DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/09/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Amendment
Claims 1, 6, 8, 10, 12 and 14-15 have been amended and claims 16-27 have been added. Claims 1-27 are currently pending.

Response to Arguments
Applicant’s arguments (See pg. 10-11), filed on 09/08/2022, with respect to the rejection(s) of claim(s) 1, 12 and 14 under 35 USC 103 assert that the “user credentials” in MUTHUKUMARAN ‘818 is a “security context” not an “execution context” as claimed since the user credentials “solely concern the security context and have nothing to do with any execution context of the secret key”. Examiner respectfully disagrees. 
In the first place, there is no clear definition of what the execution context can be in the claims other than implying that the execution context would be associated with a secret key. With respect to the execution context, the para 0025 of the spec recites that a circuit is configured to execute software according to the execution context having different levels of security and/or confidentiality and the circuit is to authorize a use of the secret key according to these execution contexts. In light of this fact, it can be concluded that the execution context is closely tied to security and/or confidentiality and furthermore an execution of the secret key. MUTHUKUMARAN ‘818 (See FIG. 3 and para 0043) teaches that initial user credentials (e.g. passwords) are associated with a particular “security context” defining privileges and access control settings with the security environment of the device, where the user credentials are being used as an input to the key derivation function for generating the wrapping key by which the user key has been wrapped and stored for eventual use with the user credentials. Then, the wrapped user key (a secret key) is to be used for applying throttling policies (See para 0033). In particular, if the wrapped user key fails to be unwrapped (i.e. user credentials are incorrect), it enforces throttling policies (See FIG. 7 and para 0057). This process clearly shows that the user credentials do not merely concern the security context but have a substantial impact on the whole execution environment since wrong user credentials can result in the enforcement of throttling caused by the failure of unwrapping the user key.
Therefore, the applicant’s arguments overall are deemed unpersuasive and the rejections are hereby maintained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN et al., US-20210124818-A1 (hereinafter “MUTHUKUMARAN ‘818”) in view of Goel et al., US- 20170126414-A1 (hereinafter “Goel ‘414”).
Per claim 1 (independent):
MUTHUKUMARAN ‘818 discloses: An integrated circuit, comprising: a secure hardware environment configured to record a unique hardware key and comprising: 
a first logic circuit configured to generate a unique derived key from said unique hardware key and at least one piece of information, wherein said at least one piece of information concerns an execution context of a secret key
(FIG. 1, [0033], throttling user access to secure devices or secure data based on throttling policies (an execution context) linked to or associated with user access keys (a use of a secret key) … device components 102 (such as the hardware components within a System-on-a-Chip (SoC; an integrated circuit); FIG. 3, [0043], the hardware key manager 106 of FIG. 1 for enrolling user credentials and generating certain keys … obtains a HUK 301 (a unique hardware key) … An input device inputs initial user credentials 302, such as a newly-chosen password, which are associated with a particular security context (where the security context may define, e.g., privileges and access control settings with the security environment of the device; the execution context) … then generates or derives a wrapping key 308 (a unique derived key) from the user credentials 302 (the execution context) and the HUK 301 (the unique hardware key)  … a key generation component 310 controlled by the key manager generates a user root key 312 (a secret key).);
a first encryption device configured to perform a symmetric encryption operation of said secret key using said unique derived key (FIG. 3, [0043], The key manager applies the user root key 312 (the secret key) and the wrapping key 308 (the unique derived key) to a key wrapping component or function 314 (via a symmetric encryption operation) … generates and outputs a wrapped (encrypted) user key 318, which is then stored at 320 for eventual use with a newly-entered user credential; [0045], Any suitable key wrapping procedure … based on Advanced Encryption Standard (AES) algorithm … key wrapping constructions are a class of symmetric encryption algorithm.).

MUTHUKUMARAN ‘818 does not disclose but Goel ‘414 discloses: to deliver an encrypted secret key outside the secure hardware environment which results from performance of the symmetric encryption operation (FIG. 5, [0031], the authentication phase for IC chip validation … IC chip 502 (the secure hardware environment) includes PUF 516, AES-128 module 514 (the symmetric encryption operation), …  and public chip ID 518 … verifier 506, IC chip 502 sends encrypted key E(KM, KA (encrypted secret key)) and PublicChipID 518 to verifier 506 (outside of the secure hardware environment) in message 522.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 with the transmission of encrypted unique key KA along with a PublicChipID from an IC chip to a verifier as taught by Goel ‘414 because it would authenticate an IC chip in a more secure way by sending the encrypted unique key of a chip to a verifier. Additionally, Goel ‘414 is analogous to the claimed invention because it teaches a device for providing for authentication of an IC chip that uses a PUF without requiring the verifier to have access to a key database (See [0004]).

Per claim 22 (dependent on claim 1):
MUTHUKUMARAN ‘818 in view of Goel ‘414 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
MUTHUKUMARAN ‘818 discloses: The integrated circuit according to claim 1, wherein the execution context is a privileged/non-privileged execution context (FIG. 7, [0057], at 710, the input device 702 inputs a user credential … unwrap the user root key based upon input credential and the slot attributes or parameters asso­ciated with that key, at 712 … If the unwrap procedure is successful (privileged), at 714 … allow user access at 716 to the device itself (e.g. unlocking the smartphone) or to secure data within the device … if the unwrap operation fails (non-privileged), at 718, then the throttling components 706 enforce the throttling policy at 720 for the key based on the latest attributes or parameters stored in the corresponding slot or register.).

Claim(s) 2-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello et al., US-20160173282-A1 (hereinafter “Circello ‘282”). 
Per claim 2 (dependent on claim 1):
MUTHUKUMARAN ‘818 in view of Goel ‘414 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
MUTHUKUMARAN ‘818 in view of Goel ‘414 does not disclose but Circello ‘282 discloses: The integrated circuit according to claim 1, wherein the secure hardware environment further comprises a second encryption device configured to perform a further symmetric encryption operation of binary data using the secret key (FIG. 2A, [0017], an electronic device 220 that includes a processing system integrated circuit 102 and an external memory 130 … multiple unencrypted software images 202A-D (binary data) are used to form a complete or full encrypted software image 132; [0018], A first software image 202A (the binary data) is encrypted by encryption engine 204A (a second encryption device; AES (See FIG. 2A), i.e., a symmetric encryption operation) using a first secret key 206A (the secret key) to form a first encrypted software image 208A; [0019], a first key blob 211A includes the first secret key 206A and is encrypted by key wrap engine 214A (another encryption device) using a first key-encryption key (KEK) 212A.);
to deliver encrypted binary data outside the secure hardware environment which results from performance of the further symmetric encryption operation ([0018], A first software image 202A is encrypted by encryption engine 204A (the second encryption device) using a first secret key 206A to form a first encrypted software image 208A (encrypted binary data) … The resulting full encrypted software image 132 is stored in the external memory 130 (outside the secure hardware environment) within the electronic device 220.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 with the encryption of software images and secret keys used for scrambling the software images via two different encryption engines as taught by Circello ‘282 because it would help to protect software images by scrambling the software images and secret keys via two different encryption schemes. Additionally, Circello ‘282 is analogous to the claimed invention because it teaches methods and systems disclosing key management for on-the-fly hardware decryption within an integrated circuit (See [0012]).

Per claim 3 (dependent on claim 2):
MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference.
MUTHUKUMARAN ‘818 discloses: The integrated circuit according to claim 2, wherein the secure hardware environment further comprises a first decryption device configured to perform a decryption operation of an encrypted secret key using said unique derived key and to deliver a secret key resulting from performance of the operation decryption (FIG. 6, [0053], credential verification based on successful unwrapping (decrypting) of a previously-wrapped user root key (an encrypted secret key) that may be performed by the hardware key manager 106 of FIG. 1. The hardware unique key 602 is again obtained by the key manager 106 and user credentials for 604 are input by the user … The same key derivation function or component 606 of the key manager 106 used during the enrollment then processes the user credential 604 and the hardware unique key 602 to generate a (candidate) wrapping key 608 (the unique derived key); [0054], A key unwrap function or component 614 of the key manager 106 then attempts to unwrap (decrypting) the wrapped user key 612 (the encrypted secret key) using the wrapping key 608.).

Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 as applied to claim 3 above, and further in view of Yang et al., US-9735962-B1 (hereinafter “Yang ‘962”).
Per claim 4 (dependent on claim 3):
MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 discloses the elements detailed in the rejection of claim 3 above, incorporated herein by reference.
MUTHUKUMARAN ‘818 in view of Goel ‘414 does not disclose but Circello ‘282 discloses: The integrated circuit according to claim 3, wherein the second encryption device is also configured to perform an encryption operation of non-encrypted binary data using the secret key and to deliver encrypted binary data resulting from performance of the encryption operation (FIG. 2A, [0017], an electronic device 220 that includes a processing system integrated circuit 102 and an external memory 130 … multiple unencrypted software images 202A-D (binary data) are used to form a complete or full encrypted software image 132; [0018], A first software image 202A (the binary data) is encrypted by encryption engine 204A (the second encryption device) using a first secret key 206A (the secret key) to form a first encrypted software image 208A … The resulting full encrypted software image 132 is stored (delivered) in the external memory 130 within the electronic device 220; [0019], a first key blob 211A includes the first secret key 206A and is encrypted by key wrap engine 214A (another encryption device) using a first key-encryption key (KEK) 212A.).
Circello ‘282 does not teach that the first secret key (i.e. the secret key) used for encrypting data is delivered by a decryption unit. Yang ‘962 discloses: perform an encryption operation of non-encrypted binary data using the secret key delivered by the first decryption device ([Col. 1], ll. 39 – [Col. 2], ll. 15, for securing encryption keys in a data storage system based on three layer key wrapping … The encryption accelerator encrypts host data stored in a memory of the storage processor … ii) decrypting the encrypted key encryption key … to obtain a plaintext key encryption key (to be delivered by the first decryption device), iii) decrypting the encrypted data encryption key, using the plaintext key encryption key, to obtain a plaintext data encryption key (the secret key), iv) encrypting the set of host data (non-encrypted binary data) … v) deleting … plaintext key encryption key, and plaintext data encryption key).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 with the three layer wrapping of keys used for encrypting a set of host data in a storage processor where the encrypted data encryption key (the secret key) is to be decrypted before it is used as taught by Yang ‘962 because it would reduce a system vulnerability by less exposing unencrypted data encryption key. Additionally, Yang ‘962 is analogous to the claimed invention because it teaches securing encryption keys in a data storage system using three layer key wrapping (See Abstract).

Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 and Yang ‘962 as applied to claim 4 above, and further in view of Volkanov et al., US-10474831-B1 (hereinafter “Volkanov ‘831”).
Per claim 5 (dependent on claim 4):
MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 and Yang ‘962 discloses the elements detailed in the rejection of claim 4 above, incorporated herein by reference.
MUTHUKUMARAN ‘818 in view of Goel ‘414 and Yang ‘962 does not disclose but Circello ‘282 discloses: The integrated circuit according to claim 4, wherein the secure hardware environment further comprises a key register configured to record the secret key and to enable transmission of the recorded secret key to the second encryption device in order to encrypt non-encrypted binary data (FIG. 2A, [0017], an electronic device 220 that includes a processing system integrated circuit 102 and an external memory 130 … multiple unencrypted software images 202A-D (binary data) are used to form a complete or full encrypted software image 132; [0018], A first software image 202A (the binary data) is encrypted by encryption engine 204A (the second encryption device) using a first secret key 206A (the secret key) to form a first encrypted software image 208A; [0019], The encrypted key blob(s) 134 are formed by encrypting multiple different key blobs 211A, 2118, 211C, and 211D (a key register) with each key blob 211A-D including one of the secret keys 206A-D.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 and Yang ‘962 with the transmission of the secret keys obtained from the key blobs to each encryption engine as taught by Circello ‘282 because it would separately protect those software images from discovery by applying a unique secret key for encryption of each individual software image [0020].
Circello ‘282 does not explicitly suggest that the secret keys 206A-D (the secret key) is provided by a decryption device or not. Volkanov ‘831 discloses: a key register configured to record the secret key generated by the first decryption device and to enable transmission of the recorded secret key for an encryption to non-encrypted data (FIG. 9, [Col. 15], ll. 51- [Col. 16], ll. 8, the cryptoprocessor (the first decryption device) may then decrypt 916 the encrypted key manifest to produce a decrypted key manifest (a key register); FIG. 10, [Col. 16], ll.22-57, data 1002 (non-encrypted data) is received at a storage service system 1004 … The computation server 1006 encrypts the data 1002 as it is received (also referred to herein as encrypting "on the fly") using a file system abstraction layer 1012 … performs encryption on the file using the decrypted keys 1010 (the recorded secret key) obtained from the decrypted key manifest, which is obtained from the cryptoprocessor 1008.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 and Yang ‘962 with the encryption of data on the fly via a cryptoprocessor providing the decrypted key manifest as taught by Volkanov ‘831 because it would mitigate the effects of tampering by protecting the secret keys in the encrypted manifest [Col. 4], ll. 4-33. Additionally, Volkanov ‘831 is analogous to the claimed invention because it teaches that the cryptoprocessor may then verify the encrypted key manifest by, for example, verifying a signature or hash of the encrypted key manifest that is generated at provisioning time and stored in the cryptoprocessor (See [Col. 15], ll. 51-67).

Claim(s) 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Circello ‘282 in view of MUTHUKUMARAN ‘818. 
Per claim 12 (independent):
Circello ‘282 discloses: A method, comprising: encrypting a secret key in a secure hardware environment by: 
symmetric encrypting of the secret key using a KEK 
(FIG. 2A, [0017], an electronic device 220 that includes a processing system integrated circuit 102 and an external memory 130 … multiple unencrypted software images 202A-D are used to form a complete or full encrypted software image 132 … multiple key blobs 211A-D (a secret key) are also encrypted; [0019], a first key blob 211A includes the first secret key 206A (the secret key) and is encrypted by key wrap engine 214A (AES (See FIG. 2A), i.e. a symmetric encryption operation) using a first key-encryption key (KEK) 212A.).
Circello ‘282 does not teach how to generate the unique derived key used for the encryption of the secret key but instead, the KEK is used to encrypt the secret key. MUTHUKUMARAN ‘818 discloses: generating a unique derived key from a unique hardware key recorded in said secure hardware environment and at least one piece of information, wherein said at least one piece of information concerns an execution context of the secret key; encrypting of the secret key (FIG. 1, [0033], throttling user access to secure devices or secure data based on throttling policies (execution context) linked to or associated with user access keys (a use of the secret key) … device components 102 (such as the hardware components within a System-on-a-Chip (SoC); FIG. 3, [0043], the hardware key manager 106 of FIG. 1 for enrolling user credentials and generating certain keys … obtains a HUK 301 (a unique hardware key) … An input device inputs initial user credentials 302, such as a newly-chosen password, which are associated with a particular security context (where the security context may define, e.g., privileges and access control settings with the security environment of the device; an execution context) … then generates or derives a wrapping key 308 (a unique derived key) from the user credentials 302 (the execution context) and the HUK 301 (the unique hardware key)  … a key generation component 310 controlled by the key manager generates a user root key 312 (a secret key) … The key wrapping component 314 generates and outputs a wrapped user key 318 (encrypting of the secret key).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Circello ‘282 with the derivation of a wrapping key based on a unique hardware key and user credentials associated with a security context as taught by MUTHUKUMARAN ‘818 because it would prevent brute force attacks on user credentials more efficiently by using a hardware-based mechanism and a security context [0031][0043]. Additionally, MUTHUKUMARAN ‘818 is analogous to the claimed invention because it teaches throttling user access to secure devices or secure data based on throttling policies linked to or associated with user access keys (See [0033]).

Per claim 13 (dependent on 12):
Circello ‘282 in view of MUTHUKUMARAN ‘818 discloses the elements detailed in the rejection of claim 12 above, incorporated herein by reference.
Circello ‘282 discloses: The method of claim 12, further comprising:  
encrypting binary data in said secure hardware environment by: symmetric encrypting of the binary data using the secret key so as to obtain encrypted binary data 
(FIG. 2A, [0017], an electronic device 220 that includes a processing system integrated circuit 102 and an external memory 130 … multiple unencrypted software images 202A-D (binary data) are used to form a complete or full encrypted software image 132; [0018], A first software image 202A is encrypted by encryption engine 204A (AES (See FIG. 2A), i.e. a symmetric encryption operation) using a first secret key 206A (the secret key) to form a first encrypted software image 208A (encrypted binary data).).

Per claim 14 (independent):
Circello ‘282 discloses: A method, comprising: decrypting an encrypted secret key in a secure hardware environment by:  
decrypting the encrypted secret key using the KEK 
(FIG. 2B, [0021], The key blob unwrap engine 114 receives the encrypted key blob(s) 134 (an encrypted secret key) and decrypts them using the KEKs 212 to obtain the secret key(s) 206 …The software decryption engine 116 decrypts the encrypted code 256 using the secret key(s) 206.).
Circello ‘282 does not teach how to generate the unique derived key used for decryption but instead, the KEK is used to decrypt the secret key. MUTHUKUMARAN ‘818 discloses: generating a unique derived key from a unique hardware key recorded in said secure hardware environment and at least one piece of information, wherein said at least one piece of information concerns an execution context of the secret key; decrypting the encrypted secret key (FIG. 6, [0053], credential verification based on successful unwrapping (decrypting) of a previously-wrapped user root key (the encrypted secret key) that may be performed by the hardware key manager 106 of FIG. 1. The hardware unique key 602 (a unique hardware key) is again obtained by the key manager 106 and user credentials for 604 are input by the user … The same key derivation function or component 606 of the key manager 106 used during the enrollment then processes the user credential 604 and the hardware unique key 602 to generate a (candidate) wrapping key 608 (a unique derived key); [0054], A key unwrap function or component 614 of the key manager 106 then attempts to unwrap (decrypting) the wrapped user key 612 (the encrypted secret key) using the wrapping key 608 and the parameters or attributes 610 (an execution context and a use of the secret key) from the slot from the corresponding slot.; [0056], if unwrap operation succeeds, the provided user credential is valid and data can be successfully decrypted.). 

Per claim 15 (dependent on 14):
Circello ‘282 in view of MUTHUKUMARAN ‘818 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference.
Circello ‘282 discloses: The method of claim 14, further comprising: 
decrypting binary data in the secure hardware environment, wherein said binary data is encrypted using the secret key by:
decrypting the encrypted binary data using the recovered secret key 
(FIG. 2B, [0021], The key blob unwrap engine 114 receives the encrypted key blob(s) 134 (an encrypted secret key) and decrypts them using the KEKs 212 to obtain the secret key(s) 206 …The software decryption engine 116 decrypts the encrypted code 256 (the encrypted binary data) using the secret key(s) 206 (the recovered secret key).).
Circello ‘282 does not teach the secret key is recovered from the process of claim 14 starting from a unique hardware key. MUTHUKUMARAN ‘818 discloses: decrypting said encrypted secret key using said step of decrypting as recited in claim 14 so as to obtain a recovered secret key for use in data access (FIG. 6, [0053], credential verification based on successful unwrapping (decrypting) of a previously-wrapped user root key (the encrypted secret key) that may be performed by the hardware key manager 106 of FIG. 1. The hardware unique key 602 (a unique hardware key) is again obtained by the key manager 106 and user credentials for 604 are input by the user … The same key derivation function or component 606 of the key manager 106 used during the enrollment then processes the user credential 604 and the hardware unique key 602 to generate a (candidate) wrapping key 608 (a unique derived key); [0054], A key unwrap function or component 614 of the key manager 106 then attempts to unwrap (decrypting) the wrapped user key 612 (the encrypted secret key) using the wrapping key 608; [0056], if unwrap operation succeeds, the provided user credential is valid and data can be successfully decrypted.).

Claim(s) 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and Falk et al., US-20220150056-A1 (hereinafter “Falk ‘056”).
Per claim 23 (dependent on claim 1):
MUTHUKUMARAN ‘818 in view of Goel ‘414 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
MUTHUKUMARAN ‘818 in view of Goel ‘414 does not disclose but Falk ‘056 discloses: The integrated circuit according to claim 1, wherein the execution context is a secure/non-secure execution context ([0035], If a key is intended to be derived, the RM-KDF (in the integrated circuit) measured values (for example one-way or hash values of files) are taken from the runtime environment R … All of the measured values M, which may be maintained for example with a running hash value, then serve, together with a master key MK, as input parameters for a key derivation function KDF … If the state of a measured runtime component, due to an attack, no longer corresponds to that expected, for example due to an attacker starting a process for which no provision is made in the state, the derived key is also changed, i.e. non-secure status. Objects protected by the key are thus accessible only in states of the runtime environment that are defined as valid, i.e. secure status, where the derived key remains the same.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 with the generation of a derived key based on a master key and the measured values of runtime environment running processes as taught by Falk ‘056 because it would protect objects in an efficient way via the derived key that determines whether the state of the runtime environment is valid (secure) or not. Additionally, Falk ‘056 is analogous to the claimed invention because it teaches a method for configuring a security module with at least one derived key based on an alterable digital fingerprint as key derivation parameter [ABSTRACT].

Claim(s) 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and CASTILLO, US-20190268169-A1 (hereinafter “CASTILLO ‘169”).
Per claim 24 (independent):
MUTHUKUMARAN ‘818 discloses: An integrated circuit, comprising: a secure hardware environment configured to record a unique hardware key and comprising: 
a first logic circuit configured to generate a unique derived key from said unique hardware key and information specifying an execution context of a secret key
(FIG. 1, [0033], throttling user access to secure devices or secure data based on throttling policies linked to or associated with user access keys … device components 102 (such as the hardware components within a System-on-a-Chip (SoC; an integrated circuit); FIG. 3, [0043], the hardware key manager 106 of FIG. 1 for enrolling user credentials and generating certain keys … obtains a HUK 301 (a unique hardware key) … An input device inputs initial user credentials 302, such as a newly-chosen password, which are associated with a particular security context (where the security context may define, e.g., privileges and access control settings with the security environment of the device; an execution context) … then generates or derives a wrapping key 308 (a unique derived key) from the user credentials 302 and the HUK 301 (the unique hardware key)  … a key generation component 310 controlled by the key manager generates a user root key 312 (a secret key).);
a first encryption device configured to perform a symmetric encryption operation of said secret key using said unique derived key (FIG. 3, [0043], The key manager applies the user root key 312 (the secret key) and the wrapping key 308 (the unique derived key) to a key wrapping component or function 314 (via a symmetric encryption operation) … generates and outputs a wrapped (encrypted) user key 318, which is then stored at 320 for eventual use with a newly-entered user credential; [0045], Any suitable key wrapping procedure … based on Advanced Encryption Standard (AES) algorithm … key wrapping constructions are a class of symmetric encryption algorithm.).

MUTHUKUMARAN ‘818 does not disclose but Goel ‘414 discloses: to deliver an encrypted secret key outside the secure hardware environment which results from performance of the symmetric encryption operation (FIG. 5, [0031], the authentication phase for IC chip validation … IC chip 502 (the secure hardware environment) includes PUF 516, AES-128 module 514 (the symmetric encryption operation), …  and public chip ID 518 … verifier 506, IC chip 502 sends encrypted key E(KM, KA (encrypted secret key)) and PublicChipID 518 to verifier 506 (outside of the secure hardware environment) in message 522.).

MUTHUKUMARAN ‘818 in view of Goel ‘414 does not disclose but CASTILLO ‘169 discloses: generate a unique derived key from a unique hardware key and information which specifies a duration of use of the derived key (FIG. 2, [0048], a request 213 to generate a new derived key (a unique derived key) … sent together with a set of at least one validity parameter defining the access rules … For example, the validity parameters include an expiration date (a duration of use of the derived key) after which the derived key will not be usable anymore; [0050], The master key MK is securely stored in a secure enclave embedded into the physical key 202; [0051], the DK is derived from the master key MK and a set of at least one validity parameters.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 with the generation of a derived key based on the master key stored in a physical key and a set of validity parameters via a mobile application as taught by CASTILLO ‘169 because it would efficiently control an access to resources (especially for a vehicle) by adjusting the access rules contained in validity parameters. Additionally, CASTILLO ‘169 is analogous to the claimed invention because it teaches the system provisioning a mobile application by a derived key for accessing to the resources of a car [0046].

Claim(s) 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and CASTILLO ‘169 and Circello ‘282.
Per claim 25 (dependent on claim 24):
MUTHUKUMARAN ‘818 in view of Goel ‘414 and CASTILLO ‘169 discloses the elements detailed in the rejection of claim 24 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Claim(s) 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and Falk ‘056.
Per claim 26 (independent):
MUTHUKUMARAN ‘818 discloses: An integrated circuit, comprising: a secure hardware environment configured to record a unique hardware key and comprising: 
a first logic circuit configured to generate a unique derived key from said unique hardware key and information specifying an execution context of a secret key
(FIG. 1, [0033], throttling user access to secure devices or secure data based on throttling policies linked to or associated with user access keys … device components 102 (such as the hardware components within a System-on-a-Chip (SoC; an integrated circuit); FIG. 3, [0043], the hardware key manager 106 of FIG. 1 for enrolling user credentials and generating certain keys … obtains a HUK 301 (a unique hardware key) … An input device inputs initial user credentials 302, such as a newly-chosen password, which are associated with a particular security context (where the security context may define, e.g., privileges and access control settings with the security environment of the device; an execution context) … then generates or derives a wrapping key 308 (a unique derived key) from the user credentials 302 and the HUK 301 (the unique hardware key)  … a key generation component 310 controlled by the key manager generates a user root key 312 (a secret key).);
a first encryption device configured to perform a symmetric encryption operation of said secret key using said unique derived key (FIG. 3, [0043], The key manager applies the user root key 312 (the secret key) and the wrapping key 308 (the unique derived key) to a key wrapping component or function 314 (via a symmetric encryption operation) … generates and outputs a wrapped (encrypted) user key 318, which is then stored at 320 for eventual use with a newly-entered user credential; [0045], Any suitable key wrapping procedure … based on Advanced Encryption Standard (AES) algorithm … key wrapping constructions are a class of symmetric encryption algorithm.).

MUTHUKUMARAN ‘818 does not disclose but Goel ‘414 discloses: to deliver an encrypted secret key outside the secure hardware environment which results from performance of the symmetric encryption operation (FIG. 5, [0031], the authentication phase for IC chip validation … IC chip 502 (the secure hardware environment) includes PUF 516, AES-128 module 514 (the symmetric encryption operation), …  and public chip ID 518 … verifier 506, IC chip 502 sends encrypted key E(KM, KA (encrypted secret key)) and PublicChipID 518 to verifier 506 (outside of the secure hardware environment) in message 522.).

MUTHUKUMARAN ‘818 in view of Goel ‘414 does not disclose but Falk ‘056 discloses: a first logic circuit configured to generate a unique derived key from a unique hardware key and information obtained by root of trust which specifies a use of the derived key by software ([0035], If a key (a unique derived key) is intended to be derived, the RM-KDF (root of trust) measured values (for example one-way or hash values of files, i.e. software) are taken from the runtime environment R (obtained by the root of trust) … All of the measured values M (information), which may be maintained for example with a running hash value, then serve, together with a master key MK (a unique hardware key), as input parameters for a key derivation function KDF … If the state of a measured runtime component, due to an attack, no longer corresponds to that expected, for example due to an attacker starting a process for which no provision is made in the state, the derived key is also changed. Objects protected by the key are thus accessible only in states of the runtime environment that are defined as valid, i.e. the current derived key is no longer used to access the protected objects if there is a change on the hash values of files (software) because a new key is to be derived based on the change; [0038], Multiple options for measurable runtime properties (information) … combined as desired to form a measurement policy MP; [0042], Meta information about running processes P (software) … the user under which a process is running, what process started it (process tree/parent-child relationship of processes/"process chain"), process priority, process number.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MUTHUKUMARAN ‘818 in view of Goel ‘414 with the generation of a derived key based on a master key and the measured values of runtime environment running processes as taught by Falk ‘056 because when the state of a measured runtime component, due to an attack, no longer corresponds to that expected, for example due to an attacker starting a process for which no provision is made in the state, objects protected by the key are not accessible as the derived key is also changed, i.e. causing the state of the runtime environment to be invalid [0035]. 

Claim(s) 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over MUTHUKUMARAN ‘818 in view of Goel ‘414 and Falk ‘056 and Circello ‘282.
Per claim 27 (dependent on claim 26):
MUTHUKUMARAN ‘818 in view of Goel ‘414 and Falk ‘056 discloses the elements detailed in the rejection of claim 26 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Allowable Subject Matter
Claim(s) 6-11 and 16-21 is/are allowed.
Regarding claim 6, the prior art of record (MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282) does not disclose “a secure hardware environment … comprising: 
a first decryption device configured to perform a decryption operation of an encrypted secret key using said unique derived key and to deliver a secret key resulting from performance of the operation decryption; and
a second decryption device configured to perform a further decryption operation of encrypted binary data using the secret key delivered by the first decryption device and to deliver non-encrypted binary data resulting from performance of the further decryption operation” in the recited context.
Rather, MUTHUKUMARAN ‘818 teaches hardware-based component for throttling user access to secure devices or data based on throttling policies associated with user access keys, which are generated by user credentials and a user root key as an enrolling process and then, a key manager attempts to verify the credentials inputted by a user such that if the credential is not verified, the key manager triggers timer-based throttling of a next access to the device. In the embodiments of this reference, it does not explicitly disclose “a first and second decryption device” decrypting “an encrypted secret key and encrypted binary data” respectively. Goel ‘414 discloses a device for providing for authentication of an IC chip that uses a PUF, where the chip (a secure hardware environment) sends an encrypted key to a verifier, however the chip lacks the decryption device and/or the decryption operation as claimed. Circello ‘282 teaches that a plurality of encryption engines is used to encrypt software images (binary data) by symmetric encryption operations and the resulting encrypted software images are delivered to an external memory. This reference only recites a multiple of encryption engines performing encryption operations on binary data, however it does not teach anything about the decryption engine performing decryption operations on an encrypted key and a binary data. Dependent claims 7 and 16-17 are allowed in view of their respective dependence from claims.

Regarding claim 8, the prior art of record (MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 and Yang ‘962 and Volkanov ‘831) does not disclose “the integrated circuit is configured to authorize a use of the secret key according to the execution contexts if a protection of the secret key is removed by software after the secret key is recorded in the key register and if the key is not exclusive to a single execution context” in the recited context.
Rather, MUTHUKUMARAN ‘818 and Goel ‘414 and Circello ‘282 do not teach “the execution context” related to a protection of the secret key depending on the removal request activated by software for the same reasons detailed with respect to claim 6. To this, Yang ‘962 discloses securing encryption keys in a data storage system based on three layer key wrapping, where the encrypted encryption keys are decrypted by a key encryption key prior to encrypting the set of host data, but this reference does not recite “a protection of the secret key is removed by software after the recording of the secret key”. Volkanov ‘831 teaches the cryptoprocessor decrypting the encrypted key manifest to produce a decrypted key manifest (a key register) on which data is encrypted on the fly by the decrypted keys that were protected in the encrypted manifest, however this reference also does not indicate “a protection of the secret key is removed by software after the recording of the secret key”. Dependent claims 9 and 18-19 are allowed in view of their respective dependence from claims.

Regarding claim 10, the prior art of record (MUTHUKUMARAN ‘818 in view of Goel ‘414 and Circello ‘282 and Yang ‘962 and Volkanov ‘831) does not disclose “the integrated circuit is configured to authorize a use of the secret key according to the execution contexts if a protection of the secret key is removed by software after the secret key is recorded in the key register and if the key is not exclusive to a single execution context” in the recited context.
This limitation of claim 10 is allowed for the same reasons detailed with respect to claim 8 since the limitation is identical with claim 8. Dependent claims 11 and 20-21 are allowed in view of their respective dependence from claims.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332. The examiner can normally be reached Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA can be reached on (571)272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANGSEOK PARK/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499