Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to applicant’s Claims filed on 12/15/2020 for Application # 17/122,771 filed on 12/15/2020 in which Claims 1-20 are presented for examination.

Status of Claims
Claims 1-20 are presented for examination, of which Claims 1-20 are allowable via Examiner’s Amendment.

Applicant’s Most Recent Claim Set of 12/15/2020
Applicant’s most recent claim set of 12/15/2020 is considered to be the latest claim set under consideration by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with David Raczkowski on August 5, 2022.

The application has been amended as follows:

In the Claims:

Claim 1: (Currently Amended)
An apparatus comprising:
a first processor configured to receive a set of credentials associated with a user account configured to provide a secure processor, the secure processor configured to receive a request from the first processor configured to authenticate the set of credentials, the request including received credentials and an authentication type, the secure circuit including memory configured to store authentication failure metrics, the authentication failure metrics to track a number of successive failed authentication attempts for each of multiple authentication types, wherein the secure processor is configured to: 
delay authentication of the request for a first period of time in response to a determination that the user account associated with the received set of credentials has exceeded a first number of successive failed authentication attempts for the authentication type included in the request; and 
delay the authentication of the request for a second period of time in response to a determination that the user account associated with the received set of credentials has exceeded a second number of successive failed authentication attempts for the authentication type included in the request.


Claim 2: (Currently Amended)
The apparatus as in claim 1, the secure processor additionally configured to increment a count of successive failed authentication attempts for the authentication type included in the request in response to failure of authentication of the request and clear the count of successive failed authentication attempts for the authentication type included in the request in response to determining validity of the received credentials.


Claim 3: (Currently Amended)
The apparatus as in claim 2, the secure processor additionally configured to block the request from the first processor in response to a determination that the user account associated with the received set of credentials has exceeded a threshold number of successive failed authentication attempts for the authentication type included in the request.


Claim 6: (Currently Amended)
The apparatus as in claim 5, wherein the second processor is configured to:
delay authentication of a first request in response to a determination that the user account associated with the received set of credentials has exceeded a first number of successive failed authentication attempts for a first authentication type; and
perform authentication for a second request in response to a determination that the user account associated with the received set of credentials has not exceeded a second number of successive failed authentication attempts for a second authentication type.


Claim 9: (Currently Amended)
The apparatus as in claim 8, wherein the memory configured to store authentication failure metrics is configured to store authentication failure metrics associated with three or more authentication types.


Claim 11: (Currently Amended)
A method comprising:
on an electronic device:
receiving a set of credentials at a first processor of the electronic device, the set of credentials associated with an authentication type and a user account, wherein the user account is one of multiple user accounts on the electronic device and the authentication type is one of multiple authentication types available for the electronic device;
receiving, at a secure processor of the electronic device, a request to authenticate the set of credentials, the request including received credentials and the authentication type;
tracking, at the secure processor, a number of successive failed authentication attempts for each of the multiple authentication types;
delaying, at the secure processor, authentication of the request for a first period of time in response to a determination that the user account associated with the received set of credentials has exceeded a first number of successive failed authentication attempts for the authentication type included in the request; and
delaying, at the secure processor, the authentication of the request for a second period of time in response to a determination that the user account associated with the received set of credentials has exceeded a second number of successive failed authentication attempts for the authentication type included in the request.


Claim 14: (Currently Amended)
The method as in claim 11, further comprising delaying authentication of a first request in response to a determination that the user account associated with the received set of credentials has exceeded the [[a]] first number of successive failed authentication attempts for a first authentication type and performing authentication for a second request in response to a determination that the user account associated with the received set of credentials has not exceeded a first number of successive failed authentication attempts for a second authentication type.


Claim 17: (Currently Amended)
A data processing system comprising:
a network interface;
a first set of processors configured to execute a first set of instructions, the first set of instructions configured to cause the first set of processors to provide a first operating system, the first operating system having multiple user accounts; and
a secure circuit configured to provide a secure processor, the secure processor configured to receive a request from the first set of processors to authenticate a set of credentials associated with a user account of multiple user accounts on the data processing system, the request including the set of credentials and an authentication type, the secure circuit including memory configured to store authentication failure metrics, the authentication failure metrics to track a number of successive failed authentication attempts for each of multiple authentication types, wherein the secure processor is to:
delay authentication of the request for a first period of time in response to a determination that the user account associated with a received set of credentials has exceeded a first number of successive failed authentication attempts for the authentication type included in the request; and
delay the authentication of the request for a second period of time in response to a determination that the user account associated with the received set of credentials has exceeded a second number of successive failed authentication attempts for the authentication type included in the request.


Claim 18: (Currently Amended)
The data processing system as in claim 17, the secure processor additionally configured to:
increment a count of successive failed authentication attempts for the authentication type included in the request in response to failure of authentication of the request;
clear the count of successive failed authentication attempts for the authentication type included in the request in response to determining validity of the set of credentials; and
block the request from the first set of processors in response to a determination that the user account associated with the received set of credentials has exceeded a threshold number of successive failed authentication attempts for the authentication type included in the request, wherein the first number of successive failed authentication attempts is less than the second number of successive failed authentication attempts and the second number of successive failed authentication attempts is less than the threshold number of successive failed authentication attempts.


Claim 19: (Currently Amended)
The data processing system as in claim 17, further comprising a second processor, the second processor including the secure circuit, wherein the second processor is configured to:
delay authentication of a first request in response to a determination that the user account associated with the received set of credentials has exceeded the [[a]] first number of successive failed authentication attempts for a first authentication type; and
perform authentication for a second request in response to a determination that the user account associated with the received set of credentials has not exceeded a second number of successive failed authentication attempts for a second authentication type.


Claim 20: (Currently Amended)
The data processing system as in claim 19, wherein the memory configured to store authentication failure metrics is configured to store authentication failure metrics associated with three or more authentication types, wherein the first authentication type is associated with authentication via a local login via a keyboard coupled with the data processing system, the second authentication type is associated with authentication via a remote login or remote storage access attempt, and a third authentication type is associated with remote command line access attempt via the network interface of the data processing system.


Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Claims 1-20 are considered allowable.

The instant invention is directed to an apparatus, a medium, and a system for providing the provisioning of a secure circuit that includes a secure processor to support multiple users.

The closest prior art, as recited, Gulati et al. US Patent No 8,832,465 and Canavor et al. US Patent No. 8,904,506, are also generally directed to various aspects of providing the provisioning of a secure processor to support multiple users.  However, Gulati et al. or Canavor et al. does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claim(s) 1, 11, 17.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 1:
Although the combination of Gulati et al. or Canavor et al. teaches the provisioning of a secure circuit that includes a secure processor to support multiple users, Gulati et al. or Canavor et al. fails to teach receiving by a first processor a set of credentials linked to a user account out of multiple available user accounts, a secure circuit that includes a secure processor, receiving a request by the secure processor from the first processor concerning authenticating the received set of credentials, with the received request including received credentials and an authentication type, the secure circuit storing authentication failure metrics in its memory, the stored authentication failure metrics tracking a count of sequential failed attempts at authentication for each one of multiple authentication types, with the secure processor delaying the request from being authenticated for a first period of time as a result of identifying that the user account linked with the received credentials has experienced more than a first count of sequential failed attempts at authentication for the authentication type received as part of the received request, with the secure processor delaying the request from being authenticated for a second period of time as a result of identifying that the user account linked with the received credentials has experienced more than a second count of sequential failed attempts at authentication for the authentication type received as part of the received request.
When combined with the additional limitations found in Claim 1.

Regarding Claim 11:
Although the combination of Gulati et al. or Canavor et al. teaches the provisioning of a secure circuit that includes a secure processor to support multiple users, Gulati et al. or Canavor et al. fails to teach receiving by a first processor a set of credentials linked to a user account out of multiple available user accounts and an authentication type out of multiple authentication types, receiving a request by a secure processor concerning authenticating the received set of credentials, with the received request including received credentials and an authentication type, the secure processor  tracking a count of sequential failed attempts at authentication for each one of multiple authentication types, with the secure processor delaying the request from being authenticated for a first period of time as a result of identifying that the user account linked with the received credentials has experienced more than a first count of sequential failed attempts at authentication for the authentication type received as part of the received request, with the secure processor delaying the request from being authenticated for a second period of time as a result of identifying that the user account linked with the received credentials has experienced more than a second count of sequential failed attempts at authentication for the authentication type received as part of the received request.
When combined with the additional limitations found in Claim 11.

Regarding Claim 17:
Although the combination of Gulati et al. or Canavor et al. teaches the provisioning of a secure circuit that includes a secure processor to support multiple users, Gulati et al. or Canavor et al. fails to teach a first set of processors on which a first operating system including multiple user accounts executes, a secure circuit that includes a secure processor, receiving a request by the secure processor from the first set of processors concerning authenticating a set of credentials linked to a user account out of multiple available user accounts, with the received request including the received set of credentials and an authentication type, the secure circuit storing authentication failure metrics in its memory, the stored authentication failure metrics tracking a count of sequential failed attempts at authentication for each one of multiple authentication types, with the secure processor delaying the request from being authenticated for a first period of time as a result of identifying that the user account linked with a received set of credentials has experienced more than a first count of sequential failed attempts at authentication for the authentication type received as part of the received request, with the secure processor delaying the request from being authenticated for a second period of time as a result of identifying that the user account linked with the received set of credentials has experienced more than a second count of sequential failed attempts at authentication for the authentication type received as part of the received request.
When combined with the additional limitations found in Claim 17.

Therefore Claims 1-20 of the instant application are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Tang et al - US_20130129086: Tang et al teaches the downloading of software to secure devices.
Funahashi et al - US_20080209547: Funahashi et al teaches a secure circuit with a CPU and a cryptographic engine.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw, can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498