Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions.
This office action is in response to the Arguments/Remarks filed on 06/16/2022. Claims 1, 3, 5 – 10, 14, and 17 – 20 have been amended. Claims 1 – 20 are pending for consideration. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 06/16/2022 has been entered.

Response to Arguments
Applicant’s arguments/remarks filed on 06/16/2022 (hereafter Remarks) with respect to claims 1 – 20 have been fully considered but they are not persuasive. 
On p. 8 of Remarks Applicant stated that In Kang, the deobfuscation function is not based at least in part on an identifier, wherein the identifier is generated based at least in part on an architectural modification of the programmable device, as per claim 1. In addition, in Kang, the obfuscated code being deobfuscated (the alleged obfuscated bitstream) is not obfuscated based at least in part on the identifier of the programmable device, as per amended claim 1. 
Examiner respectfully notes that limitation related to the obfuscation / de-obfuscation based on the identifier is disclosed by Negahdar in Para. [0018, 0024, 0038] as indicated in the OA bellow (Negahdar, in Para. [0018] discloses “The obfuscation engine may fetch the unique identifier of the SoC from the SoC and may use the unique identifier as part of the seed to generate the obfuscation key.” Negahdar, in Para. [0024] discloses “The de-obfuscation key may be a key generated by the de-obfuscation engine from the unique identifier of the SoC 305.” Negahdar, in Para. [0038] discloses “The encrypted unique identifier may be retrieved, for example, by a de-obfuscation engine of the cable modem 105 (e.g., de-obfuscation engine 320 of FIG. 3).”).
On p. 9 of the Remarks Applicant stated that Kang does not disclose at least the claimed configuration of "a third circuit configured to receive through the external interface a bitstream, wherein the bitstream is obfuscated based at least in part on the identifier," and "a fourth circuit Appl. No. 16/081,027Response dated June 16, 2022configured to perform a de-obfuscating function on the received bitstream, wherein the de- obfuscating function is based at least in part on the identifier," wherein "the identifier is generated based at least in part on an architectural modification of the programmable device." In addition, as admitted in the Office Action, Krumel and Busser do not cure these deficiencies of Kang. 
 Examiner respectfully disagrees. The third/forth circuits are identified as circuits having different configurations. A specific circuit configuration in PLD is achieved by configuring individual circuit components according a preprogram/code, e.g. per fuses, as disclosed by Negahdar [0011] and Busser [0035]. Circuit configurations performing different functions correspond to different steps of Kang, as depicted in Figs. 4, 5. Accordingly, a third circuit, i.e. receiving/detection, is met by operation at step 411, and a fourth circuit, i.e. de-obfuscation, is met by operations at steps 405, 413 of Kang, as indicated in OA. The disputed limitation is disclosed by a combination Kang-Negahdar.
Other arguments are moot in view of new ground of rejection. Accordingly, rejection under 103 is maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 8 and 12 – 16 are rejected under 35 U.S.C. 103 as being unpatentable over Krumel (US 2002/0080771 A1) (hereafter Krumel), in view of Busser et al. (US 2018/0203709 A1) (hereafter Busser), in view of Kang et al. (US 2010/0024033 A1) (here after Kang), and in view of Negahdar et al. (US 2017/0262637).

Regarding claim 1 Krumel teaches: A programmable device, comprising: an external interface[[:]], (Krumel, in Para. [0077] discloses “Such embodiments may be considered to provide an external interface, for instance, to the Internet, to external network 12, and one or more internal network interfaces, such as to internal network 20 and/or to bastion network 15” Krumel, in Para. [0093] discloses “This approach preferably utilizes a programmable logic device (PLD) that includes low latency, high-speed ROM and RAM blocks”), 
[a first circuit configured to generate an identifier, wherein the identifier is generated based at least in part on an architectural modification of the programmable device;](Busser) 
a second circuit configured to transmit through the external interface at least one response to one or more messages received through the external interface, wherein at least a portion of the at least one response is based at least in part on the identifier (Examiner note: information, i.e. data/messages, transfer through the network interface is met by the configurable network update transport protocol (PNUT) controlling network traffic; as noted above, the PNUT includes identification information) (Krumel, in Para. [0007] discloses “The present invention provides what is referred to herein as a PLD-based network update transport (PNUT) protocol that preferably utilizes UDP or other protocols for transmitting update or other commands or information over a packet-based or IP network.” Krumel, in Para. [0056] discloses “PNUT type commands may be transmitted between an update station and a PNUT-enabled device in accordance with the present invention” Krumel, in Para [0153] discloses “Thus, packet generator 354 provides transmit commands which specify message data by generating the standard protocol for the particular network and PNUT packet headers.”); 
[a third circuit configured to receive through the external interface a bitstream,] (Kang)
 [wherein the bitstream is obfuscated based at least in part on the identifier; and] (Negahdar) 
[a [[third]] fourth circuit configured to perform a de-obfuscating function on [[a]] the received bitstream,] (Kang) 
[wherein the de-obfuscating function is based at least in part on the identifier.] (Negahdar)
Krumel fails to explicitly teach: a first circuit configured to generate an identifier, wherein the identifier is generated based at least in part on an architectural modification of the programmable device;
Busser from the analogous technical field teaches: a first circuit configured to generate an identifier, wherein the identifier is generated based at least in part on an architectural modification of the programmable device (Examiner note: the first configurable, i.e. programmable, circuit is met by the device 200 containing programmable circuit elements) (Busser, in Para. [0009] discloses “The method according to embodiments of the invention for the generation of a device-specific identifier in a device (200) which contains at least one programmable circuit element (210) and whose circuit consists of individual components that are configured by loading a bitstream”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, in view of the teaching of Busser which discloses generation of an identifier via programming, i.e. architectural modification, of the programmable circuit element of PLD in order to improve protection of the PLD (Busser, [0009]).
Krumel, as modified by Busser, fails to explicitly teach: a third circuit configured to receive through the external interface a bitstream
a [[third]] fourth circuit configured to perform a de-obfuscating function on [[a]] the received bitstream
Kang from the analogous technical field teaches: a third circuit configured to receive through the external interface a bitstream 
a fourth circuit configured to perform a de-obfuscating function on the received bitstream
(Examiner note: a code to be executed is a stream of data in binary form, i.e. a bitstream; according to definition of the programmable logic device/circuit, and as disclosed in Para. [0006], the configuration, i.e. programming of the relevant device/circuit can be performed per plenty of fuses blown according to a predefined code, therefore the circuit-based obfuscation limitation is met by the code-based obfuscation of Kang; a third circuit, i.e. receiving/detection, is met by operation at step 411, and a fourth circuit, i.e. de-obfuscation, is met by operations at steps 405, 413) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.” Kang, in Para. [0057] discloses “The obfuscated code is deobfuscated using the deobfuscation function inserted into the source code (step 413). Kang, in Para. [0060] discloses “Upon determining that the obfuscated code is found, a dangerous script function using the obfuscated code is identified (step 503)).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to further improve protection of the programmable devices (Kang, [0048, 0057, 0060]).
Krumel, as modified by Busser and Kang, fails to explicitly teach: wherein the bitstream is obfuscated based at least in part on the identifier; and
wherein the de-obfuscating function is based at least in part on the identifier
Negahdar from the analogous technical field teaches: wherein the bitstream is obfuscated based at least in part on the identifier (Examiner note: SoC stands for a system on a chip) (Negahdar, in Para. [0018] discloses “The obfuscation engine may fetch the unique identifier of the SoC from the SoC and may use the unique identifier as part of the seed to generate the obfuscation key.”);
wherein the de-obfuscating function is based at least in part on the identifier
(Examiner note: usage of identifier for de-obfuscation is demonstrated by Negahdar in Figs. 3, 5) (Negahdar, in Para. [0024] discloses “The de-obfuscation key may be a key generated by the de-obfuscation engine from the unique identifier of the SoC 305.” Negahdar, in Para. [0038] discloses “The encrypted unique identifier may be retrieved, for example, by a de-obfuscation engine of the cable modem 105 (e.g., de-obfuscation engine 320 of FIG. 3).”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser and Kang, in view of the teaching of Negahdar, which discloses obfuscation/de-obfuscation using identifiers in order to further improve protection of the programmable devices (Negahdar, [0018, 0024, 0038]).

Regarding claim 2 Krumel, as modified by Busser, Kang, and Negahdar teaches: The programmable device of claim 1, wherein the programmable device is a field programmable gate array (FPGA) (Examiner note: as noted above, the PLD stands for a programmable logic device) (Krumel, in Para. [0141] discloses “the PLD or FPGA (consisting of one or a plurality of PLD or FPGA devices) utilizes a plurality of logic areas, one or more of which may be updated with the new configuration data.”).

Regarding claim 4 Krumel, as modified by Busser, Kang, and Negahdar teaches: The programmable device of claim 1, wherein: at least a portion of the identifier has a value that varies over time (Examiner note: as noted above, the PNUT includes identifier; the PNUT comprises a time-dependent component) (Krumel, in Para. [0132] discloses “It should be noted that PNUT-enabled device 268 desirably may wait a predetermined or other amount of time, such as 3 seconds, for a processed command packet from update station 274 in order to confirm that the configuration data had been correctly received by update station 274.”).

Regarding claim 5 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The programmable device of claim 1, wherein: the [[third]] fourth circuit comprises at least one sub-circuit configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier (Examiner note: the fourth circuit is met by the device 200 containing several programmable circuit units, and a sub-circuit is met by the encoding unit 240) (Busser, in Para. [0087] discloses “The device 200 can also be formed as a third device…The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel as modified by Kang, in view of the teaching of Busser which discloses a bit permutation procedure of a bitstream associated (identified) to a specific device in order to improve device access security (Busser, [0087, 0088]). 

Regarding claim 6 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The programmable device of claim 5, wherein: 2 of 10 LEGAL02/41707891v1Appl. No. 16/081,027 Response dated June 16, 2022 the [[third]] fourth circuit comprises a plurality of sub-circuits, connected in series, wherein each of the plurality of sub-circuits is configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier.
Busser from the analogous technical field teaches: The programmable device of claim 5, wherein: 2 of 10 LEGAL02/41707891v1Appl. No. 16/081,027 Response dated June 16, 2022 the [[third]] fourth circuit comprises a plurality of sub-circuits, connected in series, wherein each of the plurality of sub-circuits is configured to selectively permutate the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier (Examiner note: as noted above, the fourth circuit is met by the device 200 containing several programmable circuit units and the sub-circuit is met by the encoding unit 240; the coding system may comprise a plurality of units 240) (Busser, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Busser, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Kang, in view of the teaching of Busser, which discloses a bit permutation procedure of a bitstream associated (identified) to the specific device comprising a plurality of encoding units (i.e. cub-circuits) in order to improve device operation security (Busser, [0087, 0088, 0092]).

Regarding claim 7 Krumel teaches: A method of securely programming a programmable device, the method comprising: generating an identifier by the programmable device (Krumel, in Para. [0077] discloses “Such embodiments may be considered to provide an external interface, for instance, to the Internet, to external network 12, and one or more internal network interfaces, such as to internal network 20 and/or to bastion network 15” Krumel, in Para. [0093] discloses “This approach preferably utilizes a programmable logic device (PLD) that includes low latency, high-speed ROM and RAM blocks”),
Krumel fails to explicitly teach: wherein the identifier is generated based at least in part on an architectural modification of the programmable device; 
Busser from the analogous technical field teaches: wherein the identifier is generated based at least in part on an architectural modification of the programmable device (Examiner note: as noted above, the first configurable, i.e. programmable, circuit is met by the device 200 containing programmable circuit elements) (Busser, in Para. [0009] discloses “The method according to embodiments of the invention for the generation of a device-specific identifier in a device (200) which contains at least one programmable circuit element (210) and whose circuit consists of individual components that are configured by loading a bitstream”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, in view of the teaching of Busser which discloses generation of an identifier via programming, i.e. architectural modification, of the programmable circuit element of PLD in order to improve protection of the PLD (Busser, [0009]).
Krumel, as modified by Busser, fails to explicitly teach: obtaining the identifier, obfuscating a bitstream
 based at least in part on the identifier; 
and sending the obfuscated bitstream to the programmable device, 
wherein the obfuscated bitstream is de-obfuscated based at least in part on the identifier.
Kang from the analogous technical field teaches: obtaining the identifier, obfuscating a bitstream
 [based at least in part on the identifier;] 
and sending the obfuscated bitstream to the programmable device, 
[wherein the obfuscated bitstream is de-obfuscated based at least in part on the identifier.]
(Examiner note: as noted above, a code to be executed is a stream of data in binary form, i.e. a bitstream; according to definition of the programmable logic device/circuit, and as disclosed in Para. [0006], the configuration, i.e. programming of the relevant device/circuit can be performed per plenty of fuses blown according to a predefined code, therefore the circuit-based obfuscation limitation is met by the code-based obfuscation of Kang) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.” Kang, in Para. [0057] discloses “The obfuscated code is deobfuscated using the deobfuscation function inserted into the source code (step 413). Kang, in Para. [0060] discloses “Upon determining that the obfuscated code is found, a dangerous script function using the obfuscated code is identified (step 503)”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to further improve protection of the programmable devices (Kang, [0048, 0057, 0060]).
Krumel, as modified by Busser and Kang, fails to explicitly teach: based at least in part on the identifier
wherein the obfuscated bitstream is de-obfuscated based at least in part on the identifier.
Negahdar from the analogous technical field teaches: based at least in part on the identifier (Examiner note: SoC stands for a system on a chip) (Negahdar, in Para. [0018] discloses “The obfuscation engine may fetch the unique identifier of the SoC from the SoC and may use the unique identifier as part of the seed to generate the obfuscation key.”);
wherein the obfuscated bitstream is de-obfuscated based at least in part on the identifier (Examiner note: usage of identifier for de-obfuscation is demonstrated by Negahdar in Figs. 3, 5) (Negahdar, in Para. [0024] discloses “The de-obfuscation key may be a key generated by the de-obfuscation engine from the unique identifier of the SoC 305.” Negahdar, in Para. [0038] discloses “The encrypted unique identifier may be retrieved, for example, by a de-obfuscation engine of the cable modem 105 (e.g., de-obfuscation engine 320 of FIG. 3).”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser and Kang, in view of the teaching of Negahdar, which discloses obfuscation/de-obfuscation using identifiers in order to further improve protection of the programmable devices (Negahdar, [0018, 0024, 0038]).

Regarding claim 8 Krumel, as modified by Busser, Kang, and Negahdar, teaches: The method of claim 7, wherein obtaining the identifier comprises: sending a sequence of challenges to the programmable device; receiving a sequence of responses to the sequence of challenges from the programmable device; and determining, based at least in part on the sequence of responses, the identifier for the programmable device. (Examiner note: sending, requesting, receiving challenge messages is met by the Internet Control Message Protocol, ICMP) (Krumel, in Para. [0089] discloses “This data preferably includes one of the following ICMP message types: 5 for redirect; 8 for echo request; 10 for router solicitation; 13 for timestamp request; 15 for information request; or 17 for address mask request.” Krumel, in Para. [0099] discloses “These interactions may also take place at lower levels in the protocol stack, such as ARP and ICMP request/response.”); and determining, based on the sequence of responses, the identifier for the programmable device (Examiner note: response analysis and device/processes identification are met by the rule dispatcher 134) (Krumel, in Para. [0094] discloses “Rules dispatcher 134 uses a lookup code to determine the filtering rules to be applied to a packet and then places the identifiers of the rules to be run in queues 138-1 to 138-N for each of the rules engines 140-1 to 140-N.”).

Regarding claim 12 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream comprises: permutating the bitstream.
Busser from the analogous technical field teaches: The method of claim 7, wherein obfuscating the bitstream comprises: permutating the bitstream (Examiner note: as noted above, device 200 is a programmable device) (Busser, in Para. [0009] discloses “a device (200) which contains at least one programmable circuit element (210) and whose circuit consists of individual components that are configured by loading a bitstream” Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.” Busser, in Para. [0088] discloses “The method, the apparatus and the device can also save the device-specific identifier G-Id in a masked or obfuscated form on the device 200.” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Kang and Negahdar, in view of the teaching of Busser which discloses an obfuscation of a bitstream including identifier and permutation the bitstream in order to improve protection of programmable devices (Busser, [0009, 0022, 0088]).

Regarding claim 13 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream comprises: iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier.
Busser from the analogous technical field teaches:  The method of claim 7, wherein obfuscating the bitstream comprises (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.”): iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the identifier (Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Kang and Negahdar, in view of the teaching of Busser which discloses permutation the obfuscated bitstream in association with the identifier in order to improve protection of programmable devices (Busser, [0022, 0088]).

Regarding claim 14 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The method of claim 7, wherein obfuscating the bitstream further comprises: generating a key based at least in part on the identifier; and obfuscating the bitstream by performing a plurality of obfuscation functions, each of the plurality of obfuscation functions being based at least in part on the key.
Busser from the analogous technical field teaches: The method of claim 7, wherein obfuscating the bitstream further comprises: generating a key based at least in part on the identifier; and obfuscating the bitstream by performing a plurality of obfuscation functions, each of the plurality of obfuscation functions being based at least in part on the key (Examiner note: as noted above the coding system may comprise a plurality of units 240) (Busser, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id”. Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Busser, in Para. [0049] discloses “In such a device a secret key, for example, that represents a device-specific identifier is never known outside the device” Busser, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Kang, in view of the teaching of Busser which discloses bitstream obfuscation based on a plurality of key generation processes including device-specific identifier in order to improve protection of programmable devices (Busser, [0022, 0049, 0087, 0088, 0092]).

Regarding claim 15 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The method of claim 14, wherein performing a plurality of obfuscation functions comprises: iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the key.
Busser from the analogous technical field teaches:  The method of claim 14, wherein performing a plurality of obfuscation functions comprises: iteratively permutating the bitstream such that a position within the bitstream of at least a portion of the bitstream is changed based at least in part on the key (Examiner note: as noted above the coding system may comprise a plurality of units 240) (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.” Busser, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id”. Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Busser, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.” Busser, in Para. [0076] discloses “the generation of personalized bitstreams, i.e. a bitstream that contains a device-specific identifier such as, for example, a cryptographic key, is illustrated.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Kang and Negahdar, in view of the teaching of Busser which discloses bitstream obfuscation based on a plurality of key generation processes including device-specific identifier in order to improve protection of programmable devices (Busser, [0022, 0049, 0076, 0087, 0088, 0092]).

Regarding claim 16 Krumel, as modified by Kang and Negahdar, fails to explicitly teach: The method of claim 7. wherein obfuscating the bitstream based at least in part on the identifier comprises: applying a plurality of permutation levels, the plurality of permutation levels further comprising a first level, a second level and a third level, wherein: the first level comprises permutation of portions of the bitstream that specify an input ordering of a look up table (LUT); the second level comprises permutation of the portion of the bitstream that specifies a content of the LUT; the third level comprises a block based permutation of the entire bitstream.
Busser from the analogous technical field teaches: The method of claim 7. wherein obfuscating the bitstream based at least in part on the identifier comprises (Busser, in Para. [0022] discloses “This allows a device-specific identifier to be placed in a veiled or obfuscated manner in the bitstream.”): applying a plurality of permutation levels, the plurality of permutation levels further comprising a first level, a second level and a third level, wherein: the first level comprises permutation of portions of the bitstream that specify an input ordering of a look up table (LUT); the second level comprises permutation of the portion of the bitstream that specifies a content of the LUT; the third level comprises a block based permutation of the entire bitstream (Examiner note: It is understood that terms "first level", "second level", “third level”, etc. are words of convenience and are not to be construed as limiting terms; a standard procedure for a lookup table generation of data array that is based on bit array permutation, comprises permutation of selected portions (i.e. first level and second level) and permutation of the entire content (i.e.  third level) of the bitstream; bitstream obfuscation based on the permutation procedure including lookup table generation is performed by the synthesis tool) (Busser, in Para. [0004] discloses “A bitstream of the integrated components, e.g. of lookup tables or flip-flops and associated connecting structures is then generated with a synthesis tool, taking particular account of the hardware resources of the target FPGA Busser, in Para. [0013] discloses “Through the assignment, and thus with the binding, of each bit of the reference identifier to a specific component of the programmable circuit element, e.g. a flip-flop, a lookup table or a Block RAM, a clear and in particular linear relationship between the bits of the reference identifier in the circuit and the bits of the bitstream generated from this by a synthesis tool is achieved.” Busser, in Para. [0040] discloses “Any arbitrary device-specific identifier can thus be encoded directly in the bitstream without having to create a corresponding bitstream from a circuit that contains the device-specific identifier using a synthesis tool.” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Busser, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Kang and Negahdar, in view of the teaching of Busser which discloses bitstream obfuscation based on lookup table generation using multilevel permutation procedure in order to improve protection of programmable devices (Busser, [0004, 0013, 0040, 0088, 0092]).

Claims 17 – 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Busser et al. (US 2018/0203709 A1) (hereafter Busser), in view of Kang et al. (US 2010/0024033 A1) (here after Kang), and in view of Negahdar et al. (US 2017/0262637).

Regarding claim 17 Busser teaches: A method of securely operating a programmable device that receives a programming bitstream, the method comprising: generating a pseudo-random identifier by the programmable device, wherein the identifier is generated based at least in part on an architectural modification of the programmable device (Examiner note: generating a pseudo-random identifier is met by generation of an identifier by random (or pseudo-random) number generator) (Busser, in Para. [0043] discloses “It comprises moreover a random number generator that generates a device-specific identifier, and an encoding unit that generates a device-specific bitstream making use of the table from the reference bitstream and the device-specific identifier.”); (Busser, in Para. [0009] discloses “The method according to embodiments of the invention for the generation of a device-specific identifier in a device (200) which contains at least one programmable circuit element (210) and whose circuit consists of individual components that are configured by loading a bitstream”.)
transmitting a sequence of responses based at least in part on the identifier in response to receiving a sequence of challenges, wherein at least a portion of the sequence of responses is based at least in part on the identifier (Examiner note: transmission of a sequence of challenges/responses is a device specific binary signal processing (i.e. bitstream), Para. [0042, 0045], which is met by the transfer of device-specific identifier to the programming unit 210 for processing) (Busser, in Para. [0087] discloses “The device furthermore comprises an encoding unit 240 which generates a device-specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id using the table T, and transfers it into the programmable circuit element 210.” Busser, in Para. [0080] discloses “The apparatus 100 illustrated in FIG. 6 for the generation of a device-specific programming of a device with a programmable circuit element 210 comprises a generation unit 110, an insertion unit 120 and an assignment unit 150.”);
Busser, fails to explicitly teach: receiving a bitstream, 
[wherein the bitstream is obfuscated based at least in part on the identifier;] 
[de-obfuscating [[a]] the received bitstream based at least in part on the identifier;] 
and programming programmable circuitry within the programmable device based at least in part on the de-obfuscated bitstream.
Kang from the analogous technical field teaches: receiving a bitstream, 
[wherein the bitstream is obfuscated based at least in part on the identifier;] 
[de-obfuscating [[a]] the received bitstream based at least in part on the identifier;] 
and programming programmable circuitry within the programmable device based at least in part on the de-obfuscated bitstream (Examiner note: as noted above, a code to be executed is a stream of data in binary form, i.e. a bitstream) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, in view of the teaching of Kang which discloses de-obfuscation of a function (i.e. a code) comprising identification procedure in order to improve protection of the programmable devices (Kang, [0048]).
Busser, as modified by Kang, fails to explicitly teach:
wherein the bitstream is obfuscated based at least in part on the identifier;
de-obfuscating [[a]] the received bitstream based at least in part on the identifier;
Negahdar from the analogous technical field teaches: wherein the bitstream is obfuscated based at least in part on the identifier (Examiner note: SoC stands for a system on a chip) (Negahdar, in Para. [0018] discloses “The obfuscation engine may fetch the unique identifier of the SoC from the SoC and may use the unique identifier as part of the seed to generate the obfuscation key.”);
de-obfuscating the received bitstream based at least in part on the identifier (Examiner note: usage of identifier for de-obfuscation is demonstrated by Negahdar in Figs. 3, 5) (Negahdar, in Para. [0024] discloses “The de-obfuscation key may be a key generated by the de-obfuscation engine from the unique identifier of the SoC 305.” Negahdar, in Para. [0038] discloses “The encrypted unique identifier may be retrieved, for example, by a de-obfuscation engine of the cable modem 105 (e.g., de-obfuscation engine 320 of FIG. 3).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, as modified by Kang, in view of the teaching of Negahdar, which discloses obfuscation/de-obfuscation using identifiers in order to further improve protection of the programmable devices (Negahdar, [0018, 0024, 0038]). 

Regarding claim 18 Busser, as modified by Kang, teaches: The method of claim 17, 
[wherein de-obfuscating the bitstream based at least in part on the identifier] comprises: permutating the bitstream based at least in part on the identifier (Busser, in Para. [0087] discloses “The device 200 can also be formed as a third device…The device furthermore comprises an encoding unit 240 which generates a device specific bitstream B(G-Id) from the reference circuit and the device-specific identifier G-Id” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key”).
Busser, as modified by Kang, fails to explicitly teach: wherein de-obfuscating the bitstream based at least in part on the identifier
Negahdar from the analogous technical field teaches: wherein de-obfuscating the bitstream based at least in part on the identifier (Examiner note: usage of identifier for de-obfuscation is demonstrated by Negahdar in Figs. 3, 5) (Negahdar, in Para. [0024] discloses “The de-obfuscation key may be a key generated by the de-obfuscation engine from the unique identifier of the SoC 305.” Negahdar, in Para. [0038] discloses “The encrypted unique identifier may be retrieved, for example, by a de-obfuscation engine of the cable modem 105 (e.g., de-obfuscation engine 320 of FIG. 3).”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, as modified by Kang, in view of the teaching of Negahdar, which discloses de-obfuscation using identifiers in order to further improve protection of the programmable devices (Negahdar, [0024, 0038]).

Regarding claim 20 Busser, as modified by Kang and Negahdar, teaches:  The method of claim 17, wherein de-obfuscating the bitstream based at least in part on the identifier comprises (Examiner note: as noted above, a code to be executed is a stream of data in binary form, i.e. a bitstream) (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.”): applying a plurality of permutation levels, the plurality of permutation levels further comprising a first de-obfuscation level, a second de-obfuscation level and a third de-obfuscation level, wherein: the first de-obfuscation level comprises permutating the bitstream on a first portion of the programmable device; the second de-obfuscation level comprises permutating the bitstream on a second portion of the programmable device; 5 of 10 LEGAL02/41707891v1Appl. No. 16/081,027 Response dated June 16, 2022 the third de-obfuscation level comprises permutating the bitstream on a third portion of the programmable device (Examiner note: as noted above, a standard procedure for a lookup table generation of data array that is based on bit array permutation, comprises permutation of selected portions (i.e. first level and second level) and permutation of the entire content (i.e.  third level) of the bitstream; bitstream obfuscation based on the permutation procedure including lookup table generation is performed by the synthesis tool) (Busser, in Para. [0004] discloses “A bitstream of the integrated components, e.g. of lookup tables or flip-flops and associated connecting structures is then generated with a synthesis tool, taking particular account of the hardware resources of the target FPGA”. Busser, in Para. [0013] discloses “Through the assignment, and thus with the binding, of each bit of the reference identifier to a specific component of the programmable circuit element, e.g. a flip-flop, a lookup table or a Block RAM, a clear and in particular linear relationship between the bits of the reference identifier in the circuit and the bits of the bitstream generated from this by a synthesis tool is achieved.” Busser, in Para. [0040] discloses “Any arbitrary device-specific identifier can thus be encoded directly in the bitstream without having to create a corresponding bitstream from a circuit that contains the device-specific identifier using a synthesis tool.” Busser, in Para. [0088] discloses “The bits of the device specific identifier G-Id are then, for example, differently distributed or contained in the circuit in a permutated sequence, or are processed at run-time by a function before they can be used as a key” Busser, in Para. [0092] discloses “For the sake of clarity, it is to be understood that the use of "a" or "an" throughout this application does not exclude a plurality, and "comprising" does not exclude other steps or elements.”).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Busser et al. (US 2018/0203709 A1) (hereafter Busser), in view of Kang et al. (US 2010/0024033 A1) (here after Kang), in view of Negahdar et al. (US 2017/0262637), and in view of Krumel (US 2002/0080771 A1) (hereafter Krumel).

Regarding claim 19 Busser, as modified by Kang and Negahdar, teaches: The method of claim 17, wherein de-obfuscating the bitstream based at least in part on the identifier comprises (Kang, in Para. [0048] discloses “The deobfuscation function inserter 307 is responsible for identifying the obfuscated code before it is executed by inserting a function for deobfuscating an obfuscated code before a function using the obfuscated code.”):
Busser, as modified by Kangand Negahdar, fails to explicitly teach: transforming the bitstream based at least in part on a plurality of fuses in the programmable device that are selectively blown.
Krumel from the analogous technical field teaches: transforming the bitstream based at least in part on a plurality of fuses in the programmable device that are selectively blown (Examiner note: as noted above, fuses are used for programming and/or configuration of the PLD/FPGA, Para. [0049]; fuses are met by physical switches or toggles) (Krumel, in Para. [0109] discloses “variety of physical switches or toggles 176, 180, 181 and 182 may be coupled to PLD 162 or controller 164. As illustrated by update button 176, toggles may be used to control the updating of the PLD code (for instance, to reconfigure or update the system, providing updated filtering algorithms).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Busser, as modified by Kang and Negahdar, in view of the teaching of Krumel which discloses updating/transforming the PLD using fuses/switches/toggles in order to provide a control over the operation algorithm (Krumel, [0109]).

Claims 9 – 11 are rejected under 35 U.S.C. 103 as being unpatentable over Krumel (US 2002/0080771 A1) (hereafter Krumel), in view of Busser et al. (US 2018/0203709 A1) (hereafter Busser), in view of Kang et al. (US 2010/0024033 A1) (here after Kang), in view of Negahdar et al. (US 2017/0262637), and in view of Pedersen (US 2018/0060561 A1) (hereafter Pedersen).

Regarding claim 9 Krumel, as modified by Busser, Kang, and Negahdar, fails to explicitly teach: The method of claim 7, further comprising: authenticating the programmable device based at least in part on the identifier in relation with an authorized identifier list.
Pedersen from the analogous technical field teaches: The method of claim 7, further comprising: authenticating the programmable device based at least in part on the identifier in relation with an authorized identifier list (Examiner note: programmable device is met by a programmable integrated circuit that could be authenticated by authentication of embedded firmware) (Pedersen, in Para. [0004] discloses “Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device”. Pedersen, in Para. [0019] discloses “the integrated circuits may be programmable integrated circuits that contain programmable logic circuitry. The present invention will generally be described in the context of integrated circuits such as programmable logic device (PLD) integrated circuits as an example.” Pedersen, in Para. [0049] discloses “authentication application 400 may be implemented as specialized software or circuitry on computer system 200 to authenticate the embedded firmware stored on integrated circuit 100…Persons skilled in the art would appreciate that authentication application 400 may be implemented with any combination of the above-mentioned submodules on computer system 200.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser, Kang, and Negahdar, in view of the teaching of Pedersen which discloses programmable device authentication using unique identifier in order to improve protection of the programmable devices (Pedersen, [0004, 0019, 0049]). 

Regarding claim 10 Krumel, as modified by Busser, Kang, and Negahdar, fails to explicitly teach: The method of claim 9, wherein authenticating the programmable device based at least in part on the identifier in relation with an authorized identifier list comprises: obtaining the authorized identifier list from an external source.
Pedersen from the analogous technical field teaches: The method of claim 9, wherein authenticating the programmable device based at least in part on the identifier in relation with an authorized identifier list comprises: obtaining the authorized identifier list from an external source (Examiner note: the identifier list is met by additional processor instructions or associated data) (Pedersen, in Para. [0002] discloses “This programmable logic and routing can be configured with a configuration bitstream that can be loaded into the PLD from an external source…the ROM may contain processor instructions and other associated data that allows the FPGA to go through an initial boot process, and that boot process may include loading the RAM with additional processor instructions or associated data from an external source (such as header data contained in the external bitstream).” Pedersen, in Para. [0004] discloses “Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device”. Pedersen, in Para. [0049] discloses “authentication application 400 may be implemented as specialized software or circuitry on computer system 200 to authenticate the embedded firmware stored on integrated circuit 100…Persons skilled in the art would appreciate that authentication application 400 may be implemented with any combination of the above-mentioned submodules on computer system 200.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser, Kang, and Negahdar, in view of the teaching of Pedersen which discloses programmable device authentication using additional data from external source (i.e. identifier list) in order to improve protection of the programmable devices (Pedersen, [0002, 0004, 0049]).

Regarding claim 11 Krumel, as modified by Busser, Kang, and Negahdar, fails to explicitly teach: The method of claim 10, wherein obtaining the authorized identifier list from an external source comprises: communicating with the external source using secure communications.
Pedersen from the analogous technical field teaches: The method of claim 10, wherein obtaining the authorized identifier list from an external source comprises: communicating with the external source using secure communications (Examiner note: secure communication with external source is met by embedding and securing the specified firmware on PLD loaded from external source; as noted above, the identifier list is met by additional processor instructions or associated data) (Pedersen, in Para. [0002] discloses “This programmable logic and routing can be configured with a configuration bitstream that can be loaded into the PLD from an external source. For modern PLDs, this configuration is mediated by one or more programmable processors and associated firmware embedded in the PLD.” Pedersen, in Para. [0004] discloses “a key component of securing PLDs is to ensure that the embedded firmware is secure against intrusion. Current solutions to protect PLDs against intrusion rely on programming a unique identification (ID) into the device”.)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Krumel, as modified by Busser, Kang, and Negahdar, in view of the teaching of Pedersen which discloses secure communication of programmable device with external source (i.e. secure loading and embedding firmware) in order to improve protection of the programmable devices (Pedersen, [0002, 0004]). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, Bartnik (US 2014/0210652).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431     

/TRANG T DOAN/Primary Examiner, Art Unit 2431