DETAILED ACTION
This action is in response to new application filed 4/28/2022 titled “INTEGRATED CIRCUIT SIDE-CHANNEL MITIGATION MECHANISM”. Claims 1-20 were received for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 4/28/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 2, 4, 10, 11, 15 and 20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Klimov et al (US 2009/0116644).
With respect to claim 1 Klimov teaches an apparatus comprising: a cryptographic circuitry, including: 
a plurality of crypto functional units (CFUs) to perform cryptographic algorithms (see Klimov paragraph 0032 i.e. a circuit 450 may include multiple processing units for optimizing algorithm level countermeasures against side-channel attacks); and 
jammer circuitry to generate noise to protect the plurality of CFUs from side-channel attacks (see Klimov paragraph 0003 i.e. To counteract such cryptanalysis or side-channel attacks, additional protective countermeasures may be applied, for example, including, reducing the signal-to-noise ratio of the processed secret data (e.g, by applying noise generators).

With respect to claim 2 Klimov teaches the apparatus of claim 1, wherein the jammer circuitry masks signals generated by processing of secure data by the cryptographic algorithms (see Klimov paragraph 0003 i.e. To counteract such cryptanalysis or side-channel attacks, additional protective countermeasures may be applied, for example, including, reducing the signal-to-noise ratio of the processed secret data (e.g, by applying noise generators).
With respect to claim 4 Klimov teaches the apparatus of claim 3, wherein each of the plurality of CFUs perform a different cryptographic algorithm (see Klimov paragraph 0032 i.e. a circuit 450 may include multiple processing units for optimizing algorithm level countermeasures against side-channel attacks).

With respect to claim 10 Klimov teaches the apparatus of claim 2, wherein the cryptographic circuitry further comprises control circuitry to receive control signals to enable and disable the jammer circuitry (see Klimov paragraph 0026 The components and features of computing device 130 may be implemented using any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of computing device 130 may be implemented using microcontroller's, programmable logic arrays and/or microprocessors or any combination of the foregoing where suitably appropriate. It is noted that hardware, firmware and/or software elements may be collectively or individually referred to herein as "logic" or "circuit." and 0059 i.e. in operation 1130, a processor may apply the predetermined masking algorithm to the two or more intermediate functions).

With respect to claim 11 Klimov teaches a method comprising: 
processing data at a crypto functional unit (CFU) via a cryptographic algorithm (see Klimov paragraph 0032 i.e. a circuit 450 may include multiple processing units for optimizing algorithm level countermeasures against side-channel attacks); and 
generating noise at jammer circuitry to mask the data processed at the CFU wherein the jammer circuitry masks signals generating during processing of the cryptographic algorithm by adding noise generated at the CFU to decrease a signal-to- noise ratio of signals (see Klimov paragraph 0003 i.e. To counteract such cryptanalysis or side-channel attacks, additional protective countermeasures may be applied, for example, including, reducing the signal-to-noise ratio of the processed secret data (e.g, by applying noise generators).

With respect to claim 15 Klimov teaches a security engine comprising: 
a micro-controller to perform security services a computer system platform; and a cryptographic circuitry, communicatively couple to the micro-controller (see Klimov paragraph 0026 The components and features of computing device 130 may be implemented using any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of computing device 130 may be implemented using microcontroller's, programmable logic arrays and/or microprocessors or any combination of the foregoing where suitably appropriate. It is noted that hardware, firmware and/or software elements may be collectively or individually referred to herein as "logic" or "circuit”), including: 
a plurality of crypto functional units (CFUs) to perform cryptographic algorithms (see Klimov paragraph 0032 i.e. a circuit 450 may include multiple processing units for optimizing algorithm level countermeasures against side-channel attacks); and 
jammer circuitry to generate noise to protect the plurality of CFUs from side-channel attacks (see Klimov paragraph 0003 i.e. To counteract such cryptanalysis or side-channel attacks, additional protective countermeasures may be applied, for example, including, reducing the signal-to-noise ratio of the processed secret data (e.g, by applying noise generators).

With respect to claim 20 Klimov teaches the security engine of claim 15, wherein the cryptographic circuitry further comprises control circuitry to receive control signals from the micro-controller to enable and disable the jammer circuitry (see Klimov paragraph 0026 The components and features of computing device 130 may be implemented using any combination of discrete circuitry, application specific integrated circuits (ASICs), logic gates and/or single chip architectures. Further, the features of computing device 130 may be implemented using microcontroller's, programmable logic arrays and/or microprocessors or any combination of the foregoing where suitably appropriate. It is noted that hardware, firmware and/or software elements may be collectively or individually referred to herein as "logic" or "circuit." and 0059 i.e. in operation 1130, a processor may apply the predetermined masking algorithm to the two or more intermediate functions).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 3, 5-7, 12 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Klimov (US 2009/0116644) in view of Kocher et al (US 2006/0045264).
	With respect to claim 3 Klimov teaches the apparatus of claim 2, but does not disclose wherein the jammer circuitry masks the signals by decreasing a signal-to-noise ratio of signals by adding noise generated at a CFU. 
Kocher teaches wherein the jammer circuitry masks the signals by decreasing a signal-to-noise ratio of signals by adding noise generated at a CFU (see Kocher paragraph 0018 i.e. A principal objective of the invention is to make cryptosystems that are difficult to attack successfully, for example by increasing the number of observations required by an attacker to compromise a key. By reducing the available signal size and/or increasing the amount of error, noise, and uncertainty in attackers' measurements, a system designer can make the so-called work function (effort required) to break a system larger).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise to reduce the signal-to-noise ratio so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. 
Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 5 Klimov teaches the apparatus of claim 2, wherein the jammer circuitry comprises a random number generator to generate integer values.
Kocher teaches wherein the jammer circuitry comprises a random number generator to generate integer values (see Kocher paragraph 0053 i.e. At step 220, a random 6-bit mask V is obtained).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random value to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 6 Klimov teaches the apparatus of claim 5, wherein the jammer circuitry further comprises a state decoder to convert the integer values in a bit vector.
Kocher teaches wherein the jammer circuitry further comprises a state decoder to convert the integer values in a bit vector (see Kocher paragraph 0007-0009 i.e. The invention provides for improved implementations of the Data Encryption Standard (DES), as well as other cryptographic operations, that resist external monitoring attacks. Unlike traditional DES implementations, which perform a set of processing operations that depend only on the input key and the message, the invention involves additional random (or otherwise unpredictable) state information in the cryptographic processing. The random state information is mixed with the keys, plaintext messages, and intermediate quantities used during processing. Information leaked to attackers during cryptographic processing is correlated to the random information, and any correlation to secret information is partially or completely hidden. As a result, it is difficult or impossible for attackers to determine secret parameters through analysis of leaked information).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random values to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 7 Klimov teaches the apparatus of claim 6, wherein a value of the bit vector is determined by a first of the integer values and a second of the integer values.
Kocher teaches wherein a value of the bit vector is determined by a first of the integer values and a second of the integer values (see Kocher paragraph 0054 i.e. At step 230, using the permutation M1P for bit selection, the six input bits from M1 corresponding to the current S operation are extracted and XORed onto q. The six bit extraction and XOR operations are performed in random order. The selected bits correspond to the group of six bits selected by the E expansion operation for the current S index. Bits are placed in q in the order specified by S_INPUT_PERM[j]. Step 235 is similar to step 230, except that the appropriate six bits of M2 are selected using M2P).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random values to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 12 Klimov teaches the method of claim 11, but does not disclose wherein generating the noise comprises: generating integer values at a random number generator; and converting the integer values into a bit vector.
Kocher teaches wherein generating the noise comprises: generating integer values at a random number generator; and converting the integer values into a bit vector (see Kocher paragraph 0007-0009 and paragraph 0054 i.e. At step 230, using the permutation M1P for bit selection, the six input bits from M1 corresponding to the current S operation are extracted and XORed onto q. The six bit extraction and XOR operations are performed in random order. The selected bits correspond to the group of six bits selected by the E expansion operation for the current S index. Bits are placed in q in the order specified by S_INPUT_PERM[j]. Step 235 is similar to step 230, except that the appropriate six bits of M2 are selected using M2P).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random values to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 13 Klimov teaches the method of claim 12, but does not disclose wherein a value of the bit vector is determined by a first of the integer value and a second of the integer value.
Kocher teaches wherein a value of the bit vector is determined by a first of the integer values and a second of the integer values (see Kocher paragraph 0054 i.e. At step 230, using the permutation M1P for bit selection, the six input bits from M1 corresponding to the current S operation are extracted and XORed onto q. The six bit extraction and XOR operations are performed in random order. The selected bits correspond to the group of six bits selected by the E expansion operation for the current S index. Bits are placed in q in the order specified by S_INPUT_PERM[j]. Step 235 is similar to step 230, except that the appropriate six bits of M2 are selected using M2P).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random values to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 16 Klimov teaches the security engine of claim 15, but does not disclose wherein the jammer circuitry comprises: a random number generator to generate integer values; and a state decoder to convert the integer values in a bit vector.
Kocher teaches wherein the jammer circuitry comprises: a random number generator to generate integer values; and a state decoder to convert the integer values in a bit vector (see Kocher paragraph 0007-0009 and paragraph 0054 i.e. At step 230, using the permutation M1P for bit selection, the six input bits from M1 corresponding to the current S operation are extracted and XORed onto q. The six bit extraction and XOR operations are performed in random order. The selected bits correspond to the group of six bits selected by the E expansion operation for the current S index. Bits are placed in q in the order specified by S_INPUT_PERM[j]. Step 235 is similar to step 230, except that the appropriate six bits of M2 are selected using M2P).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random values to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

With respect to claim 17 Klimov teaches the security engine of claim 16, but does not disclose wherein a value of the bit vector is determined by a first of the integer values and a second of the integer values.
Kocher teaches wherein the jammer circuitry comprises: a random number generator to generate integer values; and a state decoder to convert the integer values in a bit vector (see Kocher paragraph 0007-0009 and paragraph 0054 i.e. At step 230, using the permutation M1P for bit selection, the six input bits from M1 corresponding to the current S operation are extracted and XORed onto q. The six bit extraction and XOR operations are performed in random order. The selected bits correspond to the group of six bits selected by the E expansion operation for the current S index. Bits are placed in q in the order specified by S_INPUT_PERM[j]. Step 235 is similar to step 230, except that the appropriate six bits of M2 are selected using M2P).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Kocher to have increased the measurement noise by introducing a random values to mask the computation so that an attacker will require more observations to extract the same amount of information about the key to make cryptosystems that are difficult to attack successfully using side channel attacks. Therefore one would have been motivated to have increased the measurement noise. 

Claim(s) 8, 14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Klimov (US 2009/0116644) in view of Kocher et al (US 2006/0045264) in view of Belenky (US 9,871,651).

With respect to claim 8 Klimov teaches the apparatus of claim 7, but does not disclose wherein the jammer circuitry further comprises a flip- flop array comprising a plurality of flip-flops to store the bit vector.
Belenky teaches wherein the jammer circuitry further comprises a flip- flop array comprising a plurality of flip-flops to store the bit vector (see Belenky column 4 lines 31-49 i.e. In general, the hardware design of the cryptographic device includes, e.g., data registers, commonly implemented as flip-flop arrays, and other logical elements. The logical elements perform logical operations on data. For example, the logical elements may perform a sequence of logical operations such as “AND,” “OR,” “XOR,” etc. operations. Thus, a series of logical elements is referred to as “combinational logic.” Every combinational logic receives its inputs from flip-flop array(s) that are used to store data, and the output of a combinational logic at every clock cycle is stored to flip-flop arrays. A combinational logic together with an input flip-flop array is referred to hereinafter as a “logic unit” or a “multi-state logic unit.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Belenky to have used data registers implemented as flip-flop arrays to store the bit vector since it is well know in the art that flip-flop arrays can be used to store data (see Belenky column 4 lines 31-49. Therefore one would have been motivated to have used data registers implemented as flip-flop arrays to store the bit vector. 

With respect to claim 14 Klimov teaches the method of claim 13, but does not disclose wherein generating the noise further comprises storing the bit vector in a plurality of flip-flops within a flip-flop array.
Belenky teaches wherein generating the noise further comprises storing the bit vector in a plurality of flip-flops within a flip-flop array (see Belenky column 4 lines 31-49 i.e. In general, the hardware design of the cryptographic device includes, e.g., data registers, commonly implemented as flip-flop arrays, and other logical elements. The logical elements perform logical operations on data. For example, the logical elements may perform a sequence of logical operations such as “AND,” “OR,” “XOR,” etc. operations. Thus, a series of logical elements is referred to as “combinational logic.” Every combinational logic receives its inputs from flip-flop array(s) that are used to store data, and the output of a combinational logic at every clock cycle is stored to flip-flop arrays. A combinational logic together with an input flip-flop array is referred to hereinafter as a “logic unit” or a “multi-state logic unit.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Belenky to have used data registers implemented as flip-flop arrays to store the bit vector since it is well know in the art that flip-flop arrays can be used to store data (see Belenky column 4 lines 31-49. Therefore one would have been motivated to have used data registers implemented as flip-flop arrays to store the bit vector.

With respect to claim 18 Klimov teaches the security engine of claim 17, but does not disclose wherein the jammer circuitry further comprises a flip-flop array comprising a plurality of flip-flops to store the bit vector.
Belenky teaches wherein the jammer circuitry further comprises a flip-flop array comprising a plurality of flip-flops to store the bit vector (see Belenky column 4 lines 31-49 i.e. In general, the hardware design of the cryptographic device includes, e.g., data registers, commonly implemented as flip-flop arrays, and other logical elements. The logical elements perform logical operations on data. For example, the logical elements may perform a sequence of logical operations such as “AND,” “OR,” “XOR,” etc. operations. Thus, a series of logical elements is referred to as “combinational logic.” Every combinational logic receives its inputs from flip-flop array(s) that are used to store data, and the output of a combinational logic at every clock cycle is stored to flip-flop arrays. A combinational logic together with an input flip-flop array is referred to hereinafter as a “logic unit” or a “multi-state logic unit.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Klimov in view of Belenky to have used data registers implemented as flip-flop arrays to store the bit vector since it is well know in the art that flip-flop arrays can be used to store data (see Belenky column 4 lines 31-49. Therefore one would have been motivated to have used data registers implemented as flip-flop arrays to store the bit vector.

Allowable Subject Matter
Claim 9 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
With respect to claim 9 the prior art teaches the apparatus of claim 8, but does not disclose wherein gated outputs states and a switching of the states of the plurality of flip-flops generates the noise.
With respect to claim 19 the prior art teaches the security engine of claim 18, but does not disclose wherein gated outputs states and a switching of the states of the plurality of flip-flops generates the noise.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        
	

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492