DETAILED ACTION
This communication is responsive to the application, filed September 14, 2021.  Claims 1-20 are pending in this application.

Examined under the first inventor to file provisions of the AIA 
The present application was filed on November 26, 2018 which is on or after March 16, 2013, and thus is being examined under the first inventor to file provisions of the AIA . 

Claim Objections
Claims 6, 7, 13, 14, 16, and 20 are objected to because of the following informalities:  claims 6, 7, 13, 14, and 20 recite “the first and second VSMs”.  The claims should recite “the first VSM and the second VSM”.  Claims 16 and 20 recite “the operation of”.  Claims 16 and 20 should recite “an operation of” or “operation of”.  Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-7 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-7 of U.S. Patent No. 11,151,007 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-7 of U.S. Patent No. ‘007 discloses similar claim subject matter and are obvious variants of claims 1-7 of the instant application.
Claims 8-14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 8-10 of U.S. Patent No. 11,151,007 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 8-10 of U.S. Patent No. ‘007 discloses similar claim subject matter and are obvious variants of claims 8-14 of the instant application.
Claims 15-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 11-17 of U.S. Patent No. 11,151,007 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 11-17 of U.S. Patent No. ‘007 discloses similar claim subject matter and are obvious variants of claims 15-20 of the instant application.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 8-10, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Meyer (US 2015/0074422 A1) in view of Baker (US 2018/0299509 A1) and further in view of Brumley (US 2015/0350171 A1).

As per claim 1:   An electronic control unit (ECU) with technology for detecting and tolerating faults, the ECU comprising:
a processing core;
Meyer disclose [Fig. 1; 0020] a processing circuit configured to perform data processing.
nonvolatile storage in communication with the processing core; 
Meyer discloses [0017] monitoring data stored in a non-volatile memory in communication with the processing circuit.
a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine in communication with the processing core, wherein the fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs) to verify digital signatures;
Meyer discloses [0016-0017, 0068] elliptic curve parameters for an cryptographic algorithm.  The states of a computation may be modeled by means of finite state machines.  The control flow will monitor if the finite state machine goes through the correct sequence of states.  The detection of an error is detected by checking of redundant information in the stored data, either through error detecting/correcting codes or about the relations between results.
a known-answer built-in self-test unit (KA-BISTU) in communication with the fault-tolerant ECDSA engine; and
fault-tolerant ECDSA engine (FTEE) management software in the nonvolatile storage, wherein the FTEE management software, when executed by the processing core, is to: 
utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults;
Meyer discloses [0017, 0068] error detection and error correction [fault tolerance] on data that is stored in the non-volatile memory, but fails to explicitly disclose a built-in self-test unit periodically testing the engine for faults.  Baker discloses a similar system, which further teaches [0011] a built-in self-test (BIST) component in a circuit that may be enabled to monitor periodically.  If the output value does not match after performing the BIST, then the circuit may be considered to have a defect and an alert or other such notification may be provided to indicate a failure.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teachings of Meyer with that of Baker.  One would have been motivated to periodically test the engine for faults because it can generate an alert notifying that the engine is defective or compromised [Baker; 0011].
a signing state machine (SSM) in communication with the processing core;
utilize the SSM to generate a digital signature; and
in response to generation of the digital signature by the SSM, automatically utilize the VSMs to verify that the SSM generated the digital signature properly.
Meyer and Baker disclose utilizing the VSMs, but fails to explicitly disclose utilizing the VSMs to verify that the SSM generated digital signature properly.  Brumley discloses a similar system, which further teaches [0047] the processing circuits hardware could be of various forms, such as state machines.  The processing circuit can perform digital signature generation, signing and verification.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teachings of Meyer and Baker with that of Brumley.  One would have been motivated to verify that the digital signature generated properly because it allows to process messages from verified sources [Brumley; 0037].

As per claim 2:  An ECU according to claim 1, further comprising:
a finite field (FF) arithmetic logic unit (ALU) in the fault-tolerant ECDSA engine; and 
an FF ALU self-test unit in the KA-BISTU; and
wherein the FTEE management software, when executed by the processing core, is to utilize the FF ALU self-test unit to periodically test the FF ALU for faults.
Meyer discloses [0016-0017, 0068] elliptic curve parameters for an cryptographic algorithm.  The states of a computation may be modeled by means of finite state machines.  The control flow will monitor if the finite state machine goes through the correct sequence of states.  The detection of an error is detected by checking of redundant information in the stored data, either through error detecting/correcting codes or about the relations between results.
Meyer discloses [0017, 0068] error detection and error correction [fault tolerance] on data that is stored in the non-volatile memory, but fails to explicitly disclose a built-in self-test unit periodically testing the engine for faults.  Baker discloses a similar system, which further teaches [0011] a built-in self-test (BIST) component in a circuit that may be enabled to monitor periodically.  If the output value does not match after performing the BIST, then the circuit may be considered to have a defect and an alert or other such notification may be provided to indicate a failure.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teachings of Meyer with that of Baker.  One would have been motivated to periodically test the engine for faults because it can generate an alert notifying that the engine is defective or compromised [Baker; 0011].

As per claim 3:  An ECU according to claim 2, wherein the ECU comprises only one FF ALU.
Meyer discloses [Fig. 3; 0057] the electronic circuit includes an ALU with an accumulator with a length of n-bit.

As per claims 8-10:  Although claims 8-10 are directed towards a system claim, they rejected under the same rationale as the apparatus claims 1-3 above.

As per claims 15 and 16:  Although claims 15 and 16 are directed towards a method claim, they are rejected under the same rationale as the apparatus claims 1-3 above.

Allowable Subject Matter
Claims 4-7, 11-14, and 17-20 are objected to as being dependent upon a rejected base claim, but would be allowable if they overcome the Double Patenting rejection above and are rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The following prior art made of record and not relied upon is cited to establish the level of skill in the applicant’s art and those arts considered reasonably pertinent to applicant’s disclosure. See MPEP 707.05(c).
·         US 20100037069 A1 – Deierling discloses a system that provides a cryptographic unit which can include a finite state machine and elliptic curve parameters used in cryptographic operations.   
·         US 20190281028 A1 – Gillan discloses method for authenticating access in a decentralized manner to a secure resource over a communication network using a distributed transaction based state machine.   

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JIGAR P PATEL whose telephone number is (571)270-5067.  The examiner can normally be reached on Monday to Friday 10AM-6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matt Kim, can be reached on 571-272-4182.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JIGAR P PATEL/Primary Examiner, Art Unit 2114