DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment / Arguments
Regarding claims rejected under 35 USC 112:
Applicant’s amendment is considered to have overcome the applied rejections. As such, the rejections have been withdrawn.
Regarding claims rejected under 35 USC 103:
Applicant’s amendment is considered to have overcome the applied rejections However, upon further consideration, a new ground(s) of rejection is made in view of Vas (US 2011/0314346 A1).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-7, 11, 13-17, 21, 23-25, and 27-29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Horn (US 9,448,738 B2) in view of Hall (US 2006/0080553 A1), Gouge (US 2013/0064370 A1), Gueron (US 2014/0223197 A1), and Vas (US 20110314346 A1).
Regarding claim 1, Horn discloses: An apparatus, comprising:
a processor; and memory comprising instructions that when executed by the processor cause the processor to:
retrieve a first block from storage, the block comprising encrypted data;
Refer to at least FIG. 3 and 502-506 in FIG. 5 of Horn with respect to retrieving, e.g., a storage unit and/or mapping unit. The units have encrypted compressed data and other data, including filler and metadata (see, e.g., Col. 9, Ll. 33-56 of Horn).
decrypt [via decryption algorithm] the encrypted data to produce decrypted compressed data, decrypted compression metadata, and decrypted integrity metadata, the decrypted compression metadata to include an indication of [compression];
Refer to at least 510 in FIG. 5, Col. 7, Ll. 49-Col. 8, Ll. 8, Col. 8, Ll. 24-47, and Col. 11, Ll. 21-44 of Horn with respect to the encrypted units comprising compressed data, compression metadata (e.g., payload type; e.g., Col. 2, Ll. 56-67 of Horn), and error correction and detection code (EDC) information.
verify, based on the decrypted integrity metadata, the decrypted compressed data.
Refer to at least Col. 2, Ll. 56-67 and Col. 10, Ll. 8-43 of Horn with respect to the EDC information and verifying that the proper data has been returned.
decompress, based on the decrypted compression metadata, the decrypted compressed data to produce recreated data.
Refer to at least 512 in FIG. 5, Col. 2, Ll. 56-67, Col. 7, Ll. 4-24, and Col. 11, Ll. 21-44 of Horn with respect to decompressing the compressed data based on the compression metadata and EDC information.
Horn does not disclose: also retrieving a second block from a cache […] and the second block comprising unencrypted data; retrieve encryption metadata from the unencrypted data in the second block; decryption based on the encryption metadata; wherein verification of the decrypted compressed data, based on the decrypted integrity metadata, occurs prior to decompression of the decrypted compressed data; receive address bits comprising uppermost address bits and lower address bits, wherein the uppermost address bits comprise encryption information of a type of encryption, an encryption key, a seed for random number generation, a type of storage process, a routine, or a thread of execution, and the lower address bits comprise information of a storage location address; retrieving the first block at an address indicated by the lower address bits; decryption further based on the uppermost address bits. Further, although Horn discloses using “compressed payload metadata to unpack compressed data unit(s),” it does not explicitly recite: the decrypted compression metadata to include an indication of which type of compression was used to compress the decrypted compressed data of the first block. However, Horn in view of Hall discloses: also retrieving a second block from a cache […] and the second block comprising unencrypted data; retrieve encryption metadata from the unencrypted data in the second block; decryption based on the encryption metadata.
Refer to at least the abstract, [0011], [0024], and [0049] of Hall with respect to retrieving decrypted encryption metadata from a cache for decrypting a block of secure encrypted data.
The teachings of Horn and Hall each concern data storage and encryption / decryption, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Horn to further include an encryption metadata cache for use in decrypting stored secure data blocks for at least the reasons discussed in the cited portions of Hall, as well as in [0005]-[0009] of Hall (i.e., increased decryption speed).
Horn-Hall does not explicitly disclose: the decrypted compression metadata to include an indication of which type of compression was used to compress the decrypted compressed data of the first block; wherein verification of the decrypted compressed data, based on the decrypted integrity metadata, occurs prior to decompression of the decrypted compressed data. Horn-Hall further does not disclose: receive address bits comprising uppermost address bits and lower address bits, wherein the uppermost address bits comprise encryption information of a type of encryption, an encryption key, a seed for random number generation, a type of storage process, a routine, or a thread of execution, and the lower address bits comprise information of a storage location address; retrieving the first block at an address indicated by the lower address bits; decryption further based on the uppermost address bits. However, Horn-Hall in view of Gouge discloses: the decrypted compression metadata to include an indication of which type of compression was used to compress the decrypted compressed data of the first block.
Refer to at least [0033]-[0035] of Gouge with respect to metadata comprising compression information indicating a type of compression (e.g., a compression method).
wherein verification of the decrypted compressed data, based on the decrypted integrity metadata, occurs prior to decompression of the decrypted compressed data.
Refer to at least 610-614 in FIG. 6 and [0078] of Gouge with respect to validation before decompression, as well as performing the validation step in any order relative to decryption and decompression.
The teachings of Horn-Hall and Gouge concern data block compression, encryption, decryption, and decompression, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Horn-Hall to further include an explicit compression type indicator in the metadata for at least the purpose of allowing for compatibility with multiple types of compression (e.g., [0026] of Gouge). It further would have been obvious to perform the validation step in any order relative to decryption and decompression because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (e.g., [0078] of Gouge discussing such substitution of order).
Horn-Hall-Gouge does not disclose: receive address bits comprising uppermost address bits and lower address bits, wherein the uppermost address bits comprise encryption information of a type of encryption, an encryption key, a seed for random number generation, a type of storage process, a routine, or a thread of execution, and the lower address bits comprise information of a storage location address; retrieving the first block at an address indicated by the lower address bits; decryption further based on the uppermost address bits. However, Horn-Hall-Gouge in view of Gueron discloses: receive address bits comprising uppermost address bits and lower address bits;
Refer to at least FIG. 3 and [0069] of Gueron with respect to an extended tweak 300 having most significant bits and least significant bits, and being associated with extended AES-XTS as in [0044] of Gueron.
the lower address bits comprise information of a storage location address; retrieving the first block at an address indicated by the lower address bits; decryption further based on the uppermost address bits.
Refer to at least [0070] of Gueron with respect to a start address of data being found in the least significant bits; with respect to metadata information (counter values) being found in the most significant bits. As per at least the abstract, [0033], and [0044] of Gueron, the MSB/LSB are used as part of an encryption/decryption algorithm (extended AES-XTS) for protecting memory regions.
The teachings of Gueron likewise concern data storage and encryption / decryption for memory protection, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Horn-Hall-Gouge to further implement extended AES-XTS for at least the reasons discussed in [0036] of Gueron (i.e., strengthening against memory attacks such as manipulating encrypted memory images and swapping positions of encrypted blocks). Additionally, the substitution of one known element for another (encryption/decryption algorithm to be used) would have yielded predictable results to one of ordinary skill in the art at the time (encryption/decryption according to the algorithm).
Horn-Hall-Gouge-Gueron does not specify: wherein the uppermost address bits comprise encryption information of a type of encryption, an encryption key, a seed for random number generation, a type of storage process, a routine, or a thread of execution. However, Horn-Hall-Gouge-Gueron in view of Vas discloses: wherein the uppermost address bits comprise encryption information of a type of encryption, an encryption key, a seed for random number generation, a type of storage process, a routine, or a thread of execution.
Refer to at least FIG. 7 and [0110] of Vas with respect to a most significant bit utilized as a data/metadata flag. “For example, a slice name address containing a data/metadata flag equal to zero is mapped to slice names of metadata to be stored in the sparse storage on 24. As another example, a slice name address containing a data/metadata flag equal to one is to slice names of data to be stored in the dense storage 126.”
The teachings of Vas likewise concern data storage solutions utilizing encryption and compression, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Horn-Hall-Gouge-Gueron to further implement utilizing the MSB as a metadata flag for determining a type of storage process because the particular known technique (MSB as a metadata flag) was recognized as part of the ordinary capabilities of one skilled in the art.
Regarding claim 3, it is rejected for substantially the same reasons as claim 2 above (i.e., the citations and rationale).
Regarding claim 4, Horn-Hall-Gouge-Gueron-Vas discloses: The apparatus of claim 3, the measure comprising one or more of a checksum, a hash, and a cryptographic hash.
Refer to at least Col. 7, Ll. 35-48 of Horn with respect to exemplary forms of the EDC information.
Regarding claim 5, Horn-Hall-Gouge-Gueron-Vas discloses: The apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to store the recreated data in the storage based on verification of the recreated data.
Refer to at least FIG. 5 and Col. 11, Ll. 21-44 of Horn with respect to returning data to a host system.
Regarding claims 6-7, they are rejected for substantially the same reasons as claims 1 and 3-4 above (i.e., the citations; the obviousness rationales).
Regarding independent claim 11, it is substantially similar to independent claim 1, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).
Regarding claims 12-17, they are substantially similar to claims 2-7 above, and are therefore likewise rejected.
Regarding independent claim 21, it is substantially similar to independent claim 1, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).
Regarding claims 22-25, they are substantially similar to claims 2-3 and 5-6 above, and are therefore likewise rejected.
Regarding claim 27, Horn-Hall-Gouge-Gueron-Vas discloses: The apparatus of claim 1, wherein the cache comprises a cache line and wherein the second block is stored in the cache line.
Refer to at least [0024] and [0049] of Hall with respect to encryption metadata stored in a cache line.
This claim would have been obvious for substantially the same reasons as claim 1 above.
Regarding claims 28-29, they are substantially similar to claim 27 above, and are therefore likewise rejected.
Claims 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Horn-Hall-Gouge-Gueron-Vas as applied to claims 1, 3-7, 11, 13-17, 21, 23-25, and 27-29 above, and further in view of Official Notice.
Regarding claim 9, Horn-Hall-Gouge-Gueron discloses: The apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to determine the encrypted data in the block includes compressed data based on a compression indicator included in the block.
Refer to at least Col. 7, Ll. 49-Col. 8, Ll. 47 of Horn with respect to a payload type: compressed or uncompressed.
Horn-Hall-Gouge-Gueron-Vas does not specify: the compression indicator comprising a single-bit binary value included in the block. However, the examiner hereby takes official notice that it was well known in the art before the filing date of Applicant’s invention to use flags / indicators comprising a single-bit binary value; to use similar such flags for indicating the presence of compression or encryption (e.g., Col. 6, Ll. 37-39 of Armangau). Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Horn-Hall-Gouge-Gueron-Vas to further include the compression indicator comprising a single-bit binary value included in the block because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time.
Regarding claim 19, it is substantially similar to claim 9 above, and is therefore likewise rejected.
Claim 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Horn-Hall-Gouge-Gueron-Vas as applied to claims 1, 3-7, 11, 13-17, 21, 23-25, and 27-29 above, and further in view of Suga (US 2008/0031446 A1).
Regarding claim 26, Horn-Hall-Gouge-Gueron-Vas does not disclose: wherein the encryption metadata comprising at least an indication of a counter value and wherein the encrypted data is encrypted based on a counter-mode encryption, the memory comprising instructions that when executed by the processor cause the processor to decrypt the encrypted data based on the counter value in the encryption metadata. However, Horn-Hall-Gouge-Gueron-Vas in view of Suga discloses: wherein the encryption metadata comprising at least an indication of a counter value and wherein the encrypted data is encrypted based on a counter-mode encryption, the memory comprising instructions that when executed by the processor cause the processor to decrypt the encrypted data based on the counter value in the encryption metadata.
Refer to at least FIG. 13, [0097], [0102], and [0109] of Suga with respect to a counter value stored with encryption metadata for use in decrypting encrypted data.
The teachings of Horn-Hall-Gouge-Gueron-Vas and Suga concern encryption and compression of data and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Horn-Hall-Gouge-Gueron-Vas to further include a counter as encryption metadata for at least the purpose of increasing security by reducing the ability to utilize old keys maliciously.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432
/V.S/Examiner, Art Unit 2432