Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
Claims 1-20 are pending
Priority
This application is a continuation under 35 U.S.C. § 120 of International Application No. PCT/GB2023/051377, filed May 25, 2023, which claims priority to GB Application No. GB 2207808.3, filed May 26, 2022, under 35 U.S.C. § 119(a). Therefore, the effective filing date of this application is 05/26/2022.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: Figure 4 reference number 470. Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The abstract of the disclosure is objected to because it exceeds the 150 word limit and it also contains legal phraseology of “comprising” and “configured to”. Examiner suggests amending the abstract to reduce the word count and remove legal phraseology. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b).
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/25/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements have been considered by the examiner.
Double Patenting
No double patenting rejection is warranted at the time of this office action.
Claim Objections
Claims 2-11, 13-18 are objected to because of the following informalities: these claims are dependent claims to independent claims 1 and 12. However, these claims recite “A secure processing environment according to claim …”. Examiner suggests amending this limitation to “The secure processing environment according to claim …”. Appropriate correction is required.
Claims 19 and 20 recite the term “utilised”. Examiner suggest replacing this term with “utilized”. Appropriate correction is required.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are:
“… secure processing environment configured to” in claims 1 and 12
“… a first module configured to” in claim 1
“… a second module configured to” in claims 1 and 6
“… a third module configured to” in claim 11
“… a module configured to” in claims 12 and 17
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
See specification para. [0014, 0015] for hardware support for “… secure processing environment configured to”
See specification para. [0023, 0048] for functional support for “… secure processing environment configured to”
See specification para. [0066 “cryptographic processing module”] for hardware support for “… a first module configured to”
See specification para. [0043, 0047, 0048] for functional support for “… a first module configured to”
See specification para. [0025 “key export module”] for hardware support for “… a second module configured to”
See specification para. [0026] for functional support for “… a second module configured to”
See specification para. [0036 “key load module”] for hardware support for “… a third module configured to”
See specification para. [0037] for functional support for “… a third module configured to”
See specification para. [0036 “key load module”] for hardware support for “… a module configured to”
See specification para. [0037-0039] for functional support for “… a module configured to”
If applicant does not intend to have these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-18, and 20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "a first module configured to perform at least one masked processing operation using a plurality of shares corresponding to sensitive data ". However, the claim already recites of a “plurality of shares” and “sensitive data”. For the purpose of examination examiner is interpreting this limitation as “a first module configured to perform at least one masked processing operation using the plurality of shares corresponding to the sensitive data”. Appropriate correction is required.
Claims 2-11 depend on claim 1. Therefore, claims 2-11 also inherit the rejection.
Claim 1 recites the limitation " encrypting a nonce value using a confidentiality key ". However, the claim already recites of a “a confidentiality key”. For the purpose of examination examiner is interpreting this limitation as “encrypting a nonce value using the confidentiality key ”. Appropriate correction is required.
Claims 2-11 depend on claim 1. Therefore, claims 2-11 also inherit the rejection.
Claim 1 recites the limitation " the shares ". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “the plurality of shares”. Appropriate correction is required.
Claims 2-11 depend on claim 1. Therefore, claims 2-11 also inherit the rejection.
Claim 2 recites the limitation "one of the operands for the last additive operation". There is insufficient antecedent basis for “the operands” and “the last additive operation” in the claim. Examiner suggests amending this limitation to “cover data is unmasked and operands for a last additive operation of the sequence of additive operations is …”. Appropriate correction is required.
Claim 3 depends on claim 2. Therefore, claim 3 also inherits the rejection.
Claim 3 recites the limitation " the operands for the first additive operation". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “operands for a first additive operation”. Appropriate correction is required.
Claim 6 recites the limitation " the plurality of share ". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “the plurality of shares”. Appropriate correction is required.
Claim 6 recites the limitation " the shares of the cover data". There is insufficient antecedent basis for this limitation in the claim. The claim recites of “a share of the cover”. There is no antecedent basis for a plurality of shares of the cover data. Examiner suggests amending this limitation to “the share of the cover data”. Appropriate correction is required.
Claim 11 recites the limitation " the value of each uniformly random share". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of each uniformly random share”. Appropriate correction is required.
Claim 11 recites the limitation " the value of the cyphertext". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “the cyphertext”. Appropriate correction is required.
Claim 12 recites the limitation " the value of each uniformly random share". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of each uniformly random share”. Appropriate correction is required.
Claims 13-18 depend on claim 12. Therefore, claims 13-18 also inherit the rejection.
Claim 12 recites the limitation " the value of the cyphertext". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of the cyphertext”. Appropriate correction is required.
Claims 13-18 depend on claim 12. Therefore, claims 13-18 also inherit the rejection.
Claim 13 recites the limitation " the first additive operation". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a first additive operation”. Appropriate correction is required.
Claim 13 recites the limitation " the value of one of the uniformly random shares". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of one of the uniformly random shares”. Appropriate correction is required.
Claim 13 recites the limitation " the value of the cyphertext". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of the cyphertext”. Appropriate correction is required.
Claim 14 recites the limitation " the last of the sequence of additive operations comprises the value of the cover data". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a last of the sequence of additive inverse operations comprises a value of the cover data”. Appropriate correction is required.
Claim 15 recites the limitation " the sequence of inverse additive operations". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “the sequence of additive inverse operations”. Appropriate correction is required.
Claim 16 depends on claim 15. Therefore, claim 16 also inherits the rejection.
Claim 17 recites the limitation " the plurality of shares". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “the second plurality of shares”. Appropriate correction is required.
Claim 18 depends on claim 17. Therefore, claim 18 also inherits the rejection.
Claim 20 recites the limitation " the confidentiality key". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a confidentiality key”. Appropriate correction is required.
Claim 20 recites the limitation " the value of each uniformly random share". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of each uniformly random share”. Appropriate correction is required.
Claim 20 recites the limitation " the value of the cyphertext ". There is insufficient antecedent basis for this limitation in the claim. Examiner suggests amending this limitation to “a value of the cyphertext”.
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because they directed to an abstract idea.
Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites of a secure processing environment configured to perform masked processing operations using a plurality of shares corresponding to sensitive data, the secure processing environment comprising: memory storing a confidentiality key; a first module configured to perform at least one masked processing operation using a plurality of shares corresponding to sensitive data; and a second module configured to: generate cover data, the generation comprising encrypting a nonce value using a confidentiality key stored within the secure processing environment; following generation of the cover data, performing a sequence of additive operations using the shares of the sensitive data and the cover data to generate a summation; generate a cyphertext indicating the summation; and export a data package comprising the cyphertext and the nonce value.
The limitation of secure processing environment configured to perform masked processing operations using a plurality of shares corresponding to sensitive data, the secure processing environment comprising, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform masked operations using a plurality of shares corresponding to sensitive data.
The limitation of memory storing a confidentiality key, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually store a confidentiality key.
The limitation of a first module configured to perform at least one masked processing operation using a plurality of shares corresponding to sensitive data, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform at least one masked processing operation using a plurality of shares corresponding to sensitive data.
The limitation of a second module configured to: generate cover data, the generation comprising encrypting a nonce value using a confidentiality key stored within the secure processing environment, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate cover data by encrypting a nonce value using a confidentiality key.
The limitation of following generation of the cover data, performing a sequence of additive operations using the shares of the sensitive data and the cover data to generate a summation, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform a sequence of additive operations.
The limitation of generate a cyphertext indicating the summation, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate a cyphertext.
The limitation of export a data package comprising the cyphertext and the nonce value, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually export a data package comprising the cyphertext and the nonce value.
This judicial exception is not integrated into a practical application. The claim recites of a limitation of “exporting a data package comprising the cyphertext and the nonce value”. This limitation is used to generally send data for storage or for processing without placing any additional limits on what happens after exporting data or what is the purpose of exporting data. Merely generating, performing additive operation, and exporting data package does not integrate the abstract idea into a practical application. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. In particular, the claim only recites one additional element of “secure processing environment”. The “processing” recited at a high-level of generality (i.e., as a generic processor performing the method) such that it amounts no more than mere instructions to apply the exception using a generic processor. Mere instructions to apply an exception using a generic processor cannot provide an inventive concept. The claim is not patent eligible.
Claim 2 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the cover data is unmasked and one of the operands for the last additive operation of the sequence of additive operations is one of the shares of the sensitive data. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the cover data is unmasked and one of the operands for the last additive operation of the sequence of additive operations is one of the shares of the sensitive data.
Claim 3 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein one of the operands for the first additive operation of the sequence of additive operations is the cover data. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the first additive operation of the sequence of additive operations is the cover data.
Claim 4 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the sequence of additive operations comprises modular additive operations. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually perform modular additive operations.
Claim 5 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the modular additive operations comprise at least one of arithmetic modulo q addition, where q is a prime number or a power of two, and Boolean exclusive-OR bitwise addition. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually perform modular additive operations comprising at least one of arithmetic modulo q addition.
Claim 6 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the second module is configured to generate masked cover data having a plurality of shares, and for each of the plurality of share of the sensitive data performing an additive operation with a share of the cover data to generate a plurality of shares corresponding to a summation of shares of the sensitive data and the shares of the cover data. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually generate masked cover data having a plurality of shares, and for each of the plurality of shares of the sensitive data performing an additive operation.
Claim 7 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of generating an integrity tag and including the integrity tag in the data package, wherein the generation of the integrity tag comprises encrypting the cyphertext and metadata associated with the cyphertext using an integrity key stored in the memory. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually generate an integrity tag and include the integrity tag in the data package.
Claim 8 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the metadata comprises the nonce value. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the metadata comprises the nonce value.
Claim 9 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the integrity key is the confidentiality key. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the integrity key is the confidentiality key.
Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the integrity tag comprises a method authentication code for the data package. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine integrity tag comprises a method authentication code for the data package.
Claim 11 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the memory further comprises a third module configured to: import the data package comprising the cyphertext and the nonce value; generate one or more uniformly random shares; generate cover data, the generation of the cover data comprising encrypting the nonce value using the confidentiality key; perform a sequence of additive operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext to generate a plurality of shares corresponding to the sensitive data. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually import data package, generate one or more uniformly random shares, generate cover data, perform a sequence of additive operations, and generate a plurality of shares corresponding to the sensitive data.
Claim 12 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites of a secure processing environment configured to perform masked processing operations using a first plurality of shares corresponding to sensitive data, the secure processing environment comprising: memory storing a confidentiality key; and a module configured to: import a data package comprising a cyphertext and a nonce value; generate one or more uniformly random shares; and generate cover data, the generation of the cover data comprising encrypting the nonce value using the confidentiality key; and perform a sequence of additive inverse operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext to generate a second plurality of shares corresponding to the sensitive data.
The limitation of secure processing environment configured to perform masked processing operations using a first plurality of shares corresponding to sensitive data, the secure processing environment comprising, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform masked processing operations using a first plurality of shares.
The limitation of memory storing a confidentiality key, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually store a confidentiality key.
The limitation of a module configured to: import a data package comprising a cyphertext and a nonce value, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually import a data package comprising a cyphertext and a nonce value.
The limitation of generate one or more uniformly random shares, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate one or more uniformly random shares.
The limitation of generate cover data, the generation of the cover data comprising encrypting the nonce value using the confidentiality key, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate cover data.
The limitation of perform a sequence of additive inverse operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext to generate a second plurality of shares corresponding to the sensitive data, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform a sequence of additive inverse operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext to generate a second plurality of shares.
This judicial exception is not integrated into a practical application. Merely importing data package, generating uniformly random shares, generating cover data, and performing additive inverse to generate shares does not integrate the abstract idea into a practical application. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. In particular, the claim only recites one additional element of “secure processing environment”. The “processing” recited at a high-level of generality (i.e., as a generic processor performing the method) such that it amounts no more than mere instructions to apply the exception using a generic processor. Mere instructions to apply an exception using a generic processor cannot provide an inventive concept. The claim is not patent eligible.
Claim 13 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the cover data is unmasked and the first additive operation uses the value of one of the uniformly random shares and the value of the cyphertext as operands. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine cover data is unmasked and the first additive operation uses the value of one of the uniformly random shares and the value of the cyphertext as operands.
Claim 14 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein an operand for the last of the sequence of additive operations comprises the value of the cover data. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine an operand for the last of the sequence of additive operations comprises the value of the cover data.
Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the sequence of inverse additive operations comprises modular additive operations. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually perform sequence of inverse additive operations comprising modular additive operations.
Claim 16 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the modular additive operations comprise at least one of arithmetic modulo q addition, where q is a prime number or a power of two, and Boolean exclusive-OR bitwise addition. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually perform modular additive operations comprising at least one of arithmetic modulo q addition.
Claim 17 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the data package further comprises an integrity tag, and wherein the module is configured to verify the integrity tag before generating the plurality of shares from the cyphertext by: generating a verification tag by encrypting the cyphertext and metadata associated with the cyphertext using an integrity key stored in the memory; checking the verification tag matches the integrity tag; and in the event that the verification tag matches the integrity tag, generating the plurality of shares. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine a data package comprises an integrity tag, generate a verification tag, check if the verification tag matches the integrity tag, and if the verification tag matches the integrity tag, generating the plurality of shares.
Claim 18 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. This claim recites of wherein the metadata comprises the nonce value. Therefore, the limitations of this claim, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can also be performed in the mind. A user can manually determine the metadata comprises the nonce value.
The dependent claims 2-11, and 13-18 are directed to abstract ideas and do not include additional elements that are sufficient to amount to significantly more than the judicial exception. This judicial exception is not integrated into a practical application. Therefore, the claims are not patent eligible.
Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites of a method of storing a plurality of shares that correspond to sensitive data and are utilised within a secure processing environment to perform masked processing operations, the method comprising: generating cover data, the generation comprising encrypting a nonce value using a confidentiality key stored within the secure processing environment; following generation of the cover data, performing a sequence of additive operations to generate a summation of the shares of the sensitive data and the cover data; generating a cyphertext indicating the summation; and exporting a data package comprising the cyphertext and the nonce value for storage outside of the secure processing environment.
The limitation of method of storing a plurality of shares that correspond to sensitive data and are utilised within a secure processing environment to perform masked processing operations, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually store a plurality of shares that correspond to sensitive data and perform masked processing operations.
The limitation of generating cover data, the generation comprising encrypting a nonce value using a confidentiality key stored within the secure processing environment, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate cover data by encrypting a nonce value using a confidentiality key.
The limitation of following generation of the cover data, performing a sequence of additive operations to generate a summation of the shares of the sensitive data and the cover data, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform a sequence of additive operations to generate a summation of the shares of the sensitive data and the cover data.
The limitation of generating a cyphertext indicating the summation, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate a cyphertext indicating the summation.
The limitation of exporting a data package comprising the cyphertext and the nonce value for storage outside of the secure processing environment, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually export a data package for storage.
This judicial exception is not integrated into a practical application. The claim recites of a limitation of “exporting a data package comprising the cyphertext and the nonce value for storage outside of the secure processing environment”. This limitation is used to generally send data for storage for processing without placing any additional limits on what happens after exporting data or what is the purpose of exporting data. Merely generating, performing additive operation, and exporting data package does not integrate the abstract idea into a practical application. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. In particular, the claim only recites one additional element of “secure processing environment”. The “processing” recited at a high-level of generality (i.e., as a generic processor performing the method) such that it amounts no more than mere instructions to apply the exception using a generic processor. Mere instructions to apply an exception using a generic processor cannot provide an inventive concept. The claim is not patent eligible.
Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites of a method of generating a plurality of shares within a secure processing environment, the plurality of shares corresponding to sensitive data and utilised to perform masked processing operations within the secure processing environment, the method comprising: importing a data package comprising a cyphertext and a nonce value, the cyphertext being based on the sensitive data and the nonce value; generating one or more uniformly random shares; generating cover data, the generation of the cover data comprising encrypting the nonce value using the confidentiality key; and performing a sequence of additive inverse operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext to generate the plurality of shares corresponding to the sensitive data.
The limitation of method of generating a plurality of shares within a secure processing environment, the plurality of shares corresponding to sensitive data and utilised to perform masked processing operations within the secure processing environment, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate a plurality of shares corresponding to sensitive data and utilised to perform masked processing operations.
The limitation of importing a data package comprising a cyphertext and a nonce value, the cyphertext being based on the sensitive data and the nonce value, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually import a data package comprising a cyphertext and a nonce value.
The limitation of generating one or more uniformly random shares, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate one or more uniformly random shares.
The limitation of generating cover data, the generation of the cover data comprising encrypting the nonce value using the confidentiality key, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually generate cover data by encrypting a nonce value using a confidentiality key.
The limitation of performing a sequence of additive inverse operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext to generate the plurality of shares corresponding to the sensitive data, as drafted, is a process that, under its broadest reasonable interpretation, covers steps that can be performed in the mind. A user can manually perform sequence of additive inverse operations to subtract the value of each uniformly random share and the cover data from the value of the cyphertext.
This judicial exception is not integrated into a practical application. Merely importing data package, generating uniformly random shares, generating cover data, and performing additive inverse to generate shares does not integrate the abstract idea into a practical application. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. In particular, the claim only recites one additional element of “secure processing environment”. The “processing” recited at a high-level of generality (i.e., as a generic processor performing the method) such that it amounts no more than mere instructions to apply the exception using a generic processor. Mere instructions to apply an exception using a generic processor cannot provide an inventive concept. The claim is not patent eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8, 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over O’HARE (US-20130013931-A1) in view of SALOMON (US-20210083843-A1), and further in view of KHADIWALA (US-20180089020-A1), hereinafter O’HARE-SALOMON-KHADIWALA
Regarding claim 1, O’HARE teaches “A secure processing environment configured to perform masked processing operations using a plurality of shares corresponding to sensitive data, the secure processing environment comprising: ([O’HARE, para. 0057] “One aspect of the present invention is to provide a cryptographic system where one or more secure servers, or a trust engine, stores cryptographic keys and user authentication data.”) ([O’HARE, para. 0279] “A cryptographic split (cryptosplit) partitions the data into N number of shares. The partitioning can be on any size unit of data, including an individual bit, bits, bytes, kilobytes, megabytes, or larger units, as well as any pattern or combination of data unit sizes whether predetermined or randomly generated. The units can also be of different sized, based on either a random or predetermined set of values.”) ([O’HARE, para. 0002] “Two or more shares of an encrypted data set are formed.”) memory storing a confidentiality key; ([O’HARE, para. 0300] “Generating a session master key and encrypt the data using RS1 stream cipher.”) ([O’HARE, para. 0302] “In this embodiment of the method of the present invention, the session master key will be stored in a separate key management table in a data depository.”) a first module configured to perform at least one masked processing operation using a plurality of shares corresponding to sensitive data; and ([O’HARE, para. 0277] “The parsing process of the present invention may, in one embodiment, be designed in a modular tiered fashion, and any encryption process is suitable for use in the process of the present invention. The modular tiers of the parsing and splitting process of the present invention may include, but are not limited to … 3) encrypt, cryptographically split, encrypt each share, then dispersed and securely stored in multiple locations; and 4) encrypt, cryptographically split, encrypt each share with a different type of encryption than was used in the first step”) ([O’HARE, para. 0278] “The process comprises, in one embodiment, splitting of the data according to the contents of a generated random number, or key and performing the same cryptographic splitting of the key used in the encryption of splitting of the data to be secured into two or more portions, or shares, of parsed and split data, and in one embodiment, preferably into four or more portions of parsed and split data, encrypting all of the portions”) …. following generation of the cover data, performing a sequence … using the shares of the sensitive data and the cover data to generate a summation; ([O’HARE, para. 0294, fig. 21] “the session master key will be stored along with the secured data shares in a data depository. Separating the session master key according to the pattern of the Parser Master Key and append the key data to the encrypted parsed data.”) ([O’HARE, para. 0389, fig. 21] “Any other suitable integrity checking may be implemented using any suitable integrity information appended anywhere in all or a subset of data portions. Integrity information may include any suitable information that can be used to determine the integrity of data portions.”) ([O’HARE, para. 0112, fig. 21] “The data splitting module then combines the numbers A and C with the sensitive data S such that new numbers “B” and “D” are generated. For example, number B may comprise the binary combination of A XOR S and number D may comprise the binary combination of C XOR S. The XOR function, or the “exclusive-or” function, is well known to those of ordinary skill in the art.”) generate a cyphertext indicating the summation; and ([O’HARE, para. 0295, fig. 21] “The resulting four shares of data will contain encrypted portions of the original data and portions of the session master key. Generate a stream cipher key for each of the four data shares.”) ([O’HARE, para. 0296, fig. 21] “Encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares: Share 1 gets Key 4, Share 2 gets Key 1, Share 3 gets Key 2, Share 4 gets Key 3.”). [Examiner’s note: examiner is interpreting the session key as seen in figure 21 as the cover data.]
However, O’HARE does not teach “performing a sequence of additive operations … a second module configured to: generate cover data, the generation comprising encrypting a nonce value using a confidentiality key stored within the secure processing environment; … export a data package comprising the cyphertext and the nonce value.”.
In analogous teaching SALOMON teaches “… a second module configured to: generate cover data, the generation comprising encrypting a nonce value using a confidentiality key stored within the secure processing environment; ([SALOMON, para. 0018] “To tie these permits to data, the system may implement one or more cryptographic techniques. … If the system can store the data (i.e., the system identified a relevant permit), the system may generate a nonce … The system may additionally encrypt the nonce using the permit keys for any relevant permits. The system may store the encrypted data object with the encrypted nonces and key IDs of the relevant permit keys (e.g., one or more permit keys pointing to the relevant data processing permits), for example, in an encrypted datum bundle.”) ([SALOMON, para. 0074] “At 530, the encryption system 500 may encrypt the cryptographic nonce using a permit key (e.g., a secret or key encryption key associated with a data processing permit). … The encryption system 500 may store a set of cipher-nonces corresponding to a set of applicable permit keys (i.e., permit secrets) for the data processing permits that all apply to the same plaintext data 505. The encryption process for the input plaintext data 505 may return the encrypted data 520 (i.e., encrypted ciphertext) and encrypted nonces 535 based on the corresponding permits.”) ([SALOMON, para. 0050] “The securitization service 215 may maintain access to keys (e.g., permit keys 280) internally and may support data and key management across systems or internal to each system.”) … export a data package comprising the cyphertext and the nonce value. ([SALOMON, para. 0099] “At 945, the application server 905 may transmit the ciphertext object to the database 915 for storage. In some cases, the application server 905 may send the encrypted cryptographic key (e.g., the encrypted nonce), the identifier indicating the permit key (e.g., the key ID for the permit key), or both with the ciphertext object. These components may be included in an encrypted datum bundle sent to the database 915 for storage.”)
Thus, given the teaching of SALOMON, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of generate cover data, the generation comprising encrypting a nonce value by SALOMON into the teaching of a secure processing environment configured to perform masked processing operations by O’HARE. One of ordinary skill in the art would have been motivated to do so because SALOMON recognizes the need for securing data ([SALOMON, para. 0035] “The system 100 may support further technical advantages based on tying data processing permits 120 to data using cryptographic techniques. For example, the system 100 may support automatic encryption of all data entering a data management system, improving data securitization and protecting against data breaches.”)
However, O’HARE-SALOMON does not teach “performing a sequence of additive operations”.
In analogous teaching KHADIWALA teaches “… performing a sequence of additive operations …” ([KHADIWALA , para. 0045] “The combining of the received partial rebuild package 394 from the other rebuilding participant with the encrypted zero information gain partial slice includes finding the sum of the partials in the field. For example, the received partial rebuild package is exclusiveOR-ed with the encrypted zero information gain partial. Depending on the field, summing may be exclusiveOR (XOR) or it may be another form of addition (e.g., such as addition modulo a prime). For example, some implementations of Shamir secret sharing, for example, perform all addition and multiplication modulo some prime. In such a case, instead of using XOR the summing may be accomplished by combining the partials via modular addition (e.g., which is how addition is defined in that field of integers).”) ([KHADIWALA , para. 0041] “The rebuilding module 388 issues partial slice requests 392 to each storage unit of the rebuilding participants 390, where each partial slice request 392 includes one or more of an identifier of the encoded data slice”).
Thus, given the teaching of KHADIWALA, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of performing a sequence of additive operations by KHADIWALA into the teaching of a secure processing environment configured to perform masked processing operations by O’HARE-SALOMON. One of ordinary skill in the art would have been motivated to do so because KHADIWALA recognizes the need to improve response time in completion of logic functions ([KHADIWALA , para. 0006] “As is further known, a computer may effectively extend its CPU by using “cloud computing” to perform one or more computing functions (e.g., a service, an application, an algorithm, an arithmetic logic function, etc.) on behalf of the computer. Further, for large services, applications, and/or functions, cloud computing may be performed by multiple cloud computing resources in a distributed manner to improve the response time for completion of the service”) ([KHADIWALA , para. 0021] “each of the storage units operates as a distributed storage and task (DST) execution unit, and is operable to store dispersed error encoded data and/or to execute, in a distributed manner, one or more tasks on data. The tasks may be a simple function (e.g., a mathematical function, a logic function, an identify function, a find function, a search engine function, a replace function, etc.),”)
Regarding claim 2, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 1. O’HARE further teaches “wherein the cover data is unmasked and one of the operands for the last … of the sequence of additive operations is one of the shares of the sensitive data. ([O’HARE, para. 0294, fig. 21] “the session master key will be stored along with the secured data shares in a data depository. Separating the session master key according to the pattern of the Parser Master Key and append the key data to the encrypted parsed data.”) ([O’HARE, para. 0389, fig. 21] “Any other suitable integrity checking may be implemented using any suitable integrity information appended anywhere in all or a subset of data portions. Integrity information may include any suitable information that can be used to determine the integrity of data portions.”) ([O’HARE, para. 0500, fig. 21] “In other embodiments, one or more session key shares may be appended to the beginning or end of an encrypted data set share to form a user share. The collection of user shares may then be stored separately on at least one data depository.”) [Examiner’s note: examiner is interpreting session key share as unmasked cover data.]
KHADIWALA teaches of “additive operation” as seen in the rejection of claim 1. The same rejection and motivation apply.
Regarding claim 3, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 2. O’HARE further teaches “wherein one of the operands for the first … operation of the sequence of additive operations is the cover data. ([O’HARE, para. 0294, fig. 21] “the session master key will be stored along with the secured data shares in a data depository. Separating the session master key according to the pattern of the Parser Master Key and append the key data to the encrypted parsed data.”) ([O’HARE, para. 0295, fig. 21] “The resulting four shares of data will contain encrypted portions of the original data and portions of the session master key. Generate a stream cipher key for each of the four data shares.”) ([O’HARE, para. 0296, fig. 21] “Share 1 gets Key 4, Share 2 gets Key 1, Share 3 gets Key 2, Share 4 gets Key 3.”)
KHADIWALA teaches of “additive operation” as seen in the rejection of claim 1. The same rejection and motivation apply.
Regarding claim 4, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 1. KHADIWALA further teaches “wherein the sequence of additive operations comprises modular additive operations. ([KHADIWALA , para. 0045] “The combining of the received partial rebuild package 394 from the other rebuilding participant with the encrypted zero information gain partial slice includes finding the sum of the partials in the field. For example, the received partial rebuild package is exclusiveOR-ed with the encrypted zero information gain partial. Depending on the field, summing may be exclusiveOR (XOR) or it may be another form of addition (e.g., such as addition modulo a prime).”).
The same motivation to modify O’HARE-SALOMON with KHADIWALA as in the rejection of claim 1 applies.
Regarding claim 5, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 4. KHADIWALA further teaches “wherein the modular additive operations comprise at least one of arithmetic modulo q addition, where q is a prime number or a power of two, and Boolean exclusive-OR bitwise addition. ([KHADIWALA , para. 0045] “For example, the received partial rebuild package is exclusiveOR-ed with the encrypted zero information gain partial. Depending on the field, summing may be exclusiveOR (XOR) or it may be another form of addition (e.g., such as addition modulo a prime). For example, some implementations of Shamir secret sharing, for example, perform all addition and multiplication modulo some prime. In such a case, instead of using XOR the summing may be accomplished by combining the partials via modular addition (e.g., which is how addition is defined in that field of integers). … In fields where XOR represents addition, it also represents subtraction, so all participants handle combining identically”).
The same motivation to modify O’HARE-SALOMON with KHADIWALA as in the rejection of claim 1 applies.
Regarding claim 6, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 1. O’HARE further teaches “wherein the second module is configured to generate masked cover data having a plurality of shares, and for each of the plurality of share of the sensitive data performing an … operation with a share of the cover data to generate a plurality of shares corresponding to a summation of shares of the sensitive data and the shares of the cover data. ([O’HARE, para. 0114, fig. 21] “Similarly, the data units may be distributed into one or more shares according to a fixed or predetermined data unit size, a pattern or combination of data unit sizes, or a randomly generated data unit size or sizes per share.”) ([O’HARE, para. 0295, fig. 21] “The resulting four shares of data will contain encrypted portions of the original data and portions of the session master key. Generate a stream cipher key for each of the four data shares.”) ([O’HARE, para. 0500, fig. 21] “the session key may be encrypted using a shared key (e.g., a workgroup key) before unique portions of the key are distributed or shared into two or more session key shares. Two or more user shares may then be formed by combining at least one encrypted data set share and at least one session key share. In forming a user share, in some embodiments, the at least one session key share may be interleaved into an encrypted data set share.”)
KHADIWALA teaches of “additive operation” as seen in the rejection of claim 1. The same rejection and motivation apply.
Regarding claim 7, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 1. O’HARE further teaches “further comprising generating an integrity tag and including the integrity tag in the data package, wherein the generation of the integrity tag comprises encrypting the cyphertext and metadata associated with the cyphertext using an integrity key stored in the memory. ([O’HARE, para. 0450] “The data may then be split into the predefined number of shares at step 3616. A fault tolerant scheme may be used at step 3617 to allow for regeneration of the data from less than the total number of shares. Once the shares are created, authentication/integrity information may be embedded into the shares at step 3618. Each share may be optionally post-encrypted at step 3619.”) ([O’HARE, para. 0486] “share integrity information (e.g., a hash H) may be computed on the resulting ciphertext from step 4012. For example, a SHA-256 hash may be computed. … The integrity information (e.g., hash H) may then be appended to each data share. An optional post-authentication tag (e.g., MAC) may also be computed and appended to each data share in some embodiments.”) ([O’HARE, para. 0487] “Each data share may include metadata, which may be necessary to permit correct reconstruction of the data blocks or data packets. This information may be included in the share header. The metadata may include such information as cryptographic key shares, key identities, share nonces, signatures/MAC values, and integrity blocks.”) ([O’HARE, para. 0490] “As described above, each data share may be secured using a share integrity portion including share integrity information (e.g., a SHA-256 hash) of the encrypted, pre-partitioned data. To verify the integrity of the outputs blocks at recovery time, the secure data parser may compare the share integrity blocks of each share and then invert the split algorithm.”) ([O’HARE, para. 0295] “Generate a stream cipher key for each of the four data shares.”) ([O’HARE, para. 0296] “Encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares”)
Regarding claim 8, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 7. O’HARE further teaches “wherein the metadata comprises the nonce value. ([O’HARE, para. 0487] “Each data share may include metadata, which may be necessary to permit correct reconstruction of the data blocks or data packets. This information may be included in the share header. The metadata may include such information as cryptographic key shares, key identities, share nonces, signatures/MAC values, and integrity blocks.”)
Regarding claim 10, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 7. O’HARE further teaches “wherein the integrity tag comprises a method authentication code for the data package. ([O’HARE, para. 0486] “The integrity information (e.g., hash H) may then be appended to each data share. An optional post-authentication tag (e.g., MAC) may also be computed and appended to each data share in some embodiments.”) ([O’HARE, para. 0456] “A fault tolerant scheme may be used at step 3617 to allow for regeneration of the data from less than the total number of shares. Once the shares are created, authentication/integrity information may be embedded into the shares at step 3618. Each share may be optionally post-encrypted at step 3619.”)
Regarding claim 11, O’HARE-SALOMON-KHADIWALA teaches all limitations of claim 1. O’HARE further teaches “wherein the memory further comprises a third module configured to: import the data package comprising the cyphertext and …; ([O’HARE, para. 0111] “As mentioned in the foregoing, the authentication engine 215 and the cryptographic engine 220 each include a data splitting module 520 and 610, respectively, for splitting any type or form of sensitive data, such as, for example, text, audio, video, the authentication data and the cryptographic key data. FIG. 8 illustrates a flowchart of a data splitting process 800 performed by the data splitting module according to aspects of an embodiment of the invention. As shown in FIG. 8, the data splitting process 800 begins at step 805 when sensitive data “S” is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220.”) generate one or more uniformly random shares; ([O’HARE, para. 0103] “The data splitting module 520 advantageously comprises a software, hardware, or combination module having the ability to mathematically operate on various data so as to substantially randomize and split the data into portions. According to one embodiment, original data is not recreatable from an individual portion.”) ([O’HARE, para. 0111] “Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, “A.” For example, the random number A may be generated in a wide number of varying conventional techniques available to one of ordinary skill in the art, for producing high quality random numbers suitable for use in cryptographic applications. In addition, according to one embodiment, the random number A comprises a bit length which may be any suitable length, such as shorter, longer or equal to the bit length of the sensitive data, S.”) ([O’HARE, para. 0114] “For example, the data unit sizes may be selected or predetermined to be all of the same size, a fixed set of different sizes, a combination of sizes, or randomly generates sizes. Similarly, the data units may be distributed into one or more shares according to a fixed or predetermined data unit size, a pattern or combination of data unit sizes, or a randomly generated data unit size or sizes per share.”) perform a sequence of … the value of each uniformly random share and the cover data from the value of the cyphertext to generate a plurality of shares corresponding to the sensitive data. ([O’HARE, para. 0472] “In order to restore the data, split encryption key 3806 may be retrieved and restored in accordance with the present invention. The split operation may then be reversed to restore the ciphertext. Encryption key 3804 may also be retrieved and restored, and the ciphertext may then be decrypted using the encryption key.”) ([O’HARE, para. 0279, fig. 21] “To restore the original data format, the steps are reversed.”) ([O’HARE, para. 0427] “FIG. 34 is a block diagram of an illustrative process flow for restoring original data 3306 from two or more parsed and split portions of original data 3306 in accordance with one embodiment of the present invention. The process involves hashing the portions in reverse (i.e., to the process of FIG. 33) as a function of cipher feedback session key 3304 to restore the encrypted original data (or original data if there was no encryption prior to the parsing and splitting). The encryption key may then be used to restore the original data (i.e., in the illustrated example, cipher feedback session key 3304 is used to decrypt the XOR encryption by XORing it with the encrypted data). This the restores original data 3306.”).
SALOMON further teaches “import … the nonce value ([SALOMON, para. 0026] “In some cases, a nonce generator 135 or key generator at the application server 105 may generate the nonce 140. In some other cases, a key management server or key management system may generate the nonce 140 and may pass the nonce 140 to the application server 105.”) generate cover data, the generation of the cover data comprising encrypting the nonce value using the confidentiality key; ([SALOMON, para. 0018] “To tie these permits to data, the system may implement one or more cryptographic techniques. … If the system can store the data (i.e., the system identified a relevant permit), the system may generate a nonce … The system may additionally encrypt the nonce using the permit keys for any relevant permits. The system may store the encrypted data object with the encrypted nonces and key IDs of the relevant permit keys (e.g., one or more permit keys pointing to the relevant data processing permits), for example, in an encrypted datum bundle.”) ([SALOMON, para. 0074] “At 530, the encryption system 500 may encrypt the cryptographic nonce using a permit key (e.g., a secret or key encryption key associated with a data processing permit). … The encryption system 500 may store a set of cipher-nonces corresponding to a set of applicable permit keys (i.e., permit secrets) for the data processing permits that all apply to the same plaintext data 505. The encryption process for the input plaintext data 505 may return the encrypted data 520 (i.e., encrypted ciphertext) and encrypted nonces 535 based on the corresponding permits.”) ([SALOMON, para. 0050] “The securitization service 215 may maintain access to keys (e.g., permit keys 280) internally and may support data and key management across systems or internal to each system.”).
The same motivation to modify O’HARE with SALOMON as in the rejection of claim 1 applies.
KHADIWALA further teaches “… perform a sequence of additive operations to subtract …” ([KHADIWALA , para. 0045] “The combining of the received partial rebuild package 394 from the other rebuilding participant with the encrypted zero information gain partial slice includes finding the sum of the partials in the field. … Instead of combining the partial with a keystream via XOR, one rebuilding participant would add the key stream (e.g., according to rules of addition in the field) such that another rebuilding participant using a corresponding key would subtract the same keystream from a partial associated with the other rebuilding participant.”) ([KHADIWALA , para. 0046] “A last storage unit 354 of the rebuilding participants 390 generates an output and associated partial rebuild package 394 as a rebuild package 396 to the rebuilding module 388, where the rebuild package 396 includes a combination of each of a decode threshold number of encrypted zero information gain partial slices from each of the rebuilding participants.”).
The same motivation to modify O’HARE-SALOMON with KHADIWALA as in the rejection of claim 1 applies.
Regarding claim 12, this claim recites of a secure processing environment configured to perform masked processing operations that performs the features of claim 11 and independent claim 1. Therefore, claim 12 is rejected in a similar manner as in the rejection of claims 1 and 11.
Regarding claim 13, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 12. O’HARE further teaches “wherein the cover data is unmasked and the first … operation uses the value of one of the uniformly random shares and the value of the cyphertext as operands.” ([O’HARE, para. 0294, fig. 21] “the session master key will be stored along with the secured data shares in a data depository. Separating the session master key according to the pattern of the Parser Master Key and append the key data to the encrypted parsed data.”) ([O’HARE, para. 0389, fig. 21] “Any other suitable integrity checking may be implemented using any suitable integrity information appended anywhere in all or a subset of data portions. Integrity information may include any suitable information that can be used to determine the integrity of data portions.”) ([O’HARE, para. 0500, fig. 21] “In other embodiments, one or more session key shares may be appended to the beginning or end of an encrypted data set share to form a user share. The collection of user shares may then be stored separately on at least one data depository.”) ([O’HARE, para. 0338, fig. 21] “In order to securely store the resulting encrypted data in, for example, four shares, S1, S2, S3, Sn, the data is parsed and split into “n” segments, or shares, according to the value of K5. This operation results in “n” pseudorandom shares of the original encrypted data. Subsequent XOR functions may then be performed on each share with the remaining secret key values, for example: Secure data segment 1=encrypted data share 1 XOR secret key 1”) [Examiner’s note: examiner is interpreting encrypted data as cyphertext and secret key share as uniformly random shares.]
KHADIWALA teaches of “additive operation” as seen in the rejection of claim 1. The same rejection and motivation apply.
Regarding claim 14, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 12. O’HARE further teaches “wherein an operand for the last of the sequence of … operations comprises the value of the cover data. ([O’HARE, para. 0500, fig. 21] “In other embodiments, one or more session key shares may be appended to the beginning or end of an encrypted data set share to form a user share. The collection of user shares may then be stored separately on at least one data depository.”)
KHADIWALA teaches of “additive operation” as seen in the rejection of claim 1. The same rejection and motivation apply.
Regarding claim 15, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 12. KHADIWALA further teaches “wherein the sequence of inverse additive operations comprises modular additive operations. ([KHADIWALA, para. 0045] “Depending on the field, summing may be exclusiveOR (XOR) or it may be another form of addition (e.g., such as addition modulo a prime). For example, some implementations of Shamir secret sharing, for example, perform all addition and multiplication modulo some prime … Instead of combining the partial with a keystream via XOR, one rebuilding participant would add the key stream (e.g., according to rules of addition in the field) such that another rebuilding participant using a corresponding key would subtract the same keystream from a partial associated with the other rebuilding participant. In fields where XOR represents addition, it also represents subtraction, so all participants handle combining identically.”). [Examiner’s note: inverse additive operation is subtraction.]
The same motivation to modify O’HARE-SALOMON with KHADIWALA as in the rejection of claim 1 applies.
Regarding claim 16, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 15. KHADIWALA further teaches “wherein the modular additive operations comprise at least one of arithmetic modulo q addition, where q is a prime number or a power of two, and Boolean exclusive-OR bitwise addition. ([KHADIWALA , para. 0045] “For example, the received partial rebuild package is exclusiveOR-ed with the encrypted zero information gain partial. Depending on the field, summing may be exclusiveOR (XOR) or it may be another form of addition (e.g., such as addition modulo a prime). For example, some implementations of Shamir secret sharing, for example, perform all addition and multiplication modulo some prime. In such a case, instead of using XOR the summing may be accomplished by combining the partials via modular addition (e.g., which is how addition is defined in that field of integers). … In fields where XOR represents addition, it also represents subtraction, so all participants handle combining identically”).
The same motivation to modify O’HARE-SALOMON with KHADIWALA as in the rejection of claim 1 applies.
Regarding claim 17, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 12. O’HARE further teaches “wherein the data package further comprises an integrity tag, and wherein the module is configured to verify the integrity tag before generating the plurality of shares from the cyphertext by: generating a verification tag by encrypting the cyphertext and metadata associated with the cyphertext using an integrity key stored in the memory; checking the verification tag matches the integrity tag; and in the event that the verification tag matches the integrity tag, generating the plurality of shares. ([O’HARE, para. 0490] “Each output block may include data portion 4106 and integrity/authenticity portion 4108. As described above, each data share may be secured using a share integrity portion including share integrity information (e.g., a SHA-256 hash) of the encrypted, pre-partitioned data. To verify the integrity of the outputs blocks at recovery time, the secure data parser may compare the share integrity blocks of each share and then invert the split algorithm. The hash of the recovered data may then be verified against the share hash.”) ([O’HARE, para. 0486] “Each incoming data packet or data block in the stream is encrypted using the split encryption key, K, at step 4012. At step 4014, share integrity information (e.g., a hash H) may be computed on the resulting ciphertext from step 4012. For example, a SHA-256 hash may be computed. At step 4106, the data packet or data block may then be partitioned into two or more data shares using one of the data splitting algorithms described above in accordance with the present invention.”) ([O’HARE, para. 0487] “Each data share may include metadata, which may be necessary to permit correct reconstruction of the data blocks or data packets. This information may be included in the share header. The metadata may include such information as cryptographic key shares, key identities, share nonces, signatures/MAC values, and integrity blocks.”) ([O’HARE, para. 0295] “Generate a stream cipher key for each of the four data shares.”) ([O’HARE, para. 0296] “Encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares”) ([O’HARE, para. 0450] “The data may then be split into the predefined number of shares at step 3616. A fault tolerant scheme may be used at step 3617 to allow for regeneration of the data from less than the total number of shares. Once the shares are created, authentication/integrity information may be embedded into the shares at step 3618. Each share may be optionally post-encrypted at step 3619.”)
Regarding claim 18, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 17. O’HARE further teaches “wherein the metadata comprises the nonce value. ([O’HARE, para. 0487] “Each data share may include metadata, which may be necessary to permit correct reconstruction of the data blocks or data packets. This information may be included in the share header. The metadata may include such information as cryptographic key shares, key identities, share nonces, signatures/MAC values, and integrity blocks.”)
Regarding claim 19, this claim recites of a method claim that performs the steps of claim 1. Therefore, claim 19 is rejected in a similar manner as in the rejection of claim 1. O’HARE further teaches “exporting a data package … for storage outside of the secure processing environment.” ([O’HARE, para. 0177] “In this way, the trust engine system 1300 lowers its response time while maintaining the security advantages associated with geographically remote data storage facilities, such as those discussed with reference to FIG. 7 where each data storage facility stores randomized portions of sensitive data. For example, a security compromise at, for example, the depository 1325 of the trust engine 1315 does not necessarily compromise the sensitive data of the trust engine system 1300.”) ([O’HARE, para. 0289] “The secure data parser of the present invention, in one embodiment, addresses this problem by performing a cryptographic parsing and splitting of the encrypted file into two or more portions or shares, and in another embodiment, preferably four or more shares, adding another layer of encryption to each share of the data, then storing the shares in different physical and/or logical locations.”) ([O’HARE, para. 0107] “As shown in FIG. 7, the depository system 700 advantageously comprises multiple data storage facilities, for example, data storage facilities D1, D2, D3, and D4.”)
Regarding claim 20, this claim recites of a method claim that performs the features of claims 1, 11, and independent claim 12. Therefore, claim 20 is rejected in a similar manner as in the rejection of claims 1, 11, and 12.
Claims 9 are rejected under 35 U.S.C. 103 as being unpatentable over O’HARE-SALOMON-KHADIWALA in view of BAR-EL (US-20060232826-A1).
Regarding claim 9, O’HARE-SALOMON-KHADIWALA teach all limitations of claim 7. However, O’HARE-SALOMON-KHADIWALA does not teach “wherein the integrity key is the confidentiality key.”
In analogous teaching BAR-EL teaches “wherein the integrity key is the confidentiality key. “([BAR-EL, para. 120] “As indicated at block 508, the method may include transferring the file key and/or integrity information corresponding to the requested file, to server control application 174 (FIG. 1), e.g., via the secure channel. For example, the method may include encrypting file key 158 (FIG. 1) and integrity information 160 (FIG. 1), e.g., using the shared session key or any other key implemented by the secure channel, as indicated at block 510. The method may also include transferring the encrypted file key and integrity information to server control application 174 (FIG. 1), as indicated at block 512. The method may also include decrypting the encrypted file key and integrity information, as indicated at block 514. For example, server control application 174 (FIG. 1) may decrypt the encrypted file key and integrity information, e.g., using the shared session key.”).
Thus, given the teaching of BAR-EL, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of integrity key is the confidentiality key by BAR-EL into the teaching of a secure processing environment configured to perform masked processing operations by O’HARE-SALOMON-KHADIWALA. One of ordinary skill in the art would have been motivated to do so because BAR-EL recognizes the need to efficiently store and access data ([BAR-EL, para. 0005] “Conventional devices for securely storing data may include a “physical” protection structure to prohibit any access to the stored data. However, the protection structure may be relatively complex and/or expensive and, thus, may not provide cost-effective protection for large amounts of data.”) ([BAR-EL, para. 0007] “According to some demonstrative embodiments of the invention, a system may include a host to manage a file system including a plurality of encrypted classified files; and a secure control configuration to securely store access information related to the classified files”)
Pertinent Art
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
GUILLEY (US-11733966-B2): This prior art teaches of a device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder. The device is configured to apply a mask to each operand component input of at least some of the elementary adders using a masking logical operation, the mask being a random number.
PESSL (US-20230030316-A1): This prior art teaches of a cryptographic processing device is described comprising a processor configured to determine a masking component, generate a masked version of a secret first element by masking multiple components of the secret first element with the masking component, determine a first share of the product of the secret first element and a second element by multiplying the second element with the masked version of the secret first element, determine a second share of the product of the secret first element and the second element by multiplying the second element with the difference of the secret first element and the masked version of the secret first element and continue with a lattice-based cryptography operation using the first share and the second share of the product.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.A./
02/18/2026
/AFAQ ALI/Examiner, Art Unit 2434
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434