APPARATUS AND METHOD FOR POINTER AUTHENTICATION

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This office action is a response to an amendment filed on 03/04/2026. Claims 1-18 are currently pending, of which claims 1 and 18 are amended. Information Disclosure Statement The information disclosure statement (IDS) submitted on 03/04/2026 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Applicant’s remarks, see page 6, with respect to the claim objections have been fully considered. The claims have been amended to overcome the informalities; therefore, the objections are withdrawn. Applicant’s remarks, see page 6, with respect to the rejections under 35 USC 101 have been fully considered. The claim has been amended to be directed to statutory subject matter, therefore the rejection is withdrawn. Applicant’s remarks, see pages 6-9, with respect to the rejections under 35 USC 103 have been fully considered but are not persuasive. The rejections are therefore maintained. Applicant argues that Beaumont-Smith does not disclose the obtaining of the predicted pointer signature, the comparison, and the determination of pointer validity occur “in response to an instruction to authenticate,” because Beaumont-Smith compares a validation tag and validation state automatically during instruction fetch rather than in response to an authentication instruction (see Applicant’s remarks, page 8). The argument is not persuasive. The rejection does not rely on Beaumont-Smith for teaching “in response to an instruction to authenticate”. Rather, this limitation is taught by Barnes. Barnes discloses processing circuitry that authenticates a pointer, in response to execution of program instructions for invoking an authorization function (Barnes, [0074]-[0082]). The authentication includes generating a pointer signature and comparing it with an associated signature to determine whether the pointer is valid. Beaumont-Smith, on the other hand, is relied upon for teaching address prediction storage circuitry and address prediction information (Beaumont-Smith, [0007], [0042]-[0044], [0049]). The address prediction information includes entries that store a predicted address (e.g., a target PC, corresponding to the claimed pointer) and associated validation data (e.g., a validation tag). This validation data is mapped in the rejection to the claimed predicted pointer signature, as it represents prediction associated validation information used in a comparison operation to evaluate predicted addresses. It would have been obvious to modify the pointer authentication apparatus of Barnes to include the branch prediction mechanism of Beaumont-Smith in order to facilitate predicting upcoming instruction addresses and verifying, using cryptographic pointer signatures, that the predicted addresses or pointers are valid, thereby improving security and reliability against control flow corruption. Such a modification would have been a predictable use of known processor prediction mechanisms to support pointer authentication operations. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 7-10, 12, 13 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Barnes (US 2019/0026236) in view of Beaumont-Smith et al. (US 2011/0289300), hereinafter Beaumont-Smith. Barnes is cited by Applicant in the IDS filed on 01/09/2024. Regarding claim 1, Barnes discloses an apparatus comprising: processing circuitry to execute instructions (Barnes, Fig. 1); address storage circuitry to store address information for use in upcoming instructions to be executed by the processing circuitry (Barnes, [0029]-[0030]: storage elements (address storage circuitry) store a pointer and its associated information, i.e., a capability (address information), to be used to determine the address of an instruction to be executed); wherein the processing circuitry is responsive to an instruction to generate a pointer signature for a pointer to generate the pointer signature for the pointer based at least in part on an address of the pointer and a cryptographic key (Barnes, Fig. 4, [0074]-[0077]: signing operation (instruction to generate a pointer signature) generates a signature for a pointer using the pointer value/unique pointer bits (address of the pointer) and a cryptographic signing key); the address storage circuitry is configured to store address information for the pointer, the address information comprising at least the pointer (Barnes, Fig. 4, [0044], [0079]: storage element (address storage circuitry) stores a signed capability (address information for the given pointer) comprising the pointer); and the processing circuitry is responsive to an instruction to authenticate a given pointer to (Barnes, [0080]: authorization function invoked): obtain, based on the address information for the given pointer, a pointer signature (Barnes, Fig. 4, [0082]: authorization signature (pointer signature) generated using relevant pointer bits (address information for the given pointer)); compare the pointer signature with a pointer signature identified by the instruction to authenticate (Barnes, [0082]: compare authorization signature (pointer signature) with signature held in the signed capability (pointer signature identified by the instruction to authenticate)); and responsive to the comparing detecting a match, determine that the given pointer is valid (Barnes, [0082]: if there is a match, authorization is passed (given pointer is valid)). Barnes does not explicitly teach the concept of “prediction”. That is, Barnes does not explicitly disclose address prediction storage circuitry; address prediction information for use in predicting; address predicting information for the given pointer; predicted pointer signature. However, Beaumont-Smith discloses address prediction storage circuitry to store address prediction information for use in predicting upcoming instructions to be executed by the processing circuitry (Beaumont-Smith, [0007], [0042]: branch prediction memory (address prediction storage circuitry) of indirect branch target predictor stores target address generated during previous executions (address prediction information) and uses the stored target addresses as predictions); the address prediction storage circuitry is configured to store address prediction information for the pointer, the address prediction information comprising at least the pointer (Beaumont-Smith, Figs 2 & 3, [0049]: branch prediction memory (address prediction storage circuitry) stores an entry (address prediction information) which includes a target PC field (pointer)); obtain, based on the address prediction information for the given pointer, a predicted pointer signature (Beaumont-Smith, [0043]: control circuit receives a validation tag (predicted pointer signature)); compare the predicted pointer signature with a pointer signature identified by the instruction to authenticate (Beaumont-Smith, [0043]: comparing the validation tag (predicted pointer signature) and a validation state (pointer signature) to determine if there is a match). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 2, Barnes does not explicitly disclose wherein: the address prediction information for the given pointer further comprises the pointer signature; and the processing circuitry is configured to obtain the predicted pointer signature by identifying the pointer signature in the address prediction information for the given pointer. However, Beaumont-Smith discloses wherein: the address prediction information for the given pointer further comprises the pointer signature (Beaumont-Smith, Fig. 3, [0049]: a branch prediction entry (address prediction information) for a target PC (pointer) comprises a validation tag (pointer signature)); and the processing circuitry is configured to obtain the predicted pointer signature by identifying the pointer signature in the address prediction information for the given pointer (Beaumont-Smith, [0043]: control circuit reads a predicted validation tag (predicted pointer signature) from a branch prediction memory entry (address prediction information)). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 3, Barnes discloses wherein: the processing circuitry is configured to obtain the pointer signature by generating the pointer signature based at least in part on an address of the given pointer from the address information and the cryptographic key (Barnes, Fig. 4: authorization signature (pointer signature) is generated based on the unique pointer bits (address of the given pointer) from the signed capability (address information) and a cryptographic signing key). Barnes does not explicitly disclose predicted pointer signature; address prediction information. However, Beaumont-Smith discloses wherein: the processing circuitry is configured to obtain the predicted pointer signature by generating the predicted pointer signature based at least in part on an address of the given pointer from the address prediction information (Beaumont-Smith, [0043]: control circuit reads a predicted validation tag (predicted pointer signature) from a branch prediction memory entry (address prediction information); [0023]: the validation tag (predicted pointer signature) is generated from register addresses used to form the branch target address (given pointer)). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 4, Barnes discloses wherein: the processing circuitry is configured to generate the pointer signature based further on context information associated with a current execution state of the processing circuitry (Barnes, Fig. 4, [0075], [0081]-[0082]: signature generated using a salt value that represents contextual information such as a stack pointer location (current execution state of the processing circuitry)). Regarding claim 5, Barnes discloses wherein: the processing circuitry is configured to maintain a stack pointer indicative of a location in a memory system corresponding to the end of a program stack referenced by the processing circuitry (Barnes, [0075]); and the context information comprises the stack pointer (Barnes, [0075]). Regarding claim 7, Barnes discloses wherein: obtaining the pointer signature comprises generating the pointer signature based at least in part on an address of the given pointer from the address information, the cryptographic key and context information associated with a state of the processing circuitry (Barnes, Fig. 4, [0075], [0081]-[0082]: authorization signature (pointer signature) is generated using the unique pointer bits (address of the given pointer) from the signed capability (address information), a cryptographic signing key and a salt value that represents contextual information such as a stack pointer location (current execution state of the processing circuitry)). Barnes does not explicitly disclose predicted pointer signature; address prediction information. However, Beaumont-Smith discloses wherein: obtaining the predicted pointer signature comprises generating the predicted pointer signature based at least in part on an address of the given pointer from the address prediction information (Beaumont-Smith, [0043]: a predicted validation tag (predicted pointer signature) is read from a branch prediction memory entry (address prediction information); [0023]: the validation tag (predicted pointer signature) is generated from register addresses used to form the branch target address (given pointer)). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 8, Barnes discloses wherein: the context information used to generate the pointer signature is current context information associated with an execution state of the processing circuitry when the pointer signature is generated (Barnes, [0075], [0081]-[0082]: the salt value used to generate the authorization signature (pointer signature) represents contextual information such as a stack pointer location (current execution state of the processing circuitry). Barnes does not explicitly disclose predicted pointer signature. However, Beaumont-Smith discloses wherein: the context information used to generate the predicted pointer signature is current context information associated with an execution state of the processing circuitry when the predicted pointer signature is generated (Beaumont-Smith, [0009]: the validation tag (predicted pointer signature) is formed using processor mode control bits (context information/execution state of the processing circuitry)). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 9, Barnes does not explicitly disclose wherein: the processing circuitry is configured to obtain the context information used to generate the predicted pointer signature from the address prediction information. However, Beaumont-Smith discloses wherein: the processing circuitry is configured to obtain the context information used to generate the predicted pointer signature from the address prediction information (Beaumont-Smith, [0043]: control circuit reads a predicted validation tag (predicted pointer signature) from a branch prediction memory entry (address prediction information); [0009]: the validation tag comprises processor mode control bits (context information)). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 10, Barnes discloses wherein: the processing circuitry is configured to generate the pointer signature in connection with a function call operation (Barnes, [0106]: the capability signing process (i.e., to generate a pointer signature) is invoked by a signing instruction being executed (function call operation)). Barnes does not explicitly disclose the given pointer is a return pointer to identify a next instruction to be executed following a function return operation; and the processing circuitry is configured to authenticate the return pointer in preparation for the function return operation. However, Beaumont-Smith discloses the given pointer is a return pointer to identify a next instruction to be executed following a function return operation (Beaumont-Smith, [0042]: “Each entry may store information corresponding to an indirect branch, including a target address generated during a previous execution of the indirect branch”; [0043]: “If the control circuit 44 detects a match … the predicted target PC output by the branch prediction memory 42 is valid and may be used as a fetch PC”. [A function return is an indirect branch; the predicted target PC serves as the return pointer identifying the next instruction to execute]); and the processing circuitry is configured to authenticate the return pointer in preparation for the function return operation (Beaumont-Smith, [0043]: “The control circuit 44 … may be configured to compare the validation tag to the corresponding current indirect state .... If the control circuit 44 detects a match … the predicted target PC output by the branch prediction memory 42 is valid and may be used as a fetch PC [Comparing the validation tag to the current state is authentication; the predicted target PC is the return pointer; “may be used as a fetch PC” (i.e., to begin fetching instructions from the predicted target address) is preparation for return before execution of return]). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include an indirect/return branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to enhance control flow integrity by cryptographically authenticating predicted return addresses before using them to fetch the next instruction, thereby preventing tampered or injected return pointers. Regarding claim 12, Barnes discloses wherein: the processing circuitry is configured to generate an augmented pointer based on the given pointer and the pointer signature by replacing a portion of the pointer with the pointer signature and store the augmented pointer in at least one of the address storage circuitry and a memory system (Barnes, Fig. 4, [0079]: portion 176 (augmented pointer) of a signed capability is generated by replacing section 179 of the pointer with a signature; [0044]: the signed capability is stored in a storage element (address storage circuitry)). Barnes does not explicitly disclose address prediction storage circuitry. However, Beaumont-Smith discloses address prediction storage circuitry (Beaumont-Smith, Figs 2 & 3, [0049]: branch prediction memory (address prediction storage circuitry) stores an entry (address prediction information) which includes a target PC field (pointer)). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 13, Barnes discloses wherein: the processing circuitry is configured to determine, responsive to the comparing detecting a mismatch, that the given pointer is invalid (Barnes, Fig. 7, step 275, [0094]: no match indicates the pointer is invalid). Regarding claim 16, Barnes discloses wherein: the processing circuitry is configured, responsive to determining that the given pointer is invalid, to raise an exception (Barnes, Fig. 7, steps 275 & 295, [0094]: processor fault). Regarding claim 17, Barnes discloses a method of authenticating a pointer, the method comprising: generating, in response to an instruction to generate a pointer signature for a pointer, the pointer signature for the pointer based at least in part on an address of the pointer and a cryptographic key (Barnes, Fig. 4, [0074]-[0077]: signing operation (instruction to generate a pointer signature) generates a signature for a pointer using the pointer value/unique pointer bits (address of the pointer) and a cryptographic signing key); storing, in address storage circuitry, address information for the pointer, the address information comprising at least the pointer (Barnes, Fig. 4, [0044], [0079]: storage element (address storage circuitry) stores a signed capability (address information for the given pointer) comprising the pointer), the address information for use in upcoming instructions be executed by processing circuitry (Barnes, [0029]-[0030]: storage elements (address storage circuitry) store a pointer and its associated information, i.e., a capability (address information), to be used to determine the address of an instruction to be executed); and in response to receiving an instruction to authenticate a given pointer (Barnes, [0080]: authorization function invoked): obtaining, based on the address information for the given pointer, a pointer signature (Barnes, Fig. 4, [0082]: authorization signature (pointer signature) generated using relevant pointer bits (address information for the given pointer)); comparing the pointer signature with a pointer signature identified by the instruction to authenticate (Barnes, [0082]: compare authorization signature (pointer signature) with signature held in the signed capability (pointer signature identified by the instruction to authenticate)); and responsive to the comparing detecting a match, determining that the given pointer is valid (Barnes, [0082]: if there is a match, authorization is passed (given pointer is valid)). Barnes does not explicitly teach the concept of “prediction”. That is, Barnes does not explicitly disclose address prediction storage circuitry; address prediction information; predicting upcoming instructions; predicted pointer signature. However, Beaumont-Smith discloses storing, in address prediction storage circuitry, address prediction information for the pointer, the address prediction information comprising at least the pointer (Beaumont-Smith, Figs 2 & 3, [0049]: branch prediction memory (address prediction storage circuitry) stores an entry (address prediction information) which includes a target PC field (pointer)), the address prediction information for use in predicting upcoming instructions be executed by processing circuitry (Beaumont-Smith, [0007], [0042]: branch prediction memory (address prediction storage circuitry) of indirect branch target predictor stores target address generated during previous executions (address prediction information) and uses the stored target addresses as predictions); obtaining, based on the address prediction information for the given pointer, a predicted pointer signature (Beaumont-Smith, [0043]: control circuit receives a validation tag (predicted pointer signature)); comparing the predicted pointer signature with a pointer signature identified by the instruction to authenticate (Beaumont-Smith, [0043]: comparing the validation tag (predicted pointer signature) and a validation state (pointer signature) to determine if there is a match). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes and Beaumont-Smith before him or her before the effective filing date of the claimed invention, to modify a pointer authentication apparatus as taught by Barnes, to include a branch prediction mechanism as taught by Beaumont-Smith. The motivation for doing so would have been to facilitate predicting upcoming instruction addresses and verify, using cryptographic pointer signatures, that such predicted pointers are valid, thereby improving security and reliability against control flow corruption. Regarding claim 18, the limitations have been addressed in the rejection of claim 1, and furthermore, Barnes discloses a computer-readable medium to store computer-readable code for fabrication of an apparatus (Barnes, Fig. 1). Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Barnes in view of Beaumont-Smith, further in view of Holman et al. (US 2014/0344558), hereinafter Holman. Regarding claim 11, Barnes and Beaumont-Smith do not explicitly disclose wherein: the address prediction storage circuitry is call-return stack storage circuitry to store call-return prediction information for use in predicting a return memory address of an instruction to be executed following a function return operation. However, Holman discloses wherein: the address prediction storage circuitry (Holman, abstract: main RAS (address prediction storage circuitry) for predicting the target of return instructions) is call-return stack storage circuitry to store call-return prediction information for use in predicting a return memory address (Holman, [0060]: the RAS stores return address (call-return prediction information); those stored addresses are later popped and used to fetch (i.e., predict a return memory address)) of an instruction to be executed following a function return operation (Holman, abstract: “When a return instruction is encountered, the prediction from the next fetch predictor is replaced by the top of the main RAS”; [0076]: “ the second address from the top of main RAS 154 may be used as the next fetch address if a new return instruction is detected”. [These paragraphs describe using the RAS to supply the next fetch address after a return instruction – i.e., the return memory address for the instruction executed following the function return]). It would have been obvious to one of ordinary skill in the art, having the teachings of Barnes, Beaumont-Smith and Holman before him or her before the effective filing date of the claimed invention, to modify a pointer authentication mechanism with branch prediction validation as taught by Barnes and Beaumont-Smith, to include a call return stack storage circuitry as taught by Holman. The motivation for doing so would have been to facilitate both predicting function return addresses efficiently and authenticating those predicted pointers securely in order to improve control flow integrity. Allowable Subject Matter Claims 6, 14 and 15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to LESA M KENNEDY whose telephone number is (571)431-0704. The examiner can normally be reached on Monday-Wednesday 9:30 am - 5:30 pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on (571) 270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. The examiner also requests, in response to this Office Action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application. /LESA M KENNEDY/Primary Examiner, Art Unit 2458