DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-15, are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites “…the secure element having a plurality of decipher keys, each associated with a portion of a plurality of portions of content of a second reprogrammable non-volatile memory area associated with the microcontroller; executing, with the secure element, a signature check on a first portion of the plurality of portions of content of the second area; in response to the signature check verifying the first portion of the content of the second area, sending, by the secure element, the decipher key associated with the first portion to the microcontroller; and in response to the signature check not verifying the first portion of the content of the second area, executing, by the secure element, a signature check of another portion of the plurality of portions of content of the second memory area…”.  There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.

Claim 2 recites “…wherein each portion of the plurality of portions of content of the second memory area stores data…”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.

Claim 3 recites “…wherein the plurality of portions of the second memory area comprises three or more portions…”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.

Claim 12 recites “…wherein in response to an authentic update of a portion of the content of the second area, the signature associated with the portion stored…”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.

Claim 14 recites “…wherein, in response to the signature check not verifying the first portion of the content of the second area…”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.

Claim 15 recites “…wherein the secure element selects the another portion of the content of the second memory area based on an instruction received during a previous implementation of a portion of the content of the second memory area…”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.




Examiner’s note
Claims 3, 15 are not rejected under the prior art(s).

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 4-14, 16-32 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Van Nieuwenhuyze et al (Pub. No. US 2017/0124330).

As per claim 1, Van Nieuwenhuyze discloses a method, comprising: starting a microcontroller of an electronic device with instructions stored in a first secure memory area associated with the microcontroller (…starting the microcontroller with instructions stored in a first memory area…with the microcontroller…see par. 12); starting a secure element of the electronic device (starting the secure element…see par. 13), the secure element having a plurality of decipher keys, each associated with a portion of a plurality of portions of content of a second reprogrammable non-volatile memory area associated with the microcontroller (see par. 44, 56-57); executing, with the secure element, a signature check on a first portion of the plurality of portions of content of the second area (see par. 58); in response to the signature check verifying the first portion of the content of the second area, sending, by the secure element, the decipher key associated with the first portion to the microcontroller (see par. 60); and in response to the signature check not verifying the first portion of the content of the second area, executing, by the secure element, a signature check of another portion of the plurality of portions of content of the second memory area (…checking of the content of area of the non-volatile memory areas containing code to be checked is performed by a signature check by element…if element does not validate the content of area…it forces the microcontroller to be restarted and steps are repeated…(Examiner interprets the repeated steps as checking another portion…) see par. 48, 53).


As per claim 16, Van Nieuwenhuyze discloses an electronic device, comprising: a microcontroller associated with a first secure memory area and a second reprogrammable non-volatile memory area, the second reprogrammable memory area having a plurality of portions (see par. 12-14); and an embedded secure element coupled to the microcontroller, the embedded secure element having a plurality of decipher keys each associated with a respective portion of the plurality of portions of the second reprogrammable memory area, wherein the embedded secure element (see par. 44, 56-57), in operation: executes a signature check on a first portion of the plurality of portions of content of the second area (see par. 58); in response to the signature check verifying the first portion of the content of the second area, sends the decipher key associated with the first portion to the microcontroller (see par. 60); and in response to the signature check not verifying the first portion of the content of the second area, executes a signature check of another portion of the plurality of portions of content of the second memory area (…checking of the content of area of the non-volatile memory areas containing code to be checked is performed by a signature check by element…if element does not validate the content of area…it forces the microcontroller to be restarted and steps are repeated…(Examiner interprets the repeated steps as checking another portion…) see par. 48, 53).


As per claim 24, Van Nieuwenhuyze discloses a system, comprising: a memory; a microcontroller coupled to the memory, the microcontroller having an associated first secure memory area and an associated second reprogrammable non-volatile memory area, the second reprogrammable memory area having a plurality of portions (see par. 12, 37); and an embedded secure element coupled to the microcontroller, the embedded secure element having a plurality of decipher keys each associated with a respective portion of the plurality of portions of the second reprogrammable memory area, wherein the embedded secure element (see par. 44, 56-57), in operation: executes a signature check on a first portion of the plurality of portions of content of the second area (see par. 58); in response to the signature check verifying the first portion of the content of the second area, sends the decipher key associated with the first portion to the microcontroller (see par. 60); and in response to the signature check not verifying the first portion of the content of the second area, executes a signature check of another portion of the plurality of portions of content of the second memory area (…checking of the content of area of the non-volatile memory areas containing code to be checked is performed by a signature check by element…if element does not validate the content of area…it forces the microcontroller to be restarted and steps are repeated…(Examiner interprets the repeated steps as checking another portion…) see par. 48, 53).


As per claim 28, Van Nieuwenhuyze discloses a non-transitory computer-readable medium having contents which cause an electronic device to perform a method, the method comprising: starting a microcontroller of the electronic device (see par.12); starting a secure element of the electronic device (see par. 13), the secure element having a plurality of decipher keys, each associated with a portion of a plurality of portions of content of a reprogrammable non-volatile memory area associated with the microcontroller (see par. 44, 56-57); executing, with the secure element, a signature check on a first portion of the plurality of portions of content of the reprogrammable non-volatile memory area; in response to the signature check verifying the first portion of the content, sending, by the secure element, the decipher key associated with the first portion to the microcontroller (see par. 58-60); and
in response to the signature check not verifying the first portion of the content, executing, by the secure element, a signature check of another portion of the plurality of portions of content (…checking of the content of area of the non-volatile memory areas containing code to be checked is performed by a signature check by element…if element does not validate the content of area…it forces the microcontroller to be restarted and steps are repeated…(Examiner interprets the repeated steps as checking another portion…) see par. 48, 53).


As per claim 2, Van Nieuwenhuyze discloses wherein each portion of the plurality of portions of content of the second memory area stores data and instructions to implement a respective one of a plurality of operating systems (see par. 44-45).


As per claims 4, 18, Van Nieuwenhuyze discloses comprising responding, by the secure element, to a failure of verification of each of the plurality of portions by sending data to the microcontroller (see par. 48).


As per claim 5, Van Nieuwenhuyze discloses wherein the data comprises a dummy decipher key (see generating a key…a random number to cipher the code…see par. 55).


As per claims 6, 19, Van Nieuwenhuyze discloses wherein the data comprises data and instructions to cause the microcontroller to implement an operating system other than one of the plurality of operating systems (see claim language 10-11).


As per claims 7, 20, Van Nieuwenhuyze discloses wherein the operating system other than one of the plurality of operation systems is an operating system to:
restart the microcontroller; initiate a diagnosis of the microcontroller; update one or more of the plurality of operating systems; reset the microcontroller (see claim language 14); or various combinations thereof.


As per claims 8, 21, Van Nieuwenhuyze discloses wherein the microcontroller generates a second key, transmits the second key to the secure element which uses the second key to cipher the transmission of the first key to the microcontroller (see par. 16).


As per claims 9, 22, Van Nieuwenhuyze discloses wherein the transmission of the second key uses a public key asymmetric algorithm (see par. 17).


As per claim 10, Van Nieuwenhuyze discloses wherein an asymmetric cipher key is unique per microcontroller / secure element pair (see par. 18).


As per claim 11, Van Nieuwenhuyze discloses wherein the first key is not stored in the non- volatile memory in the microcontroller (see par. 19).


As per claim 12, Van Nieuwenhuyze discloses wherein in response to an authentic update of a portion of the content of the second area, the signature associated with the portion stored in the secure element is modified (see par. 21).


As per claim 13, Van Nieuwenhuyze discloses wherein the first key is generated by the secure element (see par. 22).


As per claim 14, Van Nieuwenhuyze discloses wherein, in response to the signature check not verifying the first portion of the content of the second area, the secure element selects the another portion of the plurality of portions of content of the second memory area to check (see par. 48, 53).


As per claim 17, Van Nieuwenhuyze discloses wherein, in operation, each portion of the plurality of portions of content of the second non-volatile memory area stores data and instructions to implement a respective one of a plurality of operating systems on the microcontroller (see par. 44-45).


As per claim 23, Van Nieuwenhuyze discloses comprising an intermediate circuit coupled between the microcontroller and the secure element (see par. 28).


As per claim 25, Van Nieuwenhuyze discloses wherein, in operation, each portion of the plurality of portions of content of the second non-volatile memory area stores data and instructions to implement a respective one of a plurality of operating systems on the microcontroller (see par. 44-45).


As per claim 26, Van Nieuwenhuyze discloses wherein the secure element, in operation, responds to a failure of verification of each of the plurality of portions by sending data and instructions to the cause the microcontroller (see par. 48) to implement an operating system other than one of the plurality of operating systems (see claim language 10-11).


As per claim 27, Van Nieuwenhuyze discloses wherein the first secure memory area is integrated into the microcontroller and the second reprogrammable memory area is integrated into the memory (see abstract).


As per claim 29, Van Nieuwenhuyze discloses wherein each portion of the plurality of portions of content stores data and instructions to implement a respective one of a plurality of operating systems (see par. 44-45).


As per claim 30, Van Nieuwenhuyze discloses wherein the method comprises responding, by the secure element, to a failure of verification of each of the plurality of portions by sending data to the microcontroller (see par. 48).


 As per claim 31, Van Nieuwenhuyze discloses wherein the data comprises data and instructions to cause the microcontroller to implement an operating system other than one of the plurality of operating systems (see claim language 10-11).


As per claim 32, Van Nieuwenhuyze discloses wherein the contents comprise instructions stored in a secure memory area associated with the microcontroller (see abstract).




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to electronic circuits and more particularly to devices comprising a processor and an embedded secure element.

Colnot (Pub. No. US 2014/0082373); “Method and System for Securely Updating Firmware in a Computing Device”;
-Teaches the encrypted firmware image is stored in the non-volatile memory of the computing device…the computing device verifies a firmware signature using a public key infrastructure certificate…see par. 49.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499