DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) is acknowledged.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2020-01-22 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-21 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement.  The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor at the time the application was filed, had possession of the claimed invention.  Specifically, the claims merely recite functional language that define the boundaries of a desired result (rather than reciting concrete steps that achieve the desired result) and the Specification does not demonstrate that the applicant has made a generic invention for achieving the desired result.
In particular, claim 1 recites “configuring a microprocessor such that the microprocessor does not execute any instruction within a normal instruction set of the microprocessor that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data”; however, the claim limitation merely recites a functional desired result (“such that the microprocessor does not execute any instruction within a normal instruction set …”) and the Specification does not describe sufficient species for claiming this generic result.  Instead, the Specification appears to describe a single means – developing a e.g. [0038]).  This single means is insufficient to support the full scope of the desired result of claim 1.
Claim 16 is rejected under a similar rationale.  The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above.

Claims 1-21 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.  Specifically, claim 1 recites the limitation “guaranteeing encryption of data provided at a secure output port of a microprocessor”, which renders unclear the scope of the required options “that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data”.  That is, the “or” encompasses the interpretation that only one of the required options need to be met; however, if only one option need to be met, such option alone would not achieve the desired function of guarantee.  For example, merely not executing any instruction that supports compile-time unresolvable port addressing does not guarantee encryption of data at a secure port.
Note that an “and” in lieu of “or” would not fix this.  The language would have to be something like “configuring a microprocessor such that the microprocessor (a) does not i.e. clarifying that neither instruction type is executable by the microprocessor.
Claim 16 is rejected under a similar rationale.  In addition, dependent claims 2-3, 10-12, 14, and 17-18 independently recite similar language and are also rejected under a similar rationale.  The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above.

Claims 1-21 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.  Specifically, claim 1 recites the limitation “that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data”, and the term “supports” is such a nebulous term that effectively encompasses the entire instruction set, thereby rendering unclear which particular instructions should be removed from the normal instruction set.
For example, basic arithmetic can be used for supporting compile-time unresolvable port addressing (e.g. when computing memory address offsets); however, it’s clear from the Specification that applicant is not disposing of the entire instruction set.  The claimed term 
Claim 16 is rejected under a similar rationale.  In addition, dependent claims 2-3, 10-12, 14, and 17-18 independently recite similar language and are also rejected under a similar rationale.  The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above.

Claims 20-21 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.  Specifically, claims 20-21 each recite that the “ISA” comprises “instructions” and these instructions could be construed as a form of instruction that performs the “support” recited in “any instruction within a normal instruction set of the microprocessor that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data” of parent claim 16, which contradicts the inherited language of claim 16 that the “instruction set architecture (ISA) [is] modified to avoid executing” such limitations.  This contradiction occurs because of the nebulous nature of “supports” as noted in the rejection at ¶7.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 are rejected under 35 U.S.C. 102(a)(1) as being clearly anticipated by Huapaya.

With respect to independent claim 1, Huapaya discloses a method of guaranteeing encryption of data provided at a secure output port of a microprocessor, comprising:
configuring a microprocessor such that the microprocessor does not execute any instruction within a normal instruction set of the microprocessor that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data {paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”.  Further note that the claim is so broad it reads on a microprocessor that has burned up and is non-functional, as such a processor would not execute such instructions as claimed}.

With respect to dependent claim 2, Huapaya discloses wherein said microprocessor comprises a microprocessor configured as a reduced instruction set microprocessor wherein an implemented instruction set architecture (ISA) lacks an ability to execute any instruction within a normal instruction set of the microprocessor that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data {paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”.  Further note that the claim is so broad it reads on a microprocessor that has burned up and is non-functional, as such a processor would not execute such instructions as claimed}.

With respect to dependent claim 3, Huapaya discloses wherein said microprocessor comprises a full instruction set microprocessor having a secure operating mode which, when invoked, inhibits microprocessor execution of any instruction within a normal instruction set of the microprocessor that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data {paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”}.

With respect to dependent claim 4, Huapaya discloses wherein the microprocessor is configured to enter the secure operating mode in response to one or more of a predefined signal level being sensed at a microprocessor input terminal, a flag in a compiled program indicative of the program comprising a secure operating mode program, a signature within the compiled program identifying the microprocessor as a secure microprocessor, receiving a secure mode command via an input port, and a determination that the microprocessor is configured for communication with a secure device {para. 0037: “It is the responsibility of the application code 102 to create and initialize the secure enclave 104”}.

With respect to dependent claim 5, Huapaya discloses wherein the signature within the compiled program comprises hardware or software signatures associated with each of one or more microprocessors, each signature being configured to cause a respective microprocessor to operate in one of a secure operating mode and a non-secure operating mode {para. 0037: “It is the responsibility of the application code 102 to create and initialize the secure enclave 104”; note that this teaches an alternative limitation of a markush group of parent claim 4}.

With respect to dependent claim 6, Huapaya discloses wherein the hardware signature comprises a microprocessor device identifier, and the software signature comprises one of a firmware or software identifier {para. 0037: “It is the responsibility of the application code 102 to create and initialize the secure enclave 104”; note that this teaches an alternative limitation of a markush group of parent claim 4}.

With respect to dependent claim 7, Huapaya discloses wherein the determination that the microprocessor is configured for communication with a secure device comprises one or more determining that a secure port is active, determining that a physical connection has been made with a secure port, and determining that data received via an input port is encrypted {para. 0046: “a remote target 201, typically a service provider needing cryptographic functions to be performed by a secure service supported by the HSM 301, enters in communication with the application program 101 insuring the triggering of the secure enclave”}.

With respect to dependent claim 9, Huapaya discloses wherein said microprocessor comprises at least one secure output port and at least one non-secure output port {paras. 0034 & 0052: secure output port: “secure enclave code 105 can in turn callback into the untrusted application code 102 using another highly defined interface 207 ➔ 205, thus allowing the secure enclave code 105 to execute untrusted application code 102 and to pass back data to said code 102”, and non-secure output port: “the CPU 110 is responsible for running all code, both secure and unsecure”}, and said ISA lacks an ability to execute any data output instruction without encryption of the data where the data destination is a secure port {paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”.  Further note that the claim is so broad it reads on a microprocessor that has burned up and is non-functional, as such a processor would not execute such instructions as claimed}.

With respect to claims 16-18, a corresponding reasoning as given earlier in this section with respect to claims 1-3 applies, mutatis mutandis, to the subject matter of claims 16-18; therefore, claims 16-18 are rejected, for similar reasons, under the grounds as set forth for claims 1-3.

With respect to dependent claim 19, Huapaya discloses wherein all secure port input/output (I/O) instructions within said ISA require using destination specific output instructions that encrypt a payload portion of an output packet for at least those destinations comprising secure output ports {para. 0057: “a secure core 310 having secure properties and functionalities and further having the functionality to extend security properties and functionalities to software secure enclaves 104 having their own security features insuring that executable code and data are always encrypted in memory and over communication bus and insuring that only the code within the secure enclave 104 is allowed to access the data in plain-text”}.

With respect to dependent claim 20, Huapaya discloses wherein said ISA further comprises destination specific output instructions that do not encrypt a payload portion of an output packet {para. 0052: “the CPU 110 is responsible for running all code, both secure and unsecure”}.

With respect to dependent claim 21, Huapaya discloses wherein said ISA further comprises group I/O group instructions configured to send output data to any output port {paras. 0052 & 0057: secure output port: “a secure core 310 having secure properties and functionalities and further having the functionality to extend security properties and functionalities to software secure enclaves 104 having their own security features insuring that executable code and data are always encrypted in memory and over communication bus and insuring that only the code within the secure enclave 104 is allowed to access the data in plain-text”, and non-secure output port: “the CPU 110 is responsible for running all code, both secure and unsecure”}.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


Claims 8 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Huapaya (European Patent Application Publication No. EP-3336737-A1, hereinafter “Huapaya”).

With respect to dependent claim 8, Huapaya discloses wherein said microprocessor comprises only one output port {para. 0034: “secure enclave code 105 can in turn callback into the untrusted application code 102 using another highly defined interface 207 ➔ 205, thus allowing the secure enclave code 105 to execute untrusted application code 102 and to pass back data to said code 102”; note that Huapaya does not explicitly disclose that there is ‘only’ one output port; however, the removal of any other output vectors is merely an obvious modification by the elimination of an element and its function; See MPEP §2144.04(II)(A)}, and said ISA lacks an ability to execute any data output instruction without encryption of the data {paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”.  Further note that the claim is so broad it reads on a microprocessor that has burned up and is non-functional, as such a processor would not execute such instructions as claimed}.

With respect to dependent claim 15, Huapaya discloses constraining microprocessor operation such that the microprocessor is configured to output data via a single output port {para. 0034: “secure enclave code 105 can in turn callback into the untrusted application code 102 using another highly defined interface 207 ➔ 205, thus allowing the secure enclave code 105 to execute untrusted application code 102 and to pass back data to said code 102”; note that Huapaya does not explicitly disclose that there is ‘only’ one output port; however, the removal of any other output vectors is merely an obvious modification by the elimination of an element and its function; See MPEP §2144.04(II)(A)}.


Claims 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Huapaya (European Patent Application Publication No. EP-3336737-A1, hereinafter “Huapaya”) in view of Smiljanic.

With respect to dependent claim 10, Huapaya discloses wherein microprocessor operation … is configured to exclude generating any instruction that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data {paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”}.  Although Huapaya teaches preventing the exportation of unencrypted data, Huapaya does not explicitly disclose that the excluding is performed by a compiler; however, Smiljanic discloses wherein microprocessor operation is configured by microprocessor executable instructions generated by a compiler in response to {para. 0086: “the DSL code 36 transferred to the compiler 28 for compilation is effectively sandboxed by the security policy 26 and associated mechanisms 40, 42, in part via type checking and selective blocking of or preventing the running of computer code that violates the security policy 26”}.

Huapaya and Smiljanic are analogous art because they are from the same field of endeavor or problem-solving area of secure code execution.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Huapaya and Smiljanic before him or her, to modify/develop the software portion of the enclave of Huapaya’s system to utilize compilation of code that complies with the security requirements of the enclave.  The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, i.e. creating necessarily secure software for the enclave.  Therefore, it would have been obvious to combine the software portion of the enclave in Huapaya’s system with compilation of code that complies with the security requirements of the enclave to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 11, Huapaya and Smiljanic disclose wherein microprocessor operation is configured by microprocessor executable instructions generated by a compiler in response to source code provided thereto, wherein the compiler in a secure {Huapaya, paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”; Smiljanic, para. 0086: “the DSL code 36 transferred to the compiler 28 for compilation is effectively sandboxed by the security policy 26 and associated mechanisms 40, 42, in part via type checking and selective blocking of or preventing the running of computer code that violates the security policy 26”}.

With respect to dependent claim 12, Huapaya and Smiljanic disclose wherein the compiler is associated with an inspection module configured to identify an assembly instruction or portion thereof that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data {Huapaya, paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”; Smiljanic, para. 0086: “the DSL code 36 transferred to the compiler 28 for compilation is effectively sandboxed by the security policy 26 and associated mechanisms 40, 42, in part via type checking and selective blocking of or preventing the running of computer code that violates the security policy 26”}.

With respect to dependent claim 13, Smiljanic discloses wherein the inspection module is invoked by the compiler to inspect any source code referencing a library function or providing in-line assembly code instructions {para. 0056: “deployed custom code 38 may selectively access GPL Application Programming Interfaces (APIs) 34 (e.g., subject to compile-time security enforcement), which may represent public GPL code libraries”}.

With respect to dependent claim 14, Huapaya and Smiljanic disclose wherein said compiler is associated with a secure library of macro instructions configured to exclude any instruction that (a) supports compile-time unresolvable port addressing or (b) supports data output to a secure port without encryption of the data {Huapaya, paras. 0005 & 0037: “SGX, which stands for ‘Software Guard Extensions’ was introduced in computer chips. This new feature allows an application program to create secure enclaves within which executable code and data can reside such that all of the code and data is always encrypted in memory and over the bus and only the code within the enclave is allowed to 'see' the data in plain-text”; see also “the secure enclave code 105 will be required to encrypt outgoing communication traffic before passing it on to the application program 101 which relays it to the HSM 301”; Smiljanic, para. 0056: “deployed custom code 38 may selectively access GPL Application Programming Interfaces (APIs) 34 (e.g., subject to compile-time security enforcement), which may represent public GPL code libraries”}.




Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/Primary Examiner, Art Unit 2491