Read-Only Memory (ROM) Security

DETAILED ACTION The 112(f) interpretation is withdrawn based on the amendments filed 09/06/2025. The objection to the abstract is withdrawn. Claim 10 is canceled. Claims 1-9 and 11-20 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 07/02/2025 and 10/15/2025 have been considered by the examiner. Response to Arguments Applicant's arguments filed 09/06/2025 have been fully considered but they are not persuasive. In response to applicant's argument that the combination of Sela and Zhang would render Sela unsatisfactory because of the inefficiencies arising from the complexity of integrating Zhang’s intricate scrambling circuitry into the secure boot Read-Only Memory (ROM) system, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). Additionally, In response to applicant's argument that the combination of Sela and Zhang would render Sela unsatisfactory because of the cost of integrating Zhang’s intricate scrambling circuitry into the secure boot Read-Only Memory (ROM) system would far outweigh the marginal benefits, the fact that a "combination would not be made by businessmen for economic reasons" does not mean that a person of ordinary skill in the art would not make the combination because of some technological incompatibility. In re Farrenkopf, 713 F.2d 714, 718, 219 USPQ 1, 4 (Fed. Cir. 1983). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1-6, 8-12, 13-16, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20190050602 A1 to Sela et al. (Sela) in view of US 11775384 B2 to Kanno (Kanno), and in further view of US 20180095985 A1 to Zhang (Zhang). Regarding claim 1, Sela teaches An apparatus for secure read-only memory, ROM memory (ROM), the apparatus comprising: a ROM array including [encrypted] ROM data [stored at multiple ROM addresses] (Sela Fig. 1B, e.g., memory device 20, non-volatile memory 24); and a ROM controller coupled to the ROM array (Sela Fig. 1B, e.g., memory device 20, memory controller 22, non-volatile memory 24), the ROM controller configured to: read an [encrypted] ROM datum from the ROM array based on a ROM address corresponding to the [encrypted] ROM datum (Sela [0023], e.g., the non-volatile memory device may access the data for the logical address), [wherein each respective encrypted ROM datum of the encrypted ROM data is different from each other respective encrypted ROM datum of the respective encrypted ROM data throughout the ROM array]; obtain at least one digest value using the [encrypted] ROM datum (Sela [0023], e.g., Upon receiving a request on the host interface to read data for a logical address, the non-volatile memory device may access the data for the logical address, compute a digest for the accessed data); and gate access to the ROM array based on the at least one digest value and an expected digest value (Sela [0071], e.g., Step 506 may include determining whether the accessed data is trusted by the host. In one embodiment, the memory controller 22 computes a digest for the accessed data and compares the computed digest with an expected digest for the data). Sela does not explicitly teach, but Kanno teaches a ROM array including encrypted ROM data stored at multiple ROM addresses (Kanno Col. 7, lines 37-50, e.g., The memory controller 4 instructs the memory 5 to read data from an area specified by the obtained physical address, and acquires the data read from the memory 5. The memory controller 4 detects an error in the data read from the memory 5, corrects an error if any error is detected, decrypts the error-corrected data; Note that the data has to be encrypted for decryption to happen); and the ROM controller configured to: read an encrypted ROM datum from the ROM array based on a ROM address corresponding to the encrypted ROM datum (Kanno Col. 7, lines 37-50, e.g., Upon receiving a request to read data assigned a logical address from the host device 2, the memory controller 4 obtains a physical address associated with (or, corresponding to) the logical address of the data which the read request specifies as a target (or, read request target data) with reference to the address conversion table 31… decrypts the error-corrected data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Sela with the teachings of Kanno with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of enhanced security and an additional layer of security. In the event of an attack or breach, if an attack is able to acquire the ROM data, they are unable to access the information because the data is encrypted. Sela and Kanno do not explicitly teach, but Zhang teaches: wherein each respective encrypted ROM datum of the encrypted ROM data is different from each other respective encrypted ROM datum of the encrypted ROM data throughout the ROM array (Zhang [0030], e.g., FIG. 4 is a block diagram of a data de-duplication storage system with replication to scrambled locations. Data block de-duplication has the advantage of storing a block of data only once. Many keys in metadata storage 50 can map to the same copy of the data block. Some data blocks, such as all zeros or all ones, may appear frequently, so de-duplication can reduce overall storage requirements). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Sela and Kanno with the teachings of Zhang with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of reducing overall storage requirements and efficient use of storage (Zhang [0030], e.g., Data block de-duplication has the advantage of storing a block of data only once. Many keys in metadata storage 50 can map to the same copy of the data block. Some data blocks, such as all zeros or all ones, may appear frequently, so de-duplication can reduce overall storage requirements). Regarding claim 2, most of the limitations of this claim have been noted in the rejection of claim 1. Sela does not explicitly teach, but Kanno teaches wherein: the ROM controller comprises an address adjustment circuit configured to adjust ROM addresses to produce adjusted ROM addresses (Kanno Col. 6-7, lines 66-67, 1-8, e.g., FIG. 5 shows an example of the address conversion table 31 according to the first embodiment. The address conversion table 31 includes a plurality of sets of data items associated with each other, as shown in FIG. 5. The address conversion table 31 includes a plurality of entries. Each entry includes a logical address and a physical address associated with the logical address. A physical address included in an entry specifies, of the memory area of the memory 5, an area that stores data assigned the logical address included in the entry); and the ROM controller is configured to adjust the ROM addresses to read the encrypted ROM data stored at the multiple ROM addresses using the address adjustment circuit (Kanno Col. 7, lines 38-50, e.g., Upon receiving a request to read data assigned a logical address from the host device 2, the memory controller 4 obtains a physical address associated with (or, corresponding to) the logical address of the data which the read request specifies as a target (or, read request target data) with reference to the address conversion table 31. The memory controller 4 instructs the memory 5 to read data from an area specified by the obtained physical address, and acquires the data read from the memory 5. The memory controller 4 detects an error in the data read from the memory 5, corrects an error if any error is detected, decrypts the error-corrected data, and generates read request target data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Sela with the teachings of Kanno with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of efficient use of physical memory, process isolation, and protection from unauthorized access. Regarding claim 3, most of the limitations of this claim have been noted in the rejection of claim 1. Sela further teaches wherein: the ROM controller is configured to obtain the at least one digest value (Sela [0086], e.g., To do so, the server 802 may use the same digest computation algorithm that was provided to the memory device 20 to compute a digest for the data that is going to be (or is already) stored on the memory device 20) based on causing at least one hashing algorithm to be applied to the [encrypted] ROM datum (Sela [0023], e.g., Upon receiving a request on the host interface to read data for a logical address, the non-volatile memory device may access the data for the logical address, compute a digest for the accessed data). Sela does not explicitly teach, but Kanno teaches encrypting the ROM data (Kanno Col. 7, lines 37-50, e.g., The memory controller 4 instructs the memory 5 to read data from an area specified by the obtained physical address, and acquires the data read from the memory 5. The memory controller 4 detects an error in the data read from the memory 5, corrects an error if any error is detected, decrypts the error-corrected data). The motivation to combine is the same as that of claim 1. Regarding claim 4, most of the limitations of this claim have been noted in the rejection of claim 3. Sela further teaches wherein: the ROM array and the ROM controller comprise a first peripheral device (Sela Fig. 1B, e.g., memory device 20, memory controller 22, non-volatile memory 24); a second peripheral device comprising a digest computation circuit that is configured to implement one or more hashing algorithms (Sela [0086] e.g., the server 802 may use the same digest computation algorithm that was provided to the memory device 20 to compute a digest); and the ROM controller is configured to obtain the at least one digest value by communicating with the second peripheral device (Sela [0086] e.g., server 802 may use the same digest computation algorithm that was provided to the memory device 20 to compute a digest for the data that is going to be (or is already) stored on the memory device 20). Regarding claim 5, most of the limitations of this claim have been noted in the rejection of claim 1. Sela further teaches wherein: the ROM controller is configured to read the expected digest value from the ROM array (Sela [0078], e.g., Step 604 includes the memory device 20 accessing an expected digest for the data that was accessed for the logical address [0076], e.g., FIG. 6 is one embodiment of a process 600 of verifying data for integrity and/or authenticity. Process 600 may be performed within controller 22). Regarding claim 6, most of the limitations of this claim have been noted in the rejection of claim 5. Sela further teaches wherein the expected digest value is stored in the ROM array in an unencrypted form ([0033] e.g., The expected digests may include a list of logical addresses (e.g., logical block addresses, Logical Unit Number, etc. . . .) and an expected digest for data stored in the non-volatile memory 24 for each logical address). Regarding claim 8, most of the limitations of this claim have been noted in the rejection of claim 1. Sela further teaches wherein: responsive to the at least one digest value matching the expected digest value (Sela [0071], e.g., Step 506 may include determining whether the accessed data is trusted by the host. In one embodiment, the memory controller 22 computes a digest for the accessed data and compares the computed digest with an expected digest for the data), the ROM controller is configured to grant access to the ROM array to permit a boot procedure to be performed using the [encrypted] ROM data (Sela [0073], e.g., If the data is determined to have been verified (step 508=pass), then the non-volatile memory device 20 provides the data on the host interface 220, in step 510). Sela does not explicitly teach, but Kanno teaches encrypting the ROM data (Kanno Col. 7, lines 37-50, e.g., The memory controller 4 instructs the memory 5 to read data from an area specified by the obtained physical address, and acquires the data read from the memory 5. The memory controller 4 detects an error in the data read from the memory 5, corrects an error if any error is detected, decrypts the error-corrected data). The motivation to combine is the same as that of claim 1. Regarding claim 9, most of the limitations of this claim have been noted in the rejection of claim 1. Sela further teaches wherein: responsive to the at least one digest value matching the expected digest value (Sela [0074], e.g., However, if the data is not verified (step 508=fail), then the non-volatile memory device 20 does not provide the data on the host interface 220), the ROM controller is configured to at least one of: transmit an alarm indication (Sela [0075], e.g., Step 512 includes various options in the event that the data is not verified. Another option is to provide an error message to the host without providing any data on the host interface 220); or block access to the ROM array to prevent a boot procedure from being performed using the [encrypted] ROM data (Sela [0074], e.g., Thus, the non-volatile memory device does not allow the data to leave the non-volatile memory device. Moreover, the data will not be provided over the host connection 30. Hence, the host 2 will not receive the data if the data is not verified. In one embodiment, the host will not be provided with data that the host does not trust). Sela does not explicitly teach, but Kanno teaches encrypted ROM data (Kanno Col. 7, lines 37-50, e.g., The memory controller 4 instructs the memory 5 to read data from an area specified by the obtained physical address, and acquires the data read from the memory 5. The memory controller 4 detects an error in the data read from the memory 5, corrects an error if any error is detected, decrypts the error-corrected data). The motivation to combine is the same as that of claim 1. Regarding claim 11, most of the limitations of this claim have been noted in the rejection of claim 1. Sela and Kanno do not explicitly teach, but Zhang teaches wherein a cryptographic key related to production of the encrypted ROM data is selected to ensure that each respective encrypted ROM datum is different from each other respective encrypted ROM datum for the encrypted ROM data throughout the ROM array (Zhang [0033], e.g., Each of scrambler 30, 31, . . . 32 receives the unique identifier for that replication node as a seed input. Since each replication node is assigned a unique and different value of the unique identifier, each of scrambler 30, 31, . . . 32 outputs a different result in response to the same data being input to all scramblers 30, 31, . . . 32). The motivation to combine is the same as that of claim 1. Regarding claim 12 most of the limitations of this claim have been noted in the rejection of claim 1. Sela and Kanno do not explicitly teach, but Zhang teaches wherein a cryptographic algorithm related to production of the encrypted ROM data is selected to ensure that each respective encrypted ROM datum is different from each other respective encrypted ROM datum for the encrypted ROM data throughout the ROM array (Zhang [0034], e.g., The scrambled data from scrambler 30, 31, . . . 32 is then applied to cryptohash engine 34, 35, . . . 36 that generate a cryptographic hash. Since each replication node generates a different scramble of the data, the inputs to each of cryptohash engine 34, 35, . . . 36 are different, so the hashes generated for each replication node are different). The motivation to combine is the same as that of claim 1. Regarding claim 13, the claim recites a method of the apparatus of claim 1, and is similarly analyzed. Regarding claim 14, the claim recites a method of the apparatus of claim 2, and is similarly analyzed. Regarding claim 15, Sela further teaches wherein the gating comprises: blocking access to the ROM array responsive to the at least one digest value failing to match the expected digest value (Sela [0074], e.g., However, if the data is not verified (step 508=fail), then the non-volatile memory device 20 does not provide the data on the host interface 220; [0074], e.g., Thus, the non-volatile memory device does not allow the data to leave the non-volatile memory device. Moreover, the data will not be provided over the host connection 30. Hence, the host 2 will not receive the data if the data is not verified. In one embodiment, the host will not be provided with data that the host does not trust). Regarding claim 16, Sela teaches an integrated circuit including security circuitry with read-only memory (ROM), the security circuitry comprising: a ROM array (Sela Fig. 1B, e.g., memory device 20, non-volatile memory 24) [including multiple encrypted ROM lines, each encrypted ROM line of the multiple encrypted ROM lines being distinct from each other encrypted ROM line of the multiple encrypted ROM lines throughout the ROM array]; and a ROM controller coupled to the ROM array (Sela Fig. 1B, e.g., memory device 20, memory controller 22, non-volatile memory 24) and configured to: read the multiple [encrypted] ROM lines from the ROM array (Sela [0023], e.g., Upon receiving a request on the host interface to read data for a logical address); and to control access to the ROM array responsive to an expected digest value and at least one digest value that is produced based on the multiple [encrypted] ROM lines (Sela [0071], e.g., the memory controller 22 computes a digest for the accessed data and compares the computed digest with an expected digest for the data). Sela does not explicitly teach, but Kanno teaches a ROM array including multiple encrypted ROM lines (Kanno Col. 7, lines 37-50, e.g., The memory controller 4 instructs the memory 5 to read data from an area specified by the obtained physical address, and acquires the data read from the memory 5. The memory controller 4 detects an error in the data read from the memory 5, corrects an error if any error is detected, decrypts the error-corrected data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Sela with the teachings of Kanno with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit enhanced security and an additional layer of security. In the event of an attack or breach, if an attack is able to acquire the ROM data, they are unable to access the information because the data is encrypted. Sela and Kanno do not explicitly teach, but Zhang teaches wherein each encrypted ROM line of the multiple encrypted ROM lines being distinct from each other encrypted ROM line of the multiple encrypted ROM lines (Zhang [0030], e.g., FIG. 4 is a block diagram of a data de-duplication storage system with replication to scrambled locations. Data block de-duplication has the advantage of storing a block of data only once. Many keys in metadata storage 50 can map to the same copy of the data block. Some data blocks, such as all zeros or all ones, may appear frequently, so de-duplication can reduce overall storage requirements). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Sela and Kanno with the teachings of Zhang with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of reducing overall storage requirements and efficient use of storage (Zhang [0030], e.g., Data block de-duplication has the advantage of storing a block of data only once. Many keys in metadata storage 50 can map to the same copy of the data block. Some data blocks, such as all zeros or all ones, may appear frequently, so de-duplication can reduce overall storage requirements). Regarding claim 19, most of the limitations of this claim have been noted in the rejection of claim 16. Sela and Kanno do not explicitly teach, but Zhang teaches wherein a cryptographic key is selected to ensure that the multiple encrypted ROM lines are nonduplicative (Zhang [0033], e.g., Each of scrambler 30, 31, . . . 32 receives the unique identifier for that replication node as a seed input. Since each replication node is assigned a unique and different value of the unique identifier, each of scrambler 30, 31, . . . 32 outputs a different result in response to the same data being input to all scramblers 30, 31, . . . 32). The motivation to combine is the same as that of claim 16. Regarding claim 20 most of the limitations of this claim have been noted in the rejection of claim 16. Sela and Kanno do not explicitly teach, but Zhang teaches wherein a cryptographic algorithm is selected to ensure that the multiple encrypted ROM lines are nonduplicative (Zhang [0034], e.g., The scrambled data from scrambler 30, 31, . . . 32 is then applied to cryptohash engine 34, 35, . . . 36 that generate a cryptographic hash. Since each replication node generates a different scramble of the data, the inputs to each of cryptohash engine 34, 35, . . . 36 are different, so the hashes generated for each replication node are different). The motivation to combine is the same as that of claim 16. Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sela in view of Kanno and Zhang, and in further view of US 20220058295 to Boehm et al. (Boehm). Regarding claim 7, most of the limitations of this claim have been noted in the rejection of claim 1. Sela, Kanno, and Zhang do not explicitly teach, but Boehm teaches wherein: the ROM controller is configured to provide the at least one digest value to a component that is external of the ROM (Boehm [0013], e.g., the host device may transmit a request to the memory device for the data and/or the first hash). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Sela, Kanno, and Zhang with the teachings of Boehm with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of additional integrity checks. Claim(s) 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sela in view of Kanno and Zhang, and in further view of US 20100115184 A1 to Chang et al. (Chang). Regarding claim 17, most of the limitations of this claim have been noted in the rejection of claim 16. Sela, Kanno, and Zhang do not explicitly teach but Chang teaches a digest computation circuit configured to compute the at least one digest value based on the multiple encrypted ROM lines (Chang [0037], e.g., Next, in step S203, the microprocessor unit 110a integrates the security data and the data token and sends the integrated security data and data token to the message digest generation unit 110d. After that, in step S205, the message digest generation unit 110d generates a corresponding message digest according to the integrated security data and data token by using a one-way hash function; Note that step 205, integration forms encrypted data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Sela, Kanno, and Zhang with the teachings of Chang with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit verifying the reliability of the data (Chang [0027], e.g., In particular, the microprocessor unit 110a stores the message digest generated by the message digest generation unit 110d in the flash memory chip 120, and subsequently, the microprocessor unit 110a reads the message digest to verify the reliability of the security data) Regarding claim 18, most of the limitations of this claim have been noted in the rejection of claim 16. Sela, Kanno, and Zhang do not explicitly teach but Chang teaches wherein the digest computation circuit is part of a ROM block that includes the ROM array and the ROM controller (Chang Fig. 1, e.g., flash memory storage system 100, microprocessor unit 110a, message digest generation unit 110d, flash memory chip 120). The motivation to combine is the same as that of claim 17. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 11409668 B2 to Kim et al. (Kim) discloses generating different cryptographic keys and encrypting the addresses and data with the keys. US 20190042476 A1 Chhabra et al. (Chhabra) discloses the use of message authentication codes to increase protection against spoofing, splicing, and cross-domain attacks. US 20120042376 A1 to Dolgunov et al. (Dolgunov) discloses unlocking access to memory public memory area containing operating system code upon a successful attempt to authenticate a user/host device. US 20130145177 A1 to Cordella et al. (Cordella) discloses encrypting memory using an encryption key that is generated based on a random number and a memory location at which the contents are stored. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAWRENCE Q TRUONG whose telephone number is (571)272-6973. The examiner can normally be reached Monday - Friday, 7:30 am - 5 pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /LAWRENCE Q TRUONG/Examiner, Art Unit 2434 /KAMBIZ ZAND/ Supervisory Patent Examiner, Art Unit 2434