PREVENTING PROFILED SIDE CHANNEL ATTACKS

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Applicants amendment filed 07 January 2026 amends claims 1-6, 9, and 17. Applicant’s amendment has been fully considered and entered. Response to Arguments Applicant argues on page 12 of the response, “However, BASSO does not disclose ‘obtain a first profiling configuration that is based on a plurality of keys and one or more characteristics of a first memory device, the one or more characteristics of the first memory device corresponding to the first memory device performing cryptographic operations using the plurality of keys,’ as recited in amended claim 1…” This argument has been fully considered and is persuasive. Therefore, the previous rejections have been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of Veshchikov, U.S. Publication No. 2023/0259618, in view of Cao, “Cross-Device Profiled Side-Channel Attack with Unsupervised Domain Adaptation”, published 2021. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. The claimed means appear to linked to the controller (Figure 1, element 130) from Applicant’s specification. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 17-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim 17 recites “generating a model based on the first profiling configuration, the second profiling configuration, the third profiling configuration, and the fourth profiling configuration”, which can be considered to fall into the “Mental Process” grouping of the step 2A, prong one analysis for subject matter eligibility (MPEP 2106.04(a)). Additionally, MPEP 2106.04(a)(2), section III, explains that courts do not distinguish between mental processes that are performed entirely in the human mind and mental processes that require a human to use a physical aid (e.g., pen and paper) to perform the limitation (See Benson, 409 U.S. at 67, 65, 175 USPQ at 674-75, 674 (noting that the claimed "conversion of [binary-coded decimal] numerals to pure binary numerals can be done mentally," i.e., "as a person would do it by head and hand."); Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1139, 120 USPQ2d 1473, 1474 (Fed. Cir. 2016) (holding that claims to a mental process of "translating a functional description of a logic circuit into a hardware component description of the logic circuit" are directed to an abstract idea, because the claims "read on an individual performing the claimed steps mentally or with pencil and paper"). Nor do the courts distinguish between claims that recite mental processes performed by humans and claims that recite mental processes performed on a computer. As the Federal Circuit has explained, "[c]ourts have examined claims that required the use of a computer and still found that the underlying, patent-ineligible invention could be performed via pen and paper or in a person’s mind." Versata Dev. Group v. SAP Am., Inc., 793 F.3d 1306, 1335, 115 USPQ2d 1681, 1702 (Fed. Cir. 2015). See also Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1318, 120 USPQ2d 1353, 1360 (Fed. Cir. 2016) (‘‘[W]ith the exception of generic computer-implemented steps, there is nothing in the claims themselves that foreclose them from being performed by a human, mentally or with pen and paper.’’); Mortgage Grader, Inc. v. First Choice Loan Servs. Inc., 811 F.3d 1314, 1324, 117 USPQ2d 1693, 1699 (Fed. Cir. 2016) (holding that computer-implemented method for "anonymous loan shopping" was an abstract idea because it could be "performed by humans without a computer"). This judicial exception is not integrated into a practical application because the additional elements including “obtaining first/second/third/fourth profiling configuration[s]” and the claimed “means for” performing the claimed functionality. The obtaining limitations can be considered general data gathering steps that have been identified as an insignificant extra-solution activity to the judicial exception (MPEP 2106.05(A)). Additionally, the claimed “means” correspond with the controller (Figure 1, 130), which would be considered generic computer technology that is well-known, routine, and convention and therefore, insufficient to qualify as “significantly more” (MPEP 2106.05(A)). Claims 18 and 19, include similar “obtaining” and “generating” limitations that were not sufficient to integrate the judicial exception into a practical application. Nor would the additional elements be considered to be sufficient to amount to significantly more than the judicial exception. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 2, 5-10, 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Veshchikov, U.S. Publication No. 2023/0259618, in view of Cao, “Cross-Device Profiled Side-Channel Attack with Unsupervised Domain Adaptation”, published 2021. Referring to claim 1, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]), which meets the limitation of obtaining a first profiling configuration that is based on a plurality of keys and one or more characteristics of a first memory device, the one or more characteristics of the first memory device corresponding to the first memory device performing cryptographic operations using the plurality of keys. The device profile is utilized to create a model ([0004]), which meets the limitation of generate a model based on the first profiling configuration [and the second profiling configuration]. The model is utilized to implement a side channel attack ([0004]), which meets the limitation of initiate a profiled side channel attack using the model. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1), which meets the limitation of obtaining a second profiling configuration that is based on the plurality of keys and one or more characteristics of a second memory, the one or more characteristics of the second memory device corresponding to the second memory device performing cryptographic operations using the plurality of keys, generate a model based on the first profiling configuration and the second profiling configuration. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 2, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]: multiple keys read on the claimed first key and second key. Operations read on the claimed characteristics), which meets the limitation of wherein the controller, to obtain the first profiling configuration, is configured to obtain a first profiling configuration that is based on a first key of the plurality of keys, a second key of the plurality of keys, and the one or more characteristics of the first memory device. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1), which meets the limitation of wherein the controller, to obtain the second profiling configuration, is configured to obtain a second profiling configuration that is based on the first key, the second key, and the one or more characteristics of the second memory device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 5, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]), which meets the limitation of wherein the controller is further configured to obtain a [third] profiling configuration that is based on the plurality of keys and one or more characteristics of a [third] memory device. The device profile is utilized to create a model ([0004]), which meets the limitation of wherein the controller, to generate the model, is configured to generated the model based on the first profiling configuration, [the second profiling configuration, and the third profiling configuration]. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1), which meets the limitation of wherein the controller is further configured to obtain a third profiling configuration that is based on the plurality of keys and one or more characteristics of a third memory device, wherein the controller, to generate the model, is configured to generated the model based on the first profiling configuration, the second profiling configuration, and the third profiling configuration. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 6, Veshchikov discloses the determination of countermeasures for the profiling attack ([0017] & [0041]-[0042]), which meets the limitation of determine a countermeasure for preventing another profiled side channel attack. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1). Different countermeasures can be added to the devices to prevent the side channel attacks (Page 44: adding the countermeasures to the devices shows that the countermeasures are transmitted to the devices), which meets the limitation of transmit, to the first memory device, the second memory device, or a third memory device, an indication of the countermeasure for preventing another profiled side channel attack. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 7, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]). Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices using the same input (Page 34, Section 3.1: as applied to Veshchikov, the same input would include the same keys), which meets the limitation of wherein the first profiling configuration and the second profiling configuration are based on the same keys of the plurality of keys. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 8, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]). The keys provisioned for the device can include newly provisioned keys ([0022]: the keys can include newly provisioned keys), which meets the limitation of wherein the first profiling configuration is based on a first set of keys of the plurality of keys and the [second] profiling configuration is based on [a second set] of keys of the plurality of keys, wherein the [second] set of keys includes one key that is not included in the first set of keys. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices using the same input (Page 34, Section 3.1: as applied to Veshchikov, the same input would include the same keys), which meets the limitation of and the second profiling configuration is based on [a second set] of keys of the plurality of keys. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 9, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]), which meets the limitation of obtain a first profiling configuration that is based on a plurality of keys and one or more characteristics of a first memory device, the one or more characteristics of the first memory device corresponding to the first memory device performing cryptographic operations using the plurality of keys. The device profile is utilized to create a model ([0004]), which meets the limitation of generating a model based on the first profiling configuration [and the second profiling configuration]. The model is utilized to implement a side channel attack ([0004]), which meets the limitation of initiating a profiled side channel attack using the model. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1), which meets the limitation of obtaining a second profiling configuration that is based on the plurality of keys and one or more characteristics of a second memory, the one or more characteristics of the second memory device corresponding to the second memory device performing cryptographic operations using the plurality of keys, generating a model based on the first profiling configuration and the second profiling configuration. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 10, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]: multiple keys read on the claimed first key and second key. Operations read on the claimed characteristics), which meets the limitation of obtaining the first profiling configuration comprises obtaining a first profiling configuration that is based on a first key of the plurality of keys, a second key of the plurality of keys, and the one or more characteristics of the first memory device. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1), which meets the limitation of wherein the obtaining a second profiling configuration comprises obtaining a second profiling configuration that is based on the first key of the plurality of keys, the second key of the plurality of keys, and the one or more characteristics of the second memory device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 13, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]), which meets the limitation of obtaining a [third] profiling configuration that is based on the plurality of keys and one or more characteristics of a [third] memory device. The device profile is utilized to create a model ([0004]), which meets the limitation of wherein generating the model comprises generating the model based on the first profiling configuration, [the second profiling configuration, and the third profiling configuration]. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1), which meets the limitation of obtaining a third profiling configuration that is based on the plurality of keys and one or more characteristics of a third memory device, wherein generating the model comprises generating the model based on the first profiling configuration, the second profiling configuration, and the third profiling configuration. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 14, Veshchikov discloses the determination of countermeasures for the profiling attack ([0017] & [0041]-[0042]), which meets the limitation of determine a countermeasure for preventing another profiled side channel attack based on performing the profiled side channel attack. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices such that the profiles are utilized to generate a model (Page 34, Section 3.1). Different countermeasures can be added to the devices to prevent the side channel attacks (Page 44: adding the countermeasures to the devices shows that the countermeasures are transmitted to the devices), which meets the limitation of transmitting, to the first memory device, the second memory device, or a third memory device, an indication of the countermeasure for preventing another profiled side channel attack. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 15, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]). Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices using the same input (Page 34, Section 3.1: as applied to Veshchikov, the same input would include the same keys), which meets the limitation of wherein the first profiling configuration and the second profiling configuration are based on the same keys of the plurality of keys. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Referring to claim 16, Veshchikov discloses profile attack detection wherein a profile is built for a device ([0004]) based on keys provisioned for the device and key operations performed by the device using the keys ([0019]). The keys provisioned for the device can include newly provisioned keys ([0022]: the keys can include newly provisioned keys), which meets the limitation of wherein the first profiling configuration is based on a first set of keys of the plurality of keys and the [second] profiling configuration is based on [a second set] of keys of the plurality of keys, wherein the [second] set of keys includes one key that is not included in the first set of keys. Veshchikov does not disclose the profiling of multiple devices. Cao discloses the generation of profiles from multiple devices using the same input (Page 34, Section 3.1: as applied to Veshchikov, the same input would include the same keys), which meets the limitation of and the second profiling configuration is based on [a second set] of keys of the plurality of keys. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the models of Veshchikov to have been generated using profiles from multiple devices in order to provide a model that is capable of extracting domain-invariant features as suggested by Cao (Page 34, Section 3.1). Allowable Subject Matter Claims 3, 4, 11, 12, 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437