DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Response to Amendment
The amendment filed 2022-06-03 has been entered and fully considered.

In light of applicant’s amendment, filed 2022-06-03, the 35 U.S.C. § 112(b) rejections have been withdrawn.


Response to Arguments
Applicant’s arguments, see pages 6-9, filed 2022-06-03, with respect to the rejection of claims 1-15 under 35 U.S.C. § 103 have been fully considered but they are not persuasive.
In response to applicant’s argument that Evans and Martel fail to render obvious the claimed invention, the Examiner respectfully disagrees.  Applicant first argues that “Evans discloses data access control via different architecture, lacking disclosure of a System on Chip comprising a security circuit (2) and a communication infrastructure (3) for connecting said at least two masters (10) to the security circuit (2), the communication infrastructure (3) being based on a given interface communication protocol, the Security Circuit (2) comprising a Secure Mailbox (20)”; however, applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.  That is, the Examiner has mapped citations of Evans to the claim language as argued, and applicant has not described how the claim language is structurally or functionally distinct from the mapped elements of Evans.
Applicant further argues that “features of amended claim 1 (i) provide secure access to the Secure Element by hardware masters in a multi-master mailbox architecture, using an interface protocol, secure access to the cryptographic services, and/or secure access to secret parameters such as key and (ii) enable providing a Mailbox having a very high security level”; however, it is noted that the features upon which applicant relies (i.e., “secure access to the cryptographic services, and/or secure access to secret parameters such as key” and “a Mailbox having a very high security level”) are not recited in the rejected claims.  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Applicant then argues the combination of Evans and Martel is non-obvious because “Evans does not relate to a mailbox architecture involving specific exchanges where a mailbox is responsible for the exchanges between a master and a security element” and that a “PHOSITA would further acknowledge that Evans lacks the multi-master architecture of the recited approach”.  The Examiner notes, however, that Evans discloses a bus and an access control system for exchanging messages between multiple masters and multiple slaves.  Further, every synchronous system requires a buffer, and Evans discloses the bus using such a buffer (e.g. [0057]).  Note that the broadest reasonable interpretation of a “mailbox” encompasses commonly used buffers.  The only claimed element explicitly missing from Evans is “said indicator bit indicating whether said respective hardware master is allowed access to the Security circuit”; however, this can be met simply by one of the slave devices having a security element.  The Examiner merely relied on Martel to show the obviousness of such a trivial modification.
Applicant then argues that “Martel’s filter is not configured to filter requests received from the hardware masters, by determining at least one indicator bit in response to receipt of a request from a hardware master, using at least a part of a master identifier identifying the hardware master, the indicator bit indicating whether the hardware master is allowed access to the security circuit, the master identifier being a hardware identifier received with the request through the communication protocol, the filter being configured to filter the requests based on the bit indicators determined for each request”; however, applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.  That is, the Examiner has mapped citations of Martel to the claim language as argued, and applicant has not described how the claim language is structurally or functionally distinct from the mapped elements of Martel.
Finally, applicant argues that Xu fails to disclose elements of claim 1; however, the Examiner notes that Xu was not relied upon in the rejection of independent claim 1.
Based on arguments presented by applicant, the Examiner surmises that applicant may be envisioning structure or function of the mailbox and security element that simply are not present in the claims.  Regardless, the Examiner respectfully submits that adding a security function to one of the slaves in Evans is a trivial and obvious modification, and that the broadest reasonable interpretation of the claims would read on such a modification.  Thus, the Examiner respectfully submits that the rejection is proper.


Claim Objections
Claims 1 and 15 are objected to because of inconsistent capitalization of “Security circuit”.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3 and 5-15 are rejected under 35 U.S.C. 103 as being unpatentable over Evans et al. (US Pre-Grant Publication No. 20030200451-A1, hereinafter “Evans”) in view of Martel et al. (US Patent No. 10691837-B1, hereinafter “Martel”).

With respect to independent claim 1, Evans discloses a System on Chip {paras. 0006 & 0039: “a single system chip”} comprising:
at least two hardware masters {para. 0039: “multiple functional masters 4101 … 410n”}.
a security circuit {para. 0039: “access control function 440”}.
a communication infrastructure for communication between the at least two hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol {para. 0039: “a bus-control 430” wherein “multiple functional masters 4101 … 410n which communicate via a bus-control 430” and “access control function 440 intercedes in the data path between bus control 430”}.
each hardware master being configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service {para. 0040: a “request from a master granted control by the bus control unit is sent to the access control function 440, along with the requested address and associated controls (read or write, etc.)”}, wherein the security circuit comprises a Secure Mailbox {paras. 0039 & 0057: “access control function 440”, wherein before the effective filing date of the claimed invention, it would have been obvious to one of ordinary to place buffers on all the interconnects in a manner similar to the DMA controller (“the data buffered in the DMA controller while transferring from one memory location to another”)}, the Secure Mailbox comprising:
a filter configured to filter a plurality of requests received from the at least two hardware masters, said filter being configured to determine at least one indicator bit, in response to each of the received requests, using at least a part of a master identifier identifying said respective hardware master, said indicator bit indicating whether said respective hardware master is allowed access to the [requested address], said respective master identifier being a hardware identifier received with each of the requests through the communication protocol, said filter being configured to filter the requests based on the bit indicators determined for each of the requests {para. 0040: “An access table 450 is used by unit 440 to compare the requested address, master id, and read or write indicator to a definition of allowed access capability for that master. The given request can either be blocked (terminated), allowed in the clear, or allowed with encryption/decryption”, the “indicator bit” reads on any of the provided value or whatever inherent bit structure is used to represent the decision to terminate or allow the requested access}.
the security circuit being further configured to execute the filtered requests {para. 0040: “If the requested transfer is allowable, then the bus signals are propagated to the slaves, and access parameters 460 associated with the request based on the access table are sent to an encryption/decryption engine 470, i.e., if encryption/decryption is applicable”}.
Although Evans teaches security circuity and an access table for determining whether a master is able to access a particular requested address with a corresponding control (read/write), Evans does not explicitly disclose that the accesses control mechanism is a mailbox providing access to security circuitry; however, Martel discloses:
each hardware master being configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service {col. 9, ll. 35-55: “peripheral processing system 106 of FIG. 1” and the attached peripherals}, wherein the security circuit comprises a Secure Mailbox {col. 9, ll. 35-55: “secure mailbox 360”}, the Secure Mailbox comprising:
a filter configured to filter a plurality of requests received from the at least two hardware masters, said filter being configured to determine at least one indicator bit, in response to each of the received requests, using at least a part of a master identifier identifying said respective hardware master, said indicator bit indicating whether said respective hardware master is allowed access to the Security circuit, said respective master identifier being a hardware identifier received with each of the requests through the communication protocol, said filter being configured to filter the requests based on the bit indicators determined for each of the requests {col. 9, ll. 35-55: “the filter 362 can permit write operations to the address assigned to the inbox portion of the secure mailbox 360 and read operations to the address assigned to the outbox portion of the secure mailbox 360”}.
the security circuit being further configured to execute the filtered requests {col. 9, l. 56 – col. 10, l. 5: “read/write operations issued by the SEP 260” in response to the requests}.

Evans and Martel are analogous art because they are from the same field of endeavor or problem-solving area of secure messaging between trusted components on a SoC.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Evans and Martel before him or her, to modify/develop the access control function of Evans’s system to utilize a secure mailbox isolating access to a secure enclave processor (SEP).  The suggestion and/or motivation for doing so would have been because it’s merely combining prior art elements according to known methods to yield predictable results, i.e. it enables the system to “tightly control access to the SEP 260 to increase the isolation of the SEP from the rest of the SoC” (Martel, col. 9, ll. 35-55).  Therefore, it would have been obvious to combine the access control function in Evans’s system with a secure mailbox isolating access to a secure enclave processor (SEP) to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 2, Evans discloses wherein the communication infrastructure comprises an interface interconnect and a communication bus, comprising an interconnect controller configured to manage the interface interconnect, the interconnect controller further managing the master identifiers {para. 0040: requests from masters are “granted control by the bus control unit”, the request associated with a “master id”}.

With respect to dependent claim 3, Martel discloses wherein the Secure Mailbox further comprises at least one Inbox for storing the filtered requests {col.9, ll. 35-55: “secure mailbox 360 may include an inbox”}.

With respect to dependent claim 5, Evans-Martel disclose wherein the Secure Mailbox further comprises at least one Outbox associated with one or more hardware masters, each Outbox associated with one or more hardware masters being configured to store the execution data related to the execution of the requests received from said one or more associated hardware masters {Martel, col.9, ll. 35-55: “the filter 362 can permit … read operations to the address assigned to the outbox portion of the secure mailbox 360”; Evans, para. 0039: “multiple functional masters 4101 … 410n”}.

With respect to dependent claim 6, Evans-Martel disclose wherein each Outbox is associated with a single hardware master {Martel, col.9, ll. 35-55: “the filter 362 can permit … read operations to the address assigned to the outbox portion of the secure mailbox 360”; Evans, para. 0039: “multiple functional masters 4101 … 410n”; address can be associated with one of the functional masters}.

With respect to dependent claim 7, Martel discloses wherein the Secure Mailbox comprises at least one Outbox associated with a set of hardware masters comprising at least two hardware masters {Martel, col.9, ll. 35-55: “the filter 362 can permit … read operations to the address assigned to the outbox portion of the secure mailbox 360”; Evans, para. 0039: “multiple functional masters 4101 … 410n”; address can be associated with one of the functional masters of the set of functional masters}.

With respect to dependent claim 8, Evans discloses wherein said filter is further configured to filter said requests using at least a part of said service identifier {para. 0040: “access table 450 is used by unit 440 to compare the requested … read or write indicator to a definition of allowed access capability for that master”}.

With respect to dependent claim 9, Evans discloses wherein the identifier of a hardware master comprises N bits, and wherein the filter comprises a set of memories, said memories comprising at least a first memory configured to receive as input an address corresponding to an identifier of a hardware master, in response to the receipt of a request from a hardware master identified by said master identifier, and to read in the memory at said address a 2N+1 word comprising at least one indicator bit indicating if the hardware master is allowed access to the Security circuit {para. 0040: “request from a master granted control by the bus control unit is sent to the access control function 440, along with the requested address and associated controls (read or write, etc.)” including a “master id”; note that the master id must comprise some finite number of bits and the word size to be read from memory is an arbitrary design choice - selecting a word size of 2N+1 (if not inherent) from any other word size is merely a change in bus size; See MPEP § 2144.04(IV)(A)}.

With respect to dependent claim 10, Evans discloses wherein the filter is further configured to filter a request received from a hardware master using at least a part of a cryptographic key if access to the service identified by the request is subject to execution of cryptographic operations using said cryptographic key, the security circuit further comprising at least one cryptographic engine configured to execute said cryptographic operations using said cryptographic key {paras. 0040, 0043, & 0046: “Key set pointer 461 which contains the index number of the key set to be used for any cryptographic operations”, wherein “the key set pointer 461 of the access parameters points to a given key”}.

With respect to dependent claim 11, Martel discloses wherein the identifier of a hardware master comprises N bits, and wherein the cryptographic key comprises M bits, and wherein the filter comprises a second memory configured to receive as input an address corresponding to a Service Identifier, in response to the receipt of a request from a hardware master comprising said service identifier, and to read in the second memory at said address a 2N+1 word indicating if the Service identified by said service identifier is accessible by the hardware master {col. 8, ll. 29-43 & col.9, ll. 35-55: “the filter 362 may permit read/write operations from the communication fabric (e.g., fabric 250 of FIG. 2) to enter the SEP 260 only if the operations address the secure mailbox 360”, wherein the address corresponds to the SEP service by way of the secure mailbox; also, “secure enclave processor (SEP) 260, which is a secure circuit configured to maintain user keys for encrypting and decrypting data keys associated with a user”; note that the cryptographic key must comprise some finite number of bits and the word size to be read from memory is an arbitrary design choice - selecting a word size of 2N+1 (if not inherent) from any other word size is merely a change in bus size; See MPEP § 2144.04(IV)(A)}.

With respect to dependent claim 12, Martel discloses wherein the filter comprises a third memory configured to receive as input an address corresponding to the cryptographic key, if access to the service identified by the request is subject to execution of cryptographic operations using said cryptographic key, and to read in the third memory at said address a 2N-1 word indicating if the key is allowed to the hardware master {col.9, ll. 35-55: “the filter 362 can permit write operations to the address assigned to the inbox portion of the secure mailbox 360 and read operations to the address assigned to the outbox portion of the secure mailbox 360. All other read/write operations may be discarded or blocked by the filter 362”, wherein access to the services of the SEP are associated with the address of the mailbox; also, “secure enclave processor (SEP) 260, which is a secure circuit configured to maintain user keys for encrypting and decrypting data keys associated with a user”; note that the cryptographic key must comprise some finite number of bits and the word size to be read from memory is an arbitrary design choice - selecting a word size of 2N-1 (if not inherent) from any other word size is merely a change in bus size; See MPEP § 2144.04(IV)(A)}.

With respect to dependent claim 13, Martel discloses wherein the security circuit comprises a counter configured to count a number of requests received by the security circuit from each hardware master between a predefined number of readings of the Outbox associated with said hardware master, the security circuit being configured to reject the requests received from this hardware master if the number of received requests is higher than a predefined threshold {col.9, ll. 35-55: “secure mailbox 360 may include an inbox a an outbox, which each may be first-in, first-out (FIFO) buffers. The FIFO buffers may have any size and can contain any number of entries”}.

With respect to dependent claim 14, Martel discloses wherein the security circuit further comprising at least one secure processor configured to execute the filtered requests, said secure processor being configured to deliver execution data related to the execution of said requests {col. 9, l. 56 – col. 10, l. 5: “read/write operations issued by the SEP 260” in response to the requests}.

With respect to claim 15, a corresponding reasoning as given earlier in this section with respect to claim 1 applies, mutatis mutandis, to the subject matter of claim 15; therefore, claim 15 is rejected, for similar reasons, under the grounds as set forth for claim 1.


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Evans et al. (US Pre-Grant Publication No. 20030200451-A1, hereinafter “Evans”) in view of Martel et al. (US Patent No. 10691837-B1, hereinafter “Martel”) and  Xu et al. (CN Patent Document No. 106685847-A, hereinafter “Xu”).

With respect to dependent claim 4, although Martel teaches mailboxes, Martel does not explicitly disclose that the mailboxes have priority; however, Xu discloses wherein at least some of the requests received from the hardware masters comprise a priority indicator, the security circuit comprising at least two Inboxes each associated with a priority level, the filter being configured to select an Inbox wherein to store a filtered request comprising a priority indicator, depending on the priority level assigned to the Inbox, the secure processor being configured to execute the requests stored in the Inboxes according to an order defined by the priority levels of the Inboxes {p. 3: “configuring the access terminal a message queue and message queue by the access terminal priority, then according to the priority scheduling queue of each queue, which can improve the user service experience”}.

Evans-Martel and Xu are analogous art because they are from the same field of endeavor or problem-solving area of mailboxes.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Evans-Martel and Xu before him or her, to modify/develop the mailbox of Evans-Martel’s system to utilize priority-based queues.  The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, i.e. enabling more urgent messages to take priority over non-urgent messages, “which can improve the user service experience” (Xu, p. 3).  Therefore, it would have been obvious to combine the mailbox in Evans-Martel’s system with priority-based queues to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 



Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is (571)270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/Primary Examiner, Art Unit 2491