DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 09/06/2024 has been considered by the examiner.
Claim Objections
Claim 2 is objected to because of the following informalities: the claim recites the term “RSA” without first defining it.
Claim 3 is objected to because of the following informalities: the claim recites the term “ECC” without first defining it.
Claims 8-9 are objected to because of the following informalities: the claims use quotes and dashes. It is suggested to remove the quotes and dashes.
Claims 10-11 are objected to because of the following informalities: the claim recites the term “ATOMIC” without first defining it.
Appropriate corrections are required.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-2, 6 and 14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Wan et al. CN 107508678 B (corresponding English translation is used in the below rejection) (hereinafter Wan).
As per claim 1, Wan teaches a method for protecting modular exponential and point addition algorithms executing on a device against profiling from a deep-learning side-channel attack, comprising the steps of: mixing a windowing process with a counter side-channel-attack (SCA) algorithm according to a random number, r, generated during execution of said counter SCA algorithm (Wan pgs 2-3, algorithm 1, mixing window process according to random number r, during execution of mask algorithm);
whereby, values selected from a precomputed vector are interleaved into said counter SCA algorithm according to the random number, r, wherein values from said precomputed vector are indexed by r (Wan pgs 2-3, algorithm 1, calculate and interleave values indexed using r),
thereby, preemptively introducing future errors in a deep-learning labeling process of operation sequences of said counter SCA algorithm to bit values of a private key used during said execution of said counter SCA algorithm (Wan pgs 2-3, algorithm 1, introducing randomness as a countermeasure to SCA).
As per claim 2, Wan teaches the method of claim 1, wherein said precomputed vector is: a precomputed multiplication vector M representing an operation sequence of modular exponentiations for RSA, wherein M[r] represents indexing by r (Wan pgs 2-3, algorithm 1, modular exponentiations based on index using r).
As per claim 6, Wan teaches the method of claim 1, wherein said random number, r, is generated once during initialization steps prior to a looping, wherein said mixing the windowing process is performed on a bit-by-bit basis of the N-tuple, to provide a window bit-level mixing with said counter SCA algorithm (Wan pgs 2-3, algorithm 1, random number r is generated once before the loop. Mixing window process according to index based on random r).
As per claim 14, Wan teaches the method of claim 1, where the device is one among a processor, a crypto-processor, a smart-card, and a secure element, implementing counter SCA cryptographic algorithms (Wan pgs 2-3).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 3, 9, 11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Wan, in view of Belaid et al. “High Order Countermeasures for Elliptic-Curve Implementations with Noisy Leakage Security” (hereinafter Belaid).
As per claim 3, Wan teaches the method of claim 1.
Wan does not explicitly disclose wherein precomputed vector is: a precomputed addition vector A representing an operation sequence of point additions for ECC, wherein A[r] represents indexing by r.
Belaid teaches wherein precomputed vector is: a precomputed addition vector A representing an operation sequence of point additions for ECC, wherein A[r] represents indexing by r (Belaid pgs 1-4, ECC algorithm having an addition vector with index).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r for indexing for countering side channel attacks with the teachings of Belaid to include ECC algorithm in order to apply the random number r for indexing to counter side channel attacks of the ECC algorithm.
As per claim 9, Wan teaches the method of claim 1.
Wan does not explicitly disclose wherein windowing process for an ECC point multiplication is applied to a "Double and Add always" (DaAA) SCA algorithm adapted to interleave ECC addition operators--extracted from a precomputed addition vector--during said ECC point multiplication.
Belaid teaches wherein windowing process for an ECC point multiplication is applied to a "Double and Add always" (DaAA) SCA algorithm adapted to interleave ECC addition operators--extracted from a precomputed addition vector--during said ECC point multiplication (Belaid pgs 1-4, ECC double and add always).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r for indexing for countering side channel attacks with the teachings of Belaid to include ECC algorithm in order to apply the random number r for indexing to counter side channel attacks of the ECC algorithm.
As per claim 11, Wan in view of Belaid teaches the method of claim 3, wherein the windowing process for ECC point multiplication is applied to an ATOMIC SCA algorithm, and preserving a relationship between registers containing the operators for said operation such that randomization of the random number, r, ensures an operation sequence of the SCA algorithm using an A[r] from a precomputed addition vector is always different (Wan pgs 2-3, algorithm 1, random number r; Belaid pgs 1-4, ECC double and add always algorithm having an addition vector with index).
As per claim 13, Wan in view of Belaid teaches the method of claim 3, wherein the windowing process for ECC point multiplication is applied to a Montgomery Ladder (ML) SCA algorithm, and preserving a relationship between registers containing the operators for said operation such that randomization of the random number, r, ensures an operation sequence of the SCA algorithm using an A[r] from a precomputed addition vector is always different (Wan pgs 2-3, algorithm 1, random number r; Belaid pgs 1-4, ECC Montgomery Ladder).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Wan, in view of Guilley et al. US 2017/0187529 (hereinafter Guilley).
As per claim 7, Wan teaches the method of claim 1, wherein said mixing the windowing process is performed on a bit-by-bit basis of the N-tuple, to provide a window bit-level mixing with said counter SCA algorithm (Wan pgs 2-3, algorithm 1, random number r is generated. Mixing window process according to index based on random r).
Wan does not explicitly disclose wherein random number, r, is generated during lopping for each loop.
Guilley teaches wherein random number, r, is generated during lopping for each loop (Guilley paragraph [0114], [0117], random r is generated for each iteration).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r and using the random number in a looping process with the teachings of Guilley to include generating a random r for each iteration in order to add entropy into the algorithm by having different values of r for each loop process.
Claims 8, 10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Wan, in view of Carbone et al. “Deep Learning to Evaluate Secure RSA Implementations” (hereinafter Carbone).
As per claim 8, Wan teaches the method of claim 2.
Wan does not explicitly disclose wherein windowing process for an RSA modular exponentiation is applied to a "Square and Multiply always" (SAMA) SCA algorithm adapted to interleave multiplication operators--extracted from precomputed multiplication vector--during said RSA modular exponentiation.
Carbone teaches wherein windowing process for an RSA modular exponentiation is applied to a "Square and Multiply always" (SAMA) SCA algorithm adapted to interleave multiplication operators--extracted from precomputed multiplication vector--during said RSA modular exponentiation (Carbone pgs 133-137, RSA square and multiply always).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r for indexing for countering side channel attacks for RSA algorithm with the teachings of Carbone to include RSA square and multiply always algorithm because the results would have been predictable and resulted in using a random number r for countering side channel attacks for the RSA square and multiply always algorithm.
As per claim 10, Wan teaches the method of claim 2, preserving a relationship between registers containing the operators for said operation such that randomization of the random number, r, ensures an operation sequence of the SCA algorithm using an M[r] from said precomputed multiplication vector is always different (Wan pgs 2-3, algorithm 1, modular exponentiations based on index using r).
Wan does not explicitly disclose wherein windowing process for RSA modular exponentiation is applied to an ATOMIC SCA algorithm.
Carbone teaches wherein windowing process for RSA modular exponentiation is applied to an ATOMIC SCA algorithm (Carbone pgs 133-137, RSA square and multiply always).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r for indexing for countering side channel attacks for RSA algorithm with the teachings of Carbone to include RSA square and multiply always algorithm because the results would have been predictable and resulted in using a random number r for countering side channel attacks for the RSA square and multiply always algorithm.
As per claim 12, Wan teaches the method of claim 2, preserving a relationship between registers containing the operators for said operation such that randomization of the random number, r, ensures an operation sequence of the SCA algorithm using an M[r] from said precomputed multiplication vector is always different (Wan pgs 2-3, algorithm 1, modular exponentiations based on index using r ).
Wan does not explicitly disclose wherein windowing process for RSA modular exponentiation is applied to a Montgomery Ladder (ML) SCA algorithm.
Carbone teaches wherein windowing process for RSA modular exponentiation is applied to a Montgomery Ladder (ML) SCA algorithm (Carbone pgs 133-137, RSA Montgomery Ladder).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r for indexing for countering side channel attacks for RSA algorithm with the teachings of Carbone to include RSA Montgomery Ladder algorithm because the results would have been predictable and resulted in using a random number r for countering side channel attacks for the RSA Montgomery Ladder algorithm.
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Wan, in view of Takenaka et al. US 2011/0007894 (hereinafter Takenaka).
As per claim 15, Wan teaches the method of claim 1 mitigates power- monitoring attack, Public Key cryptography (PKI) attacks, and differential power analysis attack (Wan pgs 2-3).
Wan does not explicitly disclose timing attacks, electromagnetic attack.
Takenaka teaches timing attacks, electromagnetic attack (Takenaka paragraph [0005]).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Wan of generating a random number r for indexing for countering side channel attacks such as differential power analysis for RSA algorithm with the teachings of Takenaka to include timing attacks and electromagnetic attack because the results would have been predictable and resulted in using a random number r for countering side channel attacks such as timing attacks and electromagnetic attack for the RSA algorithm.
Allowable Subject Matter
Claim 16 is allowed.
Claims 4-5 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/ Primary Examiner, Art Unit 2495
Prosecution Insights