DETAILED ACTION
This action is responsive to Remarks filed on June 14, 2022.
Claims 1, 4-8, 10-14 and 17-20 are pending and are presented to examination.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Response to Arguments
Applicants have argued that Kawazu, does not teach the limitations of independent claims 1, 8 and 14 (Remarks, pages 6-9). Applicants' arguments have been fully considered and are persuasive. Therefore, the rejection is withdrawn. However, upon further consideration, a new ground of rejection is made as set forth in details below. See Batke et al. (US Pub. No. 2012/0005480), art being made of record as applied herein.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 4, 6, 8, 10, 12-14, 17 and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Batke et al. (US Pub. No. 2012/0005480 – hereinafter Batke).
  	With respect to claim 1 (previously presented), Batke teaches a method for updating a client device (see paragraphs [0040], [0053] and figures 4, 8, firmware update procedure), comprising:     	receiving, by a client device, a software update and a certificate associated with the software update, wherein the software update includes a set of attributes (see figures 3, 7 (and related paragraphs) and paragraphs [0034], [0046], as shown, the certificate 300 may include a version field 310, a serial number field 314, a signature algorithm identifier 320, an issuer field 324, a validity field 330, a subject field 334, a key field 340, a hash field 344, a vendor ID 350, a product type 354, or a product code 360 (i.e. attributes). Build procedure 700 for generating separate binary files and certificates. It is noted that the firmware build procedure can be specific to a module's build environment. It is not required that all modules follow the exact same build procedure. The following shows the basic steps in an example build procedure 700 in order to support firmware signing. At 710, the build procedure produces (at least) 2 files: one file for the firmware image and another for the certificate. Each file generally corresponds to an instance. Using separate instances makes it possible to allow module downgrading to previous (non-signed) firmware revisions. In general, each firmware binary corresponds to a firmware component (e.g., boot, runtime, file system, and so forth). Each firmware binary/certificate pair are then associated. Thus, each firmware binary/certificate pair can be associated via a defined mechanism such as file name or file identifier. See figure 8 (and related paragraphs) and paragraph [0053], at 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth. Examiner notes: receiving/generating firmware update and certificate including attributes/scope values).   	verifying, by the client device, the certificate associated with the software update based on a stored public key of the client device (see paragraph [0019] and figure 1, certificates 130 can be created for previously-released, unsigned firmware, without modifying the existing firmware, where software tools at 180 can then verify the integrity of the firmware using the certificate. See paragraphs [0027]-[0033], the firmware signature mechanism as illustrated in the process 200 can be summarized as follows: A public/private key pair can be generated using secure means or components. The private key is used in creating the digital signature. The public key is used by modules in decrypting the signature. As part of the build procedure, the firmware image is run through an e.g., SHA-1, SHA-2, MD5, and so forth algorithm to generate a hash value. The build procedure creates a certificate that includes: The hash value for the firmware image Information to identify the module type or hardware revision for which the firmware was built. A digital signature, which is the hash value of the certificate itself, encrypted with the RSA algorithm using the private key. At firmware update time, the module receives the certificate containing the firmware's hash value and the certificate digital signature. The module computes the hash value of the certificate, decrypts the signature (e.g. using the public key), and compares the hash values. If the hash values match, then the certificate is valid (i.e. verifying the certificate). If not, the update is rejected. After receiving the entire firmware image, the module computes the hash value of the firmware and compares it to the value from the certificate. If the values don't match, the firmware update is rejected. See paragraph [0040], a firmware update utility (or utility) sends a certificate to a target module. At 420, a determination is made as to whether the certificate passes preliminary checks such as verifying that the certificate is appropriate for the type of module being updated. The vendor id 350, product type 354 and product code 360 can be verified at this point. If a problem is detected, the process proceeds to 430 where the update procedure is aborted. If the checks pass at 420, the process proceeds to 440 and sends the firmware binary corresponding to the certificate instance to the target module. At 450, the target calculates a hash of the firmware binary. At 460, a determination is made as to whether the binary hash matches the hash values computed in the certificate. See paragraphs [0053]-[0056], the following describes the operation of an example firmware update procedure, assuming the module has sufficient RAM to hold the incoming firmware image. At 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth. If the module has sufficient processing capability, the certificate signature should also be checked including: Decrypt the signature using the RSA public key to obtain the original hash value. Compute the hash value for the certificate (not including the signature field). Compare the hash value to that which was in the signature. If the values do not compare, the firmware update is rejected. See paragraphs [0057]-[0061], if the module does not have sufficient processing power to perform the above steps, such that software utility would time out, then the verification of the certificate can be performed at the end of the update, before burning flash. At 820, if the certificate passes the initial checks, it is stored in RAM. At 830, the module next receives the firmware image, which is read into RAM. At 840, when the firmware image is received, the module performs the following to verify the integrity of the firmware image: If not performed previously, decrypt the certificate signature, compute its hash value and compare to the original hash value in the signature. Compute the hash value of the firmware image and compare to that which is stored in the certificate. If the values do not match, reject the update as invalid. The firmware image can then be written to flash. It is desirable to also write the certificate to flash, since it could potentially be used to verify firmware integrity at startup (for those modules with sufficient compute power. Furthermore, see figures 1-8 (and related paragraphs). Examiner notes: verifying the certificate by decrypting the signature using the public key. All of the them are associated each other in the verifying process (e.g. signature, certificate and public/private key)).  	verifying, by the client device, a digital signature of the software update based on the certificate (see paragraphs [0040]-[0043] and figure 7 (and related paragraphs), a digital signature is an application of cryptography to ensure that a message (or document) has been sent by the identified sender. A digital signature typically involves the sender encrypting a hash of the message with the sender's private key. The receiver then decrypts the signature with the sender's public key. If the signature can successfully be decrypted (i.e., if the decrypted hash value matches the message hash value), then the receiver can be sure that the sender is the author of the message. An example of a standard digital signature system is the Digital Signature Standard (DSS). See paragraphs [0053]-[0056], the following describes the operation of an example firmware update procedure, assuming the module has sufficient RAM to hold the incoming firmware image. At 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth. If the module has sufficient processing capability, the certificate signature should also be checked including: Decrypt the signature using the RSA public key to obtain the original hash value. Compute the hash value for the certificate. Compare the hash value to that which was in the signature. If the values do not compare, the firmware update is rejected. See paragraphs [0057]-[0061], if the module does not have sufficient processing power to perform the above steps, such that software utility would time out, then the verification of the certificate can be performed at the end of the update, before burning flash. At 820, if the certificate passes the initial checks, it is stored in RAM. At 830, the module next receives the firmware image, which is read into RAM. At 840, when the firmware image is received, the module performs the following to verify the integrity of the firmware image: If not performed previously, decrypt the certificate signature, compute its hash value and compare to the original hash value in the signature. Compute the hash value of the firmware image and compare to that which is stored in the certificate. If the values do not match, reject the update as invalid. The firmware image can then be written to flash. It is desirable to also write the certificate to flash, since it could potentially be used to verify firmware integrity at startup (for those modules with sufficient compute power. Examiner notes: decrypting the signature to obtain the original hash value. Compute the hash value for the certificate. Compare the hash value to that which was in the signature). 
   	extracting an update scope value from the certificate (see figures 3-4 (and related paragraphs), table 1 and paragraphs [0034]-[0035], [0040], [0047]-[0051], digital certificate 300. Before proceeding, it is noted that the certificate 300 and the examples that are described herein are merely illustrative in nature and that it is to be appreciated that more or less fields may be provided in accordance with the claimed subject matter. As shown, the certificate 300 may include a version field 310, a serial number field 314, a signature algorithm identifier 320, an issuer field 324, a validity field 330, a subject field 334, a key field 340, a hash field 344, a vendor ID 350, a product type 354, or a product code 360. See paragraph [0053], the following describes the operation of an example firmware update procedure, assuming the module has sufficient RAM to hold the incoming firmware image. At 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth).   	comparing the update scope value against a corresponding attribute, of the set of attributes, of the software update, and either: applying the software update based on the comparing; or rejecting the software update based on the comparing (see paragraphs [0027]-[0033], [0053]-[0061], the firmware signature mechanism as illustrated in the process 200 can be summarized as follows: A public/private key pair can be generated using secure means or components. The private key is used in creating the digital signature. The public key is used by modules in decrypting the signature. As part of the build procedure, the firmware image is run through an e.g., SHA-1, SHA-2, MD5, and so forth algorithm to generate a hash value. The build procedure creates a certificate that includes: The hash value for the firmware image Information to identify the module type or hardware revision for which the firmware was built A digital signature, which is the hash value of the certificate itself, encrypted with the RSA algorithm using the private key. At firmware update time, the module receives the certificate containing the firmware's hash value and the certificate digital signature. The module computes the hash value of the certificate, decrypts the signature, and compares the hash values. If the hash values match, then the certificate is valid. If not, the update is rejected. After receiving the entire firmware image, the module computes the hash value of the firmware and compares it to the value from the certificate. If the values don't match, the firmware update is rejected. Examiner notes: comparing hash, product type, vendor id and so forth (i.e. attributes, e.g. version) in order to determine whether or not to reject the update).   	With respect to claim 4 (original), Batke teaches wherein the update scope value comprises a version number, wherein the corresponding attribute comprises a version number of the software update, and wherein the comparing comprises verifying the version number matches the version number of the software update (see figure 3, table 1 and paragraph [0034], certificate 300 and the examples that are described herein are merely illustrative in nature and that it is to be appreciated that more or less fields may be provided in accordance with the claimed subject matter. As shown, the certificate 300 may include a version field 310, a serial number field 314, a signature algorithm identifier 320, an issuer field 324, a validity field 330, a subject field 334, a key field 340, a hash field 344, a vendor ID 350, a product type 354, or a product code 360).  	With respect to claim 6 (original), Batke teaches wherein the update scope value is protected by a digital signature of the certificate (see figures 3, 8 (and related paragraphs) and paragraphs [0016], [0027]-[0034], [0043], [0052]-[0056], the following describes the operation of an example firmware update procedure, assuming the module has sufficient RAM to hold the incoming firmware image. At 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth. If the module has sufficient processing capability, the certificate signature should also be checked including: Decrypt the signature using the RSA public key to obtain the original hash value. Compute the hash value for the certificate (not including the signature field). Compare the hash value to that which was in the signature. If the values do not compare, the firmware update is rejected).
  	With respect to claim 8 (previously presented), Batke teaches a non-transitory program storage device comprising instructions stored thereon to cause one or more processors to:   	generate an update scope value, the update scope value defining an attribute for a software update, wherein the software update includes a set of attributes (see figures 3, 7 (and related paragraphs) and paragraphs [0034], [0046], as shown, the certificate 300 may include a version field 310, a serial number field 314, a signature algorithm identifier 320, an issuer field 324, a validity field 330, a subject field 334, a key field 340, a hash field 344, a vendor ID 350, a product type 354, or a product code 360 (i.e. attributes). Build procedure 700 for generating separate binary files and certificates. It is noted that the firmware build procedure can be specific to a module's build environment. It is not required that all modules follow the exact same build procedure. The following shows the basic steps in an example build procedure 700 in order to support firmware signing. At 710, the build procedure produces (at least) 2 files: one file for the firmware image and another for the certificate. Each file generally corresponds to an instance. Using separate instances makes it possible to allow module downgrading to previous (non-signed) firmware revisions. In general, each firmware binary corresponds to a firmware component (e.g., boot, runtime, file system, and so forth). Each firmware binary/certificate pair are then associated. Thus, each firmware binary/certificate pair can be associated via a defined mechanism such as file name or file identifier. See figure 8 (and related paragraphs) and paragraph [0053], at 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth. Examiner notes: receiving firmware update and certificate including attributes/scope values).  	generate a digital signature protecting update scope value (see the rejection of claim 1, and paragraphs [0027]-[0033] and figures 3, 7 (and related paragraphs), the firmware signature mechanism as illustrated in the process 200 can be summarized as follows: A public/private key pair can be generated using secure means or components. The private key is used in creating the digital signature. The public key is used by modules in decrypting the signature. As part of the build procedure, the firmware image is run through an e.g., SHA-1, SHA-2, MD5, and so forth algorithm to generate a hash value. The build procedure creates a certificate that includes: The hash value for the firmware image Information to identify the module type or hardware revision for which the firmware was built A digital signature, which is the hash value of the certificate itself, encrypted with the RSA algorithm using the private key. At firmware update time, the module receives the certificate containing the firmware's hash value and the certificate digital signature. The module computes the hash value of the certificate, decrypts the signature, and compares the hash values. If the hash values match, then the certificate is valid. If not, the update is rejected. After receiving the entire firmware image, the module computes the hash value of the firmware and compares it to the value from the certificate. If the values don't match, the firmware update is rejected. Examiner notes: generating the digital signature).  	generate a certificate including the digital signature and the update scope value for verifying a digital signature of the software update (see figures 3, 7 (and related paragraphs) and paragraphs [0034], [0046], as shown, the certificate 300 may include a version field 310, a serial number field 314, a signature algorithm identifier 320, an issuer field 324, a validity field 330, a subject field 334, a key field 340, a hash field 344, a vendor ID 350, a product type 354, or a product code 360 (i.e. attributes). Build procedure 700 for generating separate binary files and certificates. It is noted that the firmware build procedure can be specific to a module's build environment. It is not required that all modules follow the exact same build procedure. The following shows the basic steps in an example build procedure 700 in order to support firmware signing. At 710, the build procedure produces (at least) 2 files: one file for the firmware image and another for the certificate. Each file generally corresponds to an instance. Using separate instances makes it possible to allow module downgrading to previous (non-signed) firmware revisions. In general, each firmware binary corresponds to a firmware component (e.g., boot, runtime, file system, and so forth). Each firmware binary/certificate pair are then associated. Thus, each firmware binary/certificate pair can be associated via a defined mechanism such as file name or file identifier. See figure 8 (and related paragraphs) and paragraph [0053], at 810, the module first receives the update certificate. The certificate should at least be minimally checked for the proper vendor id, product type, product code, and so forth. Examiner notes: receiving/generating firmware update and certificate including attributes/scope values).  	and transmit, to a client device, the certificate and the update scope value, wherein update scope value is configured to allow the client device to compare the update scope value against a corresponding attribute, of the set of attributes, of the software update (see paragraphs [0027]-[0033], [0053]-[0061], the firmware signature mechanism as illustrated in the process 200 can be summarized as follows: A public/private key pair can be generated using secure means or components. The private key is used in creating the digital signature. The public key is used by modules in decrypting the signature. As part of the build procedure, the firmware image is run through an e.g., SHA-1, SHA-2, MD5, and so forth algorithm to generate a hash value. The build procedure creates a certificate that includes: The hash value for the firmware image Information to identify the module type or hardware revision for which the firmware was built A digital signature, which is the hash value of the certificate itself, encrypted with the RSA algorithm using the private key. At firmware update time, the module receives the certificate containing the firmware's hash value and the certificate digital signature. The module computes the hash value of the certificate, decrypts the signature, and compares the hash values. If the hash values match, then the certificate is valid. If not, the update is rejected. After receiving the entire firmware image, the module computes the hash value of the firmware and compares it to the value from the certificate. If the values don't match, the firmware update is rejected. Examiner notes: comparing hash, product type, vendor id and so forth (i.e. attributes) in order to determine whether or not to reject the update).   	With respect to claim 10, Batke teaches wherein the update scope value comprises a certificate update version number and wherein the corresponding attribute comprises a version number of the software update, and wherein the instruction further cause the one or more processors to verify the version number matches the version number of the software update (see paragraphs [0027]-[0033], [0053]-[0061], the firmware signature mechanism as illustrated in the process 200 can be summarized as follows: A public/private key pair can be generated using secure means or components. The private key is used in creating the digital signature. The public key is used by modules in decrypting the signature. As part of the build procedure, the firmware image is run through an e.g., SHA-1, SHA-2, MD5, and so forth algorithm to generate a hash value. The build procedure creates a certificate that includes: The hash value for the firmware image Information to identify the module type or hardware revision for which the firmware was built A digital signature, which is the hash value of the certificate itself, encrypted with the RSA algorithm using the private key. At firmware update time, the module receives the certificate containing the firmware's hash value and the certificate digital signature. The module computes the hash value of the certificate, decrypts the signature, and compares the hash values. If the hash values match, then the certificate is valid. If not, the update is rejected. After receiving the entire firmware image, the module computes the hash value of the firmware and compares it to the value from the certificate. If the values don't match, the firmware update is rejected. See figure 3, table 1 and paragraph [0034], certificate 300 and the examples that are described herein are merely illustrative in nature and that it is to be appreciated that more or less fields may be provided in accordance with the claimed subject matter. As shown, the certificate 300 may include a version field 310, a serial number field 314, a signature algorithm identifier 320, an issuer field 324, a validity field 330, a subject field 334, a key field 340, a hash field 344, a vendor ID 350, a product type 354, or a product code 360). Examiner notes: comparing hash, product type, vendor id and so forth (i.e. attributes/version) in order to determine whether or not to reject the update).   	With respect to claim 12, the claim is directed to a non-transitory program storage device that corresponds to the method recited in claim 6, respectively (see the rejection of claim 6 above; wherein Batke also teaches such storage device in paragraph [0053], (e.g. RAM)).
	With respect to claim 13 (original), Batke teaches wherein software update comprises a firmware update (see paragraphs [0040], [0053] and figures 4, 8, firmware update procedure).  	With respect to claims 14, 17 and 19, the claims are directed to a device that corresponds to the method recited in claims 1, 4 and 6, respectively (see the rejection of claims 1, 4 and 6 above; wherein Batke also teaches such a device in figure 1 and paragraph [0017]).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

  	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 5, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Batke et al. (US Pub. No. 2012/0005480) in view Puhl et al. (US Pat. No. 6,223,291 – hereinafter Puhl).
  	With respect to claim 5 (original), Batke is silent to disclose wherein the update scope value comprises a range of version numbers, wherein the corresponding attribute comprises a version number of software update, and wherein the comparing comprises verifying the version number of the software update is within the range of version numbers.  	However, in an analogous art, Puhl teaches wherein the update scope value comprises a range of version numbers, wherein the corresponding attribute comprises a version number of software update, and wherein the comparing comprises verifying the version number of the software update is within the range of version numbers (see column 9 lines 12-18, the name for the content item satisfies a predefined rule of a digital license certificate associated with the unique identifier for the wireless device, for example it falls within a range of permitted version numbers identifying it as an upgrade of a content item pre-associated with the digital license certificate. Furthermore, see column 5 lines 32-47, the purpose of the certificate is to bind (i.e associate) the software product to a particular name (e.g. software product name and major version number). This association may be in the form of a look-up list of product names associated with the certificate of a product name and a predefined rule identifying permitted new product names (e.g. Browser version 1. x permits all future versions of Browser between version 1.0 and version 2.0). The certificate contains the name of the software along with a hash of the software product. Anyone wishing to validate the integrity of the software can hash the software and compare it to the one found in the Product Certificate. The certificate is signed by the Software Server. The Software Server itself has a Public Key Certificate signed by the CA, so a line of trust is maintained).
  	Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Batke’s teaching, which set forth a method for installing embedded firmware. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware, by verifying a version number of the software update is within a range of version numbers as suggested by Puhl, as Puhl would provide an enhanced mechanism to validate the integrity of the software/update.  	With respect to claim 11, the claim is directed to a non-transitory program storage device that corresponds to the method recited in claim 5, respectively (see the rejection of claim 5 above).  	With respect to claim 18, the claim is directed to a device that corresponds to the method recited in claim 5, respectively (see the rejection of claim 5 above).

Claims 7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Batke et al. (US Pub. No. 2012/0005480) in view Haase (US Pub. No. 2019/0108009).
  	With respect to claim 7 (original), Batke is silent to disclose wherein the stored public key of the client device comprises a public key of a manufacturer of the client device.  	However, in an analogous art, Haase teaches wherein the stored public key of the client device comprises a public key of a manufacturer of the client device (see paragraphs [0004], [0015], [0018], updating firmware for an embedded device having a public key stored thereon. The method initiates a connection between the embedded device and a storage device. The storage device has a controller, a memory and a private key associated with a manufacturer of the embedded device. At the embedded device, a firmware update on the storage device is detected. The stored public key is received from the embedded device at the controller of the storage device. The stored public key is verified using the controller and the private key associated with the manufacturer of the embedded device on the storage device. The firmware update is read from a memory of a storage device using the controller on the storage device. And upon verification of the stored public key, the firmware is updated on the embedded device).
  	Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Batke’s teaching, which set forth a method for installing embedded firmware. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware, by using a public key of a manufacturer of the client device as suggested by Haase, as Haase would provide an enhanced mechanism to validate the integrity of the software/update.   	With respect to claim 20, the claim is directed to a device that corresponds to the method recited in claim 7, respectively (see the rejection of claim 7 above).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.   	Katano et al. (US Pub. No. 2008/0120610) disclose an update firmware that is stored as one binary file. The binary file includes firmware data necessary for operating a controller unit and root certificate data necessary for a printer apparatus to establish secure communication with a content server. Specific information in the root certificate data is extracted from the update firmware, and the extracted specific information is used to update a management table of the root certificate provided in a RAM. With this configuration, it is possible for an information processing apparatus to reliably acquire and update the root certificate data without greatly changing the original functional configuration (see abstract).   
   	Mersh (US Pub. No. 2018/0285602) uses a data processing device with a processor, a memory and an access control mechanism, the device having secure and non-secure modes, the memory having secure and non-secure regions, the secure region containing cryptographic data, and the access control mechanism preventing the processor from reading the cryptographic data when the device is operating in the non-secure mode. Also, methods of manufacturing and authenticating such a device, manufacturing an item of electronic equipment that includes such a device, a computer program for storing data on such a device, secure data processing hardware including such a computer program and a method of updating data stored in an item of electronic equipment including such a data processing device (see abstract).
   	Brockhaus et al. (US Pub. No. 2018/0211025) set forth an apparatus for using a certificate on a device is proposed, including a processing unit for generating a certificate request and a transmitter-receiver unit for transmitting the generated certificate request to a first external computing unit, which is configured to generate a certificate for the device and to allow a second external computing unit to re-sign the certificate with an additional manufacturer's signature, and for receiving the re-signed certificate from the external computing unit. The processing unit is further configured to check the manufacturer's signature based on information stored in the device and to use the certificate depending on a result of the check. Furthermore, a system and a corresponding method are proposed (see abstract).
  	Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Anibal Rivera Cruz whose telephone number is (571) 270-1200.  The examiner can normally be reached on EST. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANIBAL RIVERA/Primary Examiner, Art Unit 2192