DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The instant application having application No. 18/574,474 filed on December 27, 2023, presents claims 16-30 for examination. The instant application claims foreign priority to EP21382578.9 filed on 6/30/2021.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/27/2023 was filed before the mailing date of the Non-Final Office Action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Specification
The disclosure is objected to because of the following informalities:
P15, line 24, -the main[[s]] steps from Fig. 4-.
Appropriate correction is required.
Claim Objections
Claim 18 is objected to because of the following informalities:
Line 1, - The method [[of]] according to claim 17-.
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 28-29 are rejected under 35 USC 101 because the claimed invention is directed to non-statutory subject matter.
Claim 28 cites “An update agent…” without disclosing any hardware. The claimed agent is software only which does not fall within at least one of the four categories of patent eligible subject matter. Thus the claim is rejected under 35 USC § 101 as covering non-statutory subject matter. Dependent claim 29 does not disclose any hardware and is rejected for software per se under 35 USC 101.
Claims 16-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
With respect to claim 16, This claim is within at least one of the four categories of patent eligible subject matter as it is directed to a method claim under Step 1.
Under Prong 1, Step 2A:
However, the limitations of claim 16,
“converting the software image into a sequence of ciphered blocks;
protecting the sequence of ciphered blocks with an authentication tag to obtain a sequence of protected blocks;
wherein the steps of converting and protecting are implemented by an authenticated encryption function using a same block cipher.”
as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually convert the software image into a sequence of ciphered blocks; human can manually generate authentication tag for protecting the sequence of ciphered blocks; human can manually perform the converting and protecting processes with an authenticated encryption function using a same block cipher. Thus these claim limitations fall within the “Mental Processes” grouping of abstract ideas under Prong 1 Step 2A
Under Prong 2, Step 2A:
The judicial exception is not integrated into a practical application. The claim recites the following additional elements
“an update agent on the secure element;”
“transmitting the sequence of protected blocks to an update agent on the secure element;”.
Wherein “an update agent”, and “the secure element” are recited at a high-level of generality (i.e. as a generic processing device/software performing generic computer functions) such that it amounts to no more than mere instructions to apply the judicial exception using a generic computer component/software. The “transmitting …” is insignificant extra-solution activity such as transmitting data, according to MPEP 2106.05(g); thus, not indicative of an integration into a practical application. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Under Step 2B:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements “an update agent”, and “the secure element”, that are mere use of generic computer/software to implement the abstract idea, thus, are not an inventive concept. The “transmitting …” is insignificant extra-solution activity such as data transmitting which is recognized as well-understood, routine, and conventional activity, see MPEP § 2106.05(d)(II). Accordingly, the claim does not appear to be patent eligible under 35 USC 101.
With respect to claim 25, This claim is within at least one of the four categories of patent eligible subject matter as it is directed to a server claim under Step 1.
Under Prong 1, Step 2A:
However, the limitations of claim 25,
“the server being configured to generate the bound installation package from a software image by implementing an authenticated encryption function using a block cipher to encrypt the software image and to compute an authentication tag on the encrypted software image.”
as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the server being configured to” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the server being configured to”, “generate” in the context of this claim encompasses the user manually generate the bound installation package as defined in the claim, similarly, the user can manually implement an authenticated encryption function using a clock cipher, and the user can manually encrypt the software image, and can manually compute an authentication tag on the encrypted software image. Thus these claim limitations fall within the “Mental Processes” grouping of abstract ideas under Prong 1 Step 2A.
Under Prong 2, Step 2A:
The judicial exception is not integrated into a practical application. The claim recites the following additional elements
“the server” and “a secure element”.
However, “the server” and “a secure element” are recited at a high-level of generality (i.e. as a generic processing device/software performing generic computer functions) such that it amounts to no more than mere instructions to apply the judicial exception using a generic computer component/software. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Under Step 2B:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements ““the server” and “a secure element”, that are mere use of generic computer/software to implement the abstract idea, thus, are not an inventive concept. Accordingly, the claim does not appear to be patent eligible under 35 USC 101.
With respect to claim 27, This claim is within at least one of the four categories of patent eligible subject matter as it is directed to a mobile network system claim under Step 1.
Under Prong 1, Step 2A:
However, the limitations of claim 27,
“wherein the server is configured to generate the bound installation package from a software image comprising the protected software updates by performing:
implementing an authenticated encryption function using a block cipher to encrypt the software image using the block cipher and to compute an authentication tag on the encrypted software image using the same block cipher;”
as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the server is configured to” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the server is configured to”, “generate” in the context of this claim encompasses the user manually generate the bound installation package as defined in the claim, similarly, the user can manually implement an authenticated encryption function using a clock cipher, and the user can manually encrypt the software image using the block cipher, and can manually compute an authentication tag on the encrypted software image using the same block cipher. Thus these claim limitations fall within the “Mental Processes” grouping of abstract ideas under Prong 1 Step 2A.
Under Prong 2, Step 2A:
The judicial exception is not integrated into a practical application. The claim recites the following additional elements
“A mobile network system”, “a mobile device”, “a secure element”, “a server”, “an update agent”,
“transmitting the sequence of protected blocks to an update agent on the secure element.”.
Wherein “A mobile network system”, “a mobile device”, “a secure element”, “a server” and “an update agent” are recited at a high-level of generality (i.e. as a generic processing device/software performing generic computer functions) such that it amounts to no more than mere instructions to apply the judicial exception using a generic computer component/software. The “transmitting …” is insignificant extra-solution activity such as transmitting data, according to MPEP 2106.05(g); thus, not indicative of an integration into a practical application. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Under Step 2B:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements “A mobile network system”, “a mobile device”, “a secure element”, “a server” and “an update agent” that are mere use of generic computer/software to implement the abstract idea, thus, are not an inventive concept. The “transmitting …” is insignificant extra-solution activity such as data transmitting which is recognized as well-understood, routine, and conventional activity, see MPEP § 2106.05(d)(II). Accordingly, the claim does not appear to be patent eligible under 35 USC 101.
With respect to claim 28, This claim is within at least one of the four categories of patent eligible subject matter as it is directed to an update agent (the agent if amended to include some hardware, e.g. a processor, the claim would be patent eligible subject matter) claim under Step 1.
Under Prong 1, Step 2A:
However, the limitations of claim 28,
“implement an authenticated decryption function to extract the soft-ware image from the sequence of ciphered blocks; and to authenticate the software image by verifying the authentication tag.”
as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually implement an authenticated decryption function to extract the soft-ware image from the sequence of ciphered blocks, and can manually authenticate the software image by verifying the authentication tag. Thus these claim limitations fall within the “Mental Processes” grouping of abstract ideas under Prong 1 Step 2A.
Under Prong 2, Step 2A:
The judicial exception is not integrated into a practical application. The claim recites the following additional elements
“a secure element”, “an update agent”,
“receive a sequence of protected segments containing a software image for performing the software update, the sequence of protected segments having been generated by the method of claim 16 and comprising a sequence of ciphered blocks and an authentication tag;”.
Wherein “a secure element”, and “an update agent” are recited at a high-level of generality (i.e. as a generic processing device/software performing generic computer functions) such that it amounts to no more than mere instructions to apply the judicial exception using a generic computer component/software. The “receive …” is insignificant extra-solution activity such as transmitting data, according to MPEP 2106.05(g); thus, not indicative of an integration into a practical application. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Under Step 2B:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements “a secure element”, and “an update agent” that are mere use of generic computer/software to implement the abstract idea, thus, are not an inventive concept. The “receive …” is insignificant extra-solution activity such as data gathering which is recognized as well-understood, routine, and conventional activity, see MPEP § 2106.05(d)(II). Accordingly, the claim does not appear to be patent eligible under 35 USC 101.
With respect to claim 30, This claim is within at least one of the four categories of patent eligible subject matter as it is directed to a non-transitory computer-readable medium claim under Step 1.
This claim recites a non-transitory computer-readable medium to implement a method that is disclosed in claim 16 and therefore recites the same abstract idea as claim 16, please see the office action analysis regarding claim 16.
Claim 30 recites one additional element that is not recited in claim 16, i.e. a non-transitory computer-readable medium, but the computer-readable medium is mere use of generic computer component to implement the abstract idea, thus, is not an inventive concept.
With respect to claim 17, “further comprising segmenting the software image into a sequence of input blocks,
wherein the authenticated encryption function encrypts each input block using the block cipher, obtaining therewith the sequence of ciphered blocks.” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually segment the software image into a sequence of input blocks; can manually encrypt each input block as defined in the claim.
With respect to claim 18, “wherein the authenticated encryption function encrypts each input block by:
applying a forward cipher function of the block cipher to each input block to obtain a sequence of output blocks; and
performing an exclusive-OR operation on each pair of an input block and corresponding output block to obtain the sequence of ciphered blocks.” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually apply a forward cipher function as defined in the claim, can manually perform XOR operation as defined in the claim.
With respect to claim 19, “further comprising concatenating the sequence of ciphered blocks with additional authentication data.” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually concatenate the sequence of ciphered blocks as defined in the claim.
With respect to claim 20, “wherein the authenticated encryption function applies a hash function to the sequence of ciphered blocks to obtain a hashed tag,
wherein the hash function is generated using the block cipher.” Wherein the encryption function and hash function are mathematical concepts. As drafted, the limitations are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually apply the hash function as defined in the claim, and can manually generate the hash function as defined in the claim.
With respect to claim 21, “wherein the hash function is a GHASH function based on operations in a finite Galois field.” as drafted, is merely indicating a field of use or technological environment in which to apply a judicial exception, and does not amount to significantly more than the exception itself, and cannot integrate a judicial exception into a practical application. See MPEP § 2106.05(h).
With respect to claim 22, “further comprising encrypting the hashed tag using a nonce to obtain the authentication tag.” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually encrypt the hashed tag using a nonce to obtain the authentication tag.
With respect to claim 23, “further comprising appending the authentication tag to the concatenated sequence of ciphered blocks to obtain the sequence of protected blocks.” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitation encompasses a human mind carrying out the functions through observation, evaluation, judgment and /or opinion, or even with the aid of pen and paper. e.g. human can manually append the authentication tag as defined in the claim.
With respect to claim 24, “wherein transmitting the sequence of protected blocks to the update agent within the secure element comprises segmenting the sequence of protected blocks,
wherein the first to but-last segments carry parts of the encrypted software image and the last segment carries the authentication tag; and transmitting the segments to the update agent.” Wherein the “transmitting …” is insignificant extra-solution activity such as data transmitting which is recognized as well-understood, routine, and conventional activity, see MPEP § 2106.05(d)(II). Segmenting is mental process because human can manually segment the sequence of protected blocks as defined by the claim.
With respect to claim 26, “further configured to perform a method for providing a software image to a secure element, the method comprising:
converting the software image into a sequence of ciphered blocks;
protecting the sequence of ciphered blocks with an authentication tag to obtain a sequence of protected blocks;
transmitting the sequence of protected blocks to an update agent on the secure element;
wherein the steps of converting and protecting are implemented by an authenticated encryption function using a same block cipher;
further comprising segmenting the software image into a sequence of input blocks,
wherein the authenticated encryption function encrypts each input block using the block cipher, obtaining therewith the sequence of ciphered blocks.” Further defines the server of claim 25. Wherein the “transmitting …” is insignificant extra-solution activity such as data transmitting which is recognized as well-understood, routine, and conventional activity, see MPEP § 2106.05(d)(II). All other limitations are mental processes because human can manually perform the operations as defined in the claim. The claim recites same features as claims 16 and 17, please also refer to analysis regarding claims 16 and 17.
With respect to claim 29, “wherein the update agent is configured to perform a software update using the software image if the authentication tag is verified, and to return a failure message otherwise.” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “the update agent is configured to” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “the update agent is configured to”, “perform” in the context of this claim encompasses the user manually perform a software update using the software image if the authentication tag is verified, and return a failure message otherwise. “the update agent” is merely used as a tool to implement the abstract idea, thus, are not an inventive concept.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 16, 25, 27-30 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson (US 20180294968 A1, hereinafter “Johnson”) in view of Hsieh et al. (US 20150261519 A1, hereinafter “Hsieh”).
With respect to claim 16 (New), Johnson discloses A method [for providing a software image to a secure element], the method comprising:
converting the software image into a sequence of ciphered blocks (e.g. Fig. 12, step 1210, para [0060], “… at step 1210 wherein at least a plurality of blocks of plaintext and a key are used by a first cryptographic function to generate one or more blocks of cryptographic output. …” wherein cryptographic blocks reads on ciphered blocks);
protecting the sequence of ciphered blocks with an authentication tag to obtain a sequence of protected blocks (e.g. para [0062], “At step 1220, a tag (or authentication code) is generated based on the one or more blocks of cryptographic output. …”);
transmitting the sequence of protected blocks to an update agent on the secure element (e.g. para [0065], “At step 1250, the plurality of blocks of ciphertext generated at step 1240 and the tag generated at step 1220 are transmitted. …”);
wherein the steps of converting and protecting are implemented by an authenticated encryption function using a same block cipher (e.g. para [0041], “… Some embodiments may use a common symmetric-key block cipher to achieve both the authenticity and privacy goals, …” wherein authenticity reads on protecting step, and privacy reads on converting step. Also see para [0046]).
Johnson does not appear to explicitly disclose (A method) for providing a software image to a secure element. However, this is taught in analogous art, Hsieh (e.g. Abstract, wherein encrypting/decrypting and compressing/decompressing indicate that there is a secure element).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Johnson with the invention of Hsieh because it provides security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones as suggested by Hsieh (see para [0003-0004]).
With respect to claim 25 (New), Johnson discloses A server, in particular a subscription manager data preparation server, configured to provide protected [software updates to a secure element] through a bound installation package, the server being configured to generate the bound installation package from a software image by implementing an authenticated encryption function using a block cipher to encrypt the software image and to compute an authentication tag on the encrypted software image (e.g. Fig. 14 shows a block diagram of a system/server. Fig. 12 shows a flowchart for a method for encryption and authentication, also refer to office action regarding claim 16 above, wherein plaintext reads on a software image).
Johnson does not appear to explicitly disclose … software updates to a secure element …. However, this is taught in analogous art, Hsieh (e.g. Abstract, wherein encrypting/decrypting and compressing/decompressing indicate that there is a secure element).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Johnson with the invention of Hsieh because it provides security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones as suggested by Hsieh (see para [0003-0004]).
With respect to claim 27 (New), Johnson discloses
wherein the server is configured to generate the bound installation package from a software image comprising the protected software updates by performing (e.g. Fig. 14):
implementing an authenticated encryption function using a block cipher to encrypt the software image using the block cipher and to compute an authentication tag on the encrypted software image using the same block cipher (e.g. Fig. 12, steps 1210 and 1220); and
transmitting the sequence of protected blocks to an update agent on the secure element (e.g. Fig. 12, step 1250).
Johnson does not appear to explicitly disclose A mobile network system for providing services to a mobile device, the mobile device comprising a secure element, the system comprising a server, in particular a subscription manager data preparation server, configured to provide protected software updates to the secure element through a bound installation package; However, this is taught in analogous art, Hsieh (e.g. Fig. 1 shows a mobile network. Fig. 3 shows a flowchart of operations, wherein the publication package reads on a bound installation package; and checking check sum in step 304 and decrypts the encrypted original package indicates that the mobile device has a secure element.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Johnson with the invention of Hsieh because it provides security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones as suggested by Hsieh (see para [0003-0004]).
With respect to claim 28 (New), Johnson discloses An update agent for use in [a secure element to install a software update on the secure element], the update agent being configured to (e.g. Fig. 14, Decryption Module 1415):
receive a sequence of protected segments containing a software image for performing the software update, the sequence of protected segments having been generated by the method of claim 16 and comprising a sequence of ciphered blocks and an authentication tag (e.g. Fig. 13, step 1310, wherein blocks of plaintext read on a software image. Fig. 12 shows flowchart of operations for generating the sequence of protected segments comprising a sequence of ciphered blocks and an authentication tag by the method of claim 16, please refer to office action regarding claim 16 above.); and
implement an authenticated decryption function to extract the soft-ware image from the sequence of ciphered blocks; and to authenticate the software image by verifying the authentication tag (e.g. Fig. 13, steps 1320-1350).
Johnson does not appear to explicitly disclose … a secure element to install a software update on the secure element …. However, this is taught in analogous art, Hsieh (e.g. Abstract, wherein encrypting/decrypting and compressing/decompressing indicate that there is a secure element).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Johnson with the invention of Hsieh because it provides security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones as suggested by Hsieh (see para [0003-0004]).
With respect to claim 29 (New), Johnson as modified by Hsien discloses The update agent according to claim 28, Hsien further discloses wherein the update agent is configured to perform a software update using the software image if the authentication tag is verified, and to return a failure message otherwise (e.g. Fig. 3, step 304 wherein checking check sum is analogous to verifying authentication tag. Steps 304-306 teach the claim feature. For motivation to combine, please refer to office action regarding claim 28.)
With respect to claim 30 (New), Johnson discloses A non-transitory computer-readable medium [for providing a protected software image to a secure element], comprising instructions stored thereon, that when executed on a processor, perform the steps of (e.g. Fig. 14, memory reads on CRM):
generating a bound installation package from a software image by implementing an authenticated encryption function to encrypt the software image and to compute an authentication tag on the encrypted software image using a block cipher (Fig. 12 shows flowchart of operations for encrypting the software image, and for computing an authentication tag using a block cipher. Wherein plaintext reads on a software image); and
transmitting the bound installation package to an update agent on the secure element (e.g. Fig. 12, step 1250).
Johnson does not appear to explicitly disclose … for providing a protected software image to a secure element …. However, this is taught in analogous art, Hsieh (e.g. Abstract, wherein encrypting/decrypting and compressing/decompressing indicate that there is a secure element).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Johnson with the invention of Hsieh because it provides security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing security protection method and the download checking mechanism for upgrading software in mobile devices such as smartphones as suggested by Hsieh (see para [0003-0004]).
Claims 17, 19-21, 24, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson in view Hsien as applied to claims 16, 25 respectively, in further view of Char et al. (US 9537657 B1, hereinafter “Char” cited from IDS filed 12/27/2023).
With respect to claim 17 (New), Johnson as modified by Hsien discloses The method according to claim 16, Johnson further discloses further comprising [segmenting the software image into a sequence of input blocks],
wherein the authenticated encryption function encrypts each input block using the block cipher, obtaining therewith the sequence of ciphered blocks (e.g. Fig. 12, step 1210 as cited for claim 16. Fig. 4 shows block cipher in operations at 420 and 450), but does not appear to explicitly anticipates further comprising segmenting the software image into a sequence of input blocks, However, this is taught in analogous art, Char (e.g. Fig. 2, step 210, “divide data stream into multiple data segments”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Johnson with the invention of Char because it provides techniques for incremented authenticated encryption which protects message integrity and confidentiality and may provide security against various forms of chosen ciphertext attack. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing techniques for incremented authenticated encryption which protects message integrity and confidentiality and may provide security against various forms of chosen ciphertext attack as suggested by Char (see col 2 line 66 to col 3 line 11).
With respect to claim 19 (New), Johnson as modified by Hsien and Char discloses The method according to claim 17, Char further discloses further comprising concatenating the sequence of ciphered blocks with additional authentication data (e.g. col 11, lines 43-54, “… Additionally, encryption component 640 may be used to generate final authentication tag 680, which may, in one embodiment, correspond to steps 3 and 4 in the example above. In other embodiments, final authentication tags may be generated in other, different manners.” For motivation to combine, please refer to office action regarding claim 17).
With respect to claim 20 (New), Johnson as modified by Hsien and Char discloses The method according to claim 17, Char further discloses wherein the authenticated encryption function applies a hash function to the sequence of ciphered blocks to obtain a hashed tag, wherein the hash function is generated using the block cipher (e.g. col 10, lines 16-27, “… For instance, in one example embodiment, an authentication tag, such as segment authentication tags 150, and 670 may be generated by first applying the GHASH function (e.g., that uses the hash key H) to a concatenation of any additional authenticated data (A), the encrypted data (e.g., the ciphertext, C) and the lengths of both the additional authenticated data and the encrypted data. …” For motivation to combine, please refer to office action regarding claim 17).
With respect to claim 21 (New), Johnson as modified by Hsien and Char discloses The method according to claim 20, Char further discloses wherein the hash function is a GHASH function based on operations in a finite Galois field (e.g. col 10, lines 16-25, “… For instance, in one example embodiment, an authentication tag, such as segment authentication tags 150, and 670 may be generated by first applying the GHASH function (e.g., that uses the hash key H) to a concatenation of any additional authenticated data (A), the encrypted data (e.g., the ciphertext, C) and the lengths of both the additional authenticated data and the encrypted data. …” For motivation to combine, please refer to office action regarding claim 17).
With respect to claim 24 (New), Johnson as modified by Hsien discloses The method according to claim 16, but does not appear to explicitly anticipates wherein transmitting the sequence of protected blocks to the update agent within the secure element comprises segmenting the sequence of protected blocks,
wherein the first to but-last segments carry parts of the encrypted software image and the last segment carries the authentication tag; and transmitting the segments to the update agent. However, this is taught in analogous art, Char (e.g. Figs. 1 and 3. col 4 line 59 to col 5 line 3, “… As shown in FIG. 3, incremental authentication decryption component 320 may be configured to decrypt and authenticate previously encrypted data stream 300 that may have been received via data input component 180, in some embodiments. Encrypted data stream 300 may include multiple data segments, each of which may include encrypted data 140 and a segment authentication tag 150. Additionally, the previously encrypted data stream 300 may include a final authentication tag 160, such as may be usable to authenticate the multiple data segments as a whole.” Wherein the received previously encrypted data stream shows the features of the claim. For motivation to combine, please refer to office action regarding claim 17).
With respect to claim 26 (New), it recites same features as claims 16 and 17, and is rejected for the same reason.
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson in view of Hsien and Char as applied to claim 17, in further view of Henry et al. (US 20050160279 A1, hereinafter “Henry”).
With respect to claim 18 (New), Johnson as modified by Hsien and Char discloses The method of according to claim 17, but does not appear to explicitly disclose wherein the authenticated encryption function encrypts each input block by:
applying a forward cipher function of the block cipher to each input block to obtain a sequence of output blocks; and
performing an exclusive-OR operation on each pair of an input block and corresponding output block to obtain the sequence of ciphered blocks.
However, in analogous art, Henry discloses wherein the authenticated encryption function encrypts each input block by:
applying a forward cipher function of the block cipher to each input block to obtain a sequence of output blocks (e.g. para [0059], “… A forward cipher operation is applied to the initialization vector to produce a first cipher output block. …” Figs. 5 and 12 show block cipher information); and
performing an exclusive-OR operation on each pair of an input block and corresponding output block to obtain the sequence of ciphered blocks (e.g. para [0059], “… Then a first ciphertext block is produced by exclusive-ORing the first cipher output block with the first plaintext block. The first cipher output block is then fed forward as an initialization vector equivalent for encryption of a second plaintext block. And so on. …”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Henry because it provides techniques for efficiently performing programmable block encryption/decryption across multiple data blocks. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing techniques for efficiently performing programmable block
encryption/decryption across multiple data blocks as suggested by Henry (see para [0022-0023]).
Claims 22 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson in view of Hsien and Char as applied to claim 20, in further view of MINEMATSU et al. (US 20230139104 A1, hereinafter “MINEMATSU”).
With respect to claim 22 (New), Johnson as modified by Hsien and Char discloses The method of according to claim 20, but does not appear to explicitly disclose further comprising encrypting the hashed tag using a nonce to obtain the authentication tag.
However, this is taught in analogous art, MINEMATSU (e.g. para [0069], “The addition unit 106 generates a non-shortened authentication tag U by calculating the sum of the checksum S, the encrypted nonce V, and the hash value H of the header. …” this technique of generating authentication tag applies to the claim, and hence renders the claim obvious);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Henry because it provides techniques capable of reducing delays in encryption and in decryption. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of providing techniques capable of reducing delays in encryption and in decryption as suggested by MINEMATSU (see para [0009]).
With respect to claim 23 (New), Johnson as modified by Hsien, Char and MINEMATSU discloses The method according to claim 22, Char further discloses further comprising appending the authentication tag to the concatenated sequence of ciphered blocks to obtain the sequence of protected blocks (e.g. Fig. 6, step 680. For motivation to combine, please refer to office action regarding claim 17).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. For example, Lin et al., US 20050278548 A1 teaches System And Method For Performing Secure Communications In A Wireless Local Area Network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zengpu Wei whose telephone number is 571-270-1302. The examiner can normally be reached on Monday to Friday from 8:00AM to 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bradley Teets, can be reached on 571-272-3338. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
/ZENGPU WEI/
Examiner, Art Unit 2197