EXAMINER’s COMMENT

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Amendment

In applicant’s Remarks and Amendment to Claims filed on 6/23/2021, no claims were/remain cancelled; claims 1-9 were amended; new claims 10-21 were added. As a result, claims 1-21 are pending, of which claims 1, 4, and 7 are in independent form 

Applicant’s arguments, see pages 10-15 filed 06/23/2021, regarding the objections to the drawings have been fully considered and persuasive. The objection has been withdrawn in view of the amended drawings.
Applicant’s arguments, see pages 10-15 filed 06/23/2021, regarding the objections to the specifications have been fully considered and persuasive. The objection has been withdrawn in view of the amended specifications.
Applicant’s arguments, see pages 10-15 filed 06/23/2021, regarding the objections to the 35 U.S.C 112 rejection have been fully considered and persuasive. The rejection has been withdrawn in view of the amended 35 U.S.C 112 rejection.


EXAMINER’S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in an emailed examiner’s amendment from Brett Krueger (Reg. No. 54, 243) [Please see attached “Email from the Applicant” for details] received on 07/01/2021.
The application has been amended as follows:
Please replace Claim 1 with the following:
(Currently Amended) A method for side-channel attack mitigation in streaming encryption, the method comprising:
	reading into a decryption process executing in memory of a computer, an input stream;
	extracting from the input stream: an encryption envelope having a wrapped key; a cipher text;; and a first message authentication code (MAC); 
generating a dummy key from the wrapped key that differs from the wrapped key;

	performing decryption of the cipher text in constant time by:
determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key;
when the encryption envelope is authentic, generating an authenticated decryption of the cipher text using the wrapped key of the encryption envelope; and
when the encryption envelope fails authentication, generating an unauthenticated decryption of the cipher text using the dummy key, 
wherein decryption of the cipher text using the wrapped key and decryption of the cipher text using the dummy key have no difference in timing of execution, and
wherein performing encryption of the cipher text in constant time indicates whether the wrapped key is an actual key that generated the cipher text of the encryption envelope. 
Please replace Claim 4 with the following:
(Currently Amended) A streaming decryption data processing system comprising:
	a host computer comprising memory and at least one processor; 
	a decryption process executing in the memory of the host computer and performing decryption of input streams; and,
	a side-channel attack mitigation module comprising computer program code executing in the memory of the host computer, the program code during execution being operable in streaming encryption to perform:
	reading in input stream into the decryption process;
	extracting from the input stream: an encryption envelope having a wrapped key; a cipher text;; and a first message authentication code (MAC);
generating a dummy key from the wrapped key that differs from the wrapped key;
generating a second MAC using the wrapped key of the encryption envelope; and,
	performing decryption of the cipher text in constant time by:

when the encryption envelope is authentic, generating an authenticated decryption of the cipher text using the wrapped key of the encryption envelope; and when the encryption envelope fails authentication, generating an unauthenticated decryption of the cipher text using the dummy key, 
wherein decryption of the cipher text using the wrapped key and decryption of the cipher text using the dummy key have no difference in timing of execution, and
wherein performing encryption of the cipher text in constant time indicates whether the wrapped key is an actual key that generated the cipher text of the encryption envelope. 

Please replace preamble of claim 7 with the following:
(Currently Amended) A computer program product for side-channel attack mitigation in streaming encryption, the computer program product including a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executed by a device to cause the device to perform a method including:
	reading into a decryption process executing in memory of a computer, an input stream;
	extracting from the input stream: an encryption envelope having a wrapped key; a cipher text;; and a first message authentication code (MAC);[[;]]
generating a dummy key from the wrapped key that differs from the wrapped key;
generating a second MAC using the wrapped key of the encryption envelope; and,
	performing decryption of the cipher text in constant time by:
determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key;

when the encryption envelope fails authentication, generating an unauthenticated decryption of the cipher text using the dummy key, 
wherein decryption of the cipher text using the wrapped key and decryption of the cipher text using the dummy key have no difference in timing of execution, and
wherein performing encryption of the cipher text in constant time indicates whether the wrapped key is an actual key that generated the cipher text of the encryption envelope. 

Please cancel Claims 12, 16, and 20.
Clumped claims 17 and 18 are re-written as follows for each claim 17 and 18 to start on a new line:
17.    (Amended) The system of claim 4, wherein performing encryption of the cipher text in constant time indicates whether the first MAC was generated using an actual key that generated the cipher text of the encryption envelope. 
18. (Amended) The computer program product of claim 7, wherein the encryption envelope is authentic when the comparison between the first MAC and the second MAC indicates the first MAC is equivalent to the second MAC.

Allowable Subject Matter

Claims 1-11, 13-15, 17-19 and 21 are allowed. 

The following is an examiner’s statement of reasons for allowance: 
Regarding Claims 1, 4, and 7, although the closest prior art of record (such as Cech et al. (U.S Pub. No. 20170141912), Roth et al. (U.S Pub. No. 20140229737), and Sugahara et al. (U.S Pub. No. 20170026169)) teaches a method for side-channel attack mitigation in streaming encryption, the method comprising: reading into a decryption process executing in memory of a computer, an input stream; generating a dummy key from the wrapped key that differs from the wrapped key;
generating a second MAC using the wrapped key of the encryption envelope; and performing decryption of the cipher text in constant time by: determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key; when the encryption envelope is authentic, generating an authenticated decryption of the cipher text using the wrapped key of the encryption envelope; and when the encryption envelope fails authentication, generating an unauthenticated decryption of the cipher text using the dummy key,  wherein decryption of the cipher text using the wrapped key and decryption of the cipher text using the dummy key have no difference in timing of execution.
However, none of the prior art, alone or in combination teaches extracting from the input stream: an encryption envelope having a wrapped key; a cipher text; and a first message authentication code (MAC); and wherein performing encryption of the cipher text in constant time indicates whether the wrapped key is an actual key that generated the cipher text of the encryption envelope. These limitation, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record.
Cech et al. (U.S Pub. No. 20170141912) discloses a method for protecting a computer system from side-channel attacks when using an encryption or decryption method for data packets of a data stream, wherein interruptions in the encryption or decryption method are generated by a random generator, where further computing operations are applied during the interruptions to already encrypted or decrypted data packets of the data stream or to data packets of the data stream which are yet to be encrypted or decrypted to generate random noise in the power consumption of the computer system.
Roth et al. (U.S Pub. No. 20140229737) discloses a system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.
Sugahara et al. (U.S Pub. No. 20170026169) discloses a control circuit causes a first cryptographic module to perform a dummy operation in a command processing period and a data processing period in which a second cryptographic module performs a normal operation while the first cryptographic module does not perform a normal operation.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”














Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HASSAN A HUSSEIN/ 
Examiner, Art Unit 2497
/HEE K SONG/Examiner, Art Unit 2497