SECURITY PROCESSING DEVICE, METHOD AND ELECTRONIC DEVICE FOR HANDLING ATTACKS

DETAILED ACTION Examiner acknowledges receipt of Applicant’s amendment filed on 09/17/2025 Claims 1, 3, 4, 5, 8, 9, 11, 12, 14, and 16-19 are currently amended Claims 1-19 are pending Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Examiner has fully considered Applicant’s amendments to the Claims in the arguments filed on 09/17/2025. Claims 1-19 remain pending in the application. Examiner has withdrawn the objections of record based on the amendments filed on 09/17/2025. Response to Arguments Applicant’s arguments filed 09/17/2025, with respect to the rejections of independent claims 1, 9, and 17 and their corresponding dependent claims under 35 USC 103 have been fully considered, but they are not persuasive. Regarding Applicant’s argument beginning on P. 10 of Applicant Remarks that Brusilovsky is not sufficient to teach a non-volatile memory which stores a first flag value and a second flag value, Examiner respectfully disagrees. Specifically, Brusilovsky renders obvious storage of a first and second flag value by a non-volatile memory. As highlighted in Applicant Remarks, Brusilovsky teaches a NVM which stores an alarm indicator value to be compared to a reference alarm condition indicator value to detect attacks upon device reset/boot-up – “the secure boot process analyzes an integrity (and possibly replay and/or confidentiality, if instituted) protection status of the Alarm_Status variable. For example, the alarm condition indicator value being analyzed is compared against a securely stored (e.g., in TRE 110) reference alarm condition indicator value. If these two values are the same, upon successful check, then it is assumed that there was no tampering with the data. However, if the values are different, then the network element assumes that the data has been tampered with” (Brusilovsky – Paragraph [0031]). The secure storage of the reference value in “TRE 110” is merely exemplary. Brusilovsky highlights the benefits of implementing non-volatile memory for storing alarm indication data at least in reciting “the non-volatile memory may comprise … RAM utilizing backup battery. The backup power source 114 … ensures that the data stored in unit 112 is preserved even if power is cut to the network element (i.e., acts as nonvolatile memory)”. Further, the claims and instant specification offer no explicit reasoning for storing both the first and second flag values in NVM – “Both the first flag value and the second flag value may be stored by a non-volatile memory device, such as a flash memory device” (Specification Paragraph [0016]). Therefore, Examiner respectfully submits that, in view of the teachings from Brusilovsky, one of ordinary skill in the art would recognize the obvious benefit offered by the design choice to store both flag values in NVM, thus persisting the values across device resets or power loss. This would be particularly beneficial in the case of the claimed invention, in which the values are to be referenced upon device reset/boot-up. Regarding Applicant’s argument also beginning on P. 10 of Applicant Remarks that Brusilovsky is not sufficient to teach “when the security processing device is reset or boot-up, the programming time controller updates the second flag value”, Examiner respectfully disagrees. Applicant Remarks also highlights the teaching from Brusilovsky which expressly demonstrates updating the second flag value – “the expected reference value may be changed at every successful check or reset” (Brusilovsky – Paragraph [0031]). Brusilovsky describes that the processing of alarm conditions illustrated in Figure 2 is implemented by the alarm storage and processing unit 112, including the change of the expected reference value at successful reset. Therefore, and in consideration of the discussion above in which the second flag value may be interpreted as being stored in the NVM, the alarm storage and processing unit 112 may be reasonably interpreted as the claimed programming time controller which updates the second flag value. Moreover, Brusilovsky Figure 3 further exhibits exemplary architecture for a computing device which “represent(s) a network element 100 as described above in the context of FIGS. 1 and 2” (Brusilovsky – Paragraph [0037]). The exemplary architecture includes at least a processor 310, memory 312, and network interface 314. In view of these teachings, at least the processor 310 may be reasonably interpreted as the claimed “processing unit, electrically connected to the programming time controller”. Regarding Applicant’s argument beginning on P. 11 of Applicant Remarks that the combination of Brusilovsky and Benoit is not sufficient to teach the limitation “when the security processing device is reset or boot-up, the programming time controller … adjusts a time for the processing unit to process a first instruction or any one instruction based on the first flag value and the second flag value”, Examiner respectfully disagrees. The Applicant Remarks assert that the respective operations taught by Brusilovsky and Benoit are responsive to attack occurrences, rather than the operations being performed when the device is reset or boot-up. However, Brusilovsky explicitly teaches the operations relating to the flag values being performed at a “subsequent power up cycle of the network element 100” after triggering of an alarm condition (Brusilovsky – Paragraph [0030]). At this power up cycle, the network element undergoes a secure boot-up procedure in which the two flag values are compared – “the secure boot process analyzes an integrity (and possibly replay and/or confidentiality, if instituted) protection status of the Alarm_Status variable. For example, the alarm condition indicator value being analyzed is compared against a securely stored (e.g., in TRE 110) reference alarm condition indicator value. If these two values are the same, upon successful check, then it is assumed that there was no tampering with the data. However, if the values are different, then the network element assumes that the data has been tampered with … the expected reference value may be changed at every successful check or reset” (Brusilovsky – Paragraph [0031]). Thus, Brusilovsky explicitly teaches updating the second flag value in addition to identifying an attack occurrence based on the first and second flag values upon device reset or boot-up. Brusilovsky is not relied upon to teach the limitation “the programming time controller … adjusts a time for the processing unit to process a first instruction or any one instruction”. Instead, as highlighted in Applicant Arguments, Benoit teaches adjustment of a system clock or clock rate by a clock controller responsive to instruction from an adaptive controller. As further indicated in Applicant Remarks, this adjustment of time to process instructions occurs responsive to detecting an on-going attack, as illustrated in at least Figure 9 of Benoit. Examiner submits that this responsive action to attack detection is the primary motivation to combine the arts of Brusilovsky and Benoit. Specifically, Brusilovsky teaches a determination that data has been tampered with during a secure boot process based on the first and second flag values. Therefore, Benoit’s attack-responsive actions naturally combine with the teachings of Brusilovsky toward a resolution of the detected tampering; the combination of Brusilovsky and Benoit render obvious the limitation “when the security processing device is reset or boot-up, the programming time controller … adjusts a time for the processing unit to process a first instruction or any one instruction based on the first flag value and the second flag value”. Specification The amendment to the specification, submitted on 09/17/2025, for the instant application is acceptable for examination purposes. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3, 9-11, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brusilovsky (US 20140184411 A1), hereinafter Brusilovsky, in view of Benoit et al. (US 20170286680 A1), hereinafter Benoit. Regarding Claim 1: Brusilovsky teaches a security processing device for handling attacks (Brusilovsky – Paragraph [0014]: As used herein, the phrase "network element" refers to any computing device associated with a communication network. By way of example only, such computing device may be a router, a switch, a base station, a mobile terminal, etc. Embodiments of the invention are not limited to any particular type of network element; and Paragraph [0030]: In step 206, at a subsequent power up cycle of the network element 100, the network element goes through a secure boot-up validation procedure (secure boot process), during which the stored protected alarm indication data is analyzed for integrity attacks, and possibly for replay and confidentiality attacks if such protection was implemented), comprising: an attack detector, configured to detect whether an attack event occurs (Brusilovsky – Paragraph [0023]: Examples of intrusion sensors 118 include, but are not limited to … electronic intrusion detectors (e.g., software that detects network hacking activities, etc.), and generate an attack trigger signal when an occurrence of the attack event is detected (Brusilovsky – Paragraph [0029]: In step 204, upon triggering of an alarm condition (i.e., an alarm condition is detected by one or more of the set of sensors 116), for example, a case intrusion, the alarm storage and processing unit 12 (possibly now being powered by the backup power source 114 depending on the alarm condition type) receives the alarm indication data from the set of sensors 116); a programming time controller, electrically connected to the attack detector, and configured to update a first flag value when the attack trigger signal is received (Brusilovsky – Paragraph [0029]: This means that the unit 112 receives the Alarm_Status value set to logic "1" indicating an alarm has been detected. The unit 112 then integrity protects the value using secret cryptographic key Ka, as explained above, to generate protected value (Alarm_Status)Ka. Again, the alarm condition indicator value may also be replay protected and/or confidentiality protected before being stored in unit 112. Thus, the unit 112 processes any alarm indication data it receives and stores it in non-volatile memory); a non-volatile memory device, [electrically connected to the programming time controller], and configured to store the first flag value and a second flag value (Brusilovsky – Paragraph [0029]: Thus, the unit 112 processes any alarm indication data it receives and stores it in non-volatile memory; and Paragraph [0031]: For example, the alarm condition indicator value being analyzed is compared against a securely stored (e.g., in TRE 110) reference alarm condition indicator value; and Paragraph [0040]: Also, the term "memory" as used herein is intended to include electronic memory associated with a processor, such as random access memory (RAM), read-only memory (ROM), non-volatile memory (NVM), or other types of memory, in any combination; Examiner’s Comment: Examiner respectfully submits that the teachings of Brusilovsky to store one flag value in a non-volatile memory renders it obvious to one of ordinary skill in the art to store a second/reference value in the non-volatile memory); and a processing unit, electrically connected to the programming time controller, wherein when the security processing device is reset or boot-up, the programming time controller updates the second flag value (Brusilovsky – Paragraph [0030]: In step 206, at a subsequent power up cycle of the network element 100, the network element goes through a secure boot-up validation procedure (secure boot process), during which the stored protected alarm indication data is analyzed for integrity attacks, and possibly for replay and confidentiality attacks if such protection was implemented; and Paragraph [0031]: More specifically, in one embodiment, the secure boot process analyzes an integrity (and possibly replay and/or confidentiality, if instituted) protection status of the Alarm_Status variable. For example, the alarm condition indicator value being analyzed is compared against a securely stored (e.g., in TRE 110) reference alarm condition indicator value. If these two values are the same, upon successful check, then it is assumed that there was no tampering with the data. However, if the values are different, then the network element assumes that the data has been tampered with. Note that if the reference value remains constant, the attacker can substitute (replay) the alarm condition indicator value with the expected (constant) value. To protect against such a replay attack, the expected reference value may be changed at every successful check or reset (e.g., by adding freshness based on time, etc. to the reference value and alarm condition indicator value computations); and Paragraph [0037]: It is to be understood that one or more of the computing devices 302 shown in FIG. 3 represent a network element 100 as described above in the context of FIGS. 1 and 2; and Paragraph [0039]: As shown, computing device 302-1 comprises processor 310, memory 312, and network interface 314) and adjusts [a time for the processing unit to process a first instruction or any one instruction] based on the first flag value and the second flag value (Brusilovsky – Paragraph [0032]: If any security breach of the alarm indication data due to tampering is evident (integrity or replay/confidentiality protection is compromised, as explained above), the methodology moves from step 206 to step 212. In step 212, the network element 100 decides whether to: (1) enable a limping mode (step 216), wherein the device is allowed minimal functionality, for example, connection to its service center; or (2) if the alarm or security violation is too serious, shut down the network element (step 214)). Brusilovsky does not expressly teach a non-volatile memory device, electrically connected to the programming time controller; and adjusts a time for the processing unit to process a first instruction or any one instruction. However, Benoit teaches a non-volatile memory device, electrically connected to the programming time controller (Benoit – Figure 8: diagram of a system-on-a-chip (SoC) with connected hardware elements including a NVM (internal shared HW resources 830) and a programming time controller (system clock controller 802)); adjusts a time for the processing unit to process a first instruction or any one instruction (Benoit – Figure 9: operations in response to an ongoing transient fault attack; and Paragraph [0068]: At 910, the adaptive controller 904 also increases an aggressiveness of the transient fault defense and/or adjusts or modifies the system clock … Insofar as adjusting or modifying the system clock, the adaptive controller 904, depending upon its programming, can selectively increase or decrease the clock rate (to thereby affect the time localization of events within the SoC processor to hinder transient fault attacks that rely on time localization) and/or selectively skip or gate clock cycles (to thereby also affect the time localization of events within the SoC processor), including gating clock cycles by generating a random or pseudorandom hash that specifies the particular cycles to skip. The system clock controller 902 responds, at 912, by adjusting or modifying the system clock, as instructed; and Figure 12: processor clock adjustments in response to transient fault attack ;and Paragraph [0076]: A default clock 1202 is illustrated, which can be, for example, a 8.5 GHz clock. In response to the detection of a first new transient fault, the clock rate might be slowed to half its rate, as indicated by slowed clock 1204. This can help thwart malicious attacks that rely on the precise timing of injection of transient faults since the processor will then be operating a different rate than the rate that the attacker assumes the processor is using). Benoit further teaches a processing unit, electrically connected to the programming time controller (Benoit – Figure 8: diagram of a system-on-a-chip (SoC) with connected hardware elements including a processing unit (application processing circuit 810) and a programming time controller (system clock controller 802)). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Brusilovsky, further incorporating Benoit to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Benoit’s hardware structure of a device for handling attacks in addition to the teaching to adjust the timing of processing operations in response to detecting an attack into Brusilovsky’s device for handling attacks. This combination would result in a device that could seamlessly detect and defend itself against attacks while continuing to operate practically and efficiently. Regarding Claim 2: The combination of Brusilovsky and Benoit teaches the security processing device according to claim 1. Brusilovsky further teaches wherein the security processing device updates the first flag value via inverting the first flag value, increasing the first flag value by a specific value or decreasing the first flag value by the specific value (Brusilovsky – Paragraph [0027]: As shown in methodology 200, provisioning of an alarm condition indicator occurs in step 202. By default, when the network element 100 is powered up for the first time, the alarm condition indicator (variable Alarm_Status in this example, although other alarm indication data could be provisioned here as well including, but not limited to, alarm metadata and auxiliary data as mentioned above) is populated with a logic "0" value indicating "no alarm detected."; and Paragraph [0029]: In step 204, upon triggering of an alarm condition (i.e., an alarm condition is detected by one or more of the set of sensors 116), for example, a case intrusion, the alarm storage and processing unit 12 (possibly now being powered by the backup power source 114 depending on the alarm condition type) receives the alarm indication data from the set of sensors 116. This means that the unit 112 receives the Alarm_Status value set to logic "1" indicating an alarm has been detected). The motivation to combine the arts is the same as that of Claim 1. Regarding Claim 3: The combination of Brusilovsky and Benoit teaches the security processing device according to claim 1. Brusilovsky further teaches wherein when the security processing device is reset or boot-up, and when the first flag value and the second flag value are different from each other, the programming time controller utilizes the first flag value to update the second flag value (Brusilovsky – Paragraph [0031]: More specifically, in one embodiment, the secure boot process analyzes an integrity (and possibly replay and/or confidentiality, if instituted) protection status of the Alarm_Status variable. For example, the alarm condition indicator value being analyzed is compared against a securely stored (e.g., in TRE 110) reference alarm condition indicator value. If these two values are the same, upon successful check, then it is assumed that there was no tampering with the data. However, if the values are different, then the network element assumes that the data has been tampered with. Note that if the reference value remains constant, the attacker can substitute (replay) the alarm condition indicator value with the expected (constant) value. To protect against such a replay attack, the expected reference value may be changed at every successful check or reset (e.g., by adding freshness based on time, etc. to the reference value and alarm condition indicator value computations)). The motivation to combine the arts is the same as that of Claim 1. Regarding Claim 9: Claim 9 is a device claim with limitations corresponding to those of security processing device Claim 1. Therefore, Claim 9 is rejected with the same combination and rationale as those of the rejection of Claim 1. In addition, Brusilovsky further teaches an electronic device (Brusilovsky – Figure 1: illustration of a tamper-resistant network element; and Paragraph [0014]: As used herein, the phrase "network element" refers to any computing device associated with a communication network); and a functional circuit, electrically connected to the security processing device (Brusilovsky – Paragraph [0040]: It should be understood that the term "processor" as used herein is intended to include one or more processing devices, including a signal processor, a microprocessor, a microcontroller, an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other type of processing circuitry, as well as portions or combinations of such circuitry elements). Regarding Claim 10: Claim 10 is a device claim with limitations corresponding to those of method Claim 2. Therefore, Claim 10 is rejected with the same combination and rationale as those of the rejection of Claim 2. Regarding Claim 11: Claim 11 is a device claim with limitations corresponding to those of method Claim 3. Therefore, Claim 11 is rejected with the same combination and rationale as those of the rejection of Claim 3. Regarding Claim 17: Claim 17 is a method claim with steps of the method corresponding to the limitations of device Claims 1 and 9. Therefore, Claim 17 is rejected with the same combination and rationale as those of the rejections of Claim 1 and Claim 9. Claim(s) 4, 5, 12, 13, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brusilovsky in view of Benoit and Hong (US 20200089502 A1), hereinafter Hong. Regarding Claim 4: The combination of Brusilovsky and Benoit teaches the security processing device according to claim 1. Benoit further teaches to adjust the time for the processing unit to process the first instruction (Benoit – Figure 9: operations in response to an ongoing transient fault attack; and Paragraph [0068]: At 910, the adaptive controller 904 also increases an aggressiveness of the transient fault defense and/or adjusts or modifies the system clock … Insofar as adjusting or modifying the system clock, the adaptive controller 904, depending upon its programming, can selectively increase or decrease the clock rate (to thereby affect the time localization of events within the SoC processor to hinder transient fault attacks that rely on time localization) and/or selectively skip or gate clock cycles (to thereby also affect the time localization of events within the SoC processor), including gating clock cycles by generating a random or pseudorandom hash that specifies the particular cycles to skip. The system clock controller 902 responds, at 912, by adjusting or modifying the system clock, as instructed; and Figure 12: processor clock adjustments in response to transient fault attack ;and Paragraph [0076]: A default clock 1202 is illustrated, which can be, for example, a 8.5 GHz clock. In response to the detection of a first new transient fault, the clock rate might be slowed to half its rate, as indicated by slowed clock 1204. This can help thwart malicious attacks that rely on the precise timing of injection of transient faults since the processor will then be operating a different rate than the rate that the attacker assumes the processor is using). The combination of Brusilovsky and Benoit does not expressly teach wherein the programming time controller instructs the processing unit to expand the first instruction into a plurality of second instructions. However, Hong teaches wherein the programming time controller instructs the processing unit to expand the first instruction into a plurality of second instructions (Hong – Figure 2: illustration of a function broken up into a plurality of instructions; and Paragraph [0034]: The operation 102 divides up the code segment into fixed and relocatable instructions. FIG. 2 illustrates, by way of example, a diagram of an embodiment of a simple function broken up into fixed instructions 202 and relocatable instructions 204; and Paragraph [0036]: After all fixed or relocatable instructions have been identified, the remaining instructions in the code base are relocatable instructions 204A-204D or fixed instructions 202A-202D, respectively. The sets of fixed instructions 202A-D and relocatable instructions 204A-204D can then be passed to the operation 104. Note that, in assembly, the fixed instructions 202A-202B and 202D equate to a single assembly instruction). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Brusilovsky and Benoit, further incorporating Hong to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Hong’s teaching to expand an instruction into a plurality of sub-instructions into Brusilovsky and Benoit’s device for handling attacks. This combination would allow for a system to adjust its processing at a more granular level in order to thwart timing-based attacks. Regarding Claim 5: The combination of Brusilovsky, Benoit, and Hong teaches the security processing device according to claim 4. Hong further teaches wherein the plurality of the second instructions include the first instruction and a pseudo instruction, or the plurality of the second instructions are a plurality of instructions generated by disassembling the first instruction (Hong – Figure 2: illustration of a function broken up into a plurality of instructions; and Paragraph [0034]: The operation 102 divides up the code segment into fixed and relocatable instructions. FIG. 2 illustrates, by way of example, a diagram of an embodiment of a simple function broken up into fixed instructions 202 and relocatable instructions 204; and Paragraph [0036]: After all fixed or relocatable instructions have been identified, the remaining instructions in the code base are relocatable instructions 204A-204D or fixed instructions 202A-202D, respectively. The sets of fixed instructions 202A-D and relocatable instructions 204A-204D can then be passed to the operation 104. Note that, in assembly, the fixed instructions 202A-202B and 202D equate to a single assembly instruction). The motivation to combine the arts is the same as that of Claim 4. Regarding Claim 12: Claim 12 is a device claim with limitations corresponding to those of method Claim 4. Therefore, Claim 12 is rejected with the same combination and rationale as those of the rejection of Claim 4. Regarding Claim 13: Claim 13 is a device claim with limitations corresponding to those of method Claim 5. Therefore, Claim 13 is rejected with the same combination and rationale as those of the rejection of Claim 5. Regarding Claim 18: The combination of Brusilovsky and Benoit teaches the security processing method according to claim 17. The combination of Brusilovsky and Benoit does not expressly teach wherein the programming time controller instructs the processing unit to expand the first instruction into a plurality of second instructions. However, Hong teaches wherein in the processing step, the programming time controller instructs the processing unit to expand the first instruction into a plurality of second instructions, [or the programming time controller instructs the processing unit to delay a fetch time of the first instruction by a specific time to adjust the time for the processing unit to process the first instruction] (Hong – Figure 2: illustration of a function broken up into a plurality of instructions; and Paragraph [0034]: The operation 102 divides up the code segment into fixed and relocatable instructions. FIG. 2 illustrates, by way of example, a diagram of an embodiment of a simple function broken up into fixed instructions 202 and relocatable instructions 204; and Paragraph [0036]: After all fixed or relocatable instructions have been identified, the remaining instructions in the code base are relocatable instructions 204A-204D or fixed instructions 202A-202D, respectively. The sets of fixed instructions 202A-D and relocatable instructions 204A-204D can then be passed to the operation 104. Note that, in assembly, the fixed instructions 202A-202B and 202D equate to a single assembly instruction). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Brusilovsky and Benoit, further incorporating Hong to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Hong’s teaching to expand an instruction into a plurality of sub-instructions into Brusilovsky and Benoit’s device for handling attacks. This combination would allow for a system to adjust its processing at a more granular level in order to thwart timing-based attacks. Claim(s) 6, 7, 14, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brusilovsky in view of Benoit and Srinivas et al. (US 20190065751 A1), hereinafter Srinivas. Regarding Claim 6: The combination of Brusilovsky and Benoit teaches the security processing device according to claim 1. The combination of Brusilovsky and Benoit does not expressly teach wherein the programming time controller instructs the processing unit to delay a fetch time of the first instruction by a specific time to adjust the time for the processing unit to process the first instruction. However, Srinivas teaches wherein the programming time controller instructs the processing unit to delay a fetch time of the first instruction by a specific time to adjust the time for the processing unit to process the first instruction (Srinivas – Paragraph [0027]: In some embodiments, the time that the boot loader is started is randomized so that the time when the device 100 begins executing instructions is not fixed. That is, the first instructions in the boot loader are a delay loop that executes for a randomly selected number of times before the actual boot load instructions are executed. The delay loop may request a random number from the random number generator 106 and use that random number to determine how many times a “dummy” instruction, e.g., a NOP, is to be executed before allowing the boot load instructions to execute. As the random number generated by the random number generator 106 can be large, a fixed number of bits of the random number may be used to determine the delay loop count to keep the delay within reasonable bounds). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Brusilovsky and Benoit, further incorporating Srinivas to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Srinivas’s teaching to randomize an instruction fetch delay into Brusilovsky and Benoit’s device for handling attacks. This addition would further enhance the system’s security against timing-based attacks. Regarding Claim 7: The combination of Brusilovsky, Benoit, and Srinivas teaches the security processing device according to claim 6. Srinivas further teaches wherein the specific time is determined by a random number (Srinivas – Paragraph [0027]: In some embodiments, the time that the boot loader is started is randomized so that the time when the device 100 begins executing instructions is not fixed. That is, the first instructions in the boot loader are a delay loop that executes for a randomly selected number of times before the actual boot load instructions are executed. The delay loop may request a random number from the random number generator 106 and use that random number to determine how many times a “dummy” instruction, e.g., a NOP, is to be executed before allowing the boot load instructions to execute. As the random number generated by the random number generator 106 can be large, a fixed number of bits of the random number may be used to determine the delay loop count to keep the delay within reasonable bounds). The motivation to combine the arts is the same as that of Claim 6. Regarding Claim 14: Claim 14 is a device claim with limitations corresponding to those of method Claim 6. Therefore, Claim 14 is rejected with the same combination and rationale as those of the rejection of Claim 6. Regarding Claim 15: Claim 15 is a device claim with limitations corresponding to those of method Claim 7. Therefore, Claim 15 is rejected with the same combination and rationale as those of the rejection of Claim 7. Claim(s) 8, 16, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brusilovsky in view of Benoit and Margalit (US 20210240823 A1), hereinafter Margalit. Regarding Claim 8 The combination of Brusilovsky and Benoit teaches the security processing device according to claim 1. Brusilovsky further teaches wherein the attack detector is further electrically connected to the processing unit (Figure 1: Sensors connected to the processing unit), wherein the attack trigger signal is generated when the attack detector detects the occurrence of the attack event (Brusilovsky – Paragraph [0029]: In step 204, upon triggering of an alarm condition (i.e., an alarm condition is detected by one or more of the set of sensors 116), for example, a case intrusion, the alarm storage and processing unit 12 (possibly now being powered by the backup power source 114 depending on the alarm condition type) receives the alarm indication data from the set of sensors 116) wherein after the processing unit receives the attack trigger signal (Brusilovsky – Paragraph [0029]: In step 204, upon triggering of an alarm condition (i.e., an alarm condition is detected by one or more of the set of sensors 116), for example, a case intrusion, the alarm storage and processing unit 12 (possibly now being powered by the backup power source 114 depending on the alarm condition type) receives the alarm indication data from the set of sensors 116). Benoit further teaches an attack information of the attack event is transmitted to the programming time controller (Benoit – Figure 9: operations in response to an ongoing transient fault attack; and Paragraph [0066]: At 908, the transient fault defense system 906 detects a transient fault and sends an indication of the fault to the adaptive controller 904 via internal connection lines of the SoC); and the programming time controller is allowed to adjust the time for the processing unit to process the any one instruction (Benoit – Figure 9: operations in response to an ongoing transient fault attack; and Paragraph [0068]: At 910, the adaptive controller 904 also increases an aggressiveness of the transient fault defense and/or adjusts or modifies the system clock … Insofar as adjusting or modifying the system clock, the adaptive controller 904, depending upon its programming, can selectively increase or decrease the clock rate (to thereby affect the time localization of events within the SoC processor to hinder transient fault attacks that rely on time localization) and/or selectively skip or gate clock cycles (to thereby also affect the time localization of events within the SoC processor), including gating clock cycles by generating a random or pseudorandom hash that specifies the particular cycles to skip. The system clock controller 902 responds, at 912, by adjusting or modifying the system clock, as instructed; and Figure 12: processor clock adjustments in response to transient fault attack ;and Paragraph [0076]: A default clock 1202 is illustrated, which can be, for example, a 8.5 GHz clock. In response to the detection of a first new transient fault, the clock rate might be slowed to half its rate, as indicated by slowed clock 1204. This can help thwart malicious attacks that rely on the precise timing of injection of transient faults since the processor will then be operating a different rate than the rate that the attacker assumes the processor is using). The combination of Brusilovsky and Benoit does not expressly teach wherein the attack information includes an information of a specific instruction and a specific access address corresponding to the attack event, and wherein when the any one instruction is the specific instruction, and an access address is the specific access address corresponding to the any one instruction. However, Margalit teaches wherein the attack information includes an information of a specific instruction and a specific access address corresponding to the attack event, and wherein when the any one instruction is the specific instruction, and an access address is the specific access address corresponding to the any one instruction (Margalit – Paragraph [0124]: Authentication mechanisms which operate based on tracking the execution flow of the CPU, exist, for example co-owned U.S. Pat. No. 9,703,945. The execution flow may be put on hold to authenticate the code when a specific set of instructions is executed. Specifically, U.S. Pat. No. 9,703,945 describes authentication mechanisms which operate based on tracking the execution flow of the CPU. U.S. Pat. No. 9,703,945 describes specific operations or instructions—for example, access to a certain space of memory-mapped I/O addresses—which, by the decision of the system designer, are deemed to require a greater level of security in terms of code authentication. So, upon detection of such an instruction, e.g. a write operation to that I/O address space, the execution flow is temporarily halted until a certain code authentication sequence has been completed. Once this is done, and assuming the respective code is authenticated, the execution flow is resumed and the operation carried out. So, the method, triggered by certain instructions, alters the flow of the program to take some predefined action, namely authentication of the code). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Brusilovsky and Benoit, further incorporating Margalit to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Margalit’s teaching to scrutinize individual instructions and their associated information for granular detection of attacks into Brusilovsky and Benoit’s device for handling attacks. This combination would enhance the security of the system by adding precision to the attack detection mechanism in addition to enabling the system to provide instruction-level insight to detected attacks. Regarding Claim 16: Claim 16 is a device claim with limitations corresponding to those of method Claim 8. Therefore, Claim 16 is rejected with the same combination and rationale as those of the rejection of Claim 8. Regarding Claim 19: Claim 19 is a method claim with steps of the method corresponding to the limitations of device Claims 8 and 16. Therefore, Claim 19 is rejected with the same combination and rationale as those of the rejections of Claim 8 and Claim 16. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Cammarota et al. (US 20190095621 A1) teaches methods for detecting and responding to fault injection attacks Lepavec et al. (US 20250030732 A1) teaches various techniques for detecting and countering side-channel and fault injection attacks THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS JOSEPH DILUZIO whose telephone number is (703)756-1229. The examiner can normally be reached Mon - Fri -- 7:30 AM - 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NICHOLAS JOSEPH DILUZIO/Examiner, Art Unit 2498 /YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498