DETAILED ACTION
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This Office Action is in response to the amendment filed on 2/25/2026.
Claims 1, 6, 8, 11-13 and 20 have been amended.
Claims 1-20 are pending for consideration.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Response to Arguments
Claim 6 has been amended to overcome the 112(b) issues recited in the previous Office Action. Therefore, the rejection has been withdrawn.
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-5 and 11-20 are rejected under 35 U.S.C. 103 as being unpatentable over Aguayo Gonzalez et al. (US 20170140155) (hereinafter Gonzalez) in view of LI et al. (CN 118095189) (hereinafter LI), and further in view of Fung et al. (US 20240129104) (hereinafter Fung).
Regarding claim 1, Gonzalez discloses a system-in-package comprising:
one or more target chiplets comprising one or more applications executed on the one or more target chiplets (Gonzalez: paragraphs 0060, 0075 and 0204, “In the case of multiple processors in the board…the detector must be designed to combine and consider traces from both sensors. For multi-core processors in the same package, the same principles apply as in the multi-processor example, but the location and feasibility will depend on the architecture of the processor, the number of cores powered by each rail”); and
a chiplet hardware security module (CHSM), the CHSM comprises: (Gonzalez: paragraphs 0085, 0087, 0091, 0204, 0225 and 0308, “During normal operation, the monitor also extracts the selected discriminatory features from power traces”… “monitor to capture the right set of traces and signal classification techniques can be used to determine which specific routine was executed or whether no reliable match can be established”); and
a hardware security monitor configured to determine a presence of malicious attacks based on the one or more power traces (Gonzalez: paragraphs 0091 and 0308, “perform PFP feature extraction (e.g., at 4202) on all the collected traces, perform statistical analysis (e.g., at 4203) to further process the traces if necessary, and perform outlier detection (anomaly detection) analysis. The results may indicate whether the captured traces can be used to generate the baseline references or further analysis is required to determine the origin of the outliers”).
Gonzalez does not explicitly disclose the following limitation which is disclosed by LI, a silicon interposer, one or more target chiplets that are configured on the silicon interposer and shares a power supply connection with the one or more target chiplets via the silicon interposer (LI: pages 2, 4 and 7, “splits the die into a plurality of small area chiplets for separate production, and mounts them on a larger silicon interposer, and a 2.5D system is formed. The silicon intermediate layer provides power supply, clock, external input and output and data transmission signal between the cores when it is used as packaging carrier.”).
Gonzalez and LI are analogous art because they are from the same field of endeavor, data processing. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Gonzalez and LI before him or her, to modify the system of Gonzalez to include configuring on a silicon interposer along with one or more chiplets and shares a power supply connection with the one or more chiplets via the silicon interposer of LI. The suggestion/motivation for doing so would have been to maintain sustained improvement in chip performance (LI: page 2).
Gonzalez in view of LI does not explicitly disclose the following limitations which are disclosed by Fung, a time-to-digital converter (TDC) sensor configured to generate one or more power traces associated with the one or more applications (Fung: paragraphs 0013, 0025 and 0053, “Embodiments use time-to-digital converter (TDC) and a bank of ring oscillators (ROs). The TDC senses the crypto (or any security-sensitive design in general) current fluctuations locally. Data indicating a magnitude of the fluctuations are fed to a digital controller that turns on or off the required number of ring oscillator (RO) stages (bleed) depending on the instantaneous current. Hence, when the security-sensitive block/crypto engine consumes less current, more ROs are turned on to bleed extra current from the supply; while when the security-sensitive/crypto core draws high current, less ROs are enabled by the digital loop so that the overall supply current remains almost constant. The unchanging supply current yields SCA and other observation-based attacks fruitless as such attacks rely on detecting changes in the supply current to be successful”).
Gonzalez in view of LI and Fung are analogous art because they are from the same field of endeavor, protection against SCA. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Gonzalez in view of LI and Fung before him or her, to modify the system of Gonzalez in view of LI to include a time-to-digital converter (TDC) sensor of Fung. The suggestion/motivation for doing so would have been to prevent side channel attacks (Fung: paragraph 0011).
Regarding claim 2, Gonzalez as modified discloses wherein the TDC sensor is configured to generate the one or more power traces by digitizing power-varying propagation delay of buffer primitives that are associated with power side-channel switching activities by the one or more target chiplets (Fung: paragraphs 0013 and 0019-0025,“use time-to-digital converter (TDC) and a bank of ring oscillators (ROs). The TDC senses the crypto (or any security-sensitive design in general) current fluctuations locally. Data indicating a magnitude of the fluctuations are fed to a digital controller that turns on or off the required number of ring oscillator (RO) stages (bleed) depending on the instantaneous current. Hence, when the security-sensitive block/crypto engine consumes less current, more ROs are turned on to bleed extra current from the supply; while when the security-sensitive/crypto core draws high current, less ROs are enabled by the digital loop so that the overall supply current remains almost constant. The unchanging supply current yields SCA and other observation-based attacks fruitless as such attacks rely on detecting changes in the supply current to be successful.”). The same motivation to modify Gonzalez in view of LI and Fung, as applied in claim 1 above, applies here.
Regarding claim 3, Gonzalez as modified discloses wherein the TDC sensor is further configured to generate reference power traces (Gonzalez: paragraphs 0091 and 0308, “perform PFP feature extraction (e.g., at 4202) on all the collected traces, … the captured traces can be used to generate the baseline references); initiating, by the one or more processors, training of a machine learning model based on the one or more reference power traces (Gonzalez: paragraphs 0147, 330, 0341, In supervised learning, the specific features and patterns used as a baseline reference (power fingerprint) to determine when anomalies exist).
Regarding claim 4, Gonzalez as modified discloses wherein the hardware security monitor comprises a machine learning model trained based on the reference power traces (Gonzalez: paragraphs 0091 and 0308, “perform PFP feature extraction (e.g., at 4202) on all the collected traces, … the captured traces can be used to generate the baseline references); initiating, by the one or more processors, training of a machine learning model based on the one or more reference power traces (Gonzalez: paragraphs 0147, 330, 0341, In supervised learning, the specific features and patterns used as a baseline reference (power fingerprint) to determine when anomalies exist”).
Regarding claim 5, Gonzalez as modified discloses wherein the machine learning model is configured to determine whether runtime power traces associated with the one or more applications deviate from the reference power traces (Gonzalez: paragraph 0005, “taking fine-grained measurement of a processor's side channels (e.g. power consumption) and comparing them against trusted baseline references such as power signatures or fingerprints (e.g., patterns that result from the specific sequence of bit transitions during execution) for anomaly detection. In one implementation, the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”; paragraph 0341, “enable intrusion detection based on a supervised learning approach”; paragraph 0345, “The PFP system can be applied to a digital circuit to assess its integrity, validate it, or authenticate it, by observing and analyzing any side-channel in the system”).
Regarding claim 11, Gonzalez discloses a computer-implemented method comprising: receiving, by one processor that is (i) configured with one or more chiplets and (ii) wherein the one or more power trace samples that are associated with the one or more chiplets (Gonzalez: paragraphs 0083-0085, 0087, 0091, 0204, 0225 and 0308, “During normal operation, the monitor also extracts the selected discriminatory features from power traces”… “monitor to capture the right set of traces and signal classification techniques can be used to determine which specific routine was executed or whether no reliable match can be established”… “in which time-domain traces from the execution of test, software in a BeagleBoard with an OMAP3 processor are first, converted to the frequency domain by calculating their power spectral density”); generating, by the processor, one or more reference power traces based on the one or more power trace samples (Gonzalez: paragraphs 0091 and 0308, “perform PFP feature extraction (e.g., at 4202) on all the collected traces, … the captured traces can be used to generate the baseline references); initiating, by the processor, training of a machine learning model based on the one or more reference power traces (Gonzalez: paragraphs 0147, 330, 0341, In supervised learning, the specific features and patterns used as a baseline reference (power fingerprint) to determine when anomalies exist”); and generating, by the processor and using the machine learning model, one or more power anomaly predictions that are associated with the one or more chiplets (Gonzalez: paragraph 0005, “taking fine-grained measurement of a processor's side channels (e.g. power consumption) and comparing them against trusted baseline references such as power signatures or fingerprints (e.g., patterns that result from the specific sequence of bit transitions during execution) for anomaly detection. In one implementation, the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”; paragraph 0341, “enable intrusion detection based on a supervised learning approach”; paragraph 0345, “The PFP system can be applied to a digital circuit to assess its integrity, validate it, or authenticate it, by observing and analyzing any side-channel in the system”).
Gonzalez does not explicitly disclose the following limitation which is disclosed by LI, configured on a silicon interposer along with one or more chiplets and shares a power supply connection with the one or more chiplets via the silicon interposer (LI: pages 2, 4 and 7, “splits the die into a plurality of small area chiplets for separate production, and mounts them on a larger silicon interposer, and a 2.5D system is formed. The silicon intermediate layer provides power supply, clock, external input and output and data transmission signal between the cores when it is used as packaging carrier.”).
Gonzalez and LI are analogous art because they are from the same field of endeavor, data processing. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Gonzalez and LI before him or her, to modify the system of Gonzalez to include configuring on a silicon interposer along with one or more chiplets and shares a power supply connection with the one or more chiplets via the silicon interposer of LI. The suggestion/motivation for doing so would have been to maintain sustained improvement in chip performance (LI: page 2).
Gonzalez in view of LI does not explicitly disclose the following limitation which is disclosed by Fung, one or more power trace samples from time-to-digital converter (TDC) sensor (Fung: paragraphs 0013, 0025 and 0053, “Embodiments use time-to-digital converter (TDC) and a bank of ring oscillators (ROs). The TDC senses the crypto (or any security-sensitive design in general) current fluctuations locally. Data indicating a magnitude of the fluctuations are fed to a digital controller that turns on or off the required number of ring oscillator (RO) stages (bleed) depending on the instantaneous current. Hence, when the security-sensitive block/crypto engine consumes less current, more ROs are turned on to bleed extra current from the supply; while when the security-sensitive/crypto core draws high current, less ROs are enabled by the digital loop so that the overall supply current remains almost constant. The unchanging supply current yields SCA and other observation-based attacks fruitless as such attacks rely on detecting changes in the supply current to be successful”).
Gonzalez in view of LI and Fung are analogous art because they are from the same field of endeavor, protection against SCA. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Gonzalez in view of LI and Fung before him or her, to modify the system of Gonzalez in view of LI to include a time-to-digital converter (TDC) sensor of Fung. The suggestion/motivation for doing so would have been to prevent side channel attacks (Fung: paragraph 0011).
Regarding claim 12, Gonzalez as modified discloses wherein the one or more power trace samples are representative of power side-channel switching activities that are associated with the one or more chiplets (Gonzalez: paragraphs 0005, 0064 and 0341, “the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”).
Regarding claim 13, Gonzalez as modified discloses further comprising receiving the one or more power trace samples from a time-to-digital converter sensor (Fung: paragraphs 0013, 0025 and 0053, “Embodiments use time-to-digital converter (TDC) and a bank of ring oscillators (ROs). The TDC senses the crypto (or any security-sensitive design in general) current fluctuations locally. Data indicating a magnitude of the fluctuations are fed to a digital controller that turns on or off the required number of ring oscillator (RO) stages (bleed) depending on the instantaneous current. Hence, when the security-sensitive block/crypto engine consumes less current, more ROs are turned on to bleed extra current from the supply; while when the security-sensitive/crypto core draws high current, less ROs are enabled by the digital loop so that the overall supply current remains almost constant. The unchanging supply current yields SCA and other observation-based attacks fruitless as such attacks rely on detecting changes in the supply current to be successful”).
Regarding claim 14, Gonzalez as modified discloses wherein the one or more power trace samples comprise one or more power fluctuations on a power plane that is shared with the one or more chiplets (Gonzalez: paragraphs 0005 and 0060, “the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed.”).
Regarding claim 15, Gonzalez as modified discloses wherein the one or more reference power traces comprise one or more baseline power signatures of one or more hardware or software applications that are associated with the one or more chiplets (Gonzalez: paragraphs 0005 and 0063-0067, “by using malware signatures to enhance PFP performance; by automatic characterization and signature extraction; by providing secure signature updates; by protecting against side-channel attacks; performing real-time integrity assessment in embedded platform by monitoring their dynamic power consumption and comparing it against signatures from trusted code;”).
Regarding claim 16, Gonzalez as modified discloses further comprising monitoring one or more inference power traces of the one or more chiplets for one or more characteristics that are abnormal or consistent with one or more malicious attacks (Gonzalez: paragraphs 0005 and 0304-0314, “when a target entity is being attacked, e.g., a targeting government agency, a financial institution, a military command communicative network, and/or the like, the malware may execute malicious command sequences within the target system, which may be reflected, at the digital circuit level of the target system, as abnormal current patterns. The PFP may detect the current patterns with the target system, and apply statistical methods to analyze the pattern to identify an attack”).
Regarding claim 17, Gonzalez as modified discloses further comprising: generating a quantization configuration based on one or more model parameters of the machine learning model (Gonzalez: paragraph 0005, “taking fine-grained measurement of a processor's side channels (e.g. power consumption) and comparing them against trusted baseline references such as power signatures or fingerprints (e.g., patterns that result from the specific sequence of bit transitions during execution) for anomaly detection. In one implementation, the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”; paragraph 0341, “enable intrusion detection based on a supervised learning approach”); generating a high-level synthesis model based on the machine learning model and the quantization configuration (Gonzalez: paragraphs 0005 and 0341); and generating a register-transfer level model based on the high-level synthesis model (Gonzalez: paragraphs 0005 and 0341).
Regarding claim 18, Gonzalez as modified discloses wherein generating the one or more power anomaly predictions comprises determining one or more of (i) deviations from normal behavior, (ii) similarities to malicious attacks, or (iii) deviations between expected behaviors and actual behaviors (Gonzalez: paragraph 0005, “taking fine-grained measurement of a processor's side channels (e.g. power consumption) and comparing them against trusted baseline references such as power signatures or fingerprints (e.g., patterns that result from the specific sequence of bit transitions during execution) for anomaly detection. In one implementation, the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”; paragraph 0341, “enable intrusion detection based on a supervised learning approach”).
Regarding claim 19, Gonzalez as modified discloses further comprising determining one or more malicious activities based on the one or more power anomaly predictions (Gonzalez: paragraph 0005, “taking fine-grained measurement of a processor's side channels (e.g. power consumption) and comparing them against trusted baseline references such as power signatures or fingerprints (e.g., patterns that result from the specific sequence of bit transitions during execution) for anomaly detection. …compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”; paragraph 0341, “enable intrusion detection based on a supervised learning approach”).
Regarding claim 20, Gonzalez as modified discloses further comprising initiating the performance of one or more prediction-based actions based on the determination of the one or more malicious activities (Gonzalez: paragraph 0005, “taking fine-grained measurement of a processor's side channels (e.g. power consumption) and comparing them against trusted baseline references such as power signatures or fingerprints (e.g., patterns that result from the specific sequence of bit transitions during execution) for anomaly detection. In one implementation, the PFP system may characterize the execution of trusted software and extract its power signatures and use them as reference to compare test traces to determine whether the same code is being executed. In this way, the PFP system may obtain information to the execution status of a target device and may detect any anomaly of the target device”; paragraph 0341, “enable intrusion detection based on a supervised learning approach”).
Allowable Subject Matter
Claims 6-10 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter: none of the art of reference, discloses, individually or in reasonable combination, the features recited in claims 6-10 if written in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TRANG T DOAN/Primary Examiner, Art Unit 2431