DETAILED ACTION
	- Claims 1-8, 10-12,14-17 and 19-20 are allowed.
	- Claims 9, 13 and 18 are cancelled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
 	The following is an Examiner's statement of reasons for allowance:
- Following a telephonic interview held on 6/10/2022, Applicant’s representative Mr. Tim Boller authorized the Examiner’s amendment presented below in order to differentiate the current invention from the prior art.
- The requested terminal disclaimer was filed and approved on 6/14/2022.
- The IDS documents filed on 8/14/2020 and 5/5/2021 have been considered.
- In the same manner presented in the parent application, the closest identified prior art of record includes Guillen, Giordano, Shanahan, Laine and Narasimhan. However these references alone or in combination, do not teach or suggest all the features of independent claim 1, as amended. In the parent application, it was determined that Guillen, Giordano, Laine and Narasimhan do not teach a memory map for addresses of the internal memory, wherein the memory map for addresses of the internal memory has a configurable granularity at page, word and byte granularity levels, however Shanahan [0031] was cited to teach that the memory map is configurable at page, word and byte granularity levels. Shanahan [para.0031] discloses: at runtime the chunk may be accessed at a virtual address corresponding to the load address. Each chunk may have the same size or different sizes, and the total number m of chunks may be determined based on the chunk size and the size of the executable image. In the illustrative embodiment, each chunk is the size of a 4096-byte memory page. However, in other embodiments, each chunk may be embodied as a linked module of the executable (e.g., a loaded section of a PE format executable and/or a segment of an ELF executable) or any other subdivision of the executable image. Upon further consideration of Shanahan’s embodiments as further described in [para.0048], Shanahan teaches either embodiments were a chunk size may be fixed at the page size, or embodiments where each chunk has a variable/different size and, in that case, each chunk may be described as a tuple including {address, size, content}, and all of the tuples may be sorted by address. The computing device 100 may perform a binary search of the sorted tuples to translate a page fault address into the chunk containing the missing page. Alternatively, a hash table may be employed to map page addresses into chunks [Shanahan, para.0048]. This latter embodiment requires additional code or data i.e. necessitates overhead in storage and processing. Therefore, even though Shanahan discloses variable chunk sizes, the chunk sizes are continuously changing even during one execution and are not configurable at either a page, word and byte levels of granularity, as in the current invention. Thus, this embodiment and associated overhead of Shanahan may not work in and/or may not benefit the current invention. Thus, both embodiments of Shanahan are different from the current invention, which requires permitting access to memory outside the secure environment based on access permissions defined in a memory map for addresses of the internal memory, wherein the memory map for addresses of the internal memory has a configurable granularity at page, word and byte granularity levels, as recited in the amended independent claims. As such, the amended claims overcome each of the prior art references whether considered alone, or in combination.
In view of the above, independent claim 1 is deemed allowable. Claims 10 and 14 recite features similar to those recited in claim 1 and are therefore allowable for similar reasons. Claims 2-8, 11-12, 15-17 and 19-20 depend on one of claims 1, 10 and 14 and are therefore allowable by virtue of their dependency.
In most cases, the examiner's actions and the applicant's replies make evident the reasons for allowance, satisfying the "record as a whole" proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner's actions clearly point out the reasons for rejection and the applicant's reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary. Conversely, where the record is not explicit as to reasons, but allowance is in order, then a logical extension of 37 CFR 1.111 and 1.133 would dictate that the examiner should make reasons of record and such reasons should be specific.
 	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Examiner’s Amendment
 	The Examiner’s amendment presented below was authorized by Mr. Tim Boller following a telephonic interview held on 6/10/2022.
Please amend the claims as follows:

1. (Currently Amended) A method, comprising:
providing a secure environment in an internal memory of a microcontroller, the secure environment having secure engine program instructions executable by a microprocessor of the microcontroller;
restricting user-level access to the secure environment;
recognizing a boot-sequence of the microcontroller; and
in response to recognizing the boot-sequence:
disabling all direct memory access (DMA) controllers of the microcontroller that are configured to access memory of the secure environment;
configuring at least one memory controller of the microcontroller for access to the secure environment;
permitting access to memory outside the secure environment based on access permissions defined in a memory map for addresses of the internal memory, wherein the memory map for addresses of the internal memory has a configurable granularity at page, word and byte granularity levels;
preventing the microprocessor of the microcontroller from executing instructions fetched from outside the secure environment;
executing various ones of the secure engine program instructions as a state machine, said executing including:
disabling interrupts;
performing at least one secure operation after interrupts are disabled; and
enabling interrupts after performing the at least one secure operation;
clearing the internal memory; 
restoring an enabled/disabled status of each DMA controller disabled after recognizing the boot-sequence; and performing user-level operations.
2.	(Original)	The method of claim 1 wherein the secure engine program instructions executable by the microprocessor of the microcontroller are stored in a non-volatile memory.
3.	(Original)	The method of 1 wherein the microcontroller is an embedded microcontroller in an embedded device, and wherein the at least one secure operation includes a secure boot of the embedded device.
4.	(Original)	The method of claim 1 wherein the microcontroller is an embedded microcontroller in an embedded device, and wherein the at least one secure operation includes an update to firmware of the embedded device.
5.	(Original)	The method of claim 1 wherein the at least one secure operation includes a signature verification function.
6.	(Original)	The method of claim 1 wherein the act of performing at least one secure operation includes accessing protected cryptic values.
7.	(Original)	The method of claim 1, comprising:
after recognizing the boot-sequence, enabling a firewall to protect the secure environment, wherein executing various ones of the secure engine program instructions as the state machine includes executing a call gate function to open an area of access within the secure environment.
8.	(Original) The method of claim 7, comprising:
after performing at least one secure operation, executing a second call gate function to close the area of access within the secure environment.
9.	(Canceled)	
10.	(Currently Amended) A device, comprising:
a microcontroller having a microprocessor and an internal memory, the internal memory having a secure environment, the secure environment having secure environment configuration instructions executable by the microprocessor and secure engine program instructions executable by the microprocessor, wherein the microprocessor, in operation :
restricts user-level access to the secure environment;
recognizes a boot sequence of the microcontroller;
in response to recognizing the boot sequence and via the secure environment configuration instructions:
disables each direct memory access (DMA) controller that is configured to access memory of the secure environment;
configures at least one memory controller for access to the secure environment;
permits access to memory outside the secure environment based on access permissions defined in a memory map for addresses of the internal memory, wherein the memory map for addresses of the internal memory has a configurable granularity at page, word and byte granularity levels; and
prevents the microprocessor from executing instructions fetched from outside the secure environment;
via the secure engine program instructions executed as a state machine:
disables interrupts;
performs at least one secure operation after interrupts are disabled; and
enables interrupts after performing the at least one secure operation; and
via the secure environment configuration instructions:
clears the internal memory; 
restores an enable/disable status of each DMA controller disabled after recognizing the boot-sequence; and
performs user-level operations.
11.	(Original)	The device of claim 10 wherein the at least one secure operation is a cryptographic operation.
12.	(Original)	The device of claim 10 wherein the at least one secure operation is a secure key operation.
13.	(Canceled)
14.	(Currently Amended) A system, comprising:
a communications interface; and
a microcontroller coupled to the communications interface and having a microprocessor and an internal memory, the internal memory having a secure environment, the secure environment having secure environment configuration instructions executable by the microprocessor and secure engine program instructions executable by the microprocessor, wherein the microprocessor, in operation :
restricts user-level access to the secure environment;
recognizes a boot sequence of the microcontroller;
in response to recognizing the boot sequence and via the secure environment configuration instructions:
disables each direct memory access (DMA) controller that is configured to access memory of the secure environment;
configures at least one memory controller for access to the secure environment;
permits access to memory outside the secure environment based on access permissions defined in a memory map for addresses of the internal memory, wherein the memory map for addresses of the internal memory has a configurable granularity at page, word and byte granularity levels; and
prevents the microprocessor from executing instructions fetched from outside the secure environment;
via the secure engine program instructions executed as a state machine:
disables interrupts;
performs at least one secure operation after interrupts are disabled; and
enables interrupts after performing the at least one secure operation; and
via the secure environment configuration instructions:
clears the internal memory; 
restores an enable/disable status of each DMA controller disabled after recognizing the boot-sequence; and
performs user-level operations.
15.	(Original)	The system of claim 14, comprising:
 	at least one sensor, the at least one sensor arranged to provide sensor data to the microcontroller via the communication interface.
16.	(Original)	The system of claim 14 wherein the at least one secure operation is a cryptographic operation.
17.	(Original)	The system of claim 14 wherein the at least one secure operation is a secure key operation.
18.	(Canceled) 
19.	(Original)	The system of claim 14 wherein the secure environment of the internal memory comprises a plurality of portions of the internal memory having respective sets of addresses, the respective sets of addresses being non-contiguous.
20.	(Original)	The system of claim 14, wherein the internal memory includes non-volatile and volatile memory, and access to a portion of the internal non-volatile memory and access to a portion of the internal volatile memory is restricted.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434