DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 02/13/2020.


Claim Interpretation(f)
The following is a quotation of 35 U.S.C. 112(f): 

(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 

An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims 1, 2, 4 in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 

(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “ a table generation unit  ,  a table calculation unit.. a round processing unit..” in claims 1,2 and 4.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

 			Claim Rejections – 35 USC § 101 
 
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 1-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

 	As per clam 1 and 9, the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a mathematical formula wherein B is an integer equal to or greater than 1, R is an integer equal to or greater than 3, S is an integer equal to or greater than 2, U = S2 holds, F is a finite field, b = 0, ..., B-1 holds, r = 1, ..., R holds, and j = 2, ..., R holds, round processing in a first round includes a process P1, 4, the process P1, 4 including processing for obtaining a matrix Mb, 1, 4 by adding S counter values ib, o, ..., ib, s-1 to S members in one of columns of an SxS matrix that is formed from members of a round key ki E FU of the first round, respectively, round processing in a jth round includes a process Pj, 1, a process Pj, 2, a process Pj, 3, and a process Pi, 4, the process Pj, 1 including processing for obtaining a matrix Mb, , 1 by permutation of members of a matrix Mb, -1, 4, the process Pj,2 including processing for obtaining a matrix Mb, j, 2 by cyclically shifting members of the matrix Mb, j, 1 on a per-row basis, the process Pj, 3 including processing for obtaining a matrix Mb, j, 3 which has linear sums of S members of each column of the matrix Mbj, 2 as the S members of that column, and the process Pi, 4 including processing for obtaining a matrix Mb, , 4 by adding the respective members of a round key k, of the jth round to the respective members of the matrix Mb, j, 3, and the secure computation device includes a table generation unit that performs an early-stage process for obtaining concealed information {M(io, ..., is-1)} of a table M(io, ..., is-1) having one-variable function values for a variable i = io, ..., is-1 as its members, by secure computation using concealed information of any one of round keys ki, ..., k3, a table calculation unit that obtains concealed information {Mb, r, } of a matrix 2Docket No. 526042US Preliminary Amendment Mb, r, , for b = 0, ..., B-1 by secure computation using concealed information {ib, o}, ... {ib, s-1} of the counter values ib, o, ..., ib, s-1 and the concealed information {M(io, ..., is- 1)}, where M(ib, o, ..., ib, s-1) generated by substituting the counter values ib, o, ..., ib, s-1 into the table M(io, ..., is-1) represents the matrix Mb, y, ,, which is any one of Mb, 2, 1, Mb, 3,2, and a round processing unit that performs a later-stage process for obtaining concealed information {Mb, F, MU} of a matrix Mb, F, MU which is obtained by execution of a remaining process, by secure computation using concealed information of any one of round keys k2, ..., kR+1 and the concealed information {Mb, y, J, where the remaining process includes those processes among the process Pj, 1, the process Pj,2, the process Pj, 3, and the process Pi, 4 for j = 2, ..., R that are performed subsequent to a process Py .
 This judicial exception is not integrated into a
practical application because the above group of limitations can be a mental process.  
 	The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the above groups of abstract ideas can be perform mentally for control accessing the resource without performing my a special machine and improvement to the any technology to produce a practical application. 
 	
 	This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using an authenticator to perform both the sending and receiving steps. The authenticator  in both steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of ranking information based on a determined amount of use) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, there is not any additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.

 	As per claims 2-8, those claims are reject bases on the relational set for the claims 1. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims terms, a program, do not fall within at least one of the four categories of patent eligible subject matter.  In this case, Applicant has claimed a “device” without reciting any hardware element in the bodies of the claims.  Thus, the Computer Desktop Encyclopedia which states "(2) May refer to software".


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 11 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
Claim 11 is directed towards a computer program product, the computer program product being embodied in “a computer readable storage medium”. Applicant’s specification does not define the term. Thus it is unclear whether the term is meant to encompass signals or not. The broadest, reasonable interpretation of the term is applied and currently the examiner is assuming that it encompasses signals. Signals do not fall within any of the four statutory categories of invention, thus claim 11  is  not statutory. Examiner suggests amending claims to recite, “non-transitory computer-readable recording medium" to exclude non-statutory mediums such as signals (see, Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. § 101, Aug. 24, 2009; p. 2 and also Memorandum on Subject Matter Eligibility of Computer Readable Media, 1351 OG 212 (February 23,2010)).


Claim Objections
Claims 10-11 are objected to because of the following informalities:  those claims are not further limiting the claims. Applicant may add the all the limitations from the claim 1 to 5 into those claims respectively.  Appropriate correction is required.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 9, 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Cammarota et al US 2016/0269175 in view of Terada et al US 2013/0090132.

 	As per claim 1, Cammarota discloses a secure computation device, wherein B is an integer equal to or greater than 1, R is an integer equal to or greater than 3, S is an integer equal to or greater than 2, U = S2 holds, F is a finite field, b = 0, ..., B-1 holds, r = 1, ..., R holds, and j = 2, ..., R holds ( par 0031  AES system for encryption 100 and decryption 101 where masking is employed during SubBytes, i.e. integer bytes, and InvSubBytes stages, which are byte substitution stages.  par 0038 n AES cipher or within corresponding substitution operations of cryptographic devices that exploit composite field operations in a finite field. No random number generator is required to generate internal fresh bits using this procedure, yet security is maintained. By avoiding the use of a random number generator in the SubBytes device, processing speed can be improved relative to devices that compute the results of Equations (4), ), 
 	round processing in a first round includes a process P1, 4, the process P1, 4 including processing for obtaining a matrix Mb, 1, 4 by adding S counter values ib, o, ..., ib, s-1 to S members in one of columns of an SxS matrix that is formed from members of a round key ki E FU of the first round, respectively (par 0031  AES system for encryption 100 and decryption 101 where masking is employed during SubBytes and InvSubBytes stages, which are byte substitution stages. For encryption, beginning at 102, an initial AddRoundKey operation is performed on input plaintext, wherein each byte of the current state is combined with a block of a round key. As noted above, the “state” is a 4×4 matrix of bytes. That is, during AddRoundKey, a subkey is derived from a main key using, e.g., Rijndael's key schedule where each subkey is the same size as the state. The subkey is then added in by combining each byte of the state with a corresponding byte of the subkey using bitwise XOR. Following the initial AddRoundKey operation, encryption rounds 103,i.e. round processing in a first round are performed where each round includes a Masked SubBytes stage 104, a ShiftRows stage 106, a MixColumns 108 stage and another AddRoundKey stage 110. The Masked SubBytes stage 104 is a masked version of a standard AES SubBytes stage. In a Masked SubBytes stage, each byte in the state matrix is replaced with a corresponding SubByte using a substitution device or processor where masking is provided. The masked substitution provides non-linearity in the cipher while also acting as a countermeasure to side-channel attacks. In some conventional examples of AES, the SubBytes device computes a multiplicative inverse over GF(2.sup.8) where GF(2.sup.8)is a Galois Field (i.e. a Finite Field). As will be described below, modified versions can instead perform the multiplicative inverse using the GF(2.sup.2) subfield. Following completion of the encryption rounds 103, a final encryption round 114 is performed, which includes a final Masked SubBytes stage 116, a final ShiftRows stage 118 and a final AddRoundKey stage 120. The output is the encrypted ciphertext.),
 round processing in a jth round includes a process Pj, 1, a process Pj, 2, a process Pj, 3, and a process Pi, 4, the process Pj, 1 including processing for obtaining a matrix Mb, , 1 by permutation of members of a matrix Mb, -1, 4, the process Pj,2 including processing for obtaining a matrix Mb, j, 2 by cyclically shifting members of the matrix Mb, j, 1 on a per-row basis, the process Pj, 3 including processing for obtaining a matrix Mb, j, 3 which has linear sums of S members of each column of the matrix Mbj, 2 as the S members of that column, and the process Pi, 4 including processing for obtaining a matrix Mb, , 4 by adding the respective members of a round key k, of the jth round to the respective members of the matrix Mb, j, 3,  ([0039] Beginning at 302, as part of an encryption or decryption AES cryptographic operation in a finite field (such as GF(2.sup.8), the AES device combines input text (herein generally referred to as “data”) with a round key to obtain combined data (such as by combining plaintext with a round key for encryption or by combining ciphertext with a round key for decryption). This may correspond, for example, to the initial AddRoundKey operation 102 of FIG. 1 for encryption or to the initial AddRoundKey operation 124 for decryption. Note that, herein, “data” may generally refer to any of various quantities, characters or symbols on which operations are performed by a computing device (such as the AES device or its components)and
a table calculation unit (a random number generator or any complicated calculations ) that obtains concealed information {Mb, r, } of a matrix 2Docket No. 526042US Preliminary Amendment Mb, r, , for b = 0, ..., B-1 by secure computation using concealed information {ib, o}, ... {ib, s-1} of the counter values ib, o, ..., ib, s-1 and the concealed information {M(io, ..., is- 1)}, where M(ib, o, ..., ib, s-1) generated by substituting the counter values ib, o, ..., ib, s-1 into the table M(io, ..., is-1) represents the matrix Mb, y, ,, which is any one of Mb, 2, 1, Mb, 3,2,  (par 0042 at the level of the GF(2.sup.2) subfield, the number of permutations is small, i.e. there are only four elements to the GF(2.sup.2) subfield. Computing multiplication operations in the GF(2.sup.2) subfield corresponds to performing permutations of some of the elements of the subfield (since the subfield is a finite field and hence all multiplication operations in the subfield must yield an element of the subfield). The aforementioned static table can thereby be used to efficiently facilitate the multiplication operations since it stores the various permutations. Moreover, inversion in the subfield is a bit swap. More specifically, in GF(2.sup.2): the inverse of 0 is 0; the inverse of 1 is 2; the inverse of 2 is 1; and the inverse of 3 is 3 (where the values 0,1,2 and 3 are meant to represent permissible values of the GF(2.sup.2) subfield and not their ordinary arithmetic equivalents). Hence, inversion can easily be performed merely by looking up the inverted value using the static table. Still further, note that an input value plus a correction term (i.e. an input mask) will yield a permutation of the static table. There are only four permutations in GF(2.sup.2); the identity table when the input mask is 0 and three other bytes when the input mask is not 0. A permutation is thereby selected by the input mask. The output is selected by using an indexing vector divided by the masked input value in GF(2.sup.2). As such, consolidation is conveniently performed without the need for a random number generator or any complicated calculations. )and 
a round processing unit that performs a later-stage process for obtaining concealed information {Mb, F, MU} of a matrix Mb, F, MU which is obtained by execution of a remaining process, by secure computation using concealed information of any one of round keys k2, ..., kR+1 and the concealed information {Mb, y, J, where the remaining process includes those processes among the process Pj, 1, the process Pj,2, the process Pj, 3, and the process Pi, 4 for j = 2, ..., R that are performed subsequent to a process Py  ( [0061]  the AES processor 413 of FIG. 4 for use in encryption 500 and decryption 501. The exemplary AES processor 413 employs masked AES encryption/decryption with GF(2.sup.2) static lookup tables for SubBytes operations and InvSubBytes operations. For encryption, beginning at 502, an initial AddRoundKey operation is performed on input plaintext, wherein each byte of the current state is combined with a block of a round key. Following the initial AddRoundKey operation, a set of encryption rounds 503 is performed where each round includes a Masked SubBytes stage 504 that exploits one or more GF(2.sup.2) static and dynamic lookup tables to facilitate SubBytes operations. For brevity, the Masked SubBytes stage 504 is referred to in the figure as Masked SubBytes w/GE(2.sup.2) Static Table but it should be appreciated that the device may include additional components such as one or more dynamic lookup tables. Each encryption round 503 also includes a ShiftRows stage 506, a MixColumns 508 stage and another AddRoundKey stage 510. Following the set of encryption rounds 503, a final encryption round 514 is performed, which includes a final Masked SubBytes stage 516, a final ShiftRows stage 518 and a final AddRoundKey stage 520. As with the Masked SubBytes stage 504, the final Masked SubBytes stage 516 exploits one or more GF(2.sup.2) static and dynamic lookup tables to facilitate SubBytes operations. The output is the encrypted ciphertext).  

Cammarota does not explicitly discloses the secure computation device includes 
a table generation unit that performs an early-stage process for obtaining concealed information {M(io, ..., is-1)} of a table M(io, ..., is-1) having one-variable function values for a variable i = io, ..., is-1 as its members, by secure computation using concealed information of any one of round keys ki, ..., k3, 

  	However, Terada discloses   the secure computation device includes 
a table generation unit that performs an early-stage process for obtaining concealed information {M(io, ..., is-1)} of a table M(io, ..., is-1) having one-variable function values for a variable i = io, ..., is-1 as its members, by secure computation using concealed information of any one of round keys ki, ..., k3,  ( [0053] In creation of the write data into the memory A 130, there are encrypted the concealment program, the key information, the startup program, and the control program by the AES common key stored in the encryption processor 120, and the write data is created based on each storing address and size information in the memory A 130, and then writing into the memory A 130 is carried out. As described above, the encrypted data of the concealment program, the key information, the startup program, and the control program is written into the memory A 130, and an operation illustrated in FIG. 6 is performed.[0054] FIG. 6 is a flowchart illustrating an operation example which includes execution of the concealment program in the processor system in the first embodiment. After power is supplied to the system and reset is released, at step S601, the processor system executes the startup program. In execution of the startup program at the step S601, an initialization processing or the like of the CPU core 110 and a peripheral portion is performed. After the initialization processing or the like ends, the CPU core 110 registers the address range of the concealment program and the key information which are stored in the memory A 130 into the address registration region 121 of the encryption processor 120, to start up the control program (to jump to an address of the control program).[0055] At step S602, the CPU core 110 executes the control program. During execution of the control program, an external program is downloaded or the external program is called, for example. The external program includes a program and a terminal downloaded via a network or the like after execution of the control program is started, for example. During execution of the control program, the concealment program (function address or the like) is called, for example.
[0056] When the concealment program is called, at step S603, the CPU core 110 executes the concealment program. In execution of the concealment program at the step S603, the CPU core 110 accesses the key information and performs an encryption processing or the like, for example. After the processing of the concealment program ends, the flow comes back to execution of the control program.
[0057] FIG. 7, data which includes instruction codes or the like of a startup program 701, a control program 702, a concealment program (an encryption processing program or the like) and key information 703 are encrypted by using an AES common key and stored into the memory A 130. Further, address ranges of the startup program 701, the concealment program (the encryption processing program or the like) and the key information 703 which are stored in the memory A 130 are registered into the encryption processor 120).
 
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  masking of round data of Cammarota, based on the teaching of key concealment program of Oyma, because doing so would provide an encryption processor, there is registered an address range of the startup program in advance, and there is registered an address range where concealment data of the concealment program and the key information is stored by the startup program or the concealment program stored in the registered address range(par 0062).


 	As per claim 9, Cammarota discloses A secure computation method, wherein B is an integer equal to or greater than 1, R is an integer equal to or greater than 3, S is an integer equal to or greater than 2, U = S2 holds, F is a finite field, b = 0, ..., B-1 holds, r = 1, ..., R holds, and j = 2, ..., R holds ( par 0031  AES system for encryption 100 and decryption 101 where masking is employed during SubBytes, i.e. integer bytes, and InvSubBytes stages, which are byte substitution stages.  par 0038 n AES cipher or within corresponding substitution operations of cryptographic devices that exploit composite field operations in a finite field. No random number generator is required to generate internal fresh bits using this procedure, yet security is maintained. By avoiding the use of a random number generator in the SubBytes device, processing speed can be improved relative to devices that compute the results of Equations (4), ), 
 	round processing in a first round includes a process P1, 4, the process P1, 4 including processing for obtaining a matrix Mb, 1, 4 by adding S counter values ib, o, ..., ib, s-1 to S members in one of columns of an SxS matrix that is formed from members of a round key ki E FU of the first round, respectively (par 0031  AES system for encryption 100 and decryption 101 where masking is employed during SubBytes and InvSubBytes stages, which are byte substitution stages. For encryption, beginning at 102, an initial AddRoundKey operation is performed on input plaintext, wherein each byte of the current state is combined with a block of a round key. As noted above, the “state” is a 4×4 matrix of bytes. That is, during AddRoundKey, a subkey is derived from a main key using, e.g., Rijndael's key schedule where each subkey is the same size as the state. The subkey is then added in by combining each byte of the state with a corresponding byte of the subkey using bitwise XOR. Following the initial AddRoundKey operation, encryption rounds 103,i.e. round processing in a first round are performed where each round includes a Masked SubBytes stage 104, a ShiftRows stage 106, a MixColumns 108 stage and another AddRoundKey stage 110. The Masked SubBytes stage 104 is a masked version of a standard AES SubBytes stage. In a Masked SubBytes stage, each byte in the state matrix is replaced with a corresponding SubByte using a substitution device or processor where masking is provided. The masked substitution provides non-linearity in the cipher while also acting as a countermeasure to side-channel attacks. In some conventional examples of AES, the SubBytes device computes a multiplicative inverse over GF(2.sup.8) where GF(2.sup.8)is a Galois Field (i.e. a Finite Field). As will be described below, modified versions can instead perform the multiplicative inverse using the GF(2.sup.2) subfield. Following completion of the encryption rounds 103, a final encryption round 114 is performed, which includes a final Masked SubBytes stage 116, a final ShiftRows stage 118 and a final AddRoundKey stage 120. The output is the encrypted ciphertext.),
 round processing in a jth round includes a process Pj, 1, a process Pj, 2, a process Pj, 3, and a process Pi, 4, the process Pj, 1 including processing for obtaining a matrix Mb, , 1 by permutation of members of a matrix Mb, -1, 4, the process Pj,2 including processing for obtaining a matrix Mb, j, 2 by cyclically shifting members of the matrix Mb, j, 1 on a per-row basis, the process Pj, 3 including processing for obtaining a matrix Mb, j, 3 which has linear sums of S members of each column of the matrix Mbj, 2 as the S members of that column, and the process Pi, 4 including processing for obtaining a matrix Mb, , 4 by adding the respective members of a round key k, of the jth round to the respective members of the matrix Mb, j, 3,  ([0039] Beginning at 302, as part of an encryption or decryption AES cryptographic operation in a finite field (such as GF(2.sup.8), the AES device combines input text (herein generally referred to as “data”) with a round key to obtain combined data (such as by combining plaintext with a round key for encryption or by combining ciphertext with a round key for decryption). This may correspond, for example, to the initial AddRoundKey operation 102 of FIG. 1 for encryption or to the initial AddRoundKey operation 124 for decryption. Note that, herein, “data” may generally refer to any of various quantities, characters or symbols on which operations are performed by a computing device (such as the AES device or its components)and
a table calculation unit (a random number generator or any complicated calculations ) that obtains concealed information {Mb, r, } of a matrix 2Docket No. 526042US Preliminary Amendment Mb, r, , for b = 0, ..., B-1 by secure computation using concealed information {ib, o}, ... {ib, s-1} of the counter values ib, o, ..., ib, s-1 and the concealed information {M(io, ..., is- 1)}, where M(ib, o, ..., ib, s-1) generated by substituting the counter values ib, o, ..., ib, s-1 into the table M(io, ..., is-1) represents the matrix Mb, y, ,, which is any one of Mb, 2, 1, Mb, 3,2,  (par 0042 at the level of the GF(2.sup.2) subfield, the number of permutations is small, i.e. there are only four elements to the GF(2.sup.2) subfield. Computing multiplication operations in the GF(2.sup.2) subfield corresponds to performing permutations of some of the elements of the subfield (since the subfield is a finite field and hence all multiplication operations in the subfield must yield an element of the subfield). The aforementioned static table can thereby be used to efficiently facilitate the multiplication operations since it stores the various permutations. Moreover, inversion in the subfield is a bit swap. More specifically, in GF(2.sup.2): the inverse of 0 is 0; the inverse of 1 is 2; the inverse of 2 is 1; and the inverse of 3 is 3 (where the values 0,1,2 and 3 are meant to represent permissible values of the GF(2.sup.2) subfield and not their ordinary arithmetic equivalents). Hence, inversion can easily be performed merely by looking up the inverted value using the static table. Still further, note that an input value plus a correction term (i.e. an input mask) will yield a permutation of the static table. There are only four permutations in GF(2.sup.2); the identity table when the input mask is 0 and three other bytes when the input mask is not 0. A permutation is thereby selected by the input mask. The output is selected by using an indexing vector divided by the masked input value in GF(2.sup.2). As such, consolidation is conveniently performed without the need for a random number generator or any complicated calculations. )and 
a round processing unit that performs a later-stage process for obtaining concealed information {Mb, F, MU} of a matrix Mb, F, MU which is obtained by execution of a remaining process, by secure computation using concealed information of any one of round keys k2, ..., kR+1 and the concealed information {Mb, y, J, where the remaining process includes those processes among the process Pj, 1, the process Pj,2, the process Pj, 3, and the process Pi, 4 for j = 2, ..., R that are performed subsequent to a process Py  ( [0061]  the AES processor 413 of FIG. 4 for use in encryption 500 and decryption 501. The exemplary AES processor 413 employs masked AES encryption/decryption with GF(2.sup.2) static lookup tables for SubBytes operations and InvSubBytes operations. For encryption, beginning at 502, an initial AddRoundKey operation is performed on input plaintext, wherein each byte of the current state is combined with a block of a round key. Following the initial AddRoundKey operation, a set of encryption rounds 503 is performed where each round includes a Masked SubBytes stage 504 that exploits one or more GF(2.sup.2) static and dynamic lookup tables to facilitate SubBytes operations. For brevity, the Masked SubBytes stage 504 is referred to in the figure as Masked SubBytes w/GE(2.sup.2) Static Table but it should be appreciated that the device may include additional components such as one or more dynamic lookup tables. Each encryption round 503 also includes a ShiftRows stage 506, a MixColumns 508 stage and another AddRoundKey stage 510. Following the set of encryption rounds 503, a final encryption round 514 is performed, which includes a final Masked SubBytes stage 516, a final ShiftRows stage 518 and a final AddRoundKey stage 520. As with the Masked SubBytes stage 504, the final Masked SubBytes stage 516 exploits one or more GF(2.sup.2) static and dynamic lookup tables to facilitate SubBytes operations. The output is the encrypted ciphertext).  
Cammarota does not explicitly discloses  the secure computation device includes 
a table generation unit that performs an early-stage process for obtaining concealed information {M(io, ..., is-1)} of a table M(io, ..., is-1) having one-variable function values for a variable i = io, ..., is-1 as its members, by secure computation using concealed information of any one of round keys ki, ..., k3, 
  	However, Terada discloses   the secure computation device includes 
a table generation unit that performs an early-stage process for obtaining concealed information {M(io, ..., is-1)} of a table M(io, ..., is-1) having one-variable function values for a variable i = io, ..., is-1 as its members, by secure computation using concealed information of any one of round keys ki, ..., k3,  ( [0053] In creation of the write data into the memory A 130, there are encrypted the concealment program, the key information, the startup program, and the control program by the AES common key stored in the encryption processor 120, and the write data is created based on each storing address and size information in the memory A 130, and then writing into the memory A 130 is carried out. As described above, the encrypted data of the concealment program, the key information, the startup program, and the control program is written into the memory A 130, and an operation illustrated in FIG. 6 is performed. [0054] FIG. 6 is a flowchart illustrating an operation example which includes execution of the concealment program in the processor system in the first embodiment. After power is supplied to the system and reset is released, at step S601, the processor system executes the startup program. In execution of the startup program at the step S601, an initialization processing or the like of the CPU core 110 and a peripheral portion is performed. After the initialization processing or the like ends, the CPU core 110 registers the address range of the concealment program and the key information which are stored in the memory A 130 into the address registration region 121 of the encryption processor 120, to start up the control program (to jump to an address of the control program).[0055] At step S602, the CPU core 110 executes the control program. During execution of the control program, an external program is downloaded or the external program is called, for example. The external program includes a program and a terminal downloaded via a network or the like after execution of the control program is started, for example. During execution of the control program, the concealment program (function address or the like) is called, for example.
[0056] When the concealment program is called, at step S603, the CPU core 110 executes the concealment program. In execution of the concealment program at the step S603, the CPU core 110 accesses the key information and performs an encryption processing or the like, for example. After the processing of the concealment program ends, the flow comes back to execution of the control program.
[0057] data which includes instruction codes or the like of a startup program 701, a control program 702, a concealment program (an encryption processing program or the like) and key information 703 are encrypted by using an AES common key and stored into the memory A 130. Further, address ranges of the startup program 701, the concealment program (the encryption processing program or the like) and the key information 703 which are stored in the memory A 130 are registered into the encryption processor 120).
 
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  masking of round data of Cammarota, based on the teaching of key concealment program of Oyma, because doing so would provide an encryption processor, there is registered an address range of the startup program in advance, and there is registered an address range where concealment data of the concealment program and the key information is stored by the startup program or the concealment program stored in the registered address range(par 0062).

 	As per claim 10, this program claim is rejected based on the same rational set for the claim 1.
 	As per claim 11, this computer-readable recording medium claim is rejected based on the same rational set for the claim 1.

Allowable Subject Matter
Claims 2-8 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:  the claims 2-8 combination with independent claims would be allowable cited portion of the prior art.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
 	Blake US 2018/0115538 establishing a copy of a blockchain ledger at each of a plurality of blockchain nodes, wherein each of the blockchain nodes is associated with a different controlling entity; providing a public key/private key pair for a first of the blockchain nodes; receiving, from the communication device, a first message comprising: first data indicative of a change of authorisation state of a first authorisation agent associated with the first controlling entity, the first data being encrypted; and a digital signature based on the blockchain ledger and the private key; authenticating the message using the public key; adding a block to the blockchain ledger based on the first message, thereby to generate a new blockchain ledger that records the change of authorisation state of the first authorisation agent.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496