Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response filed 01/24/2022 have been received and entered.
Applicant’s arguments, see Applicant Arguments pages 7-14, with respect to the rejection(s) of the independent claim(s) 1 (10 and 15) under 35 U.S.C. 103 have been fully considered and are not persuasive. Therefore, the rejections have been maintained.
	In response to Applicant’s argument with respect to claim 1 that the art of record fails to disclose “identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload”, Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.  With broadest reasonable interpretation of the claim language as written, Johnson teaches identifying one or more different blocks of a previous packet by the NI (Para [0061] The plurality of blocks of plaintext may be received through an input/output (I/O) interface, and in an embodiment, may be voice or video data. Alternatively, the plaintext may be generated in an internal processor. ... Para [0070] At step 1340, a second tag is generated from the blocks of ciphertext generated in the previous step); and Silva teaches encrypting one or more different blocks by the NI (Page 228, Section IV, 3rd left para, NI (Network Interface): It is responsible for adapting the protocol of the FSL channel to the protocol used in the channels of SoCIN, packetizing and depacketizing data. In addition, it controls the exchange of keys and encrypts and decrypts packet content).  Applicant is advised to narrow the limitations to overcome the art of record.
	In response to Applicant’s argument with respect to claim 10 that the art of record fails to disclose  “identifying, by a network interface (NI) of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a packet comprising an encrypted payload; and decrypting, by the NI, the encrypted payload based at least in part on applying at least one parameter to create one or more different blocks corresponding to a payload of a previous packet identified by the IP core”,  Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.  With broadest reasonable interpretation of the claim language as written, Johnson teaches identifying a packet comprising an encrypted payload by the NI (Para [0061] The plurality of blocks of plaintext may be received through an input/output (I/O) interface, and in an embodiment, may be voice or video data. Alternatively, the plaintext may be generated in an internal processor. ... Para [0070] At step 1340, a second tag is generated from the blocks of ciphertext generated in the previous step); and Silva teaches decrypting the encrypted payload based on payload of a previous packet by the NI (Page 228, Section IV, 3rd left para, NI (Network Interface): It is responsible for adapting the protocol of the FSL channel to the protocol used in the channels of SoCIN, packetizing and depacketizing data. In addition, it controls the exchange of keys and encrypts and decrypts packet content).  Applicant is advised to narrow the limitations to overcome the art of record.
	In response to Applicant’s argument with respect to claim 15 that the art of record fails to disclose “splitting, by the NI, the payload into one or more different blocks comprising bitwise differences between the payload and a payload stored in a register of the NI of the sender IP core and associated with the receiver IP core”;  and “encrypting, by the NI, individual ones of the one or more different blocks to create encrypted blocks of an encrypted payload”, Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons. With broadest reasonable interpretation of the claim language as written, Minematsu teaches splitting the payload into one or more different blocks comprising bitwise differences by the NI (Para [0037] … FIG. 3 is a block diagram illustrating data flow in the incremental MAC tag generation device according to the first exemplary embodiment of the present invention. Furthermore, in the following description, unless expressly specified otherwise, + represents a bit-by-bit XOR and a length of one block of a message is n bits.  Para [0039] The input means 100 inputs a plaintext M=(M[1], . . . , M[L]) to be authenticated, a cached plaintext M'=(M'[1], . . . , M'[N]), and a cached intermediate variable S'=(S'[1], . . . , S'[N]). The plaintext M and the cached plaintext M' are divided by n-bit block unit); and Silva teaches encrypting individual ones of the one or more different blocks by the NI (Page 228, Section IV, 3rd left para, NI (Network Interface): It is responsible for adapting the protocol of the FSL channel to the protocol used in the channels of SoCIN, packetizing and depacketizing data. In addition, it controls the exchange of keys and encrypts and decrypts packet content). Applicant is advised to narrow the limitations to overcome the art of record.
	The rest of applicant’s arguments with respect to the rejections of the dependent claims under 35 U.S.C. 103 are moot in view of new grounds of rejection set forth above.	 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim s 1, 2, 3,6, 10-12, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Silva et al. (NPL dated 2017; Confidentiality and Authenticity in a Platform Based on Network-on-Chip, 2017 VII Brazilian Symposium on Computing Systems Engineering); hereinafter Silva in view of Johnson et al. (US 20180294968), hereinafter Johnson.
	Regarding Claim 1, Silva teaches
	A method for incremental encryption of intellectual property (IP) core communications, comprising: obtaining, by a network interface (NI) of a sender intellectual property (IP) core ina network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core (Abstract — In many-core systems, the processing elements are interconnected using Networks-on-Chip. An example of on chip network is SoCIN, a low-cost interconnect architecture whose original design did not take into account security aspects. Page 225, Section, Introduction, first left para, ... These SoCs (Systems-on-a-Chip) consist of several reusable components that are usually named cores or IPs (from Intellectual Property) [1]. ... Second right para, The cores of a SoC are interconnected through a communication architecture that provides the means for information exchange. ... Page 226, Section III, 3rdleft para, Fig. 1 depicts the proposed platform, which includes a crypto processor (KDC) and a set of Xilinx MicroBlaze TM cores, each one with an embedded local memory. These processing nodes are connected to the NoC through a secure network interface (NI), in which an AES based security mechanism has been integrated. Page 226, Section III, C, 2nd left para, In SoCIN, packets are composed of 32-bit flits (flow control digits). ...A pair of framing bits identifies if the flit is the header (01), a data flit (00) or the trailer (10));
	encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload (Page 228, Section IV, 3rd left para, NI (Network Interface): It is responsible for adapting the protocol of the FSL channel to the protocol used in the channels of SoCIN, packetizing and depacketizing data. In addition, it controls the exchange of keys and encrypts and decrypts packet content. To ensure confidentiality, the NI uses the connectionless confidentiality service. In order to ensure the authenticity property, the source authentication service is used. The main component of the Nlis the AES block [16], which encrypts and decrypts information using symmetric keys. Fig. 6 presents the block diagram of the network interface).
	Silva does not explicitly teach a identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core.
	In the field of endeavor, Johnson teaches
	identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core (Para [0061] The plurality of blocks of plaintext may be received through an input/output (I/O) interface, and in an embodiment, may be voice or video data. Alternatively, the plaintext may be generated in an internal processor. ... Para [0070] At step 1340, a second tag is generated from the blocks of ciphertext generated in the previous step. ...).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Silva to incorporate the teachings by Johnson such that the method of Silva includes identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core. One would have been motivated to make such combination so that the block cipher encryption module uses the data-dependent IV and the same key to encrypt the plaintext and generate ciphertext Johnson, Para [0033]), and a second tag is generated from the blocks of ciphertext generated in the previous step Johnson, Para [0070)).
	Regarding Claim 2, the combination of Silva and Johnson teaches all the limitations of claim 1 above,
	The method of claim 1, further comprising: generating, by the NI, helper data that indicates the one or more different blocks (Johnson, Para [0032] As seen in FIG. 4, plaintext 410 is input to the first block cipher encryption module 420, in addition to an initialization vector (IV) 460 and a key 440. The first block cipher encryption module 420 generates ciphertext 430. In an embodiment, a portion of the ciphertext 430 is used as the authentication code or tag 435).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 3, the combination of Silva and Johnson teaches all the limitations of claim 1 and claim 2 above,
	The method of claim 2, further comprising: generating a final packet for communication to the receiver IP core by combining at least the helper data and the encrypted payload (Johnson, Para [0033] The tag 435, which is dependent on the data, is combined with the lV 460, and is used as anew 1V 465 for the second block cipher encryption module 450. The second block cipher encryption module 450 uses the data-dependent lV 465 and the same key 440 to encrypt the plaintext 410 and generate ciphertext 470. In an embodiment, the concatenated ciphertext 470 and tag 435 are transmitted over-the-air using a transmitter 490 and an antenna 495. In another embodiment, the ciphertext 470 and the tag 435 may be transmitted separately).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 6, the combination of Silva and Johnson teaches all the limitations of claim 1 above,
	The method of claim 1, further comprising: constructing, by the NI, a ciphertext from the encrypted blocks and the one or more different blocks to create the encrypted payload (Johnson, Para [0032] As seen in FIG. 4, plaintext 410 is input to the first block cipher encryption module 420, in addition to an initialization vector (IV) 460 and a key 440. The first block cipher encryption module 420 generates ciphertext 430. In an embodiment, a portion of the ciphertext 430 is used as the authentication code or tag 435).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 10, Silva teaches
	A method for decryption of intellectual property (IP) core communications, comprising: (Abstract— In many-core systems, the processing elements are interconnected using Networks-on-Chip. An example of on chip network is SoCIN, a low-cost interconnect architecture whose original design did not take into account security aspects. Page 225, Section |, Introduction, first left para, ... These SoCs (Systems-on-a-Chip) consist of several reusable components that are usually named cores or IPs (from Intellectual Property) [1]. ... Second right para, The cores of a SoC are interconnected through a communication architecture that provides the means for information exchange. ... Page 226, Section III, 3rd left para, Fig. 1 depicts the proposed platform, which includes a crypto processor (KDC) and a set of Xilinx MicroBlazeTM cores, each one with an embedded local memory. These processing nodes are connected to the NoC through a secure network interface (NI), in which an AES based security mechanism has been integrated. Page 226, Section III, C, 2nd left para, InSoCIN, packets are composed of 32-bit flits (flow control digits). ... A pair of framing bits identifies if the flit is the header (01), a data flit (00) or the trailer (10).); and
	decrypting, by the NI, the encrypted payload based at least in part on applying at least one parameter to create one or more different blocks corresponding to a payload of a previous packet identified by the IP core (Page 228, Section IV, 3rd left para, NI (Network Interface): It is responsible for adapting the protocol of the FSL channel to the protocol used in the channels of SoCIN, packetizing and depacketizing data. In addition, it controls the exchange of keys and encrypts and decrypts packet content. To ensure confidentiality, the NI uses the connectionless confidentiality service. In order to ensure the authenticity property, the source authentication service is used. The main component of the Nlis the AES block [16], which encrypts and decrypts information using symmetric keys. Fig. 6 presents the block diagram of the network interface).
	Silva does not explicitly teach identifying, by a network interface (NI) of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a packet comprising an encrypted payload.
	In the same field of endeavor, Johnson teaches
	identifying, by a network interface (NI) of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a packet comprising an encrypted payload (Para [0061] The plurality of blocks of plaintext may be received through an input/output (I/O) interface, and in an embodiment, may be voice or video data. Alternatively, the plaintext may be generated in an internal processor. ... Para [0070] At step 1340, a second tag is generated from the blocks of ciphertext generated in the previous step. ...).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Silva to incorporate the teachings by Johnson such that the method of Silva includes identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core. One would have been motivated to make such combination so that the block cipher encryption module uses the data-dependent IV and the same key to encrypt the plaintext and generate ciphertext Johnson, Para [0033]), and a second tag is generated from the blocks of ciphertext generated in the previous step Johnson, Para [0070)).
	Regarding Claim 11, the combination of Silva and Johnson teaches all the limitations of claim 10 above,
	wherein a plaintext header of the packet comprises helper data that indicates at least one location for the one or more different blocks associated with the previous packet (Johnson, Para [0032] As seen in FIG. 4, plaintext 410 is input to the first block cipher encryption module 420, in addition to an initialization vector (IV) 460 and a key 440. The first block cipher encryption module 420 generates ciphertext 430. In an embodiment, a portion of the ciphertext 430 is used as the authentication code or tag 435).
	The motivation/rationale to combine the references is similar to claim 10 above.
	Regarding Claim 12, the combination of Silva and Johnson teaches all the limitations of claim 10 and claim 11 above,
	The method of claim 11, further comprising: constructing, by the NI, a new payload based at least in part on combining the one or more different blocks with at least a portion of the payload of the previous packet based at least in part on the location (Johnson, Para [0032] As seen in FIG. 4, plaintext 410 is input to the first block cipher encryption module 420, in addition to an initialization vector (IV) 460 and a key 440. The first block cipher encryption module 420 generates ciphertext 430. Inan embodiment, a portion of the ciphertext 430 is used as the authentication code or tag 435. Para [0033] The tag 435, which is dependent on the data, is combined with the 1V 460, and is used as anew IV 465 for the second block cipher encryption module 450. ...).
	The motivation/rationale to combine the references is similar to claim 10 above.
Claims 4,5, 8,9, and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Silva et al. (NPL dated 2017; Confidentiality and Authenticity in a Platform Based on Network -on-Chip, 2017 VII Brazilian Symposium on Computing Systems Engineering); hereinafter Silva in view of Johnson et al. (US 20180294968), hereinafter Johnson in view of Minematsu et al. (US 20140317407), hereinafter Minematsu.
	Regarding Claim 4, the combination of Silva and Johnson teaches all the limitations of claim 1 and claim 3 above,
	The combination of Silva and Johnson does not explicitly teach a method further comprising: adding at least one filler to create the final packet.	
	In the same field of endeavor Minematsu teaches
	The method of claim 3, further comprising: adding at least one filler to create the final packet (Para [0064] the processings represented in the Equation fin and the Equation fin2 are the standard technique used in the OMAC described in NPL 5 in the same manner as the function of the padding means 101. In addition, when the hash value V is longer than a block size of a block cipher to be used, a mode such as a CBC-MAC or a CMAC may be used).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Silva and Johnson to incorporate the teachings by Minematsu such that the method of the combination of Silva and Johnson includes adding at least one filler to create the final packet. One would have been motivated to make such combination in order to dividing a message into blocks of n-bit units and carrying out padding on the blocks of the message when a certain block is less than n bits (Minematsu, Para [0021]).
	Regarding Claim 5, the combination of Silva and Johnson teaches all the limitations of claim 1 and claim 3 above,
	The method of claim 3, wherein the final packet is a same packet size as the previous packet (Minematsu, Para [0068] Next, when a final block M[L] of a message is less than n bits, the padding means 101 carries out padding on the final block M[L] of the message to set the padding result as the intermediate variable S[L]. When the final block M[L] is just n bits, the padding means 101 sets the final block M[L] as the intermediate variable S[L] as it is (step G2). Para [0083] Then, the tag generation means 104 generates a local tag Z by encrypting the hash value V by using a binary parameter to indicate whether the padding is performed on the final block M[L] of the plaintext (that is, whether M[L] is n bits) (step V5)).
	The motivation/rationale to combine the references is similar to claim 4 above.
	Regarding Claim 8, the combination of Silva and Johnson teaches all the limitations of claim 1 above,
	wherein encrypting the one or more different blocks to create encrypted blocks comprises: splitting the payload into the one or more different blocks and encrypting the one or more different blocks (Minematsu, Para [0039] The input means 100 inputs a plaintext M=(M[1], ..., M[L]) to be authenticated, a cached plaintext M'=(M'[1],..., M'[N]), and a cached intermediate variable S'=(S'[1], .. ., SN]). The plaintext M and the cached plaintext M' are divided by n-bit block unit. ... Para [0041] The cache reference parallel encryption means 102 encrypts only a block requiring an input plaintext M by block unit in parallel with reference to a cache. ...).
	The motivation/rationale to combine the references is similar to claim 4 above.
	Regarding Claim 9, the combination of Silva and Johnson teaches all the limitations of claim 1 above,
	wherein the previous packet comprises a most recent one of a plurality of packets communicated between the sender IP core and the receiver IP core (Minematsu, Para [0005] On the other hand, there is a scheme in which when a sent plaintext M' is a message obtained by performing a specific editing process on a previously sent plaintext M, the tag T" with respect to the plaintext M' can be calculated at high speed by reusing a calculation result of a tag T with respect to the plaintext M. Such a MAC scheme is called "being incremental" (with respect to the processing)).
	The motivation/rationale to combine the references is similar to claim 4 above.
	Regarding Claim 15, Silva teaches
	A method for incremental cryptography of intellectual property (IP) core communications in a network-on-chip (NoC) based system-on-chip (SoC) architecture, comprising: obtaining, by a network interface (NI) of a sender intellectual property (IP) core, a payload for communication to a receiver intellectual property (IP) core (Abstract— In many-core systems, the processing elements are interconnected using Networks-on-Chip. An example of on chip network is SoCIN, a low-cost interconnect architecture whose original design did not take into account security aspects. Page 225, Section |, Introduction, first left para, ... These SoCs (Systems-on-a-Chip) consist of several reusable components that are usually named cores or IPs (from Intellectual Property) [1]. ... Second right para, The cores of a SoC are interconnected through a communication architecture that provides the means for information exchange. ... Page 226, Section III, 3rd left para, Fig. 1 depicts the proposed platform, which includes a crypto processor (KDC) and a set of Xilinx MicroBlazeTM cores, each one with an embedded local memory. These processing nodes are connected to the NoC through a secure network interface (NI), in which an AES based security mechanism has been integrated. Page 226, Section III, C, 2nd left para, In SoCIN, packets are composed of 32-bit flits (flow control digits). ...A pair of framing bits identifies if the flit is the header (01), a data flit (OO) or the trailer (10).);
	encrypting, by the NI, individual ones of the one or more different blocks to create encrypted blocks of an encrypted payload (Page 228, Section IV, 3rd left para, NI (Network Interface): It is responsible for adapting the protocol of the FSL channel to the protocol used in the channels of SoCIN, packetizing and depacketizing data. In addition, it controls the exchange of keys and encrypts and decrypts packet content. To ensure confidentiality, the NI uses the connectionless confidentiality service. In order to ensure the authenticity property, the source authentication service is used. The main component of the Nl is the AES block [16], which encrypts and decrypts information using symmetric keys. Fig. 6 presents the block diagram of the network interface).
	Silva does not explicitly teach a method splitting, by the NI, the payload into one or more different blocks comprising bitwise differences between the payload and a payload stored ina register of the NI of the sender IP core and associated with the receiver IP core.
	In the same field of endeavor, Minematsu teaches
	splitting, by the NI, the payload into one or more different blocks comprising bitwise differences between the payload and a payload stored in a register of the NI of the sender IP core and associated with the receiver IP core (Para [0037] ... FIG. 3 is a block diagram illustrating data flow in the incremental MAC tag generation device according to the first exemplary embodiment of the present invention. Furthermore, in the following description, unless expressly specified otherwise, + represents a bit-by-bit XOR and a length of one block of a message is n bits. Para [0039] The input means 100 inputs a plaintext M=(M[1],..., M[L]) to be authenticated, a cached plaintext M'=(M'[1],..., M'[N]), and a cached intermediate variable S'=(S'‘[1], ..., S'IN]). The plaintext M and the cached plaintext M' are divided by n-bit block unit).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the Silva to incorporate the teachings by Minematsu such that the method of Silva includes splitting, by the NI, the payload into one or more different blocks comprising bitwise differences between the payload and a payload stored in a register of the NI of the sender IP core and associated with the receiver IP core. One would have been motivated to make such combination in order to dividing a message into blocks of n-bit units and carrying out padding on the blocks of the message when a certain block is less than n bits (Minematsu, Para [0021]), and the plaintext M and the cached plaintext M' are divided by n-bit block unit (Minematsu, Para [0039]).
	The combination of Silva and Minematsu does not explicitly teach a method constructing, by the NI, a ciphertext from the encrypted blocks and the one or more different blocks to create the encrypted payload.
	In the same field of endeavor, Johnson teaches
	constructing, by the NI, a ciphertext from the encrypted blocks and the one or more different blocks to create the encrypted payload (Para [0032] As seen in FIG. 4, plaintext 410 is input to the first block cipher encryption module 420, in addition to an initialization vector (IV) 460 and a key 440. The first block cipher encryption module 420 generates ciphertext 430. In an embodiment, a portion of the ciphertext 430 is used as the authentication code or tag 435).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Silva and Minematsu to incorporate the teachings by Johnson such that the method of the combination of Silva and Minematsu includes constructing, by the NI, a ciphertext from the encrypted blocks and the one or more different blocks to create the encrypted payload. One would have been motivated to make such combination so that the block cipher encryption module uses the data-dependent IV and the same key to encrypt the plaintext and generate ciphertext Johnson, Para [0033)).
	Regarding Claim 16, the combination of Silva, Minematsu, and Johnson teaches all the limitations of claim 15 above,
	The method of claim 15, further comprising: transmitting the encrypted payload comprising the ciphertext to the receiver |P core (Johnson, Para [0058] The tag 1135 can be combined with each of the counter-based !Vs (1160-1, 1160-2 and 1160-3) to generate a set of data-dependent initialization vectors (1165-1, 1165-2 and 1165-3) that may be used to encrypt the plaintext to generate blocks of ciphertext (1170-1, 1170-2 and 1170-3) which are transmitted over-the-air, along with the tag 1135. ...).
	The motivation/rationale to combine the references is similar to claim 15 above.
	Regarding Claim 17, the combination of Silva, Minematsu, and Johnson teaches all the limitations of claim 15 above,
	wherein encrypting individual ones of the one or more different blocks occurs in parallel (Johnson, Para [0058] ... in an alternate embodiment, the tag 1135 may be combined with the first counter-based lV 1160-1 to generate the data-dependent IV 1165-1. Then, the first data-dependent IV 1165-1 may be incremented to generate the subsequent tags 1165-2 and 1165-3. Thus, FIG. 11 depicts an implementation for improved authenticated encryption that can be run efficiently in parallel for high- speed communication applications that have low latency requirements).
	The motivation/rationale to combine the references is similar to claim 15 above.
	Regarding Claim 18, the combination of Silva, Minematsu, and Johnson teaches all the limitations of claim 15 above,
	The method of claim 15, further comprising transmitting helper data to the receiver IP core that indicates at least one location for the one or more different blocks (Silva, Page 227, Section III C, 4th left para, The session key request packet (Fig. 3) consists of the header flit and four additional flits encrypted with the key shared with the KDC (an asterisk character indicates the encrypted flits). The first data flit contains an encrypted copy of the packet header for authenticity checking, while the second flit contains a nonce randomly generated. The third flit contains the source and destination addresses of the nodes that will share the session key. The flit terminator also contains a nonce randomly generated to populate the packet. Fig. 3. Packet format for requesting a session key (Encrypted addresses of the communicating nodes).
Claims 7 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Silva et al. (NPL dated 2017; Confidentiality and Authenticity in a Platform Based on Network-on-Chip, 2017 VII Brazilian Symposium on Computing Systems Engineering); hereinafter Silva in view of Johnson et al. (US 20180294968), hereinafter Johnson in view of Ghosh et al. (US 20180139051), hereinafter Ghosh.
	Regarding Claim 7, the combination of Silva and Johnson teaches all the limitations of claim 1 above,	
	The combination of Silva and Johnsen does not explicitly teach a method wherein identifying the one or more different blocks comprises: identifying bitwise differences between the payload and the payload of the previous packet.
	In the same field of endeavor, Ghosh teaches
	wherein identifying the one or more different blocks comprises: identifying bitwise differences between the payload and the payload of the previous packet (Para [0039] In block 618, the computing device 100 bitwise XORs the most -significant M bits of the keystream block Sg with the MAC T to generate the authentication tag U 214. As described above, the authentication tag U 214 may be used to verify the cipher text c 212. After generating the cipher text c 212 and the authentication tag U 214, the method 600 is completed. After completing the counter mode encryption operation, the computing device 100 may output the results as described in connection with FIG. 3).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Silva and Johnson to incorporate the teachings by Ghosh such that the method of the combination of Silva and Johnson includes wherein identifying the one or more different blocks comprises: identifying bitwise differences between the payload and the payload of the previous packet. One would have been motivated to make such combination in order to perform a bitwise XOR operation with each byte of the message and a corresponding byte of the plurality of 64-bit keystream blocks that starts with a second 64-bit keystream block of the plurality of 64-bit keystream blocks (Ghosh, Para [0056]).
	Regarding Claim 13, the combination of Silva and Johnson teaches all the limitations of claim 10 above,
	wherein the at least one parameter is stored in a register of the NI, and wherein the at least one parameter comprises a key or an initialization vector (Ghosh, Para [0034] In block 416, the computing device 100 stores the most -significant M bits of the intermediate value X,.; as the message authentication code (MAC) T. ... Thus, the computing device 100 may store the MAC T in the memory 124 or in any other location accessible during execution of the counter mode encryption operation. After generating the MAC T, the method 400 is completed. After completing the CBC-MAC authentication operation, the computing device 100 may continue to perform the CCM encryption operation as described in connection with FIG. 3).
	The motivation/rationale to combine the references is similar to claim 7 above.
Claims 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Silva et al. (NPL dated 2017; Confidentiality and Authenticity in a Platform Based on Network-on-Chip, 2017 VII Brazilian Symposium on Computing Systems Engineering); hereinafter Silva in view of Johnson et al. (US 20180294968), hereinafter Johnson in view of Bolotov et al. (US 20110255689), hereinafter Bolotov.
	Regarding Claim 14, the combination of Silva and Johnson teaches all the limitations of claim 10 above,	
	The combination of Silva and Johnsen does not explicitly teach a method wherein the packet comprises helper data that indicates at least one location for the one or more different blocks associated with the previous packet.
	In the same field of endeavor, Bolotov teaches
	wherein the packet comprises helper data that indicates at least one location for the one or more different blocks associated with the previous packet (Para [0022] As noted above, the XTS mode of operation is described in the lEEE Std 1619-2007 publication. The XTS encryption and decryption modes of operation for the jth block Pj of plaintext string P is specified in Equation (9) below, where .alpha. is a primitive element of Galois field GF(2128), i is a tweak value typically corresponding to the logical block address of the first block of plaintext string P (but can also bee some other non-negative integer), and the other elements are as defined above. Para [0051] ... (c) OXNNN3 represents the 128-bit tweak (here corresponding to the logical block address of the first data block of the data stream) with the key K_IDO to generate the mask. ...).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Silva and Johnson to incorporate the teachings by Bolotov such that the method of the combination of Silva and Johnson includes wherein the packet comprises helper data that indicates at least one location for the one or more different blocks associated with the previous packet. One would have been motivated to make such combination so that OxNNN3 represents the 128-bit tweak (here corresponding to the logical block address of the first data block of the data stream) with the key K_ID 0 to generate the mask. (Bolotov, Para [0051)).
	Regarding Claim 19, the combination of Silva, Minematsu, and Johnson teaches all the limitations of claim 15 above,
	wherein encrypting individual ones of the one or more different blocks comprises storing or retrieving an initialization vector or a key (Bolotov, Para [0044] ... Mask G/U module 204 handles the masks by, for example, (i) performing Galois-field multiplications and other operations to generate or update masks, (ii) storing masks for the various data streams being processed by MM-AES module 108, and (iii) storing initialization vectors ("IVs") when needed).
	The motivation/rationale to combine the references is similar to claim 14 and claim 15 above.
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Silva et al. (NPL dated 2017; Confidentiality and Authenticity in a Platform Based on Network-on-Chip, 2017 VII Brazilian Symposium on Computing Systems Engineering); hereinafter Silva in view of Johnson et al. (US 20180294968), hereinafter Johnson in view of Bolotov et al. (US 20110255689), hereinafter Bolotov in view of MUMA et al. (US 20160301669), hereinafter MUMA.
	Regarding Claim 20, the combination of Silva, Minematsu, Johnson, and Bolotov teaches all the limitations of claim 15 and claim 19 above,	
	wherein the key comprises a 128-bit secret key (Bolotov, Para [0038] Note that, in some AES modes, an internal state undergoes one or more transformations between the processing of two consecutive string-data blocks. ... Para [0052] ... TABLE-US-O0002 TABLE 2 Command Explanation GCM_Save_KeyK_ID2 GCM_Save_Key is a key-loading Key_Type 1 Key=OxNNN8 command for GCM mode, where the key, of type 1, to be stored in key-storage location 2 is hexadecimal number OxNNN.sub.8. GCM_Init_H T_1D2GCM_Init_H invokes calculation of hash Data=OxNNN9 subkey H, which encrypts a 128-bit zero block using the key at K_ID 2),
	The combination of Silva, Minematsu, Johnson, and Bolotov does not explicitly teach a method [wherein] the initialization vector comprises a 64-bit initialization vector for initializing a 128-bit internal state.
	In the same field of endeavor, MUMA teaches
	the initialization vector comprises a 64-bit initialization vector for initializing a 128-bit internal state (Para [0094] ... Specifically, the transmitter uses the unique initialization vector, the encryption key and the OTN payload to generate a 64-bit authentication tag (e.g., a message authentication code, or MAC), which is then transmitted in-band in reserved byte area fields 38 and 40 of the OTN header as shown in FIG. 1).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of the combination of Silva, Minematsu, Johnson, and Bolotov to incorporate the teachings by MUMA such that the method of the combination of Silva, Minematsu, Johnson, and Bolotov includes [wherein] the initialization vector comprises a 64-bit initialization vector for initializing a 128-bit internal state. One would have been motivated to make such combination so that the encryption controller to generate a unique initialization vector for at least each frame of a multi frame in accordance with the frame counter value and the multi frame counter value. (MUMA, Para [0017)).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        

/HAMID TALAMINAEI/Examiner, Art Unit 2436