Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Amendment 
In response to communication with applicant’s correspondent of record, Kari Bartingdale, Reg# 35,183, the application has been amended as follows: 
LISTING OF CLAIMS:
Claim 1 (Currently Amended):	A system on a chip (SoC) comprising:
an encryption/decryption engine configured to: 
encrypt transmission (Tx) channel data using a multi-round encryption datapath; and 
decrypt encrypted received (Rx) channel data using a multi-round decryption datapath; and
a security processor configured to:
 	multiplex the multi-round encryption datapath against the multi-round decryption datapath on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds; and
control the encryption/decryption engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data according to the mixed sequence of encryption rounds and decryption rounds; 
apply side-channel attack (SCA) protection while executing a subset of the rounds of the mixed sequence; and
not applying the SCA protection while executing all remaining rounds of the mixed sequence not included in the subset;
wherein the remaining rounds of the mixed sequence not included in the subset and executed while the SCA protection is not applied comprise all remaining encryption rounds of the mixed sequence not included in the subset of encryption rounds of the mixed sequence to which the SCA protection is applied and all remaining decryption rounds of the mixed sequence not included in the subset of decryption rounds of the mixed sequence and executed while the SCA protection is applied.

Claim 2 (Canceled).

Claim 5 (Currently Amended):	The SoC of claim 1 [[2]], 
wherein the subset of rounds of the mixed sequence executed while the SCA protection is applied comprises a combination of a subset of the encryption rounds of the mixed sequence with a subset of the decryption rounds of the mixed sequence


Claim 8 (Currently Amended):	A head-mounted device (HMD) comprising: 
a system on a chip (SoC) comprising:
an encryption/decryption engine configured to: 
encrypt transmission (Tx) channel data using a multi-round encryption datapath; and 
decrypt encrypted received (Rx) channel data using a multi-round decryption datapath; and
a security processor configured to:
multiplex the multi-round encryption datapath against the multi-round decryption datapath on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds; and

apply side-channel attack (SCA) protection while executing a subset of the rounds of the mixed sequence; and
not applying the SCA protection while executing all remaining rounds of the mixed sequence not included in the subset; 
wherein the remaining rounds of the mixed sequence not included in the subset and executed while the SCA protection is not applied comprise all remaining encryption rounds of the mixed sequence not included in the subset of encryption rounds of the mixed sequence to which the SCA protection is applied and all remaining decryption rounds of the mixed sequence not included in the subset of decryption rounds of the mixed sequence and executed while the SCA protection is applied; and
an interface coupled to the SoC, the interface being configured to:
	transmit the Tx traffic; and
	receive the encrypted Rx traffic.

Claim 9 (Canceled).

Claim 12 (Currently Amended):	The HMD of claim 8 [[9]], 
wherein the subset of rounds of the mixed sequence executed while the SCA protection is applied comprises a combination of a subset of the encryption rounds of the mixed sequence with a subset of the decryption rounds of the mixed sequence



a system on a chip (SoC) comprising: a system on a chip (SoC) comprising:
an encryption/decryption engine configured to: 
encrypt transmission (Tx) channel data using a multi-round encryption datapath; and 
decrypt encrypted received (Rx) channel data using a multi-round decryption datapath; and
a security processor configured to:
multiplex the multi-round encryption datapath against the multi-round decryption datapath on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds; and
control the encryption/decryption engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data according to the mixed sequence of encryption rounds and decryption rounds 
apply side-channel attack (SCA) protection while executing a subset of the rounds of the mixed sequence; and
not applying the SCA protection while executing all remaining rounds of the mixed sequence not included in the subset; 
wherein the remaining rounds of the mixed sequence not included in the subset and executed while the SCA protection is not applied comprise all remaining encryption rounds of the mixed sequence not included in the subset of encryption rounds of the mixed sequence to which the SCA protection is applied and all remaining decryption rounds of the mixed sequence not included in the subset of decryption rounds of the mixed sequence and executed while the SCA protection is applied; and
an interface coupled to the SoC, the interface being configured to:
	transmit the Tx traffic; and
	receive the encrypted Rx traffic.

Claim 16 (Canceled).

15 [[16]], 
wherein the subset of rounds of the mixed sequence executed while the SCA protection is applied comprises a combination of a subset of the encryption rounds of the mixed sequence with a subset of the decryption rounds of the mixed sequence


Claim 20 (Original):	The peripheral device of claim 16, wherein the SCA protection comprises masking using a random number.

Claim 21 (Original):	The peripheral device of claim 15,
wherein the encryption rounds form a multi-round encryption datapath,
wherein a respective result of each encryption round is used by a subsequently executed encryption round of the multi-round encryption datapath,
wherein the decryption rounds form a multi-round decryption datapath, and
wherein a respective result of each decryption round is used by a subsequently executed decryption round of the multi-round decryption datapath.

Claim 22 (Currently Amended): 	The system on a chip (SoC) of claim 23 [[1]], wherein the subset of rounds of the multi-round encryption datapath are interleaved with a subset of rounds of the multi-round decryption datapath on one of a random basis, a pseudo-random basis, or a deterministic basis. 

Claim 23 (New): 	The system on a chip (SoC) of claim 1, wherein the security processor is further configured to control the encryption/decryption engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data according to the mixed sequence of encryption rounds and 



Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance: 
 	The prior art of record fails to teach or fairly suggest prevention and protection against side channel attacks on secure devices by reversing encryption and decryption operations, when multiplexing and encryption datapath coupled against a decryption datapath on a round-robin basis, via generating a mixed sequence of encryption rounds and decryption rounds, applying the side-channel attack protection during execution of a portion of the rounds of the mixed sequence, and determining not to apply the side-channel attack protection for the portion of mixed sequence rounds that aren’t included in the mixed sequence of encryption and decryption operation data, the remaining rounds of the mixed sequence that are not included in the portion that are executed while the SCA protection is not applied include all remaining encryption rounds of the mixed sequence that are not included in the portion of encryption rounds of the mixed sequence to which the SCA protection is applied and all remaining decryption rounds of the mixed sequence not included in the portion of the decryption rounds of the mixed sequence and executed while the SCA protection is applied, in the specific manner and combinations recited in claims 1, 3-8, 10-15, and 17-23.  
The closest related prior art are cited to state the general state of the art and are not considered to teach the distinguishing features noted above. The prior art includes:
(i) 	US Pat Ozturk et al (US 8,346,839), which teaches combining inverse Mux 
(ii) 	US PG Pub Dolan et al (US 2018/0150831), which discloses preventing an attack on secure data transmitting from a user’s wearable augmented reality device;
(iii) 	NPL document "SMS4 Encryption Algorithm for Wireless Networks" – Whitfield Diffie, Sun Microsystems, George Ledin, Sonoma State University, 05/15/2008; and 
(iv) 	NPL document "Specification of Camellia – A 128-bit Block Cipher" – Aoki et al, Nippon Telegraph and Telephone Corporation, Mitsubishi Electric Corporation, 09/26/2001.

After thorough review of related prior art, the application has been deemed allowable because of the limitations of prevention and protection against side channel attacks on secure devices by reversing encryption and decryption operations, when multiplexing and encryption datapath coupled against a decryption datapath on a round-robin basis, via generating a mixed sequence of encryption rounds and decryption rounds, applying the side-channel attack protection during execution of a portion of the rounds of the mixed sequence, and determining not to apply the side-channel attack protection for the portion of mixed sequence rounds that aren’t included in the mixed sequence of encryption and decryption operation data, the remaining rounds of the mixed sequence that are not included in the portion that are executed while the SCA protection is not applied include all remaining encryption rounds of the mixed sequence that are not included in the portion of encryption rounds of the mixed sequence to which the SCA protection is applied and all remaining decryption rounds of the mixed sequence not included in the portion of the decryption rounds of the mixed sequence and executed while the SCA protection is applied, recited in the specific manner and combinations recited within the .  
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.