Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to Application with case number 18/835,569, filed on 8/2/2024 in which claims 1-20 are presented for examination.
Status of Claims
Claims 1-20 are pending, of which claims 1, 13, and 20 are in independent form.
Specification
The examiner notes that the Specification does not include any URL links and Trademark terms requiring capitalization.
The examiner notes that the abstract is in narrative form and is limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length and that abstract does not include any legal phraseology.
Priority
Claim for benefit of priority based on US Provisional Application No. 63/305,898 filed on 2/22022 is acknowledged by the examiner.
IDS
References cited in the IDS filed on 9/23/2025 and 12/26/2024 have been considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 13, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Doll et al. (US 2020/0184113 A1) hereinafter Doll, in view Sincan et al. (US 2015/0293826 A1) hereinafter Sincan.
As to claim 1, Doll teaches a method comprising:
accessing a buffer including one or more sets of bits (see para. [0004] “…a system for securing a secret word during a read of the secret word from a read-only memory (ROM) is disclosed. The system includes a memory controller coupled to the ROM and a random number generator coupled to the memory controller. The random number generator is configured to generate a random number. The system further includes a number shuffler coupled to the random number generator and the memory controller. The number shuffler is configured to generate a bit read order based on the random number and the memory controller is configured to read bits of the secret word from the ROM according to the bit read order.”);
generating a random sequence of values (see para. [0017] “The RNG 102 is configured to produce random numbers. In some embodiments, the fuse box controller 106 may provide a random seed number to the RNG 102. The random seed is a number used to initialize a pseudorandom number generator in the RNG 102. In some embodiments the RNG 102 may be inside the fuse box controller 106. A number shuffler 108 may be included to provide a bit read order for reading for reading bits of the secret word. Similarly, when the secret word is being written, the number shuffler 108 provides a random write order. The number shuffler 108 generates a bit read or write order using the random number generated by the RNG 102. In some embodiments, the number shuffler 108 may be included inside the fuse box controller 106. A random read order provides added security because even if a side channel attacker may know individual bit being read, the attacker will not know the read order, hence will not be able to reconstruct the actual secret code. A fuse decoder 110 is included to decode the obfuscated fuse readings into the actual data stored in the fuse box 104”); and
performing one or more memory operations on the set of the particular sets of bits after accessing the set (see para. [0001] “…a secret word is permanently stored in read only memory (ROM) for encryption/decryption of information…”)
Doll does not explicitly teach but Sincan teaches the following limitations-
generating, from the random sequence of values (e.g., a uniform, randomly shuffled sequence defining a shuffling sequence O; see para. [0054] “system 500 includes sequence generation module 502 for generating a random set of numbers used to define a shuffling sequence O. In one embodiment, sequence generation module 502 includes a set of one or more pseudorandom sequence generation (PRSG) modules 504. Each PRSG module 504 generates its own pseudo-random sequence of numbers and outputs the next value in its pseudo-random sequence in response to an output request. Sequence generation module 502 includes selection logic 506 for creating shuffling sequence O by repetitively selecting one of the PSRG modules 504 at random and sending an output request to the selected module. The shuffling sequence O created from the output of the randomly selected modules in this manner is a uniform, randomly shuffled sequence.”), a sequence of indices representing an order in which to access particular sets of bits of the buffer (see para. [0055] “…system 500 includes a packet reordering module 508 for fragmenting a first network packet 510 into a set of sequentially ordered fragments {1, 2, 3, . . . , N} and shuffling the order of the fragments according to the shuffling sequence O”); in response to determining an index of the sequence of indices corresponds to a location in the buffer, accessing a set of the particular sets of bits of the buffer at the index in the order of the sequence of indices (see para.[0056] “…output module 514 uses shuffling sequence O as an index into that memory, retrieves the fragment that is stored there, and transmits that fragment to DUT 518. ”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll and Sincan before him or her, to modify the scheme of Doll by including Sincan’s hardware implementation of uniform random shuffling. The suggestion/motivation for doing so would have been to provide unbiased random permutations of sequences of memory buffer indexes that are statistically similar to a uniform random sample of all possible sequences so a side channel attack, based on correspondence of particular power profile and a memory location address, is averted.
As to claims 13 and 20 include similar limitations as claim 1 and thus claims 13 and 20 are rejected under the same rationale as claim 1.
Claim(s) 2-3, 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Doll, in view Sincan, and further in view of Kaplan et al. (US 2022/0141011 A1) hereinafter Kaplan.
As to claims 2, 14, in view of claims 1, 13, respectively, the combination of Doll and Sincan does not explicitly teach but Kaplan teaches “wherein generating the random sequence of values comprises: obtaining a value from entropy delivery hardware” (see Fig. 2 for Cryptographic Coprocessor 202 in Platform Security Complex comprising Master RNG 203; see para. [0016] “a master random number generator to generate seed values to store in a memory accessible by each core random number generator within each CPU core.”; see para. [0017] “…the cryptographic coprocessor 202 further includes a master random number generator (master RNG) 203 to generate entropy in the form of random numbers to generate seed values for each of the core processors' 220A-N core deterministic random bit generators (core DRBG) 222A-N. The RNG 203, according to one embodiment, includes a noise source 204, and entropy accumulator 205, controller logic 206, and an encryption block 207. The noise source 204 captures non-deterministic noise samples from naturally occurring or other sources, for example ring oscillators, keyboard or mouse inputs, etc.). Entropy accumulator 205 may then turn the noise samples into high quality entropy using National Institute of Standards and Technology (NIST) approved methods. In one embodiment, the entropy feeds the encryption block 207 to produce random numbers that comply with industry standards, such as the 256-bit Advanced Encryption Standard (AES) encryption 256 to generate 128-bit random numbers.”); and “generating values from a number generator with the value from the entropy delivery hardware as a starting key” (It is noted that the seed value from master RNG is used to generate random number values.; see para. [0021] “the master RNG 203 in combination with memory controller 212 generates new seed values based on the value of flags 217A-N. In one embodiment, each flag 217A-N uniquely corresponds to a core processor and a seed value in memory. For example, when the core DRBG 222A retrieves seed value 216A it sets the corresponding flag 217A to indicate the seed value 216A has been retrieved. In one embodiment, the memory controller 212 reads the value stored in flag 217A and if it indicates the value has been retrieved, that signals the master RNG 203 to generate and store into the memory 214 a new seed value to refresh or replace seed value 216A, then set the flag 217A to indicate the new seed value is available. The core DRBG 222A includes controller logic 224A that may periodically, for example based on detecting a trigger event, check the value of flag 217A. If the value indicates a new value is available, the core DRBG 222A will read and use the seed value 216A that was updated by the master RNG 203 for its next random number generation (e.g., execution of an RDRND) and again set the flag 217A to indicate the seed value 216A has been retrieved.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Kaplan before him or her, to modify the scheme of Doll an Sincan by including Kaplan. The suggestion/motivation for doing so would have been to provide a random number generator generating a stream of uniformly distributed, non-deterministic, independent bits having high entropy, as briefly discussed in Kaplan para [0001]-[0002].
As to claim 3, in view of claim 2, Sincan teaches further comprising: providing one or more requirements to the number generator, wherein the one or more requirements include one or more values representing portions of the buffer (see para. [0039]-[0043]; It is noted that a particular WEIGHT and a corresponding module is selected to generate random numbers within a specific range without repeat till parcicular module has output all of its possible values and the module is not selected again till the system is reinitialized to output another full random shuffle sequence.).
As to claim 15, claim 15 includes similar limitations as claim 3, and thus claim 15 are rejected under the same rationale as in claim 3.
Claim(s) 4-6, 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Doll, in view Sincan, and further in view of Stackoverflow (“memcpy with startIndex?”, 2016).
As to claims 4, 16, in view of claims 1, 13, respectively, the combination of Doll and Sincan does not explicitly teach but Stackoverflow teaches wherein generating the sequence of indices from the random sequence of values representing the order in which to access particular sets of the one or more sets of bits of the buffer comprises: adding a value of the random sequence of values to a memory offset value corresponding to a starting memory location of the buffer (see the comment in “int a[10], b[10]; ::memcpy( a+2, b, 2*sizeof(int) ); // a+2 will be address of 3rd item in buffer a not address of 1st item + 2 bytes”; The examiner notes that the first two integers are copied from array/buffer b into array/buffer a at the index number of 2. In a similar manner the buffer in b can be accessed in the order of the randomly shuffled indexes using a loop (for example for (int i=0; i < length; i++) { memcpy(a+i, b+index_i, 1*sizeof(type)); // where the index_i is the ith index out of the randomly shuffled indexes.}) using the source buffer accessed by b+index_i where the shuffled indexes are obtained in order with index_i.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and stackoverflow before him or her, to modify the scheme of Doll an Sincan by including stackoverflow. The suggestion/motivation for doing so would have been to access a buffer data at a chosen address location based on the generated randomly shuffled indexes.
As to claims 5, 17, in view of claims 1, 13, respectively, the combination of Doll and Sincan does not explicitly teach but stackoverflow teaches wherein performing one or more memory operations comprises: copying bits to, or from, the buffer (see page 6 for the memcpy(a+2, b, 2*sizeof(int)) where a is destination buffer to which two elements of data of covering first two indexes of source buffer b are being copied.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and stackoverflow before him or her, to modify the scheme of Doll an Sincan by including stackoverflow. The suggestion/motivation for doing so would have been to access a buffer data at a selected address location based on the generated randomly shuffled indexes.
As to claims 6, 18, in view of claims 1, 13, respectively, the combination of Doll and Sincan does not explicitly teach but stackoverflow teaches “wherein performing one or more memory operations comprises: resetting bits in the buffer to random or 0 bits” (see page 6 for the memcpy(a+2, b, 2*sizeof(int)) where a is destination buffer to which two elements of data of covering first two indexes of source buffer b are being copied. In particular source buffer b can be initialized with ‘/0’ and used to overwrite the two elements of destination buffer a beginning at location of index 2.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and stackoverflow before him or her, to modify the scheme of Doll an Sincan by including stackoverflow. The suggestion/motivation for doing so would have been to access a buffer data at a chosen address location based on the generated randomly shuffled indexes for memory operations.
Claim(s) 7-9, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Doll, in view Sincan, and further in view of Cabot (US PG-Pub. 2008/0282073 A1).
As to claims 7 and 19, in view of claims 1 and 13, respectively, the combination of Doll and Sincan does not explicitly teach but Cabot teaches wherein performing one or more memory operations comprises: comparing bits of the buffer to bits of a second buffer (see para. [0011] “A standard C function, MEMCMP( ) could be used to perform the second part of the search using the memory compare on the two strings. The MEMCMP( ) function takes two operands and a length, comparing the two regions in memory for a length in bytes specified. The MEMCMP( ) function may use one assembly language instruction, such as CMP, CMPS, or PCMPEQ. These instructions may compare two values of up to 8, or even 16, bytes length in a single instruction. They have no concept of null terminated strings.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Cabot before him or her, to modify the scheme of Doll an Sincan by including Cabot. The suggestion/motivation for doing so would have been to compare two butter strings using memcmp() function and based on the generated randomly shuffled indexes for the other buffer rearranged in the order of the randomly shuffled indexes.
As to claim 8, in view of claim 7, the combination of Doll and Sincan does not explicitly teach but Cabot teaches further comprising: accessing the second buffer including one or more sets of bits; and accessing a second set of bits of the second buffer in the order of the sequence of indices (see para. [0011]-[0012]; The examiner notes that the first buffer generated using the randomly generated shuffled indexes can be compared byte by byte within a loop using the typical memcmp(const void *bufferer1, const void *buffer2, size_t(buffer1)) and by checking if two buffers are the same where the first buffer is re-arranged according to the randomly shuffled indexes as follows: for (int i=0; i < length; i++) { if (memccmp(buffer1+i, bufffer2+index_i, 1*sizeof(type)) != 0 return ((a+i) – (b+index_i))} … return 0; // where the index_i is the ith index out of the set of randomly shuffled indexes and if all the bytes are evaluated to be equal, the value 0 is returned as return value. )
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Cabot before him or her, to modify the scheme of Doll an Sincan by including Cabot. The suggestion/motivation for doing so would have been to compare two butter strings using memcmp() function and based on the generated randomly shuffled indexes for the other buffer rearranged in the order of the randomly shuffled indexes.
As to claim 9, in view of claim 1, the combination of Doll and Sincan does not explicitly teach but Cabot teaches “wherein accessing the set of the particular sets of bits of the buffer at the index in the order of the sequence of indices comprises: accessing a portion of the buffer corresponding to the index, wherein the portion includes the set of the particular sets of bits” (see para. [0011]-[0012]; The examiner notes that the first buffer generated using the randomly generated shuffled indexes can be compared byte by byte within a loop using the typical memcmp(const void *bufferer1, const void *buffer2, size_t(buffer1)) and by checking if two buffers are the same where the first buffer is re-arranged according to the randomly shuffled indexes as follows: for (int i=0; i < length; i++) { if (memccmp(buffer1+i, bufffer2+index_i, 1*sizeof(type)) != 0 return ((a+i) – (b+index_i))} … return 0; // where the index_i is the ith index out of the set of randomly shuffled, indexes which is used to access the unshuffled buffer2 to access 1 byte of data at the ith index of unsuffled buffer2)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Cabot before him or her, to modify the scheme of Doll an Sincan by including Cabot. The suggestion/motivation for doing so would have been to compare two butter strings using memcmp() function and based on the generated randomly shuffled indexes for the other buffer rearranged in the order of the randomly shuffled indexes.
Claim(s) 10-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Doll, in view Sincan, and further in view of Tsirkin (US PG-Pub. 2019/0361815 A1).
As to claim 10, in view of claim 1, the combination of Doll and Sincan does not explicitly teach but Tsirkin teaches wherein determining the index of the sequence of indices corresponds to a location in the buffer comprises:
determining the index of the sequence of indices corresponds to the set of the particular sets of bits of the buffer (see para. [0016]-[0017], [0044] “For example, entry IDs 214-217 may be associated with alternative possible virtual addresses for the data associated with mapped virtual address 261, and instead of ignoring these alternative potential entry IDs (e.g., leaving them undefined and invalid), entry IDs 214-217 are set to valid (e.g., validity 224-227) and pointed to decoy address 252B-E. In the example, the decoy address 252A-E points to a physical decoy page 352.”; It is noted that the virtual address mapping to a physical memory address not being defined with the randomly shuffled indices are not escalated to be noticeable to the application launching timing difference based side-channel attacks, the attempt to access undefined buffer address is shifted to a decoy memory space to render there’s no timing difference. The examiner equates the randomly organized virtual addresses as equivalent to the instant applicant’s randomly shuffled indices.; see also para. [0019], [0045], [0047]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Tsirkin before him or her, to modify the scheme of Doll an Sincan by including Tsirkin. The suggestion/motivation for doing so would have been to thwart any timing difference-based side-channel attack by assigning decoy addresses for any indexes outside the allowed range and allocated with decoy physical addresses as briefly discussed in Tsirkin para. [0019] and [0027].
As to claim 11, in view of claim 1, the combination of Doll and Sincan does not explicitly teach but Tsirkin teaches further comprising: determining a second index of the sequence of indices does not correspond to one or more bits of the buffer; and based on determining the second index of the sequence of indices does not correspond to one or more bits of the buffer, accessing one or more bits and performing a decoy operation on the one or more bits (see para. [0044] “For example, entry IDs 214-217 may be associated with alternative possible virtual addresses for the data associated with mapped virtual address 261, and instead of ignoring these alternative potential entry IDs (e.g., leaving them undefined and invalid), entry IDs 214-217 are set to valid (e.g., validity 224-227) and pointed to decoy address 252B-E. In the example, the decoy address 252A-E points to a physical decoy page 352.”; It is noted that the virtual address mapping to a physical memory address not being defined with the randomly shuffled indices are not escalated to be noticeable to the application launching timing difference-based side-channel attacks, the attempt to access undefined buffer address is shifted to a decoy memory space to render there’s no timing difference. The examiner equates the randomly organized virtual addresses as equivalent to the instant applicant’s randomly shuffled indices.; see also para. [0019], [0045], [0047]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Tsirkin before him or her, to modify the scheme of Doll an Sincan by including Tsirkin. The suggestion/motivation for doing so would have been to thwart any timing difference-based side-channel attack by assigning decoy addresses for any indexes outside the allowed range and allocated with decoy physical addresses as briefly discussed in Tsirkin para. [0019] and [0027].
As to claim 12, in view of claim 11, wherein the decoy operation comprises one or more of: copying existing memory values to the same memory location or moving unused memory bits by one or more bits in memory (see para. [0048] “memory manager 140 may respond to page table 150 with available memory addresses in memory device 114 for saving the application data (block 636). In the example, page table 150 is updated to repoint a plurality of page table entries associated with the application data from the address of decoy page 352 (e.g. decoy addresses 252A-E) to the addresses received from memory, manager 140 (block 638). In an example, memory manager 140 directs the application data to be saved in the selected memory addresses (block 640). In the example, memory device 114 saves the application data in the selected memory addresses that are referenced by the updated page table entries in page table 150 (block 650)”; see also para. [0049]; It is noted that the decoy memory location data can be overwritten or rest to zero’s.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Doll, Sincan, and Tsirkin before him or her, to modify the scheme of Doll an Sincan by including Tsirkin. The suggestion/motivation for doing so would have been to thwart any timing difference-based side-channel attack by assigning decoy addresses for any indexes outside the allowed range and allocated with decoy physical addresses as briefly discussed in Tsirkin para. [0019] and [0027].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SONG whose telephone number is (571)270-3260. The examiner can normally be reached on Mon – Fri, 7:30 AM – 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HEE K SONG/Primary Examiner, Art Unit 2497