DETAILED ACTION
This Office Action is in response to application 16/766,878 filed on May 26, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-19 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. EP17306665.5, filed on 11/30/2017.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/26/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.




Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Especially, claim 1 recites notations in quotation, it is unclear these notations are presented as example of values or processes since these are presented in parentheses. For the purpose of rejection, the examiner will considered the values in parentheses as examples.

Regarding claims 2-19; claims 2-19 is rejected with the same rationale as claim 1, above.

Claim 7 recites the limitation "the identity operation" in line 2.  There is insufficient antecedent basis for this limitation in the claim.

Claim 9 recites the limitation "the identity function" in line 2.  There is insufficient antecedent basis for this limitation in the claim.

Claim 17 recites the limitation "the identity operation" in line 2.  There is insufficient antecedent basis for this limitation in the claim.

19 recites the limitation "the identity function" in line 2.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 5, 10, 11 and 15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Michiels et al. (Michiels) U.S. Pub. Number 2017/0033921   
Regarding claim 1; Michiels discloses a method for a secure execution of a whitebox cryptographic algorithm applied to a message (m) and protected by countermeasures based on pseudo-random values, comprising the steps of:
- executing (Si) a pseudo-random function generating pseudo-random output values (Rj) and an encrypted main output value (*Si+1*) based on an encrypted input value (*Xi*) derived from said message (m) (para. [0088] The masking value m may be computed by m=f(x.sub.1, x.sub.2, . . . , x.sub.16)=h.sub.1(x.sub.1).sym.h.sub.2(x.sub.2).sym. . . . .sym.h.sub.16(x.sub.16), where each h.sub.i may be a random bijective function and x.sub.1, x.sub.2, . . . , x.sub.16 are the 16 input bytes),
 - securing (S2) said cryptographic algorithm by applying to the cryptographic algorithm said countermeasures based on said generated pseudo-random output values (Rj) (para. [0089] fig. 3, the mask may be applied to the intermediate values present in the network of tables in FIG. 3. The Q-boxes 620, 622, 624, 626 correspond to the Q-boxes 320, 322, 324, 326... In order to mask the intermediate values u.sub.1, u.sub.5, and u.sub.6 an additional XOR 640 may be added),
(para. [0089] fig. 3, one input to XOR 630 is the masked value u.sub.1.sym.m the output from the XOR 630 is now the masked value u.sub.5.sym.m… which produce masked outputs. The output of 634 is z.sub.2,3.sym.m which may be input into the XOR 650 which removes the mask by XORing with the mask value m (z.sub.2,3 .sym.M) to result in the unmasked value z.sub.2,3, which is then input to the S-box of the next round of operation), 
- executing (S4) said secured cryptographic algorithm on said encrypted retrieved value (*Xi*) (para. [0089] the output of 634 is z.sub.2,3.sym.m which may be input into the XOR 650 which removes the mask by XORing with the mask value m (z.sub.2,3 .sym.M) to result in the unmasked value z.sub.2,3, which is then input to the S-box of the next round of operation).

Regarding claim 5; Michiels discloses the method of claim 1, wherein said pseudo-random output values and said main output value are also generated by the pseudo-random function based on at least one intermediate value (Yi) obtained during a previous execution of the cryptographic algorithm (para. [0056] mask intermediate values of a cryptographic algorithm by pseudo-random masks. That is, by using masks that are function f of the input to the algorithm. The implementation of f may be merged with the implementation of the cryptographic algorithm).

Regarding claim 10; claim 10 is directed a non- transitory memory which has similar scope as claim 1. Therefore, claim 10 remains un-patentable for the same reasons.

Regarding claim 11; claim 11 is directed a device which has similar scope as claim 1. Therefore, claim 11 remains un-patentable for the same reasons.

Regarding claim 15; claim 15 is directed a device which has similar scope as claim 5. Therefore, claim 15 remains un-patentable for the same reasons.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-4 and 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Michiels et al. (Michiels) U.S. Pub. Number 2017/0033921, in view of Michiels et al. (Michiels’) U.S. Pub. Number 2015/0270951. 
Regarding claim 2; Michiels discloses the method of claim 1.
Michiels does not disclose, which Michiels’ discloses wherein said cryptographic algorithm is based on a blockcipher algorithm (Michiels’: para. [0044] a security module 500 may receive an encrypted input value x from an external source 510. This external source 510 encrypts the desired input value x and supplies the encrypted x value to the white-box decryption block cipher 520).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Michiels to provide cryptographic algorithm is based on a blockcipher algorithm, as taught by Michiels’. The motivation would be to provide security which it is hard to extract to underlying key by a white-box attack (i.e. all values related to a function P are always encoded and invisible to an attacker, that is, the values are never in the clear. If an operation is performed, the decoding of the input and encoding of the output is integrated with the operation such that the clear value is hard to extract and is invisible to an attacker).
Regarding claim 3; Michiels discloses the method of 1.
Michiels does not disclose, which Michiels’ discloses wherein said whitebox cryptographic algorithm comprises at least one operation implemented using at least one encoded lookup table and wherein said encrypted retrieved value is encrypted using an encoding corresponding to the encoding of said encoded lookup tables (Michiels’: para. [0036] the encoding of the input and output of the lookup tables of FIG. 3. This is done in such a way that the output encoding of one table matches the input encoding assumed in the next tables…The input may be byte-wise encoded by encoding function g(x). The outputs of hash-key XOR tables 410, 420, 430 may be encoded by functions f.sub.1, f.sub.2, and f.sub.3. As the XOR table 440 receives inputs from hash-key XOR tables 410 and 420, XOR table 440 must decode the inputs received and then encode the output using function f.sub.4.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Michiels to provide one operation implemented using at least one encoded lookup table and wherein said encrypted retrieved value is encrypted using an encoding corresponding to the encoding of said encoded lookup tables, as taught by Michiels’. The motivation would be to prevent reverse engineering and modification of the algorithm or prohibit obtaining the user-specific secure information (i.e.one way to obscure these functions is by the use of lookup tables).

Regarding claim 4; the combination of Michiels and Michiels’ discloses method of claim 3 wherein securing said cryptographic algorithm (S2) comprises randomizing at least one of said lookup tables using said pseudo-random output values as masking values (Michiels’: para. [0044] the white-box decryption block cipher 520 encodes the input value x using an encoding function f. The encoding function f may operate on the whole value of x or on individual portions of x, for example, such as individual bytes. The encoded value f(x) may then be stored in memory. In a like manner any input values x may be received in encrypted form, then decrypted and encoded, and then stored as an encoded value in the memory 530. In any case, the operation of the white-box decryption block cipher 520 operates so that the input value x is invisible to an attacker. A secure function P 540 may fetch encoded input values f(x) from the memory 530. The secure function P 540 may first decode the input values. Next, the secure function P 540 may perform operations using the decoded input values…Such operations may be implemented using a lookup table or a series of lookup table). The reason to combine Michiels and Michiels’ is the same as claim 3, above.

Regarding claim 12-14; claims 12-14 are directed to a device which has similar scope as claims 2-4 respectively. Therefore, claims 12-14 remain un-patentable for the same reasons.

Claims 6, 9, 16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Michiels et al. (Michiels) U.S. Pub. Number 2017/0033921, in view of Tsunoo et al. (Tsunoo) U.S. Pub. Number 2009/0323956.
 Regarding claim 6; Michiels discloses the method of 1.
Michiels does not disclose, which Tsunoo discloses wherein executing said pseudo-random function comprises several executions of an update function, wherein at least one of said pseudo-random output values is an output of said update function, and said encrypted main output value is an output of the last execution of the update function (Tsunoo: para. [0114] an encryption device which generates a pseudo-random number sequence based on a secret key and applies the pseudo-random number sequence to a plain text so as to generate an encrypted text; para. [0115] a predetermined leftward or rightward rotate shift, depending on a number smaller than an internal state number, based on the result of linear or non-linear, or combination of linear and non-linear using one or more numeric values of the internal state is executed and at least one temporary variable used for generation of the pseudo-random number sequence is set to be a temporary variable having as a value a result of the execution of the predetermined leftward or rightward rotate shift; para. [0116] the pseudo-random number is generated by a predetermined prescribed operation on one or a plurality of numeric values of the internal state).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Michiels to provide executing said pseudo-random function comprises several executions of an update function, wherein at least one of said pseudo-random output values is an output of said update function, and said encrypted main output value is an output of the last execution of the update function, as taught by Tsunoo. The motivation would be to provide security of the pseudo-random number depends on a pseudo-random number sequence to be generated thereafter not being predictable from an already observed pseudo-random number sequence.

Regarding claim 9; the combination of Michiels and Tsunoo discloses the method of claim 6, wherein said update function generates an output comprising a result of applying the identity function to a part of its input, and comprising a result of an encryption of its input using an encryption key (Tsunoo: para. [0131] updates a value of the internal variable k, based on a result of an arithmetic addition of a value obtained by performing a second shift number of rotate shift operations on an array element S[j] of a second index variable j, and an internal variable k; para. [0132] outputs a key stream, based on a result of an arithmetic addition of a value obtained by performing a third shift number of rotate shift operations on the array element S[(S[i]+S[j])] according to S[i]+S[j]; para. [0133] updates the array element S[(S[i]+S[j])] referred to in order to generate the key stream, using the array element S[i] and the internal variable k immediately after output of the key stream). The reason to combine Michiels and Tsunoo is the same as claim 6, above.
Regarding claim 16 and 19; claims 16 and 19 are directed to a device which has similar scope as claims 6 and 9, respectively. Therefore, claims 16 and 19 remain un-patentable for the same reasons.

Allowable Subject Matter
Claims 7, 8, 17 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action.

Examiner’s remarks to overcome the rejection above
Even though, the Examiner has indicated allowable subject matter. The Examiner further encourage to contact the examiner to discuss claim’s amendment to expedite prosecution.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2015/0110266 A1 to Debraize-Debraize teaches a countermeasure method against side channel analysis for cryptographic algorithm using Boolean operations and arithmetic operation. To protect a cryptographic algorithm combining Boolean and arithmetic instructions against first order side channel analysis, it is necessary to perform conversions between Boolean masking and arithmetic masking. 

U.S. Pub. Number 2005/0232430 A1 to Gebotys- Gebotys teaches a countermeasure for differential power analysis attacks on computing devices. The countermeasure includes the definition of 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.