DETAILED ACTION
This communication is in response to filing of 01/20/2026. Claims 1-20 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDS) submitted 08/20/2025, 02/10/2025, 06/27/2024, 12/18/2025 appear to be in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Response to Arguments
Applicant's arguments filed on 01/20/2026 have been fully considered but are considered moot in view of the following new ground of rejection.
Allowable Subject Matter
Claims 8 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a non-statutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims (1-10) of the instant application are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-10 of US Patent No. 12518004 B2 respectively. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims are directed to determining that a pointer authentication instruction to authenticate a pointer is being executed speculatively, determining based on a signature of the pointer that the pointer is not valid, and performing a mitigation action comprising an action that prevents information regarding validity of the pointer from causing a microarchitectural side effect.
Instant Application 18/623,516
Co-pending application No. 18/067,825
1. A processor device configured to: speculatively execute a pointer authentication instruction to authenticate a pointer; determine, based on a signature of the pointer, that the pointer is not valid; and responsive to speculatively executing the pointer authentication instruction and determining that the pointer is not valid, perform a mitigation action that comprises an action that prevents information regarding validity of the pointer from causing a microarchitectural side effect.
1. A processor-based device, comprising: a processor configured to: determine that a pointer authentication instruction to authenticate a pointer is being executed speculatively; determine, based on a signature of the pointer, that the pointer is not valid; and responsive to determining that the pointer authentication instruction to authenticate the pointer is being executed speculatively and determining that the pointer is not valid, perform a mitigation action comprising an action that prevents information regarding validity of the pointer from causing a microarchitectural side effect.
2. The processor device of claim 1, wherein the processor device is configured to perform the mitigation action by being configured to: modify the signature of the pointer to indicate that the pointer is valid; and raise a microarchitectural exception to trigger a pipeline flush.
2. The processor-based device of claim 1, wherein the processor is configured to perform the mitigation action by being configured to: modify the signature of the pointer to indicate that the pointer is valid; and raise a microarchitectural exception to trigger a pipeline flush.
3. The processor device of claim 2, wherein the processor device is configured to raise the microarchitectural exception to trigger a pipeline flush by being configured to raise the microarchitectural exception to trigger an immediate pipeline flush.
3. The processor-based device of claim 2, wherein the processor is configured to raise the microarchitectural exception to trigger the pipeline flush by being configured to raise the microarchitectural exception to trigger an immediate pipeline flush.
4. The processor device of claim 2, wherein the processor device is configured to raise the microarchitectural exception to trigger a pipeline flush by being configured to raise the microarchitectural exception to trigger a pipeline flush when the pointer authentication instruction is ready for retirement.
4. The processor-based device of claim 2, wherein the processor is configured to raise the microarchitectural exception to trigger the pipeline flush by being configured to raise the microarchitectural exception to trigger the pipeline flush when the pointer authentication instruction is ready for retirement.
5. The processor device of claim 2, wherein the processor device is further configured to perform the pipeline flush.
5. The processor-based device of claim 2, wherein the processor is further configured to perform the pipeline flush.
6. The processor device of claim 5, wherein the processor device is configured to perform the pipeline flush by being configured to flush all instructions that are younger than the pointer authentication instruction.
6. The processor-based device of claim 5, wherein the processor is configured to perform the pipeline flush by being configured to flush all instructions that are younger than the pointer authentication instruction.
7. The processor device of claim 6, wherein the processor device is further configured to perform the pipeline flush by being configured to flush the pointer authentication instruction.
7. The processor-based device of claim 6, wherein the processor is further configured to perform the pipeline flush by being configured to flush the pointer authentication instruction.
8. The processor device of claim 7, wherein the processor device is further configured to: set an indicator associated with the pointer authentication instruction; determine that a subsequent iteration of the pointer authentication instruction is no longer speculative, responsive to the indicator being set; and responsive to determining that the subsequent iteration of the pointer authentication instruction is no longer speculative: determine, based on the signature of the pointer, that the pointer is not valid; and responsive to determining that the pointer is not valid, modify the signature of the pointer to trigger an invalid address architectural exception.
8. The processor-based device of claim 7, wherein the processor is further configured to: set an indicator associated with the pointer authentication instruction; determine that a subsequent iteration of the pointer authentication instruction is no longer speculative, responsive to the indicator being set; and responsive to determining that the subsequent iteration of the pointer authentication instruction is no longer speculative: determine, based on the signature of the pointer, that the pointer is not valid; and responsive to determining that the pointer is not valid, modify the signature of the pointer to trigger an invalid address architectural exception.
9. The processor device of claim 1, wherein the processor device is configured to perform the mitigation action by being configured to: modify the signature of the pointer to indicate that the pointer is not valid; increment a value of an invalid pointer counter; determine that the value of the invalid pointer counter exceeds an invalid pointer count threshold; and responsive to determining that the value of the invalid pointer counter exceeds the invalid pointer count threshold, raise an architectural exception to indicate a possible attack.
9. The processor-based device of claim 1, wherein the processor is configured to perform the mitigation action by being configured to: increment a value of an invalid pointer counter; determine that the value of the invalid pointer counter exceeds an invalid pointer count threshold; and responsive to determining that the value of the invalid pointer counter exceeds the invalid pointer count threshold, raise an architectural exception to indicate a possible attack.
10. The processor device claim 1, integrated into a device selected from the group consisting of: a set top box; an entertainment unit; a navigation device; a communications device; a fixed location data unit; a mobile location data unit; a global positioning system (GPS) device; a mobile phone; a cellular phone; a smart phone; a session initiation protocol (SIP) phone; a tablet; a phablet; a server; a computer; a portable computer; a mobile computing device; a wearable computing device; a desktop computer; a personal digital assistant (PDA); a monitor; a computer monitor; a television; a tuner; a radio; a satellite radio; a music player; a digital music player; a portable music player; a digital video player; a video player; a digital video disc (DVD) player; a portable digital video player; an automobile; a vehicle component; avionics systems; a drone; and a multicopter.
10. The processor-based device claim 1, integrated into a device selected from the group consisting of: a set top box; an entertainment unit; a navigation device; a communications device; a fixed location data unit; a mobile location data unit; a global positioning system (GPS) device; a mobile phone; a cellular phone; a smart phone; a session initiation protocol (SIP) phone; a tablet; a phablet; a server; a computer; a portable computer; a mobile computing device; a wearable computing device; a desktop computer; a personal digital assistant (PDA); a monitor; a computer monitor; a television; a tuner; a radio; a satellite radio; a music player; a digital music player; a portable music player; a digital video player; a video player; a digital video disc (DVD) player; a portable digital video player; an automobile; a vehicle component; avionics systems; a drone; and a multicopter.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) (1-7), (11-17), (20) is/are rejected under 35 U.S.C. 103 as being unpatentable over BARNES (US 20190034664 A1), hereafter BARNES, in view of FAVOR (US 20220027467 A1), hereafter FAVOR.
Regarding claim 1, BARNES teaches:
A processor device configured to: speculatively execute a pointer authentication instruction to authenticate a pointer ([0078] “Other embodiments may support out-of-order execution, so that instructions can be issued to the execute stage 12 in a different order from the program order. Out-of-order processing can be useful for improving performance because while an earlier instruction is stalled while awaiting operands, a later instruction in the program order whose operands are available can be executed first.”, [0097] “Alternatively, a test authentication after signing process could be incorporated within the function 170 in order to compare the original capability against the authorised capability (i.e. the capability created after authenticating the signed capability).”); determine, based on a signature of the pointer, that the pointer is not valid ([0037] By adopting such a signing operation, a signature checking process can then be introduced before that signed bounded pointer is allowed to be used.); and responsive to speculatively executing the pointer authentication instruction and determining that the pointer is not valid, perform a mitigation action ([0056] “Hence only in the event of the signature match being detected will an output unsigned bounded pointer be generated. If the signature match does not occur, then a predetermined action can be taken, such as invalidating the input signed bounded pointer, or raising a processor fault.”).
BARNES does not explicitly teach the following limitations demonstrated by Favor:
a mitigation action that comprises an action that prevents information regarding validity of the pointer from causing a microarchitectural side effect (FAVOR [0046] “Additionally, the PCL 132 may assert flush signals to selectively flush instructions/Ops from the various units of the pipeline 140, as described herein. Additionally, the pipeline units may signal a need for an abort, as described in more detail below, e.g., in response to detection of a mis-prediction or other microarchitectural exception, architectural exception, or interrupt… As used herein, “abort” is a microarchitectural mechanism used to flush instructions from the pipeline 140 for many purposes, which encompasses interrupts, faults and traps. Purposes of aborts include recovering from microarchitectural hazards such as a branch mis-prediction or a store-to-load forwarding violation.”, [0081] “At block 702, an EU 114 detects that an instruction that is being speculatively executed causes an abort condition and signals the PCL 132. Examples of abort conditions include, but are not limited to, detection of a branch instruction mis-prediction, detection of a store dependence mis-prediction, other microarchitectural exceptions, some architectural exceptions, and interrupts.).
Since both BARNES and Favor are from the same field of endeavor as both are directed to address prediction and pointer execution, which is within the same field of endeavor as the claimed invention, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify and combine the teachings of BARNES and Favor by incorporating the teachings of Favor into BARNES for mitigating side channel attacks as claimed. The motivation to combine is to improve instruction and pointer security (BARNES, [AB]; Favor, [AB]). This motivation for combination is similarly applied for rejections hereafter.
Regarding claim 2, BARNES-FAVOR teaches:
The processor device of claim 1, wherein the processor device is configured to perform the mitigation action by being configured to: modify the signature of the pointer to indicate that the pointer is valid (BARNES[0126] “As a result, through use of the signing information within the associated attributes of a capability, it is possible to distinguish between signed and unsigned capabilities when performing the signing operation, and hence, if desired, prevent signed capabilities from being resigned. In an alternative embodiment, it may be decided to allow signed capabilities to be resigned”); and raise an exception (BARNES[0051] “The predetermined action can take a variety of forms, but may for example involve invalidating the input bounded pointer, or raising a processor fault in order to take an exception.”); and raise a microarchitectural exception to trigger a pipeline flush. (FAVOR [0046] teaches “Additionally, the PCL 132 may assert flush signals to selectively flush instructions/Ops from the various units of the pipeline 140, as described herein. Additionally, the pipeline units may signal a need for an abort, as described in more detail below, e.g., in response to detection of a mis-prediction or other microarchitectural exception,”)
Regarding claim 3, BARNES-FAVOR teaches:
The processor device of claim 2, wherein the processor device is configured to raise the microarchitectural exception to trigger a pipeline flush by being configured to raise the microarchitectural exception to trigger an immediate pipeline flush (FAVOR [0046] “Additionally, the PCL 132 may assert flush signals to selectively flush instructions/Ops from the various units of the pipeline 140, as described herein. Additionally, the pipeline units may signal a need for an abort, as described in more detail below, e.g., in response to detection of a mis-prediction or other microarchitectural exception,”).
Regarding claim 4, BARNES-FAVOR teaches:
The processor device of claim 2, wherein the processor device is configured to raise the microarchitectural exception to trigger a pipeline flush by being configured to raise the microarchitectural exception to trigger a pipeline flush when the pointer authentication instruction is ready for retirement (FAVOR [0055] “Because the ROB 122 retires all Ops and their associated instructions in program order, some Ops may complete execution many cycles before they can be retired or aborted, e.g., a speculatively executed instruction that must be aborted due to detection of a mis-prediction.”).
Regarding claim 5, BARNES-FAVOR teaches:
The processor device of claim 2, wherein the processor device is further configured to perform the pipeline flush (FAVOR [Claim 6] teaches “The processor of claim 1, wherein the pipeline control logic is further configured to: detect that a speculatively executed instruction causes an abort condition; flush from the pipeline instructions newer in program order than the abort-causing instruction,”).
Regarding claim 6, BARNES-FAVOR teaches:
The processor device of claim 5, wherein the processor device is configured to perform the pipeline flush by being configured to flush all instructions that are younger than the pointer authentication instruction (FAVOR [0071] teaches “the EUs 114 will have the opportunity to determine whether any Op under the current/old TC was the source of potential mis-speculation—e.g., mis-prediction of an older branch or a secret byte-reading load that causes an exception, e.g., memory protection violation, that raises the need to abort younger dependent Ops—and avoid speculative execution of malicious Ops under the new TC.”).
Regarding claim 7, BARNES-FAVOR teaches:
The processor device of claim 6, wherein the processor device is further configured to perform the pipeline flush by being configured to flush the pointer authentication instruction (FAVOR [0046] teaches “Additionally, the PCL 132 may assert flush signals to selectively flush instructions/Ops from the various units of the pipeline 140, as described herein.” One of ordinary skill in the art would appreciate that a pointer authentication instruction is merely an instruction such as disclosed by FAVOR.).
Regarding claims 11-17 & 20, claims 11-17 recite similar limitations as claims 1-7, but for recitation in the form of a method and non-transitory computer-readable medium. BARNES-FAVOR teaches a method (FAVOR [0025] “In another embodiment, the present disclosure provides a method for mitigating side channel attacks in a processor that performs speculative execution of instructions, executes instructions out of program order, and includes a pipeline of units that perform fetch, decode, and execution of instructions and pipeline control logic coupled to the pipeline units.”) and a non-transitory computer-readable medium (BARNES [0085] “In an embodiment where the same physical storage is used for both general purpose data registers and bounded pointer registers, then in one embodiment the pointer value 62 may for example be stored within the same storage location as used for a corresponding general purpose register.”, [0175] The process of FIG. 18 can be implemented in a variety of ways. For example, it could be implemented in hardware, where the hardware responds to a single instruction initiating the reconstruction process to perform all of the steps identified in FIG. 18. Alternatively, the process could be implemented in software by using a sequence of instructions to implement the reconstruction process of FIG. 18.).
Claim(s) (9-10), (19) is/are rejected under 35 U.S.C. 103 as being unpatentable over BARNES-FAVOR as applied to claim 1 above, and further in view of JOURDAN (US 6438673 B1), hereafter JOURDAN.
Regarding claim 9, BARNES-FAVOR teaches the limitations previously demonstrated, however BARNES-FAVOR does not explicitly teach the following limitations demonstrated by JOURDAN:
The processor device of claim 1, wherein the processor device is configured to perform the mitigation action by being configured to: modify the signature of the pointer to indicate that the pointer is not valid; increment a value of an invalid pointer counter (JOURDAN Column 7, lines 53-59 teach “In embodiments of the present invention, performance of a speculative memory access based on predicted address is dependent upon a confidence value, (e.g., speculative memory access will not be performed unless the confidence value is above a certain confidence threshold, speculative memory access will not be performed unless a hysterisis bit is set, etc.)” Further, column 8, lines 43-47 teach “In other embodiments of the present invention, varied counter and hysterisis techniques can be implemented (e.g., using three counter bits to counter from 0 to n, decrementing the counter upon a misprediction, etc.).”); determine that the value of the invalid pointer counter exceeds an invalid pointer count threshold (JOURDAN Column 7, lines 53-59 teach “In embodiments of the present invention, performance of a speculative memory access based on predicted address is dependent upon a confidence value, (e.g., speculative memory access will not be performed unless the confidence value is above a certain confidence threshold, speculative memory access will not be performed unless a hysterisis bit is set, etc.)”); and responsive to determining that the value of the invalid pointer counter exceeds the invalid pointer count threshold, raise an architectural exception to indicate a possible attack (JOURDAN Column 7, lines 56-59 teach “(e.g., speculative memory access will not be performed unless the confidence value is above a certain confidence threshold, speculative memory access will not be performed unless a hysterisis bit is set, etc.)”.
Since both BARNES-FAVOR and JOURDAN are from the same field of endeavor as both are directed to address prediction and pointer execution, which is within the same field of endeavor as the claimed invention, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify and combine the teachings of BARNES by incorporating the teachings of JOURDAN into BARNES for mitigating side channel attacks as claimed. The motivation to combine is to improve instruction and pointer security (BARNES, [AB]; FAVOR, [AB]; JOURDAN, [AB]). This motivation for combination is similarly applied for rejections hereafter.
Regarding claim 10, BARNES-FAVOR in view of JOURDAN teaches:
The processor device claim 1, integrated into a device selected from the group consisting of: a set top box; an entertainment unit; a navigation device; a communications device; a fixed location data unit; a mobile location data unit; a global positioning system (GPS) device; a mobile phone; a cellular phone; a smart phone; a session initiation protocol (SIP) phone; a tablet; a phablet; a server; a computer; a portable computer; a mobile computing device; a wearable computing device; a desktop computer; a personal digital assistant (PDA); a monitor; a computer monitor; a television; a tuner; a radio; a satellite radio; a music player; a digital music player; a portable music player; a digital video player; a video player; a digital video disc (DVD) player; a portable digital video player; an automobile; a vehicle component; avionics systems; a drone; and a multicopter (JOURDAN Column 11, lines 13-14 teach “The computer-readable medium can be a device that stores digital information.” One of ordinary skill in the art would appreciate that a navigation device, among others, stores digital information.).
Regarding claim 19, claim 19 recite similar limitations as claim 9, but for recitation in the form of a method. BARNES-FAVOR in view of JOURDAN also teaches a method (BARNES [abstract] “An apparatus and method are provided for controlling use of bounded pointers.”).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kamryn Gillespie whose telephone number is 703-756-5498. The examiner can normally be reached on Monday through Thursday from 9am to 6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pairdirect.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/K.J.G./Examiner, Art Unit 2408
/LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408