Ited in Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 32, 34, 35, 36, 37 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 32, 34, 35, 36, 37 recite the limitation " the first data manipulation instruction or/and the second data manipulation instruction" in lines 1-2.  There are insufficient antecedent basis for this limitation in the claims.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and 
Claims 1, 22, 29, 31 and 38 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 11 and 15 of U.S. Patent No. 10,382193. Although the claims at issue are not identical, they are not patentably distinct from each other because corresponding limitations of claims 1, 22, 29, 31 and 38 are generic to corresponding limitations of claims 1, 11 and 15 respectively as shown in table below.

Current Application No: 17/122310
Conflicting US. Patent No: 10,382193
1. A method of executing a cryptographic operation, comprising: identifying a first data manipulation instruction, the first data manipulation instruction modifying an internal state of a processing device; identifying a second data manipulation instruction, the second data manipulation instruction interacting with the internal state of the processing device; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by a third data manipulation instruction to be executed 
22. The method of claim 1, wherein the interaction is detectable by external monitoring is a differential power analysis (DPA) of power consumed by the processing device.





.


Claims 1, 29 and 31 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 11 and 15 of U.S. Patent No. 10,897344 . Although the claims at issue are not identical, they are not patentably distinct from each other because corresponding .

Current Application No: 17/122310
Conflicting US. Patent No: 10,897344
1. A method of executing a cryptographic operation, comprising: identifying a first data manipulation instruction, the first data manipulation instruction modifying an internal state of a processing device; identifying a second data manipulation instruction, the second data manipulation instruction interacting with the internal state of the processing device; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by a third data manipulation instruction to be executed serially with the first data manipulation instruction and the second data manipulation instruction, wherein the third data manipulation instruction 

29. A method, comprising: identifying a first instruction that loads a secret data item, wherein the first instruction modifies an internal state of a processing device; identifying a detectable interaction of the first data load instruction and a second instruction; and breaking the detectable interaction by a third instruction to be executed serially with the first instruction and the second instruction, wherein the third instruction produces a random value of the internal state of the processing device.

11. A method, comprising: identifying a sequence of instructions modifying an internal state of a processing device, wherein the sequence of instructions comprises a first data load instruction that loads a secret data item; identifying a detectable interaction of the first data load instruction and other instructions of the sequence of instructions, wherein the interaction is detectable by external monitoring of the processing device; and breaking the detectable interaction by a second data load instruction to be executed within the sequence of instructions, wherein the second data load instruction loads a first data item provided by one of: a first secret data item or a first constant data item, and wherein the second data load instruction produces a 
38. A computer-readable non-transitory storage medium comprising instructions that, when executed by a computing device, cause the computing device to perform operations comprising: identifying a first data manipulation instruction, the first data manipulation instruction modifying an internal state of a processing device; identifying a second data manipulation instruction, the second data manipulation instruction interacting with the internal state of the processing device; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by a third data manipulation instruction to be executed serially with the first data manipulation instruction and the second data manipulation instruction, wherein the third data manipulation instruction 
.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 21-39 are rejected under 35 U.S.C. 103 as being unpatentable over Gueron et al. (Hereinafter referred to as Gueron, US 20090220071 A1) in view of Chheda et al. (Hereinafter referred to as Chheda, US 20080126766 A1).

As per claim 1:
Gueron discloses a method of executing a cryptographic operation, comprising:

identifying a second data manipulation instruction, the second data manipulation instruction interacting with the internal state of the processing device ([0024]: The sequence of transformations for an encryption round may be performed by a single AES last encryption round instruction AESENCLAST as shown in Table 2: AESENCLAST xmm1, xmm2/m128); and
breaking interaction of the first data manipulation instruction and the second data manipulation instruction by a third data manipulation instruction to be executed serially with the first data manipulation instruction and the second data manipulation instruction, wherein the third data manipulation instruction modifies the internal state of the processing device ([0044]:  Transformation isolation function(s) 120 that may be stored in memory 108 or in the storage device 112 use the AES function 103 to isolate one of the transformations in the AES encrypt or decrypt instructions; [0056-0060]; The set of AES instructions (AESINC, AESDEC, AESENCLAST, AESDECLAST) may be used to isolate the sub-steps (transformations) of the AES algorithm defined by FIPS 197. The sub-steps are Shift Rows, Substitute Bytes, Mix Columns, Inverse Shift Rows, Inverse Substitute Bytes, and Inverse Mix Columns. The six sub-steps (transformations) operate on a 128 bit State and produce a 128 bit result. The "Inverse" transformations are the corresponding inverses of the transformations, for example, if Tmp=Substitute Bytes (State), then Inverse Substitute Bytes (Tmp)=State. The Add Round Key transformation operates on two 

Gueron does not explicitly disclose that the breaking instruction is detectable. Chheda, in analogous art however, discloses that the breaking instruction is detectable ([0072]: An embodiment showing protecting a cryptographic implementation is shown below. As mentioned in the standard and noted in the Advanced Encryption Standard (AES) literature, AES is susceptible to differential power analysis (DPA) attacks. [0075]: One of the main concerns with 

As per claim 21:


As per claim 22:
Chheda discloses wherein the interaction is detectable by external monitoring is a differential power analysis (DPA) of power consumed by the processing device ([0072]: An embodiment showing protecting a cryptographic implementation is shown below. As mentioned in the standard and noted in the Advanced Encryption Standard (AES) literature, AES is susceptible to differential power analysis (DPA) attacks. [0075]: One of the main concerns with the AES algorithm is its susceptibility to DPA attacks. Side-channel attacks, such as DPA, work due to the fact that correlation exists between physical measurements taken during execution and the internal state of the algorithm being executed).

As per claim 23:


As per claim 24:
Gueron discloses wherein the enhanced instruction set is provided by one of: an Intel AES-NI instruction set, an ARM Advanced Encryption Standard (AES) instruction set, or a SPARC AES instruction set ([0035]:  Each of the four AES round instructions (AESENC, AESNECLAST, AESDEC, AESDECLAST) shown in Tables 1, 2, 4 and 5 increases performance by performing several AES transformations together. However, the instructions only support the current version of the AES standard. [0056-0060]: The set of AES instructions (AESINC, AESDEC, AESENCLAST, AESDECLAST) may be used to isolate the sub-steps (transformations) of the AES algorithm defined by FIPS 197).

As per claim 25:
Gueron discloses wherein the first data manipulation instruction and the second data manipulation instruction are comprised by an application implementing a cryptographic operation based on the Advanced Encryption Standard (AES) ([0035]:  Each of the four AES round instructions (AESENC, AESNECLAST, AESDEC, AESDECLAST) shown in Tables 1, 2, 4 and 5 increases performance by performing several AES transformations together. However, the instructions only support the current version of the AES standard. [0056-0060]: The set of AES instructions 

As per claim 26:
Gueron discloses wherein the second data manipulation instruction utilizes an input data item provided by an output of the first data manipulation instruction ([0056-0060]:  The set of AES instructions (AESINC, AESDEC, AESENCLAST, AESDECLAST) may be used to isolate the sub-steps (transformations) of the AES algorithm defined by FIPS 197. The sub-steps are Shift Rows, Substitute Bytes, Mix Columns, Inverse Shift Rows, Inverse Substitute Bytes, and Inverse Mix Columns. The six sub-steps (transformations) operate on a 128 bit State and produce a 128 bit result. The "Inverse" transformations are the corresponding inverses of the transformations, for example, if Tmp=Substitute Bytes (State), then Inverse Substitute Bytes (Tmp)=State. The Add Round Key transformation operates on two 128 bits inputs (State and Round Key), and outputs their bitwise XOR. FIG. 3 is a flow chart of an embodiment of a Mix Column isolation transformation function 300 that uses at least one AES round instruction for isolating the Mix Columns transformation in the AES algorithm. The micro operation for the Mix Columns transformation is only used in the AESENC instruction and the AESDEC instruction includes the inverse transformations to the transformations in the AESENC instruction. At block 302, the Mix Columns transformation isolation function calls the AESDECLAST instruction with the current state and the round key set to 0.  The AESDECLAST performs the micro-operations in Table 6).

As per claim 27:


As per claim 28:
Gueron discloses wherein at least one of the first data manipulation instruction and the second data manipulation instruction performs one of: an AES encryption round or an AES decryption round ([0056-0060]:  The set of AES instructions (AESINC, AESDEC, AESENCLAST, 

As per claim 29:
Gueron discloses a method of executing a cryptographic operation, comprising:
identifying a first instruction that loads a secret data item, wherein the first instruction modifies an internal state of a processing device ([0017]: The Advanced Encryption Standard (AES) algorithm published by the National Institute of Standards and Technology (NIST) as Federal Information Processing Standard (FIPS) 197 is a compute intensive algorithm that is typically performed in software or in a special purpose processor. The AES algorithm is performed in 
identifying a interaction of the first data load instruction and a second instruction ([0024]: The sequence of transformations for an encryption round may be performed by a single AES last encryption round instruction AESENCLAST as shown in Table 2: AESENCLAST xmm1, xmm2/m128); and
breaking the interaction by a third instruction to be executed serially with the first instruction and the second instruction, wherein the third instruction produces a value of the internal state of the processing device ([0044]:  Transformation isolation function(s) 120 that may be stored in memory 108 or in the storage device 112 use the AES function 103 to isolate one of the transformations in the AES encrypt or decrypt instructions; [0056-0060]; The set of AES instructions (AESINC, AESDEC, AESENCLAST, AESDECLAST) may be used to isolate the sub-steps (transformations) of the AES algorithm defined by FIPS 197. The sub-steps are Shift Rows, Substitute Bytes, Mix Columns, Inverse Shift Rows, Inverse Substitute Bytes, and Inverse Mix Columns. The six sub-steps (transformations) operate on a 128 bit State and produce a 128 bit result. The "Inverse" transformations are the corresponding inverses of the transformations, for example, if Tmp=Substitute Bytes (State), then Inverse Substitute Bytes (Tmp)=State. The Add 

Gueron does not explicitly disclose that the interaction is detectable and the value in the internal state is random. Chheda, in analogous art however, discloses that the breaking instruction is detectable ([0072]: An embodiment showing protecting a cryptographic implementation is shown below. As mentioned in the standard and noted in the Advanced 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the instruction disclosed by Gueron to include that the interaction is detectable and the value in the internal 

As per claims 30-37:
Claims 30-37 are directed to a method of executing a cryptographic operation, claims 30-37 are having substantially similar claimed limitations corresponding to claims 21-28 respectively and therefore claims 30-37 are rejected with the same rationale given above to reject claims 21-28 respectively. 

As per claims 38-39:
Claims 38-39 are directed to a computer-readable non-transitory storage medium comprising instructions that, when executed by a computing device, cause the computing device to perform operations, claims 38-39 are having substantially similar claimed limitations corresponding to claims 1 and 23 respectively and therefore claims 38-39 are rejected with the same rationale given above to reject claims 1 and 23 respectively. 

BRI (Broadest Reasonable Interpretation)
The above claims under examination have been given their BRI consistent with the applicant’s disclosure as they would be interpreted by one of ordinary skill in the art and the 

First Data Manipulation Instruction and Second Data Manipulation Instruction: 
[0050] Referring to FIG. 7, at block 710, a processing device implementing the method may execute a first data manipulation instruction of an enhanced cryptographic instruction set (e.g., AES-NI instructions). In an illustrative example, the first data manipulation instruction may utilize one or more input data items, e.g., an AES round state and an AES round key. As noted herein above, the first data manipulation instruction may utilize and affect an internal state (e.g., an internal register of the processing device) that may be interacted with or utilized by subsequent data manipulation instructions.
[0051] At block 720, the processing device may execute a second data manipulation instruction of the enhanced cryptographic instruction set. The second data manipulation instruction may utilize one or more input data items, e.g., an AES round state modified by the first data manipulation instruction and an AES round key. The second data manipulation instruction may further interact with or utilize the internal state that was modified by the preceding data manipulation instruction, thus potentially creating a DPA-detectable data leakage, as described in more details herein above.
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        s rec