DETAILED ACTION
This Office Action is in response to the application filed on 07/23/2024 having claims 1-20 pending.
Claims 1-20 are examined and being considered on the merits.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.
Specification
The Specification filed on 07/23/2024 are accepted for examination purpose.
Drawings
The Drawings filed on 07/23/2024 are accepted for examination purpose.
Claim Objections
Claim 1 is objected to because of the following informalities: Claim 1 recites the following feature: “generating by the first entity and the second entity; a key tree based in the initialization vector counter …”. The claim feature should recite; “generating by the first entity and the second entity, a key tree based in the initialization vector counter …”. Appropriate correction is required.
Claim 11 and 19 are objected to because of the following informalities recited in these claims. Specifically, claims 11 and 19 recite: “… generat[ing] a key based on the initialization vector counter, the key comprising: … a key that is determined for each of the one or more coeval states”. It is confusing as how a key, which is generated based on initialization vector counter, further comprise a key that is determined for each of the one or more coeval states. It appears that the “key” that is generated based on the initialization vector counter should be a “key tree”, instead, according to claim 1. For examination purpose, claim 11 and 19 will be treated as reciting “… generat[ing] a key tree based on the initialization vector counter, the key tree comprising: … a key that is determined for each of the one or more coeval states”. Appropriate correction is required.
Claim 6 is objected to because of the following informalities recited in these claims. Specifically, claim 6 recites the term, “… one or more of the coeval states”. There is no corresponding antecedent basis for the term, and the correction should be “… the one or more coeval states”, instead. Appropriate correction is required.
Claim 17 is objected to because of the following informalities: Claim 17 recites “the previous timing period state”. There is no corresponding antecedent basis, and the correction should be “a previous timing period state”, instead. Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 19 is rejected under 35 U.S.C. 101 because the claim is directed to non-statutory subject matter. Claim 15 recites "a computer readable storage medium"; however, the specification does not explicitly define as to what type of computer readable storage medium is claimed. At best, paragraphs [0113] and [0115], the specification provides some examples regarding different kinds of computer readable storage medium; however, the specification does not explicitly exclude transitory/propagated medium from the claimed computer readable storage medium. Broadly interpreted, the claimed “computer readable storage medium "can be any means that include propagate and transmission signals, which are non-eligible subject matter under 35 U.S.C.101. Therefore, claim 19 is directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 7, 10-13, 16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson et al. (US 10,560,269) hereinafter Johnson in view of Nourry et al. (US 8,548,164) hereinafter Nourry and further in view of Kravitz et al. (US 6,907,127) hereinafter Kravitz and Lynn et al. (5,444,781) hereinafter Lynn.
As per Claim 1, Johnson teaches a method for implementing a block cipher mode between a first entity and a second entity (Johnson, Abstract; “Methods and systems for improving authenticated encryption in counter-based cipher systems are presented. Embodiments of the present invention provide secure and efficient means to achieve both the authenticity and privacy goals of authenticated encryption, and are compatible with most block cipher modes of operation, e.g. CBC, CFB and CTR, and most symmetric-key cryptographic functions, e.g. AES, DES and RC5. … Col. 2, lines 2-5; “These counter-based cipher systems utilize time or simple incrementing counter (or a function of that counter), that is known at both the transmitter and receiver, to generate the IV. Once this system is synchronized, the IV need not be transmitted over-the-air, thereby reducing overhead.”), the method comprising:
generating, by the first entity and the second entity, an initialization vector counter (Johnson, Col. 2, lines 2-5; “These counter-based cipher systems utilize time or simple incrementing counter (or a function of that counter), that is known at both the transmitter and receiver, to generate the IV. Once this system is synchronized, the IV need not be transmitted over-the-air, thereby reducing overhead.”);
generating by the first entity and the second entity; a key [tree] based in the initialization vector counter (Johnson, Col. 6; lines 11-21; “The improved authenticated encryption block diagram shown in FIG. 9 uses the cipher feedback (CFB) mode of operation to achieve both the privacy and authentication goals, thereby enabling a more efficient and compact hardware and software implementation. The left-hand portion of FIG. 9 shows the CFB mode of operation for authentication which starts with the block cipher encryption module 920 generating a keystream (not explicitly shown) based on a counter-based IV 960 and a key 940, which is XOR-ed with the first block of plaintext 910-1 to generate a first block of ciphertext 930-1 using an adder 925.”), [the key tree comprising]:
[one or more coeval states, wherein each of the one or more coeval states represents a time period where the time period of each subsequent coeval state is nested within the previous coeval states];
[a key that is determined for each of the one or more coeval states]; and
[each of the one or more coeval states is determined based on counter max values];
encrypting, by the first entity using the key, one or more blocks of data to be transmitted to the second entity (Johnson, Col. 8, lines 13-16; “With reference to FIGS. 4-6 and 9-11, the method 1200 begins at step 1210 wherein at least a plurality of blocks of plaintext and a key are used by a first cryptographic function to generate one or more blocks of cryptographic output.” … Col. 8-9, lines 61-2; “At step 1240, the data-dependent IV, the key and the blocks of plaintext are used as inputs to a second cryptographic function which generates a plurality of blocks of ciphertext. Some embodiments use any one of the block cipher functions enumerated above as the second cryptographic function to encrypt the blocks of plaintext using the dependent IV. This ensures that when the plurality of blocks of ciphertext generated at this step are transmitted over the air, their security remains uncompromised.”), the second entity is capable of decrypting the one or more blocks (Johnson, Col. 4, lines 38-43; “The decryption and authentication code verification system shown in FIG. 5 is the inverse of encryption and authentication code generation system shown in FIG. 4. In an embodiment, a receiver 590 receives a concatenated over-the-air transmission 580 comprising the ciphertext 570 and the tag 535-1 using antenna 595.”) [only if they are received during the time period of each of the one or more coeval states].
Johnson does not expressly teach:
generating … a key tree … the key tree comprising:
one or more coeval states, wherein each of the one or more coeval states represents a time period where the time period of each subsequent coeval state is nested within the previous coeval states;
a key that is determined for each of the one or more coeval states; and
each of the one or more coeval states is determined based on counter max values; and
… decrypting the one or more blocks only if they are received during the time period of each of the one or more coeval states.
However, Nourry teaches:
one or more coeval states, wherein each of the one or more coeval states represents a time period where the time period of each subsequent coeval state is nested within the previous coeval states (Nourry, Col. 2, lines 43-52; “In order to ensure, for each data block to be encrypted, a uniqueness of the counter obtained by combining the time reference associated with the data block to be encrypted and the value of the initialization vector, a new value of the initialization vector is defined at a frequency such that the time references associated with the data blocks to be encrypted are unique for a given value of the initialization vector. This frequency is therefore normally a function of the length of the time reference associated with the data blocks to be encrypted.” … Col. 5, lines 13-25; “A counter 14 is thus obtained. For a given initialization vector value, the time references associated with each of the data blocks to be encrypted are preferably unique. Such a counter 14 is consequently unique for each of the data blocks to be encrypted. Then, a new value of the initialization vector is preferably defined before values of the time references already associated with data blocks to be encrypted are reused. Consequently, in an embodiment of the present invention, a new initialization vector value is advantageously defined at a frequency that is dependent on the length of the format of the time reference associated with the data blocks to be encrypted.”);
a key that is determined for each of the one or more coeval states (Nourry; Col. 4-5, lines 67-3; “A data block to be encrypted 12 is associated with a time reference RT13 (i.e., coeval state). First, an initialization vector VI 10 value is defined. An encryption key K 19 is also first defined.” … Col. 5, lines 13-20; “A counter 14 is thus obtained. For a given initialization vector value, the time references associated with each of the data blocks to be encrypted are preferably unique. Such a counter 14 is consequently unique for each of the data blocks to be encrypted. Then, a new value of the initialization vector is preferably defined before values of the time references already associated with data blocks to be encrypted are reused.” Col. 5, lines 29-34; “Then, an operation 18 consists in using an encryption function to process the duly obtained counter and the encryption key defined previously. This operation makes it possible to supply a series of encryption bits. Then, by combining the series of encryption bits and the data block to be encrypted 12, the encrypted data block 16 is obtained.” Examiner submits that the “series of encryption bits” is interpreted as a key determined for each coeval state. See Fig. 1); and
the second entity is capable of decrypting the one or more blocks only if they are received during the time period of each of the one or more coeval states (Nourry; Col. 8, lines 40-46; “a decryption device advantageously implements a decryption method according to the invention. FIG. 9 illustrates such a decryption device 90, comprising an entity 91 for storing the encrypted data to be decrypted, an entity 92 for decrypting the data to be decrypted and an entity 93 for storing the decrypted data”. Col. 2, lines 43-52; “In order to ensure, for each data block to be encrypted, a uniqueness of the counter obtained by combining the time reference associated with the data block to be encrypted and the value of the initialization vector, a new value of the initialization vector is defined at a frequency such that the time references associated with the data blocks to be encrypted are unique for a given value of the initialization vector. Col. 4, lines 1-11; “or each data block to be decrypted, steps consisting in: obtaining a counter, by combining said time reference and said value of the initialization vector; obtaining a series of decryption bits via a decryption function taking said encryption key and said counter as input parameters, said decryption function being equivalent to the encryption function used in said encryption method; decrypting said encrypted data block by combining it with said series of decryption bits, via a combination that is the reverse of that used in said encryption method.”).
Johnson and Nourry are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for improved block cipher techniques related to chaining and MACs.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nourry system into Johnson system, with a motivation to provide a time reference value associated with an encryption cipher block technique (Nourry, Col. 3, lines 53-56).
The combination of Johnson and Nourry does not expressly teach:
generating … a key tree … the key tree comprising:
each of the one or more coeval states is determined based on counter max values.
However, Kravitz teaches:
generating … a key tree … the key tree (Kravitz; Col. 9, lines 10-15; “The present invention supports hierarchical key (i.e., key tree) management systems. Such infrastructures may support many applications, including Kerberos type authorization systems, and data distribution via conditional access systems.” … Col. 9, lines 44-47; “Different modes may be used by the present invention. The modes are groups of algorithms that may be used in performing operations such as encode, decode, wrap and unwrap.” … Col. 9, lines 62-66; “Another example of a mode known to those skilled in the art is the cipher block chaining (CBC) mode. CBC mode is a chaining mode where part of an operation may be the result of either a previous operation or another predetermined value such as an initialization vector (IV).”).
Johnson, Nourry and Kravitz are from a similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for improve block cipher techniques related to chaining and MACs.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kravitz system into Johnson-Nourry system, with a motivation to provide a key generation based on a key structure compatible with a CBC mode (Kravitz, Col. 9, lines 10-15).
The combination of Johnson, Nourry and Kravitz does not expressly teach:
each of the one or more coeval states is determined based on counter max values.
However, Lynn teaches:
each of the one or more coeval states is determined based on counter max values (Lynn, Col. 6, lines 9-18; “Resetting the IV generator 29 results in the generation of a new initialization vector 14. Counter 21 has been described with respect to FIG. 2 as a plaintext data 32 sequence counter, decrementing with each sequence processed. Counter 21 equivalently implements a timer or clock function, resetting the IV generator 29 after a period of time set by Max Count 21. In this way, initialization vector 14 extends the usability of the key 12 by making the corresponding PN sequence 24 more difficult to determine.”)
Johnson, Nourry, Kravitz and Lynn are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for improve block cipher techniques related to chaining and MACs.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lynn system into Johnson-Nourry-Kravitz system, with a motivation to provide a time base sequence using counter values (Lynn, Col. 6, lines 9-18).
As per claim 2, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 1. Johnson teaches further comprising, generating, by the first entity, an integrity tag comprising a fast drop tag and a key confirming message authentication code (KCM) (Johnson, Col. 1, lines 30-34; “FIGS. 1-3 show block diagrams of representative prior art for authenticated encryption, each of which employ a block cipher to encrypt the data and generate a message authentication code (MAC), and then transmit the MAC and ciphertext an ciphertext, to provide authenticity and privacy, respectively”. Col. 4, lines 18-20; “In an embodiment, a portion of the ciphertext 430 is used as the authentication code or tag 435”. Col. 4-5, lines 62-6; “The embodiment for encryption and authentication code generation for improved authenticated encryption shown in FIG. 6 is similar to that shown in FIG. 4, but substitutes a secure hash function 620 in the place of the block cipher encryption module 420. The secure hash function 620 may be any version (denoted “x”) of the Secure Hash Algorithm (SHA-x), the Message Digest (MDx), the RACE Integrity Primitives Evaluation Message Digest (RIPEMD-x), BLAKE-x, or any other hash function known in the art. The secure hash function 620 generates a hash value 630 of a fixed length given the plaintext input 610, and the tag 635 is a portion of the hash value 630.” … Col. 5, lines 39-58; “FIGS. 8A, 8B and 8C depict different embodiments for generating the data-dependent initialization vectors, according to embodiments of the present invention, and as described above in the context of FIGS. 4-7. In FIG. 8A, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with the counter-based initialization vector 860 to generate the data-dependent IV 865. This embodiment results in an initial portion of the counter-based IV being augmented by the data-dependent tag (i.e., fast drop tag), ensuring that the IV used to achieve the privacy goal does not repeat. In FIG. 8B, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with a partially zeroed-out version of the counter-based initialization vector 860. That is, an initial portion of the counter-based IV 860 with a length equal to the length of the tag 835 is zeroed-out, and then XOR-ed with the zero-added tag, thereby resulting in the data-dependent IV 865 being a concatenation of the tag 835 and a portion of counter-based IV 860.” … Col. 5, lines 64-65; “as shown in FIG. 8C, wherein the entire ciphertext 830 is used as the tag 835, and consequently as the data-dependent tag 865” … Col. 6, lines 31-38; “That is, the last portion of plaintext 910-3 is zero-padded and XOR-ed with the keystream (not shown) generated by the block cipher encryption module 920 to produce a penultimate block of ciphertext 930-3. This block of ciphertext is then used as an IV to encrypt a block of zeros 910-4 to generate a final block of ciphertext 930-4. A portion of the final block of ciphertext 930-4 is used as the authentication code or tag 935.”).
As per claim 3, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 2. Johnson further teaches wherein the fast drop tag comprises data based on each of the coeval states (Johnson; Col. 5, lines 39-58; “FIGS. 8A, 8B and 8C depict different embodiments for generating the data-dependent initialization vectors, according to embodiments of the present invention, and as described above in the context of FIGS. 4-7. In FIG. 8A, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with the counter-based initialization vector 860 to generate the data-dependent IV 865. This embodiment results in an initial portion of the counter-based IV being augmented by the data-dependent tag, ensuring that the IV used to achieve the privacy goal does not repeat. In FIG. 8B, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with a partially zeroed-out version of the counter-based initialization vector 860. That is, an initial portion of the counter-based IV 860 with a length equal to the length of the tag 835 is zeroed-out, and then XOR-ed with the zero-added tag, thereby resulting in the data-dependent IV 865 being a concatenation of the tag 835 and a portion of counter-based IV 860.” … Col. 5, lines 64-65; “as shown in FIG. 8C, wherein the entire ciphertext 830 is used as the tag 835, and consequently as the data-dependent tag 865.”); and
wherein … the coeval states based on the fast drop tag (Johnson, Col. 1, line 66 to Col. 2, line 5; “Each of the prior art approaches use block ciphers, and in particular, may employ counter-based block ciphers, which are an especially important class of block ciphers due to their efficiency. These counter-based cipher systems utilize time or simple incrementing counter (or a function of that counter), that is known at both the transmitter and receiver, to generate the IV”. Col. 5, lines 39-58; “FIGS. 8A, 8B and 8C depict different embodiments for generating the data-dependent initialization vectors, according to embodiments of the present invention, and as described above in the context of FIGS. 4-7. In FIG. 8A, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with the counter-based initialization vector 860 to generate the data-dependent IV 865 (i.e., fast drop tag). This embodiment results in an initial portion of the counter-based IV being augmented by the data-dependent tag, ensuring that the IV used to achieve the privacy goal does not repeat. In FIG. 8B, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with a partially zeroed-out version of the counter-based initialization vector 860. That is, an initial portion of the counter-based IV 860 with a length equal to the length of the tag 835 is zeroed-out, and then XOR-ed with the zero-added tag, thereby resulting in the data-dependent IV 865 being a concatenation of the tag 835 and a portion of counter-based IV 860.” … Col. 5, lines 64-65; “as shown in FIG. 8C, wherein the entire ciphertext 830 is used as the tag 835, and consequently as the data-dependent tag 865” Examiner submits that the fast drop tag is based on the counter-based IV, which depends on the time or counter value).
Nourry additionally teaches the second entity is capable of determining each of the coeval states (Nourry, Col. 8, lines 42-46; “FIG. 9 illustrates such a decryption device 90, comprising an entity 91 for storing the encrypted data to be decrypted, an entity 92 for decrypting the data to be decrypted”. Col. 5, lines 13-20; “A counter 14 is thus obtained. For a given initialization vector value, the time references associated with each of the data blocks to be encrypted are preferably unique. Such a counter 14 is consequently unique for each of the data blocks to be encrypted. Then, a new value of the initialization vector is preferably defined before values of the time references already associated with data blocks …. Col. 4, lines 1-4; “decryption method comprises, for each data block to be decrypted, steps consisting in: obtaining a counter, by combining said time reference and said value of the initialization vector”).
Johnson and Nourry are from similar field of technology. Prior to the instant application’s effective filling date, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Nourry with Johnson to have a decryption device capable of applying time reference as counter values to further derive the counter-based IV and the data-dependent IV for decryption of encrypted block data with a motivation to ensure that time reference values of the counter would not repeat (Johnson, Col. 2, lines 18-23).
As per claim 7, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 2. Johnson further teaches wherein the integrity tag comprises one or more padding bits that are not transmitted to the second entity (Johnson, Col. 4-5, lines 62-6; “The embodiment for encryption and authentication code generation for improved authenticated encryption shown in FIG. 6 is similar to that shown in FIG. 4, but substitutes a secure hash function 620 in the place of the block cipher encryption module 420. The secure hash function 620 may be any version (denoted “x”) of the Secure Hash Algorithm (SHA-x), the Message Digest (MDx), the RACE Integrity Primitives Evaluation Message Digest (RIPEMD-x), BLAKE-x, or any other hash function known in the art. The secure hash function 620 generates a hash value 630 of a fixed length given the plaintext input 610, and the tag 635 is a portion of the hash value 630.” … Col. 5, lines 39-58; “FIGS. 8A, 8B and 8C depict different embodiments for generating the data-dependent initialization vectors, according to embodiments of the present invention, and as described above in the context of FIGS. 4-7. In FIG. 8A, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with the counter-based initialization vector 860 to generate the data-dependent IV 865. This embodiment results in an initial portion of the counter-based IV being augmented by the data-dependent tag, ensuring that the IV used to achieve the privacy goal does not repeat. In FIG. 8B, the tag 835 is a portion of the ciphertext 830, and is zero-padded to the length of the initialization vector 860 prior to being XOR-ed with a partially zeroed-out version of the counter-based initialization vector 860. That is, an initial portion of the counter-based IV 860 with a length equal to the length of the tag 835 is zeroed-out, and then XOR-ed with the zero-added tag, thereby resulting in the data-dependent IV 865 being a concatenation of the tag 835 and a portion of counter-based IV 860.” … Col. 5, lines 64-65; “as shown in FIG. 8C, wherein the entire ciphertext 830 is used as the tag 835, and consequently as the data-dependent tag 865.” … Col. 6, lines 31-38; “That is, the last portion of plaintext 910-3 is zero-padded and XOR-ed with the keystream (not shown) generated by the block cipher encryption module 920 to produce a penultimate block of ciphertext 930-3. This block of ciphertext is then used as an IV to encrypt a block of zeros 910-4 to generate a final block of ciphertext 930-4. A portion of the final block of ciphertext 930-4 is used as the authentication code or tag 935.”).
As per claim 10, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 1. Johnson further teaches wherein the initialization vector counter is determined based on a request time from an initiator and a response time from a responder (Johnson, Col. 2, lines 2-5; “These counter-based cipher systems utilize time or simple incrementing counter (or a function of that counter), that is known at both the transmitter and receiver, to generate the IV. Once this system is synchronized, the IV need not be transmitted over-the-air, thereby reducing overhead.”).
As per claim 11, it is a system claim that recites similar limitations as presented on independent claim 1. Therefore, claim 11 is rejected using the same rationale applied to claim 1. In addition, Johnson teaches a processor coupled to a memory for the first entity (Johnson, Col. 9, lines 59-60; “A processor 1401 is connected to a memory 1403 that interfaces with a key generator 1430.” … Col. 10, lines 13-16; “The processor 1401 shown in FIG. 14 may comprise component digital processors and may be configured to execute computer-executable program instructions stored in memory 1403.”), the processor configured to generate an initialization vector counter responsive to a connection with the second entity (Johnson, Fig. 5 and Col. 2, lines 2-5; “These counter-based cipher systems utilize time or simple incrementing counter (or a function of that counter), that is known at both the transmitter and receiver, to generate the IV. Once this system is synchronized, the IV need not be transmitted over-the-air, thereby reducing overhead.”).
As per claim 12, the rejection of claim 11 is included. In addition, claim 12 is a system claim that recites similar limitation as presented at claim 2. Therefore, claim 12 is rejected using the same rationale applied to claim 2.
As per claim 13, the rejection of claim 12 is included. In addition, claim 13 is a system claim that recites similar limitation as presented at claim 3. Therefore, claim 13 is rejected using the same rationale applied to claim 3.
As per claim 16, the rejection of claim 12 is included. In addition, claim 16 is a system claim that recites similar limitation as presented at claim 7. Therefore, claim 16 is rejected using the same rationale applied to claim 7.
As per claim 18, the rejection of claim 11 is included. In addition, claim 18 is a system claim that recites similar limitation as presented at claim 10. Therefore, claim 18 is rejected using the same rationale applied to claim 10.
As per claim 19, it is a computer readable storage medium claim that recites similar limitations as presented on independent claim 11. Therefore, claim 19 is rejected based on the same rationale applied to claim 11 above. In addition, Johnson teaches a computer readable storage medium having data stored therein representing a software executable by a processor (Johnson, Col. 10, lines 38-41; “Memory 1403 may comprise a non-transitory computer-readable medium that stores instructions which, when executed by the processor 1401, cause the processor 1401 to perform various steps, such as those described herein.”).
As per claim 20, the combination of Johnson, Nourry, Kravitz and Lynn teaches the computer readable storage medium of claim 19. In addition, claim 20 recites limitations that are similar to those of claim 3 and 7. Therefore, claim 20 is rejected with the same rationale and motivation as applied against claims 3 and 7 above.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson et al. (US 10,560,269) hereinafter Johnson in view of Nourry et al. (US 8,548,164) hereinafter Nourry and further in view of Kravitz et al. (US 6,907,127) hereinafter Kravitz and Lynn et al. (5,444,781) hereinafter Lynn as applied to claim 2, and further in view of Osborn et al. (US 11,210,664) hereinafter Osborn.
As per claim 8, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 2, [wherein the KCM is configured to confirm both an integrity key and an encryption key].
The combination of Johnson, Nourry, Kravitz and Lynn does not expressly teach:
wherein the KCM is configured to confirm both an integrity key and an encryption key.
However, Osborn teaches:
wherein the KCM is configured to confirm both an integrity key and an encryption key (Osborn, Col. 14, lines 31-34; “The session keys (MAC Key 435 and ENC Key 440) (i.e., integrity key and encryption key) may be generated by the one or more applets and derived by using the application transaction counter 445 with one or more algorithms.” … Col. 30, lines 52-67; “Some examples of the methods described herein may advantageously confirm when a successful authentication is determined when the following conditions are met. First, the ability to verify the MAC shows that the derived session key was proper (i.e., confirming the keys). The MAC may only be correct if the decryption was successful and yielded the proper MAC value. The successful decryption may show that the correctly derived encryption key was used to decrypt the encrypted MAC. Since the derived session keys are created using the master keys known only to the sender (e.g., the transmitting device) and recipient (e.g., the receiving device), it may be trusted that the contactless card which originally created the MAC and encrypted the MAC is indeed authentic. Moreover, the counter value used to derive the first and second session keys may be shown to be valid and may be used to perform authentication operations.”).
Johnson, Nourry, Kravitz, Lynn and Osborn are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for improve block cipher techniques related to chaining and MACs.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Osborn system into Johnson-Nourry-Kravitz-Lynn system, with a motivation to provide confirm/validation of keys using the MAC (Osborn, Col. 30, lines 52-67).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson et al. (US 10,560,269) hereinafter Johnson in view of Nourry et al. (US 8,548,164) hereinafter Nourry and further in view of Kravitz et al. (US 6,907,127) hereinafter Kravitz and Lynn et al. (5,444,781) hereinafter Lynn, as applied to claim 2, and further in view of Aschauer et al. (US 11,784,790) hereinafter Aschauer.
As per claim 9, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 2.
The combination of Johnson, Nourry, Kravitz and Lynn does not expressly teach:
generating a per-message service ID that is capable of validating the initialization vector counter.
However, Aschauer teaches:
generating a per-message service ID that is capable of validating the initialization vector counter (Aschauer, Col. 8, lines 31-38; “The check code PRC, can be used e.g. to protect the initialization-vector-based counter value. In addition, in an embodiment, the check code for authenticating the initialization vector is embodied in the form of an asymmetrical signature or as a symmetrical “message authentication code <MAC>”.).
Johnson, Nourry, Kravitz, Lynn and Aschauer are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for improve block cipher techniques related to chaining and MACs.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Aschauer system into Johnson-Nourry-Kravitz-Lynn system, with a motivation to provide a service to validate an initialization vector (Aschauer, Col. 8, lines 31-38).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Johnson et al. (US 10,560,269) hereinafter Johnson in view of Nourry et al. (US 8,548,164) hereinafter Nourry and further in view of Kravitz et al. (US 6,907,127) hereinafter Kravitz and Lynn et al. (5,444,781) hereinafter Lynn, as applied to claim 11, and further in view of Cho et al. (US 2023/0030501) hereinafter Cho.
As per claim 17, the combination of Johnson, Nourry, Kravitz and Lynn teaches the method of claim 11.
The combination of Johnson, Nourry, Kravitz and Lynn does not expressly teach: wherein each subsequent timing period state is an integral subdivision of the previous timing period state.
However, Cho teaches wherein each subsequent timing period state is an integral subdivision of the previous timing period state (Cho, Fig. 6 and parag. [0063]; “The time counter 602 may comprise any suitable mechanism that generates a counter value that is incremented at ongoing time-based intervals”. Parag. [0065]; “In one embodiment, the encryption engine 218 may also generate the encryption key 310 as a function of the previous encryption key 610. Parag. [0075]; “The second block counter value 708 comprises the block counter value 708 used to encrypt the first unencrypted data block 802a incremented by ‘1’. The third unencrypted data block 802c is encrypted by the encryption engine 218 using the encryption key 310 and a third block counter value 708 to create an encrypted data block 804c that is transmitted through the secure communication channel 306. The third block counter value 708 comprises the block counter value 708 used to encrypt the second unencrypted data block 802b incremented by ‘1’” Examiner submits that the next counter time-based value is increment of the previous counter time-based value with an initial time counter value so that the corresponding encryption key may be generated as a function of the initial time counter value and previous counter time-based value. See Fig. 6).
Johnson, Nourry, Kravitz, Lynn and Cho are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for obtaining the current time counter value based on the state of the previous time counter value with the initial time counter value.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Cho system into Johnson-Nourry-Kravitz-Lynn system, with a motivation for maintaining trusted execution in an untrusted computing environment (Cho, parag. [0001]) with the counter-based encryption technique.
Allowable Subject Matter
Claims 4-6 and 14-15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Below is the most relevant list of prior-art references according to the subject matter claimed on the instant application:
Johnson et al. (US 10560,269) relates to methods and systems for improving authenticated encryption in counter-based cipher systems are presented. Embodiments of the present invention provide secure and efficient means to achieve both the authenticity and privacy goals of authenticated encryption, and are compatible with most block cipher modes of operation, e.g. CBC, CFB and CTR, and most symmetric-key cryptographic functions, e.g. AES, DES and RC5. In particular, using block cipher encryption with data-dependent initialization vectors achieve the privacy goal and enable over-the-air transmissions to remain uncompromised, especially in scenarios that may result in the counter being reset in counter-based cipher systems.
Nourry et al. (8,548,164) relates to digital data blocks are encrypted, each data block that is to be encrypted being associated with a time reference. A value of an initialization vector Vi and an encryption key K are defined. Then, a counter C is obtained for each data block to be encoded, by combining the time reference and the value of the initialization vector. A series of binary encryption elements is obtained via an encryption function taking the encryption key K and counter C as input parameters. The data block is then encrypted by combining it with the series of binary encryption elements.
Kravitz et al. (6,907,127) relates to discloses a construction for key management module functionality which provides for secure encoding and decoding of messages which are up to two blocks long. A method for generating an encoded value having a first encoded value part and a second encoded value part from an unencoded value having a first unencoded value part and a second unencoded value part, comprising the steps of: obtaining an initialization vector; and generating the first and second encoded value parts. The first encoded value part is generated by: generating a first result by encrypting the first unencoded value part; generating a second result by performing an exclusive or operation on the first result and the second unencoded value part; generating a third result by performing an exclusive or operation on the second result and the initialization vector; generating a fourth result by encrypting the third result; generating a fifth result by performing an exclusive or operation on the fourth result and the first unencoded value part; and encrypting the fifth result. The second encoded value part is generated by encrypting the second result.
Lynn et al. (5,444,781) relates to data encryption, and more particularly to a method and apparatus for varying the computational overhead associated with encrypting and decrypting digital data signals by selectively reusing, according to the desired level of security, a pseudorandom encoding sequence at the transmitter end and by storing and reusing pseudorandom decoding sequences at the receiver end.
The combination of the above-mentioned references teaches the various claimed features in the independent claim 1. However, each of the references discussed above, either alone or in combination, at least, fails to teach or suggest the limitations presented on dependent claims along with the applied references by Osborn et al. (US 11,210,664), Aschauer et al. (US 11,784,790), and Cho et al. (US 2023/0030501).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Durham, et al. (US 9,990,249) relates to apparatus, systems, and/or methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits, for example based on a compressibility function. An integrity action may be implemented when the unencrypted data includes a random distribution of the plurality of bits, which may include error correction including a modification to ciphertext of the unencrypted data. Independently of error correction, a diffuser may generate intermediate and final ciphertext. In addition, a key and/or a tweak may be derived for a location in the memory. Moreover, an integrity value may be generated (e.g., as a copy) from a portion of the unencrypted data, and/or stored in a slot of an integrity check line based on the location.
Unruh (US 2010/00303229) relates to a modified Counter Mode encryption technique encrypts data by receiving a seed value, generating a first value from an operation of the seed value and the plaintext; and encrypting the first value using a block encryption cipher to produce ciphertext. The operation may be an exclusive-or operation. The seed value may be a counter value based upon a position of the block of plaintext in a record of plaintext, where the length of the counter value is based upon the length of the block. The counter value may be generated by adding an initialization vector to a product of an index value and a multiplier value, where the multiplier value comprises a randomly-generated value, the index value is based upon the position of the block of plaintext in the record of plaintext, and the length of the initialization vector and the length of the multiplier value are based upon the length of the block.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.D.C./Examiner, Art Unit 2498
/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498