DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings

The drawings (Figures 1 and 2) are objected to as failing to comply with 37 CFR 1.84(p) (4) because reference character 160 in Figure 1 is referred to as “a hash MAC generation function” of a sender client in that takes in the “actual key” reference character 120A in the beginning of Figure 1 then is transmitted over a communication network to a “recipient client” (Par. (0015)) with another “hash MAC generation function” that takes in the “envelope key” reference character 120B in the bottom of Figure 1. Applicant using two of the same reference characters from sender to recipient that does not follow the pattern they have already provided with other reference characters. In figure 2 reference character 250 “a computing device” is used twice as the same reference character over the network. 
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is 

Specification

Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because applicant uses the legal terminology of “Embodiments of the present invention” on line 1 and “In an embodiment of the invention” on Line 3. Applicant should refrain from using such terminology in the abstract.
Correction is required.  See MPEP § 608.01(b).

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1-9 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

The applicant in claims 1, 4, and 7 also states “performing decryption in constant time of the cipher text using one of two different keys,” but then goes on to state “and a second for unauthenticated encryption comprising a dummy key”. This creates confusion and becomes unclear due to the fact the applicant states the performance of a decryption process and yet includes encrypting as well. It becomes unclear if the applicant truly means a decrypting process while still having encrypting 

Regarding claims 2-3, 5-6, 8 and 9;  Claims 2-3, 5-6, 8 and 9 are dependent on claim 1, 4 or 7, and therefore inherit 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, issues of the independent claims.











Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 

Claims 1-2, 4-5, and 7-8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cech U.S Pub. No. 20170141912 and Roth U. S Pub. No.  20140229737 in further view of Sugahara US 20170026169.

In regards to Claim 1, Cech teaches a method for side-channel attack mitigation in streaming encryption, the method comprising: (Par. (0008) “a method for protecting a computer system from side-channel attacks when using an encryption or decryption method for data packets of a data stream”) reading into a decryption process executing in memory of a computer, an input stream; (Par.(0018) “A computer system for performing the method in accordance with the invention comprises at least one encryption or decryption unit, a further computing unit arranged serially thereto with respect to a data stream”; computer reading and executing a decryption process in regards to a data (input) stream).
However Cech does not teach extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key; a first for authenticated decryption comprising the wrapped key.
Wherein Roth teaches extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key; (Par. (55) lines 9-13 “ to perform cryptographic operations, such as by receiving plaintext from a data service frontend and providing cipher text in return or providing ). a first for authenticated decryption comprising the wrapped key, (Par (72) lines 24-29 “The cryptographic service can determine whether the authentication proof is sufficient to allow the operation and, if the authentication proof is sufficient, decrypt the envelope key. The decrypted envelope key can be sent back to the data service, which can use the key to decrypt the encrypted plaintext; authenticated decryption of wrapped envelope key).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roth to the side-channel mitigation teachings of Cech because of the analogous concept of streaming encryption over a network to decrypt confidential information. Roth includes a method of extracting an encryption envelope, cipher text, a wrapped key, and authenticating as well as decrypting that key. Roth provides a way of strengthening the protection of the cipher text and data. This allows information passes over the network to establish a secure channel that is unlikely to be compromised or altered and in return preventing various attacks such as side-channel from hackers trying access the system of users. This 
The motivation to combine these reference is because to prevent or mitigate side-channel attacks that are based on time or leakage of data it becomes even more significant to create a line of exchange that cannot be targeted or predicted (Roth Par. (0005) “In modern security-critical applications, “side-channel attacks” (SCA) or differential power analysis (DPA) attacks pose an ever greater risk […] Whether, or how easily an attacker can achieve their objective with SCA, is dependent on the physical implementation of a cryptographic function.). It is described that the longer attackers have to analyze different keys the less likely of risk in possible attacks, this creates a solution for a sender and recipient to have assurance that the encrypted information is safe.
However Cech and Roth do not teach performing decryption in constant time of the cipher text using one of two different keys and a second for unauthenticated encryption comprising a dummy key, with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text.
Wherein Sugahara teaches performing decryption in constant time of the cipher text using one of two different keys (Par. 30 “ The power consumption characteristic of the second cryptographic module is effectively hidden by causing the first cryptographic module to perform a dummy operation in the first period in which only the second cryptographic module performs a normal operation”; both operations )), and a second for unauthenticated encryption comprising a dummy key, (Par. (0061) “to perform a normal operation to encrypt and decrypt data to be transmitted and received between the host device and the memory device, a third cryptographic module configured to perform a dummy operation based on dummy key”; encryption using dummy key), with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text. (Par. 30 “ The power consumption characteristic of the second cryptographic module is effectively hidden by causing the first cryptographic module to perform a dummy operation in the first period in which only the second cryptographic module performs a normal operation”; both operations represent no different in timing of execution during the decryption.), (Par. 31 “ the control circuit is configured to cause both of the first cryptographic module and the second cryptographic module to perform a normal operation concurrently”; occurrence in the same time period or duration (constant time)) , (Par. (0066)  “third cryptographic module to perform a dummy operation in a period in which both of the first cryptographic module and the 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sugahra to the side-channel mitigation to the teachings of Cech and the extraction of a wrapped envelope key, cipher text and the authenticating and decryption of that key of Roth because of the analogous concept of side-channel attack prevention and the use of cryptography. Sugahara includes a method of constant time decryption with no difference in timing of the other operations while using a dummy key for the unauthenticated portion of data. It is vital to incorporate a dummy operation because it will lead to attackers trying to anticipate the timing of information or leaks in side-channel attacks/ Differential Power Analysis (DPA) attacks. By attackers being thinking they have some sort of secret or confidential key to access important data generation it will  lead to the possibility that the attacker conducts a useless work of identifying the dummy input data by an analysis and never actual find the confidential data that was protected. This in return keep the user out of harm of malicious attacks such as side-channel attacks. The importance of the dummy key provided by Sugahara ensures protection from attackers and limits the chances significantly of compromised or predicted data. This assures the exchange between two parties and ultimately leads to the efficient flow of data. 
The motivation to combine these references is because it creates a solution for side channel attacks that protect the confidentiality of communication in constant time (Sugahara Par. (0006) “Threats of side channel attacks are increasing, in an attempt to illicitly obtain secret information such as secret keys by observing these operational 


In regards to claim 2, Cech teaches reading from the input stream, a message authentication code (MAC) and generating a MAC for the encryption envelope; (Par. (0008) “ The further computing operations may also, additionally or alternatively, form part of other sequential methods that are in any event provided, such as part of an algorithm for message authentication via a message authentication code (MAC) to mask the encryption or decryption operation.; data stream (input stream) contains and reads MAC), (Par. (0009) “MAC algorithms require two input parameters, firstly the data to be protected and secondly a secret key and, based on these, calculate a checksum, the message authentication code.”; MAC contains stored encrypted key)
authenticating the encryption envelope by comparing both MACs; (Par. (0009) “The sender and receiver agree a secret key for this purpose. The sender calculates a MAC for this key and the message, and then sends the message and MAC to the receiver. The receiver calculates the MAC for the received message using the key and compares the calculated MAC with the received MAC. Matching of the two 
However Cech does not teach on condition that the encryption envelope passes authentication, utilizing the wrapped key to decrypt the cipher text, but on condition that the encryption envelope fails authentication,
Wherein Roth teaches on condition that the encryption envelope passes authentication, utilizing the wrapped key to decrypt the cipher text, (Par. (0071) “the encrypted envelope key (or an identifier for the encrypted envelope key) authentication proof, and an identifier of the master key used to encrypt the envelope key to the cryptographic service. The cryptographic service can determine whether the authentication proof is sufficient to allow the operation and, if the authentication proof is sufficient, decrypt the envelope key. The decrypted envelope key can be sent back to the data service, which can use the key to decrypt the encrypted plaintext.”; wrapped envelope key used to decrypt encrypted plaintext (cipher text)).
(Par. (0085) “receiving 1016 the decrypted envelope key from the cryptography service. For example, if the cryptography service determines that the authentication proof is valid and/or that decryption of the encrypted is allowable according to any applicable policies, the cryptography service may provide the decrypted key to a system attempting to decrypt the data object. The data object may then be decrypted 1018 using the decrypted envelope key.”; condition that envelope key is successfully authenticated to decrypt data), 
but on condition that the encryption envelope fails authentication, (Par. (0068) “Other information, such as an indication of whether or not authentication was successful, may also be transmitted […] For example, if authentication was not authentic, the authentication response so indicates and the determination 408 may be made accordingly.”; envelope key is not authenticated or fails to successfully authenticate)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roth to the side-channel mitigation, the reading and generation of a MAC for encryption and authenticating the encryption by comparing both MAC’s teachings of Cech because of the analogous concept of streaming encryption over a network to decrypt confidential information. Roth includes a condition that if the encryption passes authentication the wrapped key would decrypt the cipher text as well as a condition if the encryption fails the authentication. This provides a system of checks and assurance for the user that only when the authentication is successful and passes the corresponding wrapped key will then decrypt the information and nothing can impeded or disrupt the exchange of information to its intended recipient. This allows for the steady flow of secure communication that also cannot be modified due to the level of authentication and the matching of the correct key being able to decrypt the correct set of information. This leads to no misunderstanding in the exchange and protects the information from possible hackers trying to predict the timing of the exchange. By indicating the failure of authentication is allows the protection to react and not allow the passing or continuous of that data in its path. This in turn strengthens the system between users communicating within a network by protecting 
The motivation to combine these reference is because they provide a level of accountability for the user and a method of comparing the corresponding successful authentication with the rightful information (Roth Par. (0005) “In modern security-critical applications, “side-channel attacks” (SCA) or differential power analysis (DPA) attacks pose an ever greater risk […] Whether, or how easily an attacker can achieve their objective with SCA, is dependent on the physical implementation of a cryptographic function.). It is described that the longer attackers have to analyze different keys the less likely of risk in possible attacks. This ensures the exchange between parties cannot be compromised or defected in any way and provides a solution for possible side-channel attacks. 
However Cech and Roth do not teach the method of claim 1, wherein the decryption in constant time comprises: generating the dummy key that differs from the wrapped key; utilizing the dummy key to decrypt the cipher text; and, returning the decrypted cipher text as output of the decryption process.
Wherein Sugahara teaches generating the dummy key that differs from the wrapped key; (Par. (0098) “The session key generation circuit 42 functions as a temporary data generation circuit that generates a session key D12 as temporary data, on the basis of key information (secret key K11 or dummy key K12)”; dummy key differs from encrypted secret key that is linked with the session key and temporary data (wrapped)), (Par. (0104) “the session key generation circuit 42 performs a dummy 
utilizing the dummy key to decrypt the cipher text; and,  returning the decrypted cipher text as output of the decryption process. (Par.(0151) “The data generated in the dummy operation of the cryptographic module 134 may be deleted in the memory device 3, or may be output from the memory device 3 as dummy data; dummy operation includes decryption that outputs decrypted dummy data (text)).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sugahara to the side-channel mitigation, reading and generation of a MAC, and authenticating the encryption by comparing both MACs teachings of Cech and the condition that the encryption passes or fails the authentication teachings of Roth because of the analogous concept of side-channel attack prevention and the use of cryptography. Sugahara includes a dummy key that is different than the wrapped key and utilizes the dummy key to decrypt the cipher text returning an output of that decrypted cipher text. This creates a level of dissention within attackers. This protects the system because while attackers preoccupied trying to predict exposure and attack, the rightful key that is wrapped and more confined will be safely transmitted to its corresponding recipient. By utilizing the wrongful key and outputting invalid content this takes precious time wasted on the attack with invalid content while preserving the right data that is not decrypted until it is matched with the correct key. This process that is done in constant time makes it unpredictable for attackers to use side-channel or Differential Power Analysis (DPA) attacks.


In regards to Claim 4, Cech teaches a streaming decryption data processing system comprising:  a host computer comprising memory and at least one processor; a decryption process executing in the memory of the host computer and performing decryption of input streams; and (Par. (0008) “a computer system from side-channel attacks when using an encryption or decryption method for data packets of a data stream,”; computer program to execute decryption process of data (input) streams), (Par. (0028) “a computer system according to the invention, where only those units of the computer system which are essential to the invention are shown, a side-channel attack mitigation module comprising computer program code executing in the memory of the host computer, the program code during execution being operable in streaming encryption to perform: (Par. 12 (“In the case of encryption, the data stream is ideally subjected firstly to the encryption method and then subjected to the further computing operations, in particular the error-correction method”; computer program code is error correction method that executes the streaming encryption and decryption and prevent side-channel attacks), ((Par 0013 “ “Error-correcting code” (ECC) methods may be used as the error-correction method. An error-correcting code method is an algorithm for expressing a sequence of numbers”; EEC is programmable executed code that corresponds with streaming encryption/ decryption to prevent side-channel attacks).
reading in input stream into the decryption process; (Par.(0018) “A computer system for performing the method in accordance with the invention comprises at least one encryption or decryption unit, a further computing unit arranged serially thereto with respect to a data stream”; computer reading and executing a decryption process in regards to a data (input) stream).
However Cech does not teach extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key; a first for authenticated decryption comprising the wrapped key.
Wherein Roth teaches extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key; (Par. (55) lines 9-13 “ to perform cryptographic operations, such as by receiving plaintext from a data service frontend and providing cipher text in return or providing envelope keys to services, so that the services can use the envelope keys to perform encryption operations.”; obtaining cipher text and encryption envelope) , (Par. (64) lines 8-16 “ After the envelope key is generated, the cryptographic service can encrypt the envelope key with the master key specified in the API call and cause the encrypted envelope key to be persistently stored (e.g., by storing the encrypted key in a storage service or some other durable storage) or discarded. In addition, the cryptographic service can send a plaintext version of the envelope key as well as and the encrypted envelope key to the data service frontend”; envelope encryption key is wrapped with master key). a first for authenticated decryption comprising the wrapped key, (Par (72) lines 24-29 “The cryptographic service can determine whether the authentication proof is sufficient to allow the operation and, if the authentication proof is sufficient, decrypt the envelope key. The decrypted envelope key can be sent back to the data service, which can use the key to decrypt the encrypted plaintext; authenticated decryption of wrapped envelope key).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roth to the side-channel mitigation teachings of Cech because of the analogous concept of streaming encryption over a network to decrypt confidential information. Roth includes a method of extracting an encryption envelope, cipher text, a wrapped key, and authenticating as well as decrypting that key. Roth provides a way of strengthening the protection of the cipher text and data. This allows information passes over the network to establish a secure 
The motivation to combine these reference is because to prevent or mitigate side-channel attacks that are based on time or leakage of data it becomes even more significant to create a line of exchange that cannot be targeted or predicted (Roth Par. (0005) “In modern security-critical applications, “side-channel attacks” (SCA) or differential power analysis (DPA) attacks pose an ever greater risk […] Whether, or how easily an attacker can achieve their objective with SCA, is dependent on the physical implementation of a cryptographic function.). It is described that the longer attackers have to analyze different keys the less likely of risk in possible attacks, this creates a solution for a sender and recipient to have assurance that the encrypted information is safe.
However Cech and Roth do not teach performing decryption in constant time of the cipher text using one of two different keys and a second for unauthenticated encryption comprising a dummy key, with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text.
Wherein Sugahara teaches performing decryption in constant time of the cipher text using one of two different keys (Par. 30 “ The power consumption characteristic of the second cryptographic module is effectively hidden by causing the )), and a second for unauthenticated encryption comprising a dummy key, (Par. (0061) “to perform a normal operation to encrypt and decrypt data to be transmitted and received between the host device and the memory device, a third cryptographic module configured to perform a dummy operation based on dummy key”; encryption using dummy key), with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text. (Par. 30 “ The power consumption characteristic of the second cryptographic module is effectively hidden by causing the first cryptographic module to perform a dummy operation in the first period in which only the second cryptographic module performs a normal operation”; both operations represent no different in timing of execution during the decryption.), (Par. 31 “ the control circuit is configured to cause both of the first cryptographic module and the second cryptographic module to perform a normal operation concurrently”; occurrence in the same time period or duration (constant time)) (Par. (0066)  “third cryptographic module to perform a 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sugahra to the side-channel mitigation to the teachings of Cech and the extraction of a wrapped envelope key, cipher text and the authenticating and decryption of that key of Roth because of the analogous concept of side-channel attack prevention and the use of cryptography. Sugahara includes a method of constant time decryption with no difference in timing of the other operations while using a dummy key for the unauthenticated portion of data. It is vital to incorporate a dummy operation because it will lead to attackers trying to anticipate the timing of information or leaks in side-channel attacks/ Differential Power Analysis (DPA) attacks. By attackers being thinking they have some sort of secret or confidential key to access important data generation it will  lead to the possibility that the attacker conducts a useless work of identifying the dummy input data by an analysis and never actual find the confidential data that was protected. This in return keep the user out of harm of malicious attacks such as side-channel attacks. The importance of the dummy key provided by Sugahara ensures protection from attackers and limits the chances significantly of compromised or predicted data. This assures the exchange between two parties and ultimately leads to the efficient flow of data. 
The motivation to combine these references is because it creates a solution for side channel attacks (Sugahara Par. (0006) “Threats of side channel attacks are increasing, in an attempt to illicitly obtain secret information such as secret keys by 


In regards to Claim 5, the teachings of Cech, Roth, and Sugahara address all the limitation discussed and are rejected under the same grounds. 

In regards to Claim 7, Cech teaches a computer program product for side-channel attack mitigation in streaming encryption, the computer program product including a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a device to cause the device to perform a method including: (Par (0002) “to a computer system, a computer program product and a method for protecting a computer system from side-channel attacks when using an encryption or decryption method for data packets of a data stream”), (Par (0028) “a computer system according to the invention, where only reading into a decryption process executing in memory of a computer, an input stream; (Par.(0018) “A computer system for performing the method in accordance with the invention comprises at least one encryption or decryption unit, a further computing unit arranged serially thereto with respect to a data stream”; computer reading and executing a decryption process in regards to a data (input) stream).
However Cech does not teach extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key; a first for authenticated decryption comprising the wrapped key.
Wherein Roth teaches extracting from the input stream both an encryption envelope and cipher text and extracting from the encryption envelope, a wrapped key; (Par. (55) lines 9-13 “ to perform cryptographic operations, such as by receiving plaintext from a data service frontend and providing cipher text in return or providing envelope keys to services, so that the services can use the envelope keys to perform encryption operations.”; obtaining cipher text and encryption envelope) (Par. (64) lines 8-16 “ After the envelope key is generated, the cryptographic service can encrypt the envelope key with the master key specified in the API call and cause the encrypted envelope key to be persistently stored (e.g., by storing the encrypted key in a storage service or some other durable storage) or discarded. In addition, the cryptographic service can send a plaintext version of the envelope key as well as and the encrypted envelope key to the data service frontend”; envelope encryption key is wrapped with ). a first for authenticated decryption comprising the wrapped key, (Par (72) lines 24-29 “The cryptographic service can determine whether the authentication proof is sufficient to allow the operation and, if the authentication proof is sufficient, decrypt the envelope key. The decrypted envelope key can be sent back to the data service, which can use the key to decrypt the encrypted plaintext; authenticated decryption of wrapped envelope key).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roth to the side-channel mitigation teachings of Cech because of the analogous concept of streaming encryption over a network to decrypt confidential information. Roth includes a method of extracting an encryption envelope, cipher text, a wrapped key, and authenticating as well as decrypting that key. Roth provides a way of strengthening the protection of the cipher text and data. This allows information passes over the network to establish a secure channel that is unlikely to be compromised or altered and in return preventing various attacks such as side-channel from hackers trying access the system of users. This provides assurance for users that the likelihood of risk of attack on their data is reduced significantly and the free flow and exchange of information is unhindered. By implementing a wrapped key the confidentiality of the input that is streamed becomes even more protected. 
The motivation to combine these reference is because to prevent or mitigate side-channel attacks that are based on time or leakage of data it becomes even more significant to create a line of exchange that cannot be targeted or predicted (Roth Par. (0005) “In modern security-critical applications, “side-channel attacks” (SCA) or 
However Cech and Roth do not teach performing decryption in constant time of the cipher text using one of two different keys and a second for unauthenticated encryption comprising a dummy key, with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text.
Wherein Sugahara teaches performing decryption in constant time of the cipher text using one of two different keys (Par. 30 “ The power consumption characteristic of the second cryptographic module is effectively hidden by causing the first cryptographic module to perform a dummy operation in the first period in which only the second cryptographic module performs a normal operation”; both operations represent no different in timing of execution during the decryption.), (Par. 31 “ the control circuit is configured to cause both of the first cryptographic module and the second cryptographic module to perform a normal operation concurrently”; occurrence in the same time period or duration (constant time)) ,(Par. (0065) “the third cryptographic module to perform a dummy operation in a period in which both of the first cryptographic module and the second cryptographic module perform a normal operation concurrently.”; decryption of data with keys executed in concurrent time of the other operation (constant time)), and a second for unauthenticated encryption comprising a dummy key, (Par. (0061) “to perform a normal operation to encrypt and decrypt data to be transmitted and received between the host device and the memory device, a third cryptographic module configured to perform a dummy operation based on dummy key”; encryption using dummy key), with no difference in timing of execution regardless of which of the two different keys are utilized during decryption of the cipher text. (Par. 30 “ The power consumption characteristic of the second cryptographic module is effectively hidden by causing the first cryptographic module to perform a dummy operation in the first period in which only the second cryptographic module performs a normal operation”; both operations represent no different in timing of execution during the decryption.), (Par. 31 “ the control circuit is configured to cause both of the first cryptographic module and the second cryptographic module to perform a normal operation concurrently”; occurrence in the same time period or duration (constant time)) (Par. (0066)  “third cryptographic module to perform a dummy operation in a period in which both of the first cryptographic module and the second cryptographic module perform a normal operation concurrently”; operation of two keys executed concurrently of each other (in constant time)).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sugahra to the side-channel mitigation to the teachings of Cech and the extraction of a wrapped envelope key, cipher text and the authenticating and decryption of that key of Roth because of the analogous concept of side-channel attack prevention and the use of cryptography. Sugahara includes a method of constant time decryption with no difference in timing of the other operations while using a dummy key for the unauthenticated portion of data. It is vital to incorporate 
The motivation to combine these references is because it creates a solution for side channel attacks (Sugahara Par. (0006) “Threats of side channel attacks are increasing, in an attempt to illicitly obtain secret information such as secret keys by observing these operational conditions by various physical means.), (Par. (0008) “Various circuits are proposed as a countermeasure against the DPA attack [..] so as to eliminate a biased state transition probability, thereby randomizing power consumption to prevent estimation of a cryptographic key.) that protect the confidentiality of communication in constant time ( Sugahara Par. (0032) “concurrently; same time), by these operations occurring within the same time of each other with the use of decrypting real and dummy data (Sugahara Par. (0061) “a third cryptographic module configured to perform a dummy operation based on dummy key information,”)  this puts possible attackers in a bind that are trying to predict the exchange and in return provides a level of assurance and protection for the users.


In regards to Claim 8, the teachings of Cech, Roth, and Sugahara address all the limitation discussed and are rejected under the same grounds. 
Claims 3, 6, and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cech U.S Pub. No. 20170141912, Roth US 9705674 and Sugahara US 20170026169 in further view of Bar-El U.S Pub. No. US 10454674.

In regards to Claim 3, Cech and Roth do not teach but otherwise proceeding to the returning of the decrypted cipher text as the output of the decryption process.
Wherein Sugahara teach but otherwise proceeding to the returning of the decrypted cipher text as the output of the decryption process. (Par.(0151) “The data generated in the dummy operation of the cryptographic module 134 may be deleted in the memory device 3, or may be output from the memory device 3 as dummy data; dummy operation includes decryption that outputs decrypted dummy data (text)).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sugahara to the side-channel mitigation, reading and comparing MAC for authentication teachings of Cech and the extracting wrapped encryption envelope key and cipher text as well as decryption process of that wrapped key teachings of Roth because of the analogous concept of side-channel attack prevention and the use of cryptography. Sugahara includes the returning of the decrypted cipher text as the output of the decryption process. This provides a level of protection within the system because while attackers preoccupied trying to predict 
The motivation to combine these references is by misleading the attacker with not only a false key (Sugahara Par. (0061) “a third cryptographic module configured to perform a dummy operation based on dummy key information,”) but incorrect output of information it leads to a solution and prevention of that possible attack occurring in the exchange of information and discourages possible other attackers from trying to predict the data stream (Sugahara Par. (0006) “Threats of side channel attacks are increasing, in an attempt to illicitly obtain secret information such as secret keys by observing these operational conditions by various physical means.), (Par. (0008) “Various circuits are proposed as a countermeasure against the DPA attack [..] so as to eliminate a biased state transition probability, thereby randomizing power consumption to prevent estimation of a cryptographic key.). This provides a level of protection that cannot be altered and ensures the secure communication between sender and recipient. 
However Cech, Roth and Sugahara do not teach the method of claim 1, performing a MAC verification on the cipher text after decryption and returning a failure code upon failure.
Wherein Bar-El teaches the method of claim 1, performing a MAC verification on the cipher text after decryption and returning a failure code upon failure, (Par. (74) 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Bar-El to the to the side-channel mitigation, reading and comparing MAC for authentication teachings of Cech, the extracting wrapped encryption envelope key and cipher text as well as decryption process of that wrapped key teachings of Roth and the returning of the decrypted cipher text as the output of the decryption process teachings of Sugahra because of the analogous concept of side-channel prevention and the use of cryptography. Bar-El provides a solution to side-channel attacks and leakage with a method of multiple keys and codes that are never used twice and utilizing different keys and different authentication codes. By providing a level of unpredictability along with a system of verification the likelihood of compromised information or attacks is unlikely. Bar- El teaches an indication with a failure return code that is important because it signals users about possible susceptibility of attacks. This system of checks allows the communication between parties to adjust and react in a way to protect their information.
The motivation to combine these references is not only because of the methods to prevent side-channel attacks (Bar-El Par. (129) “In order to achieve tolerance or 

In regards to Claim 6, the teachings of Cech, Roth, Sugahara and Bar-El address all the limitation discussed and are rejected under the same grounds. 

In regards to Claim 9, the teachings of Cech, Roth, Sugahara and Bar-El address all the limitation discussed and are rejected under the same grounds. 

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Margalit; Mordehai (U.S Pub. No. 20140059688 “DETECTION AND MITIGATION OF SIDE-CHANNEL ATTACKS” I chose to review this reference because it is discussed the prevention or mitigation of side-channel attacks and the use of executable code in memory that addressed 
SINGER ARI P (CA Pub. No. 2325113) “A CRYPTOGRAPHIC DEVICE HAVING REDUCED VULNERABILITY TO SIDE-CHANNEL ATTACK AND METHOD OF OPERATING SAME” I chose to review this reference because it dealt with increased security against side-channel attacks such as differential power analysis (DPA) and an encryption key that is transformed with a first function to generate a temporary key as a function of a random number. That in return a message is encrypted with the temporary key to generate a modified message. This topic addressed the leakage over time in side-channel attacks as well and combating those issues.
Courtney; Timothy J (U.S Pub. No.  20180323958) “DEFENDING AGAINST A SIDE-CHANNEL INFORMATION ATTACK IN A DATA STORAGE DEVICE” I chose to review this reference because it deals with a data storage device configured to defend against a side-channel information attack, such as a differential power analysis (DPA) attack as well as a streaming input with encrypted keys and cipher texts.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554.  The examiner can normally be reached on 7:30am-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HASSAN A HUSSEIN/ 
Examiner, Art Unit 2497



/KARI L SCHMIDT/Primary Examiner, Art Unit 2439