DETAILED ACTION
1.	Claims 1-20 are pending in this examination.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Response to Arguments
4.	Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.  

Claim Rejections - 35 USC § 103
5.1.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


5.2.	Claims 1-5, 8-11, and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20130055335 to CHIEN et al (“CHIEN”) in view of “ Enabling Omron's IPC for Industry 4.0, M2M and IIoT” by  Pujari (“Pujari”).

Referring to claim 1, CHIEN teaches a method of a general-purpose operating system (GPOS) section [ implemented to execute program code under a GPOS ((CHIEN, [¶0019, FIG. 2]” [0019]” In FIG. 2, one embodiment of the computer system 200 may include two operational systems OS1˜OS2 and a hardware platform PF, such as, without limitation, a TrustZone® enabled hardware platform. The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment. The operational system OS2 may include a security request monitor, the system API & library, a secure service management module, and drivers for the security service applications to operate in the trusted environment.”, {i.e., FIG.2 examiner interprets RTOS as OS1, and GPOS as OS2}); and
a real time operating system (RTOS) section implemented to execute
program code adapted to real-time data processing under a RTOS (CHIEN, [¶0019, FIG. 2]” [0019]”In FIG. 2, one embodiment of the computer system 200 may include two operational systems OS1˜OS2 and a hardware platform PF, such as, without limitation, a TrustZone® enabled hardware platform. The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment.”, i.e., interprets RTOS as OS1);
the method comprising: providing by the GPOS section a wrapped application program (WRAP) based on an application program (RAP) including binary code (BC) designed to be executed under the RTOS and a security policy (CHIEN, [¶0019]” The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment”, i.e., examiner interprets the application security application program interface (API) as wrapped application, and any update, download file or application need to be scan as a binary);
validating the wrapped application program according to the
security policy by an RTOS process in the RTOS section for obtaining a validated application program (CHIEN, [¶0013]” at block 102, “scan a system event associated with an installation of an application in the untrusted environment.” Block 102 may be followed by block 104, “acquire an identification data associated with the system event and request a service to authenticate the identification data in the trusted environment. Block 104 may be followed by decision block 106, “is a privilege of the request verified in the trusted environment?” If the privilege of the request is indeed verified, decision block 106 may be followed by block 108, “authenticate the identification data according to a predetermined rule in the trusted environment and acquire a corresponding authentication result”.”);
transferring the binary code of the validated application program and a security element from the RTOS section to a GPOS section (CHIEN, [¶0029]” In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment {i.e., examiner interprets GPOS as OS2 which is part of trusted environment}. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, i.e., examiner interprets the hash value produced by cryptographic hash function such as MD5 message-digest algorithm as the security element (SE));
establishing a secure communications channel between the GPOS section and the RTOS section using the security element (SE) (CHIEN, [¶0004]” The computer system includes a scan stub module configured to detect a system event associated with an installation of an application in the untrusted environment, acquire an identification data associated with the application, and request the installation of the application to be authenticated in the trusted environment.”,{i.e., examiner interprets the request of installation of the application to be authenticated in the trusted environment which is running OS2 (GPOS) as initiation a secure connection to transfer the data to OS2 (GPOS)}, [¶0029] “In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, [¶0023]” The first hardware platform PF1 and the second hardware platform PF2 may be connected to each other via an USB interface/bus”); and
executing the binary code of the validated application program by a GPOS process in the GPOS section (CHIEN, [0031]” For executing block 108, the predetermined rule may be stored in the memory of the trusted environment to avoid being hacked or tampered with. In an embodiment of the present disclosure, the predetermined rule may include various definitions files and a policy file, as depicted in FIG. 4. Each definition file may include features of a specific type of applications, and the policy file may include instructions to allow certain types of applications to be installed or prevent certain types of applications from being installed in the untrusted environment. For example, the definition file #1 may include features for identifying known malicious applications, the definition file #2 may include features for identifying entertainment applications, the definition file #3 may include features for identifying productivity applications, and the policy file #1 may include instructions of blocking malicious/entertainment applications but allowing productivity applications.”, [¶0032]” In block 108, the identification data may be authenticated by the scan service module in the trusted environment according to the predetermined rule”, {i.e., examiner interprets applying the policy and the predetermine rules as verification process for the binary file}, [¶0025]” The operational system OS2 in the computer system 300 may include a security request monitor, a system API & library, a secure service management module, and drivers which are configured to manage the resources of the hardware platform PF2 for executing the security service applications in the trusted environment. An example security service application of the trusted environment may be implemented using software functional modules which may include, without limitation, a scan service module and a rule management module”). 
CHIEN does not explicitly disclose however in the same field of endeavor, Pujari discloses operating an industrial PC (IPC) device for an automation system, the IPC device including (page 8): wherein the RTOS section is communicatively coupled 
with a plurality of field devices in the automation system (page 36). Furthermore, Pujari discloses software security and RTOS and GPOS (page 36).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of CHIEN with the teaching of Pujari by including the feature of an industrial PC (IPC) device for an automation, in order for CHIEN’s system tosupport for traceability applications. With Industry 4.0 
and IIoT taking the center stage in Industrial Automation, Omron wishes to contribute new communication architectures and features which are relevant to Industry 4.0 and IIoT environments using the Sysmac IPC. These features may include but not limited to
support for traceability applications, uniformity of protocols enabling the ease of integration, support for monitoring and logging applications etc (Pujari, page 9).

Referring to claim 2, the combination of CHIEN and Pujari discloses the teaches the method of claim 1, further comprising: transferring application data to and/or from the GPOS section executing the binary code of the validated application program through the secure communications channel (CHIEN, [¶0004]” The computer system includes a scan stub module configured to detect a system event associated with an installation of an application in the untrusted environment, acquire an identification data associated with the application, and request the installation of the application to be authenticated in the trusted environment.”,{i.e., examiner interprets the request of installation of the application to be authenticated in the trusted environment which is running OS2 (GPOS) as initiation a secure connection to transfer the data to trusted environment}, [¶0029] “In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, [¶0023]” The first hardware platform PF1 and the second hardware platform PF2 may be connected to each other via an USB interface/bus”).

Referring to claim 3, the combination of CHIEN and Pujari  discloses the method of claim 1 further comprising: emulating an insecure communications protocol required by the application program designed to be executed under the RTOS within the secure communications channel (CHIEN, [¶0004]” The computer system includes a scan stub module configured to detect a system event associated with an installation of an application in the untrusted environment, acquire an identification data associated with the application”, [¶0021]” The operational system OS1 in the computer system 200 may be configured to manage the resources of the hardware platform PF for executing the generic application and security applications {i.e., generic application is insecure application program} in the untrusted environment. An example security client application of the untrusted environment may be implemented using software functional modules, which may include a scan stub module, an update stub module, and a graphic user interface (GUI) module.” [¶0026]” Referring to FIGS. 1A, 1B, 2, and 3, the security client application in the untrusted environment may be configured to execute one or more of blocks 102, 104, 110, 112, 116, 118, 152, 156 and 162. For example, blocks 102 and 104 may be executed by the scan stub module. Blocks 110, 112, 156 and 162 may be executed by the GUI module. Blocks 116, 118 may be executed by the CPU. Block 152 and 160 may be executed by the update stub module.”).

Referring to claim 4, the combination of CHIEN and Pujari  discloses the method of claim 1the binary code [[(BC)]] designed to be executed under the RTOS (CHIEN, [¶0021]” The operational system OS1 {i.e., OS1 is the RTOS} in the computer system 200 may be configured to manage the resources of the hardware platform PF for executing the generic application and security applications in the untrusted environment. An example security client application of the untrusted environment may be implemented using software functional modules, which may include a scan stub module, an update stub module, and a graphic user interface (GUI) module.”); and 
wrapping the application program [[(RAP)]] thereby applying the security policy to the application program for generating the wrapped application program [[(WRAP)]]. (CHIEN, [¶0031, FIG. 4]” For executing block 108, the predetermined rule may be stored in the memory of the trusted environment to avoid being hacked or tampered with. In an embodiment of the present disclosure, the predetermined rule may include various definitions files and a policy file, as depicted in FIG. 4. Each definition file may include features of a specific type of applications, and the policy file may include instructions to allow certain types of applications to be installed or prevent certain types of applications from being installed in the untrusted environment.”, [¶0036]” In block 152, the computer system 200 or 300 may receive the update file from a remote server. Block 152 may be executed periodically or based on a demand from a user”).

Referring to claim 5, the combination of CHIEN and Pujari discloses the method of claim 1, wherein the security policy includes: encrypting the binary code of the application program, adding a cryptographic signature or certificate to the binary code and/or adding a cryptographic signature or certificate to the encrypted binary code (CHIEN, [¶0029]” In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”)

Referring to claim 8, the combination of CHIEN and Pujari discloses the method of claim 1, wherein the security element is uniquely assigned to the validated application program or to the validated binary code (CHIEN, [¶0004]” The computer system includes a scan stub module configured to detect a system event associated with an installation of an application in the untrusted environment, acquire an identification data associated with the application, and request the installation of the application to be authenticated in the trusted environment.”,{i.e., examiner interprets the request of installation of the application to be authenticated in the trusted environment which is running OS2 (GPOS) as initiation a secure connection to transfer the data to trusted environment}, [¶0029] “In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, [¶0023]” The first hardware platform PF1 and the second hardware platform PF2 may be connected to each other via an USB interface/bus”).

Referring to claim 9, the combination of CHIEN and Pujari discloses the method of claim 1, wherein the security element includes: a security token, a security certificate and/or a cryptographic signature. (CHIEN, [¶0029]” The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”).

Referring to claim 10, the combination of CHIEN and Pujari discloses the method of claim 1, further comprising: attaching a security certificate to the binary code of the validated application program or the validated binary code prior to transferring to the GPOS process (CHIEN, [¶0029]” The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application. “, [¶0013]” Processing for method 100 may begin at block 102, “scan a system event associated with an installation of an application in the untrusted environment.” Block 102 may be followed by block 104, “acquire an identification data associated with the system event and request a service to authenticate the identification data in the trusted environment”. Block 104 may be followed by decision block 106, “is a privilege of the request verified in the trusted environment?” If the privilege of the request is indeed verified, decision block 106 may be followed by block 108, “authenticate the identification data according to a predetermined rule in the trusted environment and acquire a corresponding authentication result”. If the privilege of the request fails to be verified, decision block 106 may be followed by block 110, “display verification failure message.” After block 110, method 100 may loop back to block 102.”, i.e., based on FIG. 1A, acquire an identification data associated with the system event and request a service to authenticate the identification is done before checking the privilege process to decide to deploy the data to GPOS process); and 
granting access to the RTOS section through the secure communications channel as a function of the attached security certificate by the GPOS process executing the binary code of the validated application program or the validated binary code (CHIEN, [¶0029]” The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application”, [¶0030]” In decision block 106, the secure service management module may be configured to verify the privilege of the request in the trusted environment according to the login credential of the computer system 200 or 300 after having detected the system event in the untrusted environment” {i.e., based on the privilege verification, the RTOS may transmit the data }, [¶0032]” In block 108, the identification data may be authenticated by the scan service module in the trusted environment according to the predetermined rule”, i.e., examiner interprets applying the policy and the predetermine rules as verification process for the binary file)”).

Regarding claim 11, the combination of CHIEN and Pujari discloses the method of claim 1, further comprising: providing a plurality of wrapped application programs [[(AP1, AP2, AP3)]] (CHIEN [0031]” the predetermined rule may include various definitions files and a policy file, as depicted in FIG. 4. Each definition file may include features of a specific type of applications, and the policy file may include instructions to allow certain types of applications to be installed or prevent certain types of applications from being installed in the untrusted environment. “), 
wherein each of the plurality of wrapped application programs [[(AP1, AP2, AP3)]] is generated based on a respective application program including respective binary code designed to be executed under the RTOS and a respective security policy assigned to the respective application program (CHIEN [0031]” the predetermined rule may include various definitions files and a policy file, as depicted in FIG. 4. Each definition file may include features of a specific type of applications, and the policy file may include instructions to allow certain types of applications to be installed or prevent certain types of applications from being installed in the untrusted environment. “, [0032]” In block 108, the identification data may be authenticated by the scan service module in the trusted environment according to the predetermined rule. In block 112, the corresponding authentication result may be displayed on the GUI module in the untrusted environment. {i.e., untrusted environment run OS1 (RTOS)}”, [0031]” The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application”; and
validating each of the plurality of wrapped application programs according to the respectively assigned security policy by a respective RTOS process for obtaining a plurality of validated application programs ([¶0032]” In block 108, the identification data may be authenticated by the scan service module in the trusted environment according to the predetermined rule”);
transferring a plurality of binary codes of the plurality of validated application programs from the respective RTOS processes to respective GPOS processes, wherein a respective security element is assigned to each of the plurality of binary codes of the plurality of validated application programs (CHIEN, [¶0029]” [¶0029]” In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment {i.e., trusted environment which is run OS2 (GPOS)}. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, i.e., examiner interprets the hash value produced by cryptographic hash function such as MD5 message-digest algorithm as  the security element (SE)); and
executing the binary codes of the validated application programs by the respective GPOS processes(CHIEN,[¶0030]” In decision block 106, the secure service management module may be configured to verify the privilege of the request in the trusted environment according to the login credential of the computer system 200 or 300 after having detected the system event in the untrusted environment” {i.e., based on the privilege verification, the untrusted environment which is running OS1 (RTOS) may transmit the data }, [0031]” For executing block 108, the predetermined rule may be stored in the memory of the trusted environment to avoid being hacked or tampered with. In an embodiment of the present disclosure, the predetermined rule may include various definitions files and a policy file, as depicted in FIG. 4. Each definition file may include features of a specific type of applications, and the policy file may include instructions to allow certain types of applications to be installed or prevent certain types of applications from being installed in the untrusted environment. For example, the definition file #1 may include features for identifying known malicious applications, the definition file #2 may include features for identifying entertainment applications, the definition file #3 may include features for identifying productivity applications, and the policy file #1 may include instructions of blocking malicious/entertainment applications but allowing productivity applications.”, [¶0032]” In block 108, the identification data may be authenticated by the scan service module in the trusted environment according to the predetermined rule”, i.e., examiner interprets applying the policy and the predetermine rules as verification process for the binary file); 
wherein application data to and/or from the respective GPOS processes executing the respective binary codes of the validated application programs is transferred through the same secure communications channel (CHIEN, [¶0004]” The computer system includes a scan stub module configured to detect a system event associated with an installation of an application in the untrusted environment, acquire an identification data associated with the application, and request the installation of the application to be authenticated in the trusted environment.”,{i.e., examiner interprets the request of installation of the application to be authenticated in the trusted environment (run OS1 (GPOS)) as initiation a secure connection to transfer the data to trusted environment (run OS1 (GPOS))}, [¶0029] “In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, [¶0023]” The first hardware platform PF1 and the second hardware platform PF2 may be connected to each other via an USB interface/bus”). 
Claim 14, is rejected for similar reasons as stated above, and claim 1. 

Referring to claim 15, the combination of CHIEN and Pujari discloses the IPC device of claim 14, implemented to execute a method of claim 1 (CHIEN, [¶0019]” In FIG. 2, one embodiment of the computer system 200 may include two operational systems OS1˜OS2 and a hardware platform PF, such as, without limitation, a TrustZone® enabled hardware platform. The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment. The operational system OS2 may include a security request monitor, the system API & library, a secure service management module, and drivers for the security service applications to operate in the trusted environment. The security API and the security request monitor may be configured to allow the computer system 200 to switch between operating in the untrusted environment and operating in the trusted environment in a time-sliced fashion. In one embodiment, the security API may be utilized, so that the resources in the untrusted environment may be accessed.”).

Referring to claim 16, the combination of CHIEN and Pujari discloses the IPC device of claim 14, wherein the hypervisor section  is implemented to provide a software bus service for exchanging requests, binary code and/or security elements between the GPOS section  and the RTOS section (CHIEN, [¶0019]” In FIG. 2, one embodiment of the computer system 200 may include two operational systems OS1˜OS2 and a hardware platform PF, such as, without limitation, a TrustZone® enabled hardware platform. The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment. The operational system OS2 may include a security request monitor, the system API & library, a secure service management module, and drivers for the security service applications to operate in the trusted environment. The security API and the security request monitor may be configured to allow the computer system 200 to switch between operating in the untrusted environment and operating in the trusted environment in a time-sliced fashion. In one embodiment, the security API may be utilized, so that the resources in the untrusted environment may be accessed. The security request monitor, on the other hand, may be utilized to monitor incoming request commands and/or data from the untrusted environment to the trusted environment.”).

Referring to claim 17, the combination of CHIEN and Pujari discloses the IPC device of claim 1(CHIEN, [¶0019]” In FIG. 2, one embodiment of the computer system 200 may include two operational systems OS1˜OS2 and a hardware platform PF, such as, without limitation, a TrustZone® enabled hardware platform. The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment. The operational system OS2 may include a security request monitor, the system API & library, a secure service management module, and drivers for the security service applications to operate in the trusted environment.”, [¶0020]” The hardware platform PF in the computer system 200 may provide resources that an application utilizes to perform its functions. Such resources may include, without limitation, CPU, I/O device/bus, display device, memory, and other hardware modules. In some embodiments, certain devices in the hardware platform PF may be accessed by applications in both the trusted environment and the untrusted environment “).

Referring to claim 18, the combination of CHIEN and Pujari discloses the IPC device of claim 1(CHIEN, [¶0024]” The operational system OS1 in the computer system 300 may include a security API for accessing security services and a system API & library and drivers which are configured to manage the resources of the hardware platform PF1 for executing the generic application and security applications in the untrusted environment. An example security client application of the untrusted environment may be implemented using software functional modules which may include, without limitation, a scan stub module, an update stub module, and a GUI module.”.).
Referring to claim 19, the combination of CHIEN and Pujari discloses the IPC device of claim 14, -4-Customer No. 31561 Application No.: TBADocket No.: 105713-US-540-PCTwherein the RTOS section includes at least one port for communicatively coupling with field devices in an automation system according to a predetermined communications protocol(CHIEN, [¶0024]”The operational system OS1 may include a security application program interface (API), a system API& library, and drivers for the generic applications and security client applications to operate in the untrusted environment.”, [0021]” The operational system OS1 in the computer system 200 may be configured to manage the resources of the hardware platform PF for executing the generic application and security applications in the untrusted environment. An example security client application of the untrusted environment may be implemented using software functional modules, which may include a scan stub module, an update stub module, and a graphic user interface (GUI) module.” {i.e. Examiner interprets API and GUI input/output  ports}, 

5.3.	Claims 6 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over CHIEN and Pujari as applied to claim above, and in view of US Patent Application No 20180239896 to KATO et al. ("KATO”).

Referring to claim 6 CHIEN teaches the method of claim 1,  wherein the security policy is applied to the binary code  of the wrapped application program -2-Customer No. 31561 Application No.: TBA Docket No.: 105713-US-540-PCTand the method further comprises (CHIEN, [¶0029]” [¶0029]” In block 104, upon detecting such a system event, the scan stub module may be further configured to scan the detected system event, thereby acquiring a corresponding identification data. The scan stub module may then send the identification data to the scan service module and request a service to authenticate the identification data in the trusted environment {i.e., trusted environment runs (OS1 (GPOS))}. The identification data may be meta data, which may include hash identification (a hash value produced by cryptographic hash function such as MD5 message-digest algorithm), partial/full name of the application, size of the application, partial content of the application, writer/publisher signature of the application, or manifest of the application. The identification data also may be the full content of the application.”, i.e., examiner interprets the hash value produced by cryptographic hash function such as MD5 message-digest algorithm as  the security element (SE));
However, CHIEN/ Pujari do not teach explicitly de-wrapping the wrapped application program thereby extracting the binary code of the application program to which the security policy was applied; validating the extracted binary code by the RTOS process according to the security policy for obtaining a validated binary code; and executing the validated binary code by the GPOS process.
Wherein, KATO teaches de-wrapping the wrapped application program thereby extracting the binary code of the application program to which the security policy was applied;  (KATO, [¶0004]” The processing unit is equipped with execution modes (or “execution environments”) including a low security mode (or “low security environment”), typically a non-secure mode, in which access to the protected region is prohibited by the support function {i.e. examiner interpreted accessing to the protected region is prohibited by the support function in low security mode is the restriction or the policy} and a secure mode (or “secure environment”) in which access to the protected region is permitted.”  ;
validating the extracted binary code by the RTOS process according to the security policy for obtaining a validated binary code [¶0048]” The OS  {i.e. examiner interpreted OS is the RTOS} start preparing unit 25 further includes a secure boot unit 50 and an updating unit (secure updating unit) 60. The secure boot unit 50 includes a first authentication unit 51, which authenticates the firmware 14 f of the second OS 41 {i.e. examiner interpreted OS 41 as the binary code}  stored in the secure boot ROM 16 of the protected region using authentication information 15 a stored in the secure key EPROM 15 of the protected region, and a loading unit 52, which loads or develops (with decompressing or extracting) the firmware 14 f of the second OS that has been stored in the secure boot ROM 16 of the protected region and has been authenticated in a boot region 18 s in the non-secure region 18 b that is an unprotected region of the DDR memory 18 to form an instance 14 i for execution purposes.)”; and 
executing the validated binary code by the GPOS process  [¶0012]” The hypervisor {i.e. examiner interpreted hypervisor is the GPOS }  is capable of starting the second OS using firmware of the second OS that has been authenticated using authentication information stored in the protected region that cannot be accessed by (or seen by) the second OS that runs in the low security mode.”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified CHIEN/ Pujari to incorporate the teaching of KATO to utilize the above feature, with the motivation of preventing the firmware of the second OS from being modified by an OS, such as the second OS, that operates in the low security mode, or by applications that run in the low security mode, as recognized by (KATO [¶0012]).

Referring to claim 7, CHIEN teaches the method of claim 1. However, CHIEN/ Pujari do not teach explicitly wherein validating the wrapped application program and/or the extracted binary code includes: authenticating based on a security certificate and/or decrypting using a cryptographic key.
Wherein, KATO teaches wherein validating the wrapped application program and/or the extracted binary code includes: authenticating based on a security certificate and/or decrypting using a cryptographic key (KATO, [¶00048]” The OS start preparing unit 25 further includes a secure boot unit 50 and an updating unit (secure updating unit) 60. The secure boot unit 50 includes a first authentication unit 51, which authenticates the firmware 14 f of the second OS 41 stored in the secure boot ROM 16 of the protected region using authentication information 15 a stored in the secure key EPROM 15 of the protected region, and a loading unit 52, which loads or develops (with decompressing or extracting) the firmware 14 f of the second OS that has been stored in the secure boot ROM 16 of the protected region and has been authenticated in a boot region 18 s in the non-secure region 18 b that is an unprotected region of the DDR memory 18 to form an instance 14 i for execution purposes.”).
Same motivation statement as claim 6

5.4.	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over CHIEN and Pujari as applied to claim above, and in view of US Patent Application No 20020046345 to TAKEUCHI et al. ("TAKEUCHI”).

Regarding claim 12, CHIEN teaches the method of claim 1. However, CHIEN/ Pujari do not teach explicitly wherein the binary code of the application program designed to be executed under the RTOS includes Java code or .NET code.  
Wherein, TAKEUCHI teaches wherein the binary code of the application program designed to be executed under the RTOS includes Java code or .NET code (TAKEUCHI, [¶0058]” A Java virtual machine as a program execution environment that has been developed or distributed by the program certificate authority or a party who requested to the program certificate authority to certify programs is implemented in the user terminal 33. In the user terminal 33 as the Java virtual machine, the application program that is transmitted from the software developer server 31 is executed correctly only when it is certified by the program certificate authority.”, Examiner interpreted the virtual machine as the RTOS).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified CHIEN/ Pujari to incorporate the teaching of TAKEUCHI to utilize the above feature, with the motivation of preventing imitation and falsification of application programs by other parties, as recognized by (TAKEUCHI [¶0006]).

5.5.	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over CHIEN and Pujari as applied to claim above, and in view of US Patent Application No 20120016977 to ROBERTSON et al. ("ROBERTSON”).

Regarding claim 13, CHIEN teaches the method of claim 1.Wherein, ROBERTSON teaches wherein the secure communications channel employs a TLS protocol (ROBERTSON, [¶0030]” At step 50 a network device (e.g., server 12) receives a request for a secure communication session from a client 10 {i.e. examiner interprets client 10 as RTOS}. The server may establish, for example, an SSL/TLS session using conventional SSL/TLS protocol (step 52)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified CHIEN/ Pujari to incorporate the teaching of ROBERTSON to utilize the above feature, with the motivation of providing authentication, data integrity, and confidentiality, as recognized by (ROBERTSON [¶0013]).

5.6.	Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over CHIEN and Pujari as applied to claim above, and in view of US Patent Application No 20060221961 to BASSO et al. ("BASSO”).

Referring to claim 20, CHIEN teaches (New) the IPC device of claim 15, However, CHIEN/ Pujari do not teach explicitly wherein the predetermined communications protocol includes an EtherCAT or EtherNet/IP standard 
Wherein, BASSO teaches wherein the predetermined communications protocol includes an EtherCAT or EtherNet/IP standard (BASSO, [¶0040]” The computer systems 12 can be servers, client machines, or other computer or electronic devices. For example, the server system 10 can communicate with computer systems 12 using a networking protocol such as Ethernet, TCP/IP, and/or other types of protocols.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified CHIEN/ Pujari to incorporate the teaching of BASSO to utilize the above feature, with the motivation supporting network availability through allowing the configurability of network resources of the system, as recognized by (BASSO [¶0019]).

6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
a). US Patent Application No 20060221961 to Ray et al. discloses present disclosure provides a method and system for providing a secure communication between multiple operating systems in a communication device. A primary operating system in the communication device is loaded. An authentication check of one or more secondary operating systems in the communication device is performed through the primary operating system, wherein the one or more secondary operating systems are authenticated based on rule assignation. A secure communication is enables between the one or more secondary operating systems after the authentication.
b).	US Patent Application No 20150271160 to Ponsini et al. discloses a system and method can support device management. An authorization entity can pass one or more secrets that are wrapped with a first key to a communication entity. Furthermore, the communication entity can use a second key to establish a secure channel with an application on a device, and pass the one or more secrets that are wrapped with the first key to the application on the device using the secure channel. Then, the device can use the first key to unwrap the received wrapped secret.

Conclusion

7.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/           Primary Examiner, Art Unit 2497