CONFIDENTIAL COMPUTE ARCHITECTURE FOR SILICON INITIALIZATION FOR IP PROTECTION AND ASSURANCE

§102 §103

DETAILED ACTION This action is in response to the application filed on October 8, 2024. Claims 1-20 are pending. Of such, claims 1-12 represent a system, claims 13-16 represent a method, and claims 17-20 represents a non-transitory computer program product directed to confidential compute architecture for silicon initialization for IP protection and assurance. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-4, 11, 13-14, and 17-18 are rejected under 35 U.S.C. 102 (a)(2) as being anticipated over Lopez, Sergio (US 20240427627), hereinafter referred to as Lopez. Regarding Claim 1, Lopez discloses: A processing system comprising: a plurality of hardware components comprising an intellectual property (IP) component (In ¶ 29, Lopez discloses “Hardware initialization code 135 may be executable code that is used to initialize computing resources of a physical machine, virtual machine, or a combination thereof.”); one or more memory modules (In ¶ 66, Lopez discloses “Storage devices 316 may include any data storage device that is capable of storing data and may include physical memory devices.”); and a memory device communicably coupled to the plurality of hardware components and the one or more memory modules, the memory device to store platform initialization firmware to cause the processing system to (In ¶ 36, Lopez discloses “Storing the integrity data may involve storing it as integrity data 132 in data store 240, which may be a non-persistent storage device (e.g., main memory), in a persistent storage device (e.g., HDD, SDD, NAS, SAN), or a combination thereof.” Further Figure 2 displays the Hardware Initialization Code (135) stored in the Data Store (240)): execute a firmware hypervisor to initiate a trust domain (TD) of a confidential compute architecture, wherein the TD to provide confidentiality and integrity protection for data loaded in the TD (In ¶ 13, Lopez discloses “When a virtual machine is started it performs a boot process by executing code that is typically provided by the host owner (e.g. hypervisor or host operating system)” and in ¶ 69, Lopez discloses “Trusted execution environment 112 may be a security enhanced area in computing device 110A that may guard the data of a computing process that is providing a service from being accessed by other computing processes on computing device 110A…TEE may be same or similar to trust domain (e.g., Intel Trust Domain™)”); load IP firmware and an initial program loader (IPL) for the IP firmware in the TD (In ¶ 29, Lopez discloses “As shown in FIG. 1, hardware initialization code 135 can be received by computing device 110A and loaded into memory 116 of a virtual machine 114. In one example, hardware initialization code 135 can be or include code of a boot loader.” Wherein the IP firmware is represented by the hardware initialization code which includes a VM image and the initial program loader is represented by the boot loader), wherein the IP firmware corresponds to the IP component and is encrypted (In ¶ 54, Lopez discloses “In other examples, the virtual machine 114 and/or trusted execution environment 112 can receive the hardware initialization code over computer network 120 from service 150. In either example, the hardware initialization code can be received in an encrypted form or unencrypted form and supervisor 140 may or may not have access to the unencrypted version of the hardware initialization code.”); obtain, by the IPL, an IP firmware key to decrypt the IP firmware in the TD (In ¶ 61, Lopez discloses “Secret providing module 234 can enable supervisor 140 to provide secret 235 to virtual machine 114.” And further in ¶ 62 “Secret 235 may be received in an encrypted or unencrypted form and may include data that enables the virtual machine to access stored data (e.g., decrypt an encrypted VM Image)”); and responsive to decrypting the IP firmware in the TD, execute an initialization process for the IP component using the IP firmware (In ¶ 63, Lopez discloses “Hardware initialization code 135 can use the embedded configuration data to initialize the computing resources and can access and transition execution to code of a guest kernel. The guest kernel can continue the boot process and use secret 235 to access storage of the virtual machine (e.g., VM Image) that can include the guest operating system, application, other executable and confidential data, or a combination thereof.”). Regarding Claim 2, Lopez discloses: The processing system of claim 1, wherein the hardware initialization firmware is according to at least one of a Basic Input/Output System standard or a Unified Extensible Firmware Interface standard. (In ¶ 29, Lopez discloses “Hardware initialization code 135 may or may not test one or more of the computing resources and may be the same or similar to firmware code (e.g., system firmware, platform firmware), Basic Input/Output System (BIOS) code, Unified Extensible Firmware Interface (UEFI) code, other code, or a combination thereof.”) Regarding Claim 3, Lopez discloses: The processing system of claim 1, wherein after the IP firmware is decrypted, the IP firmware is to provide runtime services. (In ¶ 29, Lopez discloses “Hardware initialization code 135 may perform control, monitoring, and data manipulation functions and contain basic low-level functions to communicate with computing resources and provide hardware abstraction services and runtime services to higher-level programs such as operating systems.”) Regarding Claim 4, Lopez discloses: The processing system of claim 1, wherein the confidential compute architecture comprises at least one of a trust domain extensions (TDX) confidential compute architecture, a software guard extensions (SGX) confidential compute architecture, a secure encrypted virtualization architecture (SEV) confidential compute architecture, or a Realm confidential compute architecture. (In ¶ 68, Lopez discloses “In one example, a trusted execution environment may be implemented using Secure Encrypted Virtualization™ (SEV) provided by AMD™, Trusted Domain Extensions™ (TDX) provided by Intel™”) Regarding Claim 11, Lopez discloses: The processing system of claim 1, wherein a TD is established for each vendor of each IP component of the processing system. (In ¶ 35, Lopez discloses “Trusted execution establishment component 142 may enable computing device 110A executing supervisor 140 to establish one or more trusted execution environments 112. Establishing a trusted execution environment 112 may involve creating a new trusted execution environment or updating an existing trusted execution environment. Each of trusted execution environment 112 may execute a virtual machine 114.”) Claim 13 is directed to a method having functionality corresponding to the system of Claim 1, and is rejected by a similar rationale, mutatis mutandis. Claim 14 is directed to a method having functionality corresponding to the system of Claim 4, and is rejected by a similar rationale, mutatis mutandis. Claim 17 is directed to a non-transitory computer readable medium having functionality corresponding to the system of Claim 1, and is rejected by a similar rationale, mutatis mutandis. Claim 18 is directed to a non-transitory computer readable medium having functionality corresponding to the system of Claim 4, and is rejected by a similar rationale, mutatis mutandis. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 5-8, 12, 15-16, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lopez, Sergio (US 20240427627), hereinafter referred to as Lopez, in view of Sahita et al. (NPL: Security analysis of confidential-compute instruction set architecture for virtualized workloads), hereinafter referred to as Sahita. Regarding Claim 5, Lopez does not explicitly disclose the concept of measurement registers. However, Lopez does not explicitly disclose the use of a secure arbitration module. Sahita discloses: The processing system of claim 1, wherein the IP firmware key is obtained from a secure arbitration module of the confidential compute architecture (In section III.B and C, Sahita discloses “Secure Arbitration Mode (SEAM) is an extension to the Virtual Machine Extension (VMX) architecture to define a new, VMX root operation called SEAM VMX root, and a new VMX non-root operation called SEAM VMX non-root…. The PCONFIG instruction used from SEAM VMX root mode allows TDX KeyIds to be managed and used by the Intel TDX Module.”), wherein the secure arbitration module is to extend the IPL into a TD measurement register (MRTD), and wherein the IPL extends the IP firmware into a runtime measurement register (RTMR), the MRTD and the RTMR providing evidence of the TD in a TD report (In section III.A, Sahita discloses “the measurement and security-version number (SVN) of the Intel TDX module are recorded into hardware-measurement registers by the P-SEAMLDR module, and then loaded into the SEAMRR-protected region in response to the VMM invoking the persist loader’s installation intrinsics…. The TD can also use a set of runtime-extendable measurement registers ( RTMRs ) that are extended by the code in the TD with measurements of additional code and data at runtime.”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lopez’ approach by utilizing Sahita’s approach of using a secure arbitration module as the motivation would have been the use of a secure arbitration module ensures a confidential and integrity protected method for initializing a component. (See Section III.A, Sahita). Regarding Claim 6, the combination of Lopez and Sahita disclose: The processing system of claim 5, wherein the TD report enables a security microcontroller of the processing system to verify the IPL in the TD. (In ¶ 15, Lopez discloses “The technology enhances confidential computing by enabling a guest owner to verify configuration data of the host device that is provided to the virtual machine when the virtual machine is booted.”) Regarding Claim 7, Lopez discloses the limitations with respect to claim 1. However, Lopez does not explicitly disclose the use of a secure arbitration module. Sahita discloses: The processing system of claim 1, wherein as part of the initialization process, the IP firmware to transmit a register programming script table to a secure arbitration module of the confidential compute architecture (In section III.C, Sahita discloses “At platform initialization, firmware initializes the platform components including system memory and performs configuration regarding use of MKTME for ordinary VMs and TD VMs... The P-SEAMDLR is then invoked by the VMM (after the OS performed VMXON ) to install (load, update, or re-load) an Intel TDX module into the SEAM range.”), the register programming script table to enable the secure arbitration module to perform the initialization process for the IP component (In section IV.C, Sahita discloses “Initialization mitigation from T0 apply here as well. In addition, Intel SEAMLDR ACM initializes CPU state for each logical processor in the per-LP Intel TDX Module configuration data stored inside the SEAMRR region.”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lopez’ approach by utilizing Sahita’s approach of using a secure arbitration module as the motivation would have been the use of a secure arbitration module ensures a confidential and integrity protected method for initializing a component. (See Section III.A, Sahita). Regarding Claim 8, the combination of Lopez and Sahita disclose the limitations of Claim 7. However, Lopez does not disclose masking the register values. Sahita discloses: The processing system of claim 7, wherein the register programming script table comprises at least one dummy register access to support obfuscation. (In section III.A, Sahita discloses “This memory range is protected against software access by SEAM range register base/mask registers ( SEAMRR ).”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lopez’ approach by utilizing Sahita’s approach of using a secure arbitration module as the motivation would have been the use of a secure arbitration module ensures a confidential and integrity protected method for initializing a component. (See Section III.A, Sahita). Regarding Claim 12, the combination of Lopez and Sahita disclose the limitations of Claim 5. However, Lopez does not explicitly disclose the use of a secure arbitration module. Sahita discloses: The processing system of claim 5, wherein the secure arbitration module comprises a policy control to enable special services to the TD (In section III.C, Sahita discloses “At platform initialization, firmware initializes the platform components including system memory and performs configuration regarding use of MKTME for ordinary VMs and TD VMs... The P-SEAMDLR is then invoked by the VMM (after the OS performed VMXON ) to install (load, update, or re-load) an Intel TDX module into the SEAM range.”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lopez’ approach by utilizing Sahita’s approach of using a secure arbitration module as the motivation would have been the use of a secure arbitration module ensures a confidential and integrity protected method for initializing a component. (See Section III.A, Sahita). Claim 15 is directed to a method having functionality corresponding to the system of Claim 5, and is rejected by a similar rationale, mutatis mutandis. Claim 16 is directed to a method having functionality corresponding to the system of Claim 7, and is rejected by a similar rationale, mutatis mutandis. Claim 19 is directed to a non-transitory computer readable medium having functionality corresponding to the system of Claim 5, and is rejected by a similar rationale, mutatis mutandis. Claim 20 is directed to a non-transitory computer readable medium having functionality corresponding to the system of Claim 7, and is rejected by a similar rationale, mutatis mutandis. Claim(s) 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Lopez, Sergio (US 20240427627), hereinafter referred to as Lopez, in view of Khoruzhenko et al. (US 11455394), hereinafter referred to as Khoruzhenko. Regarding Claim 9, Lopez discloses the limitations of Claim 1. However, Lopez does not explicitly disclose a remote key storage. Khoruzhenko discloses: The processing system of claim 1, wherein the key is stored in a security microcontroller of the processing system. (In col 3, lines 59-61, Khoruzhenko discloses “The server 40 is shown here connected to a separate key server 42, which includes a key store 44 and authorization private key 46 of the server 40.”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lopez’ approach by utilizing Khoruzhenko’s approach of using a separate key server and store as the motivation would have been the remote key server allows for an additional layer of security by isolating the device functionality by servers or microprocessors to prevent malicious activity by segmenting functionality (See Col 10, Lines 7-29, Khoruzhenko). Regarding Claim 10, Lopez discloses the limitations of Claim 1. However, Lopez does not explicitly disclose a remote key storage. Khoruzhenko discloses: The processing system of claim 1, wherein the key is stored in a remote key service accessible by a security microcontroller of the processing system (In col 3, lines 59-61, Khoruzhenko discloses “The server 40 is shown here connected to a separate key server 42, which includes a key store 44 and authorization private key 46 of the server 40.”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lopez’ approach by utilizing Khoruzhenko’s approach of using a separate key server and store as the motivation would have been the remote key server allows for an additional layer of security by isolating the device functionality by servers or microprocessors to prevent malicious activity by segmenting functionality (See Col 10, Lines 7-29, Khoruzhenko). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Basak et al. (US 20230205562) discloses a method for implementing input/output extensions for trust domains. Yao et al. (US 20190370470 ) discloses a method for pre-boot initialization for a computing system. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHADI H KOBROSLI/Examiner, Art Unit 2492 /RUPAL DHARIA/ Supervisory Patent Examiner, Art Unit 2492