Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
Amendment filed on 5/19/2025 for patent application 18/204,402 has been acknowledged. Claims 1-2, 4-11, and 13-19 are currently pending and have been considered below. Claims 1 and 10 are independent claims. Claims 1, 8, and 10 have been amended. Claims 3 and 12 have been cancelled. No new claims have been added.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed on 7/21/2023. The application claims the foreign priority of CN202210756239.6 filed on 6/29/2022.
Remarks and Response
Applicant’s arguments filed in amendments on 5/19/2025 have been fully considered but they are not persuasive. The seasons set forth below.
On page 8 of the remarks, filed on 5/19/2025, applicant presents the argument that, “the Examiner has equated the read-only memory with McNeil’s non-volatile memory 210.” Again, on page 9 of the remarks, applicant presents the same argument that, “McNeil’s non-volatile memory 210 is equated with both the (read-only) memory and the storage circuit.” On page 9 of the remarks, the applicant argues that, “McNeil fails to disclose the technical feature “… to read the first characteristic value from the read-only memory and store the first characteristic value in the storage circuit …”
Examiner respectfully disagrees and would like to clarify. On page 6 of the office action, the limitation “read-only memory” of claim 1 is taught by the Park reference, not the McNeil reference. Reproduced below:
read-only (memory); read-only (memory); (Park, ([0060], “The public key storing unit 113 may storea public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM)a flash memory, or the like.”).
On page 7 of the non-final rejection office action, the limitation “a read-only (memory)” of claim 3 (now incorporated into claim 1) is taught by the Park reference, not the McNeil reference. Reproduced below:
a read-only memory (Park, ([0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, anEEPROM)a flash memory, or the like.”)
Therefore, McNeil in view of Park teaches the technical features referenced in the remarks (originally presented as claim 3 and currently incorporated within the amended independent claim 1).
On page 9 of the remarks, filed on 5/19/2025, applicant argues that, “the Examiner’s opinion is … As previously discussed, McNeil is non-volatile memory 210 is equated with the (read-only) memory. However, when McNeil is modified with Park to utilize the read-only memory, the non-volatile memory 210 becomes a read-only memory. As a result, McNeil cannot perform its intended function of storing data, such as the hash or the encrypted public key, …”
Examiner respectfully disagrees and would like to clarify that, the limitation “a/the read-only memory” within claims 1 and 3 are taught by the Park reference, specifically, Park, ¶[0060], “the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, anEEPROM)a flash memory, or the like.”). As originally stated in the office action, while the McNeil reference does not utilize a separate read-only memory, “the public key storing unit 113 may be implemented by an OTP memory, a ROM, …” of the Park reference is brought in to modify and combined with the McNeil reference to “perform the intended function of storing data, such as the hash or the encrypted public key.”
Thus, the 35 USC 103 rejection is maintained and reproduced below with the limitations of claims 3 and 12 incorporated into amended claims 1 and 10.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 4, 5, 7, 9, 10, 11, 13, 14, 16, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over McNeil et al. (US Patent No US 10,776,522 B1, hereinafter, McNeil) in view of Park et al. (US Patent Application Publication No US 2012/0210115 A1, hereinafter, Park).
Regarding amended Claim 1, McNeil discloses: An electronic device (McNeil, Col 5, line 10-28, “In one or more embodiments, IC 150 is a programmable IC. ... IC 150, while including programmable circuitry, may also include one or more hardwired circuit blocks. … In one or more embodiments, the hardwired circuit blocks include authentication circuitry. The authentication circuitry included in IC 150, to be described herein in greater detail, is capable of performing operations including, but not limited to, generating hashes of received data, encrypting data, decrypting data, and/or authenticating data.”)
that accesses (McNeil, Col 5, line 10-11, “In the example of FIG. 1, system 100 is coupled to, or includes, a IC 150.” Col 5, line 26-28, “System 100 is capable of interacting with IC 150 to facilitate one or more of the operations described within this disclosure.”)
an external storage device that stores a plurality of codes (McNeil, col 4, line 1-12, “System 100 may be implemented as a computer or other system or device that is suitable for storing and/or executing program code.” Col 4, line 34-49, “As noted, memory 110 is capable of storing program code. … For purposes of illustration, memory 110 stores an operating system 125, one or more application(s) 130, and a circuit design 135.”)
of the electronic device and a public key (McNeil, col 8, line 36-58, “FIG. 5 illustrates an example of a configuration process. The example configuration process of FIG. 5 may be performed using IC 150. The configuration process involves authenticating configuration data that is provided to IC 150 for purposes of implementing a particular circuit design therein.” “In the example of FIG. 5, encrypted public key 540 and configuration data 525 are provided to IC 150.”), the electronic device comprising:
a memory configured to store a first characteristic value of the public key (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”);
a computing circuit configured to execute the codes (McNeil, col 9, line 63-67, “In response to determining that configuration data 525, e.g., the configuration bitstream contained therein, is authentic, authentication circuit 520 is capable of initiating or allowing configuration of IC 150 using configuration data 525.” Col 11, line 38-40, “In block 740, in response to successfully authenticating the configuration data, the IC is configured using the configuration data.”); and
an encryption and decryption circuit configured to perform a verification procedure on the public key according to the first characteristic value (McNeil, col 8, line 41-44, “In the example of FIG. 5, the authentication circuitry of IC 150 includes non-volatile memory 210, symmetric key 215, comparison circuit 505, access circuit 510, hash circuit 305, decryption circuit 515, and authentication circuit 520.” Col 8, line 59-62, “Authentication circuit 520 is capable of identifying encrypted public key 540 from within configuration data 525, extracting encrypted public key 540 therefrom, and providing encrypted public key 540 to hash circuit 205.” Col 9, line 12-15, “Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.” Col 9, 24-28, “In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210. Comparison circuit 505 is capable of performing a comparison of hash 530 to hash 230, which was stored in non-volatile memory 210 during the registration process.”);
wherein the public key is used to verify the codes (McNeil, Col 8, line 59-62, “Authentication circuit 520 is capable of identifying encrypted public key 540 from within configuration data 525, extracting encrypted public key 540 therefrom, and providing encrypted public key 540 to hash circuit 205.” Col 9, line 12-15, “Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.” Col 9, 24-28, “In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210. Comparison circuit 505 is capable of performing a comparison of hash 530 to hash 230, which was stored in non-volatile memory 210 during the registration process.”), and
the number of bits of the first characteristic value is smaller than the number of bits of the public key (McNeil, col 8, line 1-14, “The hashing described in connection with FIGS. 2, 3, and 4 allows the IC to reduce the size of the key data that is stored in non-volatile memory therein. Often, keys may be 1024, 2048, or 4096 bits in size. Storing a key of this size consumes significant memory resources of the IC. … By creating a hash of the encrypted public key and storing the hash in the non-volatile memory of the IC instead of the encrypted public key itself, significantly less memory of the IC is required. As an illustrative and non-limiting example, a hash of a key of 4096 bits may be 256 bits or 384 bits depending on the particular hashing function that is used.”);
wherein the memory, the computing circuit, and the encryption and decryption circuit are disposed on a first chip (McNeil, Col 5, line 10-28, “In one or more embodiments, IC 150 is a programmable IC. ... IC 150, while including programmable circuitry, may also include one or more hardwired circuit blocks. … In one or more embodiments, the hardwired circuit blocks include authentication circuitry. The authentication circuitry included in IC 150, to be described herein in greater detail, is capable of performing operations including, but not limited to, generating hashes of received data, encrypting data, decrypting data, and/or authenticating data.” Col 6, line 11-20, “IC 150 includes authentication circuitry that is hardwired and, as such, operable without first loading configuration data therein. The authentication circuitry may include a plurality of circuit structures such as an encryption circuit 205, non-volatile memory 210, and symmetric key 215.”), and
the external storage device is disposed on a second chip (McNeil, col 4, line 1-12, “System 100 may be implemented as a computer or other system or device that is suitable for storing and/or executing program code.” Col 4, line 34-49, “As noted, memory 110 is capable of storing program code. … For purposes of illustration, memory 110 stores an operating system 125, one or more application(s) 130, and a circuit design 135.” Col 5, line 10-28, “In the example of FIG. 1, system 100 is coupled to, or includes, a IC 150.”);
wherein the electronic device further comprises a storage circuit (McNeil, col 7, line 29-39, “Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.” Col 9, line 16-30, “comparison circuit 505 reads hash 230 from non-volatile memory 210.”) and
a (memory) control circuit, and the (memory) control circuit is configured to read the first characteristic value from the (memory) (McNeil, col 9, line 16-30, “Comparison circuit 505 is capable of comparing newly generated hashes of data received by IC 150 with a previously stored hash from non-volatile memory 210. Accordingly, comparison circuit 505 compares the hash generated from newly received data with the hash previously stored during the registration process. … In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210.”) and
store the first characteristic value in the storage circuit (McNeil, col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”)
before the computing circuit executes (McNeil, col 11, line 25-37, “For example, in response to the authentication circuit determining that the configuration data is authentic, method 700 continues to block 740. In response to the authentication circuit determining that the configuration data is not authentic, method 700 proceeds to block 745. In block 745, as discussed, the IC is placed in lockdown mode.”)
McNeil doesn’t explicitly teach the following limitation that Park teaches:
read-only (memory); read-only (memory); a read-only memory; the read-only memory; the read-only memory (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”)
boot (codes); boot (codes); boot (codes); the boot codes (Park, ¶[0070], “For example, if an unauthenticated boot image or a boot image of another system is cloned to the external nonvolatile memory device 140a, the system 100a may be prevented from booting using the cloned boot image by verifying the message authentication code included in the cloned boot image.”).
McNeil in view of Park is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “computing and security devices.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify McNeil with Park to implement boot codes and to implement a read-only memory, because If the computing system is booted using an unauthenticated boot image, illegal or malicious software may be executed in the computing system (Park, ¶[0005]).
Regarding Claim 2, McNeil in view of Park teaches: The electronic device of claim 1,
wherein the external storage device further stores a signature that is related to the boot codes, and when the verification procedure is successful, the encryption and decryption circuit uses the public key to decrypt the signature (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”).
Regarding Claim 4, McNeil in view of Park teaches: The electronic device of claim 1,
wherein the encryption and decryption circuit verifies the public key by comparing the first characteristic value with a second characteristic value obtained by performing an operation on the public key (McNeil, col 9, line 7-30, “In one or more other embodiments, encrypted public key 540 may be provided to IC 150 separate from configuration data 525. In one or more embodiments, the authentication process involves hash circuit 305 receiving encrypted public key 540 and generating a hash 530 of encrypted public key 540. Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505. Comparison circuit 505 is capable of comparing newly generated hashes of data received by IC 150 with a previously stored hash from non-volatile memory 210. Accordingly, comparison circuit 505 compares the hash generated from newly received data with the hash previously stored during the registration process.”).
Regarding Claim 5, McNeil in view of Park teaches: The electronic device of claim 4,
wherein the first characteristic value is a first hash value of the public key (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.” Col 9, line 24-30, “comparison circuit 505 reads hash 230 from non-volatile memory 210. … which was stored in non-volatile memory 210 during the registration process.”), and
the second characteristic value is a second hash value of the public key (McNeil, col 9, line 7-15, “In one or more embodiments, the authentication process involves hash circuit 305 receiving encrypted public key 540 and generating a hash 530 of encrypted public key 540. Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.”).
Regarding Claim 7, McNeil in view of Park teaches: The electronic device of claim 1,
wherein the read-only memory is a one-time programmable read-only memory (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”).
Regarding Claim 9, McNeil in view of Park teaches: The electronic device of claim 1, wherein when the verification procedure is unsuccessful, the computing circuit stops executing (McNeil, col 9, line 43-49, “If comparison circuit 505 determines that hash 530 does not match hash 230, comparison circuit 505 is capable of initiating a lockdown mode within IC 150. In the lockdown mode, for example, IC 150 is not configured using configuration data 525.”)
the boot codes (Park, ¶[0070], “For example, if an unauthenticated boot image or a boot image of another system is cloned to the external nonvolatile memory device 140a, the system 100a may be prevented from booting using the cloned boot image by verifying the message authentication code included in the cloned boot image.”).
Regarding Claim 10, McNeil discloses: A method (McNeil, Summary, col 1, line 52 - col 2 line 31, “a method”) of controlling an electronic device, the electronic device (McNeil, Col 5, line 10-28, “In one or more embodiments, IC 150 is a programmable IC. ... IC 150, while including programmable circuitry, may also include one or more hardwired circuit blocks. … In one or more embodiments, the hardwired circuit blocks include authentication circuitry. The authentication circuitry included in IC 150, to be described herein in greater detail, is capable of performing operations including, but not limited to, generating hashes of received data, encrypting data, decrypting data, and/or authenticating data.”)
comprising a memory that stores a first characteristic value of a public key (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”), the method comprising:
reading a plurality of codes of the electronic device (McNeil, col 4, line 1-12, “System 100 may be implemented as a computer or other system or device that is suitable for storing and/or executing program code.” Col 4, line 34-49, “As noted, memory 110 is capable of storing program code. … For purposes of illustration, memory 110 stores an operating system 125, one or more application(s) 130, and a circuit design 135.”) and
the public key (McNeil, col 8, line 36-58, “FIG. 5 illustrates an example of a configuration process. The example configuration process of FIG. 5 may be performed using IC 150. The configuration process involves authenticating configuration data that is provided to IC 150 for purposes of implementing a particular circuit design therein.” “In the example of FIG. 5, encrypted public key 540 and configuration data 525 are provided to IC 150.”)
from an external storage device (McNeil, Col 5, line 10-11, “In the example of FIG. 1, system 100 is coupled to, or includes, a IC 150.” Col 5, line 26-28, “System 100 is capable of interacting with IC 150 to facilitate one or more of the operations described within this disclosure.”);
executing the codes (McNeil, col 9, line 63-67, “In response to determining that configuration data 525, e.g., the configuration bitstream contained therein, is authentic, authentication circuit 520 is capable of initiating or allowing configuration of IC 150 using configuration data 525.” Col 11, line 38-40, “In block 740, in response to successfully authenticating the configuration data, the IC is configured using the configuration data.”); and
performing a verification procedure on the public key according to the first characteristic value (McNeil, col 8, line 41-44, “In the example of FIG. 5, the authentication circuitry of IC 150 includes non-volatile memory 210, symmetric key 215, comparison circuit 505, access circuit 510, hash circuit 305, decryption circuit 515, and authentication circuit 520.” Col 8, line 59-62, “Authentication circuit 520 is capable of identifying encrypted public key 540 from within configuration data 525, extracting encrypted public key 540 therefrom, and providing encrypted public key 540 to hash circuit 205.” Col 9, line 12-15, “Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.” Col 9, 24-28, “In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210. Comparison circuit 505 is capable of performing a comparison of hash 530 to hash 230, which was stored in non-volatile memory 210 during the registration process.”);
wherein the public key is used to verify the codes (McNeil, Col 8, line 59-62, “Authentication circuit 520 is capable of identifying encrypted public key 540 from within configuration data 525, extracting encrypted public key 540 therefrom, and providing encrypted public key 540 to hash circuit 205.” Col 9, line 12-15, “Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.” Col 9, 24-28, “In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210. Comparison circuit 505 is capable of performing a comparison of hash 530 to hash 230, which was stored in non-volatile memory 210 during the registration process.”), and
the number of bits of the first characteristic value is smaller than the number of bits of the public key (McNeil, col 8, line 1-14, “The hashing described in connection with FIGS. 2, 3, and 4 allows the IC to reduce the size of the key data that is stored in non-volatile memory therein. Often, keys may be 1024, 2048, or 4096 bits in size. Storing a key of this size consumes significant memory resources of the IC. … By creating a hash of the encrypted public key and storing the hash in the non-volatile memory of the IC instead of the encrypted public key itself, significantly less memory of the IC is required. As an illustrative and non-limiting example, a hash of a key of 4096 bits may be 256 bits or 384 bits depending on the particular hashing function that is used.”);
wherein the memory is disposed on a first chip (McNeil, Col 5, line 10-28, “In one or more embodiments, IC 150 is a programmable IC. ... IC 150, while including programmable circuitry, may also include one or more hardwired circuit blocks. … In one or more embodiments, the hardwired circuit blocks include authentication circuitry. The authentication circuitry included in IC 150, to be described herein in greater detail, is capable of performing operations including, but not limited to, generating hashes of received data, encrypting data, decrypting data, and/or authenticating data.” Col 6, line 11-20, “IC 150 includes authentication circuitry that is hardwired and, as such, operable without first loading configuration data therein. The authentication circuitry may include a plurality of circuit structures such as an encryption circuit 205, non-volatile memory 210, and symmetric key 215.”), and
the external storage device is disposed on a second chip (McNeil, col 4, line 1-12, “System 100 may be implemented as a computer or other system or device that is suitable for storing and/or executing program code.” Col 4, line 34-49, “As noted, memory 110 is capable of storing program code. … For purposes of illustration, memory 110 stores an operating system 125, one or more application(s) 130, and a circuit design 135.” Col 5, line 10-28, “In the example of FIG. 1, system 100 is coupled to, or includes, a IC 150.”);
wherein the electronic device further comprises a storage circuit (McNeil, col 7, line 29-39, “Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.” Col 9, line 16-30, “comparison circuit 505 reads hash 230 from non-volatile memory 210.”), and the method further comprises following step:
reading the first characteristic value from (McNeil, col 9, line 16-30, “Comparison circuit 505 is capable of comparing newly generated hashes of data received by IC 150 with a previously stored hash from non-volatile memory 210. Accordingly, comparison circuit 505 compares the hash generated from newly received data with the hash previously stored during the registration process. … In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210.”)
storing the first characteristic value in the storage circuit (McNeil, col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”)
before executing (McNeil, col 11, line 25-37, “For example, in response to the authentication circuit determining that the configuration data is authentic, method 700 continues to block 740. In response to the authentication circuit determining that the configuration data is not authentic, method 700 proceeds to block 745. In block 745, as discussed, the IC is placed in lockdown mode.”)
McNeil doesn’t explicitly teach the following limitation that Park teaches:
read-only (memory); read-only (memory); the read-only memory (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”)
boot (codes); boot (codes); boot (codes); the boot codes (Park, ¶[0070], “For example, if an unauthenticated boot image or a boot image of another system is cloned to the external nonvolatile memory device 140a, the system 100a may be prevented from booting using the cloned boot image by verifying the message authentication code included in the cloned boot image.”).
McNeil in view of Park are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “computing and security devices.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify McNeil with Park to implement boot codes and to implement a read-only memory, because If the computing system is booted using an unauthenticated boot image, illegal or malicious software may be executed in the computing system (Park, ¶[0005]).
Regarding Claim 11, McNeil in view of Park teaches: The method of claim 10,
wherein the external storage device stores a signature that is related to the boot codes, the method further comprising: using the public key to decrypt the signature when the verification procedure is successful (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”).
Regarding Claim 13, McNeil in view of Park teaches: The method of claim 10 further comprising:
verifying the public key by comparing the first characteristic value with a second characteristic value obtained by performing an operation on the public key (McNeil, col 9, line 7-30, “In one or more other embodiments, encrypted public key 540 may be provided to IC 150 separate from configuration data 525. In one or more embodiments, the authentication process involves hash circuit 305 receiving encrypted public key 540 and generating a hash 530 of encrypted public key 540. Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505. Comparison circuit 505 is capable of comparing newly generated hashes of data received by IC 150 with a previously stored hash from non-volatile memory 210. Accordingly, comparison circuit 505 compares the hash generated from newly received data with the hash previously stored during the registration process.”).
Regarding Claim 14, McNeil in view of Park teaches: The method of claim 13,
wherein the first characteristic value is a first hash value of the public key (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.” Col 9, line 24-30, “comparison circuit 505 reads hash 230 from non-volatile memory 210. … which was stored in non-volatile memory 210 during the registration process.”), and
the second characteristic value is a second hash value of the public key (McNeil, col 9, line 7-15, “In one or more embodiments, the authentication process involves hash circuit 305 receiving encrypted public key 540 and generating a hash 530 of encrypted public key 540. Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.”).
Regarding Claim 16, McNeil in view of Park teaches: The method of claim 10,
wherein the read-only memory is a one-time programmable read-only memory (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”).
Regarding Claim 18, McNeil in view of Park teaches: The method of claim 10 further comprising: stopping executing the boot codes (Park, ¶[0070], “For example, if an unauthenticated boot image or a boot image of another system is cloned to the external nonvolatile memory device 140a, the system 100a may be prevented from booting using the cloned boot image by verifying the message authentication code included in the cloned boot image.”)
when the verification procedure is unsuccessful (McNeil, col 9, line 43-49, “If comparison circuit 505 determines that hash 530 does not match hash 230, comparison circuit 505 is capable of initiating a lockdown mode within IC 150. In the lockdown mode, for example, IC 150 is not configured using configuration data 525.”).
Regarding Claim 19, McNeil in view of Park teaches: The method of claim 10,
wherein the step of performing the verification procedure on the public key according to the first characteristic value (McNeil, col 8, line 41-44, “In the example of FIG. 5, the authentication circuitry of IC 150 includes non-volatile memory 210, symmetric key 215, comparison circuit 505, access circuit 510, hash circuit 305, decryption circuit 515, and authentication circuit 520.” Col 8, line 59-62, “Authentication circuit 520 is capable of identifying encrypted public key 540 from within configuration data 525, extracting encrypted public key 540 therefrom, and providing encrypted public key 540 to hash circuit 205.” Col 9, line 12-15, “Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.” Col 9, 24-28, “In response to receiving hash 530, comparison circuit 505 reads hash 230 from non-volatile memory 210. Comparison circuit 505 is capable of performing a comparison of hash 530 to hash 230, which was stored in non-volatile memory 210 during the registration process.”) is
executed before a Miniboot boot procedure (Park, ¶[0073], “For example, the initial boot loader 121 may read the public key from the public key storing unit 113, and may check integrity of a first execution image 142a by executing a signature verification algorithm on the read public key, the first execution image 142a and the first digital signature 148a.” ¶[0074] “If the first digital signature 148a is valid (S212: YES), the processor core 111 may execute the first boot loader 141a (S220).”) or
a U-boot boot procedure of the boot codes (Park, ¶[0075] “If the generated message authentication code matches the first message verification code 159a, the first message verification code 159a may be determined as valid (S222: YES), and the first boot load 141a may verify a second digital signature 158a included in the second boot loader 151a using the public key (S223).” ¶[0076] “If the second digital signature 158a is valid (S224: YES), the processor core 111 may execute the second boot loader 151a (S230). The second boot loader 151a may load a kernel 161a into the external volatile memory device 130, and may verify a second message verification code 169a included in the kernel 161a using the unique key (S231).”).
Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over McNeil et al. (US Patent No 10,776,522 B1, hereinafter, McNeil) in view of Park et al. (US Patent Application Publication No US 2012/0210115 A1, hereinafter, Park) and further in view of Brinkmeyer et al. (US Patent No US 5,619,573, hereinafter, Brinkmeyer).
Regarding Claim 6, McNeil in view of Park teaches: The electronic device of claim 4,
wherein the first characteristic value is a first hash value of the public key (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.” Col 9, line 24-30, “comparison circuit 505 reads hash 230 from non-volatile memory 210. … which was stored in non-volatile memory 210 during the registration process.”), and
the second characteristic value is a second hash value of the public key (McNeil, col 9, line 7-15, “In one or more embodiments, the authentication process involves hash circuit 305 receiving encrypted public key 540 and generating a hash 530 of encrypted public key 540. Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.”).
McNeil in view of Park does not explicitly teach the following limitation that Brinkmeyer teaches:
a portion of (a hash value); a portion of (a hash value); (Brinkmeyer, col 10, line 13-20, “If it is intended to save memory space in some of the pieces of equipment, there may be provision for only a portion, e.g., 2 bytes, of the entire desired authentication information (m.sub.i+1) to be stored in the said pieces of equipment and to compare only this portion with the corresponding portion of the hash function value (m') in the comparator block (17).”)
McNeil in view of Park and further in view of Brinkmeyer are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “computing and security devices.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify McNeil in view of Park with Brinkmeyer to implement the first characteristic value is a portion of (a larger value) and the second characteristic value is a portion of (a larger value), because it is intended to save memory space in some of the pieces of equipment (Brinkmeyer, col 10, line 13-20).
Regarding Claim 15, McNeil in view of Park and further in view of Brinkmeyer teaches: The method of claim 13,
wherein the first characteristic value is a first hash value of the public key (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.” Col 9, line 24-30, “comparison circuit 505 reads hash 230 from non-volatile memory 210. … which was stored in non-volatile memory 210 during the registration process.”), and
the second characteristic value is a second hash value of the public key (McNeil, col 9, line 7-15, “In one or more embodiments, the authentication process involves hash circuit 305 receiving encrypted public key 540 and generating a hash 530 of encrypted public key 540. Hash circuit 305, as discussed, is capable of generating a cryptographic hash such as hash 530. Hash circuit 305 provides hash 530 to comparison circuit 505.”).
a portion of; a portion of; (Brinkmeyer, col 10, line 13-20, “If it is intended to save memory space in some of the pieces of equipment, there may be provision for only a portion, e.g., 2 bytes, of the entire desired authentication information (m.sub.i+1) to be stored in the said pieces of equipment and to compare only this portion with the corresponding portion of the hash function value (m') in the comparator block (17).”)
Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over McNeil et al. (US Patent No 10,776,522 B1, hereinafter, McNeil) in view of Park et al. (US Patent Application Publication No US 2012/0210115 A1, hereinafter, Park) and further in view of Deivasigamani (US Patent Application Publication No US 2024/0248709 A1).
Regarding (amended) Claim 8, McNeil in view of Park teaches: The electronic device of claim 7, wherein
the read-only (memory), one-time programmable read-only (memory) (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”)
a memory control circuit is configured to control the memory (McNeil, col 7, line 13-19, “IC 150 is capable of storing hash 230 in non-volatile memory 210 for subsequent use during the configuration process as described in greater detail in connection with FIGS. 5, 6, and 7.” Col 7, line 29-39, “Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”);
wherein the read-only (Park, ¶[0060], “The public key storing unit 113 may store a public key for verifying digital signatures 148a, 158a and 168a. Alternatively, the public key storing unit 113 may store information related to the public key, and the public key may be provided from an external device by using the related information during the boot operation. For example, the public key storing unit 113 may be implemented by an OTP memory, a ROM, a PROM, an EPROM, an EEPROM) a flash memory, or the like.”)
memory control circuit (McNeil, col 7, line 13-19, “IC 150 is capable of storing hash 230 in non-volatile memory 210 for subsequent use during the configuration process as described in greater detail in connection with FIGS. 5, 6, and 7.” Col 7, line 29-39, “Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”),
(a memory block) storing the first characteristic value (McNeil, col 7, line 25-28, “in the example of FIG. 3, the authentication circuitry of IC 150 includes encryption circuit 205, non-volatile memory 210, symmetric key 215, and hash circuit 305.” Col 7, line 29-39, “As shown, encryption circuit 205 generates encrypted public key 225 from unencrypted public key 220. Hash circuit 305 is a hardwired circuit implemented within IC 150 that is capable of generating hashes of received data. Hash circuit 305 outputs hash 230 and stores hash 230 within non-volatile memory 210.”);
McNeil in view of Park does not explicitly teach the following limitation that Deivasigamani teaches:
checks a value of a control bit of the one-time programmable read-only memory before the one-time programmable read-only memory is burned, and the control bit is indicative of whether a memory block can be burned (Deivasigamani, ¶[0029], “As an example, the programmable memory 112 may be a write-once or one-time-programmable (OTP) memory. … As an example, the programmable memory 112 may be associated with a control bit that, once set, locks the programmable memory 112 from further alteration.”).
McNeil in view of Park and further in view of Deivasigamani are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “computing and security devices.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify McNeil in view of Park with Deivasigamani to checks a value of a control bit of the one-time programmable read-only memory before the one-time programmable read-only memory is burned, and the control bit is indicative of whether a memory block can be burned, because the programmable memory 112 may be a write-once or one-time-programmable (OTP) memory and once set, (a control bit) locks the programmable memory 112 from further alteration (Deivasigamani, ¶[0029]).
Regarding Claim 17, McNeil in view of Park and further in view of Deivasigamani teaches: The method of claim 16 further comprising:
checking a value of a control bit of the one-time programmable read-only memory before the one-time programmable read-only memory is burned, wherein the control bit is indicative of whether a memory block storing the first characteristic value can be burned (Deivasigamani, ¶[0029], “As an example, the programmable memory 112 may be a write-once or one-time-programmable (OTP) memory. … As an example, the programmable memory 112 may be associated with a control bit that, once set, locks the programmable memory 112 from further alteration.”).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR W XIE whose telephone number is (703)756-4777. The examiner can normally be reached Monday - Friday, 8:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EDGAR W XIE/Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433