DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 07/29/2022. In the instant Amendment, Claims 1 and 17 have been amended. Claims 1 and 17 are independent claims.  Claims 1-18 have been examined and are pending.  This Action is made FINAL.

Response to Arguments	
Applicant’s arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 07/29/2022 with respect to the rejections of claims 1-18 have been fully considered but are not persuasive.
As to independent claims 1 and 17, Applicants stated in arguments that the combination of Keung (US 20140281502) and Takashima (US 20070186110) fails to disclose "a security data processing device on which first data comprising a cryptographic certificate has been stored."  (Applicant Arguments/Remarks, 07/29/2022, pages 8-9).
The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of Keung and Takashima do disclose the cited limitations. For example, Keung discloses a security data processing device on which first data comprising a cryptographic certificate has been stored (Keung: par 0040; fig. 3; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret; par 0041; the device receives the signed digital leaf certificate [] and stores [i.e., cryptographic certificate]).
As to independent claims 1 and 17, Applicants stated in arguments that the combination of Keung (US 20140281502) and Takashima (US 20070186110) fails to disclose “obtaining, from said cryptographic certificate stored on the security data processing device, an indication of at least one of a model and a manufacturer of a target processing device.”  (Applicant Arguments/Remarks, 07/29/2022, page 9).
The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of Keung and Takashima do disclose the cited limitations. For example, Keung discloses obtaining, from said cryptographic certificate stored on the security data processing device, an indication of at least one of a model and a manufacturer of a target processing device (Keung: par 0042; fig. 3; transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate [] the service enabling entity receives the service request; par 0040; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret; par 0078; digital certificates under a certificate for a class or category of devices (e.g. based on device model, manufacturer)).
As to independent claims 1 and 17, Applicants stated in arguments that the combination of Keung (US 20140281502) and Takashima (US 20070186110) fails to disclose “verifying that said indication of at least one of a model and a manufacturer of a target processing device obtained from the device cryptographic certificate corresponds to said indication of at least one of a model and a manufacturer of a target data processing device obtained from the cryptographic certificate stored on the security data processing device.” (Applicant Arguments/Remarks, 07/29/2022, page 9).
The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of Keung and Takashima do disclose the cited limitations. For example, Keung discloses verifying that said indication of at least one of a model and a manufacturer of a target processing device obtained from the device cryptographic certificate corresponds to said indication of at least one of a model and a manufacturer of a target data processing device obtained from the cryptographic certificate stored on the security data processing device (Keung: par 0039; fig. 3; the service enabling entity receives the device identifier/secret [i.e., device certificate] and stores them; par 0042; transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate [i.e., cryptographic certificate] [] the service enabling entity receives the service request; par 0040; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret; par 0078; digital certificates under a certificate for a class or category of devices (e.g. based on device model, manufacturer); par 0051; the service enabling entity-generated version of the cryptographic function of the secret associated with the identifier of the device making the service request is compare to the certification entity-generated version of the secret obtained from the digital certificate; par 0054; if match, enables provision of the requested service). 
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (313) 446-6644 to schedule an interview.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 6 and 8-18 are rejected under 35 U.S.C. 103 as being unpatentable over Keung et al. (“Keung,” US 20140281502, published on 09/18/2014) in view of Takashima et al. (“Takashima,” US 20070186110, published on 08/09/2007)

Regarding Claim 1; 
Keung discloses a method of storing data on target data processing devices, the method performed by a security data processing device on which first data comprising a cryptographic certificate has been stored (par 0040; fig. 3; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret; par 0041; the device receives the signed digital leaf certificate [] and stores [i.e., cryptographic certificate]),
wherein the security data processing device is a separate device to the target data processing devices (par 0023; fig. 1; one or more service entities or devices (referred to as device or devices), and a service enabling entity), 

the method comprising, for each target data processing device: obtaining, from said cryptographic certificate stored on the security data processing device, an indication of at least one of a model and a manufacturer of a target processing device (par 0042; fig. 3; transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate [] the service enabling entity receives the service request; par 0040; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret; par 0078; digital certificates under a certificate for a class or category of devices (e.g. based on device model, manufacturer));
obtaining a device cryptographic certificate from the target data processing device, the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity (par 0039; fig. 3; the service enabling entity receives the device identifier/secret and stores them; par 0035; the certification entity includes a database or other memory storing each of the device identifiers ID for each of the devices. The database also stores a secret for each device. The secret is unique to the device. The secret generated by the certification entity; par 0051; the service enabling entity-generated version of the cryptographic function of the secret associated with the identifier of the device making the service request is compare to the certification entity-generated version of the secret obtained from the digital certificate; par 0054; if match, enables provision of the requested service);
obtaining, from the device cryptographic certificate, an indication of at least one of a model and a manufacturer of the target data processing device (par 0039; fig. 3; the service enabling entity receives the device identifier/secret and stores them; par 0028; device identifiers and secrets for use in obtaining requested services; par 0035; the certification entity includes a database or other memory storing each of the device identifiers ID for each of the devices. The database also stores a secret for each device. The secret is unique to the device. The secret generated by the certification entity; par 0051; the service enabling entity-generated version of the cryptographic function of the secret associated with the identifier of the device making the service request is compare to the certification entity-generated version of the secret obtained from the digital certificate);
verifying the device cryptographic certificate as having been generated by the trusted entity (par 0039; fig. 3; the service enabling entity receives the device identifier/secret; par 0035; the certification entity includes a database or other memory storing each of the device identifiers ID for each of the devices. The database also stores a secret for each device. The secret is unique to the device. The secret generated by the certification entity; par 0051; the service enabling entity-generated version of the cryptographic function of the secret associated with the identifier of the device making the service request is compare to the certification entity-generated version of the secret obtained from the digital certificate; par 0054; if match, enables provision of the requested service); 
verifying that said indication of at least one of a model and a manufacturer of a target processing device obtained from the device cryptographic certificate corresponds to said indication of at least one of a model and a manufacturer of a target data processing device obtained from the cryptographic certificate stored on the security data processing device (par 0039; fig. 3; the service enabling entity receives the device identifier/secret [i.e., device certificate] and stores them; par 0042; transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate [i.e., cryptographic certificate] [] the service enabling entity receives the service request; par 0040; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret; par 0078; digital certificates under a certificate for a class or category of devices (e.g. based on device model, manufacturer); par 0051; the service enabling entity-generated version of the cryptographic function of the secret associated with the identifier of the device making the service request is compare to the certification entity-generated version of the secret obtained from the digital certificate; par 0054; if match, enables provision of the requested service), and 
in response to a successful verification (par 0054; if match, enables provision of the requested service). 
Keung discloses device identifier/secret as recited above, but do not explicitly disclose device cryptographic certificate; generating second data using the first data; and storing the second data on the target data processing device.
However, in an analogous art, Takashima discloses medium manufacturing system/method that includes:
device cryptographic certificate (Takashima: par 0103; the device or the model/version certificate is a public key certificate stored with a public key; par 0017; a model/version certificate stored with a model identifier or version identifier corresponding to a model or version of an information processing apparatus and a model/version public key; par 0212; the secure VM performs a process of verifying the validity of the device certificate or the model/version certificate; If the validity is confirmed, there is executed a process of acquiring identification information or attribute information corresponding to an information processing apparatus or a contents use application, that is, manufacturer, type, version, or serial number of an apparatus or application from information recorded in the certificate);
generating second data using the first data (Takashima: par 0044; in the creating of the content code file, a content code file stored with a code for apparatus checking process, which causes an apparatus checking process applying an apparatus certificate stored in a memory of each information processing apparatus to be executed, and a content code file stored with a security check code that is selected and executed on the basis of an apparatus identifier checked in the apparatus checking process are created); and 
storing the second data on the target data processing device (Takashima: par 0044; a content code file stored with a security check code that is selected and executed on the basis of an apparatus identifier checked in the apparatus checking process are created).  
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Takashima with the method/system of Keung to include device cryptographic certificate; generating second data using the first data; and storing the second data on the target data processing device. One would have been motivated to stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes (Takashima: abstract).

Regarding Claim 2; 
The combination of Keung and Takashima disclose the method according to claim 1, 
Keung discloses receiving encrypted first data, storing the encrypted first data on the security data processing device, and, using the security data processing device, decrypting the encrypted first data and storing them on the security data processing device (Keung: par 0038; the certification entity transmits a device identifier and the associated secret to the service enabling facility [] the device/secret pair encrypted by the certification entity before transmission; par 0057; the certification entity need not provide a list of the device identifier/secret pairs to the service enabling entity, but provides the global provisioning key K that was used to encrypt the secrets embedded in the digital certificates provided to each device. Alternatively, if the encryption algorithm is asymmetric, the certification entity and the service enabling entity may agree on the global pair of encryption and decryption keys, such that the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret; par 0042; the device transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate that the device received from the certification entity). 

Regarding Claim 6; 
The combination of Keung and Takashima disclose the method according to claim 2,
Keung discloses wherein receiving the encrypted first data comprises receiving them on the security data processing device via an Internet connection (Keung: par 0070; the device receives the digital certificate and the secret [] information is transmitted by using a secure transmission channel).   
Takashima further discloses via an Internet connection (Takashima: par 0395; the program may be wirelessly transmitted to the computer or wire-transmitted to the computer through a network, such as a LAN (local area network) or internet).  
One would have been motivated to stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes (Takashima: abstract).



Regarding Claim 8; 
The combination of Keung and Takashima disclose the method according to claim 2,
Keung discloses wherein receiving encrypted first data comprises the security data processing device receiving a public key of a first public key encryption key pair (Keung: par 0038; encryption by use of public/private key pairs; par 0057; the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret), transmitting a public key of a second public key encryption key pair stored on the security data processing device, combining the public key of the first key pair with a private key of the second key pair to produce a shared key, receiving encrypted first data that have been encrypted using the shared key, and decrypting the encrypted first data using the shared key (Keung: par 0038; the certification entity transmits a device identifier and the associated secret to the service enabling facility [] the device/secret pair encrypted by the certification entity before transmission; par 0057; the certification entity need not provide a list of the device identifier/secret pairs to the service enabling entity, but provides the global provisioning key K that was used to encrypt the secrets embedded in the digital certificates provided to each device. Alternatively, if the encryption algorithm is asymmetric, the certification entity and the service enabling entity may agree on the global pair of encryption and decryption keys, such that the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret; par 0042; the device transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate that the device received from the certification entity).  

Regarding Claim 9; 
The combination of Keung and Takashima disclose the method according to claim 1, 
Keung discloses wherein the first data comprise computer-readable instructions for use by the security data processing device (Keung: par 0086; fig. 5; the operating system and the computer program are comprised of computer program instructions which, when accessed, read and executed by the computer, causes the computer to perform the steps necessary to implement).  

Regarding Claim 10; 
The combination of Keung and Takashima disclose the method according to claim 1, 
Keung discloses wherein the first data comprise program code for execution by the target data processing devices (Keung: par 0086; fig. 5; the operating system and the computer program are comprised of computer program instructions which, when accessed, read and executed by the computer, causes the computer to perform the steps necessary to implement).  

 
Regarding Claim 11; 
The combination of Keung and Takashima disclose the method according to claim 1,
Takashima discloses wherein the first data comprise configuration data that determine the operation of program code stored on the target data processing devices (Takashima: par 0214; the information processing apparatus performs a process of verifying the validity of at least one of the device certificate and the model/version certificate. If the validity is confirmed, the information processing apparatus determines an application that uses an information processing apparatus or contents on the basis of record information of the certificate, selects a security check code corresponding to the determined information, executes security check processing based on the selected code, and calculates parameters necessary for conversion of contents in the data conversion processing in which the conversion table is applied).  
One would have been motivated to stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes (Takashima: abstract).

Regarding Claim 12; 
  The combination of Keung and Takashima disclose the method according to claim 10,
Takashima discloses wherein generating the second data further comprises encrypting the at least part of the first data (Takashima: par 0332; These content code files have content codes prepared on the assumption that a part of the content code is encrypted by using a key specific to a model/version/device, that is, a node key or device specific key, a model key, or a version key).  
One would have been motivated to stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes (Takashima: abstract).
 
Regarding Claim 13; 
The combination of Keung and Takashima disclose the method according to claim 1, 
Keung discloses wherein the first data comprise a private key of a public key cryptographic key pair (Keung: par 0038; fig. 2;  encryption by use of public/private key pairs; par 0057; the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret), 

Regarding Claim 14; 
The combination of Keung and Takashima disclose the method according to claim 13, 
Takashima further discloses wherein generating the second data using the first data comprises, for each target data processing device, generating a further cryptographic certificate for the target data processing device by signing the device cryptographic certificate using the private key (Takashima: par 0044; in the creating of the content code file, a content code file stored with a code for apparatus checking process, which causes an apparatus checking process applying an apparatus certificate stored in a memory of each information processing apparatus to be executed; par 0037; in the executing of the apparatus checking process, validity of the apparatus certificate is checked by a process of verifying a signature set in the apparatus certificate, new signature data is created by using a private key stored in a memory of the information processing apparatus).  
One would have been motivated to stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes (Takashima: abstract).

Regarding Claim 15; 
The combination of Keung and Takashima disclose the method according to claim 14,
 Keung disclose wherein generating the further cryptographic certificate further comprises signing the device certificate and a device identifier for the target data processing device using the private key (Keung: par 0040; fig. 2; the certification entity generates a digital certificate having the identifier of the device and the cryptographic function of the secret. The resulting leaf certificate, may be signed; par 0042; the device transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate that the device received from the certification entity; par 0057; the certification entity need not provide a list of the device identifier/secret pairs to the service enabling entity, but provides the global provisioning key K that was used to encrypt the secrets embedded in the digital certificates provided to each device. Alternatively, if the encryption algorithm is asymmetric, the certification entity and the service enabling entity may agree on the global pair of encryption and decryption keys, such that the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret).  

Regarding Claim 16; 
The combination of Keung and Takashima disclose the method according to claim 2, 
Takashima discloses wherein receiving the encrypted first data and the value comprise receiving a cryptographic certificate comprising the encrypted first data and an encrypted value of the permitted number of target data processing devices (Takashima: par 0237; The model/version private key and the model/version certificate correspond to a private key and a public key certificate stored with a public key in a public key encryption system; par 0238; the model/version certificate is configured as a certificate set corresponding to codes; if model/version certificates have different values of X, Y, and Z, the model/version certificates are set as different certificates).
One would have been motivated to stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes (Takashima: abstract).

Regarding Claim 17;
This Claim recites a device that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Regarding Claim 18; 
The combination of Keung and Takashima disclose the security data processing device according to claim 17, 
Keung discloses wherein the security data processing device is operable to receive an encrypted cryptographic certificate that includes the first data and instructions executable by the processor, to decrypt the encrypted cryptographic certificate, to verify the cryptographic certificate as having been generated by a trusted entity using a public key of the trusted entity (Keung: par 0032; fig. 2; the service enabling entity performs a verification; par 0050; the service enabling entity uses the device identifier look up the secret associated with the device that sent the service request, and, using the same cryptographic function as the certification entity generates its own version of the cryptographic function of the secret; par 0054; if match, enables provision of the requested service; par 0038; the certification entity transmits a device identifier and the associated secret to the service enabling facility [] the device/secret pair encrypted by the certification entity before transmission; par 0057; the certification entity need not provide a list of the device identifier/secret pairs to the service enabling entity, but provides the global provisioning key K that was used to encrypt the secrets embedded in the digital certificates provided to each device. Alternatively, if the encryption algorithm is asymmetric, the certification entity and the service enabling entity may agree on the global pair of encryption and decryption keys, such that the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret; par 0042; the device transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate that the device received from the certification entity) 



 
Claims 3-5 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Keung et al. (US 20140281502) in view of Takashima et al. (US 20070186110) and further in view of Kean et al. (“Kean,” US 20020199110, published 12/26/2002)

Regarding Claim 3; 
Keung in combination with Takashima disclose the method according to claim 2, 
Keung in combination with Takashima disclose all the limitations as recited above, but do not explicitly disclose receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices.  
However, in an analogous art, Kean discloses programmable gate array system/method that includes:
receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device (Kean: par 0099; the customer buys licenses in blocks from core vendors and the TEP merely maintains a count of available licenses for a given core, decrementing the count each time the core is configured; par 0102; hardware devices such as smartcards or tokens provided by the TEP can be connected to the designer or customer's computer to undertake cryptographic tasks and shield secret information such as cryptographic keys; par 0107; for additional security, the secret information is stored on and encryption is carried out by a hardware token or smartcard coupled to the software running on the user computer); and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed and refusing to program chips once the licenses were exhausted); if so, obtain and verify the device cryptographic certificate (Kean: par 0016; the identification code of the programmable integrated circuit may be determined by accessing a JTAG interface of the programmable integrated circuit. The programmable integrated circuit may be an FPGA. Obtaining an encryption key may include looking up in a database an encryption key associated with the identification code. Obtaining an encryption key may include generating the encryption key using the identification code. Obtaining an encryption key may include loading an encrypted header file into the programmable integrated circuit), generate and store the second data certificate (Kean: par 0016; obtaining an encryption key may include generating the encryption key using the identification code), and decrement the value of the permitted number of target data processing devices (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kean with the method/system of Keung and Takashima to include receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices. One would have been motivated to associate a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream. This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA (Kean: abstract).

Regarding Claim 4; 
Keung in combination with Takashima disclose the method according to claim 1,
Keung in combination with Takashima disclose all the limitations as recited above, but do not explicitly disclose receiving the security data processing device on which have been stored the first data and a value of a permitted number of target data processing devices on which the second data are permitted to be stored; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices.  
However, in an analogous art, Kean discloses programmable gate array system/method that includes:
receiving the security data processing device on which have been stored the first data and a value of a permitted number of target data processing devices on which the second data are permitted to be stored (Kean: par 0099; the customer buys licenses in blocks from core vendors and the TEP merely maintains a count of available licenses for a given core, decrementing the count each time the core is configured; par 0102; hardware devices such as smartcards or tokens provided by the TEP can be connected to the designer or customer's computer to undertake cryptographic tasks and shield secret information such as cryptographic keys; par 0107; for additional security, the secret information is stored on and encryption is carried out by a hardware token or smartcard coupled to the software running on the user computer); and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed and refusing to program chips once the licenses were exhausted); if so, obtain and verify the device cryptographic certificate (Kean: par 0016; the identification code of the programmable integrated circuit may be determined by accessing a JTAG interface of the programmable integrated circuit. The programmable integrated circuit may be an FPGA. Obtaining an encryption key may include looking up in a database an encryption key associated with the identification code. Obtaining an encryption key may include generating the encryption key using the identification code. Obtaining an encryption key may include loading an encrypted header file into the programmable integrated circuit), generate and store the second data (Kean: par 0016; obtaining an encryption key may include generating the encryption key using the identification code), and decrement the value of the permitted number of target data processing devices (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed).  
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kean with the method/system of Keung and Takashima to include receiving the security data processing device on which have been stored the first data and a value of a permitted number of target data processing devices on which the second data are permitted to be stored; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices. One would have been motivated to associate a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream. This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA (Kean: abstract).

Regarding Claim 5; 
Keung in combination with Takashima disclose the method according to claim 1, 
Keung in combination with Takashima disclose all the limitations as recited above, but do not explicitly disclose receiving the security data processing device on which have been stored the first data and receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices.  
However, in an analogous art, Kean discloses programmable gate array system/method that includes:
receiving the security data processing device on which have been stored the first data and receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device (Kean: par 0099; the customer buys licenses in blocks from core vendors and the TEP merely maintains a count of available licenses for a given core, decrementing the count each time the core is configured; par 0102; hardware devices such as smartcards or tokens provided by the TEP can be connected to the designer or customer's computer to undertake cryptographic tasks and shield secret information such as cryptographic keys; par 0107; for additional security, the secret information is stored on and encryption is carried out by a hardware token or smartcard coupled to the software running on the user computer); and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed and refusing to program chips once the licenses were exhausted); if so, obtain and verify the device cryptographic certificate (Kean: par 0016; the identification code of the programmable integrated circuit may be determined by accessing a JTAG interface of the programmable integrated circuit. The programmable integrated circuit may be an FPGA. Obtaining an encryption key may include looking up in a database an encryption key associated with the identification code. Obtaining an encryption key may include generating the encryption key using the identification code. Obtaining an encryption key may include loading an encrypted header file into the programmable integrated circuit), generate and store the second data (Kean: par 0016; obtaining an encryption key may include generating the encryption key using the identification code), and decrement the value of the permitted number of target data processing devices (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kean with the method/system of Keung and Takashima to include receiving the security data processing device on which have been stored the first data and receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices. One would have been motivated to associate a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream. This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA (Kean: abstract).
Regarding Claim 7; 
Keung in combination with Takashima disclose the method according to claim 3, 
Keung discloses receiving an encrypted value, and using the security data processing device to decrypt the encrypted value and store the decrypted value on the security data processing device (Keung: par 0038; the certification entity transmits a device identifier and the associated secret to the service enabling facility [] the device/secret pair encrypted by the certification entity before transmission; par 0057; the certification entity need not provide a list of the device identifier/secret pairs to the service enabling entity, but provides the global provisioning key K that was used to encrypt the secrets embedded in the digital certificates provided to each device. Alternatively, if the encryption algorithm is asymmetric, the certification entity and the service enabling entity may agree on the global pair of encryption and decryption keys, such that the certification entity will use the encryption key for encrypting the secret, and the service enabling entity will use the corresponding decryption key for decrypting the secret; par 0042; the device transmits a service request to the service enabling entity. The service request includes the signed digital leaf certificate that the device received from the certification entity). 
  
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.W./Examiner, Art Unit 2439



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439