DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tehranipoor et al., hereinafter Tehranipoor, US Publication No. 2019/0347417.

Regarding Claim 1, Tehranipoor teaches a method for verifying a chip design for a computer chip, the method comprising: 
reading, by an analysis apparatus (Tehranipoor paragraph [0028], see computing device), a chip design (Tehranipoor paragraphs [0030], [0033], and [0044], wherein an HDL file specifying a chip design is input to be analyzed), the chip design comprising a first block corresponding to a first hardware module, a second block corresponding to a second hardware module, a plurality of nodes, and a corresponding plurality of data path segments, wherein each data path segment connects a pair of nodes or connects a node to one of the first or second blocks (Tehranipoor Figs. 4-6 and paragraphs [0018], [0033] and [0048], wherein the HDL design comprises hardware modules, observation/control points or nodes, and the paths between them); 
by tracing backwards along data paths that terminate at the second block, identifying, by the analysis apparatus, a secure cone, wherein the secure cone comprises all data path segments of the data paths that terminate at the second block and any nodes that connect the data path segments of the secure cone (Tehranipoor paragraphs [0047]-[0051], wherein fanin cones of logic blocks are determined by tracing backwards from endpoints);
identifying, by the analysis apparatus, data paths that originate at the first block and that are at least partially within the secure cone (Tehranipoor paragraphs [0055]-[0058], wherein propagation paths are identified that are within the fanin cones); 
determining, by the analysis apparatus, whether any of the data paths that originate at the first block and are at least partially within the secure cone terminate at a node that is not in the secure cone (Tehranipoor paragraphs [0055]-[0058], wherein observation points that are not within the fan in cones are identified from the propagation paths in a confidentiality analysis); 
responsive to determining that none of the data paths that originate at the first block and are at least partially within the secure cone terminate at a node that is not in the secure cone, determining, by the analysis apparatus, that the chip design is verified (Tehranipoor paragraph [0060], wherein if no observation points exist that are not within the fan in cone, there is no leak and the design is verified); and 
responsive to determining that at least one of the data paths that originate at the first block and are at least partially within the secure cone terminates at a node that is not in the secure cone, determining, by the analysis apparatus, that the chip design has a potential leak (Tehranipoor paragraphs [0060]-[0062], wherein if observation points exist that are not within the fan in cone, there is a possible leak and the vector that activates the malicious observation point is reported).

Regarding Claim 2, Tehranipoor further teaches wherein the first hardware module is a vault (Tehranipoor paragraphs [0057]-[0058], wherein assets include plaintext and cryptographic key assets which are stored, the storage being a vault).

Regarding Claim 3, Tehranipoor further teaches wherein the second hardware module is a cryptographic engine (Tehranipoor paragraphs [0057]-[0058], wherein assets include ciphertext assets which are cryptographic engines).

Regarding Claim 4, Tehranipoor further teaches wherein the data paths are paths configured for the communication of secure information from the first hardware module to the second hardware module (Tehranipoor paragraph [0023], wherein the paths for transfer of data meet confidentiality policies, i.e. communication of confidential or secret information).

Regarding Claim 5, Tehranipoor further teaches wherein the chip design is a netlist design or a register-transfer level (RTL) design (Tehranipoor paragraphs [0017]-[0018], wherein the HDL design may be RTL or synthesized into a netlist).

Regarding Claim 6, Tehranipoor further teaches wherein the nodes represent logic gates and/or registers of the chip design and the data path segments are edges that connect the nodes (Tehranipoor paragraph [0031], wherein the nodes include gates and registers as observation points and the paths between them represent connections).

Regarding Claim 7, Tehranipoor further teaches responsive to determining that the chip design is verified, providing a chip design verification indicating that no potential leaks were identified (Tehranipoor paragraph [0060], wherein if no observation points exist that are not within the fan in cone, there is no leak and the design is verified).

Regarding Claim 8, Tehranipoor further teaches responsive to determining that the chip design has a potential leak, providing a chip design feedback indicating that at least one potential leak was identified (Tehranipoor paragraphs [0060]-[0062], wherein if observation points exist that are not within the fan in cone, there is a possible leak and vector that activates the malicious observation point is reported).

Regarding Claim 9, Tehranipoor further teaches wherein the chip design feedback comprises information identifying at least one leaked path segment that is the root of the at least one potential leak (Tehranipoor paragraphs [0060]-[0062], wherein the vector and corresponding propagation path that activates the malicious observation point is reported).

Regarding Claim 10, Tehranipoor teaches an apparatus comprising at least one processor and at least one memory storing computer program code (Tehranipoor paragraph [0028], see processor and memory), the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least: 
read a chip design (Tehranipoor paragraphs [0030], [0033], and [0044], wherein an HDL file specifying a chip design is input to be analyzed), the chip design comprising a first block corresponding to a first hardware module, a second block corresponding to a second hardware module, a plurality of nodes, and a corresponding plurality of data path segments, wherein each data path segment connects a pair of nodes or connects a node to one of the first or second blocks (Tehranipoor Figs. 4-6 and paragraphs [0018], [0033] and [0048], wherein the HDL design comprises hardware modules, observation/control points or nodes, and the paths between them); 
by tracing backwards along data paths that terminate at the second block, identify a secure cone, wherein the secure cone comprises all data path segments of the data paths that terminate at the second block and any nodes that connect the data path segments of the secure cone (Tehranipoor paragraphs [0047]-[0051], wherein fanin cones of logic blocks are determined by tracing backwards from endpoints); 
identify data paths that originate at the first block and are at least partially within the secure cone (Tehranipoor paragraphs [0055]-[0058], wherein propagation paths are identified that are within the fanin cones); 
determine whether any of the data paths that originate at the first block and that are at least partially within the secure cone terminate at a node that is not in the secure cone (Tehranipoor paragraphs [0055]-[0058], wherein observation points that are not within the fan in cones are identified from the propagation paths in a confidentiality analysis); 
responsive to determining that none of the data paths that originate at the first block and are at least partially within the secure cone terminate at a node that is not in the secure cone, determine that the chip design is verified (Tehranipoor paragraph [0060], wherein if no observation points exist that are not within the fan in cone, there is no leak and the design is verified); and 
responsive to determining that at least one of the data paths that originate at the first block and are at least partially within the secure cone terminates at a node that is not in the secure cone, determine that the chip design has a potential leak (Tehranipoor paragraphs [0060]-[0062], wherein if observation points exist that are not within the fan in cone, there is a possible leak and the vector that activates the malicious observation point is reported).

Regarding Claim 11, Tehranipoor further teaches wherein the first hardware module is a vault (Tehranipoor paragraphs [0057]-[0058], wherein assets include plaintext and cryptographic key assets which are stored, the storage being a vault).

Regarding Claim 12, Tehranipoor further teaches wherein the second hardware module is a cryptographic engine (Tehranipoor paragraphs [0057]-[0058], wherein assets include ciphertext assets which are cryptographic engines).

Regarding Claim 13, Tehranipoor further teaches wherein the data paths are paths configured for the communication of secure information from the first hardware module to the second hardware module (Tehranipoor paragraph [0023], wherein the paths for transfer of data meet confidentiality policies, i.e. communication of confidential or secret information).

Regarding Claim 14, Tehranipoor further teaches wherein the chip design is a netlist design or a register-transfer level (RTL) design (Tehranipoor paragraphs [0017]-[0018], wherein the HDL design may be RTL or synthesized into a netlist).

Regarding Claim 15, Tehranipoor further teaches wherein the nodes represent logic gates of the chip design and the data path segments are edges that connect the nodes (Tehranipoor paragraph [0031], wherein the nodes include gates and registers as observation points and the paths between them represent connections).

Regarding Claim 16, Tehranipoor further teaches responsive to determining that the chip design is verified, provide a chip design verification indicating that no potential leaks were identified (Tehranipoor paragraph [0060], wherein if no observation points exist that are not within the fan in cone, there is no leak and the design is verified).

Regarding Claim 17, Tehranipoor further teaches responsive to determining that the chip design has a potential leak, provide a chip design feedback indicating that at least one potential leak was identified (Tehranipoor paragraphs [0060]-[0062], wherein if observation points exist that are not within the fan in cone, there is a possible leak and vector that activates the malicious observation point is reported).

Regarding Claim 18, Tehranipoor further teaches wherein the chip design feedback comprises information identifying at least one leaked path segment that is the root of the at least one potential leak (Tehranipoor paragraphs [0060]-[0062], wherein the vector and corresponding propagation path that activates the malicious observation point is reported).

Regarding Claim 19, Tehranipoor teaches a non-transitory, machine-readable storage medium (Tehranipoor paragraphs [0039]-[0040], see computer readable medium) comprising a plurality of instructions that, when executed with a processor of an apparatus, cause the apparatus to: 
read a chip design (Tehranipoor paragraphs [0030], [0033], and [0044], wherein an HDL file specifying a chip design is input to be analyzed), the chip design comprising a first block corresponding to a first hardware module, a second block corresponding to a second hardware module, a plurality of nodes, and a corresponding plurality of data path segments, wherein each data path segment connects a pair of nodes or connects a node to one of the first or second blocks (Tehranipoor Figs. 4-6 and paragraphs [0018], [0033] and [0048], wherein the HDL design comprises hardware modules, observation/control points or nodes, and the paths between them); 
by tracing backwards along data paths that terminate at the second block, identify a secure cone, wherein the secure cone comprises all data path segments of the data paths that terminate at the second block and any nodes that connect the data path segments of the secure cone (Tehranipoor paragraphs [0047]-[0051], wherein fanin cones of logic blocks are determined by tracing backwards from endpoints); 
identify data paths that originate at the first block and are at least partially within the secure cone (Tehranipoor paragraphs [0055]-[0058], wherein propagation paths are identified that are within the fanin cones); 
determine whether any of the data paths that originate at the first block and that are at least partially within the secure cone terminate at a node that is not in the secure cone (Tehranipoor paragraphs [0055]-[0058], wherein observation points that are not within the fan in cones are identified from the propagation paths in a confidentiality analysis); 
responsive to determining that none of the data paths that originate at the first block and are at least partially within the secure cone terminate at a node that is not in the secure cone, determine that the chip design is verified (Tehranipoor paragraph [0060], wherein if no observation points exist that are not within the fan in cone, there is no leak and the design is verified); and 
responsive to determining that at least one of the data paths that originate at the first block and are at least partially within the secure cone terminates at a node that is not in the secure cone, determine that the chip design has a potential leak (Tehranipoor paragraphs [0060]-[0062], wherein if observation points exist that are not within the fan in cone, there is a possible leak and the vector that activates the malicious observation point is reported).

Regarding Claim 20, Tehranipoor further teaches responsive to determining that the chip design is verified, provide a chip design verification indicating that no potential leaks were identified (Tehranipoor paragraph [0060], wherein if no observation points exist that are not within the fan in cone, there is no leak and the design is verified); and 
responsive to determining that the chip design has a potential leak, provide a chip design feedback indicating that at least one potential leak was identified (Tehranipoor paragraphs [0060]-[0062], wherein if observation points exist that are not within the fan in cone, there is a possible leak and vector that activates the malicious observation point is reported), wherein the chip design feedback comprises information identifying at least one leaked path segment that is the root of the at least one potential leak (Tehranipoor paragraphs [0060]-[0062], wherein the vector and corresponding propagation path that activates the malicious observation point is reported).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC D LEE whose telephone number is (571)270-7098. The examiner can normally be reached Monday-Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jack Chiang can be reached on 571-272-7483. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ERIC D LEE/Primary Examiner, Art Unit 2851