MICROPROCESSOR EQUIPPED WITH A HARDWARE SECURITY MODULE

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted by applicant dated 07/31/2024 have been considered by the examiner. Specification The abstract of the disclosure is objected to because it recites "Fig 1" on line 16. The abstract should be in narrative form and the inclusion of a reference figure breaks with the narrative. Moreover, the abstract should not exceed 15 lines of text. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b). The paragraph numbering is objected to because it does not consist of at least four numerals. enclosed in square brackets, including leading zeros (e.g., [0001]). See 37 CFR 1.52(b)(6). The current numbering, beginning with [001], fails to meet this requirement. Applicant is required to submit a substitute specification with corrected paragraph numbering. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1, 8 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. US 20220357927 A1 (reference patent). Although the claims at issue are not identical, they are not patentably distinct from each other because Claim 1 of the reference patent anticipated the claim 1, 8 of the instant application. See analysis below: Instant application no. 18790786 Reference patent no. US 20220357927 A1 Claims 1, 9 A microprocessor equipped with an arithmetic logic unit, with a main bank of registers and with a hardware security module, in which: a) the arithmetic logic unit is capable of executing an arithmetic logic instruction comprising an opcode and one or more operands, which arithmetic logic instruction, when it is executed by the arithmetic logic unit of the microprocessor, causes an operation D1*D2*…*Dn to be performed and the result of this operation to be recorded in a register Rres-p,0 of the main bank of registers, where: - the index n is equal to the number of data Di processed by the arithmetic logic instruction, the index n being greater than or equal to one, - D1 to Dn are data recorded in registers R1,0 to Rn,0 of the main bank of registers, respectively, the size, in number of bits, of each of these data Di being equal to 2d, where d is an integer greater than two, - the registers R1,0 to Rn,0 are the registers designated by the operands of the arithmetic logic instruction, - the symbol "*" is the arithmetic or logic operation designated by the opcode of the arithmetic logic instruction, b) the hardware security module is configured to execute the following operations: 1) each time an instruction to load a datum Di into a register Ri,0 of the main bank of registers is executed by the microprocessor: - computing a code Ci,α1 using a relationship Ci,α1 = Qα1(Di), where the function Qα1 is a preprogrammed function parameterized by a current secret key α1 prerecorded in the hardware security module and known only by the hardware security module, and - recording the computed code Ci,α1 in a register Ri,1, corresponding to the register Ri,0, of a first auxiliary bank of registers, 2) in parallel with execution, by the arithmetic logic unit, of the arithmetic logic instruction causing the operation D1*D2*…*Dn to be performed and the result of this operation to be recorded in the register Rres-p,0 of the main bank of registers, computing a code Cres-t using the codes C1,α1, C2,α1, … , Cn,α1 recorded in the first auxiliary bank of registers and without using the result Dres-p, then 3) verifying that the computed code Cres-t corresponds to a code Cres-p obtained from the result Dres-p and triggering signaling of an execution error if the code Cres-t does not correspond to the code Cres-p and, in the contrary case, inhibiting this signaling, wherein the hardware security module is also configured to execute the following operations: 4) each time a datum Di is written to a register Ri,0 of the main bank of registers and before replacement of the current secret key α1 by a new secret key α2 is triggered: - computing a code Ci,α2 using a relationship Ci,α2 = Qα2(Di) where the function Qα2 is the same preprogrammed function as the function Qα1 except that the current secret key α1 is replaced by the new secret key α2, then - recording the computed code Ci,α2 in a register Ri,2, corresponding to the register Ri,0, of a second auxiliary bank of registers and marking this register as having been updated, 5) only when all the registers of the second auxiliary bank have been marked as having been updated, triggering, at a time tr1, replacement of the current secret key α1 by the new secret key α2 and, from this time tr1, for any new arithmetic logic instruction, the execution of which starts after this time tr1, using the secret key α2 and the codes Ci,α2 recorded in the second auxiliary bank of registers instead of the secret key α1 and the codes Ci,α1 recorded in the first auxiliary bank of registers, respectively, to compute and verify the code Crest-t. Claim 1 Microprocessor equipped with an arithmetic and logic unit and with a hardware security module, wherein: a) the arithmetic and logic unit is capable of executing an arithmetic instruction, comprising an opcode and one or more operands, that, when executed by the arithmetic and logic unit of the microprocessor, causes a mathematical operation D1*D2*...*D, to be performed and the result of this operation to be stored in a register Rres-p, where: - the subscript n is equal to the number of data items Di processed by the arithmetic instruction, the subscript n being greater than or equal to one, - D1 to Dn are data items that are stored in registers R1 to Rn, respectively, of the microprocessor, the size, in terms of the number of bits, of each of these data items Di being equal to 2d, where d is an integer greater than two, - the registers R1 to Rn are the registers denoted by the operands of the arithmetic instruction, - the symbol "*" is the arithmetic operation denoted by the opcode of the arithmetic instruction, b) the microprocessor is configured to perform the following operations: 1) for each data item Di, computation of a code C; using a relationship Ci = Qa(Di) and association of the computed code C; with the data item Di, the function Qa being a pre-programmed function configured by a secret key a that is pre-stored in the microprocessor and known only to the microprocessor, 2) each time an instruction for loading a data item Di into a register Ri of the microprocessor is executed by the microprocessor, the loaded data item Di is stored in the register Ri and the code C; associated therewith is stored in the same register Ri or in a register associated with the register Ri, then 3) execution of the arithmetic instruction and storage of the result Dres-p of this execution in the register Rres-p, and computation, by the security module, of a code Crest using the codes C1, C2, ..., Cn and without using the result Dresp, then 4) checking that the computed code Crest corresponds to a code Cresp obtained from the result Dres-p and triggering of the signalling of an execution fault if the code Cres-t does not correspond to the code Cres.p and, otherwise, suppressing this signalling, Claim 8: The microprocessor as claimed in claim 1, wherein the function Qα is defined by the following relationship: Qα(Di) = P o Fα(Di), where P is a predetermined function and Fα is a function defined by the following relationship: Fα(Di)= E0 o…o Eq o ... o ENbE-1(Di), where each function Eq is a transposition stage and the index q is an order number between zero and NbE-1, where NbE is an integer greater than one and less than or equal to d, each transposition stage Eq being defined by the following relationship: Eq(x) = Tαm,q o…o Tαj,q o ... o Tα1,q o Tα0,q(x), where: - x is a variable the size of which, in number of bits, is equal to the size of the datum Di, - Tαj,q is a conditional transposition, parameterized by the parameter αj,q, that permutes two blocks of bits B2j+1,q and B2j,q of the variable x when the parameter αj,q is equal to a first value and that does not permute these two blocks of bits when the parameter αj,q is equal to a second value, the transposition Tαj,q differing from all the other transpositions of the function Fα in that it is the only one that permutes the two blocks B2j+1,q and B2j,q when the parameter αj,q is equal to the first value, the blocks B2j+1,q and B2j,q of all the transpositions Tαj,q of the stage Eq being different from one another and not overlapping so that all the transpositions Tαj,q of the stage Eq may be executed in parallel, - "m+1" is the total number of transpositions Tαj,q of the stage Eq, - "j" is an order number identifying the transposition Tαj,q among the other transpositions of the stage Eq, - the symbol "o" designates the operation of function composition, - the concatenation of the bits of all the parameters αj,q of all the stages Eq is equal to the value of the secret key α, and - for all the stages Eq for which q is less than NbE-1 and for all the transpositions Tαj,q of this stage, the blocks B2j+1,q and B2j,q are located inside a given block of larger size permuted by a transposition of the above stage Eq+1 when the parameter of this transposition of the above stage Eq+1 is equal to the first value. Claim 1: wherein the function Qa is defined by the following relationship: Qa(Di) = P oFa(Di), where P is a predetermined function and Fa is a function defined by the following relationship: Fa(Di)= Eo o...o Eq o ... o ENbE1(Di), where each function Eq is a stage of transpositions and the index q is an order number between zero and NbE-1, where NbE is a whole number greater than one and less than or equal to d, each stage Eq of transpositions being defined by the following relationship: Eq(x) = Tam,q0... O TajqO...o Ta1,qo Tao,q(x), where: - x is a variable whose size, in terms of the number of bits, is equal to the size of the data item Di, - Taj,q is a conditional transposition, configured by the parameter aj,q, that permutes two blocks of bits B2j+1,q and B2jq of the variable x when the parameter aj,q is equal to a first value and that does not permute these two blocks of bits when the parameter ajq is equal to a second value, the transposition Tajq being distinguished from all of the other transpositions of the function Fa by the fact that it is the only one that permutes the two blocks B2j+1,q and B2jq when the parameter aj,q is equal to the first value, the blocks B2j+1,q and B2j,q of all of the transpositions Taq of the stage Eq being different from one another and not overlapping in such a way that all of the transpositions Tajq of the stage Eq can be executed in parallel, - "m+1" is the total number of transpositions Tajq of the stage Eq, - "j" is an order number identifying the transposition Taj,q among the other transpositions of the stage Eq, - the symbol "o" denotes the function-composition operation, - the concatenation of the bits of all of the parameters aj,q of all of the stages Eqis equal to the value of the secret key a, and - for all of the stages Eq for which q is less than NbE-1 and for all of the transpositions Tajq of this stage, the blocks B2j+1,q and B2j,q are placed within one and the same block of greater size permuted by a transposition of the higher stage Eq+1 when the parameter of this transposition of the higher stage Eq+1 is equal to the first value. In the instant application, claim 1 recites an arithmetic and logic unit is capable of executing an arithmetic instruction. The reference patent (US 12039032 B2) recites an arithmetic logic unit containing a logic instruction. The reference patent does not recite the computing a code Ci,α2 using a relationship Ci,α2 = Qα2(Di) where the function Qα2 is the same preprogrammed function as the function Qα1 except that the current secret key α1 is replaced by the new secret key α2. However, Miyano (US 5442705 A) discloses teaches a relationship Ci = Q(Di) (Miyano [FIG. 1] output of the enciphering system "ciphertext" as C and plaintext input as D1, key (k) as subscript a, block encryption as Qa) Miyano teaches a relationship Ci = Q(Di) (Miyano [FIG. 1] output of the enciphering system "ciphertext" as C and plaintext input as D₁, key (k) as subscript a, block encryption as Qa). Miyano teaches renewing a key at each iteration (Miyano [Abstract] "Each of the stages is arranged to perform a complex key-dependent computation. Unique arrangement is provided for transposing the output of the cipher function circuit and then applying the output thereof to the memory. Therefore, the key is replaced with the output of the unique arrangement."). Also, Miyano teaches replacement of the current secret key α1 by the new secret key α2 (Miyano Col 5: the key K (i=1,2,..., 16) stored in the corresponding memory Mn can be renewed or replaced after each transposition). It would have been obvious to one of ordinary skill in the art to modify the logic instructions in the reference patent (US 20220357927 A1) to also include updating secret key with new secret key using a relationship Ci,α2 = Qα2(Di) as taught by Miyano. Thus, a person of ordinary skill in the art would have recognized that extending fault protection to renewing a key at each iteration would provide a predictable benefit by ensuring that a fault injected during one round of calculation does not persist across all iterations. Allowable Subject Matter Claim 1,9 would be allowable if rewritten to overcome the rejections set forth in this Office action. Claims 2-8 would be allowable based on dependence on claim 1, if written to overcome the rejection(s) under set forth in this Office action. The following is an examiner’s statement of reasons for allowance: The closest Prior art to the records: Paatero (US20050210287A1) teaches the integrity of this program code must be verified to ensure that the program code has not been altered during the transmission between the memories. Further, a new secret key is generated in the secure execution environment. This new secret key is used by a device processor (103) to encrypt the program code to be stored in the temporary memory in order to ensure that the program code is kept secret during transmission. Paatero fail to teach an arithmetic logic instruction causes the current secret key to be replaced by a new one. Dabbous (US 20040039931 A1) teaches performing operations one of which consists in processing at least a secret datum, said microcircuit including at least a non-volatile storage containing the secret datum or data, at least a work storage, said storage units being connected via a bus to said arithmetic and logic unit (ALU). By executing the cryptographic, it is possible to find the bits of the secret key used. Dabbous fails to teach arithmetic logic instruction causing to be performed and resulted of triggering replacement of the current secret key by a new secret key. But the remaining elements were neither found through a search of the prior art nor considered obvious by the Examiner. The primary reason for the allowance of claims is the inclusion of the specific mathematical construction of Ci,α1 = Qα1(Di). Specifically, compute and verify the code Crest-t after execution of instructions of triggering replacement of the current secret key α1 by the new secret key α2 for any new arithmetic logic instruction. This combination of multi-stage, key-replacement integrated within the framework of fault detection is not disclosed by the prior art. This Office is unable to discern a reasonable rationale from the prior art that such features are taught, suggested, or otherwise rendered obvious to a person having ordinary skill in the art before the effective filling date of the claimed invention. Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUDY BAZNA whose telephone number is (703)756-1258. The examiner can normally be reached Monday - Friday 08:30 AM-05:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JUDY BAZNA/ Examiner, Art Unit 2495 /FARID HOMAYOUNMEHR/ Supervisory Patent Examiner, Art Unit 2495