DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments that the cited references do not teach “a controller having…side-channel attacks,” on pages 8 and 11, filed 29 August 2022 have been fully considered but they are not persuasive.
Lee discloses a CPU (Fig. 1, el. 110; Fig. 9, el. 110b), wherein the encryptor encrypts data transmitted from the CPU (Para. 48) and reading encrypted data, decrypting the encrypted data, and sending the decrypted data to the CPU (Para. 54).
Leiserson discloses a block selector randomly selects data blocks—an internally permuted order-- in read buffer for cryptographic processing by the cryptographic engine (Para. 25), wherein the randomizing of the processing order of the data blocks provides resistance to side-channel analysis techniques (Para. 15).  The blocks associated with READ #1 are processed in an order that is a random permutation of the order they were copied into the read buffer (Para. 34).  Processed data may also be stored in write buffer in the random order the associated data blocks were processed (Para. 30).  This provides resistance to side-channel analysis techniques (Para. 15).
Also note that Relyea (newly cited) discloses processing logic of the encipherer (Fig. 2, el. 200; Para. 42, 48), wherein the encipherer may be integrated with a processing device and the processing device is configured to execute the processing logic (Fig. 5, el. 502, 526; Para. 56).  The encipherer may start encryption by directing IV generator to provide initialization vectors (Para. 30).  The processing logic creates a first temporary block using a first plaintext block and enciphers the first temporary block to generate a first block of ciphertext (Para. 43), wherein when encrypting, the input buffers are identified as the plaintext buffer (Para. 24). The processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext (Para. 49), wherein when decrypting, the input buffers are identified as the ciphertext buffer (Para. 24).  The system is used for preventing others from unauthorized inspection and unauthorized modification of data (Para. 34).
Combining the references brings about a system wherein a controller having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations on sequential data blocks with an internally permuted order to mitigate block cipher side-channel attacks.  Therefore, the aforementioned limitations are taught by the combination of the cited references.

Applicant further states “In Leiserson, the random selection of data blocks is performed by a random number generator 151 included within the block selector 150 (see, FIG. 1), and is not performed in response to control signals output from the block selector 150 to the cryptographic engine 111” on page 12.  However, the claims do not indicate that the internally permuted ordering is performed in response to the control signals.  For example, claim 1 states “a controller having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks” (emphasis added).  The claims indicate that the control signals cause the cryptographic circuit to perform the cryptographic operations and do not indicate that the signals change the order of the data blocks.  The examiner suggests clarifying what the controls signals are and how they cause the cryptographic circuit to perform the cryptographic operations on the data blocks with an internally permuted order.

Applicant’s arguments, see pages 12-13, filed 29 August 2022, with respect to the rejection of claims 1-20 under 35 U.S.C. 103 have been fully considered in light of the new claim amendments and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Lee et al. (US 2017/0346628 A1), Relyea et al. (US 2013/0136256 A1), Leiserson et al. (US 2016/0171252 A1), and Deng (US 2019/0342070 A1).
Relyea (newly cited) discloses wherein when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer (Para. 24).  The resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31). The processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext.
Leiserson discloses data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3, wherein the processed blocks are placed in the write buffer in the same order that the corresponding unprocessed blocks were placed in the read buffer even though the data blocks were processed in a random order (Fig. 2A, el. 230, 231; Para. 32, 36).  Processed data may also be stored in write buffer in the random order the associated data blocks were processed (Para. 30).
Also note Deng (newly cited) discloses an Encryption/Decryption (ED) module (Figs. 4, 6, el. 400), that includes the data input buffer (Fig. 6, el. 402) and the data output buffer (Fig. 6, el. 404), wherein the ED processor array starts processing asynchronously, the output of the ED processor array will be sent to the data output buffer, wherein the data output buffer collects the processed blocks of data back into its original file sequence (Para. 81).
Combining the references brings about a system that includes communicating data blocks to and from the cryptographic circuit in an internally permuted order.  Therefore, the aforementioned limitations are taught by the combination of the cited prior art.

Claim Objections
Claim 11 is objected to because of the following informalities:  
Regarding claim 11, line 7—“second buffer comprises plaintext data blocks,” should be amended to state --second buffer comprise plaintext data blocks--, for example, in order to correct the grammar mistake.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 5-10 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0346628 A1) in view of Relyea et al. (US 2013/0136256 A1) in view of Leiserson et al. (US 2016/0171252 A1) and further in view of Deng (US 2019/0342070 A1).
Regarding claim 1, Lee teaches an integrated circuit, e.g. an integrated circuit/System On a Chip (SoC) (Fig. 1, el. 100; Fig. 9, el. 100b),…, comprising: 
…
a cryptographic circuit, e.g. on-the-fly encryptor (Fig. 1, el. 120; Fig. 9, el. 120b), configured to perform cryptographic operations in a block cipher advanced encryption standard (AES) mode without feedback, e.g. the encryptor encrypts data using an encryption algorithm (Para. 48), wherein the algorithm may be an AES electronic code book (ECB) mode or a counter (CTR) mode (Para. 49); 
a controller, e.g. a CPU (Fig. 1, el. 110; Fig. 9, el. 110b), having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations…, e.g. the encryptor encrypts data transmitted from the CPU (Para. 48); and
wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks…, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks…, e.g. reading encrypted data, decrypting the encrypted data, and sending the decrypted data to the CPU (Para. 54).
Lee does not clearly teach the integrated circuit having block cipher side-channel attack mitigation; a first buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks stored in a sequential order; a second buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks stored in a sequential order; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks; wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks from the first buffer in the internally permuted order, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer in the internally permuted order; and wherein the plaintext data blocks output to the second buffer are re-ordered into the sequential order when stored within the second buffer.
Relyea teaches an integrated circuit, e.g. an encipherer (Fig. 2, el. 200; Fig. 5, el. 526), wherein the encipherer may be implemented as discrete hardware components, such as an ASIC, FPGA, or DSP (Para. 56, 60), having block cipher…attack mitigation, e.g. preventing others from unauthorized inspection and unauthorized modification of data (Para. 34), comprising:
 a first buffer, e.g. a ciphertext buffer (Fig. 2, el. 235), configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks in a sequential order, e.g. the ciphertext buffer contains encrypted data, wherein the data may be either awaiting decryption or the result of encryption (Para. 27); wherein the data is encrypted in sequential blocks and the resulting ciphertext may be appended to the current contents of the ciphertext buffer (Para. 30);
a second buffer, e.g. a plaintext buffer (Fig. 2, el. 120), configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks in a sequential order, e.g. the plaintext buffer contains unencrypted data, wherein the data may be either awaiting encryption or the result of decryption (Para. 26) wherein the data is decrypted in sequential blocks and the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31);
a cryptographic circuit, e.g. an IV generator (Fig. 2, el. 240) and block cipher(s) (Fig. 2, el. 210), configured to perform cryptographic operations in a block cipher advanced encryption standard (AES) mode…, e.g. enciphering, by the block cipher(s), a block (Para. 30); deciphering, by the block cipher(s), a block (Para. 31); wherein the block cipher(s) may be AES (Para. 25); wherein the encipherer may be implemented as discrete hardware components, such as an ASIC, FPGA, or DSP (Para. 56, 60); and
a controller, e.g. processing logic of the encipherer (Fig. 2, el. 200; Para. 42, 48), wherein the encipherer may be integrated with a processing device and the processing device is configured to execute the processing logic (Fig. 5, el. 502, 526; Para. 56), having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer and the second buffer…, e.g. the encipherer may start encryption by directing IV generator to provide initialization vectors (Para. 30); processing logic creates a first temporary block using a first plaintext block and enciphers the first temporary block to generate a first block of ciphertext (Para. 43), wherein when encrypting, the input buffers are identified as the plaintext buffer (Para. 24); processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext (Para. 49), wherein when decrypting, the input buffers are identified as the ciphertext buffer (Para. 24),
to mitigate block cipher…attacks, e.g. preventing others from unauthorized inspection and unauthorized modification of data (Para. 34);
wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks from the first buffer…, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer…, e.g. wherein when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer (Para. 24); the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31); processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext (Para. 49).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee to include the integrated circuit having block cipher side-channel attack mitigation; a first buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks stored in a sequential order; a second buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks stored in a sequential order; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer and the second buffer to mitigate block cipher attacks; and wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks from the first buffer, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer, using the known methods of when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer and when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer, and preventing others from unauthorized inspection and unauthorized modification of data, as taught by Relyea, in combination with the system of an integrated circuit that utilizes a block cipher AES mode without feedback of Lee, for the purpose of preventing others from unauthorized inspection and unauthorized modification of data and preventing attacks when the attacker has partial information about the contents of a block (Relyea-Para. 34).
Lee in view of Relyea does not clearly teach the integrated circuit having block cipher side-channel attack mitigation; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks; wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks from the first buffer in the internally permuted order, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer in the internally permuted order; and wherein the plaintext data blocks output to the second buffer are re-ordered into the sequential order when stored within the second buffer.
Leiserson teaches an integrated circuit, e.g. a cryptographic processor (Fig. 1, el. 110), wherein the processor may be included on a single die or on a system on a chip (SoC) (Para. 22), having block cipher side-channel attack mitigation, e.g. providing resistance to side-channel analysis techniques (Para. 15), wherein the cryptographic engine may use AES block cipher processing (Para. 18), comprising: 
a first buffer, e.g. a write buffer (Fig. 1, el. 131; Fig. 2A, el. 231) or a read buffer (Fig. 1, el. 130; Fig. 2A, el. 230), configured to store ciphertext data blocks having a sequential order, e.g. storing data blocks in read buffer (Para. 24); randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes encrypting or decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); processed data are stored in write buffer (Para. 29); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3 (Fig. 2A, el. 230, 231; Para. 32, 36); the processed data blocks stored to write buffer may be stored such that the location of the results in write buffer corresponds to the order of locations of the associated input blocks in the memory system (Para. 29); data blocks are stored sequentially in the memory system (Para. 31); 
a second buffer, e.g. a write buffer (Fig. 1, el. 131; Fig. 2A, el. 231) or a read buffer (Fig. 1, el. 130; Fig. 2A, el. 230), configured to store plaintext data blocks having a sequential order, e.g. storing data blocks in read buffer (Para. 24); randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes encrypting or decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3 (Fig. 2A, el. 230, 231; Para. 32, 36); the processed data blocks stored to write buffer may be stored such that the location of the results in write buffer corresponds to the order of locations of the associated input blocks in the memory system (Para. 29); data blocks are stored sequentially in the memory system (Para. 31); 
a cryptographic circuit, i.e. a cryptographic engine (Fig. 1, el. 111), configured to perform cryptographic operations in a block cipher advanced encryption standard (AES) mode…, e.g. the cryptographic engine performs cryptographic processing using an AES block cipher (Para. 18); and 
a controller, e.g. a block selector (Fig. 1, el. 150), having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer or the second buffer with an internally permuted order to mitigate block cipher side-channel attacks, e.g. the block selector randomly selects data blocks—an internally permuted order-- in read buffer for cryptographic processing by the cryptographic engine (Para. 25), wherein the randomizing of the processing order of the data blocks provides resistance to side-channel analysis techniques (Para. 15); the blocks associated with READ #1 are processed in an order that is a random permutation of the order they were copied into the read buffer (Para. 34);
wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks from the first buffer in the internally permuted order, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer in the internally permuted order, e.g. randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); processed data are stored in write buffer (Para. 29); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3 (Fig. 2A, el. 230, 231; Para. 32, 36); processed data are stored in write buffer in the random order the associated data blocks were processed (Para. 30),
wherein the plaintext data blocks output…are re-ordered into the sequential order when stored…, e.g. when the processed data is stored in the write buffer in the random location order, the data may be written to the memory system in a random access fashion such that the order of the locations of the results in memory system corresponds to the order of associated read data in memory system (Para. 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include the integrated circuit having block cipher side-channel attack mitigation; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks; wherein during decryption operations, the cryptographic circuit is configured to receive the ciphertext data blocks from the first buffer in the internally permuted order, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer in the internally permuted order; and wherein the plaintext data blocks output to the second buffer are re-ordered into the sequential order when stored within the second buffer, using the known method of enabling the block selector to randomly select data blocks in read buffer for cryptographic processing by the cryptographic engine, wherein the randomizing of the processing order of the data blocks provides resistance to side-channel analysis techniques, as taught by Leiserson, in combination with the block cipher buffering system of Lee in view of Relyea, for the purpose of providing resistance to side-channel analysis techniques (Leiserson-Para. 15).
Lee in view of Relyea in view of Leiserson does not clearly teach wherein the plaintext data blocks output to the second buffer are re-ordered into the sequential order when stored within the second buffer.
Deng teaches wherein during decryption operations, the cryptographic circuit, e.g. an Encryption/Decryption (ED) module (Figs. 4, 6, el. 400), is configured to receive the ciphertext data blocks from the first buffer, e.g. the data input buffer (Fig. 6, el. 402), in the internally permuted order, decrypt the received ciphertext data blocks into plaintext data blocks, and output the plaintext data blocks to the second buffer, e.g. the data output buffer (Fig. 6, el. 404), in the internally permuted order, wherein the plaintext data blocks output to the second buffer are re-ordered into the sequential order when stored within the second buffer, e.g. the ED processor array starts processing asynchronously, the output of the ED processor array will be sent to the data output buffer, wherein the data output buffer collects the processed blocks of data back into its original file sequence (Para. 81).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea in view of Leiserson to include wherein the plaintext data blocks output to the second buffer are re-ordered into the sequential order when stored within the second buffer, using the known method of the ED processor array starts processing asynchronously, the output of the ED processor array will be sent to the data output buffer, wherein the data output buffer collects the processed blocks of data back into its original file sequence, as taught by Deng, in combination with the block cipher encryption/decryption buffering method of Lee in view of Relyea in view of Leiserson, for the purpose of reducing the processing and resources required by the memory system by offloading the re-ordering of the data blocks into the original sequence at the integrated circuit.

Regarding claim 2, Lee in view of Relyea in view of Leiserson in view of Deng teaches the integrated circuit of claim 1, wherein the block cipher AES mode comprises an AES counter (CTR) mode or an AES electronic codebook (ECB) mode, e.g. wherein the algorithm may be an AES electronic code book (ECB) mode or a counter (CTR) mode (Lee-Para. 49).

Regarding claim 3, Lee in view of Relyea in view of Leiserson in view of Deng teaches the integrated circuit of claim 1, wherein the internally permuted order comprises an order generated using one or more random number generators, e.g. the random selection may be based on one or more random numbers generated by the random number generator 151 or a random number generator external to the cryptographic processor (Leiserson-Fig. 1, el. 151; Para. 25).

Regarding claim 5, Lee in view of Relyea in view of Leiserson in view of Deng teaches all elements of claim 1.
Lee in view of Relyea does not clearly teach the integrated circuit of claim 1, wherein sequential data blocks are grouped into a plurality of sequential subsets of data blocks.
Leiserson further teaches wherein sequential data blocks are grouped into a plurality of sequential subsets of data blocks, e.g. the block selector may randomly select data blocks among a group of data blocks have been selected and then proceed to a second group and start randomly selecting from among that group, wherein these data block groups corresponds to sets of data blocks that are received in response to a single read request sent to the memory system (Leiserson-Para. 26), wherein blocks of data A-H are sequentially stored in the memory system with A-D in the first group and E-H in the second group (Leiserson-Fig. 2A; Para. 32, 33).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include wherein sequential data blocks are grouped into a plurality of sequential subsets of data blocks, as taught by Leiserson, using the same motivation as in claim 1.

Regarding claim 6, Lee in view of Relyea in view of Leiserson in view of Deng teaches all elements of claim 5.
Lee in view of Relyea does not clearly teach the integrated circuit of claim 5, wherein the control signals cause the cryptographic circuit to perform the cryptographic operations in sequence for the sequential subsets of data blocks with data blocks within each subset having an internally permuted order.
Leiserson further teaches wherein the control signals cause the cryptographic circuit to perform the cryptographic operations in sequence for the sequential subsets of data blocks with data blocks within each subset having an internally permuted order, e.g. the block selector may randomly select data blocks among a group of data blocks until all of the data blocks in the group have been selected and then proceed to a second group and start randomly selecting from among that group, wherein these data block groups corresponds to sets of data blocks that are received in response to a single read request sent to the memory system (Leiserson-Para. 26), wherein blocks of data A-H are sequentially stored in the memory system with A-D in the first group READ #1 and E-H in the second group READ #2 (Leiserson-Fig. 2A; Para. 32, 33); the blocks associated with READ #1 and READ #2 are processed in an order that is a random permutation of the order they were copied into the read buffer (Para. 34).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include wherein the control signals cause the cryptographic circuit to perform the cryptographic operations in sequence for the sequential subsets of data blocks with data blocks within each subset having an internally permuted order, as taught by Leiserson, in combination with the block cipher buffering system of Lee in view of Relyea using the same motivation as in claim 1.

Regarding claim 7, Lee in view of Relyea in view of Leiserson in view of Deng teaches all elements of claim 1.
Lee does not clearly teach the integrated circuit of claim 1, wherein during encryption operations, the cryptographic circuit is configured to receive the plaintext data blocks from the second buffer in the internally permuted order, encrypt the received plaintext data blocks into ciphertext data blocks, and output the ciphertext data blocks to the first buffer in the internally permuted order.
Relyea teaches wherein during encryption operations, the cryptographic circuit is configured to receive the plaintext data blocks from the second buffer…, encrypt the received plaintext data blocks into ciphertext data blocks, and output the ciphertext data blocks to the first buffer…, e.g. the encipherer may start encryption by directing IV generator to provide initialization vectors (Para. 30); processing logic creates a first temporary block using a first plaintext block and enciphers the first temporary block to generate a first block of ciphertext (Para. 43), wherein when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer (Para. 24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee to include wherein during encryption operations, the cryptographic circuit is configured to receive the plaintext data blocks from the second buffer, encrypt the received plaintext data blocks into ciphertext data blocks, and output the ciphertext data blocks to the first buffer, as taught by Relyea, using the same motivation as in claim 1.
Lee in view of Relyea does not clearly teach the integrated circuit of claim 1, wherein during encryption operations, the cryptographic circuit is configured to receive the plaintext data blocks from the second buffer in the internally permuted order, encrypt the received plaintext data blocks into ciphertext data blocks, and output the ciphertext data blocks to the first buffer in the internally permuted order.
Leiserson further teaches wherein during encryption operations, the cryptographic circuit is configured to receive the plaintext data blocks from the read buffer in the internally permuted order, encrypt the received plaintext data blocks into ciphertext data blocks, and output the ciphertext data blocks to the write buffer in the internally permuted order, e.g. randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes encrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); processed data are stored in write buffer (Para. 29); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3, wherein the processed blocks are placed in the write buffer in the same order that the corresponding unprocessed blocks were placed in the read buffer even though the data blocks were processed in a random order (Fig. 2A, el. 230, 231; Para. 32, 36); processed data are stored in write buffer in the random order the associated data blocks were processed (Para. 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include wherein during encryption operations, the cryptographic circuit is configured to receive the plaintext data blocks from the second buffer in the internally permuted order, encrypt the received plaintext data blocks into ciphertext data blocks, and output the ciphertext data blocks to the first buffer in the internally permuted order, as taught by Leiserson, in combination with the block cipher buffering system of Lee in view of Relyea using the same motivation as in claim 1.

Regarding claim 8, Lee in view of Relyea in view of Leiserson in view of Deng teaches all elements of claim 7.
Lee in view of Relyea does not clearly teach the integrated circuit of claim 7, wherein the ciphertext data blocks output to the first buffer are re-ordered into the sequential order when stored within the first buffer.
Leiserson further teaches wherein the ciphertext data blocks output…are re-ordered into the sequential order when stored…, e.g. data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3, wherein the processed blocks are placed in the write buffer in the same order that the corresponding unprocessed blocks were placed in the read buffer even though the data blocks were processed in a random order (Leiserson-Fig. 2A, el. 230, 231; Para. 32, 36).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include the integrated circuit of claim 7, wherein the ciphertext data blocks output to the memory are re-ordered into the sequential order when stored to the memory, as taught by Leiserson, in combination with the block cipher buffering system of Lee in view of Relyea using the same motivation as in claim 1.
Lee in view of Relyea in view of Leiserson does not clearly teach the integrated circuit of claim 7, wherein the ciphertext data blocks output to the first buffer are re-ordered into the sequential order when stored within the first buffer.
Deng teaches wherein the ciphertext data blocks output to the first buffer are re-ordered into the sequential order when stored within the first buffer, e.g. the ED processor array starts processing asynchronously, the output of the ED processor array will be sent to the data output buffer, wherein the data output buffer collects the processed blocks of data back into its original file sequence (Para. 81).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea in view of Leiserson to include wherein the ciphertext data blocks output to the first buffer are re-ordered into the sequential order when stored within the first buffer, as taught by Deng, using the same motivation as in claim 1.

Regarding claim 9, Lee in view of Relyea in view of Leiserson in view of Deng teaches the integrated circuit of claim 7, wherein at least one of the plaintext data blocks or the ciphertext data blocks are input to or output from the integrated circuit, e.g. writing, by the encryptor, encrypted data to the DRAM (Fig. 9, el. 210b-240b; Lee-Para. 94); 
Also note Leiserson discloses read data—plaintext data blocks-- returned from the memory system is written into the read buffer by cryptographic processor (Leiserson-Fig. 2A, el. 260; Para. 19, 32); processed data—ciphertext data-- are stored in write buffer and written to the memory system (Leiserson-Fig. 2A, el. 260; Para. 29, 37), wherein the memory system is external to the cryptographic processor (Leiserson-Fig. 1, el. 110, 160);
Also note Deng discloses the ED processor array starts processing asynchronously, the output of the ED processor array will be sent to the data output buffer, wherein the data output buffer collects the processed blocks of data back into its original file sequence (Para. 81).

Regarding claim 10, Lee in view of Relyea in view of Leiserson in view of Deng teaches further comprising at least one of a radio or a network interface circuit configured to communicate with a network, e.g. the SoC includes a modem, wherein the modem may be implemented to perform wired and/or wireless communication with the outside (Lee-Fig. 9, el. 146; Para. 89).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Lee in view of Relyea in view of Leiserson in view of Deng and further in view of He (US 2012/0027198 A1).
Regarding claim 4, Lee in view of Relyea in view of Leiserson in view of Deng teaches all elements of claim 1.
Lee in view of Relyea in view of Leiserson in view of Deng does not clearly teach the integrated circuit of claim 1, wherein the internally permuted order comprises one or more pre-configured permutated orders.
He teaches wherein the internally permuted order comprises one or more pre-configured permutated orders, e.g. to obtain ciphertext C, the encoder permutates all symbols in M according to predefined ordering information (Para. 27).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea in view of Leiserson in view of Deng to include wherein the internally permuted order comprises one or more pre-configured permutated orders, using the known method of obtaining ciphertext C, by permutating all symbols in M according to predefined ordering information, as taught by He, in combination with the permutation method of Lee in view of Relyea in view of Leiserson in view of Deng, for the purpose of reducing the amount of time required to perform the permutation by using predefined ordering information and enabling the system to more easily reverse the permutation.

Claims 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Lee in view of Relyea in view of Leiserson and further in view of Choudhary et al. (US 2020/0313923 A1).
Regarding claim 11, Lee teaches an…device, e.g. an integrated circuit/System On a Chip (SoC) (Fig. 1, el. 100; Fig. 9, el. 100b), comprising:
…
a cryptographic circuit, e.g. on-the-fly encryptor (Fig. 1, el. 120; Fig. 9, el. 120b), configured to perform cryptographic operations in a block cipher advanced encryption standard (AES) mode without feedback, e.g. the encryptor encrypts data using an encryption algorithm (Para. 48), wherein the algorithm may be an AES electronic code book (ECB) mode or a counter (CTR) mode (Para. 49); and 
a controller, e.g. a CPU (Fig. 1, el. 110; Fig. 9, el. 100b), having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations…, e.g. the encryptor encrypts data transmitted from the CPU (Para. 48);
wherein the modem, iRAM…the cryptographic circuit, and the controller are integrated within an integrated circuit, e.g. the SoC includes a modem, iRAM, on-the-fly encryptor, and CPU, wherein the modem may be implemented to perform wired and/or wireless communication with the outside (Fig. 9, el. 110b, 120b, 141, 146; Para. 89); 
wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks…, decrypts the received ciphertext data blocks into plaintext data blocks…, and output the plaintext data blocks…, e.g. reading encrypted data, decrypting the encrypted data, and sending the decrypted data to the CPU (Para. 54); 
wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks…, encrypts the received plaintext data blocks into ciphertext data blocks…, and outputs the ciphertext data blocks…, e.g. encrypting data and sending the encrypted data to an encrypted data area (Para. 53); and 
wherein at least one of the plaintext data blocks or the ciphertext data blocks are input to or output from the integrated circuit…, e.g. writing, by the encryptor, encrypted data to the DRAM (Fig. 9, el. 210b-240b; Para. 94).
Lee does not clearly teach an internet-of-things (IoT) device, comprising:   a radio coupled to an antenna to communicate with a network; a first buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks having a sequential order; a second buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks having a sequential order; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within at least one of the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks; wherein the radio, the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit; wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks from the first buffer in the internally permuted order, decrypts the received ciphertext data blocks into plaintext data blocks in the internally permuted order, and outputs the plaintext data blocks to the second buffer in the internally permuted order; wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks from the second buffer in the internally permuted order, encrypts the received plaintext data blocks into ciphertext data blocks in the internally permuted order, and outputs the ciphertext data blocks to the first buffer in the internally permuted order; and wherein at least one of the plaintext data blocks or the ciphertext data blocks are input to or output from the integrated circuit in the sequential order.
Relyea teaches an…device, e.g. an encipherer (Fig. 2, el. 200; Fig. 5, el. 526), wherein the encipherer may be implemented as discrete hardware components, such as an ASIC, FPGA, or DSP (Para. 56, 60), comprising:
 a first buffer, e.g. a ciphertext buffer (Fig. 2, el. 235), configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks having a sequential order, e.g. the ciphertext buffer contains encrypted data, wherein the data may be either awaiting decryption or the result of encryption (Para. 27); wherein the data is encrypted in sequential blocks and the resulting ciphertext may be appended to the current contents of the ciphertext buffer (Para. 30);
a second buffer, e.g. a plaintext buffer (Fig. 2, el. 120), configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks having a sequential order, e.g. the plaintext buffer contains unencrypted data, wherein the data may be either awaiting encryption or the result of decryption (Para. 26) wherein the data is decrypted in sequential blocks and the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31);
a cryptographic circuit, e.g. an IV generator (Fig. 2, el. 240) and block cipher(s) (Fig. 2, el. 210), configured to perform cryptographic operations in a block cipher advanced encryption standard (AES) mode…, e.g. enciphering, by the block cipher(s), a block (Para. 30); deciphering, by the block cipher(s), a block (Para. 31); wherein the block cipher(s) may be AES (Para. 25); wherein the encipherer may be implemented as discrete hardware components, such as an ASIC, FPGA, or DSP (Para. 56, 60); and
a controller, e.g. processing logic of the encipherer (Fig. 2, el. 200; Para. 42, 48), wherein the encipherer may be integrated with a processing device and the processing device is configured to execute the processing logic (Fig. 5, el. 502, 526; Para. 56), having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within at least one of the first buffer and the second buffer…, e.g. the encipherer may start encryption by directing IV generator to provide initialization vectors (Para. 30); processing logic creates a first temporary block using a first plaintext block and enciphers the first temporary block to generate a first block of ciphertext (Para. 43), wherein when encrypting, the input buffers are identified as the plaintext buffer (Para. 24); processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext (Para. 49), wherein when decrypting, the input buffers are identified as the ciphertext buffer (Para. 24),
to mitigate block cipher…attacks, e.g. preventing others from unauthorized inspection and unauthorized modification of data (Para. 34);
wherein…the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit, e.g. wherein the encipherer may be implemented as discrete hardware components, such as an ASIC, FPGA, or DSP (Para. 56, 60);
wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks from the first buffer…, decrypts the received ciphertext data blocks into plaintext data blocks…, and outputs the plaintext data blocks to the second buffer…, e.g. wherein when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer (Para. 24); the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31); processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext (Para. 49);
wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks from the second buffer…, encrypts the received plaintext data blocks into ciphertext data blocks…, and outputs the ciphertext data blocks…, e.g. the encipherer may start encryption by directing IV generator to provide initialization vectors (Para. 30); processing logic creates a first temporary block using a first plaintext block and enciphers the first temporary block to generate a first block of ciphertext (Para. 43), wherein when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer (Para. 24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee to include a first buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks having a sequential order; a second buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks having a sequential order; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within at least one of the first buffer and the second buffer to mitigate block cipher attacks; wherein the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit; wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks from the first buffer, decrypts the received ciphertext data blocks into plaintext data blocks, and outputs the plaintext data blocks to the second buffer; wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks from the second buffer, encrypts the received plaintext data blocks into ciphertext data blocks, and outputs the ciphertext data blocks to the first buffer, using the known methods of when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer and when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer, and preventing others from unauthorized inspection and unauthorized modification of data, as taught by Relyea, in combination with the system of an integrated circuit that utilizes a block cipher AES mode without feedback of Lee, for the purpose of preventing others from unauthorized inspection and unauthorized modification of data and preventing attacks when the attacker has partial information about the contents of a block (Relyea-Para. 34).
Lee in view of Relyea does not clearly teach an internet-of-things (IoT) device, comprising:   a radio coupled to an antenna to communicate with a network; the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within at least one of the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks; wherein the radio, the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit; wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks from the first buffer in the internally permuted order, decrypts the received ciphertext data blocks into plaintext data blocks in the internally permuted order, and outputs the plaintext data blocks to the second buffer in the internally permuted order; wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks from the second buffer in the internally permuted order, encrypts the received plaintext data blocks into ciphertext data blocks in the internally permuted order, and outputs the ciphertext data blocks to the first buffer in the internally permuted order; and wherein at least one of the plaintext data blocks or the ciphertext data blocks are input to or output from the integrated circuit in the sequential order.
Leiserson teaches an…device, e.g. a cryptographic processor (Fig. 1, el. 110), wherein the processor may be included on a single die or on a system on a chip (SoC) (Para. 22), comprising:
a first buffer, i.e. a write buffer (Fig. 1, el. 131; Fig. 2A, el. 231), a first buffer configured to store sequential data blocks, wherein the sequential data blocks stored within the first buffer comprise ciphertext data blocks having a sequential order, e.g. processed data—ciphertext data-- are stored in write buffer (Para. 29); data blocks A-H stored in the read buffer and data blocks Ac-Hc stored in write buffer (Fig. 2A, el. 230, 231; Para. 32, 36); 
a second buffer, i.e. a read buffer (Fig. 1, el. 130; Fig. 2A, el. 230), configured to store sequential data blocks, wherein the sequential data blocks stored within the second buffer comprises plaintext data blocks having a sequential order, e.g. read data—plaintext data blocks-- returned from the memory system is written into the read buffer by cryptographic processor (Para. 19); 
a cryptographic circuit, i.e. a cryptographic engine (Fig. 1, el. 111), configured to perform cryptographic operations in a block cipher advanced encryption standard (AES) mode…, e.g. the cryptographic engine performs cryptographic processing using an AES block cipher (Para. 18); and 
a controller, e.g. a block selector (Fig. 1, el. 150), having control signals as outputs to the cryptographic circuit, the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within at least one of the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks, e.g. the block selector randomly selects data blocks—an internally permuted order-- in read buffer for cryptographic processing by the cryptographic engine (Para. 25), wherein the randomizing of the processing order of the data blocks provides resistance to side-channel analysis techniques (Para. 15); the blocks associated with READ #1 are processed in an order that is a random permutation of the order they were copied into the read buffer (Para. 34); 
wherein…the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit, e.g. the cryptographic processor includes the cryptographic engine, the block selector, the read buffer, and the write buffer, wherein the processor may be included on a single die or on a system on a chip (SoC) (Fig. 1, el. 110, 111, 130, 131, 150; Para. 22);
wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks from the first buffer in the internally permuted order, decrypts the received ciphertext data blocks into plaintext data blocks in the internally permuted order, and outputs the plaintext data blocks to the second buffer in the internally permuted order, e.g. randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); processed data are stored in write buffer (Para. 29); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3 (Fig. 2A, el. 230, 231; Para. 32, 36); processed data are stored in write buffer in the random order the associated data blocks were processed (Para. 30);
wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks from the read buffer in the internally permuted order, encrypts the received plaintext data blocks into ciphertext data blocks in the internally permuted order, and outputs the ciphertext data blocks to the write buffer in the internally permuted order, e.g. randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes encrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); processed data are stored in write buffer (Para. 29); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3, wherein the processed blocks are placed in the write buffer in the same order that the corresponding unprocessed blocks were placed in the read buffer even though the data blocks were processed in a random order (Fig. 2A, el. 230, 231; Para. 32, 36); processed data are stored in write buffer in the random order the associated data blocks were processed (Para. 30); and 
wherein at least one of the plaintext data blocks or the ciphertext data blocks are input to or output from the integrated circuit in the sequential order, e.g. read data—plaintext data blocks-- returned from the memory system is written into the read buffer by cryptographic processor (Fig. 2A, el. 260; Para. 19, 32); processed data—ciphertext data-- are stored in write buffer and written to the memory system (Fig. 2A, el. 260; Para. 29, 37), wherein the memory system is external to the cryptographic processor (Fig. 1, el. 110, 160); wherein the data blocks are stored sequentially in the memory system (Para. 31); when the processed data is stored in the write buffer in the random location order, the data may be written to the memory system in a random access fashion such that the order of the locations of the results in memory system corresponds to the order of associated read data in memory system (Para. 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include the control signals causing the cryptographic circuit to perform the cryptographic operations on the sequential data blocks stored within at least one of the first buffer and the second buffer with an internally permuted order to mitigate block cipher side-channel attacks; wherein the the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit; wherein during decryption operations, the cryptographic circuit receives the ciphertext data blocks from the first buffer in the internally permuted order, decrypts the received ciphertext data blocks into plaintext data blocks in the internally permuted order, and outputs the plaintext data blocks to the second buffer in the internally permuted order; wherein during encryption operations, the cryptographic circuit receives the plaintext data blocks from the second buffer in the internally permuted order, encrypts the received plaintext data blocks into ciphertext data blocks in the internally permuted order, and outputs the ciphertext data blocks to the first buffer in the internally permuted order; and wherein at least one of the plaintext data blocks or the ciphertext data blocks are input to or output from the integrated circuit in the sequential order, using the known method of enabling the block selector to randomly select data blocks in read buffer for cryptographic processing by the cryptographic engine, wherein the randomizing of the processing order of the data blocks provides resistance to side-channel analysis techniques, as taught by Leiserson, in combination with the block cipher buffering system of Lee in view of Relyea, for the purpose of providing resistance to side-channel analysis techniques (Leiserson-Para. 15).
Lee in view of Relyea in view of Leiserson does not clearly teach an internet-of-things (IoT) device, comprising:  a radio coupled to an antenna to communicate with a network; and wherein the radio, the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit.
Choudhary teaches an internet-of-things (IoT) device, e.g. an Internet of Things (IoT) device (Fig. 15, el. 1500; Para. 90), comprising: 
a radio coupled to an antenna to communicate with a network, e.g. the device includes a transceiver that is connected to an antenna (Fig. 15, el. 1540, 1542; Para. 86, 90); and
wherein the radio, a memory,…and the controller are integrated within an integrated circuit, e.g. the IoT device is included in a system-on-chip device, wherein the SoC includes a processor—controller--, a memory, and the transceiver—radio-- (Fig. 15, el. 106, 108, 1522, 1540; Para. 90).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea in view of Leiserson to include an internet-of-things (IoT) device, comprising:  a radio coupled to an antenna to communicate with a network; and wherein the radio, the first buffer, the second buffer, the cryptographic circuit, and the controller are integrated within an integrated circuit, using the known method of including a system-on-chip device in an IoT device, wherein the SoC includes a processor, a memory, and the transceiver, wherein the transceiver is coupled to an antenna, as taught by Choudhary, in combination with the integrated circuit system of Lee in view of Relyea in view of Leiserson, for the purpose of providing enhanced communication capabilities for the integrated circuit device.

Regarding claim 12, Lee in view of Relyea in view of Leiserson in view of Choudhary teaches the IoT device of claim 11, wherein the block cipher AES mode comprises an AES counter (CTR) mode or an AES electronic codebook (ECB) mode, e.g. wherein the algorithm may be an AES electronic code book (ECB) mode or a counter (CTR) mode (Lee-Para. 49).

Regarding claim 13, Lee in view of Relyea in view of Leiserson in view of Choudhary teaches all elements of claim 11.
Lee in view of Relyea does not clearly teach the IoT device of claim 11, wherein the sequential data blocks are grouped into a plurality of sequential subsets of data blocks.
Leiserson further teaches wherein the sequential data blocks are grouped into a plurality of sequential subsets of data blocks, e.g. the block selector may randomly select data blocks among a group of data blocks have been selected and then proceed to a second group and start randomly selecting from among that group, wherein these data block groups corresponds to sets of data blocks that are received in response to a single read request sent to the memory system (Leiserson-Para. 26), wherein blocks of data A-H are sequentially stored in the memory system with A-D in the first group and E-H in the second group (Leiserson-Fig. 2A; Para. 32, 33).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include wherein the sequential data blocks are grouped into a plurality of sequential subsets of data blocks, as taught by Leiserson, using the same motivation as in claim 11.

Regarding claim 14, Lee in view of Relyea in view of Leiserson in view of Choudhary teaches all elements of claim 13.
Lee in view of Relyea does not clearly teach the IoT device of claim 13, wherein the control signals cause the cryptographic circuit to perform the cryptographic operations in sequence for the sequential subsets of data blocks with data blocks within each subset having an internally permuted order.
Leiserson further teaches wherein the control signals cause the cryptographic circuit to perform the cryptographic operations in sequence for the sequential subsets of data blocks with data blocks within each subset having an internally permuted order, e.g. the block selector may randomly select data blocks among a group of data blocks until all of the data blocks in the group have been selected and then proceed to a second group and start randomly selecting from among that group, wherein these data block groups corresponds to sets of data blocks that are received in response to a single read request sent to the memory system (Leiserson-Para. 26), wherein blocks of data A-H are sequentially stored in the memory system with A-D in the first group READ #1 and E-H in the second group READ #2 (Leiserson-Fig. 2A; Para. 32, 33); the blocks associated with READ #1 and READ #2 are processed in an order that is a random permutation of the order they were copied into the read buffer (Para. 34).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include wherein the control signals cause the cryptographic circuit to perform the cryptographic operations in sequence for the sequential subsets of data blocks with data blocks within each subset having an internally permuted order, as taught by Leiserson, using the same motivation as in claim 11.

Claims 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee in view of Relyea and further in view of Leiserson.
Regarding claim 15, Lee teaches a method…comprising:
…an integrated circuit, e.g. an integrated circuit/System On a Chip (SoC) (Fig. 1, el. 100; Fig. 9, el. 100b);
performing cryptographic operations on the…data blocks using a block cipher advanced encryption standard (AES) mode without feedback to generate processed data blocks, wherein the cryptographic operations are performed by a cryptographic circuit, e.g. on-the-fly encryptor (Fig. 1, el. 120; Fig. 9, el. 120b), included within the integrated circuit, e.g. the encryptor encrypts data using an encryption algorithm (Para. 48), wherein the algorithm may be an AES electronic code book (ECB) mode or a counter (CTR) mode (Para. 49).
Lee does not clearly teach the method to mitigate block cipher side-channel attacks, comprising:  storing sequential data blocks within a first buffer included within an integrated circuit; performing cryptographic operations on the sequential data blocks using a block cipher advanced encryption standard (AES) mode without feedback to generate processed data blocks; storing the processed data blocks within a second buffer included within the integrated circuit; and wherein the sequential data blocks are provided to the cryptographic circuit in an internally permuted order, the cryptographic operations are performed on the sequential data blocks in the internally permuted order and the processed data blocks are output to the second buffer in the internally permuted order to mitigate block cipher side-channel attacks.
Relyea teaches a method to mitigate block cipher…attacks, comprising:
storing sequential data blocks within a first buffer, e.g. a plaintext buffer (Fig. 2, el. 120) or a ciphertext buffer (Fig. 2, el. 235), included within an integrated circuit, e.g. an encipherer (Fig. 2, el. 200; Fig. 5, el. 526), wherein the encipherer may be implemented as discrete hardware components, such as an ASIC, FPGA, or DSP (Para. 56, 60); wherein the plaintext buffer contains unencrypted data, wherein the data may be either awaiting encryption or the result of decryption (Para. 26) wherein the data is decrypted in sequential blocks and the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31);
performing cryptographic operations on the sequential data blocks using a block cipher advanced encryption standard (AES) mode…to generate processed data blocks, e.g. wherein when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer and when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer (Para. 24),
wherein the cryptographic operations are performed by a cryptographic circuit included within the integrated circuit, e.g. an IV generator (Fig. 2, el. 240) and block cipher(s) (Fig. 2, el. 210);
storing the processed data blocks within a second buffer, e.g. a plaintext buffer (Fig. 2, el. 120) or a ciphertext buffer (Fig. 2, el. 235), included within the integrated circuit, e.g. wherein when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer and when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer (Para. 24);
wherein the sequential data blocks are provided to the cryptographic circuit…, the cryptographic operations are performed on the sequential data blocks…and the processed data blocks are output to the second buffer…, e.g. wherein when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer and when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer (Para. 24); the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31); processing logic deciphers a first block of ciphertext to generate a first temporary block and applies a second function to the first temporary block to generate the first block of plaintext (Para. 49); processing logic creates a first temporary block using a first plaintext block and enciphers the first temporary block to generate a first block of ciphertext (Para. 43),
to mitigate block cipher…attacks, e.g. preventing others from unauthorized inspection and unauthorized modification of data (Para. 34).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee to include the method to mitigate block cipher attacks, comprising:  storing sequential data blocks within a first buffer included within an integrated circuit; performing cryptographic operations on the sequential data blocks using a block cipher advanced encryption standard (AES) mode without feedback to generate processed data blocks; storing the processed data blocks within a second buffer included within the integrated circuit; and wherein the sequential data blocks are provided to the cryptographic circuit, the cryptographic operations are performed on the sequential data blocks and the processed data blocks are output to the second buffer to mitigate block cipher attacks, using the known methods of when encrypting, the input buffers are identified as the plaintext buffer and the output buffer is identified as the ciphertext buffer and when decrypting, the input buffers are identified as the ciphertext buffer and the output buffer is identified as the plaintext buffer, and preventing others from unauthorized inspection and unauthorized modification of data, as taught by Relyea, in combination with the system of an integrated circuit that utilizes a block cipher AES mode without feedback of Lee, for the purpose of preventing others from unauthorized inspection and unauthorized modification of data and preventing attacks when the attacker has partial information about the contents of a block (Relyea-Para. 34).
Lee in view of Relyea teaches the method to mitigate block cipher side-channel attacks, comprising: wherein the sequential data blocks are provided to the cryptographic circuit in an internally permuted order, the cryptographic operations are performed on the sequential data blocks in the internally permuted order and the processed data blocks are output to the second buffer in the internally permuted order to mitigate block cipher side-channel attacks.
Leiserson teaches a method to mitigate block cipher side-channel attacks, e.g. providing resistance to side-channel analysis techniques (Para. 15), wherein the cryptographic engine may use AES block cipher processing (Para. 18), comprising:
storing sequential data blocks within a first buffer, e.g. a write buffer (Fig. 1, el. 131; Fig. 2A, el. 231) or a read buffer (Fig. 1, el. 130; Fig. 2A, el. 230), included within an integrated circuit, e.g. a cryptographic processor (Fig. 1, el. 110), wherein the processor may be included on a single die or on a system on a chip (SoC) (Para. 22); storing data blocks in read buffer (Para. 24); randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes encrypting or decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); processed data are stored in write buffer (Para. 29); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3 (Fig. 2A, el. 230, 231; Para. 32, 36); the processed data blocks stored to write buffer may be stored such that the location of the results in write buffer corresponds to the order of locations of the associated input blocks in the memory system (Para. 29); data blocks are stored sequentially in the memory system (Para. 31);
performing cryptographic operations on the sequential data blocks using a block cipher advanced encryption standard (AES) mode…to generate processed data blocks, wherein the cryptographic operations are performed by a cryptographic circuit included within the integrated circuit, e.g. the cryptographic engine performs cryptographic processing using an AES block cipher (Para. 18);
storing the processed data blocks within a second buffer, e.g. a write buffer (Fig. 1, el. 131; Fig. 2A, el. 231) or a read buffer (Fig. 1, el. 130; Fig. 2A, el. 230), included within the integrated circuit, e.g. storing data blocks in read buffer (Para. 24); randomly selecting data blocks in read buffer for cryptographic processing (Para. 25); wherein the cryptographic processing includes encrypting or decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36); data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3 (Fig. 2A, el. 230, 231; Para. 32, 36); the processed data blocks stored to write buffer may be stored such that the location of the results in write buffer corresponds to the order of locations of the associated input blocks in the memory system (Para. 29); data blocks are stored sequentially in the memory system (Para. 31);
wherein the sequential data blocks are provided to the cryptographic circuit in an internally permuted order, the cryptographic operations are performed on the sequential data blocks in the internally permuted order and the processed data blocks are output to the second buffer in the internally permuted order to mitigate block cipher side-channel attacks, e.g. data blocks A-H are stored in the read buffer in locations 0 to 3 and data blocks Ac-Hc are stored in the write buffer in locations 0 to 3, wherein the processed blocks are placed in the write buffer in the same order that the corresponding unprocessed blocks were placed in the read buffer even though the data blocks were processed in a random order (Fig. 2A, el. 230, 231; Para. 32, 36); processed data are stored in write buffer in the random order the associated data blocks were processed (Para. 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include the method to mitigate block cipher side-channel attacks, comprising:  wherein the sequential data blocks are provided to the cryptographic circuit in an internally permuted order, the cryptographic operations are performed on the sequential data blocks in the internally permuted order and the processed data blocks are output to the second buffer in the internally permuted order to mitigate block cipher side-channel attacks, using the known method of enabling the block selector to randomly select data blocks in read buffer for cryptographic processing by the cryptographic engine, wherein the randomizing of the processing order of the data blocks provides resistance to side-channel analysis techniques, as taught by Leiserson, in combination with the block cipher buffering system of Lee in view of Relyea, for the purpose of providing resistance to side-channel analysis techniques (Leiserson-Para. 15).

Regarding claim 16, Lee in view of Relyea in view of Leiserson in view of Deng teaches the method of claim 15, wherein the block cipher AES mode comprises an AES counter (CTR) mode or an AES electronic codebook (ECB) mode, e.g. wherein the algorithm may be an AES electronic code book (ECB) mode or a counter (CTR) mode (Lee-Para. 49).

Regarding claim 17, Lee in view of Relyea in view of Leiserson in view of Deng teaches the method of claim 15, further comprising generating the internally permuted order using one or more random number generators or by applying one or more pre- configured permutated orders, e.g. the random selection may be based on one or more random numbers generated by the random number generator 151 or a random number generator external to the cryptographic processor (Leiserson-Fig. 1, el. 151; Para. 25).

Regarding claim 18, Lee in view of Relyea in view of Leiserson in view of Deng teaches all elements of claim 15.
Lee in view of Relyea does not clearly teach method of claim 15, wherein the sequential data blocks are grouped into a plurality of sequential subsets of data blocks, wherein the cryptographic operations are performed in sequence for the sequential subsets of data blocks, and wherein data blocks within each subset are processed with the internally permuted order.
Leiserson further teaches wherein sequential data blocks are grouped into a plurality of sequential subsets of data blocks, e.g. the block selector may randomly select data blocks among a group of data blocks have been selected and then proceed to a second group and start randomly selecting from among that group, wherein these data block groups corresponds to sets of data blocks that are received in response to a single read request sent to the memory system (Leiserson-Para. 26), wherein blocks of data A-H are sequentially stored in the memory system with A-D in the first group and E-H in the second group (Leiserson-Fig. 2A; Para. 32, 33),
wherein the cryptographic operations are performed in sequence for the sequential subsets of data blocks, and wherein data blocks within each subset are processed with the internally permuted order, e.g. the block selector may randomly select data blocks among a group of data blocks until all of the data blocks in the group have been selected and then proceed to a second group and start randomly selecting from among that group, wherein these data block groups corresponds to sets of data blocks that are received in response to a single read request sent to the memory system (Leiserson-Para. 26), wherein blocks of data A-H are sequentially stored in the memory system with A-D in the first group READ #1 and E-H in the second group READ #2 (Leiserson-Fig. 2A; Para. 32, 33); the blocks associated with READ #1 and READ #2 are processed in an order that is a random permutation of the order they were copied into the read buffer (Para. 34).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee in view of Relyea to include wherein the sequential data blocks are grouped into a plurality of sequential subsets of data blocks, wherein the cryptographic operations are performed in sequence for the sequential subsets of data blocks, and wherein data blocks within each subset are processed with the internally permuted order, as taught by Leiserson, using the same motivation as in claim 15.

Regarding claim 19, Lee in view of Relyea in view of Leiserson teaches all elements of claim 15.
Lee does not explicitly teach the method claim 15, further comprising storing ciphertext data blocks having a sequential order in the first buffer, and storing plaintext data blocks having a sequential order in the second buffer.
Relyea teaches storing ciphertext data blocks having a sequential order in the first buffer, e.g. the ciphertext buffer contains encrypted data, wherein the data may be either awaiting decryption or the result of encryption (Para. 27); wherein the data is encrypted in sequential blocks and the resulting ciphertext may be appended to the current contents of the ciphertext buffer (Para. 30), and 
storing plaintext data blocks having a sequential order in the second buffer, e.g. the plaintext buffer contains unencrypted data, wherein the data may be either awaiting encryption or the result of decryption (Para. 26) wherein the data is decrypted in sequential blocks and the resulting plaintext may be appended to the current contents of the plaintext buffer (Para. 31).
Examiner’s note:  The claim indicates to store the plaintext data blocks having a sequential order in the second buffer.  This does not limit the plaintext data blocks to be stored in the sequential order in the second buffer.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lee to include the method claim 15, further comprising storing ciphertext data blocks having a sequential order in the first buffer, and storing plaintext data blocks having a sequential order in the second buffer, as taught by Relyea, using the same motivation as in claim 15.
Also note Leiserson discloses storing data blocks in read buffer (Para. 24); randomly selecting data blocks in read buffer for cryptographic processing (Para. 25), wherein the cryptographic processing includes encrypting or decrypting the data blocks and the processed blocks are placed in the write buffer (Para. 36).

Regarding claim 20, Lee in view of Relyea in view of Leiserson in view of Deng teaches the method of claim 19, further comprising inputting at least one of the plaintext data blocks or the ciphertext data blocks to the integrated circuit, or outputting at least one of the plaintext data blocks or the ciphertext data blocks from the integrated circuit, in the sequential order, e.g. writing, by the encryptor, encrypted data to the DRAM (Fig. 9, el. 210b-240b; Lee-Para. 94); 
Also note Leiserson discloses read data—plaintext data blocks-- returned from the memory system is written into the read buffer by cryptographic processor (Leiserson-Fig. 2A, el. 260; Para. 19, 32); processed data—ciphertext data-- are stored in write buffer and written to the memory system (Leiserson-Fig. 2A, el. 260; Para. 29, 37), when the processed data is stored in the write buffer in the random location order, the data may be written to the memory system in a random access fashion such that the order of the locations of the results in memory system corresponds to the order of associated read data in memory system (Para. 30); wherein the memory system is external to the cryptographic processor (Leiserson-Fig. 1, el. 110, 160).

Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Schneider (US 2010/0124328 A1)—Schneider discloses a block cipher system that includes a plaintext buffer and a ciphertext buffer (Abstract; Fig. 1).

Rustagi et al. (US 2005/0259458 A1)—Rustagi discloses encrypting plain text from a plain text buffer and storing the encrypted data to a cipher text buffer and decrypting cipher text from the cipher text buffer and storing the plain text in the plain text buffer (Para. 35, 38).

Bar-El et al. (US 10,454,674 B1)—Bar-El discloses a system wherein an IoT device may include a Wi-Fi transceiver (Col. 20, line 44-Col. 21, line 14).  Bar-El also discloses encryption using AES ECB (Col. 10, lines 5-10).

Pedersen (US 9,832,022 B1)—Pedersen discloses a programmable integrated circuit that performs encryption of data using AES counter mode (Col. 5, lines 10-22; Col. 7, lines 47-60).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643. The examiner can normally be reached Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




08 November 2022
/Jeremy S Duffield/Primary Examiner, Art Unit 2498