DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Application filed 07/01/2020 has been received and considered.
Claims 1-15 are pending.
Drawings
2. 	The drawings filed on 07/01/2020 are accepted. 
Information Disclosure Statement
3.	The information disclosure statement (IDS) submitted on 07/01/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, an initialed and dated copy of the Applicant’s IDS form 1449 filed on 07/01/2020 is attached to this office action. 
EXAMINER’S AMENDMENT
4.	Authorization for this examiner’s amendment was given by Carl Schlier (Reg. No. 34426) on 09/08/2021. The application has been amended as follows: 
1. (Currently Amended)  A method for executing, with a microprocessor, a binary code of a secure function configured to protect against an attack, said method comprising the following steps:
a) storing, in a memory, a line of code, said line of code containing a cryptogram of the code and a first integrity tag allowing the integrity of the line of code to be verified,
b) obtaining, with the microprocessor, a first pointer containing [[the]] an address at which said line of code is stored, then
c) executing, with the microprocessor, an instruction to read said line of code using the first pointer and
c1) loading the first pointer into a register of the microprocessor,

c3) verifying the integrity of the loaded line of code, said verification comprising constructing a second integrity tag from the cryptogram contained in the loaded line of code, then comparing said second integrity tag to the first integrity tag contained in the loaded line of code, then
c4) when the second integrity tag does not correspond to the first integrity tag, i.e. when the verification of the integrity of the loaded line of code fails, the microprocessor systematically triggers the flagging of an execution fault, and
c5) when the second integrity tag corresponds to the first integrity tag, i.e. when the loaded line of code is of integrity, the cryptogram of the code is decrypted to obtain a cleartext code and the triggering of an execution fault is inhibited;
wherein:
obtaining the first pointer comprises obtaining a first pointer containing:
a first range of bits containing the address of the line of code, and
a second, different range of bits containing an identifier of the first pointer, the identifier of said first pointer allowing said first pointer to be uniquely identified among a set that contains a plurality of different pointers employed during the same execution of the binary code by the microprocessor,
storing the line of code comprises storing a line of code wherein the first integrity tag is constructed or encrypted using the identifier of the first pointer,
during the loading of the line of code, it is the address contained in the first range of bits of the loaded first pointer that is used and the identifier of the first pointer contained in the second range of bits is not used, and
during the verification of the integrity of the loaded line of code, the second integrity tag is constructed, in addition, using the identifier of the first pointer contained in the second range of bits of 

12. (Currently Amended)  A binary code of a secure function able to be executed by a microprocessor, implementing an executing method as claimed in claim 1, wherein the binary code comprises:
a line of code containing the cryptogram of the code and a first integrity tag allowing the integrity of the line of code to be verified,
a first pointer containing [[the]] an address at which the line of code is stored, and
an instruction to read the line of code using the first pointer which, when said instruction is executed by the microprocessor, triggers the execution of the following operations by the microprocessor:
c1) loading the first pointer into a register of the microprocessor,
c2) loading the line of code stored at the address contained in the first pointer, then
c3) verifying the integrity of the loaded line of code, said verification comprising constructing a second integrity tag from the cryptogram contained in the loaded line of code, then comparing said second integrity tag to the first integrity tag contained in the loaded line of code, then
c4) when the second integrity tag does not correspond to the first integrity tag, i.e. when the verification of the integrity of the loaded line of code fails, the microprocessor systematically triggers the flagging of an execution fault, and
c5) when the second integrity tag corresponds to the first integrity tag, i.e. when the loaded line of code is of integrity, the cryptogram of the code is decrypted to obtain a cleartext code and the triggering of an execution fault is inhibited;
wherein:

a first range of bits containing the address of the line of code, and
a second, different range of bits containing an identifier of the first pointer, the identifier of said first pointer allowing said first pointer to be uniquely identified among a set that contains a plurality of different pointers employed during the same execution of the binary code by the microprocessor, and
the first integrity tag is constructed or encrypted using the identifier of the first pointer.

14. (Currently Amended)  A microprocessor for implementing a method as claimed in claim 1, said microprocessor being configured to execute the following steps:
a) storing, in a memory, a line of code, said line of code containing a cryptogram of the code and a first integrity tag allowing the integrity of the line of code to be verified,
b) obtaining, with the microprocessor, a first pointer containing [[the]] an address at which said line of code is stored, then
c) executing, with the microprocessor, an instruction to read said line of code using the first pointer and
c1) loading the first pointer into a register of the microprocessor,
c2) loading the line of code stored at the address contained in the first pointer, then
c3) verifying the integrity of the loaded line of code, said verification comprising constructing a second integrity tag from the cryptogram contained in the loaded line of code, then comparing said second integrity tag to the first integrity tag contained in the loaded line of code, then
c4) when the second integrity tag does not correspond to the first integrity tag, i.e. when the verification of the integrity of the loaded line of code fails, the microprocessor systematically triggers the flagging of an execution fault, and

wherein the microprocessor is also configured to:
during the obtaining of the first pointer, obtain a first pointer containing:
a first range of bits containing the address of the line of code, and
a second, different range of bits containing an identifier of the first pointer, the identifier of said first pointer allowing said first pointer to be uniquely identified among a set that contains a plurality of different pointers employed during the same execution of the binary code by the microprocessor,
during the storing of the line of code, to store a line of code wherein the first integrity tag is constructed or encrypted using the identifier of the first pointer,
during the loading of the line of code, it is the address contained in the first range of bits of the loaded first pointer that is used and the identifier of the first pointer contained in the second range of bits is not used, and
during the verification of the integrity of the loaded line of code, the second integrity tag is constructed, in addition, using the identifier of the first pointer contained in the second range of bits of the loaded first pointer, so that if a second pointer, different from the first pointer, is used instead of the first pointer to read or write said line of code, the verification of the integrity of the line of code fails.

15. (Currently Amended)  A compiler able to automatically convert a source code of a secure function into a binary code of said secure function, wherein the compiler is able to automatically convert the source code into a binary code as claimed in claim 12, said compiler being configured to 

a first pointer containing [[the]] an address at which the line of code is stored, and
an instruction to read the line of code using the first pointer that, when it is executed by the microprocessor, triggers the execution of the following operations by the microprocessor:
c1) loading the first pointer into a register of the microprocessor,
c2) loading the line of code stored at the address contained in the first pointer, then
c3) verifying the integrity of the loaded line of code, said verification comprising constructing a second integrity tag from the cryptogram contained in the loaded line of code, then comparing said second integrity tag to the first integrity tag contained in the loaded line of code, then
c4) when the second integrity tag does not correspond to the first integrity tag, i.e. when the verification of the integrity of the loaded line of code fails, the microprocessor systematically triggers the flagging of an execution fault, and
c5) when the second integrity tag corresponds to the first integrity tag, i.e. when the loaded line of code is of integrity, the cryptogram of the code is decrypted to obtain a cleartext code and the triggering of an execution fault is inhibited;
wherein:
the first pointer contains:
a first range of bits containing the address of the line of code, and
a second, different range of bits containing an identifier of the first pointer, the identifier of said first pointer allowing said first pointer to be uniquely identified among a set that contains a plurality of different pointers employed during the same execution of the binary code by the microprocessor, and
the first integrity tag is constructed or encrypted using the identifier of the first pointer. 


Allowable Subject Matter
5.	Claims 1-15 are allowed.
The following is an examiner’s statement of reasons for allowance: The claims are allowed over the prior art of record. After further search and consideration, the prior arts of record either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the particular features incorporated in each independent claims. 
The prior art Macchetti (US 2011/0022854) of record discloses a method for ensuring software integrity by encrypting all or part of each instruction using a key based on previous instructions. The prior art Barnes (US 2019/0026236) of record discloses a method for generating signed bounded pointers using a signature. The prior art Hosie (US 2019/0087566) of record discloses a method for generating authentication codes and checking instructions associated with source values using a call path identifier. 
US 20120192283 A1 – Interlocked binary protection using whitebox cryptography.
US 20190130120 A1 – Secure I/O with accelerator devices.
US 20070106519 A1 – Secure execution of a computer program against attacks. 
US 10148671 B2 – Protecting a chip card against attacks.
US 9092618 B2 – Secure execution of a computer program.
However, the prior art fails to anticipate or render the following limitations: “a first range of bits containing the address of the line of code”, “a second, different range of bits containing an identifier of the first pointer, the identifier of said first pointer allowing said first pointer to be uniquely identified among a set that contains a plurality of different pointers employed during the same execution of the binary code by the microprocessor”, “storing the line of code comprises storing a line of code wherein the first integrity tag is constructed or encrypted using the identifier of the first pointer” and “during the as recited in claim 1). 
The present invention proposes to preventing attacks such as a stack underflow attack. The solution to this problem, proposed in claim 1 of the present application, is considered to involve an inventive step for the following reasons: The use of a single value stored with the pointer makes it possible to control the execution of an instruction called via a pointer and ensure that this instruction was called using an uncompromised pointer. Claims 2-11 depend on claim 1 and therefore also satisfy, as such, the requirements of novelty and inventive step.
Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437      
                                                   

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498