DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/491,059 filed on 09/04/2019.
As per the Preliminary Amendment filed on 09/04/2019, claims 7, 17, 22-27, and 29-34 were canceled; claims 3-4, 6, 8-10, 13-14, and 16-20 have been amended. Claims 1-6, 8-16, 18-21, and 28 are pending in this application.
Priority
Acknowledgment is made of Applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d) to parent Application No. PCT/SG2018/050122, filed on 03/19/2018 and parent Application No. SG10201702226R, filed on 03/20/2017.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1-3, 10-13, 20-21, and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Yoshimi (US 2009/0327664) in view of Han et al. (CN 104378196A; Hereinafter “Han”).
Regarding claim 1, Yoshimi teaches an apparatus for encrypting at least one plaintext to at least one cipher-text using at least one password key (Yoshimi: Para. [0022], "Encryption" as used herein is intended to encompass not only processing for encryption but also processing for decryption.), the apparatus comprising: at least one memory; and at least one processor coupled to the at least one memory and configured to (Yoshimi: Fig. 8, Fig. 10, Para. [0024], The arithmetic processing apparatus according to the first embodiment is a microprocessor that includes an operation circuit group, a redundant operation circuit group, and a random data generating circuit.): 
perform at least one redundant computation that is independent of the at least one plaintext or the at least one password key (Yoshimi: Para. [0033], The redundant operation circuit group 12b has the same configuration as that of the operation circuit group 12a. When encryption is performed, the redundant operation circuit group 12b performs encryption by using randomly generated data, and when encryption is not performed, the redundant operation circuit group 12b performs the other arithmetic processing.), 
wherein the apparatus emits first analog electrical characteristics when the at least one genuine computation is performed and emits second analog electrical characteristics when the at least one redundant computation is performed (Yoshimi: Para. [0033], The redundant operation circuit group 12b notified that encryption is being performed, receives an instruction randomly generated by a redundant instruction issuing control circuit 14a of the instruction issuing circuit 14, which will be described later, and operates various operation circuits based on the instruction and random data. The redundant operation circuit group 12b then stores the result obtained by execution in a dedicated region of the redundant operation circuit group 12b such as the L1 cache 17, the L2 cache 18, the Load/Store circuit 19, and a main storage device connected to the external bus control circuit 21. Para. [0054]), 
wherein a metric of similarity between the first analog electrical characteristics and the second analog electrical characteristics satisfies a threshold (Yoshi: Para. [0039], The redundant instruction issuing frequency control circuit 14b, when the power consumption measured by the power check circuit 22, which will be described later, is greater than a predetermined threshold, suppresses the instruction from being loaded into the redundant operation circuit group 12b. More specifically, the redundant instruction issuing frequency control circuit 14b, on receiving a notification that the power consumption in the arithmetic processing apparatus is a value close to the maximum acceptable value from the power check circuit 22, loads an instruction issuing suppression signal into the redundant instruction issuing control circuit 14a, and suppresses the instruction to the redundant operation circuit group 12b. FIG. 4 is a schematic for explaining the instruction issuing circuit. Para. [0053]-[0054], The power check circuit 22, not only determines whether the power consumed by the entire arithmetic processing apparatus 10 is equal to or greater than a threshold, but can also determine whether the power consumed by each circuit is equal to or greater than a threshold, by providing a threshold of power consumption for each circuit. Para. [0069]).
Yoshimi does not explicitly teach perform at least one genuine computation that is dependent on the at least one plaintext and the at least one password key.
In an analogous art, Han teaches perform an apparatus for encrypting at least one plaintext to at least one cipher-text using at least one password key (Han: Fig. 3(a)-3(d), Page 5, Para. 1, True plaintext P and true round key are used as inputs, and there is no false encryption round calculation before performing the first round to the 16th round of true encryption round calculations. The result of the 16-round true encryption round calculation is output as ciphertext C.).
at least one genuine computation that is dependent on the at least one plaintext and the at least one password key (Han: Fig. 3(a), Page 5, Para. 1, 3(a) shows the execution process of the DES encryption algorithm when k is equal to zero. True plaintext P and true round key are used as inputs, and there is no false encryption round calculation before performing the first round to the 16th round of true encryption round calculations. The result of the 16-round true encryption round calculation is output as ciphertext C. Page 4, Step 121-123, Page 5, Para. 2-6) 
perform at least one redundant computation that is independent of the at least one plaintext or the at least one password key (Han: Fig. 3(a), Page 5, Para. 1, After performing 16 rounds of true encryption round calculations, add 3 rounds of fake encryption wheel calculations. The three rounds of the pseudo-encryption round calculation use random data as the encrypted input data, and the pseudo-encrypted input data is encrypted using the constants FK 1 , FK 2 , and FK 3 as the fake round keys, respectively. Page 4, Step 121-123, Page 5, Para. 2-6).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Han with the system and method of Yoshimi to include perform at least one genuine computation that is dependent on the at least one plaintext and the at least one password key because this functionality provides enhanced security to withstand side attack techniques (Han: Page 1, Para. 2). 
Regarding claim 2, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein the first analog electrical characteristics or the second analog electrical characteristics comprise at least one of power dissipation or electromagnetic emission (Yoshimi: Para. [0005], In recent years, as a method of specifying an encryption method from hardware, the decryption has been performed to specify the type, the number of times, and the contents of the arithmetic operation, from the power distribution and the amount of power fluctuations on a chip of the processor that performs encryption, as depicted in FIG. 8.).
Regarding claim 3, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein the at least one genuine computation comprises at least one round of genuine computation, wherein the at least one redundant computation comprises at least one round of computational imitation, wherein a sequence of computations for the at least one round of genuine computation and the at least one round of computational imitation is random, wherein the at least one round of genuine computation collectively generates the at least one cipher-text (Han: Fig. 3(a), Page 5, Para. 1, 3(a) shows the execution process of the DES encryption algorithm when k is equal to zero. True plaintext P and true round key are used as inputs, and there is no false encryption round calculation before performing the first round to the 16th round of true encryption round calculations. The result of the 16-round true encryption round calculation is output as ciphertext C. After performing 16 rounds of true encryption round calculations, add 3 rounds of fake encryption wheel calculations. The three rounds of the pseudo-encryption round calculation use random data as the encrypted input data, and the pseudo-encrypted input data is encrypted using the constants FK 1 , FK 2 , and FK 3 as the fake round keys, respectively. Page 4, Step 121-123).
Regarding claim 10, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein the metric is one of Normalized Absolute Difference, correlation coefficient, or correlation coefficient of variance, wherein the metric is derived from key leakage regions of the first analog electrical characteristics and the second analog electrical characteristics (Yoshimi: Para. [0054], The power check circuit 22, not only determines whether the power consumed by the entire arithmetic processing apparatus 10 is equal to or greater than a threshold, but can also determine whether the power consumed by each circuit is equal to or greater than a threshold, by providing a threshold of power consumption for each circuit. For example, it can estimate a changing probability of output signals from the changing probability of input signals for each circuit, and estimate power to be consumed by the entire circuit, from a product of a wiring capacity and the changing probability of each circuit. FIG. 6 is a schematic for explaining the power check circuit. [under the broadest reasonable interpretation, a changing probability of output signal from a changing probability of input signal and estimated power meets correlation coefficient limitation and variance limitation]).
Regarding claims 11-13, claims 11-13 are rejected under the same rational as claims 1-3.
Regarding claim 20, claim 20 is rejected under the same rational as claim 10.
Regarding claim 21, claim 21 is rejected under the same rational as claim 1.
Regarding claim 28, claim 28 is rejected under the same rational as claim 1.

Claim(s) 4-6 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Yoshimi (US 2009/0327664) in view of Han et al. (CN 104378196A; Hereinafter “Han”) and further in view of McSpadden et al. (GB 2345229; Hereinafter “McSpadden”).
Regarding claim 4, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein at least one round of computation is performed to encrypt the at least one plaintext. Yoshimi, in combination with Han, does not explicitly teach wherein the at least one round of computation comprises at least two partial computations, wherein each partial computation comprises a portion of the at least one genuine computation and a portion of the at least one redundant computation, wherein the at least two partial computations collectively generate the at least one cipher-text.  
In an analogous art, McSpadden teaches a system and method wherein the at least one round of computation comprises at least two partial computations, wherein each partial computation comprises a portion of the at least one genuine computation and a portion of the at least one redundant computation, wherein the at least two partial computations collectively generate the at least one cipher-text (McSpadden: Fig. 5, Page 11, Lines 10-34, For example, one may choose to only insert one dummy look-up per round in the interest of execution time, but one or more dummy look-ups for each real look-up would make the DES operation more resistant to attack. The programmer must strike the appropriate balance for a given application. Preferably, one performs at least one dummy look-up (and more preferably 2-4 dummy look-ups) for each 25 real look-up. In other words, if the randomly chosen order for the S block lookups is S7, S1, S3, S2, S4, S5, S8, S6, in a round, then one might instead perform the look-ups as be S7, 01, 02, 03, S1, 04, 05, 06, S3, 07, 08, 09, where Di is a dummy look-up. Page 7, Lines 32-34, Page. 8, Lines 1-4, Page 10, Lines 7-21, In a preferred embodiment, this resulting random number, r, is XORed with a byte from L, the left portion of the input message for a given round. The result of this XOR -- r EB [a byte of L]-- is then used to select the order in which the function is performed. )
 It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of McSpadden (McSpadden: Page 7, Lines 32-34, Page. 8, Lines 1-4). 
Regarding claim 5, Yoshimi, in combination with Han and McSpadden, teaches the apparatus of claim 4, wherein analog electrical characteristics emitted by the apparatus for each partial computation of the at least two partial computations are similar, wherein analog electrical characteristics emitted by the apparatus when a partial computation of the at least two partial computations is performed are similar to analog electrical characteristics emitted by the apparatus when the at least one round of computation is performed (McSpadden: Fig. 5, Page 11, Lines 10-17, Another technique which could be used to improve resistance to attacks is to insert a "dummy" operation to confuse analysis of a power signature. For example, one could insert "dummy" S block look-ups into the DES routine, whereby an S block look-up is performed but the result or output of the look-up is not included in the pre-output value, U, but is instead written elsewhere and not used. Thus, the power signature will appear as if an S block look-up has occurred, but an attacker will not be able to determine if the output from the lookup is included in the pre-output value, U. Page 14, Lines 3-6, In contrast, the power consumption spike could not be detected even after processing and analyzing 2000 random messages when randomizing both the XOR function and the selection function look-up in conjunction with the same integrated circuit.).
Regarding claim 6, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein at least one round of computation is performed to encrypt the at least one plaintext (Han: Fig. 3(a), Page 5, Para. 1, 3(a) shows the execution process of the DES encryption algorithm when k is equal to zero. True plaintext P and true round key are used as inputs). Yoshimi, in combination with Han, does not explicitly teach wherein 
In an analogous art, McSpadden teaches a system and method wherein the at least one round of computation comprises at least one iteration of genuine substitution-box computation and at least one iteration of substitution-box computational imitation, wherein the at least one genuine computation comprises the at least one iteration of genuine substitution-box computation, wherein the at least one redundant computation comprises the at least one iteration of substitution-box computational imitation, wherein a sequence of computations for the at least one iteration of genuine substitution-box computation and the at least one iteration of substitution-box computational imitation is random, wherein the at least one iteration of genuine substitution-box computation collectively generates the at least one cipher-text (McSpadden: Fig. 5, Page 11, Lines 10-34, For example, one may choose to only insert one dummy look-up per round in the interest of execution time, but one or more dummy look-ups for each real look-up would make the DES operation more resistant to attack. The programmer must strike the appropriate balance for a given application. Preferably, one performs at least one dummy look-up (and more preferably 2-4 dummy look-ups) for each 25 real look-up. In other words, if the randomly chosen order for the S block lookups is S7, S1, S3, S2, S4, S5, S8, S6, in a round, then one might instead perform the look-ups as be S7, 01, 02, 03, S1, 04, 05, 06, S3, 07, 08, 09, where Di is a dummy look-up. Page 7, Lines 32-34, Page. 8, Lines 1-4, Page 10, Lines 7-21, In a preferred embodiment, this resulting random number, r, is XORed with a byte from L, the left portion of the input message for a given round. The result of this XOR -- r EB [a byte of L]-- is then used to select the order in which the function is performed. ).
(McSpadden: Page 7, Lines 32-34, Page. 8, Lines 1-4). 
Regarding claims 14-16, claims 14-16 are rejected under the same rational as claims 4-6.

Claim(s) 8-9 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Yoshimi (US 2009/0327664) in view of Han et al. (CN 104378196A; Hereinafter “Han”) and further in view of Kumar et al. (US 2018/0097618; Hereinafter “Kumar”).
Regarding claim 8, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein the at least one genuine computation is performed based on at least one of a first input and a first key, the first input derived from the at least one plaintext and the first key derived from the at least one password key, wherein the at least one redundant computation is performed based on at least one of a second input or a second key (Han: Page 3, Para. 7, Optionally, the fake encryption and decryption round calculation parameter may be a fake encryption and decryption input data and a fake round key; or, a fake encryption and decryption input data and a true round key; or, the real encryption and decryption input data and Fake round key. For example, a fake round key can be used to perform a round of false encryption round calculation on the fake plaintext input, or a fake round key can be used to perform a round of false encryption round calculation on the true plaintext input, or use true The round key is used to perform a round of false encryption round calculations on the fake plaintext input. The fake round key may be a fixed constant or a random number, or may be obtained by mapping a true round key.).  Yoshimi, in combination with Han, does not explicitly teach wherein the first input has the same Hamming weight as the second input.  
In an analogous art, Kumar teaches a system and method wherein the first input has the same Hamming weight as the second input (Kumar: [0081], Hamming-weight circuitry 945 may be operable to perform an XOR of a value on the output of first inverting circuitry 943 and a value on the output of second inverting circuitry 944. Para. [0082], Hamming-weight circuitry 945 may be operable to perform an XOR of a value on the output of first inverting circuitry 943 and a value on the output of second inverting circuitry 944. The input of first inverting circuitry 943 is coupled to the output of first S-box multiplexing circuitry. In some embodiments, the input of first inverting circuitry 943 may be coupled to at least one of: the input of S-box circuitry 952 and the output of S-box circuitry 952. Para. [0066], The various parts of AES accelerator 700 may be coupled to each other in a manner substantially similar to the manner in which the various parts of AES accelerator 100 are coupled to each other. In addition, in comparison with AES accelerator 100, AES accelerator 700 may comprise first inverting circuitry 743, a second inverting circuitry 744, and a Hamming-weight circuitry 745.). 
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Kumar with the system and method of Yoshimi and Han to include wherein the first input has the same Hamming weight as the second input because this functionality helps prevent susceptibility to side channel attacks (Kumar: Para. [0016]). 
Regarding claim 9, Yoshimi, in combination with Han, teaches the apparatus of claim 1, wherein the at least one genuine computation is performed based on at least one (Han: Page 3, Para. 7, Optionally, the fake encryption and decryption round calculation parameter may be a fake encryption and decryption input data and a fake round key; or, a fake encryption and decryption input data and a true round key; or, the real encryption and decryption input data and Fake round key. For example, a fake round key can be used to perform a round of false encryption round calculation on the fake plaintext input, or a fake round key can be used to perform a round of false encryption round calculation on the true plaintext input, or use true The round key is used to perform a round of false encryption round calculations on the fake plaintext input. The fake round key may be a fixed constant or a random number, or may be obtained by mapping a true round key.). Yoshimi, in combination with Han, does not explicitly teach wherein the first key has the same Hamming weight as the second key. 
In an analogous art, Kumar teaches a system and method wherein the first key has the same Hamming weight as the second key (Kumar: Para. [0068], The complementary versions thereby created may then be XORed by Hamming-weight circuitry 745. As a result, in various embodiments, key bytes from key register circuitry 712 and data bytes from data register circuitry 772 may be inverted and added together. This inversion and XORing may occur parallel to the XOR performed by second key-and-data XOR circuitry 746 (in which an input coupled to an output of map circuitry 742 is XORed with an input coupled to the output of data register circuitry 772). Para. [0067], Hamming-weight circuitry 745 may have a first input coupled to an output of first inverting circuitry 743 and a second input coupled to an output of second inverting circuitry 744. Para. [0066], [0081]-[0082]). 
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Kumar with the system and method of Yoshimi and Han to include wherein the first key has the same Hamming weight as the second key because this functionality helps prevent susceptibility to side channel attacks (Kumar: Para. [0016]). 
Regarding claims 18-19, claims 18-19 are rejected under the same rational as claims 8-9.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NELSON S. GIDDINS/            Primary Examiner, Art Unit 2437