DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1 and 4-16 have been examined. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/21/2022 has been entered.

Response to Amendment
Claims 1, 6 and 8 have been amended.
Claims 15 and 16 have been newly added. 
Applicant’s arguments with respect to claims 1 and 8 regarding the new limitations: “detect an operating mode of the hardware security module by detecting a position of a first switch of the hardware security module and providing a control signal in response to the detecting” and “a second switch coupled to the first interface and the second interface, wherein the control signal provided by the secure element directly controls the second switch to activate or deactivate the second interface by coupling or decoupling the second interface from the first interface”, have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over US 20120190300 to August et al (hereinafter August) and prior art of record US 9720700 to Brown et al (hereinafter Brown).
As per claim 1, August teaches:
A hardware security module for usage with manufacturing devices, comprising: 
a by detecting a position of a first switch of the hardware security module and providing a control signal in response to the detecting (August: Fig. 3, [0027]: The example NFC storage device 24 comprises a flash random access memory component (FRAM) 50 capable of storing data, a FRAM interface component 52, a transceiver system 54, a power supply system 56, and a power manager 58. [0028]: The example power manager 58 is programmed to allow the NFC storage device 24 to operate in a low power mode and in an active mode. [0029] When the switch 80 is open, the power manager 58 causes the NFC storage device 24 to operate in the low power mode. In the low power mode, the power manager 58 deactivates the actively powered components of the NFC storage device 24. The NFC storage device 24 cannot transmit or receive data when in the lower power mode. [0030] When the switch 80 is closed, the power manager 58 causes the NFC storage device 24 to operate in the active mode. In the active mode, the power manager 58 activates the power consuming components of the NFC storage device 24 such that the NFC storage device 24 allows data to be written to and read from the FRAM 50 using the transceiver system 54. It is inherent that a control signal is provided to activate or deactivate the components); 
a first interface configured to receive commands for controlling the hardware security module (August: [0035] When the antenna 78 (first interface) captures the RF power signal from the host device 22, the receiver portion of the RFID transceiver 60 is converted to baseband signal and passed to the RFID interface 62 for processing. If the received baseband signal is recognized as a request to transfer stored data, then the stored data is processed into a baseband signal); 
a second interface, wherein the second interface is activated and deactivated in dependence of the operating mode (August: [0029] When the switch 80 is open, the power manager 58 causes the NFC storage device 24 to operate in the low power mode. In the low power mode, the power manager 58 deactivates the actively powered components of the NFC storage device 24. The actively powered components of the NFC storage device 24 include the RFID transceiver 60, the RFID interface 62 (second interface). [0030] When the switch 80 is closed, the power manager 58 causes the NFC storage device 24 to operate in the active mode. In the active mode, the power manager 58 activates the power consuming components of the NFC storage device 24 such that the NFC storage device 24 allows data to be written to and read from the FRAM 50 using the transceiver system 54);
a second switch coupled to the first interface and the second interface, wherein the control signal provided by the secure element directly controls the second switch to activate or deactivate the second interface by coupling or decoupling the second interface from the first interface (August: [0027]: The example transceiver system 54 comprises an RFID transceiver 60, a RFID interface 62 (second interface). claim 2: further comprising a second switch operable in a first state and a second state, wherein: when the second switch is in its first state, the device transceiver module is disconnected from the device antenna; and when the second switch is in its second state, the device transceiver module is connected to the device antenna. Claim 3: the first and second switches are operably connected such that: when the first switch is in its first state, the second switch is in its first state; and when the first switch is in its second state, the second switch is in its second state. It is inherent that the state of the first switch controls the state of the second switch).
August teaches an NFC storage device comprising a power manager that detects the operating mode of the NFC storage device and a second interface for receiving data but does not teach: a hardware security module comprising a secure element; a central processing unit for processing application program code in a secure environment; a second interface configured for receiving configuration data; 
a hardware security module comprising a secure element (Brown: column 5, lines 54-67: The secure storage device 110 includes a memory 232 and a security controller 258. When a security controller 258 has multiple microcontrollers, each microcontroller may perform different functions, and a microcontroller may be implemented with a different level of security protection (e.g., a high, medium, or low security level)); 
a central processing unit for processing application program code in a secure environment (Brown: column 5, lines 54-67: The secure storage device 110 includes a security controller 258. Column 7, lines 38-54: a security controller 258 includes multiple controllers (e.g., two controllers or more than two controllers). When a security controller 258 has multiple microcontrollers, each microcontroller may perform different functions, and a microcontroller may be implemented with a different level of security protection (e.g., a high, medium, or low security level) (secure environment). Column 8, lines 15-56: When a security controller 258 includes multiple microcontrollers and multiple memories, each microcontroller may have its associated local memory(ies). Such local memory(ies) may reside within its corresponding microcontroller. The local memory 240 or a memory(ies) therein may be configured to store instructions and/or data, including parameters, flags, and/or information. From the local memory 240 (or a memory(ies) therein), the security controller 258, a microcontroller(s) within the security controller 258, and/or another component(s) may retrieve instructions to execute and data to process in order to execute the processes of the subject disclosure); 
a second interface configured for receiving configuration data (Brown: column 14, lines 4-23. Column 16, lines 41-63: The security controller 258 (or a microcontroller therein) executes instructions to cause receiving configuration data from the host 120 via the communication bus 130 (second interface) for configuring the secure storage device 110 when the secure storage device 110 is determined to be in the configuration-ready mode).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Brown in the invention of August to include the above limitations. The motivation to do so would be to provide secure configuration of secure storage devices in a configuration-read mode (Brown: column 3, lines 15-18).

As per claim 4, August in view of Brown teaches:
The hardware security module according to claim 1, wherein the secure element is a key controlled switch (Brown: column 5, lines 54-67: The secure storage device 110 may further include a communications module 238, an input device 246. Column 6, lines 18-36: The physical input device 246 (first interface) enables a user to communicate information and select commands to the secure storage device 110. Column 18, lines 27-35: In one or more implementations, when the user presses the button(s) designated to place the device 110 into a configuration-ready mode, this causes the security controller 258 (or a microcontroller therein) to set the indication (e.g., a flag in a memory) to indicate that the secure storage device 110 is in a configuration-ready mode. In one or more aspects, a configuration-ready mode indicates that the secure storage device 110 is allowed to communicate with the host 120 to configure the secure storage device 110, i.e., the command received when the user pushes the button(s) on the input device causes the security controller to switch the security device from a non-configuration mode to configuration-ready mode). 
The examiner provides the same rationale to combine prior arts August and Brown as in claim 1 above.   

As per claim 5, August in view of Brown teaches:
The hardware security module according to claim 1, wherein the secure element is controlled by a command, which is received via the first interface (Brown: column 5, lines 54-67: The secure storage device 110 may further include a communications module 238, an input device 246. Column 6, lines 18-36: The physical input device 246 (first interface) enables a user to communicate information and select commands to the secure storage device 110. Column 18, lines 27-35: In one or more implementations, when the user presses the button(s) designated to place the device 110 into a configuration-ready mode, this causes the security controller 258 (or a microcontroller therein) to set the indication (e.g., a flag in a memory) to indicate that the secure storage device 110 is in a configuration-ready mode. In one or more aspects, a configuration-ready mode indicates that the secure storage device 110 is allowed to communicate with the host 120 to configure the secure storage device 110, i.e., the command received when the user pushes the button(s) on the input device controls the security controller to place the security device from a non-configuration mode to configuration-ready mode). 
The examiner provides the same rationale to combine prior arts August and Brown as in claim 1 above.  

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over August in view of Brown as applied to claim 1 above, and further in view of prior art of record US 20040183671 to Long (hereinafter Long).
As per claim 6, August in view of Brown teaches: 
The hardware security module according to claim 1, wherein the first switch is a mechanical switch (August: [0028]: The example switch 80 takes the form of a normally open single pole/single throw button operated electrical switch).  
August in view of Brown does not teach: located at a position on the hardware security module difficult to access. However, Long teaches:
located at a position on the hardware security module difficult to access Abstract: the key fob communicator includes a single activation button shielded by a button guard. [0039]: In FIG. 2, the button guard 14 is slidably attached to the key fob communicator 1 however the button guard 14 may also be attached to the key fob body 3 in other suitable ways as long as the button guard 14 requires positive user input, e.g., sliding, rotating, pivoting, disengagement, separation, breakage, or the like, before exposing or otherwise enabling the activation button 15 to be actuated. Likewise, button guards in the form of flip covers, destructible covers, removable covers, and other equivalent devices may be used to guard the activation button 15 from accidental activation or damage). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Long in the invention of August in view of Brown to include the above limitations. The motivation to do so would be to prevent damage to the activation button and inadvertent dialing (Long: Abstract).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over August in view of Brown as applied to claim 1 above, and further in view of prior art of record US 20160344704 to Stumpf et al (hereinafter Stumpf).
As per claim 7, August in view of Brown does not teach: wherein the hardware security module comprises a third interface for debugging application program code. However, Stumpf teaches:
wherein the hardware security module comprises a third interface for debugging application program code (Stumpf: [0022]: Also part of hardware security module 40 are interfaces 27 for debugging. [0023] Hardware security module 40 assists with a process for eliminating program errors of hardware security module 40 via a security access 49 with the aid of an appropriate controller 48, which includes reading out all data stored in flash memory 42 and the internal data of hardware security module 40, except for internal AES keys. The debugging interface may be activated only internally by hardware security module 40, after a safeguarded authentication protocol based, for example, on an authentication request, including a challenge and response, between hardware security module 40 and an external debugger has been followed). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Stumpf in the invention of August in view of Brown to include the above limitations. The motivation to do so would be to eliminate program errors of hardware security module (Stumpf: [0023]).

Claims 8-11, 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record US 20140223088 to Hashimoto (hereinafter Hashimoto), Brown and August.
As per claim 8, Hashimoto teaches:
 A method for operating a hardware security module in different modes, comprising a sealed mode and an unsealed mode (Hashimoto: [0081]: The external storage device may be other readable and writable nonvolatile storage device other than the SSD 10 such as a hard disc drive, a hybrid hard disc drive, USB memory, or an SD card. [0084]: The IPL 55 determines whether or not the read only mode shift condition is met based on the read management information, that is, whether or not the SSD 10 is in a state to be used in the normal operation mode or in a state to be used in the read only mode), the method comprising: 
activating a second interface (Hashimoto: [0078] The selection switch 33 exclusively selects either one of the RWIF controller 31 or the ROIF controller 32 and connects the same to the ATA interface 90, and the selection switch 34 exclusively selects either one of the RWIF controller 31 or the ROIF controller 32 and connects the same to the bus 57. In the selection state of the RWIF controller 31, the selection switch 33 causes the ATA interface 90 and the RWIF controller 31 to be in an electrically connected state, and the switch 34 causes the bus 57 and the RWIF controller 31 to be in an electrically connected state);
and 
deactivating the second interface automatically if the sealed mode has been detected, during which commands are received via a first interface (Hashimoto: Fig. 1 and [0082] The RWIF controller 31 has a function of receiving the read request, the write request, and other requests (commands) and data from the host 100, transmitting the received requests and data to the memory controller 50, and transmitting the data to the RAM 40 by the control of the memory controller 50. [0084]: The IPL 55 determines whether or not the read only mode shift condition is met based on the read management information, that is, whether or not the SSD 10 is in a state to be used in the normal operation mode or in a state to be used in the read only mode. If determined as the normal mode, as a result of the determination, the IPL 55 sets the selection switches 33, 34 to select the RWIF controller 31, and causes the ROIF controller 32 to be in a non-selected state), wherein the second interface is deactivated by controlling a switch that decouples the second interface from the first interface (Hashimoto: Fig. 1 and [0078] The selection switch 33 exclusively selects either one of the RWIF controller 31 or the ROIF controller 32 and connects the same to the ATA interface 90, and the selection switch 34 exclusively selects either one of the RWIF controller 31 or the ROIF controller 32 and connects the same to the bus 57. In the selection state of the ROIF controller 32, the selection switch 33 causes the ATA interface 90 and the ROIF controller 32 to be in an electrically connected state, and the switch 34 causes the bus 57 and the ROIF controller 32 to be in an electrically connected state. [0084], [0181]-[0182]).
Hashimoto teaches a storage device but does not explicitly teach a hardware security module and detecting an operating mode of the hardware security module by detecting a position of a first switch of the hardware security module; providing a control signal in response to the detecting. Also, Hashimoto teaches activating a second interface but does not teach: activating a second interface for receiving configuration data if the unsealed mode has been detected. However, Brown teaches:
a hardware security module (Brown: column 5, lines 54-67: The secure storage device 110 includes a memory 232 and a security controller 258. When a security controller 258 has multiple microcontrollers, each microcontroller may perform different functions, and a microcontroller may be implemented with a different level of security protection (e.g., a high, medium, or low security level));
activating a second interface for receiving configuration data if the unsealed mode has been detected (Brown: column 14, lines 4-23. Column 16, lines 41-63: The security controller 258 (or a microcontroller therein) executes instructions to cause receiving configuration data from the host 120 via the communication bus 130 (second interface) for configuring the secure storage device 110 when the secure storage device 110 is determined to be in the configuration-ready mode).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Brown in the invention of Hashimoto to include the above limitations. The motivation to do so would be to provide secure configuration of secure storage devices in a configuration-read mode (Brown: column 3, lines 15-18).
Hashimoto in view of Brown does not teach: detecting an operating mode of the hardware security module by detecting a position of a first switch of the hardware security module; providing a control signal in response to the detecting. However, August teaches:
detecting an operating mode of the hardware security module by detecting a position of a first switch of the hardware security module; providing a control signal in response to the detecting (August: [0029] When the switch 80 is open, the power manager 58 causes the NFC storage device 24 to operate in the low power mode. In the low power mode, the power manager 58 deactivates the actively powered components of the NFC storage device 24. [0030] When the switch 80 is closed, the power manager 58 causes the NFC storage device 24 to operate in the active mode. In the active mode, the power manager 58 activates the power consuming components of the NFC storage device 24. It is inherent that a control signal is provided to activate or deactivate the components in response to detecting the position of switch 80).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of August in the invention of Hashimoto in view of Brown to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int’l Co. v. Teleflex Inc. 550 U.S. ___, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).

As per claim 9, Hashimoto in view of Brown and August teaches:
The method according to claim 8, wherein the configuration data comprises data for configuring the hardware security module and comprises a security image (Brown: column 16, line 63-column 17, line 17: In one or more implementations, the security controller 258 (or a microcontroller therein) is configured to cause initiating, based on the determination that the secure storage device 110 is in the configuration-ready mode, configuration of the secure storage device 110 using the received configuration data. Once decrypted by the security controller 258 (or a microcontroller therein), the security controller 258 (or a microcontroller therein) may begin to load security information (e.g., one or more PINs) and other configuration setting(s) (e.g., auto-lock, self-destruct, lock-override settings) for storage into the secure storage device 110). 
The examiner provides the same rationale to combine prior arts Hashimoto and Brown as in claim 8 above.

As per claim 10, Hashimoto in view of Brown and August teaches:
The method according to claim 8, wherein the second interface is deactivated logically (Hashimoto: [0181]: the IPL 55 reads out the RO mode flag 25 in the management information of the NAND memory 20 (step S170), and discriminates the RO mode flag 25 (step S171). If the RO mode flag 25 is 0 (step S171), the IPL 55 validates the RWIF controller 31 of the interface controller 30 (step S172) to be in the normal mode. [0084]: The IPL 55 determines whether or not the read only mode shift condition is met based on the read management information, that is, whether or not the SSD 10 is in a state to be used in the normal operation mode or in a state to be used in the read only mode. If determined as the normal mode, as a result of the determination, the IPL 55 sets the selection switches 33, 34 to select the RWIF controller 31, and causes the ROIF controller 32 to be in a non-selected state).

As per claim 11, Hashimoto in view of Brown and August teaches:
The method according to claim 8, wherein the second interface is deactivated physically (Brown: Column 32, lines 22-26: Auto-lock feature: In one or more implementations, a secure storage device can automatically lock whenever the device is unplugged from its port (e.g., powered USB port). Column 4, lines 21-32: In one or more implementations, when a secure storage device is locked, an access to the device is prevented. In one or more examples, when a locked secure storage devices (e.g., a locked device in a non-configuration-ready mode) is plugged into a host, the locked device is not visible to the host, and the locked device is not detectable by the host. August: [0029] When the switch 80 is open, the power manager 58 causes the NFC storage device 24 to operate in the low power mode. In the low power mode, the power manager 58 deactivates the actively powered components of the NFC storage device 24. The actively powered components of the NFC storage device 24 include the RFID transceiver 60, the RFID interface 62 (second interface). Claim 1: whereby when the first switch is in its first state, the device memory module and the device transceiver do not consume sufficient power from the power supply to allow the transfer of data between the device memory module and the host memory).
The examiner provides the same rationale to combine prior arts Hashimoto, Brown and August as in claim 8 above.

As per claim 13, Hashimoto in view of Brown and August teaches:
The method according to claim 8, wherein the operating mode is only changed into the unsealed mode by a physical instruction locally on the hardware security module or logically via an unseal-command to be received via the first interface (Brown: column 5, lines 54-67: The secure storage device 110 may further include a communications module 238, an input device 246. Column 6, lines 18-36: The physical input device 246 (first interface) enables a user to communicate information and select commands to the secure storage device 110. For instance, the physical input device 246 may receive a control input from a user to place the secure storage device 110, from a mode that is not configuration-ready, into a configuration-ready mode). 
The examiner provides the same rationale to combine prior arts Hashimoto and Brown as in claim 8 above.

As per claim 14, Hashimoto in view of Brown and August teaches:
The method according to claim 8, wherein the configuration data is deleted automatically in case the sealed mode is changed into the unsealed mode (Brown: column 18, lines 10-26: While the secure storage device 110 operates in a non-configuration-ready mode (e.g., a normal operating mode), if a user desires to place the secure storage device 110 back into a configuration-ready mode (which may be referred to as a user-set configuration-ready mode for this instance), the user can press the button(s) on the physical input device 246 designated to place the device 110 into a configuration-ready mode, and this causes the security controller 258 (or a microcontroller therein) to set the PIN(s) stored in the device 110 to "null" PIN(s). In one or more implementations, when the user presses the button(s) designated to place the device 110 into a configuration-ready mode, this causes the security controller 258 (or a microcontroller therein) to reset the encryption key(s), which are stored in the device 110, to new encryption key(s), which may be viewed as crypto-erasing the device 110 (or the memory 232)).
The examiner provides the same rationale to combine prior arts Hashimoto and Brown as in claim 8 above.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Hashimoto in view of Brown and August as applied to claim 8 above, and further in view of prior art of record US 20070291400 to Chang (hereinafter Chang).
As per claim 12, Hashimoto in view of Brown and August does no teach: wherein the second interface is deactivated in dependence of at least one sensor signal, which is/are detected locally on the hardware security module. However, Chang teaches:
wherein the second interface is deactivated in dependence of at least one sensor signal, which is/are detected locally on the hardware security module (Chang: Fig. 1, [0013]: As shown in the drawing, the storage device 1 with the power-off protective reflex function of the present invention comprises: at least a sensor 10, a processor 20, a media unit 30, and a switch 40 a storage device with a power-off protective reflex function, which comprises a sensor and a switch and can turn off the power of the hard drive after receiving a motion value of the sensor. [0017] The switch 40 is respectively coupled to the processor 20 and the media unit 30 for receiving a control from a control signal to turn on or turn off the power required for accessing the media 30. [0018] As mentioned above, when the device 1 is declined, fallen, dropped or shaken, the sensor 10 can sense an 1D, 2D or 3D motion value of the device 1, and then pass a control signal to the processor 20. Then, the processor 20 controls the switch 40 to turn off the power supplied to the media unit 30). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Chang in the invention of Hashimoto in view of Brown and August to include the above limitations. The motivation to do so would be to resolve the disadvantages of being easily impacted, shaken and scratched for the conventional portable storage device (Chang: [0023]).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Hashimoto and Brown.
As per claim 15, Hashimoto teaches:
A hardware security module for usage with manufacturing devices, comprising: 
a (Hashimoto: [0081]: The external storage device may be other readable and writable nonvolatile storage device other than the SSD 10 such as a hard disc drive, a hybrid hard disc drive, USB memory, or an SD card. [0084]: The IPL 55 determines whether or not the read only mode shift condition is met based on the read management information, that is, whether or not the SSD 10 is in a state to be used in the normal operation mode or in a state to be used in the read only mode); 
a first interface configured to receive commands for controlling the hardware security module (Hashimoto: Fig. 1 and [0082] The RWIF controller 31 has a function of receiving the read request, the write request, and other requests (commands) and data from the host 100, transmitting the received requests and data to the memory controller 50, and transmitting the data to the RAM 40 by the control of the memory controller 50); 
a central processing unit for processing application program code (Hashimoto: [0075] The memory controller 50 has the function thereof realized by a processor for executing a system program (firmware) stored in the NAND memory 20); 
a second interface, wherein the second interface is activated and deactivated in dependence of the operating mode (Hashimoto: [0084]: The IPL 55 determines whether or not the read only mode shift condition is met based on the read management information, that is, whether or not the SSD 10 is in a state to be used in the normal operation mode or in a state to be used in the read only mode. If determined as the normal mode, as a result of the determination, the IPL 55 sets the selection switches 33, 34 to select the RWIF controller 31, and causes the ROIF controller 32 to be in a non-selected state. If determined that the SSD 10 is in a state to be used in the read only mode based on the read management information, the IPL 55 sets the selection switches 33, 34 to select the ROIF controller 32. Also, [0181]-[0182]); and 
a switch coupled to the first interface and the second interface, wherein a control signal is provided by the secure element to directly control the switch to activate or deactivate the second interface by coupling or decoupling the second interface from the first interface (Hashimoto: Fig. 1 and [0078] The selection switch 33 exclusively selects either one of the RWIF controller 31 or the ROIF controller 32 and connects the same to the ATA interface 90, and the selection switch 34 exclusively selects either one of the RWIF controller 31 or the ROIF controller 32 and connects the same to the bus 57. In the selection state of the RWIF controller 31, the selection switch 33 causes the ATA interface 90 and the RWIF controller 31 to be in an electrically connected state, and the switch 34 causes the bus 57 and the RWIF controller 31 to be in an electrically connected state. In the selection state of the ROIF controller 32, the selection switch 33 causes the ATA interface 90 and the ROIF controller 32 to be in an electrically connected state, and the switch 34 causes the bus 57 and the ROIF controller 32 to be in an electrically connected state. [0084], [0181]-[0182]).
Hashimoto teaches a storage device comprising an IPL 55 (initial program loader) that detects an operating mode of the storage device but does not explicitly teach a hardware security module comprising a secure element. Also, Hashimoto teaches a memory controller that executes the system program but does not teach in a secure environment and wherein the secure element is integrated into the central processing unit and detects the operating mode automatically. Finally, Hashimoto teaches a second interface that is activated or deactivated based on the operating mode but does not teach: a second interface configured for receiving configuration data.
a hardware security module comprising a secure element (Brown: column 5, lines 54-67: The secure storage device 110 includes a memory 232 and a security controller 258. When a security controller 258 has multiple microcontrollers, each microcontroller may perform different functions, and a microcontroller may be implemented with a different level of security protection (e.g., a high, medium, or low security level)); 
processing application program code in a secure environment (Brown: column 5, lines 54-67: The secure storage device 110 includes a security controller 258. Column 7, lines 38-54: a security controller 258 includes multiple controllers (e.g., two controllers or more than two controllers). When a security controller 258 has multiple microcontrollers, each microcontroller may perform different functions, and a microcontroller may be implemented with a different level of security protection (e.g., a high, medium, or low security level) (secure environment). Column 8, lines 15-56: When a security controller 258 includes multiple microcontrollers and multiple memories, each microcontroller may have its associated local memory(ies). Such local memory(ies) may reside within its corresponding microcontroller. The local memory 240 or a memory(ies) therein may be configured to store instructions and/or data, including parameters, flags, and/or information. From the local memory 240 (or a memory(ies) therein), the security controller 258, a microcontroller(s) within the security controller 258, and/or another component(s) may retrieve instructions to execute and data to process in order to execute the processes of the subject disclosure), wherein the secure element is integrated into the central processing unit and detects the operating mode automatically (Brown: column 7, lines 38-67: a security controller 258 includes multiple controllers (e.g., two controllers or more than two controllers). A controller may be sometimes referred to as a microcontroller, a multi-core controller, a controller module, a processor, a processor module, a microprocessor, a microprocessor module, or a portion(s) thereof or vice versa. A controller(s) within a security controller 258 may be sometimes referred to as a microcontroller(s). A security controller 258 may be a single integrated circuit (IC) chip (or a single die) or may include multiple IC chips. Multiple controllers within the security controller 258 may be on a single chip. Column 13, lines 13-41: In one aspect of one or more implementations, the security controller 258 (or a microcontroller therein) determines whether the secure storage device 110 is in a configuration-ready mode by reading an indication (e.g., a flag in the device 110) of a mode of operation and determining whether the indication is set to indicate that the secure storage device 110 is in the configuration-ready mode); and 
second interface configured for receiving configuration data (Brown: column 14, lines 4-23. Column 16, lines 41-63: The security controller 258 (or a microcontroller therein) executes instructions to cause receiving configuration data from the host 120 via the communication bus 130 (second interface) for configuring the secure storage device 110 when the secure storage device 110 is determined to be in the configuration-ready mode).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Brown in the invention of Hashimoto to include the above limitations. The motivation to do so would be to provide secure configuration of secure storage devices in a configuration-read mode (Brown: column 3, lines 15-18).

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Hashimoto in view of Brown as applied to claim 15 above, and further in view of Stumpf.
As per claim 16, Hashimoto in view of Brown does not teach: wherein the hardware security module comprises a third interface for debugging application program code. However, Stumpf teaches:
wherein the hardware security module comprises a third interface for debugging application program code (Stumpf: [0022]: Also part of hardware security module 40 are interfaces 27 for debugging. [0023] Hardware security module 40 assists with a process for eliminating program errors of hardware security module 40 via a security access 49 with the aid of an appropriate controller 48, which includes reading out all data stored in flash memory 42 and the internal data of hardware security module 40, except for internal AES keys. The debugging interface may be activated only internally by hardware security module 40, after a safeguarded authentication protocol based, for example, on an authentication request, including a challenge and response, between hardware security module 40 and an external debugger has been followed). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Stumpf in the invention of Hashimoto in view of Brown to include the above limitations. The motivation to do so would be to eliminate program errors of hardware security module (Stumpf: [0023]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438