DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the supplemental after final amendment dated June 3, 2022.
In the supplemental after final amendment dated on June 3, 2022, claims 27-28, 35 and 42 have been amended, claims 30, 37 and 44 has been canceled and all other claims are previously presented.
Claims 25, 27-28, 31-35, 38-42 and 45-48 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was discussed in a telephonic interview with Mr. Corey Mack, on June 30, 2022.  During a subsequent telephonic interview, Mr. Corey Mack agreed and authorized the examiner to further amend Claims 25, 27-28, 31, 35, 38, 42 and 45 to the supplemental after final amendment dated on 06/03/2022.
The Examiner’s Amendment is made to the claims of the supplemental after final amendment dated on 06/03/2022, as follows:
Claim 25: (Currently Amended)
An electronic processing system, comprising:
a processor;
persistent storage media communicatively coupled to the processor; 
a reconfigurable device communicatively coupled to the processor over a physically isolated trusted communication channel;
a secure provisioner communicatively coupled to the processor and the reconfigurable device to provision a secure storage area and to securely store a remotely generated bitstream security key in the provisioned secure storage area, wherein the secure provisioner is further to:
partition an enclave for the secure storage area;
associate an enclave identifier with the enclave; and
provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication channel; and
a device configurer to configure the reconfigurable device with a remotely generated bitstream and the remotely generated bitstream security key, wherein the remotely generated bitstream is to be encoded with the enclave identifier and encrypted with the remotely generated bitstream security key[[.]], wherein the remotely generated bitstream and the remotely generated bitstream security key are obtained by the secure provisioner via a secure communication channel and provided over the physical isolated trusted communication channel to configure the reconfigurable device.

	Claim 26: (Canceled)

Claim 27: (Currently Amended)
The system of claim 25, further comprising a source system to:SUPPLEMENTAL AMENDMENT AND RESPONSEPage 3 Serial Number: 16/614,236Dkt: P116022PCT-US Filing Date: November 15, 2019  
establish [[a]] the secure communication channel between the source system and the secure provisioner;
remotely generate a bitstream security key at the source system for the remotely generated bitstream security key; and 
provide the remotely generated bitstream security key to the secure provisioner over the secure communication channel.

Claim 28: (Currently Amended)
A configurable apparatus, comprising:
a configurable device;
a secure provisioner communicatively coupled to the configurable device to provision a secure storage area and to securely store a remotely generated bitstream security key in the provisioned secure storage area;
a secure communicator communicatively coupled to the configurable device and the secure provisioner to establish a physically isolated trusted communication path between the provisioned secure storage area and the configurable device, wherein the secure provisioner is further to:
partition an enclave for the secure storage area;
associate an enclave identifier with the enclave; and
provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication path; and
a device configurer communicatively coupled to the configurable device to configure the configurable device with a remotely generated bitstream and the remotely generated bitstream security key, wherein the remotely generated bitstream is to be encoded with the enclave identifier and encrypted with the remotely generated bitstream security key[[.]], wherein the remotely generated bitstream and the remotely generated bitstream security key are obtained by the secure provisioner via a secure communication channel and provided over the physical isolated trusted communication path to configure the configurable device.

Claim 29: (Canceled)

Claim 30: (Canceled)

Claim 31: (Currently Amended)
The apparatus of claim 28, further including a source system to:
establish [[a]] the secure communication channel between the source system and the secure provisioner; 
remotely generate a bitstream security key at the source system for the remotely generated bitstream security key; and 
provide the remotely generated bitstream security key to the secure provisioner over the secure communication channel.

Claim 32: (Previously Presented)
The apparatus of claim 31, wherein the source system further comprises:
a bitstream encoder to remotely encode the bitstream with the enclave identifier at the source system; and 
a bitstream encrypter to remotely encrypt the bitstream with the bitstream security key at the source system.

Claim 33: (Previously Presented)
The apparatus of claim 28, wherein the configurable device comprises a reconfigurable device.

Claim 34: (Previously Presented)
The apparatus of claim 33, wherein the reconfigurable device comprises a field programmable gate array device.

Claim 35: (Currently Amended)
A method of configuring a device, comprising:
provisioning a secure storage area;
securely storing a remotely generated bitstream security key in the provisioned secure storage area;
establishing a physically isolated trusted communication path between the provisioned secure storage area and a configurable device, including:
partitioning an enclave for the secure storage area;
associating an enclave identifier with the enclave; and
pSUPPLEMENTAL AMENDMENT AND RESPONSEPage 5Serial Number: 16/614,236Dkt: P116022PCT-USFiling Date: November 15, 2019roviding the enclave identifier to the configurable device over the physically isolated trusted communication path; and
configuring the configurable device with a remotely generated bitstream and the remotely generated bitstream security key, wherein the remotely generated bitstream is to be encoded with the enclave identifier and encrypted with the remotely generated bitstream security key[[.]], wherein the remotely generated bitstream and the remotely generated bitstream security key are obtained by the provisioned secure storage area via a secure communication channel and provided over the physical isolated trusted communication path to configure the configurable device.

Claim 36: (Canceled)

Claim 37: (Canceled)

Claim 38: (Currently Amended)
The method of claim 35, further comprising:
establishing [[a]] the secure communication channel between a source system and the provisioned secure storage area;
remotely generating a bitstream security key at the source system for the remotely generated bitstream security key; and
providing the remotely generated bitstream security key to the provisioned secure storage area over the secure communication channel.

Claim 39: (Previously Presented)
The method of claim 38, further comprising: remotely encoding the bitstream with the enclave identifier at the source system; and 
remotely encrypting the bitstream with the bitstream security key at the source system.

Claim 40: (Previously Presented)
The method of claim 35, wherein the configurable device comprises a reconfigurable device.

Claim 41: (Previously Presented)
The method of claim 40, wherein the reconfigurable device comprises a field programmable gate array device.

Claim 42: (Currently Amended)
At least one non-transitory computer readable medium, comprising a set of instructions, which when executed by a computing device cause the computing device to:
provision a secure storage area; 
securely store a remotely generated bitstream security key in the provisioned secure storage area;
establish a physically isolated trusted communication path between the provisioned secure storage area and a configurable device, including:
partition an enclave for the secure storage area;
associate an enclave identifier with the enclave; and
provide the enclave identifier to the configurable device over the physically isolated trusted communication path; and
configure the configurable device with a remotely generated bitstream and the remotely generated bitstream security key, wherein the remotely generated bitstream is to be encoded with the enclave identifier and encrypted with the remotely generated bitstream security key[[.]], wherein the remotely generated bitstream and the remotely generated bitstream security key are obtained by the provisioned secure storage area via a secure communication channel and provided over the physical isolated trusted communication path to configure the configurable device.

Claim 43: (Canceled)
Claim 44: (Canceled)

Claim 45: (Previously Presented)
The at least one non-transitory computer readable medium of claim 42, comprising a further set of instructions, which when executed by a computing device cause the computing device to:
establish [[a]] the secure communication channel between a source system and the provisioned secure storage area;
remotely generate a bitstream security key at the source system for the remotely generated bitstream security key; and
provide the remotely generated bitstream security key to the provisioned secure storage area over the secure communication channel.

Claim 46: (Previously Presented)
The at least one non-transitory computer readable medium of claim 45, comprising a further set of instructions, which when executed by a computing device cause the computing device to: 
remotely encode the bitstream with the enclave identifier at the source system; and 
remotely encrypt the bitstream with the bitstream security key at the source system.

Claim 47: (Previously Presented)
The at least one non-transitory computer readable medium of claim 42, wherein the configurable device comprises a reconfigurable device.

Claim 48: (Previously Presented)
The at least one non-transitory computer readable medium of claim 47, wherein the reconfigurable device comprises a field programmable gate array device.

ALLOWED CLAIMS
Claims 25, 27-28, 31-35, 38-42 and 45-48 are allowed.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
Independent Claims 25, 28, 35 and 42 are allowed based on the supplemental after final amendment presented dated on June 03, 2022 and the examiner’s amendment dated on June 30, 2022. In particular, the examiner’s amendment dated on June 30, 2022, has the independent claims amended to provide the necessary clarification and description on how the remotely generated bitstream and the remotely generated bitstream security key are received and provided to configure the [re]configurable device.
Specifically, the further amended independent claim 25 now recites limitations as follows:
“An electronic processing system, comprising:
a processor;
persistent storage media communicatively coupled to the processor; 
a reconfigurable device communicatively coupled to the processor over a physically isolated trusted communication channel;
a secure provisioner communicatively coupled to the processor and the reconfigurable device to provision a secure storage area and to securely store a remotely generated bitstream security key in the provisioned secure storage area, wherein the secure provisioner is further to:
partition an enclave for the secure storage area;
associate an enclave identifier with the enclave; and
provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication channel; and
a device configurer to configure the reconfigurable device with a remotely generated bitstream and the remotely generated bitstream security key, wherein the remotely generated bitstream is to be encoded with the enclave identifier and encrypted with the remotely generated bitstream security key, wherein the remotely generated bitstream and the remotely generated bitstream security key are obtained by the secure provisioner via a secure communication channel and provided over the physical isolated trusted communication channel to configure the reconfigurable device.”
The cited reference by Grieco et al. (US 2014/0344581) discloses securely upgrading a field programmable circuit, e.g., a Field Programmable Gate Array (FPGA), in a device that has been deployed to a customer site. A plurality of keys is stored in the device, e.g., public, private, and/or symmetric keys. The keys are used to authenticate and decrypt a newly received FPGA software image upgrade. The image upgrade is re-encrypted using one of the stored keys and stored in the computing device. The device is booted and the encrypted image upgrade is loaded into the field programmable circuit. The encrypted image upgrade is decrypted to obtain the image upgrade for execution on the field programmable circuit (See abstract).
The cited reference by Riera et al. (US 9,311,506) discloses a method for storing and transmitting data across a computer network to one or more destinations is disclosed including storing source data on a secure data storage of a secondary device connected to a computing device. (Abstract). The reference further discloses providing a physically isolated trusted channel/path between system components (Col. 3, lines 40-45 and 64-67).
The cited reference by Langhammer (US 2016/0248588) discloses circuits, methods, and apparatus for storing application data, keys, authorization codes, or other information in a volatile memory on an FPGA. A field programmable gate array (FPGA) can include multiple memory blocks and partition those blocks among multiple independent reconfigurable regions. Access to the memory blocks can then be restricted so that only authorized regions have access to particular memory partitions. In addition, each partition can store multiple message authentication codes (MACs) for further controlling access to data in each partition. (Abstract).
Updated searches have been conducted on the amended claims and yielded the following pertinent reference(s):
Tang et al. (US 7,675,313) discloses a method of providing data security for a programmable logic device (PLD) includes programming a plurality of programmable fuses that stores a security key; comprising a plurality of data bit values, wherein each data bit value is associated with a respective subset of at least three of the fuses. The security key is retrieved from the fuses using the data bit values stored by each subset of the fuses. An encrypted configuration data bitstream is decrypted using the retrieved security key to obtain an original configuration data bitstream to configure the PLD.
Streicher et al. (US 7,984,292) discloses circuits, methods, and apparatus that prevent detection and erasure of a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a user key in order to prevent its detection. In a specific embodiment, the user key is masked by software that performs a function on it a first number of times. The result is used to encrypt a configuration bitstream. The user key is also provided to an FPGA or other device, where the function is performed a second number of times and the result stored. When the device is configured, the result is retrieved, the function is performed on it the first number of times less the second number of times and then it is used to decrypt the configuration bitstream.
The combination of the above-mentioned references teaches the various claimed unit in the independent claim 25. However, each of the cited references or references from the updated searches, at least, fails to teach or suggest the limitations regarding “… partition an enclave for the secure storage area; associate an enclave identifier with the enclave; and provide the enclave identifier to the reconfigurable device over the physically isolated trusted communication channel; and a device configurer to configure the reconfigurable device with a remotely generated bitstream and the remotely generated bitstream security key, wherein the remotely generated bitstream is to be encoded with the enclave identifier and encrypted with the remotely generated bitstream security key, wherein the remotely generated bitstream and the remotely generated bitstream security key are obtained by the secure provisioner via a secure communication channel and provided over the physical isolated trusted communication channel to configure the reconfigurable device”, in combination with the rest of the limitations recited in the independent claim 25.  That is, neither the previous cited prior-art references nor reference(s) identified from the updated search would, either singularly or in combination, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 25 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Independent claim 28 is an apparatus claim reciting similar limitations of the above system claim 25, and therefore, it is also allowed.
Independent claim 35 is a method claim corresponding to the above independent claim 28, and therefore, it is also allowed.
Independent Claim 42 is a non-transitory computer readable medium claim corresponding to the above independent claim 28, and therefore, it is also allowed.
Claim 27 depends to the allowed independent claim 25, and therefore, it is also allowed.
Claims 31-34 depends to the allowed independent claim 28, and therefore, they are also allowed.
Claims 38-41 depends to the allowed independent claim 35, and therefore, they are also allowed.
Claims 45-48 depend to the allowed independent claim 42, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498