DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/4/2021 has been entered.
As per Amendment, claims 1, 8 and 15 have been amended; claims 1, 8 and 15 are independent claims. Claims 1-5, 7-12 and 14-19 have been examined and are pending. This Action is made Non-Final.

Response to Arguments
Applicants’ arguments with respect to 35 U.S.C. 101 and 35 U.S.C. 103 filed on 1/4/2021 with respect to limitations listed below, have been fully considered but they are not persuasive.
Regarding 35 U.S.C. 101:
Applicants’ Argue:  Here, the Office Action alleges (pp. 7-8 that the claims fall within a process that under its broadest reasonable interpretation, covers performance of the limitation in the mind.  While the Office Action highlights portions of the language of independent Claim 1 as the abstract idea, it does not provide an explanation as to why these elements would correspond to a concept that the courts have identified as an abstract idea. correspond to a concept that the courts have identified as an abstract idea. As explained in a memorandum to the Patent Examiner Corps (internal citations omitted, emphasis in original): A subject matter eligibility rejection should point to the specific claim limitation(s) that recites (/.e., sets forth or describes) the judicial exception. The rejection must identify the specific claim limitations and explain why those claim limitations set forth a judicial exception (e.g., an abstract idea). Where the claim describes, but does not expressly set forth, the judicial exception, the rejection must also explain what subject matter those limitations describe, and why the described subject matter is a judicial exception. Bahr, Robert W., “Formulating a Subject Matter Eligibility Rejection and Evaluating the Applicant’s Response to a Subject Matter Eligibility Rejection,” pp. 2 and 3 (May 4, 2016).5 Here, the Office Action simply concludes that it falls within the alleged judicial exception without explanation, and thus the Office Action has not established a prima facie case of patent ineligibility under § 101.
Examiner’s Response:  The examiner respectfully notes that the claims were examined in light of the 2019 Revised Patent Subject Matter Eligibility Guidance.  The examiner noted that claims recite features of... load a file comprising hardware description language (HDL) code for an intellectual property core; identify an asset within the intellectual property core; perform a confidentiality verification of the HDL code that represents the asset; detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset, wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset; identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan; and identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point; and initiate extraction of the trigger circuit for the hardware Trojan.  These limitations, as drafted, recites a 
Applicants’ Argue:  The Office Action further alleges (p. 8) that "This judicial exception is not integrated into a practical application." As indicated in the 2019 PEG, Examiners are to evaluate integration into a practical application by: (a) identifying whether there are any additional elements recited in the claim beyond the judicial exception(s); and (b) evaluating those additional elements individually and in combination to determine whether they integrate the exception into a practical application. In this case, the Office Action has applied an incorrect standard for determining whether the claims are directed to an abstract idea because the Office Action appears to fail to consider the claims as a whole and in light of the specification. While the Office Action lists a portion of the language of independent claim 1, the Office Action does not consider all of the features of independent claim 1 or the features included in the dependent claims. Rather, the Office Action simply concludes that "the steps are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component... this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea." Applicant disagrees.

Applicants’ Argue:  The Federal Circuit has repeatedly ruled that claims directed to an abstract idea amount to significantly more than an abstract idea and are therefore patent eligible when the claims recite a specific technical solution for a particular problem. The present claims are directed to a specific technical solution to a practical application that address the identification of a trigger circuit for a hardware Trojan and initiation of its extraction. In fact, the present claims recite a specific technical approach related to hardware Trojan detection and extraction. Insofar as the present claims are integrated into a practical application, the claims satisfy the subject matter eligibility requirements under 101.

Applicants’ Argue:  In addition, the current claims recite a specific non-conventional arrangement. Even if certain elements of the claims were considered generic, which Applicant denies, this combination of elements renders these claims not merely the routine or conventional use of technology. The Federal Circuit has held that “[w]hether something is well-understood, routine, and conventional to a skilled artisan at the time of the patent is a factual determination.” Berkheimer v. HP /Inc., 881 F.3d 1360, 1369 (Fed. Cir. 2018) and Applicant notes that the Office Action does not provide support as outlined in the Berkheimer memorandum. Also, in Berkheimer, the Federal Circuit stated, "Whether a particular technology is well-understood, routine, and conventional goes beyond what was simply known in the prior art. The mere fact that something is disclosed in a piece of prior art, for example, does not mean it was well-understood, routine, and conventional." Slip. op. at 14. Hence, the Office Action has not met its burden to establish that the "computing components" perform "generic, well-understood, and conventional computing functions," as required by the Berkheimer memorandum. Even assuming, for the sake of argument, that product may be commercially available, the Office Action has failed to show that these products are utilized in a well- understood, routine, and conventional method. The Office fails to consider the novelty and non-obviousness of the claims in determining whether the present claims are patent-eligible. As the Federal Circuit has repeatedly ruled, novelty and non- obviousness are factors that determine whether claims that are allegedly directed to an abstract idea would still amount to "significantly more" than the abstract ide
Examiner’s Response:  The examiner respectfully disagrees.  The additional elements that fall under the analysis under step 2B are “a computing device comprising a processor and a memory; and machine readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least...” which is noted to be a generic computer which is well understood, routine, and conventional and further such “computing components” are known to perform “generic, well-understood, and conventional computing functions” as noted in MPEP 2016.05(d)(ii) which note performing repetitive calculations and storing and retrieving information in memory as examples of well understood, routine, and conventional functions.  Therefore the examiner finds this argument not persuasive.  
Applicants’ Argue:  Even assuming, for the sake of argument, that product may be commercially available, the Office Action has failed to show that these products are utilized in a well- understood, routine, and conventional method. The Office fails to consider the novelty and non-obviousness of the claims in determining whether the present claims are patent-eligible. As the Federal Circuit has repeatedly ruled, novelty and non- obviousness are factors that determine whether claims that are allegedly directed to an abstract idea would still amount to "significantly more" than the abstract idea.  Ultramercial, Inc. v. Hulu, LLC, 772 F.3d 709, 715 (Fed. Cir. 2014) ("novelty in 13 implementation of the idea is a factor to be considered only in the second step of the Alice analysis") (emphasis added); BASCOM Global Internet Servs. v. AT&T Mobility, LLC, 827 F.3d 1341, 1353 (Fed. Cir. 2016) (Newman, J., concurring) ("If the claims are unpatentable, any issue of abstractness, however defined, is mooted. And if the subject matter is patentable, it is not an abstract idea.") (emphasis added). For at least the reasons discussed below, claims 1-5, 7-12 and 14-19 are neither anticipated by any single reference of record nor obvious in view of any one or more of the references of record.
Examiner’s Response:  The examiner respectfully disagrees.  The examiner has provided a complete the analysis as required by the 2019 PEG. Therefore the examiner finds this argument not persuasive.  

Regarding 35 U.S.C. 103:
Applicants’ Argue: However, while Hu recites that “the hardware security design 200 can include a set of inputs 205 and outputs 206 corresponding to input ports and output ports” (para. 0044), Hu does not disclose that specific gates, registers or ports are specified to permit use to access an asset. Rather, Hu states that “security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location” (para. 0037). As recited in para. 0060 of Hu: security property 440 can specify certain confidentiality properties. For example, a confidentiality property can require that secret information never leak to an unclassified domain. A security property 440 can additional specify integrity property. As another example, an integrity property requires that untrusted data never be written to a trusted location. However, a confidentiality property that prevents access to an asset by never allowing information to leak to a domain and an integrity property that prevents manipulation of an asset by never allowing writing to a location is not the same as specifying gates, registers or ports that permit access to or manipulation of the asset. Hu does not teach that the security properties (either confidentiality properties or integrity properties) specifies which gates, registers, or ports are permitted to be used to access or manipulate the asset, but instead discloses that the information itself is identified or specified to prevent leakage or writing to a location. Nor does Hu disclose a violation is defined by a security property that specifies gates, registers or ports that are allowed to be used to access or manipulate an asset. ...Thus, Hu does not anticipate “detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset, wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset,” as recited in claim 1. Nor does Hu anticipate “detect an integrity violation within the HDL code as a result of performance of the integrity verification on the HDL code that represents the asset, wherein the integrity violation is defined by an integrity policy that can specify which gates, registers, or ports are permitted to manipulate the asset,” as recited in claim 8 or “detecting an integrity violation within the HDL code as a result of performance of the integrity verification on the HDL code that represents the asset, wherein the integrity violation is defined by an integrity policy that can specify which gates, registers, or ports are permitted to manipulate the asset,” as recited in claim 15.
Examiner’s Response:  The examiner respectfully disagrees.  As similarly argued in the previous response, the examiner notes in Hu discloses in [0044] - In some embodiments, the hardware security design 200 can be a logic specified at the gate level, and generated according to the techniques previously described in connection with FIG. 1. For example, the hardware security design 200 can be implemented as a GLIFT logic. According to the embodiments, the hardware security design 200 can include a set of inputs 205 and outputs 206 corresponding to input ports and output ports, respectively, included in the configuration of the hardware security logic. Additionally, in some implementations, the inputs 205 and outputs 206 can be represented as one or more variables used in mechanisms for specifying a hardware design, for example a HDL.   The examiner notes Hu discloses in [0046] - As shown in FIG. 2, the security property 213 can be specified in an expression implemented in a high-level security language, for example, "Input=/=>Output", which checks an information flow between source (e.g., Input) and destination (e.g., Output). The security property 213 illustrated in FIG. 2 defines, or otherwise specifies the information flow restriction, that Input should not flow to Output. (emphasis added) 
The examiner further notes Hu describes in [0047] - In some embodiments, security properties 213 specifying information flow restrictions for a hardware design can be further specified as one or more security lattices 220  and further in [0027] - Information flow tracking (IFT) is a technique usable in secure systems to ensure that secrecy and/or integrity of information is tightly controlled. Given a policy specifying the desired information flows, such as one requiring that secret information should not be observable by public objects, information flow tracking helps detect whether or not flows violating this policy are present.  
The examiner notes as constructed Hu discloses logic is at the gate level and further there is input/output pots at the gate level.  If information that is a secret is flowing through the gate input to gate output and it violates a security property as per [0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0060] - In some implementations, security property 440 can specify certain confidentiality properties. For example, a confidentiality property can require that secret information never leak to an unclassified domain. A security property 440 can additional specify integrity property. As another example, an integrity property requires that untrusted data never be written to a trusted location.  That clearly reads on a form of access (i.e., leaking) and/or manipulation (i.e., written) as that gate would violate the policy as it is not permitted to perform such actions set by the security properties/policy as described in [0027] - Given a policy specifying the desired information flows (i.e., gates that permitted to access or manipulate), such as one requiring that secret information should not be observable by public objects, information flow tracking helps detect whether or not flows violating this policy are present (i.e., gates that are not permitted to access (i.e., leaking) and/or manipulation (i.e., written)) and [0037] and [0060].  Thus the policy specified the permitted gate level logic and the flow tracking shows which gates violate the policy present.   
Therefore it is reasonable to construct that Hu reads on: detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset, wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset for Claim 1 and detect an integrity violation within the HDL code as a result of performance of the integrity verification on the HDL code that represents the asset, wherein the integrity violation is defined by an integrity policy that can specify which gates, registers, or ports are permitted to manipulate the asset for Claim 8 and 15.  Therefore this argument is not persuasive. 




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-5, 7-12, and 14-19 is/are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. 

Regarding Claim 1 and Claims 8 and 15; Claim 1 and Claims 8 and 15 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more (i.e., detecting hardware Trojans and identifying malicious observation points and a trigger circuit). The claim recites ... load a file comprising hardware description language (HDL) code for an intellectual property core; identify an asset within the intellectual property core; perform a confidentiality verification of the HDL code that represents the asset; detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset, wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset; identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan; and identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point, and initiate extraction of the trigger circuit for the hardware Trojan. These limitations, as drafted, recites a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “a computing device comprising a processor and a memory including machine 
This judicial exception is not integrated into a practical application. In particular, the claim recites elements of “a computing device comprising a processor and a memory including machine readable instructions including machine readable instructions” to perform such steps. The “a computing device comprising a processor and a memory including machine readable instructions” in the steps are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
 The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception, as they recite “a computing device comprising a processor and a memory including machine readable instructions” to perform such steps. As discussed above with respect to integration of the abstract idea into a practical application, the 
Regarding Claim(s) 2-5, 7, 9-12, 14, 16-19; Claim 2-5, 7, 9-12, 14, 16-19 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons as they additionally recite limitation(s), under its broadest reasonable interpretation, that covers performance of such limitations in the mind but for the recitation of generic computer components.












Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 5, 7, 8, 12, 14, 15, and 19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated  by Hu et al. (US 2018/0032760 A1).

Regarding Claim 1;
Hu discloses system comprising: 
a computing device comprising a processor and a memory ([0095] and [0097]); and 
machine readable instructions stored in the memory that, when executed by the processor ([0095] and [0097]), cause the computing device to at least 
load a file comprising hardware description language (HDL) code for an intellectual property core ([0086] - According to the embodiments, a data processing apparatus (shown in FIG. 8) can be employed for performing the functions of the described process. A hardware design for an IC chip implementation, for example, is received 701. Receiving the hardware design can include generating a source code including multiple variables, using a HDL, for instance, to specify the circuit configuration and [0095]); 
([0028] - A simple example system has two labels: public and secret. A policy for the example system specifies that any data labeled as secret (e.g., an encryption key) should not affect or flow to any data labeled as public (e.g., a malicious process). Information flow tracking can also be extended to more complex policies and labeling systems and [0032] - In the implementations, receiving the hardware design can involve specifying an implementation for an electronic circuit or microprocessor for example, including the components, connectivity, flow of information between components, and logical arrangements. The hardware design can describe the circuit using various degrees of abstraction, including but not limited to: gate level, Register Transfer Level (RTL) level, algorithmic level, and behavioral levels and [0037] and [0086]);
 perform a confidentiality verification of the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties); 
detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties) wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset ([0027] - Information flow tracking (IFT) is a technique usable in secure systems to ensure that secrecy and/or integrity of information is tightly controlled. Given a policy (i.e., confidentiality policy) specifying the desired information flows, such as one requiring that secret information should not be observable by public objects, information flow tracking helps detect whether or not flows violating this policy are present and [0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity). In the implementations, security properties received in high-level security languages can be translated, for example during RTL synthesis, into a security hardware logic, for example at the gate level and [0044] - For example, the hardware security design 200 can be implemented as a GLIFT logic. According to the embodiments, the hardware security design 200 can include a set of inputs 205 and outputs 206 corresponding to input ports and output ports, respectively, included in the configuration of the hardware security logic. Additionally, in some implementations, the inputs 205 and outputs 206 can be represented as one or more variables used in mechanisms for specifying a hardware design, for example a HDL and [0047] - In some embodiments, security properties 213 specifying information flow restrictions for a hardware design can be further specified as one or more security lattices 220 (i.e., confidentially verification) and [0049] - As an example, the structure of security lattice 220 includes a two label hierarchical arrangement indicating that Output, label 225, flowing to Input, label 224, is a secure information flow that is allowed according to the security property 213. A violation (i.e., confidentially violation) of the security property 213 can include a conversely occurring instance of Input, which is the more restricted label 224, flowing to Output label 225. Accordingly, in some implementations, a security hardware logic implementing an information flow violating one or more specified security properties 213 can be detected and [0060] - In some implementations, security property 440 can specify certain confidentiality properties. For example, a confidentiality property can require that secret information never leak to an unclassified domain. A security property 440 can additional specify integrity property. As another example, an integrity property requires that untrusted data never be written to a trusted location).
identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan ([0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0086] – (e.g., hardware Trojan) detection... In some cases, the hardware associated with the hardware design received at 701 can include a Trojan having malicious behaviors that potentially affect the security of information flow (e.g., leaking key bits) and [0092] – fail and [0094]); and 
identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]); and
initiate extraction of the trigger circuit for the hardware Trojan ([0038] - According to an embodiment, optimizing the security logic of the hardware design 130 is performed based on the security properties programmed in the high-level security language. Optimization of the hardware security logic can involve removing circuitry that may be deemed unnecessary in the design or operation of hardware security logic and [0039] - The generated hardware security logic, implementing the security properties, is thereafter enabled 135 and used for various analysis and design techniques. ...As an example, the analysis and design techniques can be employed to verify that the function of the resulting hardware logic is consistent with one or more security property restrictions and [0040] - According to the disclosed techniques, formal verification 140 can verify the generated hardware security logic against specified security properties that can be checked by formal tools to identify unintentional design flaws (e.g., hardware Trojans that violate the security properties)).

Regarding Claim 5;
Hu disclose the system to Claim 1.
Hu further discloses wherein the machine readable instructions further cause the computing device to at least identify a trigger condition for the trigger circuit for the hardware  (FIG. 5B and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level).

Regarding Claim 7;
Hu disclose discloses the system to Claim 1.
Hu further discloses wherein the HDL code is represented as Verilog code ([0032] - In some implementations, the hardware design can be received as a program received in, or otherwise including, a hardware description language (HDL), such as Verilog, SystemVerilog, Very High speed integrated circuit Hardware Description Language (VHDL), and Netlist for example).

Regarding Claim 8;
Hu discloses system comprising: 
a computing device comprising a processor and a memory ([0095] and [0097]); and 
machine readable instructions stored in the memory that, when executed by the processor ([0095] and [0097]), cause the computing device to at least 
load a file comprising hardware description language (HDL) code for an intellectual property core ([0086] - According to the embodiments, a data processing apparatus (shown in FIG. 8) can be employed for performing the functions of the described process. A hardware design for an IC chip implementation, for example, is received 701. Receiving the hardware design can include generating a source code including multiple variables, using a HDL, for instance, to specify the circuit configuration and [0095]); 
([0028] - A simple example system has two labels: public and secret. A policy for the example system specifies that any data labeled as secret (e.g., an encryption key) should not affect or flow to any data labeled as public (e.g., a malicious process). Information flow tracking can also be extended to more complex policies and labeling systems and [0032] - In the implementations, receiving the hardware design can involve specifying an implementation for an electronic circuit or microprocessor for example, including the components, connectivity, flow of information between components, and logical arrangements. The hardware design can describe the circuit using various degrees of abstraction, including but not limited to: gate level, Register Transfer Level (RTL) level, algorithmic level, and behavioral levels and [0037] and [0086]);
 perform a integrity verification of the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties); 
detect a integrity violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties) wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset ([0027] - Information flow tracking (IFT) is a technique usable in secure systems to ensure that secrecy and/or integrity of information is tightly controlled. Given a policy (i.e., integrity policy) specifying the desired information flows, such as one requiring that secret information should not be observable by public objects, information flow tracking helps detect whether or not flows violating this policy are present and [0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity). In the implementations, security properties received in high-level security languages can be translated, for example during RTL synthesis, into a security hardware logic, for example at the gate level and [0044] - For example, the hardware security design 200 can be implemented as a GLIFT logic. According to the embodiments, the hardware security design 200 can include a set of inputs 205 and outputs 206 corresponding to input ports and output ports, respectively, included in the configuration of the hardware security logic. Additionally, in some implementations, the inputs 205 and outputs 206 can be represented as one or more variables used in mechanisms for specifying a hardware design, for example a HDL and [0047] - In some embodiments, security properties 213 specifying information flow restrictions for a hardware design can be further specified as one or more security lattices 220 (i.e., integrity verification) and [0049] - As an example, the structure of security lattice 220 includes a two label hierarchical arrangement indicating that Output, label 225, flowing to Input, label 224, is a secure information flow that is allowed according to the security property 213. A violation (i.e., integrity violation) of the security property 213 can include a conversely occurring instance of Input, which is the more restricted label 224, flowing to Output label 225. Accordingly, in some implementations, a security hardware logic implementing an information flow violating one or more specified security properties 213 can be detected and [0060] - In some implementations, security property 440 can specify certain confidentiality properties. For example, a confidentiality property can require that secret information never leak to an unclassified domain. A security property 440 can additional specify integrity property. As another example, an integrity property requires that untrusted data never be written to a trusted location).
identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan ([0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0086] – (e.g., hardware Trojan) detection... In some cases, the hardware associated with the hardware design received at 701 can include a Trojan having malicious behaviors that potentially affect the security of information flow (e.g., leaking key bits) and [0092] – fail and [0094]); and 
identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]); and
initiate extraction of the trigger circuit for the hardware Trojan ([0038] - According to an embodiment, optimizing the security logic of the hardware design 130 is performed based on the security properties programmed in the high-level security language. Optimization of the hardware security logic can involve removing circuitry that may be deemed unnecessary in the design or operation of hardware security logic and [0039] - The generated hardware security logic, implementing the security properties, is thereafter enabled 135 and used for various analysis and design techniques. ...As an example, the analysis and design techniques can be employed to verify that the function of the resulting hardware logic is consistent with one or more security property restrictions and [0040] - According to the disclosed techniques, formal verification 140 can verify the generated hardware security logic against specified security properties that can be checked by formal tools to identify unintentional design flaws (e.g., hardware Trojans that violate the security properties)).





Regarding Claim(s) 12 and 14; claim(s) 12 and 14 is/are directed to a/an system similarly claimed to the system of Claim(s) 5 and 7. Claim(s) 12 and 14 is/are similar in scope to claim(s) 5 and 7; and is/are therefore rejected under similar rationale.

Regarding Claim(s) 15 and 19; claim(s) 15 and 19 is/are directed to a/an method similarly claimed to the system of Claim(s) 8 and 12 and 14. Claim(s) 15 and 19 is/are similar in scope to claim(s) 8, 12 and 14; and is/are therefore rejected under similar rationale.
















Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 2, 9 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2018/0032760 A1) in view of Kalinin et al. (US 2018/0032745 A1)

Regarding Claim 2;
Hu disclose the system to Claim 1.
([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0058] - As illustrated in FIG. 4A, GLIFT can be employed as the IFT technology. In this case GLIFT can precisely measures and controls all logical flows from Boolean gates. Moreover, GLIFT can be used to craft secure hardware architectures and detect security violations from timing channels. Also, GLIFT can be used to formally verify that an information flow adheres to security properties related to confidentiality and integrity).
Hu fails to fails to explicitly disclose further discloses wherein the machine readable instructions that cause the computing device to at last identify the malicious observation point further cause the computing device to at least perform an intersect analysis of fan-in elements of valid observation points.
However, in an analogous art, Kalinin teaches wherein [a] machine readable instructions that cause [a] computing device to at last identify the malicious observation point further cause the computing device to at least perform an intersect analysis of fan-in elements of valid observation points (Kalinin, [0016] - determining whether an application associated with the process is malicious based on the analysis of the one or more intersections between the region and the at least one graphic interface associated with the process and [0050] - In one exemplary aspect, during the aforementioned analysis the intersection analysis module 140 compares the location of the regions of all elements of the graphic interface 115 of the processes 120 being executed on the computing device with the location of the region 125 determined by the intercept module 130).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kalinin to the system of Hu to include wherein [a] machine readable instructions that cause [a] computing device to at last identify the malicious observation point further cause the computing device to at least perform an intersect analysis of fan-in elements of valid observation points. Further a person of ordinary skill in the art to use exemplary rationale to support a conclusion of obviousness, such rationale, i.e., combining prior art elements according to known methods to yield predictable results;  simple substitution of one known element for another to obtain predictable results; "obvious to try" – choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success to predict a result in which the teachings of Kalinin’s intersect analysis can be predictably combined to the teachings of Hu to thereby achieve a result/solution that would read on the claim limitation.  One would have been motivated to combine the teachings of Kalinin to Hu to provide users with a means for blocking access to protected information... (Kalinin, [0002] and [0006]).

Regarding Claim(s) 9; claim(s) 9 is/are directed to a/an system similarly claimed to the system of Claim(s) 2. Claim(s) 9 is/are similar in scope to claim(s) 2; and is/are therefore rejected under similar rationale.

Regarding Claim(s) 16; claim(s) 16 is/are directed to a/an method similarly claimed to the system of Claim(s) 9. Claim(s) 16 is/are similar in scope to claim(s) 9; and is/are therefore rejected under similar rationale.

Claims 3, 4, 10, 11, 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2018/0032760 A1) in view of Franke et al. (US 9,319,420 B1).

Regarding Claim 3;
Hu discloses the system to Claim 1.
Hu further discloses wherein the machine readable instructions that cause the computing device to at least identify the trigger circuit for the hardware Trojan further cause the computing device to at least determine that a state register linked to the malicious observation point ... ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]).
Hu fails to explicitly disclose determine ...the malicious observation point comprises a feedback loop.
(Franke, col. 8, lines 52-64 - The feedback loop information can be valuable to the number of sources and the CIC. For example, the feedback loop can help identify sources that are compromised. For example, a known source (e.g., a source that is known to be a source for intelligence information, etc.) can be compromised by malicious security threat events and provide false intelligence information.)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Franke to the system of Hu to include determine ...the malicious observation point comprises a feedback loop. Further a person of ordinary skill in the art to use exemplary rationale to support a conclusion of obviousness, such rationale, i.e., combining prior art elements according to known methods to yield predictable results;  simple substitution of one known element for another to obtain predictable results; "obvious to try" – choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success to predict a result in which the teachings of Franke’s feedback loop can be predictably combined to the teachings of Hu observation point to thereby achieve a result/solution that would read on the claim limitation.  One would have been motivated to combine the teachings of Franke to Hu to provide users with a means for helping identify sources that are compromised (Franke, col. 8, lines 52-64).





Regarding Claim 4;
Hu and Franke disclose the system to Claim 3.
Hu further discloses wherein the machine readable instructions further cause the computing device to at least retrieve the functionality of a finite state machine linked to the state register ([0029] - The process is similar to a technology mapping, where each gate in the system is mapped to specific GLIFT logic. The result is a gate-level design of a finite state machine (FSM) that contains both the original logic and tracking logic. The resulting design equipped with tracking logic can be tested for information flows. To test for implicit timing flows, GLIFT accounts for all possible combinations of tainted data bits, and allows information flows to be observed and [0094] - In some embodiments, based on the formal verification's determination of pass or fail, additional operations can be performed, including but not limited to: generating a counterexample, functional testing (on GLIFT logic), and determining exact Trojan behavior.).

Regarding Claim(s) 10 and 11; claim(s) 10 and 11 is/are directed to a/an system similarly claimed to the system of Claim(s) 3 and 4. Claim(s) 10 and 11 is/are similar in scope to claim(s) 3 and 4; and is/are therefore rejected under similar rationale.

Regarding Claim(s) 17 and 18; claim(s) 17 and 18 is/are directed to a/an method similarly claimed to the system of Claim(s) 10 and 11. Claim(s) 17 and 18 is/are similar in scope to claim(s) 10 and 11; and is/are therefore rejected under similar rationale.


	

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.