DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
2. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3. Claims 1-5,8-12,14-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Van Der Sluis (US Pub.No.2017/0310489) in view of Maher (US Pub.No.2019/0273617).

4.  Regarding claims 1, 10 and 15 Van Der Sluis teaches a method and a system, comprising: performing an enrollment procedure including: issuing a set of enrollment challenges to a client possessing a 
physical-unclonable-function ("PUF") array having a plurality of PUF devices; receiving and storing respective enrollment responses to each of the enrollment challenges generated by the client in a database by measuring physical characteristics of PUF devices belonging to portions of the PUF array specified by each enrollment challenge (abstract and  Para:0008 and teaches an electronic cryptographic device (100) comprising a physically unclonable function ( PUF) (110) and an enrollment unit (142) arranged to generate a first PUF data during the enrollment phase; the first PUF data being derived from a first noisy bit string of the PUF, the first PUF data uniquely identifying the physically unclonable function, the first PUF data 
Para: 0063 teaches the PUF in the cryptographic device is arranged to produce a noisy bit string, also referred to as the response. For example, PUF will be queried, usually referred to as `challenged`, to produce the noisy bit string. When PUF is challenged multiple times, then PUF will produce the noisy bit string multiple times. The noisy bit string will typically not be identical when produced multiple times. The amount of change between subsequently produced noisy bit stings differs between different types of PUF);

selecting, as an authentication challenge, a first enrollment challenge of the set of enrollment challenges; and issuing the authentication challenge to the client (Para:0067 teaches the PUF's physical system is designed such that it interacts in a complicated way with stimuli and leads to unique but unpredictable responses. The stimuli of a PUF are referred to as the challenge. Some PUF allow a larger range of different challenges, producing different responses. A PUF challenge and the corresponding response are together called a Challenge-Response-Pair. The PUF 110 may also be a multiple-challenge PUF. In the latter case, PUF is challenged with the same challenge or set of challenges when producing the noisy bit string, in particular the first and second noisy bit string/or first and second PUF data. Para: 0123-0126 and Para: 0118 teaches determining a match between the stored first helper data and/or first PUF data and the received second helper data and/or second PUF data);

generating a cryptographic public key by determining an expected response to the authentication challenge by retrieving the respective enrollment response corresponding to the first enrollment challenge from the database; and determining the cryptographic public key by 

Van Der Sluis teaches all the above claimed limitations but does not expressly teach publishing the received public key in a ledger of authenticated public keys in response to determining that the authentication response is consistent with the expected response.

Maher teaches publishing the received public key in a ledger of authenticated public keys in response to determining that the authentication response is consistent with the expected response (Para:0169, Para:0270-0272 and Para:0338 teaches publishing the received public key in a ledger based on the match result against the entries in the database).

Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify Van Der Sluis to include publishing the received public key in a ledger, as taught by Maher, since such a set up would yield a 

5.   Regarding claims 2, 11 and 16 Maher teaches wherein the method and the system further comprises authenticating a candidate public key associated with the client to another client by: receiving a verification request containing the candidate public key from the other client; comparing the candidate key with cryptographic public keys associated with the client and stored in the ledger; and transmitting a verification message to the other client indicating that the candidate public key is an authentic public key of the client in response to determining that the candidate public key matches a cryptographic key stored in the ledger and associated with the client (Para:0169, Para:0270-0272 and Para:0338 teaches when a submitter's key is comprised, the compromised keys and keys below it in the authentication chain will be removed from the derived database if those keys were submitted after the compromise. When a party in the secure communication protocol needs to verify a counterparty's key, they will compute the hash of the public key and ID and using a service that accesses the derived database, and will match the result against the entries in the derived database. This operation is done periodically and/or occasionally according to a caching policy. It also includes the use of notification services that can notify a cache agent when any of its keys have been revoked).

6.    Regarding claim 3 Van Der Sluis teaches the method wherein determining that the authentication response is consistent with the expected response comprises determining that a Hamming distance between the received public key and the generated public key is less than a first predetermined maximum distance (Para: 0009 and Para: 0064 teaches PUF 110 produces the noisy bit string at least twice. Once during the enrollment-phase, PUF produces a first noisy bit string. Later during the use-phase PUF produces a second noisy bit string. The first and 
Para: 0114 and Para: 0118-0120 teaches determining that the hamming weight of their difference is less than a threshold).

7.    Regarding claims 4, 12 Van Der Sluis teaches the method and the system wherein, when the Hamming distance between the received public key and the generated public key is at least one, determining that the received authentication response is consistent with the expected response further comprises: generating additional private keys having a Hamming distance less than a second predetermined maximum distance from the expected response and producing additional public keys corresponding to the additional private keys; and determining that one of the additional public keys is identical to the generated public key (Para:0079 and Para: 0083-0087 teaches device 100 comprises a key generator 170 arranged to generate a public key from the first random bit string, the public key corresponding to a private key.
Para: 0009 and Para: 0063-0064 teaches PUF 110 produces the noisy bit string at least twice. Once during the enrollment-phase, PUF produces a first noisy bit string. Later during the use-phase PUF produces a second noisy bit string. The first and second noisy bit strings are sufficiently close to each other, e.g., have low hamming distance or otherwise have high correlation, this can be used to identify the PUF. Para: 0111-0114 and Para: 0116-0120 teaches the first helper data resulting in a hamming weight below the second difference threshold is selected, this is done by generating additional noisy bit string which in turn generate additional private keys having a Hamming distance less than a predetermined maximum distance from the expected response and producing additional public keys corresponding to the additional private keys).



9.   Regarding claims 8 and 19 Van Der Sluis the method and the system wherein transmitting the helper instructions to the client includes transmitting error-correction instructions that produce the expected response when executed upon an authentication response having a Hamming distance less than a predetermined maximum distance from the expected response by the client (Para: 0063-0064 teaches when PUF 110 is challenged multiple times, then PUF 110 will produce the noisy bit string multiple times. The noisy bit string will typically not be identical when produced multiple times. The latter may be resolved by helper data. The amount of change between subsequently produced noisy bit stings differs between different types of PUF; depending on the amount of change an error correcting code will be selected to correct for this amount of error. The noisy bit string is stable enough and long enough to uniquely identify the PUF device. The length of the noisy bit string of the PUF will be chosen with respect to a  During the enrollment-phase, PUF 110 produces a first noisy bit string. Later during the use-phase PUF 110 produces a second noisy bit string. Determine that the first and second noisy bit strings are sufficiently close to each other, e.g., the hamming weight of their difference is less than a threshold).

10.    Regarding claims 9,14 and 20 Van Der Sluis in view of Maher teaches the method and the system, wherein the method further comprises transmitting an index instruction to the client together with the transaction challenge (Maher: Para:0169, Para:0125-0126, Para:0269 -0270 teaches indexing the instructions); and wherein the index instruction is configured to cause the client to: select instructions indicated by the index instruction from a plurality of instructions stored by client, each of the plurality of instructions specifying distinct rules for generating challenge responses from measurements of physical characteristics of respective PUF devices belonging to the PUF array; and execute the selected instructions to generate the transaction challenge response (Van Der Sluis : Para: 0004 teaches the challenge responses is generated from the measurements of physical characteristics of respective PUF devices. Abstract and Para: 0067 teaches the PUF's physical system is designed such that it interacts in a complicated way with stimuli and leads to unique but unpredictable responses. The stimuli of a PUF are referred to as the challenge. Some PUF allow a larger range of different challenges, producing different responses. A PUF challenge and the corresponding response are together called a Challenge-Response-Pair. The PUF 110 may also be a multiple-challenge PUF. In the latter case, PUF is challenged with the same challenge or set of challenges when producing the noisy bit string, in particular the first and second noisy bit string). 

s 6,7,13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Van Der Sluis (US Pub.No.2017/0310489) in view of Maher (US Pub.No.2019/0273617) as applied to claims 1, 5, 12 and 17 above and further in view of NPL (Entitled with “PUF designed with Resistive RAM and Ternary States” by Cambou et.al published on April 2016 [taken from IDS]).

12.    Regarding claims 6, 13 and 18 Van Der Sluis teaches the method and the system, wherein receiving the respective enrollment responses to each of the enrollment challenges includes receiving multiple responses from the client to each enrollment challenge generated by repeated measurements by the client of the PUF devices belonging to the portion of the PUF array specified by each challenge; wherein performing the enrollment procedure further comprises:
receiving, as each challenge response, a set of signals representing physical characteristics of respective PUF devices belonging to portion of the PUF array specified by that challenge, as measured by the client; and recording, for each physical characteristic, a range of values for each signal (Para: 0004 -0006 teaches the challenge responses is generated from the measurements of physical characteristics of respective PUF devices and each measured physical characteristics will have different ranges of data value. Abstract and Para: 0067 teaches the PUF's physical system is designed such that it interacts in a complicated way with stimuli and leads to unique but unpredictable responses. The stimuli of a PUF are referred to as the challenge. Some PUF allow a larger range of different challenges, producing different responses. A PUF challenge and the corresponding response are together called a Challenge-Response-Pair. The PUF 110 may also be a multiple-challenge PUF. In the latter case, PUF is challenged with the same challenge or set of challenges when producing the noisy bit string, in particular the first and second noisy bit string).


assigning a first ternary state to any measured physical characteristic having a value within a first range; and assigning a second ternary state to any measured physical characteristic having a value within a second range of values exclusive of the first range; assigning a third ternary state to any measured physical characteristic having a value within a third range of values exclusive of the first and second ranges.

NPL teaches transmitting the helper instructions to the client includes transmitting rules instructing the client to generate the transactions challenge response by:
assigning a first ternary state to any measured physical characteristic having a value within a first range; and assigning a second ternary state to any measured physical characteristic having a value within a second range of values exclusive of the first range; assigning a third ternary state to any measured physical characteristic having a value within a third range of values exclusive of the first and second ranges (Pages 2-3 under heading  2.1 and 2.2; and Pages 5-6 under the heading 3.2.2  teaches  assigning three states (0, 1, and x), it further teaches the voltage ranges for the three different states. The physical characteristics/ parameters is measured for each cell for the purpose of generating PUF challenges. And testing the stability of the cells and sort out the cells are within three states (solid and/or stable state which are denoted by “0” and “1”; defective and/or blanked state which is denoted by “X”). Page 7 under the heading 3.2.5 teaches assigning a value to each ternary state and assigning a threshold percentage for the value).

Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify Van Der Sluis in view of Maher to include 

13.    Regarding claim 7 Van Der Sluis teaches the method, wherein receiving the respective enrollment responses to each of the enrollment challenges includes receiving multiple responses from the client to each enrollment challenge generated by repeated measurements by the client of the PUF devices belonging to the portion of the PUF array specified by each challenge; wherein performing the enrollment procedure further comprises: receiving, as each challenge response, a set of signals representing physical characteristics of respective PUF devices belonging to the PUF array specified by that challenge, as measured by the client; and recording, for each physical characteristic, a range of values (Para: 0004 -0006 teaches the challenge responses is generated from the measurements of physical characteristics of respective PUF devices and each measured physical characteristics will have different ranges of data value. Abstract and Para: 0067 teaches the PUF's physical system is designed such that it interacts in a complicated way with stimuli and leads to unique but unpredictable responses. The stimuli of a PUF are referred to as the challenge. Some PUF allow a larger range of different challenges, producing different responses. A PUF challenge and the corresponding response are together called a Challenge-Response-Pair. The PUF 110 may also be a multiple-challenge PUF. In the latter case, PUF is challenged with the same challenge or set of challenges when producing the noisy bit string, in particular the first and second noisy bit string);

Van Der Sluis teaches all the above claimed limitations but does not expressly teach 


NPL teaches assigning a first ternary state to any measured physical characteristic having a value within a first range; and assigning a second ternary state to any measured physical characteristic having a value within a second range of values exclusive of the first range; assigning a third ternary state to any measured physical characteristic having a value within a third range of values exclusive of the first and second ranges  (Pages 2-3 under heading  2.1 and 2.2; and Pages 5-6 under the heading 3.2.2  teaches  assigning three states (0, 1, and x), it further teaches the voltage ranges for the three different states. The physical characteristics/ parameters is measured for each cell for the purpose of generating PUF challenges. And testing the stability of the cells and sort out the cells are within three states (solid and/or stable state which are denoted by “0” and “1”; defective and/or blanked state which is denoted by “X”). Page 7 under the heading 3.2.5 teaches assigning a value to each ternary state and assigning a threshold percentage for the value);

 and wherein transmitting the helper instructions to the client includes transmitting masking instructions causing the client to exclude PUF devices having measured physical characteristics assigned to the third ternary state when generating the transaction response (Pages 2-3 under heading 2.1 and 2.2; and Pages 5-6 under the heading 3.2.2 teaches assigning three states (0, 1, and x),  testing the stability of the cells and sort out the cells are within three states (solid and /or stable which are denoted by “0” and “1”; defective and/or blanked which is denoted by “X”). 

Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify Van Der Sluis in view of Maher to include assigning three different ternary state to any measured physical characteristic having a value within a range, as taught by Cambou (NPL), since such a setup would enhance the strength of PUFs generated memory devices by the usage of ternary states, thereby reducing the need for additional Error detection and Error Correction (ECC).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506.  The examiner can normally be reached on Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access 






/DEREENA T CATTUNGAL/            Examiner, Art Unit 2431