Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
	Claim 16 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  

The prior art of record (in particular, Chung et al. U.S. Publication 20190042765 (hereinafter “Chung”), Krig et al. U.S. Publication 20100106929 (hereinafter “Krig”), Crouthamel et al. U.S. Publication 20170303187 (hereinafter “Crouthamel”), Naguib et al. U.S. Publication 20150200934 (hereinafter “Naguib”), Shriver et al. U.S. Publication 20120151199 (hereinafter “Shriver”), Cromer et al. U.S. Publication 20030084285 (hereinafter “Cromer”), Brumley et al. U.S. Publication 20150261975 (hereinafter “Brumley”), and Wu et al. U.S. Publication 20180189496 (hereinafter “Wu”) does not expressly disclose all the limitations recited in independent claims and the combination of their features thereon. With respect to dependent claim 16 the closest prior art does not disclose at least the following limitations in the recited context:

wherein the processor device is further configured to determine whether the first sequence pattern matches the second sequence pattern, re-boot the boot ROM chip unit in response to the first sequence pattern not matching the second sequence pattern, and enable OTP related operations, including the secure boot routine, based on the secure boot indication, in response to a match of the first sequence pattern in the spare area of the portion of the OTP memory / NVM to the second sequence pattern, wherein the second sequence pattern is located in a hardware logic component of the local read FSM coupled to an input terminal of the OTP memory / NVM.  

Rather, Chung discloses perform a secure booting operation. An apparatus includes a security device with a secure processor and ROM for performing the secure boot. The secure processor may read an encrypted 1st hash value from a storage and decrypt it, and compare the decrypted 1st hash value with a 2nd hash value stored in a hash register to determine the integrity of encrypted secure data. If the integrity has not been compromised, then the secure processor may execute a secure application as part of a secure restoring operation during a boot process [Chung para. 35, 85, 107, 111-112,127]. 
However, Chung does not disclose at least the features of claim 16 quoted above.  
To this, Krig adds during a secure booting process, reading a signature from a register and comparing the signature to a reference signature, and then writing the comparison result into another register [Krig, para. 69, 76-77]. Crouthamel adds performing a comparison using a hard coded value [Crouthamel, para. 115]. Naguib adds storing a result of hardware verification and a checksum of an operating system image in local storage [Naguib, para. 27, 98]. Shriver adds generating a random number for secure boot process [Shriver, para. 333]. Cromer adds 
that the value being compared is a set of zeros [Cromer, para. 26-27]. Brumley adds 
that a processing circuit includes a boot ROM that stores boot sequence instructions [Brumley, para. 28]. Wu adds reading a secure boot bit in an OTP memory via a finite state machine [Wu, para. 55].

However, the combination of Chung, Krig, Crouthamel, Naguib, Shriver, Cromer, Brumley, and Wu does not teach at least the features of claim 16 quoted above.  

For the reasons described above, the prior art of record does not disclose, with respect to dependent claim 16, features corresponding to those of dependent claim 16 in their respective contexts. Therefore, the dependent claim 16 is/are allowable as indicated above.
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the claimed embodiments of the allowable claims at or before the time it was filed.

Response to Amendment
This communication is in response to the amendment filed on 07/29/2022. The Examiner acknowledges amended claims 1-21. No claims have been cancelled or added. Claims 1-21 are pending and claims 1-15 and 17-21 are rejected.  Claim 16 is objected to. Claims 1, 9, and 17 is/are independent. 

Response to Arguments
Applicant's arguments filed 07/29/2022 have been fully considered but they are not persuasive. 
Regarding claim 17, applicant argues on page 9, 2nd to last paragraph that:
The Office Action rejects claims 17-21 under 35 U.S.C. § 112(b) for purportedly being indefinite. Applicant respectfully disagrees, but in the interest of expediting prosecution, Applicant has herein amended claim 17. Applicant expressly reserves the right to present the preamendment claims at a later time, in this or a related application. Because amended claim 17 is not indefinite, Applicant respectfully requests that the rejections of claims 17-21 under 35 U.S.C. § 112(b) be withdrawn.

Examiner respectfully disagrees. Examiner submits that although applicant has addressed a portion of the issues of claim 17, applicant has not rectified all issues with claim 17. In particular, Claim 17 recites “a hardware logic component configured to generate a comparison of the first sequence pattern of indications with a second sequence pattern to determine whether a read return content of an OTP memory / NVM read operation from the OTP memory / NVM between comprises a programmed read return content to enable a secure boot routine from the OTP memory / NVM.” It is not clear what the between is referring to. Between what two objects or values? This is interpreted as performing a comparison between the first sequence pattern of indications and a second sequence pattern.
Regarding claim 17, applicant argues on page 10, bottom 2 paragraphs that:
Applicant disagrees with aspects of the rejection. Nevertheless, in the interest of expediting prosecution, Applicant has herein amended the independent claims to recite, for example, "the spare area being dedicated for testing." It is submitted that none of the cited references teach or suggest at least these features. 
The claim amendments, taken as a whole, render the rejections moot. Applicant notes that portions of the claims other than those specifically amended and/or mentioned above may contribute to patentability. In light of the references as now understood by Applicant and the amendments made herein, claims 1-15 and 17-21 appear to be allowable. Applicant therefore respectfully requests that the rejections of claims 1-15 and 17-21 under 35 U.S.C. § 103 be withdrawn. 


Examiner respectfully disagrees. Examiner submits that spare area is disclosed by second region 633 of the memory device 63 of figure 12 of Chung et al. U.S. Publication 20190042765 (hereinafter “Chung”). Furthermore, the spare area being dedicated for testing is disclosed because, as described in Chung para. 111, the value stored in second region 633 of the memory device 63 in Chung figure 12 is used to perform a comparison operation as part of the integrity verification. The testing is disclosed by the integrity verification. Accordingly, Chung discloses the limitations of claim 17, including wherein the spare area comprises a first sequence pattern of indications in response to the boot routine, the spare area being dedicated for testing.	
Examiner has considered Applicant's remarks to the extent that they may be applicable to the remaining claims (e.g., independent claims 1 and 9) and finds them unpersuasive for the same reasons mutatis mutandis, in particular:
Regarding independent claim 1, claim 1 is rejected in view of Chung in view of Krig et al. U.S. Publication 20100106929 (hereinafter “Krig”), further in view of Crouthamel et al. U.S. Publication 20170303187 (hereinafter “Crouthamel”). Chung discloses the spare area being dedicated for testing, as required by claim 1, for the same reason as discussed above with respect to claim 17.	
Regarding independent claim 9, claim 9 is rejected in view of Chung in view of Brumley et al. U.S. Publication 20150261975 (hereinafter “Brumley”). Chung discloses the spare area being dedicated for testing, as required by claim 9, for the same reasons as discussed above with respect to claim 17.	
Regarding applicant’s arguments with respect to dependent claims 2-8, and 10-16, and 18-21, the dependent claims inherit their respective limitations from the respective independent claims, and are therefore rejected for the same reasons as the respective independent claims.
The rejection(s) of claims under 35 U.S.C. § 112 are maintained.

Applicant's arguments/amendments have been fully considered, but are not persuasive. Note that this action is made FINAL. See MPEP § 706.07(a).
Accordingly, Applicant's argument is not persuasive with respect to the rejection under the cited art, and the rejection is maintained.

Claim Objections
Claims 1, 3, 5, 7, 9, 11-13, 15, 17-18, and 21 are objected to because of the following informalities:  some of the claims have spacing issues where a space has been removed between two words so that the two words appear as one word. These are the two words that have been joined together as one word for each of the respective claims:
claim 1: correctlyfunctioning
claim 3: bootroutine
claim 5: iscoupled
claim 7: leasta
claim 9: bootroutine boardpower sequencepattern 
claim 11: onthe
claim 12: basedon
claim 13: patternin
claim 15: andupdate
claim 17: ofthe readreturn
claim 18: hardwarelogic
claim 21: thecomparison
Appropriate correction is required.


Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 17-21 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 17 recites “a hardware logic component configured to generate a comparison of the first sequence pattern of indications with a second sequence pattern to determine whether a read return content of an OTP memory / NVM read operation from the OTP memory / NVM between comprises a programmed read return content to enable a secure boot routine from the OTP memory / NVM.” It is not clear what the between is referring to. Between what two objects or values? This is interpreted as performing a comparison between the first sequence pattern of indications and a second sequence pattern.
The claims depending from claim 17 inherit the features of claim 17 and are rejected for the same reasons as claim 17.
Appropriate correction is required.
Claim Rejections - 35 USC § 102
	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 17 is/are rejected under 35 U.S.C. 102(a)2) as being anticipated by Chung et al. U.S. Publication 20190042765 (hereinafter “Chung”)
As per claim 17, Chung discloses
An apparatus to perform a boot routine comprising:  
(See Chung [figure 1, electronic device 10 discloses apparatus 
]
Chung [0085] enhanced security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure booting operation[perform a boot routine]
Chung [0127] a security device 100 to receive a request (e.g., requesting a secure booting operation) from the CPU 50 and to execute the request 
)

INTP705US32AB2605-USa boot read only memory (ROM) processor including processing circuitry on a system board configured to perform a system board power up; 
(See Chung Para. [0027]
Referring to FIG. 1, an electronic device 10 includes a central processing unit (CPU) 50, a security device 100.[ a boot read only memory (ROM) processor including processing circuitry on a system board; system board = security device 100; security device 100 discloses system board because security device 100 includes multiple components, such as the processor 200, connected to it, and also includes a bus ]
Chung [0035]
The security device 100 [system board ] may include ……a read-only memory (ROM) 130, …., a secure processor 200[boot ROM processor; secure processor 200 discloses boot ROM processor because ROM 130 provides instructions for secure processor 200; see para. 38], … …… may be connected to each other through an internal bus 40 …. may be implemented via various hardware components, ……, hardware may be implemented using processing circuitry such as, but not limited to, one or more processors, ……. Or any other device(s) capable of being customized into special purpose processing circuitry
Chung [0038] The ROM 130 may store code to be executed by the secure processor 200 for controlling and/or configuring one or more components of the security device 100 to perform one or more secure operations,
Chung [0079]	
Referring to FIGS. 1 through 8, in case of powering-on in which power is applied to the electronic device 10[configured to perform a system board power up]
[0127] Referring to FIGS. 1 through 12 and 14, in a method of operating an electronic device 10 including a CPU 50 and a security device 100 to receive a request (e.g., requesting a secure booting operation) from the CPU 50 and to execute the request within an isolated execution environment with which the CPU 50 does not intervene, power is applied to the electronic device 10 to power-on the electronic device 10 (S510).
).

a one-time-programmable OTP memory / non-volatile memory (NVM), coupled to the boot ROM processor, comprising a spare area in a portion of the OTP / NVM and secure boot indication in another portion of the OTP / NVM, wherein the spare area comprises a first sequence pattern of indications in response to the boot routine, the spare area being dedicated for testing; 
(See Chung 
[see figure 1 for external storage 60/memory device 63 coupled to the secure processor 200 
one-time-programmable OTP memory / non-volatile memory (NVM)= external storage 60/memory device 63
OTP memory / non-volatile memory (NVM) is interpreted as OTP memory OR non-volatile memory (NVM)]
boot ROM processor= secure processor 200
a spare area = second region 633 of the memory device 63 of Chung figure 12
another portion of the OTP / NVM = region 631 of the external storage 60 depicted in figure 12
the spare area being dedicated for testing is disclosed because, as disclosed in Chung para. 111, the value stored in second region 633 of the memory device 63 in Chung figure 12 is used to perform a comparison operation as part of the integrity verification; the testing is disclosed by the integrity verification]
Chung Para. [0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, and the external storage 60 may store the encrypted first hash value HV1_ECR in a second region 633 of the memory device 63 (S390) [ the spare area comprises a first sequence pattern of indications in response to the boot routine]
[Note that external storage 60/memory device 63 = OTP / NVM
secure boot indication (which is introduced in claim 17 but not referred to again in claim 17) can be disclosed by the encrypted secure data SDTA_ECR (para. 99) because the encrypted secure data SDTA_ECR is determined to be unaltered (para. 112) when the comparison (para. 111) of hash values is correct and used to complete the secure booting process (para. 42, 112) ]
Chung [0109]
The block cipher engine 340 performs a decryption operation on … the encrypted first hash value HV1_ECR … to generate … a decrypted first hash value HV1
Chung [0111]
The comparator 220 in the secure processor 200 compares the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation on the decrypted secure data SDTA (S480).
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR stored in the external storage 60 has not been altered by an external attack, and the secure processor 200 may execute a secure application ……, enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot)[ the boot routine; both warm boot and cold boots perform comparing of the hash values to ensure the encrypted secure data SDTA_ECR not compromised, otherwise the Chung system would not be sure that it has not been compromised]
Chung [0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, and the external storage 60 may store the encrypted first hash value HV1_ECR [first sequence pattern of indications is disclosed by the plaintext HV1 which is stored in encrypted form for protection ]in a second region 633 of the memory device 63 (S390).
)

a local read finite state machine (FSM), coupled to the OTP memory / NVM and an SRAM register bus that is coupled to the boot ROM chip unit, comprising a hardware logic component configured to generate a comparison of the first sequence pattern of indications with a second sequence pattern to determine whether a read return content of an OTP memory / NVM read operation from the OTP memory / NVM between comprises a programmed read return content to enable a secure boot routine from the OTP memory / NVM.  
(See Chung 
[OTP memory / non-volatile memory (NVM) = memory device 63/external storage 60; OTP memory / non-volatile memory (NVM) is interpreted as OTP memory OR non-volatile memory (NVM)]
[SRAM register bus that is coupled to the boot ROM chip unit is disclosed (figure 1) by the internal bus 40 connected to the ROM 130, the internal bus 40 connects the internal memory 120 which has SRAM and the secure DMA circuit 140 which has registers (para. 49)
SRAM register bus= internal bus 40 in figure 1
boot ROM chip unit = ROM 130 in figure 1
]
Chung [0049] Referring to FIG. 3, the secure DMA circuit 140 may include a finite state machine (FSM) 141, a hash register 142, a control register 
Chung [0109]
The block cipher engine 340 performs a decryption operation on …….. the encrypted first hash value HV1_ECR and outputs…… the decrypted first hash value HV1 
Para. [0039] The internal memory 120 may store sensitive data and/or firmware associated with one or more secure operations of the secure processor 200. The internal memory 120 may include ……static random access memory (SRAM),
Chung [0049] Referring to FIG. 3, the secure DMA circuit 140 may include a finite state machine (FSM) 141[local read finite state machine (FSM)], a hash register 142, a control register unit 170,[figure 1 shows that the secure DMA circuit 140, which includes the finite state machine 141, is connected via internal bus 40 and other components to external storage 60, which discloses a local read finite state machine (FSM), coupled to the OTP memory / NVM]
Chung [0035] The security device 100 may include …….., a read-only memory (ROM) 130, a secure direct memory access (DMA) circuit 140, a secure processor 200, …..he ROM 130, the secure DMA circuit 140, the secure processor 200, …… may be connected to each other through an internal bus 40.
Chung Para. 111
The comparator 220 in the secure processor 200 compares [to generate a comparison] the decrypted first hash value HV1 [ first sequence pattern of indications] and the second hash value HV2 [a second sequence pattern] stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation 
[ if the comparison result is the same, then the encrypted secure data SDTA_ECR data that is read is programmed read return content, and if different, the encrypted secure data SDTA_ECR data that is read is not trusted] on the decrypted secure data SDTA (S480).
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR stored in the external storage 60 has not been altered by an external attack [ comprises a programmed read return content to enable a secure boot routine] and the secure processor 200 may execute a secure application ……, enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot)[ enable a secure boot routine; both cold and warm boot would require Chung’s secure restoration otherwise there may be an undetected security violation]
Chung [0035] the secure processor 200,[ a hardware logic component configured to generate a comparison]  …… may be implemented via various hardware components, …..using processing circuitry such as, ….., one or more arithmetic logic units (ALUs), ….. one or more programmable logic units (PLUs)
Chung Para.  [0107]
The secure processor 200[processor device] controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR [read return content of an OTP memory / NVM read operation from the OTP memory / NVM] stored in the first region 631and the encrypted first hash value HV1_ECR [the encrypted the first sequence pattern of indications] stored in the second region 633 in the memory device 63 of the external storage 60 to the block cipher engine 340
Chung [0117] The security device 100 performs the integrity verification operation on the decrypted secure data SDTA by comparing the decrypted first hash value HV1 and the second hash value HV2 to determine whether or not they match each other.
)


	

Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 3-5, and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Krig et al. U.S. Publication 20100106929 (hereinafter “Krig”), further in view of Crouthamel et al. U.S. Publication 20170303187 (hereinafter “Crouthamel”).
As per claim 1, Chung discloses A method of a boot read only memory (ROM) chip unit to perform a boot routine comprising: 
(See Chung 
[see Chung figure 11 and figure 14 depicting flowcharts for method
Chung figure 1, electronic device 10 discloses system and ROM 130 in figure 1 discloses
boot read only memory (ROM) chip unit because the ROM 130 chip is part of the device 10 and stores instructions to control the processor 200 which is performing part of the booting process]
Chung [0038] The ROM 130 [boot read only memory (ROM) chip unit] may store code to be executed by the secure processor 200 for controlling and/or configuring one or more components of the security device 100 to perform one or more secure operations,
Chung [0085] enhanced security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure booting operation [perform a boot routine]
Chung [0127] a security device 100 to receive a request (e.g., requesting a secure booting operation) from the CPU 50 and to execute the request 
)

receiving a first sequence pattern into a spare area of a one-time-programmable OTP memory / non-volatile memory (NVM) communicatively coupled to the boot ROM chip, the spare area being dedicated for testing;
(See Chung 
[spare area = second region 633 of the memory device 63 in figure 12]
 
[OTP memory / non-volatile memory (NVM) = memory device 63/external storage 60; OTP memory / non-volatile memory (NVM) is interpreted as OTP memory OR non-volatile memory (NVM)]
 [see Chung figure 1, where external storage 60 is communicatively coupled to ROM 130]
the spare area being dedicated for testing is disclosed because, as disclosed in Chung para. 111, the value stored in second region 633 of the memory device 63 in Chung figure 12 is used to perform a comparison operation as part of the integrity verification; the testing is disclosed by the integrity verification
Chung Para.  [0107]
The secure processor 200 controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR stored in the first region 631 and the encrypted first hash value HV1_ECR [this is the encrypted first sequence pattern]stored in the second region 633 in the memory device 63 of the external storage 60 [OTP memory / non-volatile memory (NVM) ] to the block cipher engine 340 through the switching circuit 420 of the DMA circuit 400 (S460)
[See figure 2 memory device 63 and figure 12 memory device 63;
the encrypted first hash value HV1_ECR data is stored in the memory device 63]
Chung [0109]
The block cipher engine 340 performs a decryption operation on … the encrypted first hash value HV1_ECR … to generate … a decrypted first hash value HV1
Chung [0111]
The comparator 220 in the secure processor 200 compares the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation on the decrypted secure data SDTA (S480).
Chung [0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, [receiving a first sequence pattern; a first sequence pattern = the plain text of the encrypted first hash value HV1_ECR] and the external storage 60 may store the encrypted first hash value HV1_ECR [first sequence pattern  is disclosed by the plaintext HV1 which is stored in encrypted form for protection;  ]in a second region 633 of the memory device 63 (S390).
).

 in response to a system board power up sequence test: 
(See Chung [0079]
Referring to FIGS. 1 through 8, in case of powering-on in which power is applied to the electronic device 10[in response to a system board power up sequence test:
 system board = security device 100 in figure 1; security device 100 discloses system board because security device 100 includes multiple components, such as the processor 200, connected to it, and also includes a bus; sequence test is disclosed by the warm boot process (para. 112) including secure restoring as described with respect to figure 11, para. 100 through para. 112]
[see also para. 127 power-on]
)

generating a comparison, via a processor device, comprising the first sequence pattern of the OTP memory / NVM with a second sequence pattern stored in a hardware logic component of the processor device; 
(See 
Chung Para. [0075] [first sequence pattern = the plaintext of the encrypted first hash value HV1_ECR, which is stored in encrypted form]
The comparator 220 may compare a first hash value HV1 and a second hash value HV2 [second sequence pattern = second hash value HV2] to generate a comparison signal CMP that indicates integrity of the secure data stored in the external storage 60.
Chung [0035] the secure DMA circuit 140, the secure processor 200,[ processor device; ]  …… may be implemented via various hardware components, …..using processing circuitry such as, ….., one or more arithmetic logic units (ALUs), ….. one or more programmable logic units (PLUs)[ a hardware logic component of the processor device;]
Chung Para. 111
The comparator 220 in the secure processor 200 compares [generating a comparison, via a processor device] the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation 
[see also para. 132 comparing hash values]
)


generating a confirmation of whether a read return is correctly functioning based on  a secure boot indication; and 
(See Chung Para. [0075] 
The comparator 220 may compare a first hash value HV1 and a second hash value HV2  to generate a comparison signal CMP[generating a confirmation] that indicates integrity of the secure data stored in the external storage 60.
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR stored in the external storage 60 has not been altered by an external attack [ a read return is correctly functioning] 
Chung [0079]
Referring to FIGS. 1 through 8, in case of powering-on in which power is applied to the electronic device 10, ….., the CPU 50 provides a first request REQ1 (e.g., requesting a secure booting operation) 
Chung [0101]
Referring to FIGS. 1 through 6, 11, and 12 when the electronic device 10 is to exit from the low power mode (e.g., the stand-by mode or the sleep mode) while the security device 100 operates in the low power mode, the CPU 50 receives a wake-up request and provides a third request REQ3
[secure boot indication (which is introduced in claim 1 but is not referred back to in claim 1) can be disclosed when processor 200 receives the third request REQ3 (or a first request REQ1) which indicates that the secure warm boot restoring operation should be performed;
secure boot indication can also be disclosed by comparator 220 in the secure processor 200 determining that the comparison results (para. 112 “when the decrypted first hash value HV1 is the same as the second hash value HV2,”) is the same.
secure boot indication can also be disclosed by hardware unique key HUK (para. 62) because hardware unique key HUK is used during the secure encryption/decryption process which is part of the warm boot (para. 42, 112) secure boot indication can also be disclosed by the encrypted secure data SDTA_ECR  (para. 99) because the encrypted secure data SDTA_ECR is determined to be unaltered (para. 112) when the comparison is correct and used to complete the secure booting process (para. 42, 112)
Thus, secure boot indication can be disclosed by third request REQ3 (or a first request REQ1) or the result of the comparison or hardware unique key HUK or the encrypted secure data SDTA_ECR;] 
)

enabling the boot routine based on the confirmation.  
(See Chung Para. [0112]
enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot) [enabling the boot routine ]without requiring an additional signature certification operation to be performed (e.g., by the CPU 50, the security device 100 or components thereof) when waking up from the low power mode, for example.[Waking from low power mode, the Chung system performs a warm boot]
)

	However, Chung does not expressly disclose 
generating a comparison, via a processor device, comprising the first sequence pattern of the OTP memory / NVM with a second sequence pattern hard coded into a hardware logic component of the processor device; 
based on the comparison, performing, via the processor device, a write into a read-ok register; 
generating a confirmation of whether a read return is correctly functioning based on the write in the read-ok register and a secure boot indication; and 
Krig discloses a technique for writing into a register a confirmation that a comparison determines data has not been altered
(See Krig 
[0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. [Krig teaches the success or failure confirmation is generated based on writing into the register ] As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
Krig Para. [0076]
SVE 122 may verify the signature of the secure interrupt handler code by accessing, from a secure programmable register 107, a signature loaded during a secure boot process.
Krig [0077] verify the signature of the at least one target function 114 by reading the at least one target function memory, calculating a cryptographic signature over the at least one target function's memory range, and comparing the calculated cryptographic signature with a signature stored in a secure programmable register 300. 
[ See also Krig para. 46 and 51 comparing signatures for target memory segments ]
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the technique for writing into a register a confirmation that a comparison determines data has not been altered of Krig to include 
based on the comparison, performing, via the processor device, a write into a read-ok register; 
generating a confirmation of whether a read return is correctly functioning based on the write in the read-ok register and a secure boot indication; and 
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate the confirmation that the data being read is correct by writing the result of a comparison into a register, which will allow asynchronous communication of the comparison result since the party receiving the comparison result can obtain the result anytime from the register. The system of the primary reference (e.g., security device 100) can be modified to add registers and store a signature in a register and write the result of comparison in another register.

	However, the combination of Chung and Krig does not expressly disclose 
generating a comparison, via a processor device, comprising the first sequence pattern of the OTP memory / NVM with a second sequence pattern hard coded into a hardware logic component of the processor device; 
Crouthamel discloses performing a comparison using a hard coded value
(See Crouthamel 
[0115] The instrument checks to see that the radio module firmware version is same or newer than the revision the instrument firmware and script are expecting (this value is hard coded in instrument firmware). 
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Krig with the technique for performing a comparison using a hard coded value of Crouthamel to include 
generating a comparison, via a processor device, comprising the first sequence pattern of the OTP memory / NVM with a second sequence pattern hard coded into a hardware logic component of the processor device; 
One of ordinary skill in the art would have made this modification to improve the ability of the system to ensure that, when performing the comparison, the reference value has not been altered. The system (e.g., security device 100) of the primary reference can be modified so that the reference value for comparison is hard coded.


As per claim 3, the rejection of claim 1 is incorporated herein. 
Chung discloses in response to the system board power up sequence test: 
determining whether the secure boot indication indicates a secure boot routine; and 
differentiating one or more read return contents of an OTP memory / NVM read operation from the OTP memory / NVM between a programmed read return INTP705US29AB2605-UScontent and an un-programmed read return content, in response to, or concurrent with, the secure boot indication indicating the secure boot routine.  
(See 
Chung [0079]
….. in case of powering-on in which power is applied to the electronic device 10, ….. the CPU 50 provides a first request REQ1 (e.g., requesting a secure booting operation) designating a signature certification operation to the secure processor 200 
Chung [0101]
electronic device 10 is to exit from the low power mode (e.g., the stand-by mode or the sleep mode) while the security device 100 operates in the low power mode, the CPU 50 receives a wake-up request and provides a third request REQ3
[ determining whether the secure boot indication indicates a secure boot routine can be disclosed when processor 200 receives the third request REQ3 (or a first request REQ1) which indicates that the secure warm boot restoring operation should be performed;
determining whether the secure boot indication indicates a secure boot routine can also be disclosed by comparator 220 in the secure processor 200 determining that the comparison results (para. 112 “when the decrypted first hash value HV1 is the same as the second hash value HV2,”) is the same.
 secure boot indication can be disclosed by third request REQ3 (or a first request REQ1) or the result of the comparison; the Chung system performs the comparison in response to receiving the third request REQ3, which discloses in response to, or concurrent with, the secure boot indication indicating the secure boot routine]  designating a secure restoring operation[the restoring operation is part of the warm boot] to the secure processor 200
Chung Para. 111
The comparator 220 in the secure processor 200 compares the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation [this comparison is part of the differentiating process, and if the Chung comparison result is the same, then the encrypted secure data SDTA_ECR data that is read is programmed read return INTP705US29AB2605-UScontent, and if different,  the encrypted secure data SDTA_ECR data that is read is not trusted, i.e.  is un-programmed read return content ]on the decrypted secure data SDTA (S480).
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR [read return contents] stored in the external storage 60 has not been altered by an external attack [differentiating one or more read return contents of an OTP memory / NVM read operation from the OTP memory / NVM between a programmed read return INTP705US29AB2605-UScontent and an un-programmed read return content,]
Chung [0112]
enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot) …… when waking up from the low power mode…[Waking from low power mode, the Chung system performs a warm boot]
).


As per claim 4, the rejection of claim 1 is incorporated herein. 
Chung discloses in response to the system board power up sequence test: retrieving the secure boot indication from the OTP memory / NVM via an OTP bus master.  
(See Chung Para. [0062] The key manager 330[in the cryptographic IP 300; an OTP bus master; an OTP bus master may also be the security device 100 since the internal bus is part of the security device 100] may provide the block cipher engine 340 with the hardware unique key HUK [secure boot indication = hardware unique key HUK] stored in the unclonable storage device 150[the OTP memory / NVM]. The block cipher engine 340 may perform an encryption operation on the secure data to generate encrypted secure data, and may perform a decryption on the encrypted secure data to generate decrypted secure data, using the hardware unique key HUK.
Para. 30 security device 100 may further include an unclonable storage device 150 that has a one-time programmable (OTP) function 
)


As per claim 5, the rejection of claim 1 is incorporated herein. 
Chung discloses in response to the system board power up sequence test: writing the secure boot indication into an SRAM register bus that is coupled to the boot ROM chip.  
(See Chung 
[SRAM register bus that is coupled to the boot ROM chip is disclosed by the internal bus 40 connected to the ROM 130, the internal bus 40 connects the internal memory 120 which has SRAM and the secure DMA circuit 140 which has registers
SRAM register bus= internal bus 40 in figure 1
boot ROM chip unit = ROM 130 in figure 1
]
[0099]
In this case, the secure processor 200 sets a configuration of the DMA circuit 400 and a start address of the external storage 60, in which the encrypted secure data SDTA_ECR is to be stored, [storing encrypted secure data SDTA_ECR into the external storage 60 will involve writing into the internal bus 40 depicted in figure 1 which discloses writing the secure boot indication into an SRAM register bus]
)

As per claim 7, the rejection of claim 1 is incorporated herein. 
Chung discloses determining whether the first sequence pattern of the OTP memory / NVM is identical to the second sequence pattern based on a plurality of bits of at least a part of the first sequence pattern and the second sequence pattern
(See Chung Para. [0055] When the cryptographic IP 300 uses SHA-1, the hash value HV may have a size of 160 bits [based on a plurality of bits]. 
[0075] The comparator 220 may compare a first hash value HV1 and a second hash value HV2 to generate a comparison signal CMP that indicates integrity of the secure data stored in the external storage 60.[ determining whether the first sequence pattern of the OTP memory / NVM is identical to the second sequence pattern]
)

Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Krig, in view of Crouthamel, further in view of Naguib et al. U.S. Publication 20150200934 (hereinafter “Naguib”).
As per claim 2, the rejection of claim 1 is incorporated herein. 
Chung discloses 
writing the first sequence pattern into the spare area of the OTP / NVM
(See Chung 
[0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, [writing the first sequence pattern; a spare area is the location where encrypted first hash value HV1_ECR is stored in the external storage 60; a first sequence pattern = the unencrypted plaintext of encrypted first hash value HV1_ECR] and the external storage 60 may store the encrypted first hash value HV1_ECR [first sequence pattern  is disclosed by the plaintext HV1 which is stored in encrypted form for protection; ]in a second region 633 of the memory device 63 (S390).
) 

	However, the combination of Chung, Krig, and Crouthamel does not expressly disclose 
writing the first sequence pattern into a spare area of the OTP / NVM in response to a successful product test of the OTP memory / NVM by a product tester component.  
Naguib discloses 
writing the first sequence pattern into a spare area of the OTP / NVM in response to a successful product test of the OTP memory / NVM by a product tester component.   
(See Naguib Para. [0098] 
the integrity verification module [product tester component ]stores [writing]a result [first sequence pattern ]of hardware verification[successful product test] and a checksum [ first sequence pattern ]of the operating system image in local storage after completing the hardware/software checks but prior to loading the operating system. The storage is identified as read-only for the remainder of the computing session. The cryptographic module 138 may then respond to machine verification requests with the information that is stored in the read-only local storage. The information is retrieved from the read-only storage and forwarded to the requesting party 
[0027] As shown in FIG. 2, each computer, such as computers 102, 104, contains a processor 124, memory/storage 126 and other components typically present in a computer. …… memory/storage 126 may be of any type or any device capable of storing information accessible by the processor, such as a hard-drive, ROM, RAM, CD-ROM, flash memories, write-capable or read-only memories. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung, Krig, and Crouthamel with the technique for storing in a memory/storage the result of hardware verification of Naguib to include 
writing the first sequence pattern into a spare area of the OTP / NVM in response to a successful product test of the OTP memory / NVM by a product tester component.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store information documenting a hardware verification. The system (electronic device 10) of the primary reference can be modified to store the result of hardware verification in storage such as flash memory, which is non-volatile memory, as taught in the Naguib reference.

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Krig, in view of Crouthamel, further in view of Shriver et al. U.S. Publication 20120151199 (hereinafter “Shriver”).
As per claim 6, the rejection of claim 1 is incorporated herein. 
	However, the combination of Chung, Krig, and Crouthamel does not expressly disclose 
generating at least one of the first sequence pattern or the second sequence pattern via a random number generator.  
Shriver discloses generating a random number for secure boot process
 (See Shriver Para. [0033] At step 575, the kernel boot process (running in a secure mode), deletes the existing secret value stored in TPM 195. At step 580, a new secret value is generated (e.g., using the TPM's random number generator, etc.) and stored in TPM 195. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung, Krig, and Crouthamel with the technique for generating a random number of Shriver to include generating at least one of the first sequence pattern or the second sequence pattern via a random number generator.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate a random number for the first hash value HV1 for comparison. The system of the reference (electronic device 10) can be modified to generate a random number for the first hash value HV1.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Krig, in view of Crouthamel, further in view of Cromer et al. U.S. Publication 20030084285 (hereinafter “Cromer”).
As per claim 8, the rejection of claim 1 is incorporated herein. 
Chung discloses in response to the system board power up sequence test: determining whether an OTP memory / NVM read operation from the OTP memory / NVM comprises a set of falsely read data or a set of programmed data based on the confirmation.  
(See Chung Para. 111
The comparator 220 in the secure processor 200 compares the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation 
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR stored in the external storage 60[ from the OTP memory / NVM] has not been altered by an external attack[a set of falsely read data or a set of programmed data based on the confirmation. ]
Chung Para.  [0107]
The secure processor 200 controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR [read operation from the OTP memory / NVM] stored in the first region 631 ……. in the memory device 63 of the external storage 60 to the block cipher engine 340
Chung Para. [0075] 
The comparator 220 may compare a first hash value HV1 and a second hash value HV2  to generate a comparison signal CMP[based on the confirmation] that indicates integrity of the secure data stored in the external storage 60.
) 

	However, the combination of Chung, Krig, and Crouthamel does not expressly disclose that the value being compared is a set of zeros 
Cromer discloses that the value being compared is a set of zeros
(See Cromer Para. [0026] Because the tamper signal 62 is latched, the one boot PCR 48a' does not reset to zero when a platform reset is triggered.
[0027] Thus, in step 240, a platform reset is initiated which boots the computer system. As stated above, all of the boot PCRs 48a are reset to zero except the one PCR 48a' that contains the hashed tamper signal 62, via step 250. The normal boot sequence proceeds (via step 260), as illustrated in FIGS. 2A and 2B. After the booting sequence, the trusted operating system 14 compares the boot PCR values 48a to the precalculated value (step 134, FIG. 2B) and concludes that the value in the one PCR 48a' is incongruent, which will prompt the trusted operating system 14 to take measures to restore trust (step 140, FIG. 2B). These measures can include launching a virus protection program, or notifying a system administrator of the tamper event.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung, Krig, and Crouthamel with the technique for setting the value being compared to zeros of Cromer to include determining whether an OTP memory / NVM read operation from the OTP memory / NVM comprises a set of falsely read zeros or a set of programmed zeros based on the confirmation.  
One of ordinary skill in the art would have made this modification to improve the efficiency of the system by reducing the number of operations required for comparing, since the preset values of zeros do not require any special computation to generate. The system (e.g., security device 100) of the primary reference can be modified to set the value being compared to a set of zeros.



Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Brumley et al. U.S. Publication 20150261975 (hereinafter “Brumley”).
As per claim 9, Chung discloses
A system of a boot read only memory (ROM) chip unit to perform a boot routine comprising: 
(See Chung 
[figure 1, electronic device 10 discloses system and ROM 130 in figure 1 discloses
boot read only memory (ROM) chip unit because the ROM 130 chip is part of the device 10 and stores instructions to control the processor 200 which is performing part of the booting process]
Chung [0038] The ROM 130 [boot read only memory (ROM) chip unit] may store code to be executed by the secure processor 200 for controlling and/or configuring one or more components of the security device 100 to perform one or more secure operations,
Chung [0085] enhanced security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure booting operation [perform a boot routine]
Chung [0127] a security device 100 to receive a request (e.g., requesting a secure booting operation) from the CPU 50 and to execute the request 
)

INTP705US30AB2605-USa processor device including processing circuitry on a system board configured to perform a system board power up; and
(See Chung Para. [0027]
Referring to FIG. 1, an electronic device 10 includes a central processing unit (CPU) 50, a security device 100, ……. The security device 100 may be referred to as a security sub system [ a processor device including processing circuitry on a system board; system board = security device 100; security device 100 discloses system board because security device 100 includes multiple components, such as the processor 200, connected to it, and also includes a bus 
Chung [0035]
The security device 100 [system board ] may include a mail box 110, an internal memory 120, a read-only memory (ROM) 130, a secure direct memory access (DMA) circuit 140, a secure processor 200[processor device], and/or a cryptographic intellectual property (IP) 300………….. the secure processor 200, … …… may be connected to each other through an internal bus 40 …. may be implemented via various hardware components, ……, hardware may be implemented using processing circuitry such as, but not limited to, one or more processors, ……. Or any other device(s) capable of being customized into special purpose processing circuitry and/or configured for responding to and executing instructions in a defined manner.
Chung [0079]
Referring to FIGS. 1 through 8, in case of powering-on in which power is applied to the electronic device 10[configured to perform a system board power up]
[see also para. 127 power-on]
)

a one-time-programmable OTP memory / non-volatile memory (NVM), coupled to the processor device, comprising a spare area in a portion of the OTP / NVM, wherein the OTP memory / NVM is configured to receive a first sequence pattern, the spare area being dedicated for testing; 
(See Chung 
[OTP memory / non-volatile memory (NVM) = memory device 63/external storage 60; OTP memory / non-volatile memory (NVM) is interpreted as OTP memory OR non-volatile memory (NVM)]
[spare area = second region 633 of the memory device 63 of figure 12 
the spare area being dedicated for testing is disclosed because, as disclosed in Chung para. 111, the value stored in second region 633 of the memory device 63 in Chung figure 12 is used to perform a comparison operation as part of the integrity verification; the testing is disclosed by the integrity verification]
Chung [0109]
The block cipher engine 340 performs a decryption operation on … the encrypted first hash value HV1_ECR … to generate … a decrypted first hash value HV1
Chung [0111]
The comparator 220 in the secure processor 200 compares the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation on the decrypted secure data SDTA (S480).
Chung Para.  [0107]
The secure processor 200[processor device] controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR stored in the first region 631[receive a first sequence pattern] and the encrypted first hash value HV1_ECR stored in the second region 633 in the memory device 63 [ a one-time-programmable OTP memory / non-volatile memory (NVM), coupled to the processor device; see also figure 1 where external storage 60 is coupled to secure processor 200] of the external storage 60 to the block cipher engine 340 through the switching circuit 420 of the DMA circuit 400 (S460)
Chung [0095] The memory interface 410 provides the external storage 60 with …….. the encrypted secure data SDTA_ECR (S370). [Claim 9 does not recite performing any operations with the 1st sequence pattern so the first sequence pattern can alternatively be disclosed by encrypted secure data SDTA_ECR; ]
[See figure 2 memory device 63 and figure 12 memory device 63 for OTP / NVM; a spare area in a portion of the OTP / NVM is where the stored encrypted first hash value HV1_ECR or SDTA_ECR data is located in the memory device 63]
[0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, [the OTP memory / NVM is configured to receive a first sequence pattern; a first sequence pattern = the plain text of the encrypted first hash value HV1_ECR] and the external storage 60 may store the encrypted first hash value HV1_ECR [first sequence pattern  is disclosed by the plaintext HV1 which is stored in encrypted form for protection;  claim 9’s first sequence pattern can be disclosed by the encrypted first hash value HV1_ECR or the plaintext of the encrypted first hash value HV1_ECR because claim 9 does not even refer back to the first sequence pattern ]in a second region 633 of the memory device 63 (S390).
)

wherein the processor device is further configured to determine whether a secure boot indication indicates a secure boot routine, and 
differentiate one or more read return contents of an OTP memory / NVM read operation from the OTP memory / NVM between a wrongly read return content and a trusted read return content, in response to, or concurrent with, the secure boot indication indicating the secure boot routine.
(See 
Chung [0079]
Referring to FIGS. 1 through 8, in case of powering-on in which power is applied to the electronic device 10, or in case a signature certification operation (or signature authentication) is to be performed on a firmware image when the firmware is updated in the electronic device 10, the CPU 50 provides a first request REQ1 (e.g., requesting a secure booting operation) designating a signature certification operation to the secure processor 200 through the mail box 110 (S210). 
Chung [0101]
the CPU 50 receives a wake-up request and provides a third request REQ3
[ determine whether a secure boot indication indicates a secure boot routine can be disclosed when processor 200 receives the third request REQ3 (or a first request REQ1) which indicates that the secure warm boot restoring operation should be performed;
determine whether a secure boot indication indicates a secure boot routine can also be disclosed by comparator 220 in the secure processor 200 determining that the comparison results (para. 112 “when the decrypted first hash value HV1 is the same as the second hash value HV2,”) is the same.
 secure boot indication can be disclosed by third request REQ3 (or a first request REQ1) or the result of the comparison; the Chung system performs the comparison in response to receiving the third request REQ3, which discloses in response to, or concurrent with, the secure boot indication indicating the secure boot routine]  designating a secure restoring operation[the restoring operation is part of the warm boot] to the secure processor 200
Chung Para. 111
The comparator 220 in the secure processor 200 compares the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation [this comparison is part of the differentiate process, and if the Chung comparison result is the same, then the encrypted secure data SDTA_ECR data that is read is trusted read return content, and if different,  the encrypted secure data SDTA_ECR data that is read is not trusted, i.e.  is wrongly read return content ]on the decrypted secure data SDTA (S480).
Chung [0112]
enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot).[Waking from low power mode, the Chung system performs a warm boot]
[see also para. 132 comparing]
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR [read return contents] stored in the external storage 60 has not been altered [trusted read return content = SDTA_ECR has not been altered] by an external attack.
[differentiate one or more read return contents of an OTP memory / NVM read operation from the OTP memory / NVM between a wrongly read return content and a trusted read return content]
Chung Para.  [0107]
The secure processor 200[processor device] controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR [read return contents of an OTP memory / NVM read operation from the OTP memory / NVM] stored in the first region 631 and the encrypted first hash value HV1_ECR stored in the second region 633 in the memory device 63 of the external storage 60 to the block cipher engine 340


	However, Chung does not expressly disclose 
a processor device comprising the boot ROM chip unit; and
Brumley discloses 
a processor device comprising the boot ROM chip unit 
 (See Brumley Para. [0028] FIG. 1 illustrates a system on a chip (SoC) processing circuit 100 of a mobile communication device………SoC processing circuit 100 includes an application processing circuit 110, which includes a multi-core CPU 112. Application processing circuit 110 typically controls operation of all components of the mobile communication device. ……... Application processing circuit 110 may include a boot ROM 118 that stores boot sequence instructions for the various components of SoC processing circuit 100).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the technique for including a ROM with boot sequence instructions in a processor of Brumley to include 
a processor device comprising the boot ROM chip unit including processing circuitry on a system board configured to perform a system board power up; 
One of ordinary skill in the art would have made this modification to improve the ability of the processor to access the ROM boot sequence instructions without communicating over a bus where the bus might be subject to attack by malicious 3rd parties. The system of the primary reference can be modified so that the secure processor 200 includes a ROM such as ROM 130 depicted in figure 1.
Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Brumley, further in view of Naguib.
As per claim 10, the rejection of claim 9 is incorporated herein. 
Chung discloses 
wherein the OTP memory / NVM is configured to receive the first sequence pattern at the spare area of the portion of the OTP / NVM 
(See Chung Para. [0095] The memory interface 410 provides the external storage 60 with …….. the encrypted secure data SDTA_ECR (S370). [receive a first sequence pattern; ]
[0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, [receive a first sequence pattern; a spare area is the location where encrypted first hash value HV1_ECR is stored in the external storage 60; a first sequence pattern = the corresponding unencrypted plaintext of encrypted first hash value HV1_ECR] and the external storage 60 may store the encrypted first hash value HV1_ECR [first sequence pattern  is disclosed by the plaintext HV1 which is stored in encrypted form for protection;  first sequence pattern can also be the encrypted form of first hash value HV1_ECR in claim 10]in a second region 633 of the memory device 63 (S390).
) 
	However, the combination of Chung and Brumley does not expressly disclose 
wherein the OTP memory / NVM is configured to receive the first sequence pattern at the spare area of the portion of the OTP / NVM via a product tester component in response to a successful product test.  
Naguib discloses 
wherein the OTP memory / NVM is configured to receive the first sequence pattern at the spare area of the portion of the OTP / NVM via a product tester component in response to a successful product test.   
(See Naguib Para. [0098]the integrity verification module [product tester component ]stores [receive ]a result [first sequence pattern ]of hardware verification[successful product test] and a checksum [ first sequence pattern ]of the operating system image in local storage after completing the hardware/software checks but prior to loading the operating system. The storage is identified as read-only for the remainder of the computing session. The cryptographic module 138 may then respond to machine verification requests with the information that is stored in the read-only local storage. The information is retrieved from the read-only storage and forwarded to the requesting party 
[0027] As shown in FIG. 2, each computer, such as computers 102, 104, contains a processor 124, memory/storage 126 ……. Memory/storage 126 may be of any type or any device capable of storing information accessible by the processor, such as a hard-drive, ROM, RAM, CD-ROM, flash memories, write-capable or read-only memories. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Brumley with the technique for a memory/storage to receive the result of hardware verification of Naguib to include 
wherein the OTP memory / NVM is configured to receive the first sequence pattern at the spare area of the portion of the OTP / NVM via a product tester component in response to a successful product test.   
One of ordinary skill in the art would have made this modification to improve the ability of the system to store information documenting a hardware verification. The system (electronic device 10) of the primary reference can be modified to store the result of hardware verification in storage such as flash memory, which is non-volatile memory, as taught in the Naguib reference.


Claims 11-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Brumley, further in view of Krig.
As per claim 11, the rejection of claim 9 is incorporated herein. 
Chung discloses 
wherein the processor device comprising a hardware logic component configured to generate a comparison of the first sequence pattern in the spare area with a second sequence pattern at the hardware logic component
(See Chung Para. [0075]
[first sequence pattern = the plaintext of the encrypted first hash value HV1_ECR, which is stored in encrypted form]
The comparator 220 may compare a first hash value HV1 and a second hash value HV2 [a second sequence pattern at the hardware logic component; a second sequence pattern = second hash value HV2  ]to generate a comparison signal CMP that indicates integrity of the secure data stored in the external storage 60.
[0035] the secure processor 200,[ a hardware logic component configured to generate a comparison]  …… may be implemented via various hardware components, …..using processing circuitry such as, ….., one or more arithmetic logic units (ALUs), ….. one or more programmable logic units (PLUs)
)

	However, the combination of Chung and Brumley does not expressly disclose 
perform a write into a read-ok register based on the comparison.  
Krig discloses perform a write into a read-ok register based on the comparison.  
(See Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Brumley with the technique for writing the result of a comparison into a register of Krig to include 
wherein the processor device comprising a hardware logic component configured to generate a comparison of the first sequence pattern in the spare area with a second sequence pattern at the hardware logic component, and perform a write into a read-ok register based on the comparison.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to write the result of a comparison into a register, which will allow asynchronous communication of the comparison result since the party receiving the comparison result can obtain the result anytime from the register. The system of the primary reference (e.g., security device 100) can be modified to add registers and write the result of comparison in a register.

As per claim 12, the rejection of claim 9 is incorporated herein. 
Chung discloses 
wherein the processor device is further configured to generate a confirmation of whether a read return is correctly functioning based on and the secure boot indication and to enable the secure boot routine based on the confirmation.   
(See Chung Para. [0075]
The comparator 220 [in the secure processor 200] may compare a first hash value HV1 and a second hash value HV2 to generate a comparison signal CMP [generate a confirmation of whether a read return is correctly functioning; confirmation= comparison signal CMP ] that indicates integrity of the secure data[a read return= secure data (e.g., the encrypted secure data SDTA_ECR para. 111) ]stored in the external storage 60.
[See also para. 111 for the comparing]
[secure boot indication can be disclosed by third request REQ3 (or a first request REQ1) or the result of the comparison;]
Chung [0112]
CPU 50 may determine that the encrypted secure data SDTA_ECR stored in the external storage 60 has not been altered by an external attack,
enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot) [enable the secure boot routine based on the confirmation ]without requiring an additional signature certification operation to be performed (e.g., by the CPU 50, the security device 100 or components thereof) when waking up from the low power mode, for example.[Waking from low power mode, the Chung system performs a warm boot]
)
	However, the combination of Chung and Brumley does not expressly disclose 
generate a confirmation of whether a read return is correctly functioning based on a write in a read-ok register 
Krig discloses a technique for writing into a register a confirmation that a comparison determines data has not been altered
(See Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Brumley with the technique for writing into a register a confirmation that a comparison determines data has not been altered of Krig to include 
wherein the processor device is further configured to generate a confirmation of whether a read return is correctly functioning based on a write in a read-ok register and the secure boot indication and to enable the secure boot routine based on the confirmation.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate the confirmation that the data being read is correct by writing the result of a comparison into a register, which will allow asynchronous communication of the comparison result since the party receiving the comparison result can obtain the result anytime from the register. The system of the primary reference (e.g., security device 100) can be modified to add registers and write the result of comparison, which indicates whether or not the encrypted secure data SDTA_ECR data is unaltered, in a register.

As per claim 13, the rejection of claim 9 is incorporated herein. 
Chung discloses SRAM register bus
(See Chung 
[SRAM register bus is disclosed by the internal bus 40, the internal bus 40 connects the internal memory 120 which has SRAM and the secure DMA circuit 140 which has registers
SRAM register bus= internal bus 40 in figure 1]
) 

a comparison of the first sequence pattern in the spare area with a second sequence pattern in the hardware logic component.  
(See Chung Para. 111
The comparator 220 in the secure processor 200 compares [ comparison] the decrypted first hash value HV1 [ first sequence pattern] and the second hash value HV2 [ second sequence pattern] stored in the hash register 142 of the secure DMA circuit 140[hardware logic component] to perform an integrity verification operation 
Chung [0035], the secure DMA circuit 140, ……. may be implemented via various hardware components, and….., hardware may be implemented using processing circuitry such as, but not limited to, one or more processors, one or more controllers, one or more arithmetic logic units (ALUs), [hardware logic component]
Chung [0098]
The memory interface 410 provides the encrypted first hash value HV1_ECR to the external storage 60, [the spare area; a first sequence pattern = the plain text of the encrypted first hash value HV1_ECR] and the external storage 60 may store the encrypted first hash value HV1_ECR 
).

	However, the combination of Chung and Brumley does not expressly disclose 
a read-ok register, coupled along a first path between a hardware logic component and a standard random-access memory (SRAM) register bus, configured to receive a write based on a comparison of the first sequence pattern in the spare area with a second sequence pattern in the hardware logic component.  
Krig discloses a technique for writing the result of a comparison into a register. Krig also discloses that the register is set along a path between CPU 116 and one or more buses 
(See Krig 
[Krig discloses the register is part of a programmable register set (figure 1 element 104) and the programmable register set is along a path between CPU 116 [hardware logic component ]and a number of buses, such as bus 124 or bus 126, bus 140, bus 130, bus 134]
Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
Krig [0068] As further shown in FIGS. 3-4, the secure programmable register set 300 also includes a target function signature-compare status register 322, 
Krig [0058] The engine 108 is depicted as being in one-way communication with control logic 120 and CPU 116 over bus lines 124 and 126, respectively. 
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Brumley with the technique for writing the result of a comparison into a register of Krig to include 
a read-ok register, coupled along a first path between a hardware logic component and a standard random-access memory (SRAM) register bus, configured to receive a write based on a comparison of the first sequence pattern in the spare area with a second sequence pattern in the hardware logic component.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to write the result of a comparison into a register, which will allow asynchronous communication of the comparison result since the party receiving the comparison result can obtain the result anytime from the register.
The system of the primary reference (e.g., security device 100) can be modified to add registers and write the result of comparison, which indicates whether or not the encrypted secure data SDTA_ECR data is unaltered, in a register.

As per claim 14, the rejection of claim 13 is incorporated herein. 
	However, the combination of Chung and Brumley does not expressly disclose 
a boot control register, coupled along a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive the secure boot indication.  
Krig discloses 
a boot control register, coupled along a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive the secure boot indication.  
 (See Krig Para. [0023] as part of a secure boot process, data is written into a managed secure register (MSR) register and access policy data is written into programmable MSR policy registers [boot control register]. In this example, during run-time, the MSR register securely stores data in compliance with the written register access policy data. In this example, access policy is enforced during run-time based on the written register access policy data.
[0109] The access policy register 1404 and error policy register 1406 are further characterized as programmable MSR policy registers 1418.
[programmable MSR policy registers 1418, as depicted in Krig figure 14, includes AP register 1404 and EP register 1406 etc. Any one of the registers in the set of programmable MSR policy registers 1418 can disclose  boot control register since the Krig access policy data, which can disclose a secure boot indication, is written into programmable MSR policy registers 1418 as part of a secure boot process. Furthermore, there are multiple paths disclosing a second path that is different from the first path between the hardware logic component and the SRAM register bus between any one of the buses 124, 126, 130, 134, 140 and another component depicted in figure 14 or figure 1].
). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Brumley with the technique for providing for programmable registers to store access policy data as part of a secure boot process of Krig to include 
a boot control register, coupled along a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive the secure boot indication.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to provide for a register to store secure boot information. The system of the primary reference can be modified so that the electronic device 10 (e.g., secure processor 200 or secure DMA circuit 140) includes a register for storing security data related to the secure boot, as taught in the Krig reference.

As per claim 15, the rejection of claim 9 is incorporated herein. 
Chung discloses a local read finite state machine (FSM), coupled to the OTP memory / NVM and an SRAM register bus that is coupled to the boot ROM chip unit at a read master component, comprising a hardware logic component configured to generate the comparison, and configured to read the secure boot indication 
(See Chung Para. [0049] Referring to FIG. 3, the secure DMA circuit 140 may include a finite state machine (FSM) 141[local read finite state machine (FSM)], a hash register 142, a control register unit 170,[figure 1 shows that the secure DMA circuit 140, which includes the finite state machine 141, is connected via internal bus 40 and other components to external storage 60, which discloses a local read finite state machine (FSM), coupled to the OTP memory / NVM]
Chung [0038] The ROM 130 [boot read only memory (ROM) chip unit] may store code to be executed by the secure processor 200 for controlling and/or configuring one or more components of the security device 100 to perform one or more secure operations,
read master component= security device 100 figure 1
Chung Para. 111
The comparator 220 in the secure processor 200 [hardware logic component configured] compares [to generate the comparison] the decrypted first hash value HV1 and the second hash value HV2 stored in the hash register 142 of the secure DMA circuit 140 to perform an integrity verification operation 
Chung figure 1
[SRAM register bus is disclosed by the internal bus 40, the internal bus 40 connects the internal memory 120 which has SRAM and the secure DMA circuit 140 which has registers
SRAM register bus= internal bus 40 in figure 1]
Chung [0079]
Referring to FIGS. 1 through 8, in case of powering-on in which power is applied to the electronic device 10, or in case a signature certification operation (or signature authentication) is to be performed on a firmware image when the firmware is updated in the electronic device 10, the CPU 50 provides a first request REQ1 (e.g., requesting a secure booting operation) designating a signature certification operation to the secure processor 200 through the mail box 110 (S210). [read the secure boot indication = reading first request REQ1 from the mailbox; similarly see para. 101 a third request REQ3 ]
)

However, Chung does not expressly disclose 
a local read finite state machine (FSM), coupled to the OTP memory / NVM and an SRAM register bus that is coupled to the boot ROM chip unit at a read master component, comprising a hardware logic component configured to generate the comparison, and configured to read the secure boot indication and update a boot control register with the secure boot indication.  
Krig discloses update a boot control register with the secure boot indication.  
(See Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated[update a boot control register with the secure boot indication. secure boot indication= whether a signature comparison operation was a success or failure ]  in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
Krig [0077] the engine 108 …… comparing the calculated cryptographic signature with a signature stored in a secure programmable register 300
[Also storing the result of the comparison in the register discloses update]
Krig [0032] a cryptographic signature of the secure interrupt handler code is calculated and compared with a signature stored in a secure programmable register in order to verify the signature of the secure interrupt handler code. In yet another example, a signature loaded into a secure programmable register [update a boot control register with the secure boot indication.  ] during a secure boot process is accessed to verify the signature of the secure interrupt handler code.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the technique for determining the signature/comparison result value and updating a register to store the value of Krig to include 
a local read finite state machine (FSM), coupled to the OTP memory / NVM and an SRAM register bus that is coupled to the boot ROM chip unit at a read master component, comprising a hardware logic component configured to generate the comparison, and configured to read the secure boot indication and update a boot control register with the secure boot indication.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to update registers with the comparison result/signature values for efficient processing. The system (e.g., security device 100) of the primary reference can be modified to update register values as taught in the Krig reference.

Claims 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Krig, further in view of Wu et al. U.S. Publication 20180189496 (hereinafter “Wu”).
As per claim 18, the rejection of claim 17 is incorporated herein. 
Chung discloses SRAM register bus
(See Chung figure 1
[SRAM register bus is disclosed by the internal bus 40, the internal bus 40 connects the internal memory 120 which has SRAM and the secure DMA circuit 140 which has registers
SRAM register bus= internal bus 40 in figure 1]
)
comparison from the hardware logic component
 (See Chung Para. 111
The comparator 220 in the secure processor 200 compares [ comparison] the decrypted first hash value HV1 [ first sequence pattern] and the second hash value HV2 [ second sequence pattern] stored in the hash register 142 of the secure DMA circuit 140[hardware logic component] to perform an integrity verification operation 
Chung [0035], the secure DMA circuit 140, ……. may be implemented via various hardware components, and….., hardware may be implemented using processing circuitry such as, but not limited to, one or more processors, one or more controllers, one or more arithmetic logic units (ALUs), [hardware logic component]
).

	However, Chung does not expressly disclose 
a read-ok register, coupled to a first path between the hardware logic component and a standard random-access memory (SRAM) register bus, configured to receive a write content based on the comparison from the hardware logic component; and
a boot control register, coupled to a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive a secure boot indication from the OTP memory / NVM via the local read FSM.  
Krig discloses a technique for writing the result of a comparison into a register. Krig also discloses that the register is set along a path between CPU 116 and one or more buses
(See Krig 
[Krig discloses a register is part of a programmable register set (figure 1 element 104) and the programmable register set is along a path between CPU 116 [hardware logic component ]and a number of buses, such as bus 124 or bus 126, bus 140, bus 130, bus 134]
Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
Krig [0068] As further shown in FIGS. 3-4, the secure programmable register set 300 also includes a target function signature-compare status register 322, 
Krig [0058] The engine 108 is depicted as being in one-way communication with control logic 120 and CPU 116 over bus lines 124 and 126, respectively. 
)

a boot control register, coupled to a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive a secure boot indication 
(See Krig Para. [0023] as part of a secure boot process, data is written into a managed secure register (MSR) register and access policy data is written into programmable MSR policy registers [boot control register]. In this example, during run-time, the MSR register securely stores data in compliance with the written register access policy data. In this example, access policy is enforced during run-time based on the written register access policy data.
Krig [0109] The access policy register 1404 and error policy register 1406 are further characterized as programmable MSR policy registers 1418.
[programmable MSR policy registers 1418, as depicted in Krig figure 14, includes AP register 1404 and EP register 1406 etc. Any one of the registers in the set of programmable MSR policy registers 1418 can disclose  boot control register since the Krig access policy data, which can disclose a secure boot indication, is written into programmable MSR policy registers 1418 as part of a secure boot process. Furthermore, there are multiple paths disclosing a second path that is different from the first path between the hardware logic component and the SRAM register bus between any one of the buses 124, 126, 130, 134, 140 and another component depicted in figure 14 or figure 1
alternatively, boot control register can be disclosed by secure programmable register 300 and secure boot indication = signature stored in a secure programmable register 300.
as described in para. 77.
].
[0077] comparing the calculated cryptographic signature with a signature stored in a secure programmable register 300.
). 

	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the technique for writing the result of a comparison into a register of Krig to include 
a read-ok register, coupled to a first path between the hardware logic component and a standard random-access memory (SRAM) register bus, configured to receive a write content based on the comparison from the hardware logic component; and
a boot control register, coupled to a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive a secure boot indication 
One of ordinary skill in the art would have made this modification to improve the ability of the system to write the result of a comparison into a register, which will allow asynchronous communication of the comparison result since the party receiving the comparison result can obtain the result anytime from the register, to perform the booting process efficiently using boot-related data stored in a register. The system (e.g., security device 100) of the primary reference can be modified to include a register for storing the comparison result and a register for storing secure boot-related data.

However, the combination of Chung and Krig does not expressly disclose 
a boot control register, coupled to a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive a secure boot indication from the OTP memory / NVM via the local read FSM.  
Wu discloses receive a secure boot indication from the OTP memory / NVM via the local read FSM
(See Wu Para. [0055] SB circuitry is configured to: read a secure boot bit in an OTP memory via a finite state machine and when the secure boot bit has a predetermined value, connect the first read path; and when the secure boot bit does not have the predetermined value, connect the second read path.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Krig with the read a secure boot bit in an OTP memory via a finite state machine of Wu to include 
a boot control register, coupled to a second path that is different from the first path between the hardware logic component and the SRAM register bus, configured to receive a secure boot indication from the OTP memory / NVM via the local read FSM.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to read a secure boot bit in a OTP memory via a finite state machine, so that a finite state machine can track the state of the process. The system (e.g., security device 100 and secure DMA circuit 140) of Chung as modified by Krig can be modified to read a secure boot bit in a OTP memory via a finite state machine.

As per claim 19, the rejection of claim 18 is incorporated herein. 
Chung discloses wherein the boot ROM processor is coupled to the SRAM register bus (See rejection of claim 17, Chung figure 1, secure processor 200 is coupled to the buses, such as internal bus 40)
	However, Chung does not expressly disclose 
wherein the boot ROM processor is coupled to the SRAM register bus via a read master component configured to receive the write content from the read-ok register and the secure boot indication from the boot control register.  
Krig discloses a processor is coupled to various buses and an engine 108 plus secure management function that receives data from registers
(See Krig figure 1, where CPU 116 is coupled to various buses e.g., bus 130, 134, 132, and engine 108 and secure interrupt handler 110 (figure 1) or secure management function 1412 (figure 14). read master component = Engine 108 or read master component = Engine 108  + secure management function 1412 (figure 14).
Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
Krig [0068] As further shown in FIGS. 3-4, the secure programmable register set 300 also includes a target function signature-compare status register 322, 
Krig [0058] The engine 108 is depicted as being in one-way communication with control logic 120 and CPU 116 over bus lines 124 and 126, respectively. 
Krig [0084] At block 704, a determination is made as to whether the target function signature-compare status value 340 indicates a signature compare failure. This is accomplished, for example, by the engine 108 reading its internal signature-compare status register values 340 [read master component configured to receive the write content from the read-ok register]. If the target function signature-compare status value 340 does not indicate a signature compare failure for the at least one target function 114, the process proceeds to block 504 and execution of the at least one target function 114 is allowed in response to the successful signature verification of the secure interrupt handler code 110 and a successful signature verification of the at least one target function 114,
Krig [0077] the engine 108 …… comparing the calculated cryptographic signature with a signature stored in a secure programmable register 300.[ read master component configured to receive the …….. secure boot indication from the boot control register.  ]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the technique for an engine to receive register values for comparison during a secure boot process of Krig to include wherein the boot ROM processor is coupled to the SRAM register bus via a read master component configured to receive the write content from the read-ok register and the secure boot indication from the boot control register.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform a comparison efficiently using registers’ data to ensure that the data being compared has not been compromised during secure boot function. The system of the primary reference can be modified by modifying a component in security device 102 to read data from registers that store a comparison result and data to be compared.


As per claim 20, the rejection of claim 18 is incorporated herein. 
Chung discloses wherein the boot ROM processor is further configured to enable the secure boot routine with the read return content based on the secure boot indication 
(See Chung [0085] enhanced security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure booting operation[secure boot routine]
Chung Para.  [0107]
The secure processor 200[boot ROM processor] controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR [read return content] stored in the first region 631 and the encrypted first hash value HV1_ECR stored in the second region 633 in the memory device 63 of the external storage 60 to the block cipher engine 340
Chung [0112]
when the decrypted first hash value HV1 is the same as the second hash value HV2, ……, the CPU 50 may determine that the encrypted secure data SDTA_ECR [read return content = encrypted secure data SDTA_ECR]stored in the external storage 60 has not been altered by an external attack, and the secure processor 200 may execute a secure application [boot ROM processor is further configured to enable the secure boot routine ]……, enhanced performance, efficiency, and security of the electronic device 10 including the embedded security device 100 may be provided by performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot)
[secure boot indication can be disclosed when processor 200 receives the third request REQ3 (or a first request REQ1) which indicates that the secure warm boot restoring operation should be performed;
secure boot indication can also be disclosed by comparator 220 in the secure processor 200 determining that the comparison results (para. 112 “when the decrypted first hash value HV1 is the same as the second hash value HV2,”) is the same.
secure boot indication can also be disclosed by hardware unique key HUK (para. 62) because hardware unique key HUK is used during the secure encryption/decryption process which is part of the warm boot (para. 42, 112)
secure boot indication can also be disclosed by the encrypted secure data SDTA_ECR  (para. 99) because the encrypted secure data SDTA_ECR is determined to be unaltered (para. 112) when the comparison is correct and used to complete the secure booting process (para. 42, 112)
Thus, secure boot indication can be disclosed by third request REQ3 (or a first request REQ1) or the result of the comparison or hardware unique key HUK or the encrypted secure data SDTA_ECR;] 
)
	However, Chung does not expressly disclose 
wherein the boot ROM processor is further configured to enable the secure boot routine with the read return content based on the secure boot indication of the boot control register and the write content of the read-ok register.  
Krig discloses performing a verification during a secure boot process using signature from a register and writing the result of a comparison into a register during a secure boot process
(See Krig Para. [0032]
a signature [secure boot indication= signature] loaded into a secure programmable register [boot control register= secure programmable register ] during a secure boot process is accessed to verify the signature of the secure interrupt handler code.
Krig Para. [0069]
The target function signature-compare status register 322 includes function signature-compare status values 340 representing whether a signature comparison operation was a success or failure for each target function 114. As such, the target function signature-compare status values may be updated in response to verifying, during run-time, at least a signature of the at least one target function 114, as further described below and shown in block 702 of FIG. 7. 
Krig [0068] As further shown in FIGS. 3-4, the secure programmable register set 300 also includes a target function signature-compare status register 322, 
 ).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the  technique for performing a verification during a secure boot process using signature from a register and writing the result of a comparison into a register during a secure boot process of Krig to include 
wherein the boot ROM processor is further configured to enable the secure boot routine with the read return content based on the secure boot indication of the boot control register and the write content of the read-ok register.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store boot-related data for efficient access, perform the comparison efficiently using the content stored in a register and  write the result of a comparison into a register. Writing the result into a register will allow asynchronous communication of the comparison result since the party receiving the comparison result can obtain the result anytime from the register. The system (e.g., security device 100) of the primary reference can be modified to include a register for storing the comparison result and a register for storing secure boot-related data.

Claim 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chung in view of Krig, further in view of Cromer.
As per claim 21, the rejection of claim 17 is incorporated herein. 
Chung discloses 
wherein the boot ROM processor is further configured to determine whether the read return content from the OTP memory / NVM comprises a set of falsely read data or a set of trusted data based on the comparison
(See Chung Para. [0075]
The comparator 220 [in the secure processor 200] may compare a first hash value HV1 and a second hash value HV2 to generate a comparison signal CMP that indicates integrity of the secure data stored in the external storage 60.[ a set of falsely read data or a set of trusted data based on the comparison]
[See also para. 111 for the comparing]
[secure boot indication can be disclosed by third request REQ3 (or a first request REQ1) or the result of the comparison;]
Chung Para.  [0107]
The secure processor 200[boot ROM processor] controls the DMA circuit 400 to provide the encrypted secure data SDTA_ECR [read return content] stored in the first region 631 and the encrypted first hash value HV1_ECR stored in the second region 633 in the memory device 63 of the external storage 60 to the block cipher engine 340
Chung [0112]
performing the secure restoring operation, thereby enabling the secure processor 200 to safely use the integrity-verified decrypted secure data SDTA (e.g., for warm boot) 

	However, Chung does not expressly disclose 
wherein the boot ROM processor is further configured to determine whether the read return content from the OTP memory / NVM comprises a set of falsely read zeros or a set of trusted zeros based on the comparison and a secure boot indication of a boot control register in the OTP memory / NVM.

Krig discloses a secure boot indication of a boot control register in the OTP memory / NVM.
(See Krig Para. [0032]
a signature [secure boot indication= signature] loaded into a secure programmable register [boot control register= secure programmable register ] during a secure boot process is accessed to verify the signature of the secure interrupt handler code.
[0072]
A register having an invisible after write access mode is only visible for write one-time after power-on during a secure boot process, ….. These invisible after write registers are one example of managed secure 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chung with the technique for using a signature in a register for comparison of Krig to include 
a secure boot indication of a boot control register in the OTP memory / NVM.
One of ordinary skill in the art would have made this modification to improve the ability of the system to compare and determine whether the data that is read is correct based on stored data in a register, the register being more efficient than system memory. The system (e.g., security device 100) of the primary reference can be modified to include a register for storing secure boot-related data in a register to enable a secure boot.

However, the combination of Chung and Krig does not expressly disclose 
wherein the boot ROM processor is further configured to determine whether the read return content from the OTP memory / NVM comprises a set of falsely read zeros or a set of trusted zeros based on the comparison and a secure boot indication of a boot control register in the OTP memory / NVM.
Cromer discloses that the value being compared is a set of zeros
(See Cromer Para. [0026] Because the tamper signal 62 is latched, the one boot PCR 48a' does not reset to zero when a platform reset is triggered.
[0027] Thus, in step 240, a platform reset is initiated which boots the computer system. As stated above, all of the boot PCRs 48a are reset to zero except the one PCR 48a' that contains the hashed tamper signal 62, via step 250. The normal boot sequence proceeds (via step 260), as illustrated in FIGS. 2A and 2B. After the booting sequence, the trusted operating system 14 compares the boot PCR values 48a to the precalculated value (step 134, FIG. 2B) and concludes that the value in the one PCR 48a' is incongruent, which will prompt the trusted operating system 14 to take measures to restore trust (step 140, FIG. 2B). These measures can include launching a virus protection program, or notifying a system administrator of the tamper event.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chung and Krig with the technique for setting the value being compared to zeros of Cromer to include 
wherein the boot ROM processor is further configured to determine whether the read return content from the OTP memory / NVM comprises a set of falsely read zeros or a set of trusted zeros based on the comparison and a secure boot indication of a boot control register in the OTP memory / NVM.
One of ordinary skill in the art would have made this modification to improve the efficiency of the system by reducing the number of operations required for comparing, since the preset values of zeros do not require any special computation to generate. The system (e.g., security device 100) of the primary reference can be modified to set the value being compared to a set of zeros.

	

Conclusion
	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on M-F 9 AM-5 PM EST. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494