DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Note
The primary references used, Ogawa, is a foreign translation and does not contain paragraph or column numbers.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-17 are rejected under 35 U.S.C. 103 as being unpatentable over Ogawa (JP 2016075765 A) hereinafter referred to as Ogawa in view of Durham et al., (US 20220382885 A1) hereinafter referred to as Durham.
Regarding Claims 1 and 16, Ogawa discloses An encryption device comprising: at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: generate a sequence of blocks by dividing data to be encrypted into blocks of fixed length; perform encryption using a block cipher for each block in the sequence of blocks into which the data to be encrypted is divided, [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data - the "OTR method divides...information...into n bits" which indicates a fixed length]
and concatenate the encrypted blocks to generate encrypted data; [Here, “||” indicates bit concatenation. “0 .sup.X ” represents a value obtained by concatenating X bits having a value “0”. | N | indicates the bit length of nonce N]
and generate a tag for each block set, which is a combination of blocks included in the sequence of blocks into which the data to be encrypted is divided, [Then, the data authentication tag generation unit 205 generates the data authentication tag TE by encrypting the checksum CS obtained by Expression (7)]
Ogawa does not explicitly teach and concatenate the tags for each block set to generate a tag for the encrypted data.
Durham teaches and concatenate the tags for each block set to generate a tag for the encrypted data. [paragraph 0102, pointer cryptography and encoding unit 322 generates encrypted, untyped pointer 333 by concatenating the tag]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Durham with the disclosure of Ogawa. The motivation or suggestion would have been to "provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments." (Abstract)
Regarding Claims 2 and 7, Ogawa discloses wherein the at least one processor is configured to, for each block set, generate a tag for the block set by encrypting a block generated by taking the bitwise exclusive OR for all blocks in the block set using a block cipher. [The data authentication tag generation unit 205 calculates a checksum by obtaining an exclusive OR of all the block data M .sub.i (1 ≦ i ≦ m) divided by the block division unit 202, and calculates the checksum. By encrypting, the data authentication tag TE is generated]
Regarding Claims 3 and 8, Ogawa discloses wherein the block set is also determined so that any block in the sequence of blocks into which the data to be encrypted is divided is included in at least one block set. [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data]
Regarding Claims 4 and 9, Ogawa discloses wherein the block set is determined so that for any two blocks in the same block set, there is always a block set that includes only one of those two blocks and not the other. [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data]
Regarding Claim 5, Ogawa discloses by taking the bitwise exclusive OR for all blocks in the block set [A .sub.a is obtained by calculating an exclusive OR with a random value and a block]
Ogawa does not explicitly teach wherein the at least one processor is configured to: encrypt blocks included in the sequence of blocks into which the data to be encrypted is divided using a tweakable block cipher constituted using a combination of the block cipher and a tweak; and encrypt blocks generated…using a tweakable block cipher constituted using a combination of the block cipher and a tweak.
Durham teaches wherein the at least one processor is configured to: encrypt blocks included in the sequence of blocks into which the data to be encrypted is divided using a tweakable block cipher constituted using a combination of the block cipher and a tweak; and encrypt blocks generated…using a tweakable block cipher constituted using a combination of the block cipher and a tweak. [Abstract, Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Durham with the disclosure of Ogawa. The motivation or suggestion would have been to "provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments." (Abstract)
Regarding Claims 6 and 17, Ogawa discloses A decryption device comprising: at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: generate a sequence of blocks by dividing data to be decrypted into blocks of fixed length; decrypt each block included in the sequence of blocks into which the data to be decrypted has been divided, using a block cipher, [the encrypted block data C .sub.i (1 ≦ i ≦ m) divided in step S52 is decrypted to obtain the block data M .sub.i (1 ≦ i ≦ m). The data M consisting of is generated (step S54). The operation in step S54 is to decrypt a plurality of cipher block data in parallel]
generate a tag for each block set in which the blocks included in the decrypted block sequence are combined, [process of decrypting encrypted data on the data decrypting side and a process of generating authentication data (authentication tag) used for verification]
Ogawa does not explicitly teach and concatenate the decrypted blocks to generate decrypted data; and concatenate the tags for each block set to generate a tag for the data to be decrypted; and detect the presence or absence of tampering in the data to be decrypted and the location of the tampering in a case where tampering is detected, based on the generated tags and the tags generated during encryption.
Durham teaches and concatenate the decrypted blocks to generate decrypted data; [paragraph 0080, The encrypted slice can be decrypted and concatenated with the upper address bits]
and concatenate the tags for each block set to generate a tag for the data to be decrypted; [paragraph 0102, pointer cryptography and encoding unit 322 generates encrypted, untyped pointer 333 by concatenating the tag]
and detect the presence or absence of tampering in the data to be decrypted and the location of the tampering in a case where tampering is detected, based on the generated tags and the tags generated during encryption.[paragraph 0112, if the adversary attempts to tamper with the metadata (e.g., tag/version value) the resulting decoded address will be corrupted. In the 64-bit address space, address corruption will result in a fault with high probability, thus allowing the address corruption (and pointer access or bounds violation) to be caught by the privileged system component 142 (e.g., an operating system/executive/VMM/alternative mode/debug trace/management processor/subsystem, etc.)]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Durham with the disclosure of Ogawa. The motivation or suggestion would have been to "provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments." (Abstract)
Regarding Claim 10, Ogawa discloses by taking the bitwise exclusive OR for all blocks in the block set [A .sub.a is obtained by calculating an exclusive OR with a random value and a block]
wherein the at least one processor is configured to execute the instructions to: decrypt blocks included in the sequence of blocks into which the data to be decrypted is divided [the encrypted block data C .sub.i (1 ≦ i ≦ m) divided in step S52 is decrypted to obtain the block data M .sub.i (1 ≦ i ≦ m). The data M consisting of is generated (step S54). The operation in step S54 is to decrypt a plurality of cipher block data in parallel]
Ogawa does not explicitly teach using a tweakable block cipher constituted using a combination of the block cipher and a tweak; and encrypt blocks generated…using a tweakable block cipher constituted using a combination of the block cipher and a tweak.
Durham teaches using a tweakable block cipher constituted using a combination of the block cipher and a tweak; and encrypt blocks generated…using a tweakable block cipher constituted using a combination of the block cipher and a tweak. [paragraph 0028, an XEX-based Tweaked CodeBook Mode with ciphertext stealing (XTS) block cipher that may be used for encryption and decryption in accordance with at least one embodiment]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Durham with the disclosure of Ogawa. The motivation or suggestion would have been to "provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments." (Abstract)
Regarding Claim 11, Ogawa discloses An encryption system comprising an encryption device and a decryption device, wherein the encryption device comprises: at least one first memory configured to store first instructions; and at least one first processor configured to execute the first instructions to: generate a sequence of blocks by dividing data to be encrypted into blocks of fixed length; perform encryption using a block cipher for each block in the sequence of blocks into which the data to be encrypted is divided, [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data - the "OTR method divides...information...into n bits" which indicates a fixed length]
and concatenate the encrypted blocks to generate encrypted data; [Here, “||” indicates bit concatenation. “0 .sup.X ” represents a value obtained by concatenating X bits having a value “0”. | N | indicates the bit length of nonce N]
and generate a tag for each first block set, which is a block set that is a combination of blocks included in a sequence of blocks into which the data to be encrypted is divided, [Then, the data authentication tag generation unit 205 generates the data authentication tag TE by encrypting the checksum CS obtained by Expression (7)]
and the decryption device comprises: at least one second memory configured to store second instructions; and at least one second processor configured to execute the second instructions to: generate a sequence of blocks by dividing data to be decrypted into blocks of fixed length; decrypt each block included in the sequence of blocks into which the data to be decrypted has been divided, using a block cipher, [the encrypted block data C .sub.i (1 ≦ i ≦ m) divided in step S52 is decrypted to obtain the block data M .sub.i (1 ≦ i ≦ m). The data M consisting of is generated (step S54). The operation in step S54 is to decrypt a plurality of cipher block data in parallel]
generate a tag for each second block set, which is a block set that is a combination of blocks included in the decrypted block sequence, [process of decrypting encrypted data on the data decrypting side and a process of generating authentication data (authentication tag) used for verification]
Ogawa does not explicitly teach and concatenate the tags for each first block set to generate a tag for the encrypted data, and concatenate the decrypted blocks to generate decrypted data; and concatenate the tags for each second block set to generate a tag for the data to be decrypted; and detect the presence or absence of tampering in the data to be decrypted and the location of the tampering in a case where tampering is detected, based on the tag of the data to be decrypted and the tag of the encrypted data.
Durham teaches and concatenate the tags for each first block set to generate a tag for the encrypted data, [paragraph 0102, pointer cryptography and encoding unit 322 generates encrypted, untyped pointer 333 by concatenating the tag]
and concatenate the decrypted blocks to generate decrypted data; [paragraph 0080, The encrypted slice can be decrypted and concatenated with the upper address bits]
and concatenate the tags for each second block set to generate a tag for the data to be decrypted; [paragraph 0102, pointer cryptography and encoding unit 322 generates encrypted, untyped pointer 333 by concatenating the tag]
and detect the presence or absence of tampering in the data to be decrypted and the location of the tampering in a case where tampering is detected, based on the tag of the data to be decrypted and the tag of the encrypted data. [paragraph 0112, if the adversary attempts to tamper with the metadata (e.g., tag/version value) the resulting decoded address will be corrupted. In the 64-bit address space, address corruption will result in a fault with high probability, thus allowing the address corruption (and pointer access or bounds violation) to be caught by the privileged system component 142 (e.g., an operating system/executive/VMM/alternative mode/debug trace/management processor/subsystem, etc.)]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Durham with the disclosure of Ogawa. The motivation or suggestion would have been to "provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments." (Abstract)
Regarding Claim 12, Ogawa discloses wherein the at least one first processor is configured to execute the first instructions to, for each of the first block sets, generate a tag for the first block set by using a block cipher to encrypt a block generated by taking the bitwise exclusive OR for all blocks in the block set, and the at least second processor is configured to execute the second instructions to, for each of the second block sets, generate a tag for the second block set by using a block cipher to encrypt a block generated by taking the bitwise exclusive OR for all blocks in the block set. [The data authentication tag generation unit 205 calculates a checksum by obtaining an exclusive OR of all the block data M .sub.i (1 ≦ i ≦ m) divided by the block division unit 202, and calculates the checksum. By encrypting, the data authentication tag TE is generated – this is done for all blocks]
Regarding Claim 13, Ogawa discloses wherein the first block set is determined so that any block in the sequence of blocks into which the data to be encrypted is divided is included in at least one first block set, [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data]
and the second block set is determined such that any block in the sequence of decrypted blocks is included in at least one second block set.[the encrypted block data C .sub.i (1 ≦ i ≦ m) divided in step S52 is decrypted to obtain the block data M .sub.i (1 ≦ i ≦ m). The data M consisting of is generated (step S54). The operation in step S54 is to decrypt a plurality of cipher block data in parallel]
Regarding Claim 14, Ogawa discloses wherein the first block set is determined such that for any two blocks in the same first block set, there is always a first block set that includes only one of those two blocks and not the other, and the second block set is determined such that for any two blocks in the same second block set, there is always a second block set that includes only one of those two blocks and not the other. [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data]
Regarding Claim 15, Ogawa discloses wherein the at least one first processor is configured to execute the instructions to: encrypt blocks included in the sequence of blocks into which the data to be encrypted is divided [the OTR method divides authentication information (data sender identifier, etc.) into n bits and generates block authentication information A .sub.1 , A .sub.2 ,..., A .sub.a-1. , A .sub.a (a is the number of divisions). The OTR method is a block encryption information A .sub.1 , A .sub.2 ,..., A .sub.a-1 encrypted data, A .sub.a is obtained by calculating an exclusive OR with a random value and a block, An authentication tag T is generated from the checksum S generated from the data]
encrypt blocks generated by taking the bitwise exclusive OR for all blocks in the first block set [A .sub.a is obtained by calculating an exclusive OR with a random value and a block]
and the at least one second processor is configured to execute the instructions to: decrypt blocks included in the sequence of blocks into which the data to be decrypted is divided [the encrypted block data C .sub.i (1 ≦ i ≦ m) divided in step S52 is decrypted to obtain the block data M .sub.i (1 ≦ i ≦ m). The data M consisting of is generated (step S54). The operation in step S54 is to decrypt a plurality of cipher block data in parallel]
and encrypt blocks generated by taking the bitwise exclusive OR for all blocks in the second block set [A .sub.a is obtained by calculating an exclusive OR with a random value and a block]
Ogawa does not explicitly teach using a tweakable block cipher constituted using a combination of the block cipher and a tweak… using a tweakable block cipher constituted using a combination of the block cipher and a tweak…using a tweakable block cipher constituted using a combination of the block cipher and a tweak… using a tweakable block cipher constituted using a combination of the block cipher and a tweak.
Durham teaches using a tweakable block cipher constituted using a combination of the block cipher and a tweak… using a tweakable block cipher constituted using a combination of the block cipher and a tweak…using a tweakable block cipher constituted using a combination of the block cipher and a tweak… using a tweakable block cipher constituted using a combination of the block cipher and a tweak. [paragraph 0028, an XEX-based Tweaked CodeBook Mode with ciphertext stealing (XTS) block cipher that may be used for encryption and decryption in accordance with at least one embodiment]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Durham with the disclosure of Ogawa. The motivation or suggestion would have been to "provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments." (Abstract)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANDREW J STEINLE/Primary Examiner, Art Unit 2497