EVALUATING A TRUSTWORTHINESS OF PUF SETS

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Applicant(s) Response to Office Action The response on 12/11/2025 has been entered and made of record. No new claims have been added, removed or amended. Response to Arguments Currently Claims 1-15 are pending in this application. Applicant’s arguments filed on 12/11/2025 have been fully considered but are not persuasive. Applicant on Page 6 argues: Cambou does not obtain condition information from two different PUF sets, nor does it compare such sets to determine trustworthiness. It performs intra-device temporal comparison, not the inter-set comparison required by independent claim 1. Regarding the applicant’s arguments above, the Examiner would like to state the following. In Paragraph [0032] of Cambou, it is disclosed that “The term PUF may refer to a single element or a set of elements. To use a set-of-elements PUF for authentication, an authenticating party (e.g. a server) interrogates the PUF and compares the set of generated responses with the set of the previously-measured responses stored on, e.g., the server. This authentication check gives a positive result when the rate of matching response is high enough.” Using the broadest reasonable interpretation, the previously stored response (Set 1) and the new measured response (Set 2) are the values that are compared in order for authentication (trustworthiness). Cambou also discloses in Paragraph [0038] “The stability or instability of a given cell for a given challenge is revealed by taking multiple response measurements during the process of generating the look up table 202 from the physical APG 200”. The PUF elements are measured multiple times and stored in a database and the results are compared with each other. Therefore, the argument is not persuasive. Applicant on Page 6 further argues: Additionally, Cambou's authentication is not the claimed trustworthiness evaluation. Cambou's paragraph [0040] confirms that the only purpose of comparison is identity verification: "an authentication process may interrogate a subset of PUFs and compare the generated responses from the device 201 with the previously-measured challenges stored in a look up table on an authenticating secure server 203. This authentication check gives a positive result when the rate of matching challenges and responses is high enough." Authentication verifies that a device is who it claims to be. Independent claim 1, however, requires comparing condition information from different PUF sets to determine whether a PUF set is trustworthy. Cambou discloses no such concept. Its comparisons are exclusively for authentication, not trustworthiness evaluation. Regarding the applicant’s argument, the Examiner would like to state the following. The limitation in the claim states “comparing the first information and the second information to determine the trustworthiness of at least one of the sets,”. Using the broadest reasonable interpretation, the term ‘trustworthiness’ reasonably includes evaluating whether an entity can be trusted, which includes verifying and authenticating. In Paragraph [0032] of Cambou, it is disclosed that “The term PUF may refer to a single element or a set of elements. To use a set-of-elements PUF for authentication, an authenticating party (e.g. a server) interrogates the PUF and compares the set of generated responses with the set of the previously-measured responses stored on, e.g., the server. This authentication check gives a positive result when the rate of matching response is high enough.” One of ordinary skill in the art can determine that if the authentication has failed, the PUF element would not be considered trustworthy. Therefore, the argument is not persuasive. Applicant on Page 7 argues: Furthermore, the Examiner's mapping of condition information to Cambou's masking bits or ternary states is incorrect. Cambou's paragraph [0042] discloses masking bits as instructions forkey generation: “If Chi,jf = X (i.e. an undermined challenge, corresponding to an unstable PUFelement during the initial response mapping process), then the masking bit Ijf=0. A random number generator may be used to assign additional 0's in the I, masking data stream of the instruction 306." These bits include both stability-based masking and random masking to obscure the key. They do not indicate which PUF elements are used or unused for condition-based analysis; they merely control key construction. Likewise, Cambou's paragraph [0038] explains that ternary values identify cells that "are unstable or were measured close to the threshold value T" within one device during personalization. These values are not compared across devices or PUF sets and are not used to determine trustworthiness. They simply identify which bits to exclude when building that device's cryptographic table. Cambou, therefore, does not obtain condition information suitable for cross-set trustworthiness comparison. Regarding the Applicant’s arguments, the Examiner would like to state the following. Cambou in Paragraph [0031] discloses “Each PUF is uniquely identifiable by its particular physical properties. These properties may be interrogated by a challenge-response protocol or by a built-in self-test. In the case of challenge-response protocol, a signal is applied to the PUF and the output is measured. In the case of built-in self-test, the test measures a particular property of the PUF hardware. The measurement may be compared to a given threshold T to produce a binary response: 0 if the measured parameter is below the threshold, 1 if above”. The PUFs are tested in some capacity to determine if they are functioning properly. Cambou also discloses in Paragraph [0046] “Additional error correcting methods can be used to further enhance the reliability of the method”. Therefore, the argument is not persuasive. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Cambou (US20190280858) in view of Plusquellic (US20200342112) herein after ‘James’. Regarding Claim 1, Cambou discloses obtaining first information related to a condition of a first set of PUF elements, wherein the first set comprises a first plurality of PUF elements; and obtaining second information related to a condition of a second set of PUF elements, wherein the second set comprises a second plurality of PUF elements; and comparing the first information and the second information to determine the trustworthiness of at least one of the sets, (Paragraph [0032] E.N. PUF refers to a single element or a set of elements. To use a set-of-elements PUF for authentication, an authentication party interrogates the PUF and compares the set of generated responses with the set of the previously-measured responses stored. The authentication check gives a positive result when the rate of matching responses is high enough) wherein the information related to the condition comprises information indicating a respective subset of the set of PUF elements being used or unused when utilizing the respective set of the PUF elements, and/or (Paragraph [0042] E.N. The instruction set may include a binary data stream for masking, Ii,j1={Ii,j1, . . . , Ii,jk}, with the following description: If Chi,jf=X (i.e. an undetermined challenge, corresponding to an unstable PUF element during the initial response mapping process), then the masking bit Ii,jf=0. A random number generator may be used to assign additional 0's in the Ii,j1 masking data stream of the instruction, and all remaining positions in the Ii,j1 masking data stream are 1's. A malicious user having access to an APG may not be able to correctly extract the responses without knowing the instruction 306 Ii,j.) the information related to the condition comprises respective error correction information for a bit sequence generated when utilizing the respective set of the PUF. (Paragraph [0038] E.N. In order to account for the error rate of the physical APG, approaches may suggest the use of ternary states in the stored look up table created during the personalization step. Within these ternary states, Chi,jfϵ {0, 1, X} with fϵ{1, . . . , k}. The “X” cells within the k cells are unstable or were measured close to the threshold value T, while the “0”, or “1” cells are predictable.) Cambou does not, but in related art, James discloses A method for evaluating a trustworthiness of sets of physically unclonable function (PUF) elements, the method comprising: E.N. Challenges are applied to the components of the PUF engine both as a means of generating a key and performing self-authentication. Any modification made to the PUF architecture results in key generation failure.) Therefore, it would be obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explcilty disclose evaluating trustworthiness of PUF elements which is taught by James. Incorporating the teachings of James to Cambou allows for evaluating the PUF elements which then can be used to authenticate the system. Regarding Claim 2, Cambou in view of James discloses the method of claim 1. Cambou further discloses wherein the first information includes information related to a condition of a first plurality of sets and the second information includes information related to a condition of a second plurality of sets. (Paragraph [0032] E.N. PUF refers to a single element or a set of elements. To use a set-of-elements PUF for authentication, an authentication party interrogates the PUF and compares the set of generated responses with the set of the previously-measured responses stored. The authentication check gives a positive result when the rate of matching responses is high enough) Regarding Claim 3, Cambou in view of James discloses the method of claim 1. Cambou does not, but in related art, James discloses wherein the step of comparing includes a comparison if the condition follows a statistical distribution and/or deviates from the statistical distribution of information. (Paragraph [0099-0100] E.N. The HELP PUF within the BulletProoF secure boot technique is able to regenerate the decryption key without bit-flip errors and without any type of interaction with a server A bit-flip error avoidance is proposed. One of ordinary skill in the art can determine that the outputs of the PUF functions are statistically evaluated.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explcilty disclose statistical distribution which is taught by James. Incorporating the teachings of James to Cambou allows for using statistical distribution to determine the condition of PUFs. Regarding Claim 4, Cambou in view of James discloses the method of claim 3. Cambou does not, but in related art, James discloses wherein the distribution comprises a spatial distribution. (Paragraph [0099-0100] E.N. The HELP PUF within the BulletProoF secure boot technique is able to regenerate the decryption key without bit-flip errors and without any type of interaction with a server A bit-flip error avoidance is proposed. One of ordinary skill in the art can determine that the outputs of the PUF functions are statistically evaluated.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explcilty disclose statistical distribution and spatial distribution which is taught by James. Incorporating the teachings of James to Cambou allows for using statistical distribution and spatial distribution to determine the condition of PUFs. Regarding Claim 5, Cambou in view of James discloses the method of claim 1. Cambou further discloses wherein the method is performed such that comparing the first information and the second information comprises an evaluation whether a first variation of the condition correlates with a second variation of the condition. (Paragraph [0032] E.N. PUF refers to a single element or a set of elements. To use a set-of-elements PUF for authentication, an authentication party interrogates the PUF and compares the set of generated responses with the set of the previously-measured responses stored. The authentication check gives a positive result when the rate of matching responses is high enough) Regarding Claim 6, Cambou in view of James discloses the method of claim 1. Cambou further discloses wherein a plurality of sets of the PUF are compared to determine the trustworthiness with regard to an aging, alteration, or modification of a manufacturing process carried out to manufacture the sets of the PUF. (Paragraph [0030] PUFs exploit the manufacturing variations introduced during device fabrication, such as local variations in doping levels of semiconductor layers, making all the devices slightly different from each other.) Regarding Claim 7, Cambou in view of James discloses the method of claim 1. Cambou further discloses wherein a PUF element being unused includes that the PUF element is excluded from being part of a secret, and wherein the comparing comprises a comparison of a spatial distribution and/or a number of excluded PUF elements. (Paragraph [0038] E.N. In order to account for the error rate of the physical APG, approaches may suggest the use of ternary states in the stored look up table created during the personalization step. Within these ternary states, Chi,jfϵ {0, 1, X} with fϵ{1, . . . , k}. The “X” cells within the k cells are unstable or were measured close to the threshold value T, while the “0”, or “1” cells are predictable. The stability or instability of a given cell for a given challenge is revealed by taking multiple response measurements during the process of generating the look up table from the physical APG.) Regarding Claim 8, Cambou in view of James discloses the method of claim 1. Cambou does not, but in related art, James discloses wherein the first information includes helper information related to error correction; and wherein the comparing is based on a distribution of bits to be corrected. (Paragraph [0100] E.N. The Margin method creates weak bit regions to identify PUF Numbers (PN from FIG. 7) that have a high probability of generating bit-flip errors. These PN are considered unstable and their corresponding bits as weak. A Helper Data bitstring is generated during enrollment that records the positions of the unstable PN in the sequence that is processed.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explicitly disclose error correction which is taught by James. Incorporating the teachings of James to Cambou allows for using error correction to determine if distribution of bits need to be corrected. Regarding Claim 9, Cambou in view of James discloses the method of claim 1. Cambou does not, but in related art, James discloses wherein the first set is used to generate first information representing a first secret, and the second set is used to generate second information representing a second secret, such that the trustworthiness is determined without revealing the first secret and the second secret. (Paragraph [0099] E.N. This technique is here extended to allow additional copies, e.g., 5MR, 7MR, 9MR, etc., and combine it with a second reliability-enhancing method, called Margining. The combined method is referred to as secure-key-encoding or SKE because the Helper Data does not leak any information about the secret key. The Helper Data generated during enrollment is stored in an NVM and is read in during the key regeneration process as discussed in reference to FIG. 3.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explicitly disclose secrets which is taught by James. Incorporating the teachings of James to Cambou allows for using secrets without revealing said secrets. Regarding Claim 10, Cambou in view of James discloses the method of claim 1. Cambou further discloses wherein the first set and/or the second set are/is rejected based on a correlation between the first information and the second information exceeding a correlation threshold value. (Paragraph [0031] E.N. Each PUF is uniquely identifiable by its particular physical properties. These properties may be interrogated by a challenge-response protocol or by a built-in self-test. In the case of challenge-response protocol, a signal is applied to the PUF and the output is measured. In the case of built-in self-test, the test measures a particular property of the PUF hardware. The measurement may be compared to a given threshold T to produce a binary response: 0 if the measured parameter is below the threshold, 1 if above.) Regarding Claim 11, Cambou in view of James discloses the method of claim 1. Cambou does not, but in related art, James discloses being performed in connection with a manufacturing process for manufacturing sets of the PUF, wherein a determined untrustworthiness of sets of the PUF leads to at least one of a pausing or modification of the manufacturing process. (Paragraph [0030] E.N. PUF exploits the manufacturing variations introduced during device fabrication, such as local variations in doping levels of semiconductor layers making all the devices slightly different from each other. One of ordinary skill in the art can determine that during the manufacturing process, the PUFs capitalize on the ‘defects’ to make each PUFs unique.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explicitly disclose the manufacturing process which is taught by James. Incorporating the teachings of James to Cambou allows for the manufacturing process to be modified to create unique PUFs. Regarding Claim 12, Cambou in view of James discloses A non-transitory computer-readable digital storage medium, having stored thereon, a computer program having a program code for performing, when running on a computer, a method according to claim 1. Examiner Note: The Claim is rejected upon the same basis as Claim 1. Regarding Claim 13, Cambou in view of James discloses A test system operable to: test devices having an unclonable function (PUF); Cambou (Paragraph [0032]) and execute the method according to claim 1. Examiner Note: The Claim is rejected upon the same basis as Claim 1. Regarding Claim 14, Cambou discloses A device, comprising: an unclonable function (PUF) having a plurality of PUF elements; (Paragraph [0032] E.N. The term PUF refers to a single element or a set of elements) wherein the circuitry is operable to generate a signal indicating the information, wherein the information comprises information indicating a respective subset of the set of PUF elements being used or unused when utilizing the respective set of the PUF elements, and/or (Paragraph [0042] E.N. The instruction set may include a binary data stream for masking, Ii,j1={Ii,j1, . . . , Ii,jk}, with the following description: If Chi,jf=X (i.e. an undetermined challenge, corresponding to an unstable PUF element during the initial response mapping process), then the masking bit Ii,jf=0. A random number generator may be used to assign additional 0's in the Ii,j1 masking data stream of the instruction, and all remaining positions in the Ii,j1 masking data stream are 1's. A malicious user having access to an APG may not be able to correctly extract the responses without knowing the instruction Ii,j.) the information comprises respective error correction information for a bit sequence generated when utilizing the respective set of the PUF; (Paragraph [0046] E.N. Additional error correcting method can be used to further enhance the reliability of the method.) and an interface operable to provide the signal. (Paragraph [0035] E.N. The state machine then transmits the series of PUF responses generated by the particular PUFs. This series of responses is then passed out by the interface as the final APG output stream for further use by the processor of the server or device.) Cambou does not, but in related art, James discloses a circuitry operable to test the PUF elements with respect to a predefined property to determine information that indicates a result of the test, (Paragraph [0011] E.N. Any modifications made to the PUF architecture results in key generation failure, and failure of subsequent stages of the secure boot-up process.) Therefore, it would be obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explcilty disclose evaluating trustworthiness of PUF elements which is taught by James. Incorporating the teachings of James to Cambou allows for evaluating the PUF elements which then can be used to authenticate the system. Regarding Claim 15, Cambou in view of James discloses the device of claim 14. Cambou does not, but in related art, James discloses wherein the circuitry is operable to determine a secret based on the PUF, and the device is operable to provide the signal without revealing the secret. (Paragraph [0099] E.N. This technique is here extended to allow additional copies, e.g., 5MR, 7MR, 9MR, etc., and combine it with a second reliability-enhancing method, called Margining. The combined method is referred to as secure-key-encoding or SKE because the Helper Data does not leak any information about the secret key. The Helper Data generated during enrollment is stored in an NVM and is read in during the key regeneration process as discussed in reference to FIG. 3.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Cambou to incorporate the teachings of James because Cambou does not explicitly disclose secrets which is taught by James. Incorporating the teachings of James to Cambou allows for using secrets without revealing said secrets. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AAYUSH ARYAL whose telephone number is (571)272-2838. The examiner can normally be reached 8:00 a.m. - 5:30 p.m.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at (571) 270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AAYUSH ARYAL/Examiner, Art Unit 2435 /AMIR MEHRMANESH/Supervisory Patent Examiner, Art Unit 2435