DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s)1-13 are rejected under 35 U.S.C. 103 as being unpatentable over Wu et al us 2016/0352509 in view of Yoshida et al US 2014/0078579 in view of Verbauwhede US 2003/0202658.
As per claim 12. Wu discloses method for a countermeasure to a side-channel attack to a computer system, the method comprising steps of:
embedding by the encryption algorithm a randomization component of the encryption hardware engine that changes constantly implementation characteristics of one or more hardware components or hardware sub-components of the encryption hardware engine (0028 constant time cryptographic co-processor engine 109 that is built on a FPGA, may include a randomization component 208, which may be configured to obtain a randomization that can be applied to the execution of a cryptographic algorithm (e.g., AEC, RSA, ECC, etc.) and 0030 constant time cryptographic co-processor engine 109 may include a cryptographic algorithm modification component 214, which may be configured to generate modifications that add, alter, or otherwise modify a cryptographic algorithm, including, but not limited to, AES, RSA, or ECC algorithms, by introducing one or one randomization steps into the encryption or decryption process. In an aspect, these modifications may be added to or swapped for one or more steps of a traditional cryptographic algorithm stored in cryptographic algorithm component 206 to generate a randomized cryptographic algorithm and 0035 performing the original n.sup.c exponentiation, randomized cryptographic algorithm executing component 216 and 0037 cryptographic algorithm modification component 214 ), wherein the replicated components provide the countermeasure to the side-channel attack which introduces diversity and uncertainty to the power transient signals, wherein the one or more redundant locations allow the encryption hardware engine to run while the one or more redundant locations are disconnected from the FPGA ( 0017/0028 Consider AES, where the execution of an operation can traditionally take between eleven and fourteen cycles to complete. Because this inconsistent operation time signature may leave the system exposed to potential side-channel attacks, one or more dummy data paths may be inserted into the AES data path and interleaved with genuine AES computations in order to provide a constant execution time of an AES operation. In an embodiment of the present disclosure, a randomization is introduced into the AES operation to randomly interleave the dummy and genuine operation cycles based on a random number, which may be generated by the cryptographic co-processor and appended to the message to be encrypted or decrypted as a random number header vector. In an example, for every 1bit value in the random number header vector, a genuine cycle may be executed and for every 0bit value in the random number header vector, a dummy cycle may be executed. Furthermore, because an AES operation may include up to fourteen clock cycles to complete depending on the length of the relevant key, where the random number header vector does not include at least fourteen 1bit values to execute all of the genuine cycles, the random number header vector may be value inverted to ensure that a sufficient number of genuine cycles are executed.),
Wu fails to disclose
removing a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine including one or more redundant locations,
disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine by using the one or more redundant locations producing replicated components, and
running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components (bolded emphasis added).
However, Yoshida discloses removing a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine (0053 a measuring system for generating the lookup table. The measuring system includes an optical signal generator 31, an input PD value acquiring unit 32, an optical output power monitor 33, and a drive voltage value generator 34. The optical signal generator 31 can generate an optical signal having desired power. The input PD value acquiring unit 32 acquires an input PD value (i.e., a digital signal indicating the optical input power detected by the photodetector 14). An ASE cut filter 35 removes an AES component from input light and outputs only the signal light. The optical output power monitor 33 monitors the optical output power of only the signal light after the AES component is removed from the power of the output optical signal of the semiconductor optical amplifier 13 using the ASE cut filter 35 (i.e., the optical output level). The drive voltage value generator 34 can generate a desired drive voltage value);
disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine by using the one or more redundant locations producing replicated components ( 0053 An ASE cut filter 35 removes an AES component from input light and outputs only the signal light. The optical output power monitor 33 monitors the optical output power of only the signal light after the AES component is removed from the power of the output optical signal of the semiconductor optical amplifier 13 using the ASE cut filter 35 (i.e., the optical output level). The drive voltage value generator 34 can generate a desired drive voltage value)
Wu and Yoshida are both considered to be analogous to the claimed invention because they are in the same field of encryption system.
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wu to incorporate the teachings of Yoshida and provide measuring system for signal in the encryption engine. Doing so would be measuring the efficiency of the encryption system, thereby protecting the encryption system from malware.
The combination fails to disclose running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components.
However, Verbauwhede discloses running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components ( [0030] Maximum parallel key scheduling module 12 has a data path wide enough to accommodate the maximum expected key length. Sub-keys are generated on the fly, in one clock cycle and in parallel with the encryption module. Key scheduling module 12 is arranged to accommodate the different key and block lengths allowed by the Rijndael algorithm or the AES standard, as necessary. The Rijndael algorithm allows block lengths and key lengths of 128, 192 and 256 bits, while the ABS standard limits the block length to 128 bits. For the former case, the key scheduling module 12 is arranged to accommodate the nine different key length and block length combinations, and operates as defined in the Rijndael algorithm. For the latter case, only three combinations must be accommodated, with operation of the key scheduling module defined in the AES standard. And claim 3 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously, a shift row sub-module which receives the outputs of said substitution sub-module, a mix column sub-module which receives the outputs of said shift row sub-module, and a key addition sub-module arranged to receive and combine the outputs of said mix column sub-module and said sub-keys from said key scheduling module, and to provide the results at an output, said output being the output of said maximum parallel encryption module and claim 14 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously, a shift row sub-module which receives the outputs of said substitution sub-module, a mix column sub-module which receives the outputs of said shift row sub-module, and a key addition sub-module arranged to receive and combine the outputs of said mix column sub-module and said sub-keys from said key scheduling module, and to provide the results at an output, said output being the output of said maximum parallel encryption module, each of said maximum parallel encryption module sub-modules implemented exclusively with combinatorial logic.).
Wu and Yoshida and Verbauwhede are both considered to be analogous to the claimed invention because they are in the same field of encryption system.
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wu to incorporate the teachings of Yoshida, including the teaching of Verbauwhede and provide measuring system for signal in the encryption engine. Doing so would be measuring the efficiency of the encryption system, thereby protecting the encryption system from malware.
As per claim 8. Wu discloses a method for performing by a field programmable gate array (FPGA) dynamic partial reconfiguration (DPR) for a countermeasure to a side-channel attack to a computer system, the method comprising steps of:
providing an encryption hardware engine comprising hardware components or hardware sub-components, one or more redundant locations, and an encryption algorithm (0028 constant time cryptographic co-processor engine 109, that built on a FPGA, may include a randomization component 208, which may be configured to obtain a randomization that can be applied to the execution of a cryptographic algorithm (e.g., AEC, RSA, ECC, etc.) and 0030 constant time cryptographic co-processor engine 109 may include a cryptographic algorithm modification component 214, which may be configured to generate modifications that add, alter, or otherwise modify a cryptographic algorithm, including, but not limited to, AES, RSA, or ECC algorithms, by introducing one or one randomization steps into the encryption or decryption process. In an aspect, these modifications may be added to or swapped for one or more steps of a traditional cryptographic algorithm stored in cryptographic algorithm component 206 to generate a randomized cryptographic algorithm and 0035 performing the original n.sup.c exponentiation, randomized cryptographic algorithm executing component 216 and 0037 cryptographic algorithm modification component 214 ), using the one or more redundant locations to disconnect from the encryption hardware engine within the FPGA one or more hardware components or hardware sub-components of the encryption hardware engine and randomly changing implementation characteristics of the one or more disconnected hardware components or disconnected hardware sub-components of the encryption hardware engine to produce replicated components, wherein the one or more redundant locations allow the encryption hardware engine to run without stalls while DPR is performed on the one or more redundant locations disconnected from the FPGA, running connected one or more hardware components or the connected hardware sub-components simultaneously and in parallel with the replicated components to change logic structure or behavior of the one or more hardware components or hardware sub-components of the encryption hardware engine to provide the countermeasure to the side-channel attack to the computer system ( 0017/0028 Consider AES, where the execution of an operation can traditionally take between eleven and fourteen cycles to complete. Because this inconsistent operation time signature may leave the system exposed to potential side-channel attacks, one or more dummy data paths may be inserted into the AES data path and interleaved with genuine AES computations in order to provide a constant execution time of an AES operation. In an embodiment of the present disclosure, a randomization is introduced into the AES operation to randomly interleave the dummy and genuine operation cycles based on a random number, which may be generated by the cryptographic co-processor and appended to the message to be encrypted or decrypted as a random number header vector. In an example, for every 1 bit value in the random number header vector, a genuine cycle may be executed and for every 0 bit value in the random number header vector, a dummy cycle may be executed. Furthermore, because an AES operation may include up to fourteen clock cycles to complete depending on the length of the relevant key, where the random number header vector does not include at least fourteen 1 bit values to execute all of the genuine cycles, the random number header vector may be value inverted to ensure that a sufficient number of genuine cycles are executed).
Wu fails to disclose
removing a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine including one or more redundant locations,
disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine by using the one or more redundant locations producing replicated components, and
running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components (bolded emphasis added).
However, Yoshida discloses removing a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine (0053 a measuring system for generating the lookup table. The measuring system includes an optical signal generator 31, an input PD value acquiring unit 32, an optical output power monitor 33, and a drive voltage value generator 34. The optical signal generator 31 can generate an optical signal having desired power. The input PD value acquiring unit 32 acquires an input PD value (i.e., a digital signal indicating the optical input power detected by the photodetector 14). An ASE cut filter 35 removes an AES component from input light and outputs only the signal light. The optical output power monitor 33 monitors the optical output power of only the signal light after the AES component is removed from the power of the output optical signal of the semiconductor optical amplifier 13 using the ASE cut filter 35 (i.e., the optical output level). The drive voltage value generator 34 can generate a desired drive voltage value);
disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine by using the one or more redundant locations producing replicated components ( 0053 An ASE cut filter 35 removes an AES component from input light and outputs only the signal light. The optical output power monitor 33 monitors the optical output power of only the signal light after the AES component is removed from the power of the output optical signal of the semiconductor optical amplifier 13 using the ASE cut filter 35 (i.e., the optical output level). The drive voltage value generator 34 can generate a desired drive voltage value)
Wu and Yoshida are both considered to be analogous to the claimed invention because they are in the same field of encrytion system.
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wu to incorporate the teachings of Yoshida and provide measuring system for signal in the encrytion engine. Doing so would mesauring the efficiency of the encryption system, thereby proteting the encryption system from malware.
The comination fails to disclose running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components.
However, Verbauwhede discloses running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components ( [0030] Maximum parallel key scheduling module 12 has a data path wide enough to accommodate the maximum expected key length. Sub-keys are generated on the fly, in one clock cycle and in parallel with the encryption module. Key scheduling module 12 is arranged to accommodate the different key and block lengths allowed by the Rijndael algorithm or the AES standard, as necessary. The Rijndael algorithm allows block lengths and key lengths of 128, 192 and 256 bits, while the ABS standard limits the block length to 128 bits. For the former case, the key scheduling module 12 is arranged to accommodate the nine different key length and block length combinations, and operates as defined in the Rijndael algorithm. For the latter case, only three combinations must be accommodated, with operation of the key scheduling module defined in the AES standard. And claim 3 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously, a shift row sub-module which receives the outputs of said substitution sub-module, a mix column sub-module which receives the outputs of said shift row sub-module, and a key addition sub-module arranged to receive and combine the outputs of said mix column sub-module and said sub-keys from said key scheduling module, and to provide the results at an output, said output being the output of said maximum parallel encryption module and claim 14 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously, a shift row sub-module which receives the outputs of said substitution sub-module, a mix column sub-module which receives the outputs of said shift row sub-module, and a key addition sub-module arranged to receive and combine the outputs of said mix column sub-module and said sub-keys from said key scheduling module, and to provide the results at an output, said output being the output of said maximum parallel encryption module, each of said maximum parallel encryption module sub-modules implemented exclusively with combinatorial logic.).
Wu and Yoshida and Verbauwhede are both considered to be analogous to the claimed invention because they are in the same field of encryption system.
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wu to incorporate the teachings of Yoshida, including the teaching of Verbauwhede and provide measuring system for signal in the encryption engine. Doing so would be measuring the efficiency of the encryption system, thereby protecting the encryption system from malware.
As per claim 1, Wu discloses a method for a countermeasure to a side-channel attack to a computer system, the method comprising steps of:
performing by a field programmable gate array (FPGA) dynamic partial reconfiguration (DPR) to remove a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine including one or more redundant locations (0028 constant time cryptographic co-processor engine 109, that built on a FPGA, may include a randomization component 208, which may be configured to obtain a randomization that can be applied to the execution of a cryptographic algorithm (e.g., AEC, RSA, ECC, etc.) and 0030 constant time cryptographic co-processor engine 109 may include a cryptographic algorithm modification component 214, which may be configured to generate modifications that add, alter, or otherwise modify a cryptographic algorithm, including, but not limited to, AES, RSA, or ECC algorithms, by introducing one or one randomization steps into the encryption or decryption process. In an aspect, these modifications may be added to or swapped for one or more steps of a traditional cryptographic algorithm stored in cryptographic algorithm component 206 to generate a randomized cryptographic algorithm and 0035 performing the original n.sup.c exponentiation, randomized cryptographic algorithm executing component 216 and 0037 cryptographic algorithm modification component 214 ), wherein the encryption algorithm embeds a randomization component of the encryption hardware engine that changes constantly implementation characteristics of one or more hardware components or hardware sub-components of the encryption hardware engine by disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine within the FPGA using the one or more redundant locations producing replicated components, wherein the replicated components change logic structure or behavior of the one or more hardware components or hardware sub- components of the encryption hardware engine to provide the countermeasure to the side- channel attack which introduces diversity and uncertainty to the power transient signals, wherein the one or more redundant locations allow the encryption hardware engine to run without stalls while DPR is performed on the one or more redundant locations disconnected from the FPGA (0017/0028 Consider AES, where the execution of an operation can traditionally take between eleven and fourteen cycles to complete. Because this inconsistent operation time signature may leave the system exposed to potential side-channel attacks, one or more dummy data paths may be inserted into the AES data path and interleaved with genuine AES computations in order to provide a constant execution time of an AES operation. In an embodiment of the present disclosure, a randomization is introduced into the AES operation to randomly interleave the dummy and genuine operation cycles based on a random number, which may be generated by the cryptographic co-processor and appended to the message to be encrypted or decrypted as a random number header vector. In an example, for every 1 bit value in the random number header vector, a genuine cycle may be executed and for every 0 bit value in the random number header vector, a dummy cycle may be executed. Furthermore, because an AES operation may include up to fourteen clock cycles to complete depending on the length of the relevant key, where the random number header vector does not include at least fourteen 1 bit values to execute all of the genuine cycles, the random number header vector may be value inverted to ensure that a sufficient number of genuine cycles are executed), Wu fails to disclose
removing a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine including one or more redundant locations,
disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine by using the one or more redundant locations producing replicated components, and
running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components (bolded emphasis added).
However, Yoshida discloses removing a correlation in power transient signals of an encryption algorithm implemented on an encryption hardware engine, the encryption hardware engine (0053 a measuring system for generating the lookup table. The measuring system includes an optical signal generator 31, an input PD value acquiring unit 32, an optical output power monitor 33, and a drive voltage value generator 34. The optical signal generator 31 can generate an optical signal having desired power. The input PD value acquiring unit 32 acquires an input PD value (i.e., a digital signal indicating the optical input power detected by the photodetector 14). An ASE cut filter 35 removes an AES component from input light and outputs only the signal light. The optical output power monitor 33 monitors the optical output power of only the signal light after the AES component is removed from the power of the output optical signal of the semiconductor optical amplifier 13 using the ASE cut filter 35 (i.e., the optical output level). The drive voltage value generator 34 can generate a desired drive voltage value);
disconnecting the one or more hardware components or hardware sub-components from the encryption hardware engine by using the one or more redundant locations producing replicated components ( 0053 An ASE cut filter 35 removes an AES component from input light and outputs only the signal light. The optical output power monitor 33 monitors the optical output power of only the signal light after the AES component is removed from the power of the output optical signal of the semiconductor optical amplifier 13 using the ASE cut filter 35 (i.e., the optical output level). The drive voltage value generator 34 can generate a desired drive voltage value)
Wu and Yoshida are both considered to be analogous to the claimed invention because they are in the same field of encryption system.
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wu to incorporate the teachings of Yoshida and provide measuring system for signal in the encryption engine. Doing so would be measuring the efficiency of the encryption system, thereby protecting the encryption system from malware.
The combination fails to disclose running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components.
However, Verbauwhede discloses running the one or more hardware components or the hardware sub-components simultaneously and in parallel with the replicated components ( [0030] Maximum parallel key scheduling module 12 has a data path wide enough to accommodate the maximum expected key length. Sub-keys are generated on the fly, in one clock cycle and in parallel with the encryption module. Key scheduling module 12 is arranged to accommodate the different key and block lengths allowed by the Rijndael algorithm or the AES standard, as necessary. The Rijndael algorithm allows block lengths and key lengths of 128, 192 and 256 bits, while the ABS standard limits the block length to 128 bits. For the former case, the key scheduling module 12 is arranged to accommodate the nine different key length and block length combinations, and operates as defined in the Rijndael algorithm. For the latter case, only three combinations must be accommodated, with operation of the key scheduling module defined in the AES standard. And claim 3 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously, a shift row sub-module which receives the outputs of said substitution sub-module, a mix column sub-module which receives the outputs of said shift row sub-module, and a key addition sub-module arranged to receive and combine the outputs of said mix column sub-module and said sub-keys from said key scheduling module, and to provide the results at an output, said output being the output of said maximum parallel encryption module and claim 14 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously, a shift row sub-module which receives the outputs of said substitution sub-module, a mix column sub-module which receives the outputs of said shift row sub-module, and a key addition sub-module arranged to receive and combine the outputs of said mix column sub-module and said sub-keys from said key scheduling module, and to provide the results at an output, said output being the output of said maximum parallel encryption module, each of said maximum parallel encryption module sub-modules implemented exclusively with combinatorial logic.).
Wu and Yoshida and Verbauwhede are both considered to be analogous to the claimed invention because they are in the same field of encryption system.
Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Wu to incorporate the teachings of Yoshida, including the teaching of Verbauwhede and provide measuring system for signal in the encryption engine. Doing so would be measuring the efficiency of the encryption system, thereby protecting the encryption system from malware.
As per claim 13. Wu and Yoshida and Verbauwhede discloses the method of claim 12, Wu discloses wherein the replicated components change one or more selected from the group: (a) a corresponding path delay that changes behavior of a corresponding power trace, (b) a logic structure of the one or more hardware components or hardware sub-components of the encryption hardware engine, and (c) a behavior of the one or more hardware components or hardware sub-components of the encryption hardware engine( 0028 constant time cryptographic co-processor engine 109, that built on a FPGA, may include a randomization component 208, which may be configured to obtain a randomization that can be applied to the execution of a cryptographic algorithm (e.g., AEC, RSA, ECC, etc.) and 0030 constant time cryptographic co-processor engine 109 may include a cryptographic algorithm modification component 214, which may be configured to generate modifications that add, alter, or otherwise modify a cryptographic algorithm, including, but not limited to, AES, RSA, or ECC algorithms, by introducing one or one randomization steps into the encryption or decryption process. In an aspect, these modifications may be added to or swapped for one or more steps of a traditional cryptographic algorithm stored in cryptographic algorithm component 206 to generate a randomized cryptographic algorithm and 0035 performing the original n.sup.c exponentiation, randomized cryptographic algorithm executing component 216 and 0037 cryptographic algorithm modification component 214 ).
As per claim 2. Wu and Yoshida and Verbauwhede discloses The method according to claim 1, Verbauwhede discloses wherein each redundant location is configured to be re-programmed over time ([0030] Maximum parallel key scheduling module 12 has a data path wide enough to accommodate the maximum expected key length. Sub-keys are generated on the fly, in one clock cycle and in parallel with the encryption module. Key scheduling module 12 is arranged to accommodate the different key and block lengths allowed by the Rijndael algorithm or the AES standard, as necessary. The Rijndael algorithm allows block lengths and key lengths of 128, 192 and 256 bits, while the ABS standard limits the block length to 128 bits. For the former case, the key scheduling module 12 is arranged to accommodate the nine different key length and block length combinations, and operates as defined in the Rijndael algorithm. For the latter case, only three combinations must be accommodated, with operation of the key scheduling module defined in the AES standard. And claim 3 wherein said maximum parallel encryption module comprises: a substitution sub-module comprising substitution blocks which are replicated as needed to receive all of said parallel data bytes from said input buffer simultaneously).
As per claim 3. Wu and Yoshida and Verbauwhede discloses The method according to claim 1,Wu discloses wherein the encryption hardware engine continues to execute encryption/decryption at full speed without stalling or waiting for the performing step to complete(0030 constant time cryptographic co-processor engine 109 may include a cryptographic algorithm modification component 214, which may be configured to generate modifications that add, alter, or otherwise modify a cryptographic algorithm, including, but not limited to, AES, RSA, or ECC algorithms, by introducing one or one randomization steps into the encryption or decryption process ).
As per claim 4. Wu and Yoshida and Verbauwhede discloses The method according to claim 1,Wu discloses wherein two or more of the hardware components or hardware sub-components perform identical functions(0028 constant time cryptographic co-processor engine 109, that built on a FPGA, may include a randomization component 208, which may be configured to obtain a randomization that can be applied to the execution of a cryptographic algorithm (e.g., AEC, RSA, ECC).
As per claim 5. Wu and Yoshida and Verbauwhede discloses The method according to claim 1, Wu discloses wherein the one or more hardware components or hardware sub-components is selected from the group: SBOX, SubBytes, ShiftRows, MixColumns, AddRoundKey, registers, XOR gates ( 0030 constant time cryptographic co-processor engine 109 may include a cryptographic algorithm modification component 214, which may be configured to generate modifications that add, alter, or otherwise modify a cryptographic algorithm, including, but not limited to, AES, RSA, or ECC algorithms).
As per claim 6. Wu and Yoshida and Verbauwhede discloses The method according to claim 1, Wu discloses wherein the encryption algorithm is an advanced encryption standard (AES) ( 0017/0028 Consider AES, where the execution of an operation can traditionally take between eleven and fourteen cycles to complete. Because this inconsistent operation time signature may leave the system exposed to potential side-channel attacks, one or more dummy data paths may be inserted into the AES data path and interleaved with genuine AES computations in order to provide a constant execution time of an AES operation. In an embodiment of the present disclosure, a randomization is introduced into the AES operation to randomly interleave the dummy and genuine operation cycles based on a random number, which may be generated by the cryptographic co-processor and appended to the message to be encrypted or decrypted as a random number header vector).
As per claim 7. Wu and Yoshida and Verbauwhede discloses The method according to claim 1, Wu discloses wherein the side-channel attack is a simple power analysis (SPA), differential power analysis (DPA), or correlation power analysis (CPA) counter-measure attack ( 0017/0028 Consider AES, where the execution of an operation can traditionally take between eleven and fourteen cycles to complete. Because this inconsistent operation time signature may leave the system exposed to potential side-channel attacks, one or more dummy data paths may be inserted into the AES data path and interleaved with genuine AES computations in order to provide a constant execution time of an AES operation. In an embodiment of the present disclosure, a randomization is introduced into the AES operation to randomly interleave the dummy and genuine operation cycles based on a random number, which may be generated by the cryptographic co-processor and appended to the message to be encrypted or decrypted as a random number header vector).
As per claim 9. (Original) The method according to claim 8, further comprising the step of re- programming over time each redundant location.
As per claim 10. (Original) The method according to claim 8, further comprising the step of: executing encryption/decryption by the encryption hardware engine at full speed without stalling or waiting for the performing step to complete.
As per claim 11. (Original) The method according to claim 8, further comprising the step of: performing identical functions by two or more hardware components or hardware sub- components.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496