12469647 (P.T.A.B. Jul. 29, 2016)

Ex Parte Miller

Patent Trial and Appeal BoardJul 29, 2016

12469647 (P.T.A.B. Jul. 29, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/469,647 0512012009 27683 7590 08/02/2016 HA YNES AND BOONE, LLP IP Section 2323 Victory A venue Suite 700 Dallas, TX 75219 FIRST NAMED INVENTOR Mark E. Miller UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 70548.21 USOl 2341 EXAMINER NAJEE-ULLAH, TARIQ S ART UNIT PAPER NUMBER 2453 NOTIFICATION DATE DELIVERY MODE 08/02/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ipdocketing@haynesboone.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MARKE. MILLER Appeal2015-000668 Application 12/469,647 Technology Center 2400 Before JUSTIN BUSCH, ADAM J. PYONIN, and AARON W. MOORE, Administrative Patent Judges. MOORE, Administrative Patent Judge. DECISION ON APPEAL Appeal2015-000668 Application 12/469,647 STATEMENT OF THE CASE Appellant1 appeals under 35 U.S.C. Â§ 134(a) from a Final Rejection of claims 1-20. We have jurisdiction under 35 U.S.C. Â§ 6(b). We affirm-in-part. THE INVENTION "The invention relates generally to encryption for storage and specifically to the use of block ciphers in modified counter mode for encrypted storage." (Spec 1.) Claim 1, reproduced below, is illustrative: 1. A encrypted storage device comprising: a memory; an encryption module; and an XOR module coupled to the memory and the encryption module; wherein the encryption module comprises: a counter function that converts a memory address and a nonce into an address based counter; and a block cipher that encrypts the address based counter into an address based pad; wherein encrypted data read from the memory at the memory address is XORed by the XOR module with the address based pad to produce unencrypted data and unencrypted data is X 0 Red by the XOR module with the address based pad to produce[] encrypted data that is stored into the memory at the memory address, and wherein the nonce comprises a one-time random number shared between an encrypting party and a decrypting party. 1 Appellant identifies Conexant Systems, Inc. as the real party in interest. (See App. Br. 2.) 2 Appeal2015-000668 Application 12/469,647 REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Sibert US 2005/0060560 Al Mar. 17, 2005 Chitkara et al. US 2006/0053112 Al Mar. 9, 2006 Agarwal US 2008/0005564 Al Jan.3,2008 Poo et al. US 8,155,308 Bl Apr. 10, 2012 THE REJECTIONS 1. Claims 1---6, 9-11, 13-15, 18, and 19 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Poo and Agarwal. (See Final Act. 3-9.) 2. Claims 7, 8, 16, and 17 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Poo, Agarwal, and Sibert. (See Final Act. 9-10.) 3. Claims 12 and 20 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Poo, Agarwal, and Chitkara. (See Final Act. 10-11.) APPELLANT'S CONTENTIONS Appellant argues that the rejections were improper for the following reasons: 1. With respect to claims 1 and 2, "Poo fails to disclose a counter function that converts a memory address and a nonce into an address based counter." (App. Br. 6, 7.) 2. With respect to claim 1, the combination does not teach "a counter function that converts a memory address and a nonce into an address 3 Appeal2015-000668 Application 12/469,647 based counter ... wherein the nonce comprises a one-time random number shared between an encrypting party and a decrypting party." (App. Br. 6-7.) 3. With respect to claims 3, 11, and 19, "[t]he Office relies on Poo as disclosing a light encryption block cipher, but the term 'light encryption block cipher' is not even used in Poo." (App. Br. 7, 8, 9.) 4. With respect to claims 4 and 13, "[t]he Office relies on Poo as disclosing a plurality of parallel block ciphers, but the term 'parallel' is not even used in Poo." (App. Br. 7, 8.) 5. With respect to claims 5 and 14, "[t]he Office relies on Poo as disclosing a confusion-diffusion cipher, but the terms 'confusion' and 'diffusion' are not even used in Poo." (App. Br. 7, 8.) 6. With respect to claim 10, "the Office does not even assert that Poo discloses 'determining an address based pad based on the memory address using the nonce,' and simply omits that limitation from its analysis at page 5 of the Final Office action." (App. Br. 7-8, emphasis omitted.) 7. With respect to claim 18, "the cited section of Poo relates to generating encrypted data, not retrieving encrypted data from memory." (App. Br. 8, emphasis omitted.) 8. With respect to claims 12 and 20, Chitkara's teaching of "[ d]iscarding a random pad is not the same as a pad that is filled with random bytes." (App. Br. 9.) 4 Appeal2015-000668 Application 12/469,647 ANALYSIS We address Appellant's arguments in the order presented. Claims 1 and 2 "a counter function that converts a memory address and a nonce into an address based counter" Appellant argues that "Poo simply does not disclose any conversion of a memory address and a nonce into an address based counter by a counter function, and the only mention of an address in Poo at 21 :42-44 is that the 'output of the counter module 802 may be concatenated with a logical block address (LBA) and an initialization value, or nonce, to form a 128-bit value."' (App. Br. 6.) The Examiner explains that "[t]he block number is a memory address because Examiner interprets the initial value or block number to be a logical block address or storage location in memory, i.e. memory address as would have been well known to one of ordinary skill in the art." (Ans. 5, citing Poo 21:42--44 ("The output of the counter module 802 may be concatenated with a logical block address (LBA) and an initialization value, or nonce, to form a 128-bit value.").) We agree with the Examiner, as we see no reason why Poo's "logical block address" would not fairly correspond to the claimed "memory address," or why the concatenated 128-bit value would not correspond to the claimed "address based counter." We do not agree with Appellant's argument that "Poo simply does not disclose any conversion of a memory address and a nonce into an address based counter by a counter function" (App. Br. 6) because the concatenation of the output of the counter module with a logical block address and nonce to form a 128-bit value is reasonably viewed as teaching the "counter function" of claim 1, which "converts a memory address and a nonce into an address based counter." 5 Appeal2015-000668 Application 12/469,647 "wherein the nonce comprises a one-time random number shared between an encrypting party and a decrypting party" Regarding the claimed "nonce," the Examiner cites the following passage of Agarwal's paragraph 39: "Nonce is a secret multi-byte value shared by encryptor and decryptor, and acts as an extension of the encryption key. At the initial step A-63, the Nonce field is filled with a 128 bit random number." (Final Act. 4.) Appellant argues that Agarwal does not teach a "one-time" nonce because "Aggarwal discloses that after the nonce used at initial step A-63, it is used again at B-64, B-65" and "[i]t is then used again at A-65, in the key exchange process of Figure 7, at step A- 81 and at step B-83." (App. Br. 6-7.) We find Appellant's argument unpersuasive because the additional uses of the nonce in the process of Agarwal' s Fig. 6 are part of the same key establishment process (i.e., still part of the "one-time" use2), and we find the text associated with Agarwal' s Fig. 8 to describe the changing of the key using new key material, a new "one-time" nonce, and a new key Id. 3 For these reasons, the rejections of claims 1 and 2 are sustained. 2 This is essentially the same as described in Appellant's Specification, where the "one-time" nonce is part of the Counter for both encryption and decryption of a given block. (See, e.g., Spec. i-fi-169-70, Fig. 9A & 9B.) 3 See Agarwal i152 ("In this regard, assuming that transmission has been successfully conducted using a given key Id (e.g., =l), modem A will generate Key Material KMA, Nonce and a new key Id (=2 in the example) at step A-81. Then, at step A-82, the KEX message, having the format illustrated in FIG. 7 and comprising Key Material KMA, key Id and Nonce, all encrypted using Master Key A, are transmitted to modem B."). 6 Appeal2015-000668 Application 12/469,647 Claims 3 and 7-9 We agree with the Examiner's observation that the Specification states "[t]he light encryption block cipher is any symmetric cipher" and finding that the "AES encryption module of Poo ... meets this description." (Ans. 6.) The rejection of claim 3 is, therefore, sustained, along with the rejections of dependent claims 7-9, for which no separate arguments are offered. Claim 4 In response to Appellant's assertion that "the term 'parallel' is not even used in Poo," the Examiner finds that "the functions of the AES encryption/decryption illustrated in at least figure 4A and 5A demonstrate operations happening in parallel." (Ans. 7.) Appellant asserts in reply that "the pipeline registers 256-1, 256-2, and 256-3 of Poo are not 'block ciphers,"' that "the pipeline registers 256-1, 256-2, and 256-3 of Poo are not a 'plurality of parallel block ciphers,"' and that Poo does not teach that "the sub blocks of the block cipher, which are 'a plurality of parallel block ciphers,' have 'a block size smaller than ... the block cipher."' (Reply Br. 2--4.) We agree with Appellant. While Figures 4A and 5A of Poo do "demonstrate operations happening in parallel" (Ans. 7) in the pipeline registers, we fail to see where the reference teaches "a plurality of parallel block ciphers having a block size smaller than the block size of the block 7 Appeal2015-000668 Application 12/469,647 cipher in the encryption module" and, therefore, on this record, 4 we do not sustain the rejection of claim 4. Claims 5 and 6 We agree with the Examiner's finding that "Poo clearly teaches an AES module (Poo, Fig. lOA, ref 702), i.e. a confusion-diffusion cipher." (Ans. 7.) As pointed out by the Examiner, the Specification states that AES is an example of a confusion-diffusion cipher." Spec. i-f 22 ("The light encryption block cipher ... could comprise a predetermined number of rounds of a confusion-diffusion cipher, such as AES") (emphasis added). The rejection of claim 5 is, therefore, sustained, along with the rejection of dependent claim 6, for which no separate arguments are offered. Claim 10 The Final Action cited Poo columns 21, lines 3 5--44 to satisfy the "retrieving previously encrypted data from the memory at the memory address" and "concurrently to retrieving, determining an address based pad based on the memory address using the nonce" limitations of claim 10. (See Final Act. 5.) Appellant argues that "[t]he block number [in the cited passage] is not previously encrypted data, and there is no concurrent determination of an address based pad based on the memory address using 4 We do not consider whether claim 4 would have been obvious in light of the "ECB" mode described in the Background of the Invention, paragraphs 5---6 of the Specification, and illustrated in Figures 2A and 2B, in which a block cipher "can be implemented with a single cipher or multiple copies of the single cipher in a parallel fashion." Although the Board has discretion to enter a new ground of rejection for issues not before us (see 37 C.F.R. Â§ 41.50(b)), no inference should be drawn when we decline to exercise that discretion. 8 Appeal2015-000668 Application 12/469,647 the nonce." (App. Br. 7-8.) We agree with Appellants that the cited material does not teach or suggest the claimed "concurrent" determination and, therefore, do not sustain the rejection of claim 10, or, for the same reason, the rejections of its dependent claims, 11-17. Claim 18 We do not sustain the rejection of claim 18, or its dependent claims 19 and 20, for essentially the same reason we declined to sustain the rejection of claim 10, namely that the cited portions of the prior do not teach or suggest the "concurrent" determination. DECISION The rejections of claims 1-3 and 5-9 are affirmed. The rejections of claims 4 and 10-20 are reversed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED-IN-PART 9