Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the communication filed on 10/28/2022.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/28/2022 has been entered.
 
Response to Arguments
Applicant's arguments with respect to the previous rejections, filed 10/28/2022, have been fully considered and are not persuasive.
The examiner notes, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The majority of the applicants’ arguments rely upon limitations which are not claimed.  In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Regarding the applicants’ argument a), that Le Bihan fails to teach that a decrypted result is compared to an expected result, the examiner disagrees.  The teaching of Le Bihan of determining that the response can be successfully decrypted meets this comparison step.  Le Bihan does not teach merely decrypting the response, but rather teaches verifying that the decryption was successful.  This successful determination ensures that the result was generated using the correct nonce.  This requires a comparison with an expected result.  Furthermore, this is common practice in the art of authentication.  There is no way to determine that the result was generated using the correct nonce that would not fall into the scope of “detecting if the result is not equal to an expected result.”  As such, the examiner does not find the argument persuasive.
Furthermore, this is a moot argument as the rejection is not relying upon the teachings of Le Bihan alone, but rather is relying upon the combination of Le Bihan and Le Saint
Regarding the applicants’ argument b), that Le Bihan does not teach disabling an interface, the examiner disagrees.  The argument appears to be based upon the applicants suggesting that “disabling an interface” is much more specific than would be the broadest reasonable interpretation of the claim as written.  Any amount of disabling of the interface meets this broad limitation.  As such, disallowing access to a subset of the memory through the interface meets “disabling an interface”.  The language does not require completely disabling the interface, killing the interface, breaking the interface, disconnecting the interface, etc., and the examiner has not and will not read this into the claims from the specification.  As such, the examiner does not find the argument persuasive.  The title of an application is certainly not part of the application’s claims, and obviously does not limit the scope of claim language in any way.
The examiner also notes that the claim language is pointing to “an interface”.  This can be anything including the particular leads that connect to the particular portions of memory to which access is being denied.  The claims have not set forth that this claimed interface is, for example, the interface connecting the memory to the bus, or a command/address interface
Regarding the applicants' assertion that combining the teachings of Le Saint into the system of Le Bihan would not have been obvious because it would have unnecessarily slowed down the system of Le Bihan, the examiner does not find the argument persuasive.  First, in the art of computer security, there is always a tradeoff of security vs speed.  If you want a more secure system, it is likely going to be slower.  If you want a faster system, it is likely going to be less secure.  As such, the argument is not persuasive, as the person having ordinary skill in the art wanting a more secure system will understand that this comes with a tradeoff regarding the speed of the system.  
The applicants’ assertions regarding what the inventors of the Le Bihan reference were thinking when they created their system are without any evidence and as such are not persuasive.  Further, the applicants’ assertion that Le Bihan does nothing with the decrypted result is not accurate, as Le Bihan determines whether or not the decrypted result is correct.  But this is moot as well because, again, the examiner is not relying upon the teachings of Le Bihan alone.
Regarding the applicants’ attempt to limit the term “proof of work” without actually adding language to the claims, the examiner is not persuaded.  Proof of work simply requires that a command is given and a result is received.  This inherently proves that the command (the work) was completed.  Requiring the processor to perform an HMAC, and then verifying the received result of that HMAC falls into the scope of “proof of work”.  There is not requirement in the claims regarding “the memory device can rapidly verify the result”.  Although, this language would be rejected for being unclear of scope, and likely would be met by the combination anyway.  As such, the examiner does not find the attempt convincing.  Again, the examiner will not read limitations into the claims which are not explicitly stated by the claim language.
The applicants’ argument pertaining to the instant invention being “a middle ground” between the teachings of Le Bihan and the teachings of Le Saint are not persuasive.  As discussed above, the combination as presented in the rejections meets the claim language.  The claim language appears much broader than the applicants are arguing.  
Because the examiner does not find the applicants’ arguments persuasive, the examiner has maintained the rejections below. 
The examiner suggests that the applicants amend the claims to specifically recite all the limitations which they are arguing but that are not specifically recited by the claims.  This should go a long way in advancing prosecution.
The examiner is always more than happy to schedule an interview to discuss this application, the claim language, and the prior art.  If the applicants wish to do so, please contact the examiner at 571-272-3790 to schedule such an interview.

The examiner notes the applicants’ lack of traverse of the examiner’s previous statements regarding what was well known in the art before the effective filing date of the invention.  As such, the examiner is now considering those statements to be applicant admitted prior art.  See MPEP Section 2144.03(c).
All objections and rejections not set forth below have been withdrawn.
Claims 1-20 have been examined.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Le Bihan et al. (US Patent Application Publication Number 2009/0222910) hereinafter referred to as Le Bihan, and further in view of Le Saint (US Patent Application Publication Number 2005/0138386).

Regarding claims 1, 9, and 15, Le Bihan (Le Bihan Fig. 1) disclosed a device comprising: a memory array (Le Bihan Fig. 2 for example); control logic communicatively coupled to the memory array (Le Bihan Fig. 2 for example); a one-time programmable (OTP) memory bank, the OTP storing at least one key (Le Bihan Paragraphs 0082-0084); and authentication logic the authentication logic configured to: transmit an challenge to a processing device (Le Bihan Paragraphs 0106-0117 for example), receive an encrypted response from the processing device (Le Bihan Paragraphs 0106-0117 for example), decrypt the response to obtain a decrypted result (Le Bihan Paragraphs 0106-0117 for example), detect that the decrypting failed if the decrypted result is not equal to an expected result of the challenge  (Le Bihan Paragraphs 0106-0117 for example), and disable an interface of the control logic in response to detecting that the decrypting failed (Le Bihan Paragraphs 0106-0117 for example), but Le Bihan did not explicitly teach transmitting an encrypted command to a processing device, the encrypted command comprising a proof-of-work requirement, receive a response from the processing device, the response including an encrypted result of executing the encrypted command, decrypt the response to obtain a decrypted result, or detect that the decrypting failed if the decrypted result is not equal to an expected result of the encrypted command. 
Le Saint taught an alternative method for performing a challenge-response authentication of a processing device including transmitting an encrypted command to a processing device, the encrypted command comprising a proof-of-work requirement (Le Saint Paragraphs 0058-0064, “gen_proof” command), receive a response from the processing device, the response including an encrypted result of executing the encrypted command (Le Saint Paragraphs 0058-0064), decrypt the response to obtain a decrypted result (Le Saint Paragraphs 0058-0064), and detect that the decrypting failed if the decrypted result is not equal to an expected result of the encrypted command (Le Saint Paragraphs 0058-0064 and paragraph 0018). Le Saint taught that by encrypting the commands with the proof of token key, it is ensured that the correct token has decrypted the commands prior to processing the commands.
It would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the teachings of Le Saint in the challenge-response authentication of Le Bihan by substituting the challenge-response processing authentication between the processor and the memory with the encrypted command challenge response processing of Le Saint.  It would have been prima facie obvious to substitute one method of challenge response authentication for another known method of challenge response authentication to produce a predictable result of ensuring the processor and memory are not illicit devices. 
Regarding claims 2 and 12, Le Bihan and Le Saint taught that generating the encrypted command by encrypting a plaintext command using a shared private key (Le Bihan Paragraphs 0106-0117 for example and Le Saint Paragraph 0062 for example). 
Regarding claim 3 and 16, Le Bihan and Le Saint taught that decrypting the response comprising decrypting the response using the shared private key (Le Bihan Paragraphs 0106-0117 for example and Le Saint Paragraph 0064 for example). 
Regarding claims 4, 5, 13, and 17, while Le Bihan and Le Saint taught mutual authentication between the processor and the memory, utilizing shared private keys, they did not explicitly teach the alternative of generating the encrypted command by encrypting a plaintext command using a public key, wherein the decrypting the response comprising decrypting the response using a private key corresponding to the public key. 
However, it was well, before the effective filing date of the invention, encryption can be performed directly with the public key of a device in such a manner than only the device can decrypt the encrypted data, using the private key of the device, rather than generating a shared secret key using the public key pairs of the communicating devices.  As such, it would have been obvious to the person having ordinary skill in the art before the effective filing date to utilize this well-known alternative method of public key encryption in the system of Le Bihan and Le Saint.  This would have been obvious because the person having ordinary skill in the art would have recognized this as a well-known alternative of what was taught by Le Bihan and Le Saint.  

Regarding claims 6 and 18, Le Bihan and Le Saint taught that the disabling the interface causing the memory device to ignore any instructions transmitted over the interface (Le Bihan Paragraphs 0106-0117 for example). 
Regarding claims 7 and 19, Le Bihan and Le Saint taught scrubbing one or more memory banks upon detecting a successful decryption after detecting that the decrypting failed (Le Bihan Paragraphs 0106-0117 for example – erase memory). 
Regarding claims 8 and 20, Le Bihan and Le Saint taught that detecting that the decrypting failed further comprising determining whether the response is valid or invalid (Le Bihan Paragraphs 0106-0117 for example and Le Saint paragraphs 0018 and 0064 for example). 
Regarding claim 10, Le Bihan and Le Saint taught the memory array comprising a dynamic random-access memory (DRAM) array (Le Bihan Paragraph 0002 for example – The examiner notes that the claimed DRAM is not claimed as being anything other than existing in the system). 
Regarding claim 11, Le Bihan and Le Saint taught the interface comprising a serial interface (Le Bihan Paragraph 0055). 
Regarding claim 14, Le Bihan and Le Saint taught the interface communicatively coupled to a signal generated by the authentication logic, the disabling of the interface comprising raising the signal generated by the authentication logic (Le Bihan Paragraphs 0106-0117 for example). 

Conclusion
Claims 1-20 have been rejected.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
The Handbook of Applied Cryptography discusses the general concept of challenge response authentication.  The challenger party issues a challenge to the other party.  The other party performs some for of calculation pertaining to the challenge and returns the result, in encrypted form, to the challenger party as the response.  The challenger party decrypts the response and verifies that the received result matches the expected result.  This is how challenge response generally works.  It involves a comparison of a received response with an expected response.  While they do not discuss the concept of “proof of work”, in that environment, the challenge response system still functions the same.  The challenger receives a response and compares the response with the expected response.  Authentication is achieved when they match and fails when they don’t.  
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790. The examiner can normally be reached Monday- Thursday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MATTHEW T HENNING/            Primary Examiner, Art Unit 2491