DETAILED ACTION
This is in response to the application filed on May 7, 2020 in which claims 1 – 20 are presented for examination.
Status of Claims
Claims 1 – 20 are pending, of which claims 1 and 11 are in independent form.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on May 7, 2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 – 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly 
The term “substantially the same” in claims 1 and 11 is a relative term which renders the claim indefinite. The term “substantially the same” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  Applicant describes a situation where a first and second conditional operation are identical.  Applicant also describes a situation where implementations may be different (e.g., [0014] A=B vs A!=B).  However, there is no definition for what conditions are ‘substantially the same.’  Claims 2 – 10 and 12 – 20 inherit this rejection based on their dependencies.
MPEP 2173.05(b) III. D. shows instances in which 'substantially' was found to be definite.  However, this section cites an example wherein substantially was found to be definite "in view of the general guidelines contained in the specification."  MPEP 2173.05(b) I. states "Thus, when a term of degree is used in the claim, the examiner should determine whether the specification provides some standard for measuring that degree."  In this Application, the examiner does not find any standard for measuring whether a condition is ‘substantially the same.’

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 – 5, 7, 8, 10 – 17, and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because these method claims can be interpreted as being accomplished solely in software.  Executing operations, evaluating, and changing states can all be reasonably considered to be accomplished via software per se.  Nothing in the above claims rules out this interpretation.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 6, 11, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Margalit, U.S. Patent Application 2019/0188391 (hereinafter referred to as Margalit).

Referring to claim 1, Margalit discloses “A method for protecting execution of a program against a fault injection attack in a data processing system” ([0018] fault injection countermeasure circuitry), “the method comprising: executing a first conditional operation while the program execution is in a first state, wherein when an evaluation of a condition of the first conditional operation is true, the program execution proceeds forward from the first state to a second state, and wherein when an evaluation of the first conditional operation is false, program execution remains at the first state” ([0038] and [0092] conditional branches may be attractive targets for hackers seeking a worthwhile target, in a given code, to attack. For example, a conditional branch may be an attractive target for a hacker because the branch may route the code flow either to a first option which grants an end-user secret information or to a second option which deems the end-user non-authentic hence does not provide the secret information); “and executing a second conditional operation while the program execution is in the second state, wherein a condition of the second conditional operation is substantially the same as the condition of the first conditional operation” ([0200] sequence of branches based on the same condition).
	Margalit does not appear to explicitly disclose “wherein when an evaluation of the condition of the second conditional operation is true, the program execution proceeds forward from the second state to a third state, and wherein when an evaluation of the condition of the second conditional operation is false, program execution returns to the first state.”
	However, it would have been obvious to one of ordinary skill in the art at the time of Applicant’s invention to duplicate the teachings of Margalit ([0038] and [0092]) so that 
	As learned from In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960), mere duplication of parts has no patentable significance unless a new and unexpected result is produced.

As per claim 5, as above, Margalit discloses ([0038] and [0092] conditional branches may be attractive targets for hackers seeking a worthwhile target, in a given code, to attack. For example, a conditional branch may be an attractive target for a hacker because the branch may route the code flow either to a first option which grants an end-user secret information or to a second option which deems the end-user non-authentic hence does not provide the secret information)
Further, Margalit discloses “executing a third conditional operation from the third state, wherein a condition of the third conditional operation is identical to the
condition of both the first and second conditional operations” ([0200] to repeat the conditional branch n>1 times).
	Also, as above, it would have been obvious to one of ordinary skill in the art to duplicate the teachings of Margalit at [0038] and [0092] so that when a sequence of 
	In other words, it would have been obvious to duplicate Margalit’s teachings so that “when an evaluation of a condition of the third conditional operation is true, the program execution stays in the third state, and wherein when an evaluation of the condition of the third conditional operation is false, program execution goes back from the third state to the first state.”
	As learned from In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960), mere duplication of parts has no patentable significance unless a new and unexpected result is produced.

	As per claim 6, Margalit discloses “the method is implemented as instructions stored on a non-transitory machine-readable storage medium” ([0063] a computer program product, comprising a non-transitory tangible computer readable medium having computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a security method which dynamically, depending on processor core execution flow, controls fault injection countermeasure circuitry operative to protect the processor from fault injection attacks).

Referring to claim 11, claims 1 and 5 recite the corresponding limitations as that of claim 11.  Therefore, the rejections of claims 1 and 5 apply to claim 11. 

As per claim 15, Margalit discloses “the first, second, and third conditional operations are executed in a sequence” ([0200] sequence of branches based on the same condition).

Note, claim 20 recites the corresponding limitations of claim 6.  Therefore, the rejection of claim 6 applies to claim 20.

Claims 2, 3, 8 – 10, 12, 13, and 17 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over Margalit in view of Rohleder et al., U.S. Patent Application 2017/0124354 (hereinafter referred to as Rohleder).

	As per claim 2, as above, it would have been obvious to one of ordinary skill in the art at the time of Applicant’s invention to duplicate the teachings of Margalit ([0038] and [0092]) so that when a sequence of branches is executed (as in [0200]), multiple branches may route the code flow either to a first option which grants an end-user secret information or to a second option which deems the end-user non-authentic hence does not provide the secret information.  In such a situation, there would be a first state 
	As learned from In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960), mere duplication of parts has no patentable significance unless a new and unexpected result is produced.
Margalit does not appear to explicitly disclose “checking that the program execution arrived in each of the first, second, and third states from an allowed previous state, wherein if the program execution is determined to have arrived at the third state from an allowed previous state, the program execution can remain in the third state, and if the program execution is determined to have arrived at the third state from an unallowed state, the program execution returns to the first state.”
However, Rohleder discloses another method for protecting information including “checking that the program execution arrived in each of the first, second, and third states from an allowed previous state, wherein if the program execution is determined to have arrived at the third state from an allowed previous state, the program execution can remain in the third state, and if the program execution is determined to have arrived at the third state from an unallowed state, the program execution returns to the first state” ([0004] unauthorized access of lifecycle information and access to internal information (access key).  [0021] comparing FSM results, ensure that transitions between lifecycle states comply with security protocol. [0026] state transition evaluation module (STM) with redundantly operating FSMs verifying the state sequences.  [0028] comparing outputs of FSMs and if any mismatch, prevent access to the LC information).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit and Rohleder before him or her, to modify the teachings of Margalit to include the teachings of Rohleder so that a sequence of program states are checked to ensure that state transitions comply with allowable progression of states.
The motivation for doing so would have been to add another layer of protection by ensuring that not only is the current state capable of accessing secret date, but the state transitions that preceded the current state were also proper.
Therefore, it would have been obvious to combine Rohleder with Margalit to obtain the invention as specified in the instant claim.

	As per claim 3, Margalit does not appear to explicitly disclose “the allowed previous state is stored in a register bit field and wherein checking that program execution arrival in the third state is from the allowed previous state further comprises checking the register bit field for the allowed previous state.”
	However, Rohleder discloses “the allowed previous state is stored in a register bit field and wherein checking that program execution arrival in the third state is from the allowed previous state further comprises checking the register bit field for the allowed previous state” ([0019] and [0021] checks on the state transition flags).

Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit and Rohleder before him or her, to modify the teachings of Margalit to include the teachings of Rohleder so that a sequence of program states are checked to ensure that state transitions comply with allowable progression of states.
The motivation for doing so would have been to add another layer of protection by ensuring that not only is the current state capable of accessing secret date, but the state transitions that preceded the current state were also proper.
Therefore, it would have been obvious to combine Rohleder with Margalit to obtain the invention as specified in the instant claim.

	As per claim 8, Margalit does not appear to explicitly disclose “performing the steps of executing using a first state machine in the data processing system; performing the steps of executing using a second state machine in the data processing system; and determining that the first and second state machines both reach the third state via the second state.”
	However, Rohleder discloses “performing the steps of executing using a first state machine in the data processing system; performing the steps of executing using a second state machine in the data processing system; and determining that the first and second state machines both reach the third state via the second state” ([0021] comparing FSM results, ensure that transitions between lifecycle states comply with security protocol. [0026] state transition evaluation module (STM) with redundantly operating FSMs verifying the state sequences. [0028] comparing outputs of FSMs and if any mismatch, prevent access to the LC information. [0039] FSMs are redundant and initialized to the same state, such that if the same sequence of inputs is applied to each, then each FSM will arrive at the same state).
Margalit and Rohleder are analogous art because they are from the same field of endeavor, which is methods for rejecting attacks that attempt to gain unauthorized access to data.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit and Rohleder before him or her, to modify the teachings of Margalit to include the teachings of Rohleder so that multiple FSMs execute and determining that the first and second state machines both reach the third state via the second state.
The motivation for doing so would have been to add another layer of protection by ensuring that not only is the current state capable of accessing secret date, but the state transitions that preceded the current state were also proper.
Therefore, it would have been obvious to combine Rohleder with Margalit to obtain the invention as specified in the instant claim.

	As per claim 9, Rohleder discloses a pair of redundantly operating finite state machines ([0026]).

	However, both hardware and software finite state machines are known in the art.  ‘Using State Machines In Your Designs’ by Hank Wallace is provided as an evidentiary reference to show that both hardware and software finite state machines are known in the art.  Further, another provided evidentiary reference is Tanenbaum’s ‘Structured Computer Organization – Second Edition.’ Tanenbaum states at page 11 “Hardware and software are logically equivalent. Any operation performed by software can also be built directly into the hardware and any instruction executed by the hardware can also be simulated in software. The decision to put certain functions in hardware and others in software is based on such factors as cost, speed, reliability, and frequency of expected changes. There are no hard and fast rules to the effect that X must go into the hardware and Y must be programmed explicitly. Designers With different goals may, and often do, make different decisions.”
	It would have been obvious to one of ordinary skill in the art at the time of Applicant’s filing to modify Margalit/Rohleder so that the multiple finite state machines are built with only hardware finite state machines, only software finite state machines, or a combination of hardware and software finite state machines.
	As is known in the art (and stated by Tanenbaum), “any operation performed by software can also be built directly into the hardware and any instruction executed by the hardware can also be simulated in software. The decision to put certain functions in hardware and others in software is based on such factors as cost, speed, reliability, and 

Note, claim 10 recites the corresponding limitations of claim 5.  Therefore, the rejection of claim 5 applies to claim 10.
Also, claim 10 introduces “the first and second state machines.”  As above, Rohleder discloses “the first and second state machines” ([0021] comparing FSM results, ensure that transitions between lifecycle states comply with security protocol. [0026] state transition evaluation module (STM) with redundantly operating FSMs verifying the state sequences. [0028] comparing outputs of FSMs and if any mismatch, prevent access to the LC information. [0039] FSMs are redundant and initialized to the same state, such that if the same sequence of inputs is applied to each, then each FSM will arrive at the same state).
Margalit and Rohleder are analogous art because they are from the same field of endeavor, which is methods for rejecting attacks that attempt to gain unauthorized access to data.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit and Rohleder before him or her, to modify the teachings of Margalit to include the teachings of Rohleder so that multiple FSMs execute and determining that the first and second state machines both reach the third state via the second state.

Therefore, it would have been obvious to combine Rohleder with Margalit to obtain the invention as specified in the instant claim.

Note, claim 12 recites the corresponding limitations of claim 2.  Therefore, the rejection of claim 2 applies to claim 12.

Note, claim 13 recites the corresponding limitations of claim 3.  Therefore, the rejection of claim 3 applies to claim 13.

Note, claim 17 recites the corresponding limitations of claim 8.  Therefore, the rejection of claim 8 applies to claim 17.

Note, claim 18 recites the corresponding limitations of claim 9.  Therefore, the rejection of claim 9 applies to claim 18.

As per claim 19, Margalit does not appear to explicitly disclose “the steps of performing and determining are executed in parallel by the first and second state machines”
However, Rohleder discloses “the steps of performing and determining are executed in parallel by the first and second state machines” ([0013] concurrent operations at different stages, [0023] concurrently checked by repeated redundant operations, [0040] processing of the flag sets by the two FSMs may occur concurrently).
Margalit and Rohleder are analogous art because they are from the same field of endeavor, which is methods for rejecting attacks that attempt to gain unauthorized access to data.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit and Rohleder before him or her, to modify the teachings of Margalit to include the teachings of Rohleder so that multiple FSMs execute and performing and determining are executed in parallel.
The motivation for doing so would have been to provide for faster throughput.
Therefore, it would have been obvious to combine Rohleder with Margalit to obtain the invention as specified in the instant claim.

Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Margalit in view of Rohleder, as applied to claims above, further in view of ‘Securing Conditional Branches in the Presence of Fault Attacks’ by Robert Schilling et al. (hereinafter referred to as Schilling) (from Applicant’s IDS).

As per claim 4, Rohleder discloses “the register bit field stores” information “for the allowed previous state” ([0019] and [0021] state transition flags).
Neither Margalit nor Rohleder appears to explicitly disclose “the register bit field stores a program counter value for the allowed previous state.”
section III ‘CFI protection mechanism contains a dedicated internal state S for each value of the PC, which is updated when executing the conditional branch’).
	It would have been obvious to one of ordinary skill in the art at the time of Applicant’s filing to combine Schilling’s program counter usage with the method of Margalit/Rohleder so that “the register bit field stores a program counter value for the allowed previous state.”
Margalit, Rohleder, and Schilling are analogous art because they are from the same field of endeavor, which is security and rejecting attacks.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit, Rohleder, and Schilling before him or her, to modify the teachings of Margalit and Rohleder to include the teachings of Schilling so that the register bit field stores a program counter value for the allowed previous state.
The motivation for doing so would have been to eliminate the single point of failure present in state-of-the-art CFI protection schemes (as stated by Schilling in section III, paragraph beginning with ‘Without further measure”).
Therefore, it would have been obvious to combine Schilling with Margalit and Rohleder to obtain the invention as specified in the instant claim.

Note, claim 14 recites the corresponding limitations of claim 4.  Therefore, the rejection of claim 4 applies to claim 14.

Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Margalit in view of Soukharev et al., U.S. Patent Application 2020/0044819 (hereinafter referred to as Soukharev).

	As per claim 7, Margalit discloses “the first and second conditional operations are logically identical if-then-else operations” ([0092]).
	Margalit does not appear to explicitly disclose the first and second conditional operations “having different implementations.”  
	Applicant describes different implementations in Fig. 2 and [0014] as utilizing A=B for one implementation and using A!=B for another implementation.
	However, Soukharev discloses first and second conditional operations “having different implementations” ([0113] - [0115] countermeasures can make duplicated implementations more independent.  For example, two functions producing inverted output of one another. Thus, an attacker would have to flip one bit in one direction and another bit in the other direction). 
Margalit and Soukharev are analogous art because they are from the same field of endeavor, which is fault injection countermeasures.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Margalit and Soukharev before him or her, to modify the teachings of Margalit to include the teachings of Soukharev so that first and second conditional operations have different implementations.

Therefore, it would have been obvious to combine Soukharev with Margalit to obtain the invention as specified in the instant claim.

Note, claim 16 recites the corresponding limitations of claim 7.  Therefore, the rejection of claim 7 applies to claim 16.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Application 20170090926 teaches control flow integrity with repeating conditional branch operations.
U.S. Patent Application 20210152326 teaches preventing fault injection attacks and comparing results of the same cryptographic operations twice.
U.S. Patent Application 20210240823 is a co-pending of Margalit above with similar teachings.
U.S. Patent 8720600 teaches comparing two signatures to detect a fault attack.
U.S. Patent 10289871 is the granted patent of Rohleder above.
U.S. Patent 10305479 teaches redundant secure circuits and comparing outputs.
U.S. Patent 10990682 is the granted patent of Margalit above.
U.S. Patent 11206126 is the granted patent of Soukharev above.

‘Structured Computer Organization – Second Edition’ by Andrew S. Tanenbaum, copyright 1984.
‘Security-Aware FSM Design Flow for Identifying and Mitigating Vulnerabilities to Fault Attacks’ by Adib Nahiyan et al., IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 38, NO. 6, JUNE 2019 teaches valid state transitions and not compromising security.
‘Controlling PC on ARM using Fault Injection’ by Timmers et al., 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography teaches fault injection attacks and attacking program counter values, as well as countermeasures.
‘FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response’ by Bilgiday Yuce et al., copyright 2016 teaches instruction duplication and triplication for fault attacks.
‘10. Finite State Machines’ from sjsu.edu, archived on 4/28/2019 teaches details of finite state machines and conditional transitions.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN G SNYDER whose telephone number is (571)270-1971.  The examiner can normally be reached on M-F 8:00am-4:30pm (flexible).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Henry Tsai can be reached on 571-272-4176.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/STEVEN G SNYDER/Primary Examiner, Art Unit 2184