DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
Prosecution on the merits of this application is reopened on claims 1-20 considered unpatentable for the reasons indicated below in the rejection. 

Applicant is advised that the Notice of Allowance mailed on 11/15/2021 is vacated.  If the issue fee has already been paid, applicant may request a refund or request that the fee be credited to a deposit account.  However, applicant may wait until the application is either found allowable or held abandoned.  If allowed, upon receipt of a new Notice of Allowance, applicant may request that the previously submitted issue fee be applied.  If abandoned, applicant may request refund or credit to a specified Deposit Account.

The indicated allowability of claims 1-20 is withdrawn in view of the newly discovered reference(s) to Michieles et al US 2016/0078250.  Rejections based on the newly cited reference(s) follow.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1-2,4-7,9-13 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Olson et al US 2012/0216020 in view of Michiels et al US 2016/0078250.

 	As per claim 1, Olson disclose an integrated circuit with technology for generating a keystream, the integrated circuit comprising: 
 	a cipher block in the integrated circuit , the cipher block comprising a linear feedback shift register (LFSR) and a finite state machine (FSM), wherein the LFSR and the FSM are configured to generate a stream of keys, based on an initialization value and an initialization key (par 0084 Turning now to FIG. 4A, a block diagram of a Snow cipher 400 (	a cipher block in the integrated circuit, the cipher block) is depicted. Snow cipher 400 is one embodiment of a word-oriented stream cipher that enables encryption and decryption of data. During operation, Snow cipher 400 generates a key Z by performing multiple rounds to generate portions of the key referred to as Z.sub.t. A sender encrypts unencrypted data (referred to as "plaintext") by performing exclusive-OR (XOR) operations between the portions Z.sub.t and portions of plaintext to produce encrypted data (referred to as ciphertext). A recipient then decrypts the ciphertext by regenerating Z and performing XOR operations in a similar manner. In the illustrated embodiment, cipher 400 is configured to implement the Snow 2.0 cipher. See "A new version of the stream cipher SNOW." Cipher 400 generates a Key Z by using a linear-feedback shift register (LFSR) 410 and a finite state machine (FSM) 420. ); and 

 	Olson does not explicitly disclose the multiplicative mask.
 	Michiels discloses the multiplicative mask ( par 0090,0073, S-box using the multiplicative masks to the input value Z.sub 2,3 in input to the S-box).
 Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of finite state machine of cipher of Olson, based on the teaching of masking the data of Michiels, because doing so would provide improve the data security (par 0090).



 	As per claim 2, Olson in view of Michiels disclose An integrated circuit according to claim 1, further comprising:  Olson discloses 

 	a core Sbox unit in the Sbox ( 0090, Snow engine 310 may be configured to perform instructions that are defined within an ISA for processor 10 and that accomplish more of the work per instruction than in the case of using general-purpose ISA instructions. In some embodiments, such instructions may be executable to perform operations associated with an LFSR of a Snow cipher. Snow engine 310 is configured to perform an instruction that is executable to perform an alpha multiplication (e.g., multiplication 412), an alpha division (e.g., division 414), and an exclusive-OR operation (e.g., XOR operation 416B) using their results. Snow engine 310 may be configured to perform instructions that are executable to perform operations associated with a FSM of a Snow cipher. Snow engine 310 is configured to perform an instruction (referred to herein as a "Snow_AddXOR" instruction) that is executable to perform a modular addition (e.g., addition 424A) of a value R1 (e.g., in register 422A) and a value S (e.g., S.sub.t+15), and to perform an exclusive-OR operation (e.g., XOR operation 428) on a result of the modular addition and a value R2 (e.g., in register 422B). Snow engine 310 is configured to perform an instruction (referred to herein as a "Snow_Rstep" instruction) that is executable to perform a substitution-box operation (e.g., S-Box operation 428) on a value R1 to produce a value R2', and to perform a modular addition (e.g., addition 426A) using a value R2 and a value S(t+5) to produce a value R1'. Such instructions may be usable to generate portions of a stream-cipher key (e.g. Z.sub.t). ); and multiple fused multiplier-adders (FMAs) in the core Sbox unit, wherein each FMA is configured (a) to receive a first pair of input values and a second pair of input values, and (b) to generate an output value comprising a sum of (i) a first product of the first pair of input values and (ii) a second product of the second pair of input values ( par 0067 FGU 255 may implement fused and unfused floating-point multiply-add instructions. Additionally, in one embodiment FGU 255 may implement certain integer instructions such as integer multiply, divide, and population count instructions. Depending on the implementation of FGU 255).  

 

 	As per claim 4, Olson in view of Michiels disclose An integrated circuit according to claim 1, further comprising:  Olson discloses a byte processing unit in the Sbox ( 0090, Snow engine 310 may be configured to perform instructions that are defined within an ISA for processor 10 and that accomplish more of the work per instruction than in the case of using general-purpose ISA instructions. such instructions may be executable to perform operations associated with an LFSR of a Snow cipher. Snow engine 310 is configured to perform an instruction that is executable to perform an alpha multiplication (e.g., multiplication 412), an alpha division (e.g., division 414), and an exclusive-OR operation (e.g., XOR operation 416B) using their results. Snow engine 310 may be configured to perform instructions that are executable to perform operations associated with a FSM of a Snow cipher. Snow engine 310 is configured to perform an instruction (referred to herein as a "Snow_AddXOR" instruction) that is executable to perform a modular addition (e.g., addition 424A) of a value R1 (e.g., in register 422A) and a value S (e.g., S.sub.t+15), and to perform an exclusive-OR operation (e.g., XOR operation 428) on a result of the modular addition and a value R2 (e.g., in register 422B). Snow engine 310 is configured to perform an instruction (referred to herein as a "Snow_Rstep" instruction) that is executable to perform a substitution-box operation (e.g., S-Box operation 428) on a value R1 to produce a value R2', and to perform a modular addition (e.g., addition 426A) using a value R2 and a value S(t+5) to produce a value R1'. Such instructions may be usable to generate portions of a stream-cipher key (e.g. Z.sub.t).); and 
 	a fused conversion-and-masking unit (FCMU) in the byte processing unit, wherein the FCMU is configured to convert additively masked content in a native field to multiplicatively masked content in a composite field without unmasking the additively masked content (par 0067 FGU 255 may implement fused and unfused floating-point multiply-add instructions. Additionally, in one embodiment FGU 255 may implement certain integer instructions such as integer multiply, divide, and population count instructions. Depending on the implementation of FGU 255 ).  

 	As per claim 5, Olson in view of Michiels disclose an integrated circuit according to claim 4, further comprising:  Olson discloses a field converter in the byte processing unit, wherein the field converter is configured to convert additively masked content in a composite field to additively masked content in a native field (par [0058] Generally, decode unit 215 may be configured to prepare the instructions selected by select unit 210 for further processing. Decode unit 215 may be configured to identify the particular nature of an instruction (e.g., as specified by its opcode) and to determine the source and sink (i.e., destination) registers encoded in an instruction, if any. In some embodiments, decode unit 215 may be configured to detect certain dependencies among instructions, to remap architectural registers to a flat register space, and/or to convert certain complex instructions to two or more simpler instructions for execution. Additionally, in some embodiments, decode unit 215 may be configured to assign instructions to slots for subsequent scheduling. In one embodiment, two slots 0-1 may be defined, where slot 0 includes instructions executable in load/store unit 245 or execution units 235-240, and where slot 1 includes instructions executable in execution units 235-240, floating-point/graphics unit 255, and any branch instructions. However, in other embodiments, other numbers of slots and types of slot assignments may be employed, or slots may be omitted entirely ).  

 	As per claim 6, Olson in view of Michiels disclose An integrated circuit according to claim 1, further comprising: Michiels  discloses an additive mask generator (AMG) in the cipher block configured to generate an additive mask ( par 0090  [0090] The value z.sub.2,3 is input to the S-box of the next round. Removing the mask before using z.sub.2,3 as input to the S-box results in a functionally correct implementation. To further improve security, it may be desirable to not remove the mask at the input of the S-box. This may be realized by using multiplicative masks instead of additive masks); and an XOR element in the cipher block configured to (a) receive the additive mask from the AMG (b) receive an input value from the LFSR, and (c) generate additively masked content, based on the input value from the LFSR and the additive mask(par 0090  [0090] The value z.sub.2,3 is input to the S-box of the next round. Removing the mask before using z.sub.2,3 as input to the S-box results in a functionally correct implementation. To further improve security, it may be desirable to not remove the mask at the input of the S-box. This may be realized by using multiplicative masks instead of additive masks ).  

 	As per claim 7,  Olson in view of Michiels disclose An integrated circuit according to claim 6, further comprising: Michiels discloses a byte processing unit in the Sbox ( 0073 [0073] In the implementation depicted in FIG. 3, the key may easily be extracted from the Q-boxes. Just applying the inverse MixColumns multiplication and the inverse S-box to the output reveals the plain AddRoundKey operation.); and 
 	a fused conversion-and-masking unit (FCMU) in the byte processing unit, wherein the FCMU is configured to convert additively masked content in a native field to multiplicatively masked content in a composite field without unmasking the additively masked content (par 0090  [0090] The value z.sub.2,3 is input to the S-box of the next round. Removing the mask before using z.sub.2,3 as input to the S-box results in a functionally correct implementation. To further improve security, it may be desirable to not remove the mask at the input of the S-box. This may be realized by using multiplicative masks instead of additive masks and by applying embodiments found in U.S. patent application Ser. Nos. 14/219,606 and 14/484,925, which are hereby incorporated by reference for all purposes as if fully set forth herein. And par 0073 [0073] In the implementation depicted in FIG. 3, the key may easily be extracted from the Q-boxes. Just applying the inverse MixColumns multiplication and the inverse S-box to the output reveals the plain AddRoundKey operation. To prevent this, the input and outputs of all lookup tables are encoded with arbitrary bijective functions. This is described in Chow 1. This means that a lookup table is merged with an encoding function that encodes the output and with a decoding function that decodes the input. The encodings are chosen such that the output encoding of one table matches the input encoding assumed in the next tables. A portion of the implementation of FIG. 3 is depicted in FIG. 4 for the first round. In this example, the input to the round is not encoded in order to be compliant with AES, but the output of the round is encoded. The output encoding is handled in the next round. That is, unlike the first round, the second round (and the later rounds) assumes that the input is encoded. Alternatively, the first round may receive an encoded input. This input encoding must then be applied elsewhere in the software program containing the white-box implementation. Similarly, the last round may or may not include an output encoding depending on whether the output is to be AES compliant. Note that in the white-box implementation obtained, both the lookup tables and the intermediate values are obfuscated ).  

 	

As per claim 9,     Olson in view of Michiels disclose disclose An integrated circuit according to claim 1, Olson disclose further comprising: registers R1, R2, and R3 in the FSM; and wherein the Sbox is configured to receive input from register R2 and send output to register R3 (par 0084  now cipher 400 is one embodiment of a word-oriented stream cipher that enables encryption and decryption of data. During operation, Snow cipher 400 generates a key Z by performing multiple rounds to generate portions of the key referred to as Z.sub.t. A sender encrypts unencrypted data (referred to as "plaintext") by performing exclusive-OR (XOR) operations between the portions Z.sub.t and portions of plaintext to produce encrypted data (referred to as ciphertext). A recipient then decrypts the ciphertext by regenerating Z and performing XOR operations in a similar manner. In the illustrated embodiment, cipher 400 is configured to implement the Snow 2.0 cipher. See "A new version of the stream cipher SNOW." Cipher 400 generates a Key Z by using a linear-feedback shift register (LFSR) 410 and a finite state machine (FSM) 420. ).  

 	As per claim 10.   Olson in view of Michiels disclose An integrated circuit according to claim 1, Olson disclose wherein the integrated circuit comprises a processor comprising: at least one processor core; and the cipher block, wherein the cipher block is responsive to the processor core ( par 0087 [0087] FSM 420, in the illustrated embodiment, receives the values S.sub.t+15 and S.sub.t+5 and generates the value F.sub.t. As noted above, F.sub.t is used in XOR operation 430 to produce a portion Z.sub.t of key Z. To generate F.sub.t, FSM 420 stores values in registers R1 422A and R2 422B to maintain state. (As used herein, the value R1 refers to a value that is generated from a modular addition. The value R2 refers to a value that is generated from a substitution-box (S-Box) operation described below.) FSM 420 performs a modular addition 424A of the value R1 stored in register 422A and the value S.sub.t+15. FSM 420 then performs an XOR operation 426 of the result of modular addition 424A and the value R2 stored in register 422B to produce F.sub.t during a given round ).  

 	 As per claim 11. Olson in view of Michiels disclose A data processing system with technology for generating a keystream according to claim 1,  Olson disclsoes the data processing system comprising: at least one processor core; the cipher block, wherein the cipher block is responsive to the processor core; and an input/output module responsive to the processor core ( par 0087 [0087] FSM 420, in the illustrated embodiment, receives the values S.sub.t+15 and S.sub.t+5 and generates the value F.sub.t. As noted above, F.sub.t is used in XOR operation 430 to produce a portion Z.sub.t of key Z. To generate F.sub.t, FSM 420 stores values in registers R1 422A and R2 422B to maintain state. (As used herein, the value R1 refers to a value that is generated from a modular addition. The value R2 refers to a value that is generated from a substitution-box (S-Box) operation described below.) FSM 420 performs a modular addition 424A of the value R1 stored in register 422A and the value S.sub.t+15. FSM 420 then performs an XOR operation 426 of the result of modular addition 424A and the value R2 stored in register 422B to produce F.sub.t during a given round ).  

 	 As per claim 12. Olson in view of Michiels disclose A data processing system according to claim 11, Olson discloses wherein the integrated circuit comprises the at least one processor core and the cipher block (par 0021 0021] "Configured To." Various units, circuits, or other components may be described or claimed as "configured to" perform a task or tasks. In such contexts, "configured to" is used to connote structure by indicating that the units/circuits/components include structure (e.g., circuitry) that performs those task or tasks during operation. As such, the unit/circuit/component can be said to be configured to perform the task even when the specified unit/circuit/component is not currently operational (e.g., is not on). The units/circuits/components used with the "configured to" language include hardware--for example, circuits, memory storing program instructions executable to implement the operation).  

  	As per claim 13. Olson in view of Michiels disclose A data processing system according to claim 11,Olson disclose  wherein: the integrated circuit with the cipher block comprises a security accelerator; and the at least one processor core resides on a second integrated circuit ( par 0021 0021] "Configured To." Various units, circuits, or other components may be described or claimed as "configured to" perform a task or tasks. In such contexts, "configured to" is used to connote structure by indicating that the units/circuits/components include structure (e.g., circuitry) that performs those task or tasks during operation. As such, the unit/circuit/component can be said to be configured to perform the task even when the specified unit/circuit/component is not currently operational (e.g., is not on). The units/circuits/components used with the "configured to" language include hardware--for example, circuits, memory storing program instructions executable to implement the operation, ).  
 	


 	As per claim 17,  Olson discloses a method for generating a keystream, the method comprising: 
 	 using a linear feedback shift register (LFSR) and a finite state machine (FSM) to generate a stream of keys, based on an initialization value and an initialization key ( par 0084 Turning now to FIG. 4A, a block diagram of a Snow cipher 400 (	a cipher block in the integrated circuit, the cipher block) is depicted. Snow cipher 400 is one embodiment of a word-oriented stream cipher that enables encryption and decryption of data. During operation, Snow cipher 400 generates a key Z by performing multiple rounds to generate portions of the key referred to as Z.sub.t. A sender encrypts unencrypted data (referred to as "plaintext") by performing exclusive-OR (XOR) operations between the portions Z.sub.t and portions of plaintext to produce encrypted data (referred to as ciphertext). A recipient then decrypts the ciphertext by regenerating Z and performing XOR operations in a similar manner. In the illustrated embodiment, cipher 400 is configured to implement the Snow 2.0 cipher. See "A new version of the stream cipher SNOW." Cipher 400 generates a Key Z by using a linear-feedback shift register (LFSR) 410 and a finite state machine (FSM) 420.); and 
 	wherein the operation of using the FSM to generate the stream of keys comprises using an Sbox to generate a second intermediate value, based on a first intermediate value (0088] FSM 420, in illustrated embodiment, generates new values of R1 and R2 (referred to herein as values R1' and R2', respectively) based on the previous values stored in registers 422A and 422B and the value S.sub.t+5 stored in LFSR 410. To generate R1', FSM 420 performs a modular addition of the value stored in register 422B and the value S.sub.t+5. To generate R2', FSM 420 performs an S-Box operation 428 of the value stored in register 422A. (As used herein, a substitution-box (S-Box) operation is an operation that uses a substitution box to map a first set bits in a value to a second set of bits. In Snow 2.0, a value R1 is divided into portions w0, w1, w2, and w3. A Rijndael S-Box is then applied to the portions. The results are then multiplied by a polynomial (x+1)y.sup.3+y.sup.2+y+x.epsilon.F.sub.2.sup.8[y] modulo y.sup.4+1.epsilon.F.sub.2.sup.8[y] to produce a value R1'.) In some embodiments, FSM 420 may include additional registers to store additional values used to generate F.sub.t (e.g., as in Snow 3G). These additional values may be generated by performing additional S-Box operations ); and 
 	wherein the operation of using the Sbox to generate the second intermediate value comprises using a multiplicative data that is processed by the Sbox (  0088] FSM 420, in illustrated embodiment, generates new values of R1 and R2 (referred to herein as values R1' and R2', respectively) based on the previous values stored in registers 422A and 422B and the value S.sub.t+5 stored in LFSR 410. To generate R1', FSM 420 performs a modular addition of the value stored in register 422B and the value S.sub.t+5. To generate R2', FSM 420 performs an S-Box operation 428 of the value stored in register 422A. (As used herein, a substitution-box (S-Box) operation is an operation that uses a substitution box to map a first set bits in a value to a second set of bits. In Snow 2.0, a value R1 is divided into portions w0, w1, w2, and w3. A Rijndael S-Box is then applied to the portions. The results are then multiplied by a polynomial (x+1)y.sup.3+y.sup.2+y+x.epsilon.F.sub.2.sup.8[y] modulo y.sup.4+1.epsilon.F.sub.2.sup.8[y] to produce a value R1'.) In some embodiments, FSM 420 may include additional registers to store additional values used to generate F.sub.t (e.g., as in Snow 3G). These additional values may be generated by performing additional S-Box operations ).  
Olson does not explicitly disclose the multiplicative mask.
 	Michiels discloses the multiplicative mask ( par 0090,0073, S-box using the multiplicative masks to the input value Z.sub 2,3 in input to the S-box).

 Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of finite state machine of cipher of Olson, based on the teaching of masking the data of Michiels, because doing so would provide improve the data security (par 0090).


 	As per claim 18, Olson in view of Michiels discloses   A method according to claim 17, further comprising: Olson discloses using at least one fused multiplier-adder (FMA) in a core Sbox unit in the Sbox to (a) to receive a first pair of input values and a second pair of input values, and (b) generate an output value comprising a sum of (i) a first product of the first pair of input values and (ii) a second product of the second pair of input values (par 0067  FGU 255 may implement fused and unfused floating-point multiply-add instructions. Additionally, in one embodiment FGU 255 may implement certain integer instructions such as integer multiply, divide, and population count instructions. Depending on the implementation of FGU 255).  

 	As per claim 19, Olson in view of Michiels discloses   a method according to claim 17, further comprising:  Michiels  disclose using a fused conversion-and-masking unit (FCMU) in a byte processing unit in the Sbox to convert additively masked content in a native field to multiplicatively masked content in a composite field without unmasking the additively masked content (par 0049 0049] The key used may be a cryptographic key and may contain sufficient entropy to withstand an anticipated brute force attack. It is noted that in a white-box implementation, the key is typically not explicitly present in the implementation. This would risk the key being found by inspection of the implementation. Typically, the key is only present implicitly. Various ways are known to hide a key in a cryptographic system. Typically, at least the method of partial evaluation is used, wherein a basic block which needs key input is evaluated in-so-far that it does not depend on the input-message. For example, a basic operation wherein an input-value, a masking value, which does not depend on the input-message, e.g. a value from a substitution box (S-box), and a key-value need to be XORed can be partially evaluated by XORing the key value and the masking value together beforehand. In this way the operation still depends on the key-value although the key-value is not explicitly present in the implementation. Instead, only the XOR between the key-value and masking-value is present in the implementation. Note that, more complicated ways and/or further ways of hiding the keys are compatible with embodiments of this invention. ).  

 	As per claim 20, Olson in view of Michiels discloses   a method according to claim 19, further comprising: Michiels discloses using a field converter in the byte processing unit to convert additively masked content in a composite field to additively masked content in a native field ( par 0011 instructions for calculating a first mask value based upon the input data; and instructions for applying the first mask value to a first intermediate value of the keyed cryptographic operation. ).


Claims  15-16  are rejected under 35 U.S.C. 103 as being unpatentable over Michieles et al US 2016/0078250 in view of Olson et al US 2012/0216020.

 	As per claim 15, Michieles discloses  At least one machine-accessible medium according to claim 14, but fails to disclose  wherein the instructions, when executed, further enable the data processing system to: instantiate a core Sbox unit; and instantiate multiple fused multiplier-adders (FMAs) for the core Sbox unit, wherein each FMA is configured (a) to receive a first pair of input values and a second pair of input values, and (b) to generate an output value comprising a sum of (i) a first product of the first pair of input values and (ii) a second product of the second pair of input values.  
 	However, Olson discloses wherein the instructions, when executed, further enable the data processing system to: instantiate a core Sbox unit; and instantiate multiple fused multiplier-adders (FMAs) for the core Sbox unit, wherein each FMA is configured (a) to receive a first pair of input values and a second pair of input values, and (b) to generate an output value comprising a sum of (i) a first product of the first pair of input values and (ii) a second product of the second pair of input values (par 0084 Turning now to FIG. 4A, a block diagram of a Snow cipher 400a cipher block in the integrated circuit, the cipher block) is depicted. Snow cipher 400 is one embodiment of a word-oriented stream cipher that enables encryption and decryption of data. During operation, Snow cipher 400 generates a key Z by performing multiple rounds to generate portions of the key referred to as Z.sub.t. A sender encrypts unencrypted data (referred to as "plaintext") by performing exclusive-OR (XOR) operations between the portions Z.sub.t and portions of plaintext to produce encrypted data (referred to as ciphertext). A recipient then decrypts the ciphertext by regenerating Z and performing XOR operations in a similar manner. In the illustrated embodiment, cipher 400 is configured to implement the Snow 2.0 cipher. See "A new version of the stream cipher SNOW." Cipher 400 generates a Key Z by using a linear-feedback shift register (LFSR) 410 and a finite state machine (FSM) 420. ); and ([0088] FSM 420, in illustrated embodiment, generates new values of R1 and R2 (referred to herein as values R1' and R2', respectively) based on the previous values stored in registers 422A and 422B and the value S.sub.t+5 stored in LFSR 410. To generate R1', FSM 420 performs a modular addition of the value stored in register 422B and the value S.sub.t+5. To generate R2', FSM 420 performs an S-Box operation 428 of the value stored in register 422A. (As used herein, a substitution-box (S-Box) operation is an operation that uses a substitution box to map a first set bits in a value to a second set of bits. In Snow 2.0, a value R1 is divided into portions w0, w1, w2, and w3. A Rijndael S-Box is then applied to the portions. The results are then multiplied by a polynomial (x+1)y.sup.3+y.sup.2+y+x.epsilon.F.sub.2.sup.8[y] modulo y.sup.4+1.epsilon.F.sub.2.sup.8[y] to produce a value R1'.) In some embodiments, FSM 420 may include additional registers to store additional values used to generate F.sub.t (e.g., as in Snow 3G). These additional values may be generated by performing additional S-Box operations.).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying, the teaching of masking the data of Michiels,  by the a method of finite state machine of cipher of Olson because doing so would provide improve the data security.

 	As per claim 16, Michieles discloses  At least one machine-accessible medium according to claim 14, Michieles fails to discloses  wherein the instructions, when executed, further enable the data processing system to: instantiate a byte processing unit for the Sbox and a fused conversion-and-masking unit (FCMU) for the byte processing unit, wherein the FCMU is configured to convert additively masked content in a native field to multiplicatively masked content in a composite field without unmasking the additively masked content 
 	However, Olson discloses 
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
( par 0084 a cipher block in the integrated circuit, the cipher block) is depicted. Snow cipher 400 is one embodiment of a word-oriented stream cipher that enables encryption and decryption of data. During operation, Snow cipher 400 generates a key Z by performing multiple rounds to generate portions of the key referred to as Z.sub.t. A sender encrypts unencrypted data (referred to as "plaintext") by performing exclusive-OR (XOR) operations between the portions Z.sub.t and portions of plaintext to produce encrypted data (referred to as ciphertext). A recipient then decrypts the ciphertext by regenerating Z and performing XOR operations in a similar manner. In the illustrated embodiment, cipher 400 is configured to implement the Snow 2.0 cipher. See "A new version of the stream cipher SNOW." Cipher 400 generates a Key Z by using a linear-feedback shift register (LFSR) 410 and a finite state machine (FSM) 420. ); and ([0088] FSM 420, in illustrated embodiment, generates new values of R1 and R2 (referred to herein as values R1' and R2', respectively) based on the previous values stored in registers 422A and 422B and the value S.sub.t+5 stored in LFSR 410. To generate R1', FSM 420 performs a modular addition of the value stored in register 422B and the value S.sub.t+5. To generate R2', FSM 420 performs an S-Box operation 428 of the value stored in register 422A. (As used herein, a substitution-box (S-Box) operation is an operation that uses a substitution box to map a first set bits in a value to a second set of bits. In Snow 2.0, a value R1 is divided into portions w0, w1, w2, and w3. A Rijndael S-Box is then applied to the portions.).  


 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying, the teaching of masking the data of Michiels,  by the a method of finite state machine of cipher of Olson because doing so would provide improve the data security.




Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 14 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by  the teachings in Michiels US 2017/0033921.

As per claim 14, Michiels discloses  At least one non-transitory machine-accessible medium comprising computer instructions for generating a keystream ( par 0100 computer program code adapted to perform all the steps of a method according to the invention when the computer program is run on a computer. Preferably, the computer program is embodied on a non-transitory computer readable medium.), wherein the computer instructions, when executed on a data processing system ( par 0011 a non-transitory machine-readable storage medium encoded with instructions for execution by a keyed cryptographic operation by a cryptographic system mapping an input message to an output message, including: instructions for receiving input data for the keyed cryptographic operation; instructions for calculating a first mask value based upon the input data; and instructions for applying the first mask value to a first intermediate value of the keyed cryptographic operation. And 0044 [0044] As noted, for many cryptographic operations it is desired to have a white-box implementation. The invention may be applied, for example, to symmetric and asymmetric cryptographic operations. Also, the invention may be applied to block ciphers, stream ciphers, message authentication schemes, signature schemes, etc. Note that the invention may also be applied to hash functions. The latter is especially useful if the hash function is used as a building block which processes secret information, e.g., a secret key, secret data, etc. For example, the invention may be applied to a hash function used in a keyed-Hash Message Authentication Code (HMAC or KHMAC). Well known block ciphers include: Advanced Encryption Standard (AES), Secure And Fast Encryption Routine, (SAFER, and variants SAFER+ and SAFER++), Blowfish, Data Encryption Standard (DES), etc. A well-known stream cipher is RC4. Moreover any block cipher can be used as stream cipher using an appropriate mode of operation, e.g., Cipher feedback (CFB), Counter mode (CTR), ), enable the data processing system to: 
 instantiate a finite state machine (FSM) that comprises an Sbox ( [0046] The white-box implementation may be implemented using a plurality of basic blocks. The plurality of basic blocks is interconnected, in the sense that some of the blocks build on the outputs of one or more of the previous blocks. A basic block may be implemented in hardware, for example, as a computer chip. A basic block may use a switch board, a state machine or any other suitable construction for implementing functions in computer hardware. A basic block may also be implemented in software running on a general purpose computer chip, e.g. a microprocessor. For example, a basic block may use a plurality of computer instructions, including arithmetical instructions, which together implement the functionality of the basic block. A widely used implementation for the basic block, which may be used both in software and hardware, is a look-up table. For example, Chow 1 and Chow 2 take this approach to implement the AES and DES block ciphers. A look-up table implementation includes a list which lists for possible input values, an output value. The input value may be explicit in the lookup table. In that situation the look-up table implementation could map a particular input to a particular output by searching in the list of input values for the particular input. When the particular input is found the particular output is then also found. For example, the particular output may be stored alongside the particular input. Preferably, the input values are not stored explicitly, but only implicitly. For example, if the possible inputs are a consecutive range, e.g. of numbers or bit-strings, the look-up table may be restricted to storing a list of the output values. A particular input number may, e.g., be mapped to the particular output which is stored at a location indicated by the number. Further, finite state machines or code obfuscation may be used to implement the white-box implementation. And 0065 [0065] Both the table-based white-box implementations and the finite state machine implementations have the property that all intermediate values in the implementation are encoded (as compared to a standard implementation). Examples of white-box implementations using finite state machines are disclosed in U.S. Patent Publication 2007/0014394 entitled “Data Processing Method” and a presentation at the Re-trust Sixth Quarterly Meeting entitled “Synchrosoft MCFACT™ Secure Data Processing Technology” by Wulf Harder and Atis Straujums dated Mar. 11, 2008, which each are hereby incorporated by reference for all purposes as if fully set forth herein. FIG. 2 illustrates a white-box AES implementation with fixed encodings on the input of the rounds, i.e., on the input of the S-boxes. As shown, each of the 16 input bytes are encoded by f.sub.i and each of the output bytes are encoded by g.sub.i.): and 
use a multiplicative mask to mask data that is processed by the Sbox (par 0057 [0057] Below white-box embodiments are described using the AES (Advanced Encryption Standard) block cipher, because AES has become a widely used standard for block ciphers. AES is a block cipher with a block size of 128 bits or 16 bytes. The plaintext is divided in blocks of 16 bytes which form the initial state of the encryption algorithm, and the final state of the encryption algorithm is the cipher text. At any given point in the encryption algorithm these 16 bytes are the state of the encryption algorithm. To conceptually explain AES, the bytes of the state are organized as a matrix of 4×4 bytes. AES includes a number of rounds, which depend on the key size. Each round includes similar processing steps operating on bytes, rows, or columns of the state matrix, each round using a different round key in these processing steps. In the discussion using AES as an example, it is noted that AES defines a round in a specific manner. In the embodiments below, a round is any grouping of steps that includes at least one non-linear mapping function, such as an S-box in AES. Accordingly, a round as described below includes one non-linear mapping function and any combination of other steps of the cryptographic function. Further, the boundary of the round may start with the non-linear mapping function, for example an S-box, or any other operation that may be merged with the non-linear mapping function, for example a key addition. And 0065  0065] Both the table-based white-box implementations and the finite state machine implementations have the property that all intermediate values in the implementation are encoded (as compared to a standard implementation). Examples of white-box implementations using finite state machines are disclosed in U.S. Patent Publication 2007/0014394 entitled “Data Processing Method” and a presentation at the Re-trust Sixth Quarterly Meeting entitled “Synchrosoft MCFACT™ Secure Data Processing Technology” by Wulf Harder and Atis Straujums dated Mar. 11, 2008, which each are hereby incorporated by reference for all purposes as if fully set forth herein. FIG. 2 illustrates a white-box AES implementation with fixed encodings on the input of the rounds, i.e., on the input of the S-boxes. As shown, each of the 16 input bytes are encoded by f.sub.i and each of the output bytes are encoded by g.sub.i. ) when the FSM is being used to generate a stream of keys ( par 0090  [0090] The value z.sub.2,3 is input to the S-box of the next round. Removing the mask before using z.sub.2,3 as input to the S-box results in a functionally correct implementation. To further improve security, it may be desirable to not remove the mask at the input of the S-box. This may be realized by using multiplicative masks instead of additive masks and by applying embodiments found in U.S. patent application Ser. Nos. 14/219,606 and 14/484,925, which are hereby incorporated by reference for all purposes as if fully set forth herein. And par 0073 [0073] In the implementation depicted in FIG. 3, the key may easily be extracted from the Q-boxes. Just applying the inverse MixColumns multiplication and the inverse S-box to the output reveals the plain AddRoundKey operation. To prevent this, the input and outputs of all lookup tables are encoded with arbitrary bijective functions. This is described in Chow 1. This means that a lookup table is merged with an encoding function that encodes the output and with a decoding function that decodes the input. The encodings are chosen such that the output encoding of one table matches the input encoding assumed in the next tables. A portion of the implementation of FIG. 3 is depicted in FIG. 4 for the first round. In this example, the input to the round is not encoded in order to be compliant with AES, but the output of the round is encoded. The output encoding is handled in the next round. That is, unlike the first round, the second round (and the later rounds) assumes that the input is encoded. Alternatively, the first round may receive an encoded input. This input encoding must then be applied elsewhere in the software program containing the white-box implementation. Similarly, the last round may or may not include an output encoding depending on whether the output is to be AES compliant. Note that in the white-box implementation obtained, both the lookup tables and the intermediate values are obfuscated.).  

Allowable Subject Matter
Claims 3 and 8 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is an examiner’s statement of reasons for allowance: the claims 3 and 8 incorporated with the all the independent claims would be allowable over the above cited prior art. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Michiels US 2015/0270949 whtiebox implementation against attacks
Michiels US 2016/0078250 remapping constant points in a white-box implementation.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496