Control Flow Integrity Measurements to Validate Flow of Control in Computing Systems

DETAILED ACTION This Office action is in response to amendments and remarks filed by Applicant on 2/9/2026. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement PTO-1449 The Information Disclosure Statement submitted by applicant on 12/30/2025 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. Response to Amendment Applicant presents amendments to claims 1 and 14, cancels claims 11 and 18, and introduces new claims 21–22. All amendments have been fully considered. Applicant’s amendments are sufficient to overcome the previously cited combination of references serving as the basis for the rejection under 35 U.S.C. 103. A new search and a review of previously available references was conducted leading to the new rejection presented below. Response to Arguments Applicant presents arguments with respect to independent claims 1 and 14. All arguments have been fully considered. The Examiner agrees that the previously cited combination of references fails to disclose the clarification of the invention incorporated by amendment to the independent claims. As mentioned above, a near search and a review of previously identified references was conducted and a new rejection us presented below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1–20 rejected under 35 U.S.C. 103 as being unpatentable over Meyer (US 2010/0146624 A1, published Jun. 10, 2010) in view of Arnautov (NPL Arnautov and Fetzer, ControlFreak: Signature to Counter Control Flow Attacks, 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), Montreal, QC, Canada, 2015, pp. 1–10, previously filed by applicant on 5/17/2024) in view of Vaterlaus (US 2008/0178010 A1, published Jul. 24, 2008). Regarding claims 1 and 14, Meyer discloses: a computer-implemented method comprising: generating a measurement value for a control flow of a [check signature] function (a control flow flag sequence if formed by a value. Meyer ¶ 13.), generating, during a scope of the [check signature] function, an expression return value indicative of a successful [digital signature] verification (calculating a check value as a function of the contraflow flag sequence. Meyer ¶ 14.); and validating the control flow of the [check signature] function by comparing the measurement value to a predetermined value (the protect program command sequence compares the calculated check value with a reference value of a reference control flow flag sequence or checks whether the calculated check value is contained in a set of reference values. Meyer ¶ 18.). Meyer does not disclose: updating, during the scope and responsive to generating the expression return value, the measurement value according to a computed value, the computed value based on a mathematical operation performed on both the measurement value and the expression return value, the mathematical operation creating a data dependency between a result of the digital signature verification and the measurement value; applying flow control checking to a signature check function; the check signature function configured to verify a digital signature. However, Arnautov does disclose: updating, during the scope and responsive to generating the expression return value, the measurement value according to a computed value, the computed value based on a mathematical operation performed on both the measurement value and the expression return value, the mathematical operation creating a data dependency between a result of the digital signature verification and the measurement value (using signature chaining where bock values (interpreted as the recited measurement values) and the return signature hash values (interpreted as the recited expression return values) are updated in the process of chaining (interpreted as performing subsequent mathematical operations on) subsequent signatures as new blocks and block values are encountered in the control flow process. Arnautov Section III, pp. 3–5.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the program protecting flow control checking using check values in the flow of Meyer with updating the measurement values while performing mathematical operations such that the measurement values and the return values are dependent based upon the teachings of Armautov. The motivation being to depend step in the chain of operation upon previous steps in order to maintain integrity of previous process flow steps. Arnautov Section I, p. 2. Meyer in view of Arnautov does not disclose: applying flow control checking to a signature check function; the check signature function configured to verify a digital signature. However, Vaterlaus does disclose: applying flow control checking to a signature check function; the check signature function configured to verify a digital signature (demonstration that a wide array of functions may be added to the control flow, including encryption functions, decryption functions, digital signature functions, digital signature verification functions, or any other suitable cryptographic function. Vaterlaus Figure 3, element 50 and ¶ 50.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the program protecting flow control checking using check values in the flow of Meyer with verifying program flow of a digital signature function process based upon the teachings of Vaterlaus. The motivation being to apply the control flow verification process to a common computer function. Regarding claims 2 and 15, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claims 1 and 14, respectively, wherein the expression return value is a second expression return value (the check value is formed by a hash value. Meyer ¶¶ 17 and 68.), the computer implemented method further comprising: generating, prior to generating the second expression return value, a first expression return value indicative of a successful digital signature acquisition (the reference values are calculated reference hash values. Meyer ¶ 52.). Regarding claims 3 and 16, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claims 2 and 15, respectively, wherein updating the measurement value updates the measurement value for each of the first expression return value and the second expression return value (the reference values are calculated reference hash values. Meyer ¶ 52.). Regarding claims 4 and 17, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claims 1 and 14, wherein updating the measurement value includes: setting the measurement value equal to the computed value (the calculated check value is contained in a set of defined reference values. Meyer ¶ 52.). Regarding claim 5, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 1, returning, responsive to validating the control flow of the check signature function, a scope return value (the protect program command sequence compares the calculated check value with a reference value of a reference control flow flag sequence or checks whether the calculated check value is contained in a set of reference values. Meyer ¶ 18.). Regarding claim 6, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 5, wherein the scope return value includes at least one error code, the at least one error code indicative of a successful validation of the control flow of the check signature function or an unsuccessful validation of the control flow of the check signature function (Meyer ¶ 51.). Regarding claim 7, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 6, wherein the expression return value includes at least one error code, the at least one error code indicative of a successful digital signature verification or an unsuccessful digital signature verification (error F1 or error F2. Meyer Figures 6–7 and ¶¶ 62–64.). Regarding claim 8, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 7, determining, based on one or more conditional branch instructions, that the expression return value indicates the unsuccessful digital signature verification; ceasing, responsive to determining that the expression return value indicates the unsuccessful digital signature verification, further execution of the scope of the check signature function; and returning the scope return value indicative of the unsuccessful validation of the control flow of the check signature function (Meyer ¶ 51.). Regarding claim 9, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 1, generating the computed value using a hashing function (the check value is formed by a hash value. Meyer ¶¶ 17 and 68.). Regarding claim 10, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 9, the hashing function includes a non-cryptographic, composite fingerprinting algorithm (the calculated hash value as a check values is a function of a control flow flag sequence. Meyer Figure 8 and ¶ 67.); and generating the computed value includes: combining two inputs together using at least one of: a noncommutative function including concatenation; or an injective function including serialization; and mapping the combined inputs to a fixed-size digest value (Meyer Figure 8 and ¶ 67.). Regarding claim 12, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 1, wherein the predetermined value is calculated prior to maintaining the measurement value and is based on a number of monadic error return decisions within the scope (the reference values are calculated reference hash values. Meyer ¶ 52.). Regarding claim 13, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 12, wherein the predetermined value is stored in security-hardened memory (stored in a physical medium for protecting against control flow manipulation. Meyer ¶ 29.). Regarding claim 19, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 14, wherein the integrated circuit is configured to execute the instructions without compiler optimization (the check values is formed for the entire flow flag sequence generated to that instant. Meyer ¶ 49. One of ordinary skill in the art would understand that the checking is done without complier optimization because if a complier optimization process is run, the sequence would be altered causing the sequence to be ineffective for checking an expected result.). Regarding claim 20, Meyer in view of Armautov in view of Vaterlaus discloses the limitations of claim 14, wherein the system comprises instructions compiled with optimization configured in such a manner so as not to interfere with the generation of the measurement value, the generation of the expression return value, the update to the measurement value, and the validation of the control flow (the check values is formed for the entire flow flag sequence generated to that instant. Meyer ¶ 49. One of ordinary skill in the art would understand that the checking is done without complier optimization because if a complier optimization process is run, the sequence would be altered causing the sequence to be ineffective for checking an expected result.). Allowable Subject Matter Claims 21–22 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE LITTLE whose telephone number is (571)270-0408. The examiner can normally be reached Monday - Friday 9:30am - 5:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /VANCE M LITTLE/Primary Examiner, Art Unit 2494