DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Amendment filed on 3/30/2021.
In the instant Amendment, claim 1, 8 and 15 have been amended; claims 3, 10 and 17 have been canceled; claims 1, 8 and 15 are independent claims. Claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18 and 19 have been examined and are pending. This Action is made Final. 

Response to Arguments
Applicants’ arguments with respect to 35 U.S.C. 101 and 35 U.S.C. 103 filed on 3/30/2021 with respect to limitations listed below, have been fully considered but they are not persuasive.
Regarding 35 U.S.C. 101:
Applicants’ Argue:  Claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 are patent-eligible under Step 2A or Step 2B of the USPTO’s patent-eligibility analysis because claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 recite a technical solution to a technical problem. In the discussion of whether a claim is directed to patent-ineligible subject matter under Step 2A, MPEP § 2106.04(a)(1) states that “claims that are directed to improvement in computer functionality or other technology are not abstract.” The MPEP further states that “when making the determination of whether a claim is directed to an abstract idea, examiners should keep in mind that some inventions pertaining to improvement in computer functionality or to improvements in other technologies are not abstract when appropriately claimed, and thus may be eligible at Step 2A.” Id. Moreover, even if claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 were considered to be directed to an “abstract idea,” a characterization with which Applicant respectfully disagrees, claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 would still be patent-eligible because they would amount to “significantly more” than an abstract idea. As stated in MPEP § 2106.05(a) “[a]n indication that the claimed invention provides an improvement [to the functioning of a computer or to any other technology of technical field] can include a discussion in the specification that identifies a technical problem and explains the details of an unconventional technical solution expressed in the claim, or identifies technical improvements realized by the claim over the prior art.” Claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 are patent-eligible under both steps 2A and 2B... Because Applicant is claiming a technical solution to a technical problem, claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 are not abstract. Even if they were found to be directed to an abstract idea, they would still be patent-eligible because they amount to significantly more than any alleged abstract idea. Accordingly, Applicant respectfully requests that the rejections of claims 1, 2, 4, 5, 7-9, 11, 12, 14-16, 18, and 19 under 35 U.S.C. § 101 be withdrawn.
Examiner’s Response:  The examiner respectfully disagrees with applicant’s assertion regarding improvement in computer functionality or to improvements in other technologies are not abstract when appropriately claimed.  The examiner notes the limitations as claimed do not provide an improvement [to the functioning of a computer or to any other technology of technical field].  At best the limitations, as drafted, recites a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components.  The examiner noted in Step 2A Prong One that a human mind can load such information of an HDL code for an intellectual property core; preform confidentially verification of the HDL code, detect confidential violations; identify malicious 







Regarding 35 U.S.C. 103:
Applicants’ Argue: The combination of Hu and Franke fails to disclose the subject matter of amended claim 1. Amended claim 1 recites in part “determine that a state register linked to the malicious observation point comprises a feedback loop.” The Office Action (p. 29) alleges that “Hu further discloses...determine that a state register linked to the malicious observation point” at paragraphs [0029], [0055], [0059], and [0094], but admits that “Hu fails to explicitly disclose determine...the malicious observation point comprises a feedback loop.” However, the Office Action (p. 30) alleges that “Franke teaches determine...the malicious observation point comprises a feedback loop” at column 8:52-64. Applicant respectfully disagrees... First, Applicant notes that the plain language amended claim 1 and previously presented claim 3 shows that the "state register... comprises a feedback loop." The "state register" is also "linked to the malicious observation point." But the "malicious observation point" is not a "feedback loop". Given the plain language of amended claim 1, it is clear that neither Hu nor Franke, alone or in combination, disclose at least this subject matter.  First, Applicant notes that Hu fails to disclose the "state register... comprises a feedback loop" or that the "state register" is also "linked to the malicious observation point." .... Therefore, Hu fails to disclose the subject matter of "determine that a state register linked to the malicious observation point comprises a feedback loop," as recited in amended claim 1... Second, Applicant notes that Franke  fails to  disclose  the  "state register... comprises a feedback loop" or that the "state register" is also "linked to the malicious observation point." While Franke does discuss the concept of feedback loops, the feedback loops disclosed in Franke are not related to a "state register" in a circuit.... In each of these instances, Franke is using a "feedback loop" to share cyber threat intelligence data between sources. Franke does not disclose that a hardware "state register" of a circuit that is also "linked to the malicious observation point" additionally "comprises a feedback loop." Therefore, Franke also fails to disclose the subject matter 14 of "determine that a state register linked to the malicious observation point comprises a feedback loop," as recited in amended claim 1.
Examiner’s Response:  The examiner respectfully disagrees. 
In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The examiner respectfully notes it is the combination of Hu in view Franke that disclose the aforementioned feature.  The examiner disagrees with applicant’s and respectfully notes that Hu discloses that the determine that a state register linked to the malicious observation point ... [0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]).  More specifically Hu states that the system is designed for Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and further detect hardware Trojans at the register-transfer level and the gate level.  Thus the malicious observation point is in fact linked to a state register.  The examiner respectfully notes that Franke discloses concepts of ...the malicious observation point comprises a feedback loop (Franke, col. 8, lines 52-64 - The feedback loop information can be valuable to the number of sources and the CIC. For example, the feedback loop can help identify sources that are compromised. For example, a known source (e.g., a source that is known to be a source for intelligence information, etc.) can be compromised by malicious security threat events and provide false intelligence information.)  Therefore the examiner respectfully notes that one of ordinary skill in the art would have realized that a malicious observation point can comprise a feedback look, as it helps identifies sources that are comprised.   The examiner notes this concept can be applied to the GLIFT and analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and further detect hardware Trojans at the register-transfer level and the gate level, as taught by Hu.  Thus a person of ordinary skill in the art, would predict a combination in which the state register... comprises a feedback look, as the link between Hu and Franke is the association of the malicious observation point.  The examiner notes this construction is reasonable in light of the knowledge that one of ordinary skill in the art would possess and further motivation was provided for such a combination.  Therefore this argument is not persuasive.




Applicants’ Argue: This discrepancy between Franke and amended claim 1 is the result of the fact that Franke does not qualify as prior art because it is not analogous art... First, Franke and the subject matter of the pending application are from different fields of endeavor... Second, the subject matter of Franke would not logically commend itself to use by the Applicant for the purposes of the present disclosure... For at least these reasons, Franke does not qualify as analogous art and, therefore, is not prior art. Franke is from a different field of endeavor. Franke also does not logically commend itself to use by the Applicant.  Accordingly, Applicant respectfully submits that amended claim 1 is allowable over both Hu and Franke, alone and in combination.
Examiner’s Response:  The examiner respectfully disagrees. 
In response to applicant's argument that Franke is nonanalogous art, it has been held that a prior art reference must either be in the field of applicant’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the applicant was concerned, in order to be relied upon as a basis for rejection of the claimed invention.  See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992).  In this case, Franke discloses concepts of ...the malicious observation point comprises a feedback loop (Franke, col. 8, lines 52-64 - The feedback loop information can be valuable to the number of sources and the CIC. For example, the feedback loop can help identify sources that are compromised. For example, a known source (e.g., a source that is known to be a source for intelligence information, etc.) can be compromised by malicious security threat events and provide false intelligence information.)  Therefore the examiner respectfully notes that one of ordinary skill in the art would have realized that a malicious observation point can comprise a feedback look, as it helps identifies sources that are comprised.   The examiner notes this concept can be applied to the GLIFT and analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and further detect hardware Trojans at the register-transfer level and the gate level, as taught by Hu.  Thus a person of ordinary skill in the art, would predict a combination in which the state register... comprises a feedback look, as the link between Hu and Franke is the association of the malicious observation point.  The examiner notes this construction is reasonable in light of the knowledge that one of ordinary skill in the art would possess and further motivation was provided for such a combination.  Therefore this argument is not persuasive.


Claim Objections
Claims 4 and 11 are objected to because of the following informalities:  
Regarding Claim 4; claim 4 recites in the preamble “The system of claim 3,” however claim 3 has been cancelled. The examiner suggest for better clarity to further amend the preamble to “The system of claim 1,”.  Appropriate correction is required.

Regarding Claim 11; claim 11 recites in the preamble “The system of claim 10,” however claim 10 has been cancelled. The examiner suggest for better clarity to further amend the preamble to “The system of claim 8,”.  Appropriate correction is required.




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-2, 4-5, 7-9, 11, 12, 14-16, 18 and 19 is/are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. 

Regarding Claim 1 and Claims 8 and 15; Claim 1 and Claims 8 and 15 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more (i.e., detecting hardware Trojans and identifying malicious observation points and a trigger circuit). The claim recites ... load a file comprising hardware description language (HDL) code for an intellectual property core; identify an asset within the intellectual property core; perform a confidentiality verification of the HDL code that represents the asset; detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset, wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset; identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan; determine that a state register linked to the malicious observation point comprises a feedback loop; and identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point, and initiate extraction of the trigger circuit for the hardware Trojan. These limitations, as drafted, recites a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “a computing device comprising a processor and a memory including machine 
This judicial exception is not integrated into a practical application. In particular, the claim recites elements of “a computing device comprising a processor and a memory including machine readable instructions including machine readable instructions” to perform such steps. The “a computing device comprising a processor and a memory including machine readable instructions” in the steps are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
 The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception, as they recite “a computing device comprising a processor and a memory including machine readable instructions” to perform such steps. As discussed above with respect to integration of the abstract idea into a practical application, the 
Regarding Claim(s) 2, 4, 5, 7, 9, 11, 12, 14, 16, 18, and 19; Claim 2, 4, 5, 7, 9, 11, 12, 14, 16, 18, and 19 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons as they additionally recite limitation(s), under its broadest reasonable interpretation, that covers performance of such limitations in the mind but for the recitation of generic computer components.












Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 4, 5, 7, 8, 11, 12, 14, 15, 18, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2018/0032760 A1) in view of Franke et al. (US 9,319,420 B1).

Regarding Claim 1;
Hu discloses system comprising: 
a computing device comprising a processor and a memory ([0095] and [0097]); and 
([0095] and [0097]), cause the computing device to at least 
load a file comprising hardware description language (HDL) code for an intellectual property core ([0086] - According to the embodiments, a data processing apparatus (shown in FIG. 8) can be employed for performing the functions of the described process. A hardware design for an IC chip implementation, for example, is received 701. Receiving the hardware design can include generating a source code including multiple variables, using a HDL, for instance, to specify the circuit configuration and [0095]); 
identify an asset within the intellectual property core ([0028] - A simple example system has two labels: public and secret. A policy for the example system specifies that any data labeled as secret (e.g., an encryption key) should not affect or flow to any data labeled as public (e.g., a malicious process). Information flow tracking can also be extended to more complex policies and labeling systems and [0032] - In the implementations, receiving the hardware design can involve specifying an implementation for an electronic circuit or microprocessor for example, including the components, connectivity, flow of information between components, and logical arrangements. The hardware design can describe the circuit using various degrees of abstraction, including but not limited to: gate level, Register Transfer Level (RTL) level, algorithmic level, and behavioral levels and [0037] and [0086]);
 perform a confidentiality verification of the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties); 
detect a confidentiality violation within the HDL code as a result of performance of the confidentiality verification on the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties) wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset ([0027] - Information flow tracking (IFT) is a technique usable in secure systems to ensure that secrecy and/or integrity of information is tightly controlled. Given a policy (i.e., confidentiality policy) specifying the desired information flows, such as one requiring that secret information should not be observable by public objects, information flow tracking helps detect whether or not flows violating this policy are present and [0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity). In the implementations, security properties received in high-level security languages can be translated, for example during RTL synthesis, into a security hardware logic, for example at the gate level and [0044] - For example, the hardware security design 200 can be implemented as a GLIFT logic. According to the embodiments, the hardware security design 200 can include a set of inputs 205 and outputs 206 corresponding to input ports and output ports, respectively, included in the configuration of the hardware security logic. Additionally, in some implementations, the inputs 205 and outputs 206 can be represented as one or more variables used in mechanisms for specifying a hardware design, for example a HDL and [0047] - In some embodiments, security properties 213 specifying information flow restrictions for a hardware design can be further specified as one or more security lattices 220 (i.e., confidentially verification) and [0049] - As an example, the structure of security lattice 220 includes a two label hierarchical arrangement indicating that Output, label 225, flowing to Input, label 224, is a secure information flow that is allowed according to the security property 213. A violation (i.e., confidentially violation) of the security property 213 can include a conversely occurring instance of Input, which is the more restricted label 224, flowing to Output label 225. Accordingly, in some implementations, a security hardware logic implementing an information flow violating one or more specified security properties 213 can be detected and [0060] - In some implementations, security property 440 can specify certain confidentiality properties. For example, a confidentiality property can require that secret information never leak to an unclassified domain. A security property 440 can additional specify integrity property. As another example, an integrity property requires that untrusted data never be written to a trusted location).
identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan ([0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0086] – (e.g., hardware Trojan) detection... In some cases, the hardware associated with the hardware design received at 701 can include a Trojan having malicious behaviors that potentially affect the security of information flow (e.g., leaking key bits) and [0092] – fail and [0094]); 
determine that a state register linked to the malicious observation point ... ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]);
identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]); and
([0038] - According to an embodiment, optimizing the security logic of the hardware design 130 is performed based on the security properties programmed in the high-level security language. Optimization of the hardware security logic can involve removing circuitry that may be deemed unnecessary in the design or operation of hardware security logic and [0039] - The generated hardware security logic, implementing the security properties, is thereafter enabled 135 and used for various analysis and design techniques. ...As an example, the analysis and design techniques can be employed to verify that the function of the resulting hardware logic is consistent with one or more security property restrictions and [0040] - According to the disclosed techniques, formal verification 140 can verify the generated hardware security logic against specified security properties that can be checked by formal tools to identify unintentional design flaws (e.g., hardware Trojans that violate the security properties)).
Hu fails to explicitly disclose determine ...the malicious observation point comprises a feedback loop.
However, in an analogous art, Franke teaches determine ...the malicious observation point comprises a feedback loop (Franke, col. 8, lines 52-64 - The feedback loop information can be valuable to the number of sources and the CIC. For example, the feedback loop can help identify sources that are compromised. For example, a known source (e.g., a source that is known to be a source for intelligence information, etc.) can be compromised by malicious security threat events and provide false intelligence information.)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Franke to the system of Hu to include determine ...the malicious observation point comprises a feedback loop. Further a person of ordinary skill in the (Franke, col. 8, lines 52-64).

Regarding Claim 4;
Hu and Franke disclose the system to Claim 3.
Hu further discloses wherein the machine readable instructions further cause the computing device to at least retrieve the functionality of a finite state machine linked to the state register ([0029] - The process is similar to a technology mapping, where each gate in the system is mapped to specific GLIFT logic. The result is a gate-level design of a finite state machine (FSM) that contains both the original logic and tracking logic. The resulting design equipped with tracking logic can be tested for information flows. To test for implicit timing flows, GLIFT accounts for all possible combinations of tainted data bits, and allows information flows to be observed and [0094] - In some embodiments, based on the formal verification's determination of pass or fail, additional operations can be performed, including but not limited to: generating a counterexample, functional testing (on GLIFT logic), and determining exact Trojan behavior.).

Regarding Claim 5;
Hu and Franke disclose the system to Claim 1.
Hu further discloses wherein the machine readable instructions further cause the computing device to at least identify a trigger condition for the trigger circuit for the hardware Trojan (FIG. 5B and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level).

Regarding Claim 7;
Hu and Franke disclose the system to Claim 1.
Hu further discloses wherein the HDL code is represented as Verilog code ([0032] - In some implementations, the hardware design can be received as a program received in, or otherwise including, a hardware description language (HDL), such as Verilog, SystemVerilog, Very High speed integrated circuit Hardware Description Language (VHDL), and Netlist for example).

Regarding Claim 8;
Hu discloses system comprising: 
a computing device comprising a processor and a memory ([0095] and [0097]); and 
machine readable instructions stored in the memory that, when executed by the processor ([0095] and [0097]), cause the computing device to at least 
load a file comprising hardware description language (HDL) code for an intellectual property core ([0086] - According to the embodiments, a data processing apparatus (shown in FIG. 8) can be employed for performing the functions of the described process. A hardware design for an IC chip implementation, for example, is received 701. Receiving the hardware design can include generating a source code including multiple variables, using a HDL, for instance, to specify the circuit configuration and [0095]); 
identify an asset within the intellectual property core ([0028] - A simple example system has two labels: public and secret. A policy for the example system specifies that any data labeled as secret (e.g., an encryption key) should not affect or flow to any data labeled as public (e.g., a malicious process). Information flow tracking can also be extended to more complex policies and labeling systems and [0032] - In the implementations, receiving the hardware design can involve specifying an implementation for an electronic circuit or microprocessor for example, including the components, connectivity, flow of information between components, and logical arrangements. The hardware design can describe the circuit using various degrees of abstraction, including but not limited to: gate level, Register Transfer Level (RTL) level, algorithmic level, and behavioral levels and [0037] and [0086]);
 perform a integrity verification of the HDL code that represents the asset ([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties); 
([0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity) and [0092] - Next, verification of the information flow model is performed 715. At 715, security properties, which are translated into standard HDL assertion statements and verification constraints and input along with the GLIFT logic to a standard hardware verification tool. The verification tool is configured to perform check 720, in order to determine whether the information flow model passes or fails against the specified security properties) wherein the confidentiality violation is defined by a confidentiality policy that specifies which gates, registers, or ports are permitted to be used to access the asset ([0027] - Information flow tracking (IFT) is a technique usable in secure systems to ensure that secrecy and/or integrity of information is tightly controlled. Given a policy (i.e., integrity policy) specifying the desired information flows, such as one requiring that secret information should not be observable by public objects, information flow tracking helps detect whether or not flows violating this policy are present and [0037] - As an example, security properties can identify which information cannot pass, or otherwise get leaked, into an unclassified location (e.g., confidentiality) and which critical components of the hardware cannot be affected or tampered with by untrusted sources (e.g., integrity). In the implementations, security properties received in high-level security languages can be translated, for example during RTL synthesis, into a security hardware logic, for example at the gate level and [0044] - For example, the hardware security design 200 can be implemented as a GLIFT logic. According to the embodiments, the hardware security design 200 can include a set of inputs 205 and outputs 206 corresponding to input ports and output ports, respectively, included in the configuration of the hardware security logic. Additionally, in some implementations, the inputs 205 and outputs 206 can be represented as one or more variables used in mechanisms for specifying a hardware design, for example a HDL and [0047] - In some embodiments, security properties 213 specifying information flow restrictions for a hardware design can be further specified as one or more security lattices 220 (i.e., integrity verification) and [0049] - As an example, the structure of security lattice 220 includes a two label hierarchical arrangement indicating that Output, label 225, flowing to Input, label 224, is a secure information flow that is allowed according to the security property 213. A violation (i.e., integrity violation) of the security property 213 can include a conversely occurring instance of Input, which is the more restricted label 224, flowing to Output label 225. Accordingly, in some implementations, a security hardware logic implementing an information flow violating one or more specified security properties 213 can be detected and [0060] - In some implementations, security property 440 can specify certain confidentiality properties. For example, a confidentiality property can require that secret information never leak to an unclassified domain. A security property 440 can additional specify integrity property. As another example, an integrity property requires that untrusted data never be written to a trusted location).
identify a malicious observation point linked to the asset, wherein the malicious observation point indicates a presence of a hardware Trojan ([0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0086] – (e.g., hardware Trojan) detection... In some cases, the hardware associated with the hardware design received at 701 can include a Trojan having malicious behaviors that potentially affect the security of information flow (e.g., leaking key bits) and [0092] – fail and [0094]); 
determine that a state register linked to the malicious observation point ... ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]);
identify a trigger circuit for a hardware Trojan in response to identification of the malicious observation point ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0059] - The techniques diagramed in FIG. 4A can be generally characterized as having three main parts: information flow tracking (e.g., GLIFT), detection of unintentional design flaws (e.g., hardware Trojans), and the derivation of security theorems to formally prove properties and [0094]); and
initiate extraction of the trigger circuit for the hardware Trojan ([0038] - According to an embodiment, optimizing the security logic of the hardware design 130 is performed based on the security properties programmed in the high-level security language. Optimization of the hardware security logic can involve removing circuitry that may be deemed unnecessary in the design or operation of hardware security logic and [0039] - The generated hardware security logic, implementing the security properties, is thereafter enabled 135 and used for various analysis and design techniques. ...As an example, the analysis and design techniques can be employed to verify that the function of the resulting hardware logic is consistent with one or more security property restrictions and [0040] - According to the disclosed techniques, formal verification 140 can verify the generated hardware security logic against specified security properties that can be checked by formal tools to identify unintentional design flaws (e.g., hardware Trojans that violate the security properties)).
Hu fails to explicitly disclose determine ...the malicious observation point comprises a feedback loop.
However, in an analogous art, Franke teaches determine ...the malicious observation point comprises a feedback loop (Franke, col. 8, lines 52-64 - The feedback loop information can be valuable to the number of sources and the CIC. For example, the feedback loop can help identify sources that are compromised. For example, a known source (e.g., a source that is known to be a source for intelligence information, etc.) can be compromised by malicious security threat events and provide false intelligence information.)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Franke to the system of Hu to include determine ...the malicious observation point comprises a feedback loop. Further a person of ordinary skill in the art to use exemplary rationale to support a conclusion of obviousness, such rationale, i.e., combining prior art elements according to known methods to yield predictable results;  simple substitution of one known element for another to obtain predictable results; "obvious to try" – (Franke, col. 8, lines 52-64).

Regarding Claim(s) 11, 12 and 14; claim(s) 11, 12 and 14 is/are directed to a/an system similarly claimed to the system of Claim(s) 4, 5 and 7. Claim(s) 11, 12 and 14 is/are similar in scope to claim(s) 4, 5 and 7; and is/are therefore rejected under similar rationale.

Regarding Claim(s) 15, 18, 19; claim(s) 15, 18, and 19 is/are directed to a/an method similarly claimed to the system of Claim(s) 8, 11, 12 and 14. Claim(s) 15, 18, and 19 is/are similar in scope to claim(s) 8, 11, 12 and 14; and is/are therefore rejected under similar rationale.







Claims 2, 9 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hu et al. (US 2018/0032760 A1) in view of Franke et al. (US 9,319,420 B1) and further in view of Kalinin et al. (US 2018/0032745 A1)

Regarding Claim 2;
Hu and Franke disclose the system to Claim 1.
Hu further discloses wherein the machine readable instructions that cause the computing device to at last identify the malicious observation point further cause the computing device to at least perform an ... analysis of ...  all observation points to which the asset can propagate ([0029]- Gate Level Information Flow Tracking (GLIFT) is an information flow tracking technology that provides the capability for analyzing the flow of information in a hardware design by tracking the data as it moves throughout the system and [0055] - The systems and techniques disclosed can be designed to detect hardware Trojans at the register-transfer level and the gate level and [0058] - As illustrated in FIG. 4A, GLIFT can be employed as the IFT technology. In this case GLIFT can precisely measures and controls all logical flows from Boolean gates. Moreover, GLIFT can be used to craft secure hardware architectures and detect security violations from timing channels. Also, GLIFT can be used to formally verify that an information flow adheres to security properties related to confidentiality and integrity).
Hu and Franke fails to explicitly disclose further discloses wherein the machine readable instructions that cause the computing device to at last identify the malicious observation point further cause the computing device to at least perform an intersect analysis of fan-in elements of valid observation points.
(Kalinin, [0016] - determining whether an application associated with the process is malicious based on the analysis of the one or more intersections between the region and the at least one graphic interface associated with the process and [0050] - In one exemplary aspect, during the aforementioned analysis the intersection analysis module 140 compares the location of the regions of all elements of the graphic interface 115 of the processes 120 being executed on the computing device with the location of the region 125 determined by the intercept module 130).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kalinin to the system of Hu and Franke to include wherein [a] machine readable instructions that cause [a] computing device to at last identify the malicious observation point further cause the computing device to at least perform an intersect analysis of fan-in elements of valid observation points. Further a person of ordinary skill in the art to use exemplary rationale to support a conclusion of obviousness, such rationale, i.e., combining prior art elements according to known methods to yield predictable results;  simple substitution of one known element for another to obtain predictable results; "obvious to try" – choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success to predict a result in which the teachings of Kalinin’s intersect analysis can be predictably combined to the teachings of Hu to thereby achieve a result/solution that would read on the claim limitation.  One would have been motivated to combine the teachings of Kalinin to Hu and Franke to provide users with a means for blocking access to protected information... (Kalinin, [0002] and [0006]).

Regarding Claim(s) 9; claim(s) 9 is/are directed to a/an system similarly claimed to the system of Claim(s) 2. Claim(s) 9 is/are similar in scope to claim(s) 2; and is/are therefore rejected under similar rationale.

Regarding Claim(s) 16; claim(s) 16 is/are directed to a/an method similarly claimed to the system of Claim(s) 9. Claim(s) 16 is/are similar in scope to claim(s) 9; and is/are therefore rejected under similar rationale.


	

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KARI L SCHMIDT/Primary Examiner, Art Unit 2439