PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/919,941
Filing Date: 2 Jul 2020
Appellant(s): Altera Corporation



__________________
Matthew G. Osterhaus
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 05/11/2022.
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 10/15/2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
(2) Restatement of Rejection
The following ground(s) of rejection are applicable to the appealed claims.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-4, and 6-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Trimberger (Patent No. US 7,747,025 B1) in view of Pitts (US 2002/0145931 A1) and Jamieson (PG Pub. US 2007/0039060 A1).
Regarding claim 1, Trimberger teaches an integrated circuit device comprising: 
a field programmable gate array (FPGA) fabric (column 1, lines 15-26, FPGA includes programmable tiles which includes both programmable interconnects and logics) that is programmable based at least in part on configuration data stored in configuration memory (column 1, lines 33-36, programmable interconnects and logics are programmed by configuration data loaded into internal configuration memory cells); 
a controller (Fig. 1, HDL workstation in combination with a decryption block in PLD shown in Fig. 3, column 6, lines 63-67) configured to program the FPGA fabric by writing the configuration data to the configuration memory (column 1, lines 36-40, configuration data written into FPGA by an external device, Fig. 1, HDL workstation, column 4, lines 33-37, Fig 3, column 6, lines 63-67, decryption block), wherein the controller is configured to; 
receive encrypted data (Fig. 3, Encrypted configuration data received by 312); and 
determine the configuration data by decrypting the encrypted data based on an encryption key (Fig. 3, column 8, lines 17-20, decrypted configuration data from 314); and 
a nonvolatile memory (Fig. 3, column 7, lines 8-22, non-volatile storage block 308) communicatively coupled to the controller (Fig. 3, 308 coupled to 314, both are parts of the decryption block), wherein a portion of the nonvolatile memory contains the encryption key (Fig. 3, 308, column 7, lines 8-22, non-volatile storage block 308 is used to provide similar functionality as eFuse block 304 which is used to provide non-volatile key storage).
However, Trimberger does not explicitly teach the integrated circuit comprising:
an input pad configured to couple to a system high voltage or a system low voltage, wherein the configuration data cannot be read from the configuration memory when the input pad is coupled to the system high voltage; and 
one-time programmable memory configured to selectably permanently write-protect the encryption key.
Pitts teaches the integrated circuit comprising:
an input pad configured to couple to a system high voltage or a system low voltage, wherein a memory data cannot be read from the memory when the input pad is coupled to the system high voltage (Fig. 3, [0015]).
Therefore it would have been obvious to one having ordinary skill in the art at the time of invention to apply the teachings of Pitts to the teachings of Trimberger in order to protect the configuration data stored in the configuration memory (Pitts, Abstract).
However, the combined teachings of Trimberger and Pitts do not explicitly teach the integrated circuit comprising:
one-time programmable memory configured to selectably permanently write-protect the encryption key.
Jamieson teaches an integrated circuit comprising:
one-time programmable memory configured to selectably permanently write-protect the data ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells.).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of invention to apply the control bits or fuses of Jamieson to the memory device of Trimberger so that the secure data stored in the device is not compromised after the programming (Jamieson, [0010]).
Regarding claim 2, all the limitations of claim 1 are taught by Trimberger in view of Pitts and Jamieson.
Jamieson further teaches an integrated circuit, wherein the one-time programmable memory is configured to selectively permanently disable external access to the encryption key ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells.).
Regarding claim 3, all the limitations of claim 1 are taught by Trimberger in view of Pitts and Jamieson.
Jamieson further teaches an integrated circuit, wherein the one-time programmable memory is configured to selectably permanently disable erasure of the encryption key ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells. Disabling write access disables erasure of the data).
Regarding claim 4, all the limitations of claim 1 are taught by Trimberger in view of Pitts and Jamieson.
Jamieson further teaches an integrated circuit, wherein the one-time programmable memory is configured to selectably permanently disable debugging of the integrated circuit device ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells. Disabling read/write access disables debugging of the data).
Regarding claim 6, all the limitations of claim 1 are taught by Trimberger in view of Pitts and Jamieson.
Jamieson further teaches an integrated circuit, wherein the one-time programmable memory is configured to be activated to permanently disable access to the nonvolatile memory post-manufacturing ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells. Disabling read/write access disables debugging of the data).
Regarding claim 7, all the limitations of claim 1 are taught by Trimberger in view of Pitts and Jamieson.
Jamieson further teaches an integrated circuit, wherein the one-time programmable memory is configured to selectably permanently disable reading of internal data ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells. Disabling read/write access disables debugging of the data).
Regarding claim 8, this claim has substantially the same subject matter as that in claim 1. Therefore, claim 8 is rejected under the same rationale as claim 1 above.
Regarding claim 9, all the limitations of claim 8 are taught by Trimberger in view of Pitts and Jamieson.
Trimberger further teaches a method, wherein the encryption key is stored into non-volatile memory in the programmable logic device (Fig. 3, 204).
Regarding claim 10, all the limitations of claim 8 are taught by Trimberger in view of Pitts and Jamieson.
Jamieson further teaches a method, wherein programming the one-time programmable memory to permanently disable external access to the encryption key comprises permanently disabling write access to the encryption key ([0019] The invention is practiced in electronic programmable and irreversible memory arrays such as fuses. The circuit should have a memory cell designated as the "control bit". The control bit may also have additional functionality such as, upon programming, disabling the read/write access to the arrays that contain the secure data.  If the control bit is not provided with read/write-protection functionality, the arrays on the IC where the secure data is to reside must have separate read- and write-protection cells. Disabling read/write access disables debugging of the data).
Regarding claim 11, this claim has substantially the same subject matter as that in claim 3. Therefore, claim 11 is rejected under the same rationale as claim 3 above.
Regarding claim 12, this claim has substantially the same subject matter as that in claim 6. Therefore, claim 12 is rejected under the same rationale as claim 6 above.
Regarding claim 13, this claim has substantially the same subject matter as that in claim 4. Therefore, claim 13 is rejected under the same rationale as claim 4 above.
Regarding claim 14, this claim has substantially the same subject matter as that in claim 7. Therefore, claim 14 is rejected under the same rationale as claim 7 above.
Regarding claim 15, this claim has substantially the same subject matter as that in claim 1. Therefore, claim 15 is rejected under the same rationale as claim 1 above.
Regarding claim 16, this claim has substantially the same subject matter as that in claim 9. Therefore, claim 16 is rejected under the same rationale as claim 9 above.
Regarding claim 17, this claim has substantially the same subject matter as that in claim 10. Therefore, claim 17 is rejected under the same rationale as claim 10 above.
Regarding claim 18, this claim has substantially the same subject matter as that in claim 11. Therefore, claim 18 is rejected under the same rationale as claim 11 above.
Regarding claim 19, this claim has substantially the same subject matter as that in claim 12. Therefore, claim 19 is rejected under the same rationale as claim 12 above.
Regarding claim 20, this claim has substantially the same subject matter as that in claim 10. Therefore, claim 20 is rejected under the same rationale as claim 10 above.
Claim 5 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Trimberger (Patent No. US 7,747,025 B1) in view of Pitts (US 2002/0145931 A1) and Jamieson (PG Pub. US 2007/0039060 A1) as applied to claim 1 above, and further in view of Moroney (US 6711684 B1).
Regarding claim 5, all the limitations of claim 1 are taught by Trimberger in view of Pitts and Jamieson. 
Trimberger in view of Pitts and Jamieson does not explicitly teach the device, wherein the one-time programmable memory is configured to selectably permanently disable access to internal data of the integrated circuit device other than configuration data or the encryption key that otherwise could be accessed. 
Moroney teaches a device, wherein a one-time programmable memory is configured to selectably permanently disable access to internal data of the integrated circuit device other than configuration data or the encryption key that otherwise could be accessed (Fig. 2, signal input).
Therefore it would have been obvious to one having ordinary skill in the art at the time of invention to apply the teachings of Moroney to the teachings of Trimberger in view of Pitts and Jamieson in order to provide a processing device which is reprogrammable but not susceptible to later attacks (Moroney, col. 1, lines 57-63).
(3) Response to Argument
The Appellant asserts that the Examiner’s combinations of Trimberger (U.S. Patent No. 7,747,025) and Pitts (U.S. Patent Publication No. 2002/0145931) to hold that the rejections under 35 U.S.C. § 103 is improper.
The Appellant asserts specifically, Trimberger teaches storing configuration data with no way to read it out and therefore there is no reason to look to Pitts to block the readout of configuration data. The Appellant further argues that the problem that the Examiner cited Pitts to solve is not a problem in Trimberger but merely a problem created by the hypothetical combination with Pitts and therefore there is no motivation and the hypothetical combination is not proper (Appeal Brief, page 1, filed 05/11/22, and as repeated in page 7, the first paragraph, and the last paragraph)
The Appellant further argues the same arguments, “The device of Trimberger does not appear to allow configuration data to ever be read out from memory. In other words, the device of Trimberger does not have the problem that is solved by the pending claims.... There is no discussion of the configuration data then being able to read out from the memory” (Appeal Brief, page 8, the last paragraph). 
Lastly, the Appellant further added, “Even assuming, arguendo, that Pitts does teach the ability to read out data and to block the readout of data, for example, by blowing a fuse, a person of ordinary skill in the art would not look to Pitts to solve any problem in Trimberger. Indeed, there is no problem in Trimberger related to the readout of data. It simply is not at issue in Trimberger, as the reference teaches instead methods of protecting decryption keys for encrypted configuration data. See Trimberger, Abstract.” (Appeal Brief, page 10, paragraph 2)
RESPONSE: Examiner respectfully disagrees because of the following reasons: (1) Trimberger’s device does read out the configuration data, (2) Trimberger recognizes that the configuration data stored in the configuration memory is sensitive data, and (3) Pitts teaches a method of protecting such sensitive data stored in a memory by selectively controlling the reading out paths. Therefore, the combination of Trimberger and Pitts is not hypothetical but would have been obvious in order to protect the sensitive data. 
On the contrary to the Appellant’s assertion that Trimberger’s device does not read out configuration data, Trimberger in fact teaches that the device reads out configuration data. Fig. 3 shows that “Encrypted Configuration Data” is an input to the multiplexor 312 for decryption. In column 8, lines 28~30, Trimberger teaches the configuration bitstream, i.e. the configuration data is received from some configuration device such as a PROM. With these two teachings, one can recognize that the configuration data is read out from the PROM and is fed to the multiplexor 312 and then to the decryptor 314.  
The PROM or “Programmable Read-Only Memory” is a type of non-volatile memory. Trimberger described in the Background section that the configuration data may be stored in an on-chip non-volatile memory (col. 1, lines 47~51). This also supports that the encrypted configuration data shown in Fig. 3 may be stored an on-chip non-volatile memory (e.g. a PROM), and then read out and  supplied to the decryptor 314 (note that the configuration data can be provide either in encrypted or in non-encrypted form, see Trimberger, column 2, lines 3~6). In addition, the decrypted configuration data shown in Fig. 3 may be stored in a volatile memory. The configuration data stored in the volatile memory has to be read out in order to control the functionality of the PLD, i.e. programming the PLD to perform the intended function (see Trimberger, column 1, lines 46~56). 
As reviewed above, Trimberger teaches the configuration data is read out of a memory  and confirms Appellant’s assertion is not correct. In fact, in page 9 of the Appeal Brief, Appellant appears to agree that Trimberger teaches the configuration data may be stored on-chip in non-volatile memory and then downloaded to volatile memory. However, the Appellant does not appear to recognize or acknowledge this “downloading” from non-volatile memory to a volatile memory is “reading” operation but asserts it is merely “storing” data into the memory. Since it is “downloading” from one memory to other, it has to have the data being read out first and then stored to the other memory. If the Appellant does not consider the non-volatile memory from which the configuration data is downloaded as a configuration memory and considers only the volatile memory as the configuration memory, it is reminded that Trimberger stated the configuration data is stored in the on-chip non-volatile memory (col. 1, line 49~50). Therefore the non-volatile memory should be considered and serves as a configuration memory.
Regardless, reading out data from a memory is a fundamental function of the memory device. If the stored data were to use, it has to be read out before use. If reading out is not possible, there is no reason/use to store a data into the memory. Therefore, whenever a memory device is used, reading out the content is performed in one form or another. Trimberger stated that the encrypted data of Fig. 3 may come from an on-chip non-volatile memory. Therefore the reading operation has to happen on the on-chip non-volatile memory. Trimberger also stated that the configuration data is downloaded and stored into volatile memory as is the case in Fig. 3. Therefore, the reading out operations have to happen from both of the non-volatile and the volatile memories in order to program the PLD.
The Examiner noticed from page 9, lines 5~7 of the Appeal brief  that the Appellant made a slightly different argument. Appellant argued “The PLD 110 (or any memory of the PLD 110) does not appear to have any way to perform a readout of configuration data from the PLD 110.” 
It is noted that the features upon which Appellant relies (“a readout of configuration data from the PLD”) are not recited in the rejected claims. While Examiner does not disagree to Appellant’s observation that Trimberger does not explicitly teach the reading out of the configuration data from “PLD”, Appellant is reminded that the claimed invention claims “the configuration data cannot be read from the configuration memory” and does not claim “from the PLD”. 
The Examiner subsequently noticed that the Appellant further stated “the examiner appeared to agree, stating that “Trimberger does not explicitly teach ‘wherein the configuration data cannot be read from the configuration memory when the input pad is coupled to the system high voltage.’” (Appeal Brief, page 9, lines 7~12).
Examiner would like to clarify that the above statement of Examiner provided in the Office Action should read under the condition “when the input pad is coupled to the system high voltage”. 
With respect to the argument that there is no reason to look to Pitts for the combination because Trimberger already teaches protecting the configuration data by encrypting and decrypting the decryption keys, the Examiner respectfully disagrees. As one can see from Fig. 3, Trimberger described that three components are involved in providing the configuration data, namely (1) keys to decrypt encrypted data (2) encrypted configuration data, and (3) decrypted configuration data. Trimberger mainly teaches a method of protecting the component (1) the decryption keys, however, it is well-known and Trimberger also recognizes that the data stored in the other two components are highly valuable (Trimberger, col. 2, lines 14~15). Therefore, by applying Pitts’ teaching of protecting sensitive data to the other two memory components of Trimberger (the non-volatile and volatile memories), one would be able to achieve the complete and secured protection on the all three components for providing configuration data for the PLD. 
Even assuming arguendo Trimberger does not recognize the needs for protecting the memories, Pitts still provides other motivation that the input and output paths (Fig. 1, 118) be available in order to allow loading and testing of the memory array (paragraph [0011], [0013] in order to verify it has been loaded properly, and then blocked the external access after the verification, [0015]). In other words, Pitts provides a way of verifying the configuration data once it is loaded, and then securing them after the verification, which would be an added benefit to Trimberger.
(4) Conclusion
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/SEOKJIN KIM/Primary Examiner, Art Unit 2844                                                                                                                                                                                                        
Conferees:
/ALEXANDER H TANINGCO/Supervisory Patent Examiner, Art Unit 2844   
                                                                                                                                                                                                     /HELAL A ALGAHAIM/RQAS, OPQA                                                                                                                                                                                                        


Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.