Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
1.	This action is responsive to communication filed on: 31 May 2022 with acknowledgement of an original application filed on 12 June 2020 which is a continuation a 371 PCT which claims priority to European Patent Application filed 15 December 2017.
2.	Claims 1 and 3-17, are currently pending.  Claims 1 and 14 are independent claims. 
Claims 1, 3, and 14, have been amended.  Claim 16-17 are new.  Claim 2 has been canceled.  
Response to Arguments

3.	Applicant's arguments filed 31 May 2022 have been fully considered however they are not persuasive where noted below.  The 112 rejections are withdrawn due to amendment however the Examiner recommends the claims be further amended to better clarify the “invention”.
Below is claim 1 with an Examiner’s Amendment, note this amendment does not overcome the prior art below.

A system, comprising one or more memory units, and a circuit comprising a cipher block, said cipher block accessing said one or more memory units wherein: 
said cipher block is configured to handle data tables; 
said memory units are configured to store said data tables; 
said memory units are read-write memory units;	an initial mask is a mathematically optimal mask in that it is a codeword of a large dual distance;
a modified mask being determined from an initial mask and a random value, the random value selecting one or more modifications applied to the initial mask amongst a plurality of predefined modifications including permutation operations;
said data tables are obtained from a modified mask[[;]]. 


I)	In response to Applicant’s argument beginning on page 6, “Claims 1-2, 4-6, 9, 11-12, and 14-15 stand rejected, as being unpatentable over U.S. Pub. 20070140478 (“Komano”) and U.S. Pat. Pub. 20130077790 (“Kawabata”).  Claims 3, 7-8 and 10 stand rejected as being unpatentable over Komano, Kawabata, and U.S. Pat. Pub. 20120072737 (“Schrijen”).  Claim 13 stands rejected over Komano, Kawabata, and U.S. Pat. Pub. 20170063522 (“Bruneau”).  Applicant respectfully traverses the 35 USC § 103 rejections, for at least the reason that the recited approach is more resistant to attacks and less prone to image analysis than prior art solutions.  Values of the memory units (e.g., volatile RAM) of the recited system may be irretrievable by imaging techniques…But the approach of claim 1 is different from merely using masking of data or randomization to provide a countermeasure against side channel attack, for at least the reason that it improves resistance of countermeasures by using masking techniques against side channel attacks”
	The Examiner disagrees with the argument.  The Applicant’s Representative has not indicated what in the claim is not taught by the prior art reference.  It appears the Applicant’s Representative is arguing the “results” of the “invention” without an explanation of what limitation in the claim is not taught by the prior art references.  Note the arguments indicate “But the approach of claim 1 is different from merely using masking of data or randomization to provide countermeasure against a side channel attack”, no explanation is provided of what the “different approach” entails, or claim limitations support this argument.  In addition, all references used in the rejection prevent “side channel attacks”, see ‘478 paragraph 6-10, note a (DPA is a type of side channel attack, see ‘522 paragraph 5).  Both ‘790 and ‘737 prevent side-channel attacks see ‘790 paragraphs 3-5, 26-27, as well as ‘737 paragraphs 22, 122, and 182. Therefore, the Applicant’s argument is not persuasive.
II)	In response to applicant’s argument beginning on page 7, “Komana is silent, though, about the use of memory units to store said data tables, e.g., with the memory units being read-write memory units”
The Examiner disagrees with argument.  The combination of references teaches/suggests the use of read-write memory units.  In Komano please review paragraph 8 which strongly suggests that a plurality of conversion tables are stored, with a read-write process, note the following phrase: “a selection unit selects a mask value and a conversion table corresponding to it from a plurality of mask values and conversion tables stored in advance in a mask storage unit and a table storage unit, respectively. A mask processing unit executes mask processing of the received plaintext block by using the selected mask value” In addition, claims 16-19 are directed to executing the program (i.e. method) on a computer, note all computers contain read-write memory.  Therefore, the Applicant’s arguments are not persuasive.
III)	In response to applicant’s argument beginning on page 8, “Also missing from Komona are the features of amended claim 1 according to which the modified mask is determined from an initial mask and a random value, the random value selecting one or more modification applied to the initial mask amongst a plurality of predefined modifications including permutation operations, wherein the initial mask is a mathematically optimal mask in that it is a codeword of a large dual distance”.
The Examiner disagrees with argument for multiple reasons.  One Komona does teach the limitation “said modified mask being determined from an initial mask and a random value, the random value selecting one or more modifications applied to the initial mask amongst a plurality of predefined modifications including permutation operations” see ‘478 paragraph 11, shown below:
“According to an aspect of the present invention, there is provided an encryption apparatus for generating a ciphertext block from a plaintext block, comprising a random number generator which generates a plurality of random numbers, a selector which selects one mask random number from the plurality of random numbers at random, a mask processing unit which executes mask processing of a plaintext block by using the mask random number selected by the selector, a storage unit which stores a first table representing an initial S-box, a converter which converts the first table into a second table representing a deformed S-box on the basis of the mask random number selected by the selector, and an encryption unit which generates a ciphertext block by shuffling the mask-processed plaintext block using the second table”.  Note the second table is interpreted equivalent to the ‘modified mask’.
Two the below rejection has been amended to account for the amended claim limitation – “wherein the initial mask is a mathematically optimal mask in that it is a codeword of a large dual distance”.  Note the addition of Non-Patent Literature (NPL) “Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets by Alexander DeTrano et al., pages 1-11 published in August 2015 by Hindawi Publishing Corporation The Scientific World Journal.  Please review page 1, “Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks.  State-of-the-art-mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline.  We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory…” as well as page 7, “our requirements on the code can be summarized as follows: (1) the codewords must all have the same weight; (2) the code must have a large dual distance…(3) the code have a size less than or equal to 16” Therefore, the Applicant’s representative argument is not persuasive.

Claim Rejections – 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
5.	Claims 1, 3-6, 9, 11-12, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Komano et al. U.S. Patent Application Publication No. 2007/0140478 (hereinafter ‘478) in view of Kawabata U.S. Patent Application Publication No. 2013/0077790 (hereinafter ‘790) in further view of NPL, “Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets by Alexander DeTrano et al. (hereinafter DeTrano).
As to independent claim 1, “wherein: said cipher block is configured to handle data tables; said memory units are configured to store said data tables; said memory units are read-write memory units; said data tables are obtained from a modified mask” is taught in ‘478 paragraph 8 and claims 16-19;
	“said modified mask being determined from an initial mask and a random value, the random value selecting one or more modifications applied to the initial mask amongst a plurality of predefined modifications including permutation operations” is shown in ‘478 paragraph 11;

the following is not explicitly taught in ‘478: “A system, comprising one or more memory units, and a circuit comprising a cipher block, said cipher block accessing said one or more memory units” however ‘790 teaches a circuit to perform block cipher encryption that utilizes one or more memory units in paragraphs 28-29.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of an encryption apparatus and encryption method taught in ‘478 to include a means to utilize a circuit comprising cipher blocks.  One of ordinary skill in the art would have been motivated to perform such a modification to protect conventional encryption processing from side-channel attacks see ‘790 (paragraphs 3-5).the following is not explicitly taught in ‘478 and ‘790:
	“wherein the initial mask is a mathematically optimal mask in that it is a codeword of a large dual distance” however DeTrano teaches countermeasures that could stop attacks which can be summarized as (1) the codewords must all have the same weight; (2) the code must have a large dual distance, (3) the code must have size less than or equal to 16 in the Conclusion and Perspectives and Appendix sections on page 7.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of an encryption apparatus and encryption method taught in ‘478 and ‘790 to include a means to utilize a codeword of a large dual distance.  One of ordinary skill in the art would have been motivated to perform such a modification to improve upon masking countermeasures, used to thwart side-channel attacks see DeTrano page 1.
	As to dependent claim 3, “The system of claim 1, wherein the modified mask is a codeword of a cod e equivalent to the self-dual code of constant hamming weight” is taught in DeTrano, page 6 “3.4 How to Defend against this Attack?  The mask set M is linear code of parameters…One possible solution to thwart this attack is generate all the masks with the same Hamming weight”, and page 7, Appendix “Constant-weight codes are codes where all codewords share the same Hamming weight”.
	As to dependent claim 4, “The system of claim 1, wherein predefined modifications or permutation operations comprise offset shifting and/or rotation and/or XOR operations” is taught in ‘478 paragraph 26.
	As to dependent claim 5, “The system of claim 1, further configured to modify the modified mask determined from the initial mask into a round mask” is shown in ‘478 paragraph 26.
	As to dependent claim 6, “The system of claim 5, wherein a round mask is determined from permutation operations comprising rotation and/or coprime construction” is disclosed in ‘478 paragraph 26.
	As to dependent claim 9, “The system of claim 1, wherein the initial mask is provided by a server external to said system and/or by an external memory, said external memory being local and/or remotely accessed” is taught in ‘790 paragraph 44.
	As to dependent claim 11, “The system of claim 1, wherein one or more of the initial mask, a modified mask or a round mask is refreshed” is shown in ‘790 paragraph 40.
	As to dependent claim 12, “The system of claim 11, wherein the refresh rate is configurable” is disclosed in ‘790 paragraph 40, note the mask value is different (i.e. configurable) depending upon the system.
	As to independent claim 14, “A computer implemented method, comprising the steps of: receiving an initial mask and data tables; receiving a random value; modifying the initial mask into a modified mask with said random value, the random value selecting a transformation amongst a plurality of predefined modifications applied to the initial mask” is taught in ‘478 paragraph 8;
	“said predefined modifications comprising permutations; obtaining masked data from the modified mask and the received data tables; storing said masked data tables;” is shown in ‘478 paragraph 11;the following is not explicitly taught in ‘478: “and handling said stored masked data tables in a cipher” however ‘790 teaches a circuit to perform block cipher encryption that utilizes one or more memory units in paragraphs 28-29 and 61;
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of an encryption apparatus and encryption method taught in ‘478 to include a means to utilize a circuit comprising cipher blocks.  One of ordinary skill in the art would have been motivated to perform such a modification to protect conventional encryption processing from side-channel attacks see ‘790 (paragraphs 3-5).
the following is not explicitly taught in ‘478 and ‘790:
	“wherein the initial mask is a mathematically optimal mask in that it is a codeword of a large dual distance” however DeTrano teaches countermeasures that could stop attacks which can be summarized as (1) the codewords must all have the same weight; (2) the code must have a large dual distance, (3) the code must have size less than or equal to 16 in the Conclusion and Perspectives and Appendix sections on page 7.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of an encryption apparatus and encryption method taught in ‘478 and ‘790 to include a means to utilize a codeword of a large dual distance.  One of ordinary skill in the art would have been motivated to perform such a modification to improve upon masking countermeasures, used to thwart side-channel attacks see DeTrano page 1.

	As to dependent claim 15, “A computer program comprising instructions for carrying out the steps of the method according to claim 14 when said computer program is executed on a computer” is taught in ‘478 claims 16-19.
	As to dependent claims 16 and 17, “wherein the initial mask is a codeword of a largest possible dual distance” is shown in DeTrano page 7, note “(2) the code must have a large dual distance”.

6.	Claims 7-8, and 10, are rejected under 35 U.S.C. 103 as being unpatentable over Komano et al. U.S. Patent Application Publication No. 2007/0140478 (hereinafter ‘478) in view of Kawabata U.S. Patent Application Publication No. 2013/0077790 (hereinafter ‘790) in further view of NPL, “Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets by Alexander DeTrano et al. (hereinafter DeTrano) in further view of Schrijen et al. U.S. Patent Application Publication No. 2012/0072737 (hereinafter ‘737).
	As to dependent claim 7, the following is not explicitly taught in ‘478, ‘790, and DeTrano: “The system of claim 1, wherein the random value is provided by a Pseudo Random Number Generator circuit and/or a True Random Number Generator circuit” however ‘737 teaches the use of a true random source for selecting a code word in paragraph 132. 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of an encryption apparatus and encryption method taught in ‘478, ‘790, and DeTrano to include a means to utilize a true random source.  One of ordinary skill in the art would have been motivated to perform such a modification to avoid the leakage of sensitive data see ‘737 paragraphs 16-20.
	As to dependent claim 8, “The system of claim 1, wherein the random value is provided by a Physically Unclonable Function” is shown in ‘737 paragraphs 14 and 53, note the PUF generates the encryption key, the encryption key is a random value.
	As to dependent claim 10, “The system of claim 1, wherein the memory is a volatile memory” is disclosed in ’737 paragraph 14, note “Instead of storing the cryptographic key in a non-volatile memory of some kind, the key generated from the PUF only when the key is needed by the device” teaches the memory is a volatile memory.
7.	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Komano et al. U.S. Patent Application Publication No. 2007/0140478 (hereinafter ‘478) in view of Kawabata U.S. Patent Application Publication No. 2013/0077790 (hereinafter ‘790) in further view of NPL, “Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets by Alexander DeTrano et al. (hereinafter DeTrano) in further view of Bruneau U.S. Patent Application Publication No. 2017/0063522 (hereinafter ‘522).
	As to dependent claim 13, the following is not explicitly taught in ‘478, ‘790, and DeTrano: “The system of claim 1, wherein the optimality and/or the integrity of the initial mask is verified prior to effective masking of data” however ‘522 teaches the method comprises verifying the sensitivity of an electric circuit by verifying the sensitivity of the masks in paragraphs 9-14.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of an encryption apparatus and encryption method taught in ‘478, ‘737, ‘790, and DeTrano to include a means verifying the mask prior to masking of data.  One of ordinary skill in the art would have been motivated to perform such a modification to avoid attacks on data see ‘522 paragraphs 5-8.


8.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
NPL, Side-Channel Indistinguishability by Claude Carlet et al., published 2013 by ACM note this NPL also teach the use of dual distance with masking techniques to prevent side-channel attacks.
NPL, Leakage squeezing: Optimal implementation and security evaluation by Claude Carlet et al., published 2014 by De Gruyter, note this NPL also teaches dual distance masking techniques
NPL, Linear Complementary Dual Code Improvement to Strengthen Encoded Circuit Against Hardware Trojan Horses by Xuan Thuy Ngo et al., published in 2015 by IEEE pages 1-6, note this NPL also teaches dual distance masking techniques
NPL, Statistical properties of side-channel and fault injection attacks using coding theory, by Claude Carlet and Sylvain Guilley published by Springer in 2017 pages 1-25, note this NPL also teaches dual distance masking techniques
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        17 August 2022