DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The submission of claims 1-9, on 10/14/2024, is acknowledged and considered.
Claims 1, 8, and 9 are independent claims. Claims 1-9 are pending.
Priority
3. The present application has priority to:
EP22305537.7, filed on 4/13/2022
PCT/EP2023/059711, filed on 4/13/2023
Information Disclosure Statement
4. The information disclosure statement (IDS) submitted on 10/14/2024 and 1/29/2026 was filed after the mailing date of the claims on 10/14/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
5. Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
6. Claim 8 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because:
Claim 8 recites “a computer program product directly loadable into the memory of at least one computer”. The product is said to be “loadable” into the memory, which suggest there may or may not be loaded into a memory. The claim language suggest the computer program product is not necessarily loaded into a memory of a computer or hardware, thus, the claim is directed towards a software per se.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
7. Claim 8 recites the limitation "the memory" in line 1. There is insufficient antecedent basis for this limitation in the claim.
Claim 8 recites "the memory", which lacks antecedent basis because this memory was not previously recited.
Claim Rejections – 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
8. Claim(s) 1-3 and 5-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Doshi, et al. [US 20190243768] in view of Stewart, et al. [US 20220391545].
As per claim 1: Doshi, et al. teaches a method for a secure execution of a first instruction by a processor of an electronic system, wherein said electronic system comprises at least one memory configured to be coupled to the processor, and said processor comprises processor registers and execution units comprising a load and store unit, said method comprising: [Doshi: para 0]
a) fetching (S1) said first instruction in an execution pipeline of the processor; [Doshi: para 0217; a processor pipeline includes a fetch stage]
b) determining (S2) if said first instruction to be executed is a load instruction to be protected for loading protected data and associated security information from said at least one memory to the processor registers or a store instruction to be protected for storing protected data and associated security information from the processor registers to said at least one memory; [Doshi: para 0002; Processors are generally able to execute instructions to access memory, such as execute load or read instructions to load or read data from the memory, and store or write instructions to store or write data to the memory]
c) when said first instruction to be executed is a load instruction to be protected or a store instruction to be protected, executing sequentially by said processor at least a first operation (S4), a second operation (S5) and a third operation (S6); [Doshi: para 0036; processor to perform one or more of these instructions where numerous specific details (e.g., specific instruction operations, sequences of operations, types of data structures, processor configurations, possible microarchitectural implementation details, etc.). Para 0049; determining whether a write to memory is an initial write to memory and perform certain of the operations in different order, combine certain operations, temporally overlap certain operations, etc.]
wherein:
when said first instruction is a load instruction to be protected, said first operation is a load operation for loading said protected data from said at least one memory to said load and store unit [Doshi: para 0048; storing the memory addresses, data items, and other data to a log encompasses both storing such data unaltered or untransformed as well as storing such data transformed, such as by compressing the data, encrypting the data, adding parity or other redundancy data to the data that is stored, or the like. The encryption suggest the security information associated to the protected data. Para 0147; The write mask field allows for partial vector operations, including loads, stores, arithmetic, logical, etc. The write mask field's content selects one of a number of write mask registers that contains the write mask to be used], said second operation is a load operation for loading said security information associated to said protected data from said at least one memory to said load and store unit [Doshi: para 0110; While the transaction is still pending, data loaded from and written to within a memory are tracked], and said third operation is a write operation for copying said protected data and said associated security information from said load and store unit to the processor registers, [Doshi: para 0004; the processor may first check to see if a copy of the data is currently stored. Para 0113; performing stores or writes for cache lines retained in the cache and an initial copy of the cache lines is to be stored to the data item log]
when said first instruction is a store instruction to be protected, said first operation is a write operation for copying said protected data and said associated security information from the processor registers to said load and store unit, said second operation is a store operation for storing said copied protected data from said load and store unit to said at least one memory [Doshi: para 0004 the processor first check to see if a copy of the data is currently stored. The feature of a copy of data stored suggest the copied or copying of protected data as this data was said to involve encryption or security information. More examples of copy data on para 0126] and said third operation is a store operation [Doshi: para 0055-0056; Each of the general-purpose registers may be indicated by instructions of the instruction set of the processor to identify operands. Thus, the instruction that identify operands suggest the specified instruction is linked various operations, such as the write operation or the second and third operation is a store operation] **for storing said copied associated security information from said load and store unit to said at least one memory, [**rejected under a secondary reference, discussion below]
said security information associated to protected data being data enabling to transform said protected data into plain data and/or integrity data enabling to verify integrity of said protected data. [Doshi: para 0066; storing such data transformed, such as by compressing the data, encrypting the data, adding parity or other redundancy data to the data that is stored. In cases where such transformation of the data is used, the execution unit may direct the data to be logged to such transformation logic (e.g., encryption logic, compression logic, parity logic, etc.)]
Doshi includes the processor may first check to see if a copy of the data is currently stored. The feature of a copy of data stored suggest the copied or copying of protected data as this data was said to involve encryption or security information [Doshi: para 0004, 0126]. A fixed general-purpose register may optionally be implicit to the instruction (e.g., implicit to an opcode of the instruction), and the processor may implicitly or inherently understand to look in this implicit fixed general-purpose register for the memory address information when it recognizes the instruction (e.g., when it decodes the instructions opcode) without the instruction needing to have any non-opcode bits to specify the register. The begin memory write log instruction have an opcode, sometimes called an operation code (e.g., a set of bits or one or more fields), to identify the instruction and/or the operation to be performed. Each of the general-purpose registers may be indicated by instructions of the instruction set of the processor to identify operands [Doshi: para 0055-0056]. Thus, the instructions that identify operands suggest there are different instructions that the specified instruction is linked various operations, such as the write operation or the second and third operation is a store operation. Thus, Doshi suggest store operation of copied data such as protected data. However, Doshi does not clearly teach “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory”.
Stewart includes a storage medium that stores instructions including instructions to cause the processor of a computing device to read the security Information 435 from the first storage. The security information is used during start-up of the computing device. Further, Stewart obviously suggest “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory” by teaching the instructions further include instructions to cause the processor of the computing device to copy the security information to second storage of the computing device. This may be a secure copy. The computing device determine whether the computing device has been compromised based on the security information and the copy of the security information. When it is determined that the computing device has been compromised, the instructions cause the deletion of the secret data [Stewart: para 0049-0050]. As such, motivation would be difficult for an attacker to tamper with the copy of the security information without also altering or removing the secret data as the copy of the security information and the secret data stored in the same storage [Stewart: para 0052].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Stewart with Doshi to teach “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory” for the reason to store the copy of the security information and the secret data in the same storage to make it difficult for an attacker to tamper with the copy of the security information without also altering or removing the secret data [Stewart: para 0052].
Claim 2: Doshi: para 0066, 0136 in view of Stewart: para 0041 [suggesting “a cryptographic key”, under the same pretext and motivation as in claim 1]; discussing the method of claim 1, wherein said security information are mask data, a cryptographic key or integrity data among redundancy data, a checksum, a minimum value and/or a maximum value of said protected data.
Claim 3: Doshi: para 0048 in view of Stewart: para 0028, 0050 [suggesting “a security check”, under the same pretext and motivation as in claim 1]; discussing the method of claim 1, comprising, when said first instruction is a load instruction to be protected, after said first and second operations have been executed by the processor, performing a security check of said data loaded by the first operation using associated security information loaded by the second operation.
Claim 4: Objected
Claim 5: Doshi: para 0055; discussing the method of any of claim 1, wherein determining (S2) if said first instruction is a load or store instruction to be protected comprises determining whether an opcode of said instruction corresponds to a protected instruction or to an unprotected instruction.
Claim 6: Doshi: para 0053, 0097; discussing the method of any of claim 1, wherein determining (S2) if said first instruction is a load or store instruction to be protected comprises determining if said first instruction to be executed comprises predetermined metadata.
Claim 7: Doshi: para 0055, 0108; discussing the method of any of claim 1, wherein determining (S2) if said first instruction is a load or store instruction to be protected comprises verifying a value stored in a security configuration register of said processor.
As per claim 8: Doshi, et al. teaches a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps below when said product is run on the computer,
for a secure execution of a first instruction by a processor of an electronic system, wherein said electronic system comprises at least one memory configured to be coupled to the processor, and said processor comprises processor registers and execution units [Doshi: para 0] comprising a load and store unit:
a) fetching (S1) said first instruction in an execution pipeline of the processor; [Doshi: para 0002; Processors are generally able to execute instructions to access memory, such as execute load or read instructions to load or read data from the memory, and store or write instructions to store or write data to the memory]
b) determining (S2) if said first instruction to be executed is a load instruction to be protected for loading protected data and associated security information from said at least one memory to the processor registers or a store instruction to be protected for storing protected data and associated security information from the processor registers to said at least one memory; [Doshi: para 0002; Processors are generally able to execute instructions to access memory, such as execute load or read instructions to load or read data from the memory, and store or write instructions to store or write data to the memory]
c) when said first instruction to be executed is a load instruction to be protected or a store instruction to be protected, executing sequentially by said processor at least a first operation (S4), a second operation (S5) and a third operation (S6); [Doshi: para 0036; processor to perform one or more of these instructions where numerous specific details (e.g., specific instruction operations, sequences of operations, types of data structures, processor configurations, possible microarchitectural implementation details, etc.). Para 0049; determining whether a write to memory is an initial write to memory and perform certain of the operations in different order, combine certain operations, temporally overlap certain operations, etc.]
wherein:
when said first instruction is a load instruction to be protected, said first operation is a load operation for loading said protected data from said at least one memory to said load and store unit [Doshi: para 0048; storing the memory addresses, data items, and other data to a log encompasses both storing such data unaltered or untransformed as well as storing such data transformed, such as by compressing the data, encrypting the data, adding parity or other redundancy data to the data that is stored, or the like. The encryption suggest the security information associated to the protected data. Para 0147; The write mask field allows for partial vector operations, including loads, stores, arithmetic, logical, etc. The write mask field's content selects one of a number of write mask registers that contains the write mask to be used], said second operation is a load operation for loading said security information associated to said protected data from said at least one memory to said load and store unit [Doshi: para 0110; While the transaction is still pending, data loaded from and written to within a memory are tracked], and said third operation is a write operation for copying said protected data and said associated security information from said load and store unit to the processor registers, [Doshi: para 0004; the processor may first check to see if a copy of the data is currently stored. Para 0113; performing stores or writes for cache lines retained in the cache and an initial copy of the cache lines is to be stored to the data item log]
when said first instruction is a store instruction to be protected, said first operation is a write operation for copying said protected data and said associated security information from the processor registers to said load and store unit [Doshi: para 0110; While the transaction is still pending, data loaded from and written to within a memory are tracked], said second operation is a store operation for storing said copied protected data from said load and store unit to said at least one memory [Doshi: para 0004 the processor first check to see if a copy of the data is currently stored. The feature of a copy of data stored suggest the copied or copying of protected data as this data was said to involve encryption or security information. More examples of copy data on para 0126], and said third operation is a store operation [Doshi: para 0056; Each of the general-purpose registers may be indicated by instructions of the instruction set of the processor to identify operands. Thus, the instruction that identify operands suggest the specified instruction is linked various operations, such as the write operation or the second and third operation is a store operation] **for storing said copied associated security information from said load and store unit to said at least one memory, [**rejected under a secondary reference, discussion below]
said security information associated to protected data being data enabling to transform said protected data into plain data and/or integrity data enabling to verify integrity of said protected data. [Doshi: para 0066; storing such data transformed, such as by compressing the data, encrypting the data, adding parity or other redundancy data to the data that is stored. In cases where such transformation of the data is used, the execution unit may direct the data to be logged to such transformation logic (e.g., encryption logic, compression logic, parity logic, etc.)]
Doshi includes the processor may first check to see if a copy of the data is currently stored. The feature of a copy of data stored suggest the copied or copying of protected data as this data was said to involve encryption or security information [Doshi: para 0004, 0126]. A fixed general-purpose register may optionally be implicit to the instruction (e.g., implicit to an opcode of the instruction), and the processor may implicitly or inherently understand to look in this implicit fixed general-purpose register for the memory address information when it recognizes the instruction (e.g., when it decodes the instructions opcode) without the instruction needing to have any non-opcode bits to specify the register. The begin memory write log instruction have an opcode, sometimes called an operation code (e.g., a set of bits or one or more fields), to identify the instruction and/or the operation to be performed. Each of the general-purpose registers may be indicated by instructions of the instruction set of the processor to identify operands [Doshi: para 0055-0056]. Thus, the instructions that identify operands suggest there are different instructions that the specified instruction is linked various operations, such as the write operation or the second and third operation is a store operation. Thus, Doshi suggest store operation of copied data such as protected data. However, Doshi does not clearly teach “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory”.
Stewart includes a storage medium that stores instructions including instructions to cause the processor of a computing device to read the security Information 435 from the first storage. The security information is used during start-up of the computing device. Further, Stewart obviously suggest “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory” by teaching the instructions further include instructions to cause the processor of the computing device to copy the security information to second storage of the computing device. This may be a secure copy. The computing device determine whether the computing device has been compromised based on the security information and the copy of the security information. When it is determined that the computing device has been compromised, the instructions cause the deletion of the secret data [Stewart: para 0049-0050]. As such, motivation would be difficult for an attacker to tamper with the copy of the security information without also altering or removing the secret data as the copy of the security information and the secret data stored in the same storage [Stewart: para 0052].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Stewart with Doshi to teach “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory” for the reason to store the copy of the security information and the secret data in the same storage to make it difficult for an attacker to tamper with the copy of the security information without also altering or removing the secret data [Stewart: para 0052].
As per claim 9: Doshi, et al. teaches an electronic system comprising a processor configured for a secure execution of a first instruction by the processor, wherein said electronic system comprises at least one memory configured to be coupled to the processor, and said processor comprises processor registers and execution units comprising a load and store unit:
a) fetching (S1) said first instruction in an execution pipeline of the processor; [Doshi: para 0002; Processors are generally able to execute instructions to access memory, such as execute load or read instructions to load or read data from the memory, and store or write instructions to store or write data to the memory]
b) determining (S2) if said first instruction to be executed is a load instruction to be protected for loading protected data and associated security information from said at least one memory to the processor registers or a store instruction to be protected for storing protected data and associated security information from the processor registers to said at least one memory; [Doshi: para 0002; Processors are generally able to execute instructions to access memory, such as execute load or read instructions to load or read data from the memory, and store or write instructions to store or write data to the memory]
c) when said first instruction to be executed is a load instruction to be protected or a store instruction to be protected, executing sequentially by said processor at least a first operation (S4), a second operation (S5) and a third operation (S6); [Doshi: para 0036; processor to perform one or more of these instructions where numerous specific details (e.g., specific instruction operations, sequences of operations, types of data structures, processor configurations, possible microarchitectural implementation details, etc.). Para 0049; determining whether a write to memory is an initial write to memory and perform certain of the operations in different order, combine certain operations, temporally overlap certain operations, etc.]
wherein:
when said first instruction is a load instruction to be protected, said first operation is a load operation for loading said protected data from said at least one memory to said load and store unit [Doshi: para 0048; storing the memory addresses, data items, and other data to a log encompasses both storing such data unaltered or untransformed as well as storing such data transformed, such as by compressing the data, encrypting the data, adding parity or other redundancy data to the data that is stored, or the like. The encryption suggest the security information associated to the protected data. Para 0147; The write mask field allows for partial vector operations, including loads, stores, arithmetic, logical, etc. The write mask field's content selects one of a number of write mask registers that contains the write mask to be used], said second operation is a load operation for loading said security information associated to said protected data from said at least one memory to said load and store unit [Doshi: para 0110; While the transaction is still pending, data loaded from and written to within a memory are tracked], and said third operation is a write operation for copying said protected data and said associated security information from said load and store unit to the processor registers, [Doshi: para 0004; the processor may first check to see if a copy of the data is currently stored. Para 0113; performing stores or writes for cache lines retained in the cache and an initial copy of the cache lines is to be stored to the data item log]
when said first instruction is a store instruction to be protected, said first operation is a write operation for copying said protected data and said associated security information from the processor registers to said load and store unit [Doshi: para 0110; While the transaction is still pending, data loaded from and written to within a memory are tracked], said second operation is a store operation for storing said copied protected data from said load and store unit to said at least one memory [Doshi: para 0004 the processor first check to see if a copy of the data is currently stored. The feature of a copy of data stored suggest the copied or copying of protected data as this data was said to involve encryption or security information. More examples of copy data on para 0126], and said third operation is a store operation [Doshi: para 0056; Each of the general-purpose registers may be indicated by instructions of the instruction set of the processor to identify operands. Thus, the instruction that identify operands suggest the specified instruction is linked various operations, such as the write operation or the second and third operation is a store operation] **for storing said copied associated security information from said load and store unit to said at least one memory, [**rejected under a secondary reference, discussion below]
said security information associated to protected data being data enabling to transform said protected data into plain data and/or integrity data enabling to verify integrity of said protected data. [Doshi: para 0066; storing such data transformed, such as by compressing the data, encrypting the data, adding parity or other redundancy data to the data that is stored. In cases where such transformation of the data is used, the execution unit may direct the data to be logged to such transformation logic (e.g., encryption logic, compression logic, parity logic, etc.)]
Doshi includes the processor may first check to see if a copy of the data is currently stored. The feature of a copy of data stored suggest the copied or copying of protected data as this data was said to involve encryption or security information [Doshi: para 0004, 0126]. A fixed general-purpose register may optionally be implicit to the instruction (e.g., implicit to an opcode of the instruction), and the processor may implicitly or inherently understand to look in this implicit fixed general-purpose register for the memory address information when it recognizes the instruction (e.g., when it decodes the instructions opcode) without the instruction needing to have any non-opcode bits to specify the register. The begin memory write log instruction have an opcode, sometimes called an operation code (e.g., a set of bits or one or more fields), to identify the instruction and/or the operation to be performed. Each of the general-purpose registers may be indicated by instructions of the instruction set of the processor to identify operands [Doshi: para 0055-0056]. Thus, the instructions that identify operands suggest there are different instructions that the specified instruction is linked various operations, such as the write operation or the second and third operation is a store operation. Thus, Doshi suggest store operation of copied data such as protected data. However, Doshi does not clearly teach “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory”.
Stewart includes a storage medium that stores instructions including instructions to cause the processor of a computing device to read the security Information 435 from the first storage. The security information is used during start-up of the computing device. Further, Stewart obviously suggest “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory” by teaching the instructions further include instructions to cause the processor of the computing device to copy the security information to second storage of the computing device. This may be a secure copy. The computing device determine whether the computing device has been compromised based on the security information and the copy of the security information. When it is determined that the computing device has been compromised, the instructions cause the deletion of the secret data [Stewart: para 0049-0050]. As such, motivation would be difficult for an attacker to tamper with the copy of the security information without also altering or removing the secret data as the copy of the security information and the secret data stored in the same storage [Stewart: para 0052].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Stewart with Doshi to teach “said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory” for the reason to store the copy of the security information and the secret data in the same storage to make it difficult for an attacker to tamper with the copy of the security information without also altering or removing the secret data [Stewart: para 0052].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Leynna Truvan whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 9:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at 571-270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Leynna Truvan
Examiner
Art Unit 2435
/L.TT/Examiner, Art Unit 2435
/EDWARD ZEE/Primary Examiner, Art Unit 2435