DETAILED ACTION
Office Action Summary
Claims 1-20 are pending in the instant application.
Claims 1-20 are rejected under 35 USC § 103.
Applicant’s amendments/arguments filed 4/20/2022 have been considered but are not persuasive.  See “Applicant’s Arguments and Examiner’s Response” section below.

Applicant’s Arguments and Examiner’s Response
Applicant’s amendments/arguments filed 4/20/2022 have been considered but are not persuasive.  As for applicant’s arguments, applicant argues “monitored traffic is compared to "pre-stored exploit signatures" from a signature database to determine if network traffic is suspicious. Although Karandiker teaches the use of "pre-stored exploit signatures," Karandiker does not teach or suggest how the "pre-stored exploit signatures" are generated. In particular, Karandiker does not teach or suggest on-IC device monitoring and then application of machine learning to the monitored data to generate an activity profile, and then using the generated activity profile on the same IC device to detect a system-level Trojan.”, however examiner disagrees as  Karandikar, column 5, lines 20-31 and figure 4, item 400 and 430, teaches monitoring data and data can be transmitted/received using bus, and column 4 lines 20-31, teaches that the engine may be a hardware engine which comprises an integrated circuit, examiner is reading that comparing to a signature is comparing to an exploited signature as both malicious and non-malicious signatures are compared with so when signatures are compared it they compare with exploited signatures.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 7-8 and 9-13 are rejected under 35 U.S.C. 103 as being unpatentable over Karandikar (US Patent No: 9,661,009 B1) hereinafter referred to as Karandikar in view of Avrahami et al. (US Pre-Grant Publication No: 2019/0068620) hereinafter referred to as Avrahami.

As per claim 1, Karandikar teaches A method for detecting a system-level Trojan on a system that includes multiple integrated circuit (IC) devices, the method comprising: at an IC device of the system, monitoring activity on a bus interface of the IC device, wherein the bus interface is connected to a bus on the system that communicatively couples the IC device to at least one other IC device on the system; (Karandikar, column 5, lines 20-31 and figure 4, item 400 and 430, teaches monitoring data and data can be transmitted/received using bus, and column 4 lines 20-31, teaches that the engine may be a hardware engine which comprises an integrated circuit)
by the IC device of the system, applying machine learning to data corresponding to the monitored activity to generate an activity profile; (Karandikar, figure 4, item 430 and column 9, lines 42-52)
by the IC device of the system, monitoring subsequent activity on the bus interface of the IC device; (Karandikar, figure 4, teaches after suspisouc activity detected there is continuous monitoring of data)
by the IC device of the system, comparing data corresponding to the subsequently monitored activity to the machine learning generated activity profile to determine if a 
by the IC device of the system, generating a notification when it is determined from the comparison that a system-level Trojan has been detected. (Karandikar, figure 4, item 470)
But, Karandikar does not teach that the malicious data is system-level Trojan. 
However Avrahami teaches detecting Trojan horse [0060]
Therefor the combination of Karandikar in view of Avrahami teaches at the IC device of the system, comparing data corresponding to the subsequently monitored activity to the machine learning generated activity profile to determine if a system-level Trojan is detected;
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Karandikar which detects malicious data with the method of Avrahami which detects Trojan horse which is a malicious data because a Trajan horse is a well known type of malicious data.

As per claim 7, Karandikar in view of Avrahami teaches The method of claim 1, further comprising applying statistical analysis to the data corresponding to the monitored activity and to the data corresponding to the subsequently monitored activity. (Karandikar, figure 4)

As per claim 8, Karandikar in view of Avrahami teaches The method of claim 7, wherein the statistical analysis involves statistical analysis related to at least one of latency, size, and workload of data packets. (Karandikar, figure 4)

As per claim 9, Karandikar in view of Avrahami teaches The method of claim 7, wherein the statistical analysis involves generating histograms related to at least one of a time interval between two memory accesses, a difference in addresses of memories that are accessed, and a difference in data that is read or written. (Karandikar, figure 4)

As per claim 10, Karandikar in view of Avrahami teaches The method of claim 1, wherein applying machine learning involves implementing a netlist-based simulation. (Avrahami, abstract)

As per claim 11, Karandikar in view of Avrahami teaches The method of claim 1, wherein applying machine learning involves implementing feature extraction on the data corresponding to the monitored activity and on the data corresponding to the subsequently monitored activity. (Avrahami, abstract and [0001])

As per claim 12, Karandikar in view of Avrahami teaches The method of claim 1, wherein monitoring activity on the bus interface of the IC device involves monitoring activity on the bus interface of the IC device before the IC device has been deployed for its intended use and after the IC device has been deployed for its intended use, and applying machine learning to data corresponding to the monitored activity to generate an activity profile involves applying machine learning to data generated from the pre-deployment activity monitoring and applying machine learning to data generated from the post- deployment activity monitoring. (Avrahami, abstract and Karandikar figure 4)

As per claim 13, Karandikar in view of Avrahami teaches The method of claim 1, wherein determining if a system-level Trojan has been detected involves applying a detection threshold to an output of the comparison.

Claims 2 rejected under 35 U.S.C. 103 as being unpatentable over Karandikar (US Patent No: 9,661,009 B1) hereinafter referred to as Karandikar in view of Avrahami et al. (US Pre-Grant Publication No: 2019/0068620) hereinafter referred to as Avrahami and further in view of Panesar et al. (US Pre-Grant Publication No: 2017/0153988) hereinafter Panesar.

As per claim 2, Karandikar in view of Avrahami teaches The method of claim 1, 
But does not teach wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves monitoring activity on a JTAG interface of the IC device.
However Panesar teaches using Jtag
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Karandikar which detects malicious data with various communication with the method of D3 which uses Jtag because Jtags are a well-known device for transmitting/reciving data.

Claims 3-4 rejected under 35 U.S.C. 103 as being unpatentable over Karandikar (US Patent No: 9,661,009 B1) hereinafter referred to as Karandikar in view of Avrahami et al. (US Pre-Grant Publication No: 2019/0068620) hereinafter referred to as Avrahami and further in view of Jain et al. (US Pre-Grant Publication No: 2018/0262327) hereinafter Jain.

As per claim 3, Karandikar in view of Avrahami teaches The method of claim 1, 
But does not teach wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves monitoring timing behavior of signals at the bus interface. 
However D4 [0022] teaches using propagation delay signals to find channel attacks in a bus
Therefor the combination of Karandikar in view of Jain teaches wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves monitoring timing behavior of signals at the bus interface.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Karandikar which detects malicious data with the method of Jain which propagation signals to find malicious data as they are a well-known method to detect malicious data.  This is a substitution of one known method with another.

As per claim 4, Karandikar in view of Avrahami teaches The method of claim 1, 
But does not teach wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves measuring propagation delay of signals from the IC device to another IC device through a bus on a printed circuit board, wherein the propagation delay measurement is based on a boundary scan.
However Jain [0022] teaches using propagation delay signals to find channel attacks in a bus
Therefor the combination of Karandikar in view of Jain teaches wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves measuring propagation delay of signals from the IC device to another IC device through a bus on a printed circuit board, wherein the propagation delay measurement is based on a boundary scan.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Karandikar which detects malicious data with the method of Jain which propagation signals to find malicious data as they are a well-known method to detect malicious data.  This is a substitution of one known method with another.

Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Karandikar (US Patent No: 9,661,009 B1) hereinafter referred to as Karandikar in view of Avrahami et al. (US Pre-Grant Publication No: 2019/0068620) hereinafter referred to as Avrahami and further in view of Jain et al. (US Pre-Grant Publication No: 2018/0262327) hereinafter D4.

As per claim 5, Karandikar in view of Avrahami teaches The method of claim 1, 
But does not teach wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves port scanning on a logical port.
However, Kreft [0296] teaches scanning ports
Therefor the combination of Karandikar in view of Kreft teaches wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves port scanning on a logical port.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Karandikar which detects malicious data with the method of Kreft uses ports to detect malicious data.  This is a substitution of one known method with another.

As per claim 6, Karandikar in view of Avrahami teaches The method of claim 1, 
But does not teach wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves port scanning on a physical port.
However, Kreft [0296] teaches scanning ports
Therefor the combination of Karandikar in view of Kreft teaches wherein monitoring activity and monitoring subsequent activity on the bus interface of the IC device involves port scanning on a physical port.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Karandikar which detects malicious data with the method of Kreft uses ports to detect malicious data.  This is a substitution of one known method with another.

Claims 14-19 teach the integrated circuit (IC) device that corresponds to the method claims 1-13 and are rejected using the same rational.
Claim 20 teaches a circuit board that corresponds to the method claims 1-13 and are rejected using the same rational.

Other Related Art
Tart (2019/0310310) teaches “Systems, methods, and devices for monitoring operation of industrial equipment are disclosed. In one embodiment, a monitoring system is provided that includes a passive backplane and one more functional circuits that can couple to the backplane. Each of the functional circuits that are coupled to the backplane can have access to all data that is delivered to the backplane. Therefore, resources (e.g., computing power, or other functionality) from each functional circuits can be shared by all active functional circuits that are coupled to the backplane. Because resources from each of the functional circuits can be shared, and because the functional circuits can be detachably coupled to the backplane, performance of the monitoring systems can be tailored to specific applications. For example, processing power can be increased by coupling additional processing circuits to the backplane.”
Barnawi (11073362) teaches “A system, method, and non-transitory computer readable medium that detects trajectories of unmanned aerial vehicles (UAV) approaching a protected site is described. Airborne defense agents (ADAs) located at a fixed radius from the protected and equidistant from one another detect acoustic signals emitted by an approaching UAV. Circuitry included in each ADA use the detected acoustic signals to determine a direction and a distance of each UAV. A base station having a control center (BS-CC) located in the protected site communicates with the ADAs to aggregate direction and distance data from the ADAs. Using the aggregated direction and distance data, the BS-CC predicts routes towards the protected site of the approaching UAV and alerts the protected site of the predicted route of the approaching UAV.”

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492