has elapsed since a previous start of the program, a previous resumption of the program, or a previous powering-on of the device (1), the suspension command step being implemented when the condition is met [ 0047: “The security module 316 may set a delay period for the next validation cycle by directly writing a value to a register used by the executable code 319 as a seed for calculating the next interval. Execution may then proceed normally until the next interrupt is asserted by the executable code 319 at the expiration of the interval. ” Fig. 4; “Set delay period” step 412).].

As to claim 5, 
Westerinen  teaches the steps implemented automatically and autonomously by the second processing unit (12) comprise the command for the first processing unit (6) to resume the program when the program or the data manipulated by the program is revealed not to have been compromised during the check step, and where this command is not implemented when the program or the data manipulated by the program is revealed to have been compromised during the check step [  0047: “When the interrupt is asserted, an interrupt service routine 332 may be called. At block 406, the interrupt service routine 332 may signal the security module 316 to access the processor via a debug port (not depicted) on the processor 314. At block 408, the security module 316 may then read one or more register values in the processor 314. Because the executable code is at a precisely known state, the register values can be compared to predicted values at block 410. When the actual and predicted values match, the `yes` branch from block 410 may be taken to block 412. The security module 316 may set a delay period for the next validation cycle by directly writing a value to a register used by the executable code 319 as a seed for calculating the next interval. Execution may then proceed normally until the next interrupt is asserted by the executable code 319 at the expiration of the interval. ” (further see par. 47-48; Fig. 4, steps 410-414).].

As to claim 11, 
Westerinen et al. [US 20090113210] teaches 
11. A device (1) according to claim 1, wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise a program update command (114) when the program or the data manipulated by the program is revealed to have been compromised during the check step [ 0046: “after validation of the executable code 319 is complete, the executable code 319 may be run. During the operation of the executable code 319, at block 406, an interrupt may be asserted. This assumes the executable code 319 has been modified in anticipation of such validation. The interrupt may be asserted when the executable code 319 is at a point of execution having a known state and to be critical to proper execution of the executable code.  ” – modification is equivalent to update].
As to claim 16,
Westerinen et al teaches this claim according to the reasoning set forth in claim 1 supra. 
As to claim 17,
Westerinen et al teaches this claim according to the reasoning set forth in claim 1 supra. 




Allowable Subject Matter
Claim 6-10, 12- 15 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KESHAB R PANDEY whose telephone number is (571)270-0176. The examiner can normally be reached Monday-Friday 9:00-5:00(ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed A Abbaszadeh can be reached on (571)270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KESHAB R PANDEY/Primary Examiner, Art Unit 2187