DETAILED ACTION
Response to Arguments
Applicant's amendments and arguments ("REMARKS") filed 15 January 2026 have been fully considered, and they are partially persuasive as to the previous grounds of rejection.
Claims 1, 3-5, and 10-13 were amended. Claims 1 and 12 are independent. Claims 1-15 are currently pending.
Re: Claim Rejections Under 35 U.S.C. §112
The rejection to claims 1-15 under 35 U.S.C. §112(b) has been withdrawn in view of the amendments indicated on pp.8-9 of the REMARKS.
Re: Claim Rejections Under 35 U.S.C. §103
Applicant’s amendment and arguments, indicated on pp.9-14 of the REMARKS, in response to the rejection of the claims under 35 U.S.C. §103 with respect to Mody et al., US 2020/0293859 A1 (hereinafter, “Mody ‘859”) and Heaton et al., US 10,956,584 B1 (hereinafter, “Heaton ‘584”) have been fully considered, and they are not persuasive as to the previous grounds of rejection. In particular, with respect to the independent claims, Applicant argues that:
Mody ‘859 and Heaton ‘584 does not disclose the limitations “… a cryptographic processing front-end processor configured to receive the encrypted input data from the first type memory … and store the decrypted input data in a second type memory; the second type memory configured to provide a buffer for storing the decrypted input data received from the cryptographic processing front-end processor and the non-encrypted output data; and a processor configured to access the decrypted input data stored in the second type memory, and perform a neural network computation based on the accessed decrypted input data to generate the non- encrypted output data”, as amended in the independent claims.
Heaton ‘584’s unencrypted data is generated internally by the training module and not received from external memory.
Mody ‘859 does not teach a two-memory architecture.
In response to Argument A
The Examiner respectfully disagrees with Argument A.
Applicant argues that Mody ‘859’s internal memory 206 is described as storing encrypted weights (Mody ‘859, ¶36) and that Mody ‘859 does not teach that internal memory 206 functions as a “buffer for storing the decrypted input data” that a processor subsequently accesses for neural network computations, as amended in the independent claims. Applicant further argues that Mody ‘859 emphasizes ‘on-the-fly decryption’ (Mody ‘859, ¶32) where decryption occurs during data transmission rather than storing decrypted data in an internal buffer.
Applicant’s characterization of Mody ‘859 is based on a selective reading of the reference. While Mody ‘859 does describe ‘on-the-fly decryption’ in certain implementations (Mody ‘859, ¶¶32, 45-46), this is not the only mode of operation disclosed. Mody ‘859 explicitly discloses storing decrypted data at internal memory 206. For example, Mody ‘859 at ¶25 states: ‘Storing of the decrypted weights and input, and the encrypted output may be stored at the internal memory 206’. Similarly, ¶42 states: ‘[T]he decrypted input layer 308, decrypted weights 312, and the encrypted outputs 314 may be stored at the internal memory 206’. As indicated in the above paragraphs, the internal memory 206 of Mody ‘859 does not function only as storage for encrypted weights, as argued by the Applicant. Applicant relies on ¶36 of Mody ‘859 as support for their argument. ¶36 of Mody ‘859 states that the internal memory 206 ‘maybe configured to store CNN weights that are used at the secure IP BLOCK’ and that ‘the stored CNN weights may include encrypted weights’. The use of ‘may’ and ‘may include’ indicates non-exclusive language that does not establish that internal memory 206 stores only encrypted weights to the exclusion of decrypted data (emphasis added).
Moreover, the rejection does not rely on Mody ‘859 alone for this limitation. The rejection relies on the combination of Mody ‘859 and Heaton ‘584. Heaton ‘584 explicitly discloses state buffer 502 storing data in unencrypted form after decryption by encryption/decryption engine 540 (see Heaton ‘584, FIG.5B). Applicant’s arguments directed to the alleged individual shortcomings of Mody ‘859 in isolation do not address the combined teachings of the references. See In re Keller, 642 F.2d 413, 426 (CCPA 1981) (‘[O]ne cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references’).
Next, Applicant argues that for inference operations under Heaton ‘584’s FIG.5A architecture, state buffer 502 stores encrypted data, with decryption occurring only when data moves from the state buffer to computing engine 504. Applicant further argues that during training operations, any unencrypted data in the state buffer is generated internally by the training module and not received from external memory. On the basis of these two scenarios, Applicant concludes that neither Heaton ‘584’s inference architecture nor Heaton ‘584’s training architecture discloses the claimed data flow of receiving “encrypted input data from the first type memory”, decrypting the encrypted data via a “cryptographic processing front-end processor”, and then storing the decrypted data “in a second type memory” for subsequent access by a processor.
This argument is not persuasive because it is premised on an incomplete analysis of Heaton ‘584 that considers only two configurations (the FIG.5A trust boundary and the training scenario) while omitting the FIG.5B architecture, which is the embodiment the Examiner relies upon in the rejection (emphasis added).
The FIG.5B trust boundary configuration is specifically described at Col.17 line 66-Col.18 line 14. Under this FIG.5B configuration, the data flow maps directly to the amended claim limitations as follows: (1) Memory device 514 (“first type memory”, DRAM) stores encrypted data outside the trust boundary and transmits the encrypted input data; (2) Encryption/decryption engine 540 (“cryptographic processing front-end processor”) receives the encrypted data from memory device 514 via DMA engine 512 and decrypts the data; (3) The decrypted data is provided to and stored at state buffer 502 (“second type memory”, SRAM) in unencrypted form within the trust boundary; and (4) Computing engine 504 (“processor”) accesses the decrypted data from state buffer 502 to perform neural network computations.
The above FIG.5B is the embodiment the Examiner relied upon in the Non-Final Rejection (see Heaton ‘584, Col.14 lines 15-45, Col.17 line 41-Col.18 line 14; Fig.5B), and it discloses the three-step data flow recited in the amended claims. The same analysis applies to independent claim 12, which recites substantially similar amended limitations.
See Claim Rejections – 35 USC §103 below for further details.
In response to Argument B
The Examiner respectfully disagrees with Argument B.
Applicant argues that while Heaton ‘584 discloses that during training operations, the training module 536 may store temporary weights data at state buffer 502 in unencrypted form, this unencrypted data is generated internally by the training module and not received from external memory. Applicant argues that the training data flow allegedly bypasses the decryption engine.
This argument is moot because the rejection does not rely on Heaton ‘584’s training architecture to disclose claim limitations. As discussed in In response to Argument A above, the rejection relies on the FIG.5B configuration and processing architecture, where encryption/decryption engine 540 decrypts encrypted data received from memory device 514 and provides the decrypted data to state buffer 502 (emphasis added). Applicant’s argument regarding the training scenario does not address the actual basis of the rejection.
See Claim Rejections – 35 USC §103 below for further details.
In response to Argument C
The Examiner respectfully disagrees with Argument C.
Applicant argues that Mody ‘859 does not explicitly disclose a first type memory configured to receive encrypted output data, and argues that Mody ‘859 does not teach a two-memory architecture where a first type memory transmits encrypted input data and receives encrypted output data and a second type memory stores decrypted data.
Heaton ‘584’s memory device 514 is configured to both transmit encrypted input data 518 and receive encrypted output data 522 (Heaton ‘584, Col.14 line 46-Col. 15 line 10; Fig.5B). The two-memory architecture is taught by the combination of Mody ‘859 and Heaton ‘584, not by Mody ‘859 alone. The Examiner acknowledged in the Non-Final Rejection that Mody ‘859 does not explicitly disclose certain limitations. Applicant’s argument that Mody ‘859 alone does not teach this architecture does not undermine the rejection, which is based on the combined teachings. See In re Keller, 642 F.2d 413, 426 (CCPA 1981).
See Claim Rejections – 35 USC §103 below for further details.
Thus, for the reasons stated above, the rejection of the independent claims under 35 U.S.C. 103 as being unpatentable over Mody ‘859 in view of Heaton ‘584 is maintained. With regards to the dependent claims, Applicant has not presented any separate arguments directed to the specific additional limitations recited in any of the dependent claims. The dependent claims are rejected for at least the same reasons as the corresponding independent claims. Accordingly, the rejections of the dependent claims are maintained.
See Claim Rejections – 35 USC §103 below for further details.
Priority
Acknowledgment is made of Applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). This application claims the foreign priority of foreign patent application KR10-2023-0058605, filed 04 May 2023. Receipt is acknowledged of certified copies required by 37 CFR 1.55.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 21 January 2026 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Specification
The Substitute Specification filed 15 January 2026 has been received and entered. The Substitute Specification is proper and conforms to 37 CFR 1.125(b) and (c).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-5, 8-13, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Mody et al., US 2020/0293859 A1 (hereinafter, “Mody ‘859”) in view of Heaton et al., US 10,956,584 B1 (hereinafter, “Heaton ‘584”).
As per claim 1: Mody ‘859 discloses:
An artificial intelligence (Al) device based on a trust environment (a system for performing convolution neural network (CNN) based signal processing, where the system comprises a secure silicon-on-chip 104 (SoC) device 104 and external memories 208, 210 [Mody ‘859, ¶¶16-18, 21-22; Figs.1-2]), the Al device comprising: a first type memory configured to transmit encrypted (external memories 208, 210 configured to transmit encrypted CNN weights, encrypted CNN filters, and encrypted keys [Mody ‘859, ¶¶21-23, 43-44])
a trust Al processing unit configured to (a secure SoC device 104 comprising a convolutional neural network hardware (CNN HW) engine 200 for performing CNN computation of encrypted input feature data and output feature data [Mody ‘859, ¶¶21-23, 26, 43; Fig.2, Fig.4]), wherein the trust Al processing unit includes:
a cryptographic processing front-end processor configured to (the secure intellectual property (IP) block 202 configured to generate decrypted input feature data through the decryption of encrypted input feature data [Mody ‘859, ¶¶18, 32, 43-45; Fig.4]) perform encryption of non-encrypted output data to generate the encrypted output data (the secure IP block 202 configured to encrypt non-encrypted output feature data to generate encrypted output feature data [Mody ‘859, ¶¶18, 23, 32, 43, 45; Fig.4]), and
the second type memory configured to provide a buffer for storing the decrypted input data (the internal memory 206 configured to act as an intermediary storage for decrypted input feature data, decrypted weights, decrypted filters, and output feature data [Mody ‘859, ¶¶21, 25, 42; Fig.2, Fig.4]); and
a processor configured to (a CNN HW core 410 configured to perform a computation based on the decrypted input feature data to generate non-encrypted output feature data [Mody ‘859, ¶¶46, 51, 56-57, 67-68; Fig.4]).
As stated above, Mody ‘859 does not explicitly disclose the limitation “… a first type memory configured to transmit encrypted input data and receive encrypted output data … a trust Al processing unit configured to operate in a trust space … a cryptographic processing front-end processor configured to receive the encrypted input data from the first type memory … store the decrypted input data in a second type memory; the second type memory configured to provide a buffer for storing the decrypted input data received from the cryptographic processing front-end processor … a processor configured to access the decrypted input data stored in the second type memory, and perform a neural network computation based on the accessed decrypted input data …”.
Heaton ‘584, however, discloses:
… a first type memory configured to transmit encrypted input data and receive encrypted output data (memory device 514 configured to transmit encrypted input data 518 and receive encrypted output data 522 [Heaton ‘584, Col.14 line 46-Col.15 line 10; Fig.5B]) … a trust Al processing unit configured to operate in a trust space (establishing a trust boundary, where the trust boundary includes computing engine 504 for performing convolutional neural network operations [Heaton ‘584, Col.14 lines 15-45, Col.17 line 41-Col.18 line 14; Fig.5B])
… a cryptographic processing front-end processor configured to receive the encrypted input data from the first type memory (encryption/decryption engine 540, included in DMA engine 512 or between DMA engine 512 and state buffer 502, configured to receive encrypted input data 518 from memory device 514 [Heaton ‘584, Col.17 line 66-Col.18 line 14; Fig.5B])
… store the decrypted input data in a second type memory (encryption/decryption engine 540 configured to provide decrypted input data to state buffer 502, where state buffer 502 stores the data in unencrypted form within the trust boundary [Heaton ‘584, Col.17 line 66-Col.18 line 14; Fig.5B]);
the second type memory configured to provide a buffer for storing the decrypted input data received from the cryptographic processing front-end processor (state buffer 502 configured to store decrypted data received from encryption/decryption engine 540, where state buffer 502 provides caching of data used for computations at computing engine 504 [Heaton ‘584, Col.14 lines 15-45, Col.17 line 56-Col.18 line 14; Fig.5B])
… a processor configured to access the decrypted input data stored in the second type memory, and perform a neural network computation based on the accessed decrypted input data (computing engine 504 configured to access decrypted input data and weights data stored at state buffer 502 and perform neural network computations based on the accessed data [Heaton ‘584, Heaton ‘584, Col.14 lines 15-45; Fig.5B])
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584, namely to implement the external memory 210 and internal memory 206 of Mody ‘859 as the memory device 514 and state buffer 502 of Heaton ‘584, respectively, where the external memory of Mody ‘859 only stores encrypted input/output data, while the internal memory (implemented as the state buffer) of Mody ‘859 only stores non-encrypted input/output data ; and to implement the secure IP block 202 of Mody ‘859 to include the encryption/decryption engine 540 of Heaton ‘584, configured to receive encrypted data from the external memory device, decrypt the data, and provide the decrypted data to the state buffer for storage in unencrypted form, where the computing engine accesses the decrypted data from the state buffer to perform neural network computations. A motivation for doing so would be to enhance security and reduce the likelihood that an unauthorized user can intercept and gain access to the data associated with the memory device 514, as well as using a state buffer to reduce the effect of memory access bottleneck on the performance of computing engine accessing non-encrypted data (see Heaton ‘584, Col.14 lines 15-45, Col.15 line 47-Col.16 line 17, Col.17 line 66-Col.18 line 14).
As per claim 2: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the cryptographic processing front-end processor is configured to receive an encryption input activation and an encryption filter, as the encrypted input data (the secure intellectual property (IP) block 202 configured to receive encrypted input feature data and encrypted weights (i.e., encrypted activation) and encrypted filters, where the encrypted weights/filters are received from the external memories 208, 210 [Mody ‘859, ¶¶18, 22-23, 32, 43-45; Fig.4]), (the internal memory 206 configured to act as an intermediary storage for decrypted input feature data, decrypted weights, and decrypted filters, and output feature data [Mody ‘859, ¶¶18, 21-22, 25, 42; Fig.2, Fig.4]).
As stated above, Mody ‘859 does not explicitly disclose the limitation “… receive … encrypted input data, from the first type memory …”.
Heaton ‘584, however, discloses:
… receive … encrypted input data, from the first type memory (memory device 514 configured to transmit encrypted input data 518 and encrypted weights data [Heaton ‘584, Col.14 line 46-Col.15 line 10; Fig.5B]) …
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As per claim 3: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Mody ‘859 does not explicitly disclose the limitations of claim 3. Heaton ‘584, however, discloses:
wherein the cryptographic processing front-end processor is configured to receive an on-demand request by the processor during the Al computation (the encryption/decryption engine 540 within direct memory access (DMA) engine 512 is configured to receive requests by the computing engine 504 for performing NN computations [Heaton ‘584, Col.3 lines 23-36, Col.14 lines 15-45, Col.15 lines 25-46, Col.19 line 58-Col.20 line 17; Fig.5B]) and access the first type memory to import the encrypted input data (accessing memory device 514 to import encrypted input data 518 [Heaton ‘584, Col.14 line 46-Col.15 line 10; Fig.5B]).
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584, namely to implement the CNN HW core of Mody ‘859 such that it may issue requests to the secure IP engine for accessing data within the external memory, as disclosed in Heaton ‘584. A motivation for doing so would be to enhance security and reduce the likelihood that an unauthorized user can issue a data access request, via the computing engine, and gain access to the data associated with the memory device 514 (see Heaton ‘584, Col.14 lines 15-45, Col.15 line 47-Col.16 line 17, Col.17 line 66-Col.18 line 14).
As per claim 4: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Mody ‘859 does not explicitly disclose the limitations of claim 4. Heaton ‘584, however, discloses:
wherein the second type memory has a faster operating speed and a smaller storage capacity than the first type memory (the state buffer 502 may be static random access memory (SRAM) while the memory device 514 may be dynamic random access memory (DRAM), where SRAM has a relatively faster operating speed and a smaller storage capacity than DRAM [Heaton ‘584, Col.14 line 15-Col.15 line 10]).
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584, namely to implement the external memory and internal memory of Mody ‘859 as DRAM and SRAM respectively, as disclosed in Heaton ‘584. A motivation for doing so would be to reduce the effect of memory access bottleneck on the performance of computing engine accessing non-encrypted data by using SRAM caching (see Heaton ‘584, Col.14 lines 15-45).
As per claim 5: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Mody ‘859 does not explicitly disclose the limitations of claim 5. Heaton ‘584, however, discloses:
wherein the processor is configured to directly perform a convolution-based neural network computation to reduce a number of accesses to the first type memory (the computing engine 504 performs CNN-based computation on data within the state buffer 502 to reduce the number of accesses to the memory device 514 [Heaton ‘584, Col.14 lines 15-45, Col.15 lines 25-46; Fig.5B]).
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As per claim 8: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 8 is dependent upon. Mody ‘859 does not explicitly disclose the limitations of claim 8. Heaton ‘584, however, discloses:
wherein the processor is configured to perform data transmission and reception with the cryptographic processing front-end processor and the first and second type memories (the computing engine 504 is configured to transmit and receive data from the memory device 514 and state buffer 502, where transmitting and receiving data is facilitated by the encryption/decryption engine 540 within DMA engine 512 [Heaton ‘584, Col.14 lines 15-45, Col.17 line 41-Col.18 line 14; Fig.5B]) through direct memory access (DMA)-driven offloading of a DMA controller (the transmission and reception of data is performed through DMA engine 512 [Heaton ‘584, Col.14 line 46-Col.17 line 10, Col.17 lines 8-40, Col.17 line 66-Col.18 line 14; Fig.5B]).
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584, namely to implement a direct memory access engine, as disclosed in Heaton ‘584, to access input data within the external memories of Mody ‘859. A motivation for doing so would be to increase overall system performance by offloading data transfers from the computing engine, allowing the computing engine to perform other tasks (see Heaton ‘584, Col.14 line 46-Col.15 line 10, Col.17 line 66-Col.18 line 14, Col.20 lines 11-17).
As per claim 9: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 9 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the processor is configured to implement intra-layer pipelining by performing the neural network computation to overlap with the encryption and decryption operations performed by the cryptographic processing front-end processor (the CNN HW engine 200 may be configured to retrieve and use directly the decrypted weights and decrypted input through a hardware concurrent parallel execution of security engines for hidden layers during the signal processing. The CNN HW engine 200 may implement parallel execution of convolutions of the decrypted inputs and weights, and to supply the output back to the secure IP block 202 to form an encrypted output [Mody ‘859, ¶¶26, 51-53; Fig.2, Figs.4-5]; the CNN HW engine 200 may utilize first-in-first-out (FIFO) for memory pre-fetching in order to avoid latency between the memory fetching and the on-the-fly decryptions and encryptions by the secure IP block 202. Each CNN channel operation may further interface to control block-chaining [Mody ‘859, ¶¶33, 56-62; Figs.5-7]).
As per claim 10: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claims 1 and 9, as stated above, from which claim 10 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the processor is configured to perform the neural network computation by allowing the cryptographic processing front-end processor to perform a decryption operation of the encrypted input data in a middle of performing the neural network computation (During the signal processing, the CNN HW core 410 may perform concurrent parallel execution of security engines for the hidden layers. CNN HW engine 200 may be configured to retrieve and use directly the decrypted weights and decrypted input through a hardware concurrent parallel execution of security engines for hidden layers during the signal processing. The CNN HW engine 200 may implement parallel execution of convolutions of the decrypted inputs and weights, and to supply the output back to the secure IP block 202 to form an encrypted output. For example, during concurrent parallel execution by the CNN HW core 410, certain Advanced Encryption Standard (AES) channels 504 are performing decryption operations while the CNN HW core 410 is performing computation on the decrypted output of other AES channels [Mody ‘859, ¶¶26, 51-55; Fig.5]).
As per claim 11: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claims 1 and 9, as stated above, from which claim 11 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the processor is configured to perform the neural network computation by subdividing a data decryption operation, a calculation operation, and a data encryption operation for the intra-layer pipelining (During the signal processing, the CNN HW core 410 may perform concurrent parallel execution of security engines for the hidden layers. CNN HW engine 200 may be configured to retrieve and use directly the decrypted weights and decrypted input through a hardware concurrent parallel execution of security engines for hidden layers during the signal processing. Furthermore, the CNN HW core 410 may supply convoluted data as an output of the layer being processed. The convoluted data may include parallel convolution of the decrypted inputs and the corresponding decrypted weights, where a serializer 600 may be configured to transform the encrypted convoluted data output into a signal data-stream of encrypted output, which may thereafter be used as an encrypted input to another layer of the multi-layer CNN data. After the processing of all hidden layers, the serializer 600 may output different classifications of the image frame 102 [Mody ‘859, ¶¶26, 33, 51-53, 56-62; Fig.2, Figs.4-7]).
As per claim 12: Mody ‘859 discloses:
An artificial intelligence (Al) device based on a trust environment (a system for performing convolution neural network (CNN) based signal processing, where the system comprises a secure silicon-on-chip 104 (SoC) device 104 and external memories 208, 210 [Mody ‘859, ¶¶16-18, 21-22; Figs.1-2]), the Al device comprising: a first type memory configured to transmit encrypted (external memories 208, 210 configured to transmit encrypted CNN weights, encrypted CNN filters, and encrypted keys [Mody ‘859, ¶¶21-23, 43-44])
a trust Al processing unit configured to (a secure SoC device 104 comprising a convolutional neural network hardware (CNN HW) engine 200 for performing CNN computation of encrypted input feature data and output feature data [Mody ‘859, ¶¶21-23, 26, 43; Fig.2, Fig.4]), wherein the trust Al processing unit includes:
a cryptographic processing front-end processor configured (the secure intellectual property (IP) block 202 configured to generate decrypted input feature data through the decryption of encrypted input feature data [Mody ‘859, ¶¶18, 32, 43-45; Fig.4]); and
the second type memory configured to provide a buffer for storing the decrypted input data (the internal memory 206 configured to act as an intermediary storage for decrypted input feature data, decrypted weights, decrypted filters, and output feature data [Mody ‘859, ¶¶21, 25, 42; Fig.2, Fig.4]); and
a processor configured to (a CNN HW core 410 configured to perform a computation based on the decrypted input feature data to generate non-encrypted output feature data, where the non-encrypted output feature data may be input feature data for another layer within the neural network [Mody ‘859, ¶¶46, 51, 56-57, 67-68; Fig.4]).
As stated above, Mody ‘859 does not explicitly disclose the limitation “… a first type memory configured to transmit encrypted input data … a trust Al processing unit configured to operate in a trust space … a cryptographic processing front-end processor configured receive the encrypted input data from the first type memory … store the decrypted input data in a second type memory; the second type memory configured to provide a buffer for storing the decrypted input data received from the cryptographic processing front-end processor and non-encrypted output data … a processor configured to access the decrypted input data stored in the second type memory, and perform a neural network computation based on the accessed decrypted input data …”.
Heaton ‘584, however, discloses:
… a first type memory configured to transmit encrypted input data (memory device 514 configured to transmit encrypted input data 518 and receive encrypted output data 522 [Heaton ‘584, Col.14 line 46-Col.15 line 10; Fig.5B]) … a trust Al processing unit configured to operate in a trust space (establishing a trust boundary, where the trust boundary includes computing engine 504 for performing convolutional neural network operations [Heaton ‘584, Col.14 lines 15-45, Col.17 line 41-Col.18 line 14; Fig.5B])
… a cryptographic processing front-end processor configured receive the encrypted input data from the first type memory (encryption/decryption engine 540, included in DMA engine 512 or between DMA engine 512 and state buffer 502, configured to receive encrypted input data 518 from memory device 514 [Heaton ‘584, Col.17 line 66-Col.18 line 15; Fig.5B])
… store the decrypted input data in a second type memory (encryption/decryption engine 540 configured to provide decrypted input data to state buffer 502, where state buffer 502 stores the data in unencrypted form within the trust boundary [Heaton ‘584, Col.17 line 66-Col.18 line 15; Fig.5B]);
the second type memory configured to provide a buffer for storing the decrypted input data received from the cryptographic processing front-end processor and non-encrypted output data (state buffer 502 configured to store decrypted data received from encryption/decryption engine 540, where state buffer 502 provides caching of non-encrypted data, including non-encrypted input and output data, used for computations at computing engine 504 [Heaton ‘584, Col.14 lines 15-45, Col.17 line 56-Col.18 line 14; Fig.5B])
… a processor configured to access the decrypted input data stored in the second type memory, and perform a neural network computation based on the accessed decrypted input data (computing engine 504 configured to access decrypted input data and weights data stored at state buffer 502 and perform neural network computations based on the accessed data [Heaton ‘584, Col.14 lines 15-45; Fig.5B])
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As per claim 13: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 12, as stated above, from which claim 13 is dependent upon. Mody ‘859 does not explicitly disclose the limitations of claim 13. Heaton ‘584, however, discloses:
wherein the processor is configured to reduce a number of accesses to the first type memory by performing a direct convolution-based neural network computation (the computing engine 504 performs CNN-based computation on data within the state buffer 502 to reduce the number of accesses to the memory device 514 [Heaton ‘584, Col.14 lines 15-45, Col.15 lines 25-46; Fig.5B]).
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As per claim 15: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 12, as stated above, from which claim 15 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the processor is configured to implement intra-layer pipelining by performing the neural network computation to overlap with the encryption and decryption operations performed by the cryptographic processing front-end processor (the CNN HW engine 200 may be configured to retrieve and use directly the decrypted weights and decrypted input through a hardware concurrent parallel execution of security engines for hidden layers during the signal processing. The CNN HW engine 200 may implement parallel execution of convolutions of the decrypted inputs and weights, and to supply the output back to the secure IP block 202 to form an encrypted output [Mody ‘859, ¶¶26, 51-53; Fig.2, Figs.4-5]; the CNN HW engine 200 may utilize first-in-first-out (FIFO) for memory pre-fetching in order to avoid latency between the memory fetching and the on-the-fly decryptions and encryptions by the secure IP block 202. Each CNN channel operation may further interface to control block-chaining [Mody ‘859, ¶¶33, 56-62; Figs.5-7]).
Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Mody ‘859 in view of Heaton ‘584, and further in view of Lai et al., US 2024/0281393 A1 (hereinafter, “Lai ‘393”).
As per claim 6: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claims 1 and 5, as stated above, from which claim 6 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the processor is configured to regularly store a decryption input activation in the second type memory and store a decryption filter (the internal memory 206 configured to act as an intermediary storage for decrypted input feature data, decrypted weights, decrypted filters, and output feature data [Mody ‘859, ¶¶21, 25, 42; Fig.2, Fig.4])
As stated above, Mody ‘859 does not explicitly disclose the limitation “… regularly store … and a non-encryption output activation in a circular queue manner.”
Heaton ‘584, however, discloses:
… regularly store … and a non-encryption output activation (state buffer 502 for storing non-encrypted data, where the non-encrypted data includes non-encrypted input and output data [Heaton ‘584, Col.14 lines 29-45, Col.17 line 56-Col.18 line 14; Fig.5B]) .
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As stated above, Mody ‘859 in view of Heaton ‘584 does not explicitly disclose the limitation “… regularly store … in a circular queue manner.”
Lai ‘393, however, discloses:
… regularly store … in a circular queue manner (a circular buffer for input and output of tensor computations, where the circular buffer is configured to store input and output data from a neural network layer [Lai ‘393, ¶¶Abstract, 3-6]).
Mody ’859 (modified by Heaton ‘584) and Lai ‘393 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 (modified by Heaton ‘584) and Lai ‘393 before them, to modify the method in Mody ‘859 (modified by Heaton ‘584) to include the teachings of Lai ‘393, namely to modify the internal memory of Mody ‘859 or the state buffer of Heaton ‘584 such that they are implemented using a circular buffer, as disclosed in Lai ‘393. A motivation for doing so would be to increase the efficiency of memory use and to allow the tensor processor to perform tensor computations with input and output larger than the local memory size (see Lai ‘393, ¶¶3, 124).
As per claim 14: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 12, as stated above, from which claim 14 is dependent upon. Furthermore, Mody ‘859 discloses:
wherein the processor is configured to regularly store a decryption input activation in the second type memory and store a decryption filter (the internal memory 206 configured to act as an intermediary storage for decrypted input feature data, decrypted weights, decrypted filters, and output feature data [Mody ‘859, ¶¶21, 25, 42; Fig.2, Fig.4])
As stated above, Mody ‘859 does not explicitly disclose the limitation “… regularly store … and a non-encryption output activation in a circular queue manner.”
Heaton ‘584, however, discloses:
… regularly store … and a non-encryption output activation (state buffer 502 for storing non-encrypted data, where the non-encrypted data includes non-encrypted input and output data [Heaton ‘584, Col.14 lines 29-45, Col.17 line 56-Col.18 line 14; Fig.5B]) .
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As stated above, Mody ‘859 in view of Heaton ‘584 does not explicitly disclose the limitation “… regularly store … in a circular queue manner.”
Lai ‘393, however, discloses:
… regularly store … in a circular queue manner (a circular buffer for input and output of tensor computations, where the circular buffer is configured to store input and output data from a neural network layer [Lai ‘393, ¶¶Abstract, 3-6]).
Mody ’859 (modified by Heaton ‘584) and Lai ‘393 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 6, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 (modified by Heaton ‘584) and Lai ‘393 before them, to modify the method in Mody ‘859 (modified by Heaton ‘584) to include the teachings of Lai ‘393.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Mody ‘859 in view of Heaton ‘584, and further in view of Birsan et al., US 2020/0401540 A1 (hereinafter, “Birsan ‘540”).
As per claim 7: Mody ‘859 in view of Heaton ‘584 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Mody ‘859 does not explicitly disclose the limitations of claim 7. Heaton ‘584, however, discloses:
wherein the processor is configured to perform data transmission and reception with the first and second type memories through (the computing engine 504 is configured to transmit and receive data from the memory device 514 and state buffer 502, where transmitting and receiving data is facilitated by the encryption/decryption engine 540 within DMA engine 512 [Heaton ‘584, Col.14 lines 15-45, Col.17 line 41-Col.18 line 14; Fig.5B]; where the transmission and reception of data is performed through DMA engine 512 [Heaton ‘584, Col.14 line 46-Col.17 line 10, Col.17 lines 8-40, Col.17 line 66-Col.18 line 14; Fig.5B]).
Mody ‘859 and Heaton ‘584 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline for neural networks. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 and Heaton ‘584 before them, to modify the method in Mody ‘859 to include the teachings of Heaton ‘584.
As stated above, Mody ‘859 in view of Heaton ‘584 does not explicitly disclose the limitation: “… processor is configured to perform data transmission and reception … through interrupt-driven offloading …”.
Birsan ‘540, however, discloses:
… processor is configured to perform data transmission and reception … through interrupt-driven offloading (using the DMA, the CPU first initiates the transfer by offloading the transfer to a DMA controller (DMAC), then the CPU performs other operations while the transfer is in progress, and the CPU finally receives an interrupt from the DMA controller when the operation is done [Birsan ‘540, ¶¶3-4, 34]) …
Mody ’859 (modified by Heaton ‘584) and Birsan ‘540 are analogous art because they are from the same field of endeavor, namely that of the implementation of a secure data processing pipeline. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mody ‘859 (modified by Heaton ‘584) and Birsan ‘540 before them, to modify the method in Mody ‘859 (modified by Heaton ‘584) to include the teachings of Birsan ‘540, namely to modify the DMA engine of Heaton ‘584, which comprises the encryption/decryption engine, such that data is processed via interrupt-driven offloading, as disclosed in Birsan ‘540. A motivation for doing so would be to assist the CPU with data processing when the CPU cannot keep up with the rate of data transfer, or when the CPU needs to perform work while waiting for a relatively slow I/O data transfer (see Birsan ‘540, ¶¶3-4).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bai et al., US 20220230058 A1: A neural processing unit (NPU) is described. The NPU includes an NPU direct memory access (NDMA) core. The NDMA core includes a read engine having a read buffer. The NDMA core also includes a write engine having a write buffer. The NPU also includes a controller.
Han, et al., US 20210182222 A1: a dataflow controller for transmitting first data to a first processor and receiving second data from the first processor, an external DMA controller for receiving the first data from an external memory to transmit the first data to the dataflow controller and receiving the second data from the dataflow controller to transmit the second data to the external memory.
Borkovic, US 11847507 B1: Two or more semaphores can be used per queue for synchronization of direct memory access (DMA) transfers between a DMA engine and various computational engines by alternating the semaphores across sequential sets of consecutive DMA transfers in the queue.
THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN L KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ALAN L KONG/Examiner, Art Unit 2494
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494
Prosecution Insights