Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible
for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has
been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37
CFR 1.114. Applicant's submission filed on 2/25/2026 has been entered.
Response to Amendment
This communication is in response to the amendment filed on 2/25/2026. The Examiner acknowledges amended claims 1-20. No claims have been cancelled or added. Claims 1-20 are pending and claims 1-20 are rejected. Claims 1, 15, and 20 is/are independent.
The rejection(s) of claims under 35 U.S.C. § 103 have been updated based on new grounds of rejection as indicated below.
Response to Arguments
Applicant's arguments filed 2/25/2026 have been fully considered. Applicant argues (see Remarks, page 8, 3rd paragraph to page 9, 3rd paragraph) that the Duval U.S. Publication 20220382916 reference cited in the previous rejection does not qualify as prior art. This argument is persuasive and the rejections as to claims 1-14 are withdrawn.
However, upon further consideration, for claims 1-2, 10, 12-13, and 20, a new ground of rejection is made in view of Lin et al. U.S. Publication 20190370439 (hereinafter “Lin”) in view of Duval et al. U.S. Publication 20220038266 (hereinafter “Duval”). The Duval et al. U.S. Publication 20220038266 reference currently cited is a different reference from the previously cited Duval U.S. Publication 20220382916 reference that was argued as disqualified by applicant. The publication of this U.S. Publication 20220038266 reference is February 3, 2022, prior to the priority date of the instant application which is August 31, 2022, and there is no indication that the disclosed subject matter was derived from the inventor Dover of the instant application.
Duval teaches determining whether a requester such as a host system is authorized to access a protected memory region based on a signature of the request that indicates the protected memory region (para. 36).
Furthermore, Applicant argues (see Remarks, page 9, 4th paragraph through page 11, 3rd paragraph from bottom) that the combination of references cited for rejecting claims 15-20 do not disclose the amended claim limitations. This argument is persuasive and the rejections as to claims 15-20 are withdrawn, and a new ground of rejection is made in view of Lin in view of Mondello et al. U.S. Publication 20200310913 (hereinafter “Mondello”), further in view of Corcoran et al. U.S. Publication 20050246763 (hereinafter “Corcoran”).
Mondello teaches a memory device generating a public key pair using a random number and transmitting the public key to a host (para. 75, 79, and 81). Corcoran discloses generate the public key pair based on a digital signature (para. 27).
Independent claim 20 recites limitations analogous to the limitations of claim 1 and is also rejected for similar reasons. Regarding applicant’s arguments with respect to the dependent claims 2-14 and 16-19, applicant’s amendments to the independent claims have necessitated new grounds of rejections with respect to the independent claims from which the dependent claims depend, thereby requiring new grounds of rejections for the dependent claims also.
Accordingly, Applicant's argument is persuasive, the rejections are withdrawn, and new ground(s) of rejection are presented herein.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-2, 10, 12-13, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. U.S. Publication 20190370439 (hereinafter “Lin”) in view of Duval et al. U.S. Publication 20220038266 (hereinafter “Duval”).
[Note the Duval et al. U.S. Publication 20220038266 reference currently cited is a different reference from the previously cited Duval U.S. Publication 20220382916 reference that was argued as disqualified by applicant. The publication of this U.S. Publication 20220038266 reference is February 3, 2022, prior to the priority date of the instant application which is August 31, 2022, and there is no indication that the disclosed subject matter was derived from the inventor Dover of the instant application]
As per claim 1, Lin discloses
An apparatus, comprising: [system-on-chip, para. 16, Figure 1; combination memory protection unit 300 and memory unit 200 and memory signature unit 400, Figure 1]
a memory system; and [combination memory protection unit 300 and memory unit 200 and memory signature unit 400, Figure 1]a controller [memory protection unit 300] associated with the memory system, wherein the controller is configured to cause the apparatus to: [since the memory protection unit 300 is part of the system on chip, any relevant action caused, indirectly or directly, by memory protection unit 300 discloses cause the apparatus to]
receive, at the memory system, a command [receives the instruction fetch access 510 or the data access 520, para. 18, 20] comprising an indication of a protected region [“protected memory area defined as execute-only to forbid any non-instruction fetch access from the processor”, para. 8, 18] of the memory system;
[0008] According to an aspect of the present invention, a secure system on chip that prevents a software program from being tampered, rehosted, and pirated is disclosed. The secure system on chip includes: a processor; a memory unit1, wherein at least a portion thereof is configured into a protected memory area by limiting the read, write, and/or execute right thereof, and instructions of the software program to be protected are stored in a protected memory area defined as execute-only to forbid any non-instruction fetch access from the processor; a memory protection unit (MPU), connected between the processor and the memory unit, for managing access of the memory unit from the processor, wherein the MPU distinguishes instruction fetch access from other type access of the memory unit; and a memory signature unit, connected to the processor and the memory unit, having a read-only register to store a memory signature value extracted from contents stored in a specified memory area of the memory unit by a signature extraction signal received from the processor, wherein the memory signature unit is connected to the memory unit via a Direct Memory Access (DMA) channel. A signature value stored in the memory signature unit is compared with a predetermined signature data to verify the validity of the protected software program.
[0018] The processor 100 can access (e.g., read, write, or execute) the stored instructions or data in the memory unit 200 by sending control signals to the memory unit 200. The control unit 110 then decodes each individual instruction into several sequential steps (e.g., fetching addresses or data from registers or memory, managing execution, and storing the resulting data back into registers or memory) that control inner works of the processor 100. The control unit 110 sends signals (through MPU300) to the memory unit 200 to specify a memory address and a memory operation, such as an instruction fetch, a read data memory access, or a write data memory access.
determine whether a host system [ host system is disclosed by the device that contains the system-on-chip displayed in figure 1, which can be a computer as disclosed in para. 2; host system can also be disclosed by the device that contains the co-processor or other I/O devices 150; host system can also be disclosed by processor 100, the co-processor or other I/O devices 150 which perform the actions of the computer, para. 20;] is authorized to access [determining whether a memory access is allowed, para. 20; memory access from all devices (the processor 100, the co-processor or other I/O devices 150) except the memory signature unit 400 is restricted by the MPU 300, para. 20] the protected region
[0020] The processor 100 (e.g., a von Neumann architecture processor) provides a memory space for both instructions and data, and may not feature execute-only access rights for the memory locations of the memory unit 200. Using the control unit 110 and the MPU 300, one or more execute-only memory areas can be programmed or fixed in a memory map corresponding to the memory unit 200. The control unit 110 may execute instructions in several sequential steps. These steps contain instruction fetch access 510 and probably data access 520 (memory read or write operations). The MPU 300 receives the instruction fetch access 510 or the data access 520, and may generate an exception signal 530 or an interrupt to abort the current instruction while the access is denied. The MPU 300 includes a protected address register(s) 310 and logic circuit(s) 320. The protected address register(s) 310 is used to store the information of the protected memory areas, and the logic circuit(s) 320 is responsible for determining whether a memory access is allowed. One protected memory area can be defined using the information of a start address and a length with an attribute corresponding to that memory area, and several protected memory areas can be specified using multiple pairs of start addresses and lengths. Based on the access type (i.e., instruction fetch access or data access) and the information of the protected address register(s) 310, the MPU 300 can generate an exception signal 530 to abort memory access to the protected memory areas. For example, if a protected memory area is attributed as an execute-only memory area, only instruction fetch access 510 from the processor 100 to that memory area is allowed. Namely, the MPU 300 can distinguish instruction fetch access from other type access of the memory unit 200. In another implementation, protected memory area may be defined by a memory range as a pair of start and end addresses. The SoC 10 may further contain other co-processor(s) or I/O device(s) 150 that can access the memory unit 200. The MPU 300 manages the access of the memory unit 200 from the co-processor(s) or I/O device(s) 150 in the same manner as the access from the processor 100. In other words, the memory access from all devices (the processor 100, the co-processor or other I/O devices 150) except the memory signature unit 400 is restricted by the MPU 300. From the description above, the MPU 300 may manage access to the memory unit 200 from the processor 100 according to the protected address register 310 thereof.
calculate a cryptographic value [generates a signature value of the content stored in the specified memory area, para. 23] associated with data stored in a portion of the protected region [The protected instructions in the protected memory areas, para. 21; protected instructions stored in the execute-only memory area, para. 21; to protect the instructions from piracy or been tampered, para. 31] based at least in part on determining that the host system is authorized to access [the logic circuit(s) 320 is responsible for determining whether a memory access is allowed, para. 20, figure 1 shows the logic circuitry 20 in the memory protection unit 300] the protected region; and [generates a signature value of the content stored in the specified memory area and stores the signature value in the read-only register 410, para. 23
] output the cryptographic value.
[Writing the signature to the register, para. 23; processor 100 may request that signature value from the memory signature unit 400 by reading the register 410, para. 23]
[0010] The present invention also discloses a method to manage the access of the memory unit of the secure system on chip mentioned above. The method includes the steps of: a) a memory access is initiated; b) determining whether a memory access is from the memory signature unit; c) if an answer of step b) is no, allowing memory access if the memory address to be accessed is not within an execute-only memory area, allowing instruction fetch access if the memory address to be accessed is within an execute-only memory area, or aborting memory access if the memory address to be accessed is within an execute-only memory area and memory access is data (read or write) access; and if an answer of step b) is yes, the memory access is allowed when the memory address to be accessed is within a valid memory area. The present invention also discloses a method to verify the validity of the protected software program stored in the execute-only memory areas of the memory unit. The method includes the steps of: a) generating a signature value of a specified memory area by the memory signature unit, storing the signature value into a read-only register in the memory signature unit; and b) comparing the signature value stored in the memory signature unit with a predetermined signature data.
[0009] According to the present invention, a signature value may be a hash value or a checksum of the contents stored in a specified memory area. The execute-only memory area may be defined according to a start address and a length, or a memory range as a pair of start and end addresses of the execute-only memory area. The memory protection unit may manage access of the memory unit from the processor according to the range of the protected memory area and the attribute thereof. Multiple program segments can be stored in different protected memory areas of the memory unit, while each program segment comprises multiple instructions. The secure system on chip may comprise other co-processor(s) or I/O device(s), and accesses of the memory unit from other co-processor(s) or I/O device(s) are managed by the MPU. The signature extraction signal may comprise a start address and a length, or a memory range as a pair of start and end addresses of the memory area, and optionally an activation signal to invoke the memory signature unit.
[0021] Because that only instruction fetch access is allowed for an execute-only memory area (any other access, e.g., read and write access, are forbidden), only instructions should be stored therein. The memory unit 200 may be a non-volatile memory (e.g., NAND flash memory, which is erased and written by blocks) with protected instructions stored in the execute-only memory area. The protected instructions in the protected memory areas may be erased or renewed during an update process. During an erasing process, all of the memory array belonging to the protected memory area should be filled with the same value (e.g., all bit values are set to “0” or “1”), and then the protected attribute of the protected memory area is removed. After the erasing process, the renewed protected instructions may be written into a memory area. If needed, that memory area is set to an execute-only memory area to protect the instructions from piracy or been tampered. The memory signature unit 400 is used to verify the protected instructions after the memory area is set as execute-only memory. The memory signature unit 400 may be used to verify the validity of the protected instructions whenever verification is needed.
[0023] The memory signature unit 400 is connected to the processor 100 and the memory unit 200. It is connected to the memory unit 200 using a Direct Memory Access (DMA) channel 540 that is not regulated by the MPU 300. The DMA channel 540 can be implemented using a DMA controller. The processor 100 sends a signature extraction signal 550 to the memory signature unit 400 when a signature extraction program 820 is executed by the processor 100. The signature extraction program 820 may specify the start address and the length of a specified memory area via the signature extraction signal 550, and may optionally provide an activation signal to the memory signature unit 400 via the signature extraction signal 550. In some implementation, the range of the specified memory area may be a pair of start and end addresses thereof. The memory signature unit 400 then sends sequential read accesses via the DMA channel 540 according to the specified address range. The content (e.g., protected software program) stored in the specified memory area will be sent back to the memory signature unit 400, regardless the specified memory range is attributed as execute-only or not. The memory signature unit 400 generates a signature value of the content stored in the specified memory area and stores the signature value in the read-only register 410. After that, the processor 100 may request that signature value from the memory signature unit 400 by reading the register 410. The DMA channel 540 that is not regulated by the MPU 300 can be used only by the memory signature unit 400. The signature value may be generated by applying a checksum or hash method to the content stored in the specified memory area. The signature value of the protected instructions may be compared with a predetermined signature data to verify its validity. The predetermined signature data may be stored in an unprotected memory area. The predetermined signature data, which is generated by applying the same checksum or hash method to the protected software program, may be provided by the developer of the protected software program.
However, Lin does not expressly disclose determine whether a host system is authorized to access the protected region based at least in part on a cryptographic signature of the command comprising the indication of the protected region of the memory system;
[based on the amendments and applicant’s arguments (page 10, second paragraph of Remarks), the claim is interpreted to require that the cryptographic signature is generated based on the command, and the cryptographic signature is not simply a randomly attached signature that has no relation to the command
]
Duval discloses determine whether a host system is authorized to access the protected region [commands to read from or write to the measured portions of the memory array 121 may be signed commands that are not executed by the memory controller , para. 36] based at least in part on a cryptographic signature [unless accompanied by a verified cryptographic signature., para. 36] of the command comprising the indication [read from or write to the measured portions of the memory array 121 , para. 36] of the protected region [Measured portions include one or more physical address locations 150A, 150B, 150N that are secured, para. 36] of the memory system;
Duval [0036] In some examples, the memory system 110 includes measured and non-measured portions of the memory array 121. Measured portions include one or more physical address locations 150A, 150B, 150N that are secured, for example, using the memory system root key. For example, commands to read from or write to the measured portions of the memory array 121 may be signed commands that are not executed by the memory controller 115 unless accompanied by a verified cryptographic signature. Unmeasured portions of the memory array 121 include one or more physical address locations 150A, 150B, 150N that are accessed with unsigned commands. For example, a request to read from or write to the non-measured portions of the memory command may be executed without a verified cryptographic signature.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin with the technique for determining whether a requester such as a host system is authorized to access a protected memory region based on a signature of the request that indicates the protected memory region of Duval to include determine whether a host system is authorized to access the protected region based at least in part on a cryptographic signature of the command comprising the indication of the protected region of the memory system;
One of ordinary skill in the art would have made this modification to improve the ability of the system to verify that a party such as a host system requesting access to a protected region of memory is authorized to access the protected region of memory. The system of the primary reference can be modified so that the host system generates a signature for a request to access protected memory and then the memory component validates the signature before granting access
As per claim 2, the rejection of claim 1 is incorporated herein.
Lin discloses wherein, to calculate the cryptographic value, the controller is configured to cause the apparatus to: perform a hashing operation on the data to generate the cryptographic value in response to the command.
[0009] According to the present invention, a signature value may be a hash value or a checksum of the contents stored in a specified memory area.
As per claim 10, the rejection of claim 1 is incorporated herein.
Lin discloses wherein the controller is further configured to cause the apparatus to: receive, at the memory system, a second command [second command disclosed by fetching the instruction from the unprotected memory area, para. 24] comprising a second indication of an unprotected region [The data access 714 may be caused by a control program of the memory signature unit 400 (i.e., the signature extraction program 820) stored in the unprotected memory area 604, para. 24 ;an instruction fetched from the unprotected memory area 602, para. 24] of the memory system; calculate, based [broadest reasonable interpretation of based at least in part includes that instruction being executed is fetched from the unprotected memory area] at least in part on determining that the second command is associated with the unprotected region, a second cryptographic value [and to generate the signature value thereof, para. 24; “the signature extraction program 820) stored in the unprotected memory area 604” (para. 24), when executed, causes invoking the memory signature unit 400 to generate signature value] associated with data stored in a portion of the unprotected region [an instruction fetched from the unprotected memory area 602, para. 24] without determining whether the host system is authorized to access the protected region; and [the host system can be disclosed by the device that contains the system-on-chip displayed in figure 1, which can be a computer as disclosed in para. 2; there is no indication in para. 24 or related paragraphs that the computer or its related components need to have authorization determined for a protected (not unprotected) region when instruction is fetched from the unprotected memory area] output the second cryptographic value.[ signature value of a specified memory area is generated and stored in the read-only register 410 by the memory signature unit 400, para. 26]
Lin [0024] Please refer to FIG. 3. FIG. 3 shows an example memory map having an execute-only memory area. A memory map 600 corresponding to the memory unit 200 includes two unprotected memory areas 602, 604 and an execute-only memory area 606. The memory map 600 may be hard-wired during the manufacturing process or loaded during a secure boot sequence which assigns the execute-only memory area 606 with a pair of start address and length, and an attribute of the protected address register(s) 310 of FIG. 1. The start address and length may be stored in a pair of base and limit registers of the protected address register(s) 310 respectively. Alternatively, an end memory address 605 and a start memory address 607 for the execute-only memory area may be assigned in the limit register and the base register, respectively. Arrows 708, 710, 712, and 714 represent different types of data access from different parts of the memory area to the execute-only memory area 606. The data accesses 708 and 712 are originated by a software program stored in the unprotected memory area 602, 604, respectively. The data access 710 is originated by a software program stored in the execute-only memory area 606. The data access 708 may be caused by an instruction fetched from the unprotected memory area 602 to read a memory location in the execute-only memory area 606. The data access 710 may be caused by an instruction fetched from the execute-only memory area 606 to read a memory location in the execute-only memory area 606. The data access 712 may be caused by an instruction fetched from the unprotected memory area 604 to read a memory location in the execute-only memory area 606. The data access 714 may be caused by a control program of the memory signature unit 400 (i.e., the signature extraction program 820) stored in the unprotected memory area 604. The signature extraction program 820 may specify the start address and length of a specified memory area and then (use an activation signal to) invoke the memory signature unit 400 to access the execute-only memory area 606 and to generate the signature value thereof. As shown in FIG. 3, the data accesses 708, 710, and 712 are forbidden, while the data access 714 is allowed. The MPU 300 may send an exception signal 530 to the processor 100 to block the data access of the execute-only memory area 606; on the contrary, the instruction fetch access is allowed. The signature extraction program 820 may also be stored in other memory units in the SoC 10, such as a boot ROM or an OTP (One-Time Programmed) memory.
Lin Lin Para. 26 A method for the SoC to verify the validity of the protected software program stored in the execute-only memory areas of the memory unit 200 includes the following steps when the memory signature unit 400 is used to access the memory unit after step S09. First, a signature value of a specified memory area is generated and stored in the read-only register 410 by the memory signature unit 400. Then, the signature value stored in the memory signature unit 400 is compared with a predetermined signature data to verify the validity of the software program by the control unit 110.
[0009] According to the present invention, a signature value may be a hash value or a checksum of the contents stored in a specified memory area. The execute-only memory area may be defined according to a start address and a length, or a mem
As per claim 12, the rejection of claim 1 is incorporated herein.
Lin discloses wherein the indication of the protected region comprises an indication of a range of addresses [allowing instruction fetch access if the memory address to be accessed is within an execute-only memory area, para. 10] within the protected region.
[“protected memory area defined as execute-only to forbid any non-instruction fetch access from the processor”, para. 8, 18]
[0010] The present invention also discloses a method to manage the access of the memory unit of the secure system on chip mentioned above. The method includes the steps of: a) a memory access is initiated; b) determining whether a memory access is from the memory signature unit; c) if an answer of step b) is no, allowing memory access if the memory address to be accessed is not within an execute-only memory area, allowing instruction fetch access if the memory address to be accessed is within an execute-only memory area, or aborting memory access if the memory address to be accessed is within an execute-only memory area and memory access is data (read or write) access; and if an answer of step b) is yes, the memory access is allowed when the memory address to be accessed is within a valid memory area. The present invention also discloses a method to verify the validity of the protected software program stored in the execute-only memory areas of the memory unit. The method includes the steps of: a) generating a signature value of a specified memory area by the memory signature unit, storing the signature value into a read-only register in the memory signature unit; and b) comparing the signature value stored in the memory signature unit with a predetermined signature data.
Lin [0009] According to the present invention, a signature value may be a hash value or a checksum of the contents stored in a specified memory area. The execute-only memory area may be defined according to a start address and a length, or a memory range as a pair of start and end addresses of the execute-only memory area. The memory protection unit may manage access of the memory unit from the processor according to the range of the protected memory area and the attribute thereof. Multiple program segments can be stored in different protected memory areas of the memory unit, while each program segment comprises multiple instructions.
As per claim 13, the rejection of claim 1 is incorporated herein.
Lin discloses wherein the indication of the protected region comprises a plurality of discontinuous address ranges within the protected region.. [“Multiple program segments can be stored in different protected memory areas of the memory unit, while each program segment comprises multiple instructions”. para. 9]
[“protected memory area defined as execute-only to forbid any non-instruction fetch access from the processor”, para. 8, 18]
[0010] The present invention also discloses a method to manage the access of the memory unit of the secure system on chip mentioned above. The method includes the steps of: a) a memory access is initiated; b) determining whether a memory access is from the memory signature unit; c) if an answer of step b) is no, allowing memory access if the memory address to be accessed is not within an execute-only memory area, allowing instruction fetch access if the memory address to be accessed is within an execute-only memory area, or aborting memory access if the memory address to be accessed is within an execute-only memory area and memory access is data (read or write) access; and if an answer of step b) is yes, the memory access is allowed when the memory address to be accessed is within a valid memory area. The present invention also discloses a method to verify the validity of the protected software program stored in the execute-only memory areas of the memory unit.
[0009] According to the present invention, a signature value may be a hash value or a checksum of the contents stored in a specified memory area. The execute-only memory area may be defined according to a start address and a length, or a memory range as a pair of start and end addresses of the execute-only memory area. The memory protection unit may manage access of the memory unit from the processor according to the range of the protected memory area and the attribute thereof. Multiple program segments can be stored in different protected memory areas of the memory unit, while each program segment comprises multiple instructions.
As per claim 20, the claim(s) is/are directed to a computer readable storage medium with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1. Claim 20 also recites A non-transitory computer-readable medium storing code comprising instructions which, when executed by a processor of an electronic device, cause the electronic device to:
Lin discloses A non-transitory computer-readable medium [memory unit 200 is an array of memory cells, where instructions of software program and data are stored, para. 17] storing code comprising instructions which, when executed by a processor [processor 100 can perform functions of software program, para. 17] of an electronic device, [System on Chip (SoC) 10, Figure 1] cause the electronic device to:
[0016] Please refer to FIG. 1. FIG. 1 shows a block diagram of an example secure System on Chip (SoC) 10. The SoC 10 can protect a software program from tampering, rehosting, and piracy
[0017] The memory unit 200 is an array of memory cells, where instructions of software program and data are stored. The processor 100 can perform functions of software program by fetching instructions from the memory unit 200. The types of instruction may include memory read/write operations, arithmetic and logic operations, control flow operations, and coprocessor instructions. For example, memory operating instructions can instruct the processor 100 to access the memory unit 200 to read data from or write data to a specific memory location. Based on the access right assigned to the memory location, the memory access can be allowed or forbidden. The MPU 300 can prevent the processor 100 from reading data from or writing data to a memory address in a protected area based on a memory access type and the memory location in the memory unit 200.
Claim 3, 4, and 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Duval, further in view of Chiang et al. U.S. Publication 20130117507 (hereinafter “Chiang”), further in view of Stern et al. U.S. Publication 20160364570 (hereinafter “Stern”).
As per claim 3, the rejection of claim 1 is incorporated herein.
However, the combination of Lin and Duval does not expressly disclose wherein the controller is further configured to cause the apparatus to:
perform a hashing operation on the data to generate a second cryptographic value in response to the command; and extend a register of the memory system to store the second cryptographic value in the register, wherein the controller is configured to cause the apparatus to calculate the cryptographic value based at least in part on extending the register.
Chiang discloses a second component performing hashing operation to generate a second verification code in response to a triggering communication
[0071] With reference to FIG. 5, after receiving the response data stream 900 in step S512, the data processing module 206 of the host system 1000 extracts the write token WT and the first
[0071] With reference to FIG. 5, after receiving the response data stream 900 in step S512, the data processing module 206 of the host system 1000 extracts the write token WT and the first verification code from the response data stream 900, and generates the second verification code according to the received response data stream 900 (step S514). The write token WT and the first verification code extracted from the response data stream 900 may be edited or unedited. In addition, the method for the host system 1000 to generate the second verification code may be the same as the method for the memory controller 110 to generate the first verification code. For example, the host system 1000 and the memory controller 110 may execute a same hash function to generate the second verification code and the first verification code, respectively. In an embodiment of the present invention, the host system 1000 uses the extracted response message and the extracted write token WT to execute the hash function to generate the aforementioned second verification code. In an embodiment of the present invention, the host system 1000 uses the extracted response message, the extracted specific mark 702 and the extracted write token WT to execute the hash function to generate the aforementioned second verification code. Afterwards, in step S514, the host system 1000 uses the data processing module 206 to determine whether the write token WT in the response data stream 900 is consistent with the write token WT recorded by the host system 1000 (step S516). If the two write tokens WT are consistent with each other, perform step S520. If the two write tokens WT are inconsistent, perform step S518.
[0073] In step S520, the host system 1000 uses the data processing module 206 to determine whether the first verification code is consistent with the second verification code generated by the host system 1000. If the first verification code is consistent with the second verification code, perform step S522. If the first verification code is inconsistent with the second verification code, perform step S518.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin and Duval with the teaching of a second component performing hashing operation to generate a second verification code in response to a triggering communication of Chiang to include perform a hashing operation on the data to generate a second cryptographic value in response to the command; and
One of ordinary skill in the art would have made this modification to improve the ability of the system to have a 2nd component performing additional verification in order to ensure consistency of data. The system of the primary reference can be modified so that the 2nd component performs hashing of data in order to verify consistency of the data, particularly in situations where the data may have been inadvertently changed such as a non-orderly shutdown and reboot of the device or where there may be multiple software programs accessing the data.
However, the combination of Lin, Duval, and Chiang does not expressly disclose
extend a register of the memory system to store the second cryptographic value in the register, wherein the controller is configured to cause the apparatus to calculate the output cryptographic value based at least in part on extending the register.
Stern discloses extending a register to store a hash value in the register, and an output value [quote signature, para. 4, 49] is calculated based on extending the register
[0004] To provide a root of trust for the boot-up process of a system, the processor may be coupled, via an interface (e.g., Serial Peripheral Interface (SPI) bus, an Inter-Integrated Circuit (I2C) bus, a Low Pin Count (LPC) interface, or another interface), to a device (e.g., a microprocessor or an automatic measuring processor) that is configured to act as a “Trusted Platform Module” (TPM) device. A TPM device may perform verification, binding, and/or sealing operations in accordance with one or more standards. As part of a verification process of code executed on or to be executed on the processor, the processor performs “measurements” of the code. As used herein, performing measurements of the code may refer to the processor generating hash values based on the code. The processor may use the hash values to “extend” (e.g., perform extend operations on) registers of the TPM to cause the registers to store values based on the hash value. To perform an extend operation, the processor concatenates a value in a particular register with a new measurement value and then creates a hash value of the concatenated values. For example, the processor may issue an extend instruction that includes a hash value (or other measurement value) and that indicates a particular register, and the TPM may concatenate a value stored at the particular register with the hash value, generate a new hash value based on the concatenated value, and store the new hash value in the particular register. The TPM may generate a TPM quote that includes values stored in registers of the TPM. The TPM may generate a TPM quote signature by signing the TPM quote using a provisioned attestation identity key (AIK). The TPM quote signature may be used to verify that the TPM quote accurately reflects the values stored in the registers.
Stern Para. 49 After signing the quote signature 340 with the attestation ID key 344, the automatic measuring processor 100 may provide the quote signature 340 to the system processor 150. In a particular implementation, the quote signature 340 may be provided via the serial bus interface 214 (e.g., via the serial bus 244). In an alternative implementation, the quote signature 340 may be provided via the second interface 112 (e.g., via the second bus 118).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin, Duval, and Chiang with the technique for extending a register to store a hash value in the register, and an output value is calculated based on extending the register of Stern to include extend a register of the memory system to store the second cryptographic value in the register, wherein the controller is configured to cause the apparatus to calculate the output cryptographic value based at least in part on extending the register.
One of ordinary skill in the art would have made this modification to improve the ability of the system to utilize limited register space by extending a register to store a hash value, and to output a signature of the hash values in order to facilitate confirmation of the integrity of the register data. The system of the primary reference can be modified to extend the register for storing a hash value an generating a signature based on this register extension.
As per claim 4, the rejection of claim 3 is incorporated herein.
However, the combination of Lin, Duval, and Chiang does not expressly disclose
wherein, to extend the register, the controller is configured to cause the apparatus to: calculate the cryptographic value based at least in part on applying a hashing function to the second cryptographic value and a value stored in the register; and store the cryptographic value in the register.
Stern discloses calculating a hash value based at least in part on applying a hash function to another hash value and a value stored in a register, and storing the new hash value in the register
para. 4 TPM may concatenate a value stored at the particular register with the hash value, generate a new hash value based on the concatenated value, and store the new hash value in the particular register.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin, Duval, and Chiang with the technique for calculating a hash value based at least in part on applying a hash function to another hash value and a value stored in a register, and storing the new hash value in the register of Stern to include wherein, to extend the register, the controller is configured to cause the apparatus to: calculate the cryptographic value based at least in part on applying a hashing function to the second cryptographic value and a value stored in the register; and store the cryptographic value in the register.
One of ordinary skill in the art would have made this modification to improve the ability of the system update a value in the register and provide confirmation of the register values. The system of the primary reference can be modified to calculate a new hash value based on applying a hash function to a value stored in the register and another hash value in order to update the register value.
As per claim 6, the rejection of claim 3 is incorporated herein.
However, the combination of Lin and Duval does not expressly disclose wherein the register comprises a platform configuration register.
Chiang discloses wherein the register comprises a platform configuration register.
[0015] The present disclosure describes systems and methods for providing an automatic measuring boot process that provides additional trust as compared to conventional systems and methods. The boot process may be referred to as “automatic measuring” (e.g., “self-hashing”) because hash values (referred to as measurements) may be generated, and a set of registers (e.g., a set of platform configuration registers (PCRs)) within an automatic measuring processor may be automatically “extended” during the boot process. As
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin, Duval, and Chiang with the technique for utilizing a platform configuration register of Stern to include wherein the register comprises a platform configuration register.
One of ordinary skill in the art would have made this modification to improve the ability of the system utilize a platform configuration register to securely store system measurements, to facilitate updating a value in the register and provide confirmation of the register values. The system of the primary reference can be modified to calculate a new hash value based on applying a hash function to a value stored in the register and another hash value in order to update the register value.
Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Duval, in view of Chiang, in view of Stern, further in view of Covington et al. U.S. Publication 20180088862 (hereinafter “Covington”).
As per claim 5, the rejection of claim 3 is incorporated herein.
However, the combination of Lin, Duval, Chiang, and Stern does not expressly disclose wherein the command further comprises an indication of an address of the register.
Covington discloses receiving a command indicating an address of a register
[0032] At block 402, a read command is addressed to a first register address in a multi-purpose register (MPR) of a first dynamic random access memory (DRAM) chip on a memory module. In one embodiment, such as described relative to FIG. 3, a memory module 304 includes DRAM chips 312 that each include one or more multi-purpose registers (MPRs) used for bit pattern storage. The MPRs are accessed with read commands that are issued to their respective DRAM chips 312. Each MPR includes four logical pages (e.g., MPR, Pages 0-3), and wherein each page has four MPR locations. For example, in one embodiment, the four MPR locations are represented as 8-bit programmable registers that are used for bit pattern storage. Each 8-bit register stores a different bit pattern that is used for read training. However, those skilled in the art will recognize that the MPR locations can include registers having bit patterns of any bit length. FIG. 3 illustrates the MPR locations for one particular MPR page, MPR page 0 316, of the DRAMS 312. MPR page 0 316 includes four MPR locations 318-324 (e.g., MPR0-MPR3) that each store a different bit pattern. The bank address bits BA1:BA0 are used to indicated MPR location, and the registers at the specified MPR location are accessed with the read command designating a register address to drive the bit patterns onto the DQ/DQS bus 310 for transfer to the memory PHY 302 for read training.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin, Duval, Chiang, and Stern with the technique for receiving a command indicating an address of a register
of Covington to include wherein the command further comprises an indication of an address of the register.
One of ordinary skill in the art would have made this modification to improve the ability of the system to designate a particular register for the extending register operation. The system of the primary reference can be modified to receive an address of a register to facilitate performing the register extension operation. The ability to specify a particular register allows the system to customize which registers to extend.
Claims 7, 8, and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Duval, further in view of Peisakhov et al. U.S. Publication 20230418498 (hereinafter “Peisakhov”).
As per claim 7, the rejection of claim 1 is incorporated herein.
However, the combination of Lin and Duval does not expressly disclose
wherein the controller is further configured to cause the apparatus to: receive, at the memory system, a key associated with the host system and the protected region, wherein the controller is configured to cause the apparatus to receive the command based at least in part on receiving the key.
Peisakhov discloses a device controller receiving a decryption key from the host to facilitate responding to future access requests to a secure partition
[0105] The user 101 may logically access the secure partition(s) of the DSD 100, via host 130, following the activation of the secure partition(s) by a selective transition to the secure mode. FIG. 4 illustrates a process 400 by which the user 101 accesses the secure user content data of the DSD 100. The process starts at step 401 with the transition of the DSD 100 to the secure mode, thereby physically activating the memory blocks of the secure partition(s) to permit the possibility of logical access. At step 402, the DSD 100 receives a request by a user 101 (via host 130) to access user content data stored on one or more of the secure partitions of the storage medium 108 (the secure user content data).
[0106] At step 404, the device controller 110 receives a decryption key from a user 101 via the host 130. In some embodiments, the decryption key is received in response to a request sent by the controller 110 to the host 130 prompting the user 101 to enter the key (i.e., as a security check). The controller 110 may be configured to store the received decryption key in memory 114, thereby enabling a prior received decryption key to be used for future access requests by the same connected host 130 and/or user 101. For example, the device controller 110 may be configured to only request the decryption key on the first access request to the secure partition following the connection of the host 130 to the DSD 100.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin and Duval with the technique for a device controller receiving a decryption key from the host to facilitate responding to future access requests to a secure partition of Peisakhov to include wherein the controller is further configured to cause the apparatus to: receive, at the memory system, a key associated with the host system and the protected region, wherein the controller is configured to cause the apparatus to receive the command based at least in part on receiving the key.
One of ordinary skill in the art would have made this modification to improve the ability of the system to utilize custom keys for decryption as transmitted from the host to a memory controller, in order to prevent malicious third parties from eavesdropping on the communication between the host and memory controller. The system of the primary reference can be modified so the host can transmit a key to the memory controller for decrypting data including commands.
As per claim 8, the rejection of claim 7 is incorporated herein.
Lin discloses wherein the controller is configured to cause the apparatus to calculate [generates a signature value of the content stored in the specified memory area, para. 23] the cryptographic value based at least in part on determining authorization of the request
para. 20 the memory access from all devices (the processor 100, the co-processor or other I/O devices 150) except the memory signature unit 400 is restricted by the MPU 300.
However, Lin does not expressly disclose wherein, to determine whether the host system is authorized, the controller is configured to cause the apparatus to: attempt to decrypt the cryptographic signature of the command based at least in part on the key, wherein the controller is configured to cause the apparatus to calculate the cryptographic value based at least in part on successfully decrypting the cryptographic signature.
Serebrin discloses decrypt the signature of an access request using a secret value and determining authorization of a request based on successfully decrypting a signature
[0008] In some implementations, the method includes receiving a particular request from the device, determining whether the particular request includes a virtual address, and determining whether the particular request is i) one of the plurality of first requests in response to determining that the particular request includes a virtual address or ii) one of the plurality of second requests in response to determining that the particular request does not include a virtual address. Each of the plurality of first requests may include the corresponding virtual address, and an identifier for the device. Generating, for each of the plurality of first requests, the first signature for the first physical address may include determining a secret value using the identifier, generating a hash value using the first physical address and the secret value, and generating the first signature using at least a portion of the hash value.
[0087] In some implementations, the memory management unit may use two or more of the methods described above to generate a signature. For instance, the memory management unit may store part of a signature in an address field of a packet and part of the signature in a header field, e.g., a checksum field. In some examples, the memory management unit may determine a number of leading zeros, encrypt the address, determine a signature of the encrypted address, and store the signature in a header field, e.g., a checksum field, of a packet that includes the encrypted address in the body. When determining whether the address is validated for an access request, the memory management unit may generate a new signature, compare the new signature with the signature included in the access request, decrypt the address, determine the number of leading zeros in the decrypted address, and only service the request when both the number of leading zeros in the decrypted address is correct and the new signature and the signature included in the access request are the same.
Serebrin [0090] In some implementations, a component may include multiple keys for a single device. For instance, the component may use different keys to generate and validate different addresses for the device. When a system removes access for the device to some of the addresses, the component removes or changes the key for those addresses, potentially invalidating other addresses as well. To minimize the number of addresses which are invalidated, the component uses multiple keys so that only the addresses with the same key are invalidated, and may need to be re-signed if the device still has access to some of those addresses, while addresses signed and validated with other keys do not need to be re-signed.[0013] In some implementations, each of the plurality of second requests includes an identifier for the device. Each of the second signatures may include an encrypted physical address. Determining, by the component for each of the plurality of second requests, whether the corresponding second physical address is valid using the corresponding second signature may include determining a secret value using the identifier, determining a decrypted value by decrypting the corresponding encrypted physical address using the secret value, determining whether the decrypted value includes a prefix of zeros that has a predetermined length, determining that the corresponding second physical address is valid upon determining that the decrypted value includes the prefix of zeros that has the predetermined length, and using the decrypted value as the corresponding second physical address. Determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value may include determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value as input to a block cipher. Determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value may include determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value as input to an advanced encryption standard process.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin with the technique to decrypt the signature of an access request using a secret value and determining authorization of a request based on successfully decrypting a signature of Serebrin to include wherein, to determine whether the host system is authorized, the controller is configured to cause the apparatus to: attempt to decrypt the cryptographic signature of the command based at least in part on the key, wherein the controller is configured to cause the apparatus to calculate the cryptographic value based at least in part on successfully decrypting the cryptographic signature.
One of ordinary skill in the art would have made this modification to improve the ability of the system to determine authorization of an access request. The system of the primary reference can be modified to decrypt a received signature associated with an access request and to determine authorization of the access request by performing a process that includes successfully decrypting the signature and determining whether the decrypted data matches reference data.
As per claim 9, the rejection of claim 8 is incorporated herein.
Lin discloses wherein the controller is further configured to cause the apparatus to: receive, at the memory system, a second command comprising a second indication of a second protected region of the memory system; [Lin discloses receiving multiple commands, para. 17, 24. The protected instructions in the protected memory areas, para. 21; protected instructions stored in the execute-only memory area, para. 21; to protect the instructions from piracy or been tampered, para. 31; Also, claim 9 does not require that the second protected region be different from the previously recited protected region]
output an indication [generate exceptions or interrupt para. 20] that the host system is not authorized to access the second protected region based at least in part on the second command.
[0024] Please refer to FIG. 3. FIG. 3 shows an example memory map having an execute-only memory area. A memory map 600 corresponding to the memory unit 200 includes two unprotected memory areas 602, 604 and an execute-only memory area 606. The memory map 600 may be hard-wired during the manufacturing process or loaded during a secure boot sequence which assigns the execute-only memory area 606 with a pair of start address and length, and an attribute of the protected address register(s) 310 of FIG. 1. The start address and length may be stored in a pair of base and limit registers of the protected address register(s) 310 respectively. Alternatively, an end memory address 605 and a start memory address 607 for the execute-only memory area may be assigned in the limit register and the base register, respectively. Arrows 708, 710, 712, and 714 represent different types of data access from different parts of the memory area to the execute-only memory area 606. The data accesses 708 and 712 are originated by a software program stored in the unprotected memory area 602, 604, respectively. The data access 710 is originated by a software program stored in the execute-only memory area 606. The data access 708 may be caused by an instruction fetched from the unprotected memory area 602 to read a memory location in the execute-only memory area 606. The data access 710 may be caused by an instruction fetched from the execute-only memory area 606 to read a memory location in the execute-only memory area 606.
Lin [0017] The memory unit 200 is an array of memory cells, where instructions of software program and data are stored. The processor 100 can perform functions of software program by fetching instructions from the memory unit 200. The types of instruction may include memory read/write operations, arithmetic and logic operations, control flow operations, and coprocessor instructions. For example, memory operating instructions can instruct the processor 100 to access the memory unit 200 to read data from or write data to a specific memory location. Based on the access right assigned to the memory location, the memory access can be allowed or forbidden. The MPU 300 can prevent the processor 100 from reading data from or writing data to a memory address in a protected area based on a memory access type and the memory location in the memory unit 200.
[0020] The MPU 300 receives the instruction fetch access 510 or the data access 520, and may generate an exception signal 530 or an interrupt to abort the current instruction while the access is denied.
However, Lin does not expressly disclose attempt to decrypt a second cryptographic signature of the second command based at least in part on the key; and
Serebrin discloses decrypting an encrypted address of an access request based on a secret value
[the encrypt address serves as a signature because the validity of the address has to be determined]
[0044] During validation, at time T.sub.E, in response to a request to access memory corresponding to the encrypted address, the memory management unit 102 decrypts the address, e.g., using the secret value and the other values, and determines whether the number of leading zero bits included in the decrypted address 108b is correct. If the number of leading zero bits is correct, the memory management unit 102 services the request at time T.sub.F. If the number of leading zero bits does not match the number of leading zero bits that were originally included in the address, e.g., and is incorrect, the memory management unit 102 does not service the request and may reset or halt, or cause the resetting or halting, of the device.
Serebrin [0013] In some implementations, each of the plurality of second requests includes an identifier for the device. Each of the second signatures may include an encrypted physical address. Determining, by the component for each of the plurality of second requests, whether the corresponding second physical address is valid using the corresponding second signature may include determining a secret value using the identifier, determining a decrypted value by decrypting the corresponding encrypted physical address using the secret value, determining whether the decrypted value includes a prefix of zeros that has a predetermined length, determining that the corresponding second physical address is valid upon determining that the decrypted value includes the prefix of zeros that has the predetermined length, and using the decrypted value as the corresponding second physical address. Determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value may include determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value as input to a block cipher. Determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value may include determining the decrypted value by decrypting the corresponding encrypted physical address using the secret value as input to an advanced encryption standard process.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin with the technique for decrypting an encrypted address of an access request based on a secret value of Serebrin to include attempt to decrypt a second cryptographic signature of the second command based at least in part on the key; and
One of ordinary skill in the art would have made this modification to improve the ability of the system to determine the validity of data. The system of the primary reference can be modified to decrypt encrypted value as part of determining validity of encrypted access requests data.
Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Duval, further in view of Khandelwal et al. U.S. Publication 20040107451 (hereinafter “Khandelwal”).
As per claim 11, the rejection of claim 1 is incorporated herein.
However, the combination of Lin and Duval does not expressly disclose wherein the command further comprises an indication of a hashing function for the memory system to use to calculate the cryptographic value.
Khandelwal discloses receiving a hash function selector, generating a hash function, and using the hashing function to generate a hash
[0072] As can be appreciated, by reducing data transmission over the exposed data bus 346 and shielding the hash function computation in the receiver, the fraudulent access identification system according to the present invention has a reduced probability of being fraudulently accessed by hackers.
[0073] Referring now to FIG. 13A, the MA 150 includes the fraud control module 374 that generates the fraud request. The receiver 154 includes the hash function generator 375 that generates multiple different hash functions. The hash function generator 375 receives the hash function request over the data bus 376.
[0074] The MA sends a hash function selector identifying one of a plurality of hash functions implemented in the receiver and/or a data selector for selecting the memory blocks to use. The hash function selector and data selector can be randomly selected from the possible hash functions and data blocks. The hash function generator 375 generates the hash function using the selected hash function and selected memory blocks in memory 377. The hash function generator 375 generates the hash value that is transmitted to the fraud control module 374. The fraud control module 374 in the MA 150 compares the generated hash value with the hash value that is stored and that corresponds to the hash value selector and data selector that is used. The hash value, the hash function identification and/or memory blocks may be stored in the MA 150, the PF 164 and/or in the manufacturers section of the PF 164.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin and Duval with the technique for receiving a hash function selector, generating a hash function, and using the hashing function to generate a hash of Khandelwal to include wherein the command further comprises an indication of a hashing function for the memory system to use to calculate the cryptographic value.
One of ordinary skill in the art would have made this modification to improve the ability of the system to change the hash function at the instruction/command receiving component in order to reduce the probability of malicious parties guessing which hash function is being used, thereby reducing the probability of being fraudulently accessed by hackers (Khandelwal para. 72).
Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Duval, further in view of Sun et al. U.S. Publication 20050093572 (hereinafter “Sun”).
As per claim 14, the rejection of claim 1 is incorporated herein.
However, the combination of Lin and Duval does not expressly disclose
wherein the data stored in the portion of the protected region comprises initialization instructions for a computing system comprising the memory system.
Sun discloses storing boot functions in protected memory that is protected from overwriting or modification
[0036] FIG. 4 is a more detailed functional diagram of an SOC integrated circuit, according to an embodiment of the invention. The components illustrated in FIG. 4 are all implemented on a single integrated circuit, according to more preferred embodiments of the invention. The chip includes a microcontroller core 100, implemented using special-purpose circuits, or as mentioned with respect to FIG. 2, using a segment of a configurable logic array. The microcontroller core 100 includes boot vectors 101 and timer circuitry 102 used in support of a watchdog timer 103. The microcontroller core 100 supports input/output ports 104, at least one interrupt line 105 and other signal inputs and outputs 106. Memory on the integrated circuit stores instructions to be executed by the microcontroller core. The memory includes the first memory array 107 storing instructions for a configuration handler, which includes a configuration load function and a configuration function in support of a configurable logic array 110 on the integrated circuit. In some embodiments, the configuration handler comprises an initialization function, executed in response to an initialization event like a reset caused by an interrupt signal or a watchdog timer reset. The memory includes a second memory array 108 storing instructions for a mission function for the SOC integrated circuit. The memory includes a third memory array 109 storing protected functions, including boot functions, in-circuit program functions, and configurable logic array configuration load backup function. The third memory array 109 is protected from overwriting or modification by an ICP function, which provides for recovery of the system during initialization functions, such as reset events and failures of in-circuit program procedures or configuration load procedures.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin and Duval with the technique for storing boot functions in protected memory that is protected from overwriting or modification of Sun to include wherein the data stored in the portion of the protected region comprises initialization instructions for a computing system comprising the memory system.
One of ordinary skill in the art would have made this modification to improve the ability of the system to protect critical instructions associated with the device boot process. The system of the primary reference can be modified to store boot instructions in protected memory.
Claim 15 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Mondello et al. U.S. Publication 20200310913 (hereinafter “Mondello”), further in view of Corcoran et al. U.S. Publication 20050246763 (hereinafter “Corcoran”).
As per claim 15, Lin discloses An apparatus, comprising: [system-on-chip, para. 16, Figure 1; combination memory protection unit 300 and memory unit 200 and memory signature unit 400, Figure 1]
a memory system; and [combination memory protection unit 300 and memory unit 200 and memory signature unit 400, Figure 1]
a controller [memory protection unit 300] for the memory system, wherein the controller is configured to cause the apparatus to: [since the memory protection unit 300 is part of the system on chip, any relevant action caused, indirectly or directly, by memory protection unit 300 discloses cause the apparatus to]
receive, at the memory system, a command [receives the instruction fetch access 510 or the data access 520, para. 20] comprising an indication of a region [“protected memory area defined as execute-only to forbid any non-instruction fetch access from the processor”, para. 8, 18] of the memory system;
Lin [0023] The memory signature unit 400 is connected to the processor 100 and the memory unit 200. It is connected to the memory unit 200 using a Direct Memory Access (DMA) channel 540 that is not regulated by the MPU 300. The DMA channel 540 can be implemented using a DMA controller. The processor 100 sends a signature extraction signal 550 to the memory signature unit 400 when a signature extraction program 820 is executed by the processor 100. The signature extraction program 820 may specify the start address and the length of a specified memory area via the signature extraction signal 550, and may optionally provide an activation signal to the memory signature unit 400 via the signature extraction signal 550. In some implementation, the range of the specified memory area may be a pair of start and end addresses thereof. The memory signature unit 400 then sends sequential read accesses via the DMA channel 540 according to the specified address range. The content (e.g., protected software program) stored in the specified memory area will be sent back to the memory signature unit 400, regardless the specified memory range is attributed as execute-only or not. The memory signature unit 400 generates a signature value of the content stored in the specified memory area and stores the signature value in the read-only register 410. After that, the processor 100 may request that signature value from the memory signature unit 400 by reading the register 410. The DMA channel 540 that is not regulated by the MPU 300 can be used only by the memory signature unit 400. The signature value may be generated by applying a checksum or hash method to the content stored in the specified memory area. The signature value of the protected instructions may be compared with a predetermined signature data to verify its validity. The predetermined signature data may be stored in an unprotected memory area. The predetermined signature data, which is generated by applying the same checksum or hash method to the protected software program, may be provided by the developer of the protected software program.
generate, based at least in part on receiving the command,[ via the signature extraction signal 550, para. 23] a cryptographic value [generates a signature value of the content stored in the specified memory area, para. 23] that is based at least in part on data stored in the region [the content stored in the specified memory area, para. 23; The protected instructions in the protected memory areas, para. 21; protected instructions stored in the execute-only memory area, para. 21; to protect the instructions from piracy or been tampered, para. 31]
[generates a signature value of the content stored in the specified memory area and stores the signature value in the read-only register 410, para. 23
]
However, Lin does not expressly disclose
generate a key pair comprising a private key associated with the memory system and a public key associated with the memory system based at least in part on the cryptographic value; and
output, to a host system, the public key.
Mondello discloses a memory device generating a public key pair using a random number and transmitting the public key to a host
[0079] Layer 1 753 of a memory device can include an asymmetric key generator 763. In at least one example, a random number generator (RND) 736 can optionally input a random number into the asymmetric key generator 763. The asymmetric key generator 763 can generate a public key (“K.sub.Lk public”) 769 (referred to as an external public key) and a private key (“K.sub.LK private”) 771 (referred to as an external private key) associated with a memory device such as memory device 606 in FIG. 6…. Further, the external public key (“K.sub.L1 public key”) 783 can be transmitted to Layer 2. Therefore, the public identification 765, the certificate 781, and the external public key 783 of a memory device can be transmitted to Layer 2 of a host device.
[0081] The external public key (“K.sub.L1 public key”) 883 transmitted from Layer 1 of the memory device to Layer 2 855 of a host, as described in FIG. 7
[0075] The memory device can transmit data, as illustrated by arrow 654, to the host 602. The transmitted data can include an external identification that is public, a certificate (e.g., an external identification certificate), and/or an external public key.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin with the technique for a memory device generating a public key pair using a random number and transmitting the public key to a host of Mondello to include generate a key pair comprising a private key associated with the memory system and a public key associated with the memory system based at least in part on the random number; and
output, to a host system, the public key.
One of ordinary skill in the art would have made this modification to improve the system so that the host can submit commands to a memory system. The commands can be authenticated and thereby prevent certain attacks. The system of the primary reference can be modified so that the memory signature unit generates a public key pair and provide the public key pair to the host device.
However, the combination of Lin and Mondello does not expressly disclose generate a key pair comprising a private key associated with the memory system and a public key associated with the memory system based at least in part on the cryptographic value; and
Corcoran discloses generate a key pair comprising a private key and a public key based at least in part on the cryptographic value;
[0027] In a preferred embodiment, two principle components include (i) a software/firmware client-side engine which may be incorporated within a consumer electronic appliance, and (ii) a server-side engine which implements and supports the public-key storage and management functions. Client-side aspects may include:
[0028] (a) a biometric data analysis subsystem capable of generating a unique and repeatable digital signature which can be associated with an end-user of the system; (b) a public/private key-pair generator which can create unique key-pairs based on the aforementioned digital signature;
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin and Mondello with the technique to generate the public key pair based on a digital signature of Corcoran to include
generate a key pair comprising a private key associated with the memory system and a public key associated with the memory system based at least in part on the cryptographic value; and
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate the public key pair based on a digital signature. The system of the primary reference as modified can be further modified to generate the public key pair based on the digital signature instead of the random value. This would better tie the generating of the key pair to the digital signature rather than random values, thereby increasing user confidence that their key pairs are related to their content.
As per claim 18, the rejection of claim 15 is incorporated herein.
However, Lin does not expressly disclose wherein, to generate the key pair, the controller is configured to cause the apparatus to: generate the public key of the key pair based at least in part on the private key of the key pair, wherein the private key of the key pair corresponds to the cryptographic value.
Mondello discloses a memory device using a random number generating a public key pair including a public key and a private key and transmitting the public key to a host
[see para. 79, 81; citations in claim 15]
[the public key and private key of a key pair complement each other, and cannot be generated independently of each other (in example generating a public/private key pair, Mondello para. 79), and therefore discloses generate the public key of the key pair based at least in part on the private key of the key pair, Furthermore the private key of the key pair corresponds to the cryptographic value is disclosed because the Mondello private key is part of the Mondello key pair that is generated from the random value, therefore disclosing the corresponds relationship, para. 79]
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin with the technique for a memory device generating a public key pair using a random number and transmitting the public key to a host of Mondello to include wherein, to generate the key pair, the controller is configured to cause the apparatus to: generate the public key of the key pair based at least in part on the private key of the key pair, wherein the private key of the key pair corresponds to the cryptographic value.
One of ordinary skill in the art would have made this modification to improve the host so that the host can submit commands to a memory system. The commands can be authenticated and thereby prevent certain attacks. The system of the primary reference can be modified so that the memory signature unit generates a public key pair that includes the corresponding public and private keys, and the key pair generated according to the random value.
As per claim 19, the rejection of claim 15 is incorporated herein.
However, Lin does not expressly disclose wherein the key pair comprises an asymmetric key pair.
Mondello discloses generating public and private key pair associated with a memory system
[public and private key pairs are asymmetric key pairs;
See Mondello Para. 79;
See citations in claim 15]
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin with the technique for generating public and private key pair associated with a memory system of Mondello to include wherein the key pair comprises an asymmetric key pair.
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate a public and private key pair. The system of the primary reference can be modified to generate a public and private key pair and to utilize such generated key pair for digital signatures and encryption.
Claims 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Mondello, in view of Corcoran, further in view of Duval.
As per claim 16, the rejection of claim 15 is incorporated herein.
Lin discloses wherein the controller is configured to cause the apparatus to generate the cryptographic value [generates a signature value of the content stored in the specified memory area, para. 23] based at least in part on determining that the host system is authorized.
[determining whether a memory access is allowed, para. 20; memory access from all devices (the processor 100, the co-processor or other I/O devices 150) except the memory signature unit 400 is restricted by the MPU 300, para. 20]
However, the combination of Lin, Mondello, and Corcoran does not expressly disclose
determine whether the host system is authorized to access the region based at least in part on a cryptographic signature of the command,
Duval discloses determine whether the host system is authorized [not executed by the memory controller 115 unless accompanied by a verified cryptographic signature. Unmeasured portions of the memory array 121 include one or more, para. 36] to access the region [Measured portions include one or more physical address locations 150A, 150B, 150N that are secured, para. 36] based at least in part on a cryptographic signature of the command,
Duval [0036] In some examples, the memory system 110 includes measured and non-measured portions of the memory array 121. Measured portions include one or more physical address locations 150A, 150B, 150N that are secured, for example, using the memory system root key. For example, commands to read from or write to the measured portions of the memory array 121 may be signed commands that are not executed by the memory controller 115 unless accompanied by a verified cryptographic signature. Unmeasured portions of the memory array 121 include one or more physical address locations 150A, 150B, 150N that are accessed with unsigned commands. For example, a request to read from or write to the non-measured portions of the memory command may be executed without a verified cryptographic signature.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Lin, Mondello, and Corcoran with the technique for determining whether a requester is authorized to access a protected memory region based on a signature of the request indicating the protected memory region of Duval to include determine whether the host system is authorized to access the region based at least in part on a cryptographic signature of the command,
One of ordinary skill in the art would have made this modification to improve the ability of the system to verify that a party requesting access to a protected region of memory is authorized to access the protected region of memory. The system of the primary reference can be modified so that the memory unit may validate a signature received from a host prior to allowing access to the protected memory.
As per claim 17, the rejection of claim 16 is incorporated herein.
Lin discloses wherein the region comprises a protected region [ execute-only memory areas, para. 26]associated with the cryptographic signature [a signature value of a specified memory area is generated and stored in the read-only register 410, para. 26 ] of the command.[ memory access is initiated, para. 26]
Lin [0026] Please refer to FIG. 4. FIG. 4 shows a flowchart of an example method to allow or forbid access to the memory unit having execute-only memory areas. The method begins that a memory access is initiated (S01). Since the control unit 110 invokes the memory signature unit 400 by sending the signature extraction signal 550 thereto during the execution of the signature extraction program 820 or sends memory access signal (i.e., instruction fetch access 510 or data access 520) to the MPU 300, then, a second step is to determine if a memory access is from the memory signature unit 400 (S02). If the MPU 300 receives the memory access signal, then check whether the memory address to be accessed is within an execute-only memory area (S03). Allow memory access if the memory address to be accessed is not within an execute-only memory area (S04); otherwise, check if the memory access is data access by the MPU 300 (505). If the memory access is an instruction fetch access, the memory access is allowed (S06). If the memory access is data access, the memory access is aborted (S07). If the memory signature unit 400 is invoked and sending memory read requests, check whether the memory address to be accessed is within a valid memory area by the memory signature unit 400 (S08) to prevent any misuse of the memory signature unit 400. The memory access is allowed (S09) while the valid area check is passed; otherwise, the process stops. The valid check may be a bounds checking and may be skipped to increase the performance of the memory signature unit 400. A method for the SoC to verify the validity of the protected software program stored in the execute-only memory areas of the memory unit 200 includes the following steps when the memory signature unit 400 is used to access the memory unit after step S09. First, a signature value of a specified memory area is generated and stored in the read-only register 410 by the memory signature unit 400. Then, the signature value stored in the memory signature unit 400 is compared with a predetermined signature data to verify the validity of the software program by the control unit 110.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is (571)272-0036. The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HOWARD H. LOUIE/Examiner, Art Unit 2494
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494
1 Emphasis is additional throughout.