DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-10 are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/01/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3 and 7-10 are rejected under 35 U.S.C. 103 as being unpatentable over Simon et al. (US 6,065,008) (hereinafter, “Simon”) in view of Cachin et al. (US 2008/0172562 A1) (hereinafter, “Cachin”).
As to claim 1, Simon discloses an information processing device comprising:
a memory (Fig. 2);
an authentication tree cache in which some of counters, identifiers, and … generated by using the counters and the identifiers, are temporarily stored (“… the signing module constructs an authentication tree having leaves formed of glyphs, one or more intermediate levels of nodes computed as one-way functions of the glyphs, and a root computed as a one-way function of the nodes.” -e.g., see, col. 2, lines 53-56), the counters and the identifiers being included in an authentication tree including a plurality of nodes connected with one another in a tree shape in which a pair of a counter and an identifier is assigned to each of the nodes (“… the signing module 48 computes a hash value for each intermediate node above the leaves. A node represents the conjunction of multiple hash values from a next lowest level in the tree. In this example, the authentication tree is binary, although non-binary trees may also be used. Each node branches to two nodes beneath it, thus representing 2.sup.level leaves, where "level" is the number of levels from the node to the leaves.” -e.g., see, col.6, lines 10-18);
a data cache in which some of a plurality of data respectively assigned to a plurality of leaf nodes are temporarily stored, the plurality of leaf nodes being nodes located in a lowest layer among the plurality of nodes constituting the authentication tree (“… the signing module 48 computes a hash value for each intermediate node above the leaves. A node represents the conjunction of multiple hash values from a next lowest level in the tree. In this example, the authentication tree is binary, although non-binary trees may also be used. Each node branches to two nodes beneath it, thus representing 2.sup.level leaves, where "level" is the number of levels from the node to the leaves.” -e.g., see, col. 8, lines 5-10); and
an authenticated memory encryption engine configured to perform a cryptographic process and an authentication process using the authentication tree for data to be exchanged between the data cache and the memory (“The authentication module 76 of the client operating system 74 performs the steps. At step 120, the client computer receives the font subset file from the server, stores it in memory, and makes it available to the authentication module 76. The authentication module 76 produces the unsigned root by applying the server's public key to the digitally signed root contained in the signature field 118” -e.g., see, col. 8, lines 21-29), and
wherein the authenticated memory encryption engine is further configured to (“The font subset data structure 110 also includes an authentication field 116 with one or more authentication values from the font authentication tree that represents all remaining glyphs and data from the font that are not part of the font subset. In this example, the authentication field 116 might hold the hash value representing glyphs 3 and 4 (i.e., the hash value H.sub.3,4) and the hash value representing glyphs 5-8 (i.e., the hash value H.sub.5,8). A signature field 118 is included in the font subset data structure 110 to hold the digitally signed root of the font authentication tree.” -e.g., see, col. 8, lines 1-10):
update, when any of the plurality of nodes constituting the authentication tree is to be deleted, a value of a counter assigned to a parent node of the node to be deleted based on a value of a counter assigned to the node to be deleted (“… to produce the hash value H.sub.1,4, the authentication module 76 applies F to the recomputed value H.sub.1,2 and the value H.sub.3,4 received in authentication field. Then, to compute the root hash digest H.sub.1,8, the authentication module 76 applies F to the recomputed value H.sub.1,4 and the value H.sub.5,8 received in authentication field. At this point, the authentication module has recreated the hash digest for the root of the glyph portion of the authentication tree. Any other information contained in the font subset file pertaining to other tables is then used to compute the hash digest of the root for the entire authentication tree.” -e.g., see, col. 8, lines 42-53; herein, compute, i.e., updating or setting the hash digest of the root for the entire authentication tree); and
set, when a new node is to be added at a position where the deleted node was originally located in the authentication tree, a value of a counter assigned to the added node based on a value of a counter assigned to a parent node of the added node (col. 7, lines 22-29; herein, authentication tree can be organized, i.e. setting, in many different forms. The tree can be made flatter, whereby each node branches to more than two underlying modes. Moreover, some optimization might be used to group glyphs or other data in a manner that would reduce the size of the tree or the number of authentication values needed to reconstruct the root for typical subsets).
Simon does not explicitly disclose an authentication tree cache in which some of counters, identifiers, and tags generated; perform an authentication process for at least one tag respectively generated at least one node present on a path from a leaf node to which the data is assigned to a root node (bold limitations emphasis added).
However, in an analogous art, Cachin discloses an authentication tree cache in which some of counters, identifiers, and tags generated ([0006]; herein, one or more plaintext data blocks, ciphertext data blocks and corresponding authentication tags are generated by means of authenticated encryption; see also: [0007]; herein, verification of authenticity of data according to the invention comprises the following steps. In a first step from one or more ciphertext data blocks and corresponding authentication tags from a tag tree); perform an authentication process for at least one tag respectively generated at least one node present on a path from a leaf node to which the data is assigned to a root node ([0009]; herein, verification of authenticity of encrypted authentication tags of a tag tree according to the invention comprises the following steps. In a first step from the encrypted authentication tags and a parent authentication tags, decrypted authentication tags and tag verification value are generated means of authenticated decryption. In a further step from one or more ciphertext data blocks plaintext data blocks and comparison tags are generated by means of authenticated decryption. The plaintext data blocks are output, in the tag verification values and the verification of the comparison tags confirm the authenticity of the data and the authentication tags).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention to have modified Simon to incorporate the teachings of Cachin in order to provide tags or tag-based logic which would provide several advantages for managing complex security workflows and resource access.
As to claims 7 and 9, these are rejected using the similar rationale as for the rejection of claim 1.
As to claim 2, Simon in view of Cachin discloses the information processing device according to claim 1, Simon further discloses wherein the authenticated memory encryption engine is further configured to: update, when deleting any of the plurality of nodes constituting the authentication tree, the value of the counter assigned to the parent node of the node to be deleted to a value larger than a larger one of the value of the counter assigned to the parent node of the node to be deleted and the value of the counter assigned to the node to be deleted (“… to produce the hash value H.sub.1,4, the authentication module 76 applies F to the recomputed value H.sub.1,2 and the value H.sub.3,4 received in authentication field. Then, to compute the root hash digest H.sub.1,8, the authentication module 76 applies F to the recomputed value H.sub.1,4 and the value H.sub.5,8 received in authentication field. At this point, the authentication module has recreated the hash digest for the root of the glyph portion of the authentication tree. Any other information contained in the font subset file pertaining to other tables is then used to compute the hash digest of the root for the entire authentication tree.” -e.g., see, col. 8, lines 42-53; herein, compute, i.e., updating or setting the hash digest of the root for the entire authentication tree), and
set, when adding a new node at a position where the deleted node was originally located in the authentication tree, the value of the counter assigned to the added node to a value equal to or larger than the value of the counter assigned to the parent node of the added node (col. 7, lines 22-29; herein, authentication tree can be organized, i.e. setting, in many different forms. The tree can be made flatter, whereby each node branches to more than two underlying modes. Moreover, some optimization might be used to group glyphs or other data in a manner that would reduce the size of the tree or the number of authentication values needed to reconstruct the root for typical subsets).
As to claims 8 and 10, these are rejected using the similar rationale as for the rejection of claim 2.
As to claim 3, Simon in view of Cachin discloses the information processing device according to claim 1, Simon further discloses wherein the authenticated memory encryption engine is further configured to: update, when deleting any of the plurality of nodes constituting the authentication tree, the value of the counter assigned to the parent node of the node to be deleted to a larger one of the value of the counter assigned to the parent node of the node to be deleted and the value of the counter assigned to the node to be deleted (“… to produce the hash value H.sub.1,4, the authentication module 76 applies F to the recomputed value H.sub.1,2 and the value H.sub.3,4 received in authentication field. Then, to compute the root hash digest H.sub.1,8, the authentication module 76 applies F to the recomputed value H.sub.1,4 and the value H.sub.5,8 received in authentication field. At this point, the authentication module has recreated the hash digest for the root of the glyph portion of the authentication tree. Any other information contained in the font subset file pertaining to other tables is then used to compute the hash digest of the root for the entire authentication tree.” -e.g., see, col. 8, lines 42-53; herein, compute, i.e., updating or setting the hash digest of the root for the entire authentication tree), and
set, when adding a new node at a position where the deleted node was originally located in the authentication tree, the value of the counter assigned to the added node to a value larger than the value of the counter assigned to the parent node of the added node (col. 7, lines 22-29; herein, authentication tree can be organized, i.e. setting, in many different forms. The tree can be made flatter, whereby each node branches to more than two underlying modes. Moreover, some optimization might be used to group glyphs or other data in a manner that would reduce the size of the tree or the number of authentication values needed to reconstruct the root for typical subsets).
Claims 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over Simon in view of Cachin as applied to claim 1 above, and further in view of Sandberg et al. (US 11,281,434 B2) (hereinafter, “Sandberg”).
As to claim 4, Simon in view of Cachin discloses the information processing device according to claim 1, Simon in view of Cachin doesn’t explicitly disclose wherein a counter assigned to each node in the authentication tree is formed of a major counter of which a value is represented by, among a plurality of bits representing a value of the counter, a high-order bit, and a minor counter of which a value is represented by a low-order bit, and the major counter is shared by a plurality of nodes having a common parent node.
However, in an analogous art, Sandberg discloses wherein a counter assigned to each node in the authentication tree is formed of a major counter of which a value is represented by, among a plurality of bits representing a value of the counter, a high-order bit, and a minor counter of which a value is represented by a low-order bit, and the major counter is shared by a plurality of nodes having a common parent node (“ In FIG. 8, at least some of the nodes of the tree use a split-counter approach, in which the counters in that node of the tree are represented in split-form using a major count value 95 and a number of minor count values 97. Each of the minor count values 97 corresponds to one of the data blocks covered by that node of the tree. The actual counter for a given data block is defined by the combination of the major count value 95 (which is shared between all of the blocks covered by that node) and the specific minor count value 97 specified for that data block.” -e.g., see, Sandberg: col. 14, lines 6-16).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention to have modified Simon and Cachin to incorporate the teachings of Sandberg in order to effectively use counters. It would be desirable to increase the situations in which such cheap counters can be utilized.
As to claim 5, Simon in view of Cachin and Sandberg discloses the information processing device according to claim 4, Simon further discloses wherein the authenticated memory encryption engine is further configured to: update, when deleting any of the plurality of nodes constituting the authentication tree, a value of a major counter assigned to the parent node of the node to be deleted to a value larger than a larger one of the value of the major counter assigned to the parent node of the node to be deleted and a value of a major counter assigned to the node to be deleted, and set, when adding a new node at a position where the deleted node was originally located in the authentication tree, a value of a major counter assigned to the added node to a value equal to or larger than the value of the major counter assigned to the parent node of the added node (Simon: “… to produce the hash value H.sub.1,4, the authentication module 76 applies F to the recomputed value H.sub.1,2 and the value H.sub.3,4 received in authentication field. Then, to compute the root hash digest H.sub.1,8, the authentication module 76 applies F to the recomputed value H.sub.1,4 and the value H.sub.5,8 received in authentication field. At this point, the authentication module has recreated the hash digest for the root of the glyph portion of the authentication tree. Any other information contained in the font subset file pertaining to other tables is then used to compute the hash digest of the root for the entire authentication tree.” -e.g., see, col. 8, lines 42-53; herein, compute, i.e., updating or setting the hash digest of the root for the entire authentication tree).
As to claim 6, Simon in view of Cachin and Sandberg discloses the information processing device according to claim 5, Sandberg further discloses wherein when the authenticated memory encryption engine has updated a value of the major counter shared by the plurality of nodes having a common parent node, the authenticated memory encryption engine initializes values of respective minor counters of the plurality of nodes having the common parent node (Sandberg: “The apparatus then further comprises normalisation circuitry responsive to a potential overflow condition being detected for a given minor counter value, to determine the adjustment value, to cause the adjustment value to be added to the first counter value, and to cause the overlap portion of each minor counter value (which in the event of full overlap will be the entire minor counter value) to be decremented by the adjustment value, such that the potential overflow condition is addressed without changing the combined counter value generated from any minor counter value. Hence, adjustments can be made to each of the minor counter values, and to the major counter value, such that overflow in one of the minor counters is avoided without changing the combined counter value that would be generated from combining the major counter values with any of the minor counter values.” -e.g., see, Sandberg: col. 5, lines 5-24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention to have modified Simon and Cachin to incorporate the teachings of Sandberg in order to effectively use counters. It would be desirable to increase the situations in which such cheap counters can be utilized.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SUMAN DEBNATH
Patent Examiner
Art Unit 2495
/S.D/Examiner, Art Unit 2495
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495