DETAILED ACTION
 Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is a response to an application filed 09/22/2020 wherein claims 1 – 16 are pending and ready for examination.  
                                      Information Disclosure Statement 
The information disclosure statements (IDS) submitted on 9/29/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 5 and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 5 cites the masked logic gate of claim 4, wherein the XOR gates of the tree are connected such that any XOR gate of the tree involves at least one random bit an odd number of times.  The Examiner fails to the “at least one random bit 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3 and 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Applicant Admitted Prior Art Hannes et al, “Generic low-latency masking in hardware." IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018, hereafter referred to as Hannes in view of Venkatesan et al, US 20080005476 A1, January 3, 2008, hereafter referred to as Venkatesan.         .

             As to claim 1, Hannes teaches a masked logic gate – Hannes [Figure 1, page 3] protected against side-channel attacks using Boolean masking with d+1 shares for each input variable, where d is an integer at least equal to 1 representing a protection order, the masked logic gate comprising:
          a first input configured to receive a number of shares yj (j = 0, 1, 2...) .  
          a second input configured to receive (d+1) shares xi (i = 0, 1, 2...) representative of an intermediate result output by one layer of a tree of gates implementing low-latency masking with the protection order of d;  and
           a (d+1)-share output obtained by applying a logic function of the masked logic gate to the shares of the first and second inputs using domain-oriented masking – Hannes [Page 3 para 3, Figure 1]. 


    PNG
    media_image1.png
    461
    812
    media_image1.png
    Greyscale

Here, the claimed ‘masked logic gate’ is taught by Hannes as ‘Figure 1’ represented as a first order variant where the variable d is equal to 1.  The claimed first input yj (j = 0, 1, 2...) is taught by Hannes [Page 3 para 3] and illustrated above as ‘Yo’ whereas the claimed second input xi (i = 0, 1, 2...) is taught by Hannes [Page 3 para 3] and illustrated above as ‘X1’ since it an intermediate result. The claimed ‘(d+1) share output’ is taught by Hannes at [Page 3, para 3] ‘resharing’ phase’.  The claimed ‘tree of gates’ implementing low-latency masking’ is suggested by Hannes [Page 2 para 3] as AES S-box because a S-box may be a structure layered with gates.  HANNES SUGGESTS an intermediate result output by one layer of a tree of gates implementing low-latency masking with the protection order of d, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR VENKATESAN TEACHES an intermediate result output by one layer of a tree of gates implementing low-latency masking with the protection order of d – Venkatesan [0007] Software protection using data structures is described. In one implementation, an engine between the processor and the memory of a computing device encrypts and stores data and program variables in blocks of memory that correspond to nodes of a tree-like data structure. When accessed, the nodes of this search tree are rearranged according to various schemata to obscure memory access patterns from being detected by cache attacks or side-channel attacks. In one implementation, the data structure is a splay tree that self-rearranges upon access and increases efficiency while providing security. Here, the claimed ‘intermediate result’ is taught by Venkatesan as ‘rearranged’ because the encrypted data pattern stored in the tree-like nodes are scrambled.  To provide the tree-like structure of Venkatesan to the circuit AND22_M2 of Hannes would have been obvious to one of ordinary skill in the art, in view of the teachings of Venkatesan, since all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods of tree spanning with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in before the effective filing date of the invention, i.e., one skilled in the art would have recognized that the tree structure used in Venkatesan would allow circuit AND22_M2 of Hannes the benefit and efficiency of reduced delays as provided by the elements of Venkatesan).

              As to claim 2, the combination of Hannes and Venkatesan teaches the masked logic gate of claim 1, wherein the first input is also configured to receive (d+1) shares representative of an intermediate result output by one layer of a tree of gates implementing low-latency masking with the protection order of d -  Hannes [page 8 2nd paragraph]… We assume that each of the five inputs and the two duplicated inputs are shared using d + 1 shares. As there is a single layer of AND gates, the shares and thus the domains for each of the outputs grow from d + 1 to (d + 1)2, and we use two indices (i and j) to denote the according output share).

             As to claim 3, the combination of Hannes and Venkatesan teaches the masked logic gate of claim 1, wherein the first input is configured to receive d+1 shares of an input variable - Hannes [page 4, 3rd paragraph] … a compression of the multiplication terms is usually performed also in other existing masked multiplication algorithms that operate on d + 1 input shares. This compression step is also performed in the depicted DOM multiplier by summing up the multiplication terms on the output. The result q is then again shared with only d + 1 shares). 

            As to claim 9, claim 9 is a masked logic gate that is directed to the masked logic gate of claim 1.  Therefore, claim 9 is rejected for the reasons as set forth in claim 1. 

            As to claim 10, claim 10 is a masked logic gate that is directed to the masked logic gate of claim 2.  Therefore, claim 10 is rejected for the reasons as set forth in claim 2.

            As to claim 11, claim 11 is a masked logic gate that is directed to the masked logic gate of claim 3.  Therefore, claim 11 is rejected for the reasons as set forth in claim 3. 

s 4-5, 7, 12-13, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Applicant Admitted Prior Art Hannes; and Venkatesan, in view of Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order”, Hannes Gross et al., October 2016, hereafter referred to as Hannes2.

         As to claim 4, the combination of Hannes and Venkatesan teaches the masked logic gate of claim 1, having a structure representable by a matrix having (d+1)2 rows assigned respectively to the shares xi of the second input, and a number of columns assigned respectively to the shares yj of the first input, the structure comprising:
             for each cell (i, j) of the matrix, an elementary gate of a same type connected to operate on the shares xi and yj – Hannes [page 4, para 1] During the calculation step, the
so-called inner-domain multiplication terms, which use only shares with the same share
index (x0 · y0 and x1 · y1), do not violate the domain separation and can thus securely be
used in their respective domains)
             for each cell (i, j) in a subset of cells of the matrix, a random bit selected in a group of independent random bits (r0, rl, r2...) – Hannes [page 4, para 3] To allow the secure summing of the multiplication terms, a resharing step is performed by adding fresh randomness
r to the two cross-domain terms. The subsequent use of a register ensures that the
resharing is active before the terms are compressed on the output of the multiplier and
suppresses the propagation of glitches. This resharing process allows to securely integrate
the cross-domain terms without violating the domain separation requirement of DOM), and 
             an XOR gate connected to inject the random bit in the output of the corresponding elementary gate, wherein the random bits are selected such that any random bit occurs an even number of times in the matrix – [Hannes 5. 1 para 1]…the sponge mode for the data encryption and authentication is depicted in Figure 6, in which the round transformation is performed iteratively either twelve (p12)or six (p6) times on the state in each round.  Here, the claimed ‘even number of times’ is taught by Hannes as ‘twelve or six’.  THE COMBINATION OF HANNES AND VERDKSLSINA DO NOT TEACH and
               for each slice of d+1 rows of the matrix, a respective tree of XOR gates producing a corresponding output share (z0, z1, z2) of the masked logic gate from all the cells of the slice HOWEVER IN AN ANALAGOUR ART DIRECTED TO THE SAME FIELD OF ENDEAVOR HANNES2 TEACHES – Hannes2 [page 9, para 3.2] The first-order DOM multiplier can be extended to arbitrary protection orders. The generalization requires to first extend the calculation phase to produce a correct sharing with d+1 shares for any given protection order d. In the resharing phase it needs to be ensured that the fresh random Z shares are distributed over the domains in a way that (1) each cross-domain term is reshared with a Z share that is unique inside the targeted domain and (2) none of the signal combinations created in the integration phase reveals more than the inner-domain terms or shares.  The reasons to consider Hannes as obvious to the features of claim1 apply here for Hannes2 regarding to the features of claim 4 as Hannes and Hannes2 are directed to the same field of endeavor).  

              As to claim 5, the combination of Hannes, Venkatesan, and Hannes2 teaches the masked logic gate of claim 4, wherein the XOR gates of the tree are connected such that any XOR gate of the tree involves at least one random bit an odd number of times - Venkatesan [0069] At block 806, after every k requests, a random label is selected from the set of labeled variables being represented by the oblivious data structure. A read request is issued using the randomly selected label as the retrieval criterion. This random read request splays the requested node (e.g., to the root position, for example) and rearranges the splay tree, further obfuscating memory access patterns from an adversary. Here, the claimed ‘odd number of times’ is taught by Venkatesan as ‘after ever k requests’ since the logic can determine if odd or even requests are selected. Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique  AMD_22 of Hannes would have yielded predicable results and resulted in an improved device, namely, a device capable of determing odd or even outputs based on the selection criteria provided by the “technique” of Venkatesan).

           
As to claim 12, claim 12 is a masked logic gate that is directed to the masked logic gate of claim 4.  Therefore, claim 12 is rejected for the reasons as set forth in claim 4. 

As to claim 13, claim 13 is a masked logic gate that is directed to the masked logic gate of claim 5.  Therefore, claim 13 is rejected for the reasons as set forth in claim 5. 

As to claim 15, claim 15 is a masked logic gate that is directed to the masked logic gate of claim 7.  Therefore, claim 15 is rejected for the reasons as set forth in claim 7. 



Allowable Subject Matter
Claims 6 - 8, 14, and 16 are objected to as being dependent upon a rejected base claim, but would be potentially allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 24911/7/2022

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491