DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 6 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 6 recites “receiving, from the memory media, the encrypted data” and is dependent on claim 1. However, claim 1 recites “storing, to the storage media, the encrypted data.” It is unclear how and/or where the encrypted data is being received in claim 6, as parent claim 1 recites storing the encrypted data in the “storage media”, not the “memory media”.
Duplicate Claims
Applicant is advised that should claim 11 be found allowable, claim 15 will be objected to under 37 CFR 1.75 as being a substantial duplicate thereof. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1, 2, 4, 6-12, and 15-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2015/0294123 to Oxford (hereinafter, “Oxford”).
As per claim 1: Oxford discloses: A device comprising: at least one circuit comprising an encryptor and a decryptor (symmetric encryption block 1124 [Oxford, ¶0125; Fig. 11]; hardware block 170 implements encryption and decryption algorithms, wherein such terms are used interchangeably [Oxford, ¶0043]); memory media (secure data cache 1110 [Oxford, ¶0125; Fig. 11]); and storage media (main memory 1140 [Oxford, ¶0125; Fig. 10]), wherein the encryptor and decryptor are configured between the memory media and storage media (symmetric encryption block 1124 is implemented between the secure data cache 1110 and the main memory 1140 [Oxford, Fig. 11]); wherein the at least one circuit is configured to perform one or more operations comprising: receiving at least a portion of data; encrypting, using the encryptor, the at least a portion of data as encrypted data; and storing, to the storage media, the encrypted data (“When the data cache 1110 is flushed to main memory 1140, each data line is encrypted by symmetric encryption block 1124 using the secure data encryption key 1126 corresponding to the value of the vector 1142 of the respective data line. As before, data in the data cache is encrypted and stored in main memory as encrypted data.” [Oxford, ¶0125; Fig. 11]).
As per claim 2: Oxford discloses all limitations of claim 1. Furthermore, Oxford discloses: wherein the at least one circuit is further configured to perform one or more operations comprising: receiving, from the storage media, the encrypted data; decrypting, using the decryptor, the encrypted data as decrypted data; and sending the decrypted data (“…whereupon it can then be re-created back in the secure D$ in the clear when the secure process is resumed by reversing the encryption procedure described above. Essentially, as described above, this mechanism can be used to automatically decrypt the data as it is read back into the data cache from main memory…” [Oxford, ¶0093]).
As per claim 4: Oxford discloses all limitations of claim 1. Furthermore, Oxford discloses: wherein the at least one circuit is further configured to perform one or more operations comprising: receiving, from the memory media, second encrypted data; encrypting, using the encryptor, the second encrypted data as third encrypted data; and storing, to the storage media, the third encrypted data (secure data cache includes a plurality of data lines (four lines are shown in Fig. 11), wherein each data line is encrypted (i.e., first, second, third, fourth “encrypted data”) and stored in main memory as encrypted data [Oxford, ¶0125; Fig. 11]).
As per claim 6: Oxford discloses all limitations of claim 1. Furthermore, Oxford discloses: wherein the at least one circuit is further configured to perform one or more operations comprising: receiving, from the memory media, the encrypted data; decrypting the encrypted data, using the decryptor, as decrypted data; and sending the decrypted data (data can be pre-encrypted in the data cache before being paged out to the main memory, so that it will be decrypted with the same encryption key [Oxford, ¶0103, 0119]).
As per claim 7: Oxford discloses all limitations of claim 1. Furthermore, Oxford discloses: wherein the at least one circuit further comprises a configuration module; and wherein the at least one circuit is further configured to perform one or more operations comprising: determining an encryption algorithm for the encryptor and decryptor; and applying the encryption algorithm to the at least a portion of data (using a standard (symmetric) encryption algorithm, such as AES-128 or AES-256, which is dependent on the security of the key for the encryption process – only the secure process that “owns” the data should be recreate the encryption key correctly [Oxford, ¶0027]).
As per claim 8: Oxford discloses all limitations of claim 7. Furthermore, Oxford discloses: wherein the at least one circuit is further configured to perform one or more operations comprising: determining that the at least a portion of data should be encrypted (when data cache is flushed [Oxford, ¶0125]); and enabling the encryptor to encrypt the data based on determining that the at least a portion of data should be encrypted (encrypting the flushed data to the main memory [Oxford, ¶0125]).
As per claim 9: Oxford discloses all limitations of claim 1. Furthermore, Oxford discloses: wherein receiving at least a portion of data comprises: receiving the at least a portion of data during at least one of a flush of cache data or an application flush from device memory to the storage media (flushing secure data cache 1110 to main memory 1140, wherein the data in the cache belongs to specific processes (i.e., applications) [Oxford, ¶0125; Fig. 11]).
As per claim 10: Oxford discloses: A method comprising: receiving at least a portion of data, the at least a portion of data being received based on at least one of a flush of cache data and an application flush from device memory to storage media (flushing secure data cache 1110 to main memory 1140, wherein the data in the cache belongs to specific processes (i.e., applications) [Oxford, ¶0125; Fig. 11]); encrypting the at least a portion of data as encrypted data; and storing, to the storage media, the encrypted data (“When the data cache 1110 is flushed to main memory 1140, each data line is encrypted by symmetric encryption block 1124 using the secure data encryption key 1126 corresponding to the value of the vector 1142 of the respective data line. As before, data in the data cache is encrypted and stored in main memory as encrypted data.” [Oxford, ¶0125; Fig. 11]).
As per claim 11: Oxford discloses all limitations of claim 10. Furthermore, Oxford discloses: further comprising: receiving, from the storage media, the encrypted data; decrypting the encrypted data as decrypted data; and sending the decrypted data (“…whereupon it can then be re-created back in the secure D$ in the clear when the secure process is resumed by reversing the encryption procedure described above. Essentially, as described above, this mechanism can be used to automatically decrypt the data as it is read back into the data cache from main memory…” [Oxford, ¶0093]).
As per claim 12: Oxford discloses all limitations of claim 10. Furthermore, Oxford discloses: further comprising: determining an encryption algorithm; and applying the encryption algorithm to the at least a portion of data (using a standard (symmetric) encryption algorithm, such as AES-128 or AES-256, which is dependent on the security of the key for the encryption process – only the secure process that “owns” the data should be recreate the encryption key correctly [Oxford, ¶0027]).
As per claim 15: Oxford discloses all limitations of claim 10. Furthermore, Oxford discloses: further comprising: receiving, from the storage media, the encrypted data; decrypting the encrypted data as decrypted data; and sending the decrypted data (“…whereupon it can then be re-created back in the secure D$ in the clear when the secure process is resumed by reversing the encryption procedure described above. Essentially, as described above, this mechanism can be used to automatically decrypt the data as it is read back into the data cache from main memory…” [Oxford, ¶0093]).
As per claim 16: Claim 16 is different from overall scope as claim 1. Claim 16 is directed to a system corresponding to the device in claim 1. Oxford discloses a target, or endpoint, unit 100 with a secure execution control 162, main memory, and cache memories. See [Oxford, ¶0044-0046; 0125; Fig. 2]. Thus, the responses provided in claim 1 and herein are applicable to claim 16.
As per claim 17: Claim 17 incorporates all limitations as claim 16. Claim 17 is directed to a system corresponding to the device in claim 2. Therefore, the responses provided to claims 2 and 16 are equally applicable to claim 17.
As per claim 18: Claim 18 incorporates all limitations as claim 16. Claim 18 is directed to a system corresponding to the device in claim 3. Therefore, the responses provided to claims 3 and 16 are equally applicable to claim 18.
As per claim 19: Oxford discloses all limitations of claim 16. Furthermore, Oxford discloses: wherein the at least one circuit is further configured to perform one or more operations comprising: receiving, from the memory media, second encrypted data; decrypting, using the decryptor, the second encrypted data as decrypted data; and sending, to the device memory, the decrypted data (“…whereupon it can then be re-created back in the secure D$ in the clear when the secure process is resumed by reversing the encryption procedure described above. Essentially, as described above, this mechanism can be used to automatically decrypt the data as it is read back into the data cache from main memory…” [Oxford, ¶0093]).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 3, 5, 13, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Oxford in view of US 2007/0154018 to Watanabe (hereinafter, “Watanabe”).
As per claim 3: Oxford discloses all limitations of claim 1. Oxford does not explicitly disclose, but Watanabe discloses: wherein the encryptor is a first encryptor; wherein the decryptor is a first decryptor; wherein the at least a portion of data is first data (the symmetric encryption block discussed earlier in Oxford would be the “first” instances); wherein the at least one circuit further comprises a second encryptor and a second decryptor (multiple encryption engines and multiple corresponding decryption engines in encryption module 14 and decryption part 10’, respectively [Watanabe, ¶0049, 0053; Figs. 1A & 1B]); and wherein the at least one circuit is further configured to perform one or more operations comprising: receiving second data; encrypting, using the second encryptor, the second data as second encrypted data; and storing, to the memory media, the second encrypted data (these engines can be selected and activated to encrypt data [Watanabe, ¶0050]; in view of Oxford, these engines would be implemented in the symmetric encryption block 1124).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the symmetric encryption block in Oxford to operate with multiple cryptographic engines, such as the encryption/decryption engines disclosed in Watanabe. Different cryptographic engines to perform different algorithms [Watanabe, ¶0050] would have improved security of the cached data. Additionally, enabling different cryptographic algorithms would have enabled increased the scope of processes available, as not all application processes can be compatible with a particular cryptographic algorithm.
As per claim 5: Oxford discloses all limitations of claim 1. The motivation for incorporating Watanabe in claim 3 is also applicable herein. Therefore, Oxford in view of Watanabe disclose: wherein the encryptor is a first encryptor; wherein the encrypted data is first encrypted data; wherein the memory media is configured to receive second encrypted data from a second encryptor; and wherein the first encryptor uses a different encryption algorithm than the second encryptor (one of the multiple encryption engine is selected and activated based on encryption parameters that include a selected encryption algorithm [Watanabe, ¶0050]; therefore, in view of the modification to Oxford in view of Watanabe, the symmetric encryption block in Oxford would have multiple encryption/decryption engines that can be selected to implement a specific cryptographic algorithm – i.e., the same process of encrypting flushed data would be applied, but would further include selecting a specific encryption engine to perform).
As per claim 13: Oxford discloses all limitations of claim 10. Oxford does not explicitly disclose, but Watanabe discloses: wherein encrypting the at least a portion of data comprises encrypting the at least a portion of data using a first encryptor; wherein the at least a portion of data is first data; wherein the encrypted data is first encrypted data (the symmetric encryption block discussed earlier in Oxford would be the “first” instances; the same process of encrypting flushed data, as discussed earlier with Oxford, would be applied); and wherein the method further comprises: receiving second data; encrypting, using a second encryptor (multiple encryption engines in encryption module 14 [Watanabe, ¶0049-0050; Figs. 1A & 1B]), the second data as second encrypted data; and storing, to memory media, the second encrypted data (these engines can be selected and activated to encrypt data [Watanabe, ¶0050]; in view of Oxford, these engines would be implemented in the symmetric encryption block 1124 to perform the processes discussed in Oxford earlier).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the symmetric encryption block in Oxford to operate with multiple cryptographic engines, such as the encryption/decryption engines disclosed in Watanabe. Different cryptographic engines to perform different algorithms [Watanabe, ¶0050] would have improved security of the cached data. Additionally, enabling different cryptographic algorithms would have enabled increased the scope of processes available, as not all application processes can be compatible with a particular cryptographic algorithm.
As per claim 14: Oxford discloses all limitations of claim 10. The motivation for incorporating Watanabe in claim 13 is also applicable herein. Therefore, Oxford in view of Watanabe disclose: wherein encrypting the at least a portion of data comprises encrypting the at least a portion of data using a first encryptor; wherein memory media is configured to receive second encrypted data from a second encryptor; and wherein the first encryptor uses a different encryption algorithm than the second encryptor (one of the multiple encryption engine is selected and activated based on encryption parameters that include a selected encryption algorithm [Watanabe, ¶0050]; therefore, in view of the modification to Oxford in view of Watanabe, the symmetric encryption block in Oxford would have multiple encryption/decryption engines that can be selected to implement a specific cryptographic algorithm – i.e., the same process of encrypting flushed data would be applied, but would further include selecting a specific encryption engine to perform).
As per claim 20: Claim 20 incorporates all limitations as claim 16. Claim 20 is directed to a system corresponding to the device in claim 5 Therefore, the responses provided to claims 5 and 16 are equally applicable to claim 20.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2024/0346155: A memory protection apparatus is interposed between a system cache and a memory system. See Abstract.
US 2024/0028524: During a power loss, data is flushed to the memory device and encrypted. See Abstract.
US 2021/0165579: Blocks of a storage device are dynamically allocated based on power requirements and can be safely flushed from a cache during loss of power. See ¶0027.
US 2021/0019427: Encrypting blocks of cache memory and storing the data blocks in non-volatile memory during a cache flus. See ¶0027.
US 2014/0006797: Different encryption and decryption modules can implement different algorithms. See ¶0047.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached at 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ROBERT B LEUNG/Primary Examiner, Art Unit 2494