DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined
under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/12/2026 has been entered.
Response to Amendments
This Non-Final Office Action is in response to amendment filed on 12/12/2025. Claim 1 have been amended. No claims have been canceled. Claims 1 – 7 remain pending in the application.
Response to Amendment
The amended filed 12/12/2025 has been entered. See response to amendments.
Response to Arguments
Remarks regarding rejections under 35 U.S.C § 103 filed 12/12/2025
Applicant’s amendment to Independent Claim 1 arguments are carefully considered and are persuasive. However, upon further consideration, arguments are moot in view of new found prior art.
Claim Objections
Claim 2 is objected to because of the following informalities: “if” condition Examiner recommends to change the “if” condition with “when” because if the conditional limitation step is not reached, then the remaining limitation steps do not have to followed and will render the remain limitations not valid, therefore, it will not be required to show anticipation or obviousness for all paths of the conditional limitation. Examiner suggest to replacing “if” with “when”. Appropriate correction is required. (See MPEP § 2111.04).
Specification
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.
The objection is located in par.[0005].
Claim Rejections - 35 USC§ 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed
invention is not identically disclosed as set forth in section 102, if the differences between the
claimed invention and the prior art are such that the claimed invention as a whole would have
been obvious before the effective filing date of the claimed invention to a person having
ordinary skill in the art to which the claimed invention pertains. Patentability shall not be
negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness
under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating
obviousness or nonobviousness.
Claims 1, 3, 6 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Fischer et al. (US-20100310068-A1 hereafter Fischer), in view of Zhang et al. (US-20190132120-A1 hereafter Zhang).
Regarding claim 1 Fischer disclose a method for determining the integrity of data processing of operative data using a trusted execution environment running a program code, (see Fischer par.0022: “This aim is achieved by a method for monitoring an execution of a sequence of instructions of a data processing program in a security module associated to a multimedia unit connected to a managing center configured for supplying control messages(operative data) authorizing the multimedia unit to access broadcast audio video content data streams, said security module comprising at least one processor executing the data processing program instructions, a memory, a monitoring module for analyzing the instructions sent to the processor and for verifying the result of the analysis by comparison with reference data.”. par.0053: “The monitoring module MM is preferably implemented as a hardware module separated from the processor CPU with which it communicates through the bus B. An advantage of a monitoring module MM separated from the processor CPU is that the program integrity checking operations are not based on the processor and thus they cannot be bypassed by a hacker trying to introduce jump opcodes into the processor program.”, par.0056: “According to an example of implementation, the monitoring module MM is connected to the code bus B like a Memory Management Unit MMU or a Memory Protection Unit MPU: any fetch goes through a filter that triggers or not an action. In an embodiment of the method, the idea is to have some part of the program code stored in the memory M executable without mandatory control by the monitoring
module MM.”), the method comprising:
presenting the trusted execution environment with [[encrypted]] input data including the operative data and test data (see Fischer par.0051: “The security module SM (trusted execution environment) comprises components such as a processor CPU, non-volatile memories M storing the processing program PR, a monitoring module MM and peripheral modules P with interfaces configured for receiving data from the multimedia unit.", par. 0048: "the reference data set REF appended to the control or management messages ECM(operative data) I EMM (test data) is accompanied with program sequence check information Cl related to the reference data set REF.”);
Fischer does not disclose encrypted input data however Zhang discloses presenting ... with encrypted input data including the operative data and test data ([0066]: “The Integrity Check Value 508 may include or consist of a hash-based message authentication code (HMAC) generated by Encryption Logic 114 from the combination of the Ciphertext 506 (operative data) and the Initialization Vector 504 (test data), and that maybe used by Decryption Logic 116 to validate Ciphertext 506 and Initialization Vector 504 prior to attempting to decrypt Ciphertext 506.”)
Zhang further teaches entering the encrypted input data to the program code (see Zhang par.0050 “Encryption Logic 114 performs an encryption operation at least in part by i) retrieving Current Cryptographic Key 128 from KeyStore 126, ii) using Current Cryptographic Key 128 and an associated cryptographic algorithm embodied in Current Cryptographic Library 132 to encrypt the contents of Plaintext Buffer 151 by transforming the contents of Plaintext Buffer 151 into ciphertext, iii) creating Encrypted Data Object 152 that includes the ciphertext and a key identifier that uniquely identifies Current Cryptographic Key 128 and the associated cryptographic algorithm embodied in Current Cryptographic Library 132 that were used to encrypt the contents of the plaintext buffer, and iv) storing the Encrypted Data Object 152 into Ciphertext Output Buffer 153.”, par.0066: “Encryption Key Identifier 502 may further include or indicate an identifier of the cryptographic key that was used to encrypt the Ciphertext 506, such as a key name that can be used to retrieve, from the KeyStore 126, the cryptographic key that was used to encrypt the Ciphertext 506. Encrypted Data Object 152 further includes a randomly generated Initialization Vector 504 that was also used to encrypt the Ciphertext 506. The Ciphertext 506 may include or consist of a null-terminated string containing the base64 encoded ciphertext. The Integrity Check Value 508 may include or consist of a hash-based message authentication code (HMAC) generated by Encryption Logic 114 from the combination of the Ciphertext 506 and the Initialization Vector 504, and that maybe used by Decryption Logic 116 to validate Ciphertext 506 and Initialization Vector 504 prior to attempting to decrypt Ciphertext 506.” Examiner construe where the process and program performing the operation on the encrypted data as program code);
using the program code to produce output data by processing the input data without decrypting the input data (see Zhang par.0060: “performing the encryption operation by Encryption Logic 114 in Encryption Service Module 112 may further include generating an integrity check value by applying a cryptographic hash function to the combination of the ciphertext and the initialization vector, and creating the encrypted data object such that the encrypted data object further includes the integrity check value… performing the decryption operation may further include, prior to decrypting the ciphertext contained in the encrypted data object, i) extracting (separating) the integrity check value from the Encrypted Data Object 152, ii) using the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypting the ciphertext contained in the Encrypted Data Object 152 responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.”);
. separating a portion of the output data resulting from processing the encrypted test data (see Zhang par.0060: “performing the encryption operation by Encryption Logic 114 in Encryption Service Module 112 may further include generating an integrity check value (test data) by applying a cryptographic hash function to the combination of the ciphertext and the initialization vector, and creating the encrypted data object such that the encrypted data object further includes the integrity check value. For example, generating the integrity check value may be performed by generating a hash-based message authentication code (HMAC) from the combination of the ciphertext and the initialization vector. The HMAC may, for example, be generated using one of the Secure Hash Algorithms (SHA) published by the National Institute of Standards and Technology (NIST), such as SHA-256 or the like. In such embodiments, performing the decryption operation may further include, prior to decrypting the ciphertext contained in the encrypted data object, i) extracting (separating) the integrity check value from the Encrypted Data Object 152, ii) using the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypting the ciphertext contained in the Encrypted Data Object 152 responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.”);
subjecting the portion of the output data to a comparison with reference data (see Zhang par.0054: “performing the decryption operation may further include, prior to decrypting the ciphertext contained in the encrypted data object, i) extracting (separating) the integrity check value from the Encrypted Data Object 152, ii) using the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypting the ciphertext contained in the Encrypted Data Object 152 responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.”.); and
using the comparison as a basis for determining the integrity of the data processing (see Zhang par.0060: “using the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypting the ciphertext contained in the Encrypted Data Object 152 responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined Fischer teaching “The advantage of this embodiment is that the analyzed sequence of instructions and the reference data set may be different at each sending of control and management messages for example. Attempts of tampering the data processing program become thus even more difficult thanks to the constant change of the reference data.”, (see Fischer par.0039), with above with Zhang teaching “Encryption Key Identifier 502 may indicate or include an identifier of the cryptographic algorithm that was used to encrypt the Ciphertext 506, that identifies an embodiment of that cryptographic algorithm in Current Cryptographic Library 132 or Other Cryptographic Libraries 134. Encryption Key Identifier 502 may further include or indicate an identifier of the cryptographic key that was used to encrypt the Ciphertext 506, such as a key name that can be used to retrieve, from the KeyStore 126, the cryptographic key that was used to encrypt the Ciphertext 506. Encrypted Data Object 152 further includes a randomly generated Initialization Vector 504 that was also used to encrypt the Ciphertext 506. The Ciphertext 506 may include or consist of a null-terminated string containing the base64 encoded ciphertext. The Integrity Check Value 508 may include or consist of a hash-based message authentication code (HMAC) generated by Encryption Logic 114 from the combination of the Ciphertext 506 and the Initialization Vector 504, and that maybe used by Decryption Logic 116 to validate Ciphertext 506 and Initialization Vector 504 prior to attempting to decrypt Ciphertext 506.”, with integrity check values within the encrypted data object advantageously providing assurance that only legitimate ciphertext will be decrypted. (see Zhang par.0017, 0066).
Regarding claim 3 Fischer in view of Zhang teach the method as claimed in claim 1, wherein data processing takes place in an encrypted manner. (See Zhang par.0060: “performing the encryption operation by Encryption Logic 114 in Encryption Service Module 112 may further include generating an integrity check value by applying a cryptographic hash function to the combination of the ciphertext and the initialization vector, and creating the encrypted data object such that the encrypted data object further includes the integrity check value… performing the decryption operation may further include, prior to decrypting the ciphertext contained in the encrypted data object, i) extracting (separating) the integrity check value from the Encrypted Data Object 152, ii) using the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypting the ciphertext contained in the Encrypted Data Object 152 responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.”; par.0066: “the Encrypted Data Object 152 includes an Encryption Key Identifier 502, which identifies the cryptographic key and cryptographic algorithm that were used to encrypt the Ciphertext 506. For example, Encryption Key Identifier 502 may indicate or include an identifier of the cryptographic algorithm that was used to encrypt the Ciphertext 506, that identifies an embodiment of that cryptographic algorithm in Current Cryptographic Library 132 or Other Cryptographic Libraries 134. Encryption Key Identifier 502 may further include or indicate an identifier of the cryptographic key that was used to encrypt the Ciphertext 506, such as a key name that can be used to retrieve, from the KeyStore 126, the cryptographic key that was used to encrypt the Ciphertext 506. Encrypted Data Object 152 further includes a randomly generated Initialization Vector 504 that was also used to encrypt the Ciphertext 506. The Ciphertext 506 may include or consist of a null-terminated string containing the base64 encoded ciphertext. The Integrity Check Value 508 may include or consist of a hash-based message authentication code (HMAC) generated by Encryption Logic 114 from the combination of the Ciphertext 506 and the Initialization Vector 504, and that maybe used by Decryption Logic 116 to validate Ciphertext 506 and Initialization Vector 504 prior to attempting to decrypt Ciphertext 506.”).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined Fischer in view of Zhang teaching of claim 1, with Zhang teaching “ performing the encryption operation may further include generating a random initialization vector, and using the generated initialization vector with the current cryptographic key and associated cryptographic algorithm to encrypt the contents of the plaintext buffer. In such embodiments, the encrypted data object may be created such that the encrypted data object further includes the initialization vector. Further in such embodiments, performing the decryption operation may additionally include extracting the initialization vector from the encrypted data object, and using the initialization vector with the retrieved cryptographic key and identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object.”, (see Zhang par.0012).
Regarding claim 6 Fischer in view of Zhang teach the method as claimed in claim 3, further comprising extracting the processed test data from the output data on the basis of the sequence or order. (See Fischer par. 0067: “At reception of an ECM or EMM message by the security module SM, the monitoring module MM extracts and stores the cryptogram CR. A check data set CD is then determined from the analysis of the program sequence instructions as in the previous embodiment. Instead of comparing the obtained check data set CD with the stored cryptogram CR, the monitoring module MM decrypts, thanks to an associated decryption module DM using the inverse of the emulator's algorithm, the cryptogram CR by taking the check data set CD as key.”.).
Regarding claim 7 Fischer in view of Zhang teach the method as claimed in claim 1, Fischer further teaches wherein the test data form a portion of the input data that has no need of the data processing by means of the trusted execution environment. (See Fischer par.0075: “the reference data set REF produced by the emulator EM during the execution of program sequence instructions is used directly as a system key that will impact the calculation of the control word. In this embodiment, the reference data set REF is not transmitted to the security module in the ECM, but the locally computed check data set CD is used instead.”.).
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Fischer et al. (US-20100310068-A1 hereafter Fischer), in view of Zhang et al. (US-20190132120-A1 hereafter Zhang), in view of Gonzales et al. (US-9430644-B2 hereafter Gonzales), in further view Chenchu et al. (US-20190066518-A1 hereafter Chenchu).
Regarding claim 2 Fischer in view of Zhang teach the method as claimed in claim 1, further comprising: Fisher in view of Zhang do not explicitly teach however Gonzales teaches establishing the integrity of the data processing is established (see Gonzales Col. 9 lines:48-67: the PFP process is to design optimal detectors to perform the final integrity assessment. These detectors will make the final decision of whether a test trace should be considered an intrusion during monitoring operation. The process of detector design and normal monitoring operation are very similar. detector design, test traces from the execution of trusted software are captured and processed to extract the selected discriminatory features and compared against the stored signatures. Several traces are collected and processed and their statistical sample distributions are used to identify a threshold that yields the expected performance targets. The process of detector design is shown in FIG. 11. Random or predefined input 1110 is provided to trusted software 1120 and fresh test traces are captured from its execution. The results are aligned and synchronized 1130, and the traces are preprocessed and conditioned 1140. Using authorized signatures 770 for comparison, the selected discriminatory 65 features are extracted and a distance metric is generated 1150. Then statistical analysis and distribution fitting is done.”.); and
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined Fischer in view of Zhang teaching of claim 1, with Gonzales teaching “In PFP integrity assessment, an independent monitor can observe a side channel, such as the power consumption of the target system, during operation using a physical sensor. The captured traces can be processed to extract unique fine-grained patterns or features (fingerprints) and compared against trusted stored baseline references, which are used to perform anomaly detection by applying signal detection and pattern recognition techniques.”, (see Gonzales Col.5 lines:7-14).
Fischer in view of Zhang, and Gonzales do not explicitly teach however Chenchu teaches displaying a value of the integrity on a user interface if the reference data match the processed test data. (See Chenchu par.0018: “shows a block diagram 100 of an operational flight path validation system in accordance with one embodiment. In this example, a navigational database 102 is used in combination with the terrain and obstacle database 104 to validate the operational flight path with an integrity monitor 106. Upon validation, the results of the integrity monitor 106 are sent to a display and reporting system 108 for use by an aircraft crew. The display and reporting system 108 is located in the cockpit onboard an aircraft.”.).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined Fischer in view of Zhang teaching of claim 1, with Gonzales teaching, (see Gonzales Col.5 lines7-14), with Chenchu teaching “The validation reports from previous cycles of analysis are retrieved from the log 320 and analyzed for content using text mining techniques. The contents of the validation reports are combined and used to generate a descriptive alert message for the aircrew 322.”, (see Chenchu par.0022).
Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Fischer et al. (US-20100310068-A1 hereafter Fischer), in view of Zhang et al. (US-20190132120-A1 hereafter Zhang), in further view of Gu et al. (US-11281769-B2 hereafter Gu).
Regarding claim 4 Fischer in view of Zhang teach the method as claimed in claim 1, Fischer in view of Zhang do not explicitly teach however Gus teaches further comprising
merging the operative data and the test data according to a predefined sequence or order to produce input data. (See Gu Col. 2 lines 38-47: “the invention may blend data integrity verification code with normal/original code of an item of software in a way that makes it very hard for an attacker to differentiate between the two types of code. Such blending may combine normal data and additional data as input to a runtime data integrity verification algorithm. The runtime data integrity verification algorithm may use operations that are very similar to normal software operations and
that can be easily broken up in small code fragments for code blending operations.”.).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined Fischer in view of Zhang teaching of claim 1, with Gu teaching “providing the verification data to the integrity checker comprises provided the encrypted or transformed verification data to the integrity checker. (i) a key; (ii) a predetermined bit sequence having m bits; (iii) for each bit of the predetermined bit sequence, a respective location within an n-bit value, where m and n are positive integers with m less than n; the first set of data elements comprises all possible n-bit values; and the second set of data elements comprises all possible n-bit values that are an encrypted version, using the key, of an n-bit value B* that comprises them bits of the predetermined bit sequence at their respective locations within said n-bit value B*”, (see Gu Col.4 lines:46-58).
Regarding claim 5 Fischer in view of Zhang, and Gu teach the method as claimed in claim 4, Gu further teaches wherein the operative data and the test data are merged randomly and/or pseudorandomly in respect of a sequence or order to produce input data. (See Gu Col. 23 lines 28-56: “the runtime data is preferably selected so that, if the verification code 350 is executed multiple times, then the value of the runtime data R; used by the verification code 350 at the i'" execution of the verification code 350 is different from the value of the runtime data R1 used by the verification code 350 at the jth execution of the verification code 350 (for positive integers i and j with i;,j). Thus, the verification data generated at the ith execution of the verification code 350 (in dependence upon R) is different from the verification data generated at the i'" execution of the verification code 350 (in dependence upon R). This can be achieved, for example, by ensuring that the value of the runtime data is dependent on one or more of: input provided by the user of the computer system 210; data/content being processed by the computer system 210 (e.g. documents being processed; data being decrypted or encrypted; multimedia data being decoded; etc.); data relating to the current execution environment of the computer system 210; current date/time data; any source of entropy; etc. The runtime data preferably acts as a source of (pseudo-) random data or entropy. Such non-repeated runtime data helps prevent replay attacks by an attacker (i.e. this stops an attacker from detecting valid verification data and reusing that valid verification data subsequently). The one or more portions of code that generate this runtime data may be any part of the protected item of software 240. The one or more portions of code are, preferably, code/instructions 510 of the protected item of software 240 with which the verification code 350 is interleaved.”.).
It would have been obvious to someone of ordinary skill in the art before the
effective filing date of the claimed invention to have combined Fischer in view of Zhang, and Gu teaching of claim 4, with Gu teaching “the purpose of the runtime data 15 is to control ( or determine or select) which data element 806 of the second set 804 is (or is comprised in or represented by) the generated verification data. If the runtime data is chosen to be substantially random (or pseudo random), and should therefore be different for (substantially) each execution of the verification code 350, then the verification data generated at each execution of the verification code 350 should be different from (substantially all) previously generated verification data. In other words, the integrity checker may identify whether the received verification data corresponds to verification data previously received in relation to the protected item of software 240.”, (see Gu Col.27 lines:15-27).
Conclusion
The prior art made of record and not relied upon is considered pertinent to
applicant's disclosure:
Falk et al. (EP-3561709-A1) An advantage of providing the integrity data particularly may be that, based on the integrity data and the attestation data of it, the current platform configuration of the first data processing apparatus may be checked, thus in particular facilitating a check whether the first data processing apparatus is secure, e.g., currently operates in a platform configuration which is secure. Moreover, the validation data advantageously allows to perform a validity check of the integrity data, thereby in particular allowing to check whether the current platform configuration, which is indicated by the integrity data, is a secure one. In this way, the security may be improved, in that not just the current platform configuration may be determined but also whether this platform configuration is secure according to the validity data.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUILIO MUNGUIA whose telephone number is (571)270-5277. The examiner can normally be reached M-F 9:30AM - 5:00Pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw Eleni A Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DUILIO MUNGUIA/ Examiner, Art Unit 2497 /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497