DETAILED ACTION
This Action is in consideration of the Applicant’s response on October 13, 2025. No amendments are made by the Applicant. Claims 1, 2, 5, 6, 9 – 11, 13 – 19, 23 – 28, 31, 34 – 36, and 42, where Claims 1, 36, and 42 are in independent form, are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on August 13, 2025, August 13, 2025, October 17, 2025, October 17, 2025, and January 26, 2026 were filed before the mailing date of the current action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant’s arguments filed on October 13, 2025 have been fully considered but they are not persuasive. Applicant argued:
a) Regarding Claim 1, Asif does not disclose or suggest that the PUF interface logic, comprising the logging mechanism, is embedded in the housing of the edge device.
The Office respectfully disagrees with Applicant’s assertions.
1. With regards to a), in response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., a logging mechanism of the PUF interface logic) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
The claims, do not describe or indicate a logging mechanism or any type of recording or storing of the PUF input and output as the Applicant argues [See Remarks, Pgs. 9-10]. The claim recites “internal PUF interface logic compris[ing] a logging mechanism arranged to automatically log a record of the input challenge and/or output response in a log medium.” Foremost, is no indication of storage within the device; the log medium is not indicated to be within the claimed device. Additionally, the logging mechanism does not indicate precisely what is being done to “log a record of the input challenge and/or output response in a log medium.”
As disclosed by Asif, the hardware accelerator within the edge node comprises the PUF and hashing module that is used to produce a hash of a particular response from the PUF [Pgs. 17-18, Figs. 10b and 10c]. The hashing module “logs” the PUF’s output response in that it standardizes the output of the PUF to be used to verify and authorize the edge node that produced the proof-of-PUF [Pg. 18]. As seen in the device enrollment phase, a collection of challenge/response pairs are stored in a secure database [Pg. 17, Fig. 10a]. The use of an external database does not preclude the edge node from logging a record of the output response in a log medium as claimed. The Applicant has even claimed the log medium may be external [See Claim 25]. The communication medium used to send the response in the enrollment phase is unsecure and can be potentially manipulated by a malicious process, such as a wireless channel. The fact that the output hash is generated internally within the edge node is sufficient to read on the limitation of encapsulated within a housing of the edge node. Therefore, the rejection is maintained.
No other arguments are presented by the Applicant.
Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 1, 2, 5, 6, 9 – 11, 13 – 19, 23 – 28, 31, 34 – 36, and 42 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by “Proof-of-PUF Enabled Blockchain: Concurrent Data and Device Security for Internet-of-Energy,” Asif, Rameez, et al. (hereinafter “Asif”).
2. Regarding Claim 1, Asif discloses of a device [Fig. 9] comprising:
a PUF module comprising a physically unclonable function, PUF, and internal PUF interface logic arranged to receive an input challenge and output an output response being a deterministic function of the input challenge, the deterministic function comprising the PUF [Figs. 9, 10a, 10b, 10c]; and
one or more outer layer components providing at least part of an unsecured channel for inputting the input challenge to the internal interface logic of the PUF module and receiving back the output response output by the internal interface logic [Fig. 10b; also Pg. 3, Table 1];
wherein at least one of the outer layer components is susceptible to manipulation of the input challenge and/or output response by a malicious process [Fig. 10b; also Pg. 3, Table 1], but the PUF module, including the internal PUF interface logic, is encapsulated within a housing of the device and separated from the one or more outer layer components, and is thus protected from manipulation by the malicious process [Figs. 9 and 10; PUF board encapsulated]; and
wherein the internal PUF interface logic comprises a logging mechanism arranged to automatically log a record of the input challenge and/or output response in a log medium [Fig. 10a-10c; Pg. 17-18; proof of PUF; records in secure database].
3. Regarding Claim 2, Asif discloses the limitations of Claim 1 above. Asif further discloses that the internal interface logic is implemented partially or wholly in firmware run on a processor of the device [Pg. 2], wherein the firmware is stored partially or wholly in read only memory, ROM, or a secure kernel [Pg. 16].
4. Regarding Claim 5, Asif discloses the limitations of Claim 1 above. Asif further discloses that the internal interface logic is implemented in fixed-function hardware circuitry [Fig. 9].
5. Regarding Claim 6, Asif discloses the limitations of Claim 1 above. Asif further discloses that the at least one outer layer component comprises an external interface for receiving the input challenge from a source external to the device and/or supplying the output response to a destination external to the device, the malicious process to which the at least one outer layer component is susceptible comprising interception and manipulation of the input challenge and/or output response between the source and the external interface [Fig. 10b].
6. Regarding Claim 9, Asif discloses the limitations of Claim 6 above. Asif further discloses that the device comprises a dedicated PUF device [Fig. 9].
7. Regarding Claim 10, Asif discloses the limitations of Claim 1 above. Asif further discloses that the at least one outer layer component comprises an application running on a processor within the housing of the device, wherein the application is configured to generate the input challenge, the malicious process to which the at least one outer layer component is susceptible comprising malware being run on the same processor as the application to manipulate the input challenge [Pg. 2].
8. Regarding Claim 11, Asif discloses the limitations of Claim 10 above. Asif further discloses that the internal interface logic is arranged to run on either:
a separate processor than the application [Pg. 2 and 16; Fig. 9]; or
the same processor as the application but in a privileged domain of a secure processor, whereas the application runs in an application domain.
9. Regarding Claim 13, Asif discloses the limitations of Claim 10 above. Asif further discloses that the device comprises an event data recorder, EDR, and the application comprises an EDR application [Fig. 10c].
10. Regarding Claim 14, Asif discloses the limitations of Claim 13 above. Asif further discloses that the application is configured to generate a result of a system which the EDR is configured to monitor, and the EDR is configured to record the result and a tag mapping the output response to the result [Pg. 16-17].
11. Regarding Claim 15, Asif discloses the limitations of Claim 14 above. Asif further discloses that the tag comprises: a cryptographic signature generated by signing the result with the output response; or a hash-based message authentication code, HMAC, generated as a function of the result and the output response [Fig. 10c; SHA 256].
12. Regarding Claim 16, Asif discloses the limitations of Claim 14 above. Asif further discloses that the input challenge comprises meaningful data used by the application, representing a state of the system being monitored [Section 5.2; Fig. 10c].
13. Regarding Claim 17, Asif discloses the limitations of Claim 16 above. Asif further discloses that the result is dependent on said data [Section 5.2; Fig. 10c].
14. Regarding Claim 18, Asif discloses the limitations of Claim 13 above. Asif further discloses that the EDR is an EDR for a vehicle, a system which the EDR is configured to monitor comprising a system of the vehicle [Figs. 10c and 11; Pg. 13].
15. Regarding Claim 19, Asif discloses the limitations of Claim 1 above. Asif further discloses that the one or more outer layer components are implemented in the same housing as the PUF module [Fig. 9].
16. Regarding Claim 23, Asif discloses the limitations of Claim 1 above. Asif further discloses that the log medium comprises a local memory of the device [Pg. 16, section 5].
17. Regarding Claim 24, Asif discloses the limitations of Claim 23 above. Asif further discloses that said local memory is a tamperproof memory, write-once memory, and/or embedded in the interface logic [Pg. 16, section 5].
18. Regarding Claim 25, Asif discloses the limitations of Claim 1 above. Asif further discloses that the log medium in which the PUF interface logic is configured to log the record comprises: a publicly accessible medium external to the device [Figs. 9, and 10c].
18. Regarding Claim 26, Asif discloses the limitations of Claim 25 above. Asif further discloses that the publicly accessible medium in which the PUF interface logic is configured to log the record comprises: a blockchain [Figs. 9 and 10c].
19. Regarding Claim 27, Asif discloses the limitations of Claim 1 above. Asif further discloses that the internal PUF interface logic is configured to perform the logging of the record in real-time in response the inputting of the individual input challenge [Figs. 10a-10c; Pgs. 16-19; PUF implementation].
20. Regarding Claim 28, Asif discloses the limitations of Claim 1 above. Asif further discloses that the internal PUF interface logic is configured to periodically log any input challenges received and/or output responses generated during each instance of a periodic window of time [Figs. 10a-10c; Pgs. 16-19; PUF implementation with blockchain].
21. Regarding Claim 31, Asif discloses the limitations of Claim 25 above. Asif further discloses that 31. (Currently Amended) The device of claim 25, wherein the logging mechanism is configured to log the record to the publicly accessible medium in real-time in response to the inputting of the individual input challenge [Figs. 10a-10c; Pgs. 16-19; PUF implementation with blockchain].
22. Regarding Claim 34, Asif discloses the limitations of Claim 1 above. Asif further discloses that the logging mechanism is configured to output the record, for the logging thereof, in a packet that further comprises a signature generated based on a cryptographic key of the logging mechanism applied to at least part of the packet comprising the record [Figs. 7 and 8].
23. Regarding Claim 34, Asif discloses the limitations of Claim 35 above. Asif further discloses that the log medium in which the PUF interface logic is configured to log the record comprises a blockchain, and wherein the packet comprises a blockchain transaction, the record being included in an output of the blockchain transaction and the signature being included in an input of the transaction [Figs. 7 and 8].
24. Regarding Claims 36 and 42, Asif discloses of a computer program embodied on a non-transitory computer-readable medium and configured so as, when run on one or more processors, the one or more processors perform [Section 5.3, Pg. 20] a method of using a device [Figs. 10a-10c], the device including:
a PUF module comprising a physically unclonable function, PUF, and internal PUF interface logic arranged to receive an input challenge and output an output response being a deterministic function of the input challenge, the deterministic function comprising the PUF [Figs. 9, 10a, 10b, 10c]; and
one or more outer layer components providing at least part of an unsecured channel for inputting the input challenge to the internal interface logic of the PUF module and receiving back the output response output by the internal interface logic [Fig. 10b; also Pg. 3, Table 1];
wherein at least one of the outer layer components is susceptible to manipulation of the input challenge and/or output response by a malicious process [Fig. 10b; also Pg. 3, Table 1], but the PUF module, including the internal PUF interface logic, is encapsulated within a housing of the device and separated from the one or more outer layer components, and is thus protected from manipulation by the malicious process [Figs. 9 and 10; PUF board encapsulated]; and
wherein the internal PUF interface logic comprises a logging mechanism arranged to automatically log a record of the input challenge and/or output response in a log medium [Fig. 10c; proof of PUF], the method comprising:
after the record of the input challenge and/or output response has been logged in said log medium, inputting a candidate challenge to the device via the unsecured channel of the outer layer in order to cause the PUF module to generate a candidate response and return the candidate response to via the unsecured channel [Pgs. 16-19; Sections 5.1, 5.2, and 5.3; Figs. 10a-10c; PUF implementation with blockchain];
checking for evidence of manipulation by checking the candidate challenge against record of the original input challenge logged in the log medium, and/or by checking the candidate response against the record of the original output response logged in the log medium [Pgs. 16-19; Sections 5.1, 5.2, and 5.3; Figs. 10a-10c; PUF implementation with blockchain].
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979. The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624. The fax phone number for submitting all Official communications is (703) 872-9306. The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496