Jump to content

Patent Application 17772008 - A SECURE HARDWARE PROGRAMMABLE ARCHITECTURE - Rejection

From WikiPatents

Patent Application 17772008 - A SECURE HARDWARE PROGRAMMABLE ARCHITECTURE

Title: A SECURE HARDWARE PROGRAMMABLE ARCHITECTURE

Application Information

  • Invention Title: A SECURE HARDWARE PROGRAMMABLE ARCHITECTURE
  • Application Number: 17772008
  • Submission Date: 2025-04-09T00:00:00.000Z
  • Effective Filing Date: 2022-04-26T00:00:00.000Z
  • Filing Date: 2022-04-26T00:00:00.000Z
  • National Class: 726
  • National Sub-Class: 034000
  • Examiner Employee Number: 98512
  • Art Unit: 2437
  • Tech Center: 2400

Rejection Summary

  • 102 Rejections: 0
  • 103 Rejections: 5

Cited Patents

The following patents were cited in the rejection:

Office Action Text


    DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/25/2024 and 3/20/2025 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Response to Arguments
Applicant’s arguments, see page 6, filed 27 February 2025, with respect to objections to claim 16 have been fully considered and are persuasive.  The objection to this claim has been withdrawn.
Applicant's arguments, see page 7, filed 27 February 2025, with respect to the rejection of claims 16-20, 22, 25-28, and 30-34 under 35 USC 112(b) have been fully considered but they are not persuasive.
Regarding the argument:
“Applicant has amended claim 16 to recite "direct connections between part of a subset of the functional modules," as agreed at the interview, in order to provide clarity. Applicant respectfully submits that the rejection is now resolved and may be withdrawn.”
The referred to amendment addresses only one part of the rejection from the previous office action.  While this portion of the rejection is withdrawn, the remainder is maintained and restated in the rejection below.
Applicant’s arguments, see pages 7-8, filed 27 February 2025, with respect to the rejection of claims 16-20, 22, 25-28, and 30-34	under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of SHEKHAR (Doc ID US 20190042491 A1).

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
	As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
	Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
	Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
	Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
Claim 17:
“… the protection units provide transaction filtering.”
	Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
	If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 16-20, 22, 25-28, and 30-34 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding claim 16:
The claim recites, “… selected transaction target functional modules operably execute within a selected time interval the function for and on behalf of the hardware secure module”.  The ‘selected time interval’ referred to in this limitation is not supported by the specification.  In remarks dated 2/27/2025, applicant states that “The claims also now recite that the protection means grants exclusive access to the hardware secure module, allocating the flexible logic unit to execute the secure task in the selected time interval. … Support for these amendments may be found, as non- limiting examples, in ¶¶ [0135]-[0147] and Fig. 9 of the As-Published Specification.”  However, Figure 9 makes no reference to a time interval.  The current draft of the specification does not contain paragraph numbers by which to reference the applicant’s remarks; however, a review of the specification results in one portion that may be relevant.  Page 15 of the specification recites, 
“The usage of the FLU matrix shall be temporally split in two periodic temporal windows: 
A time window is reserved to real-time application 
A time window is reserved to HSM”
Differences in the particular language used in the claims vs the specifications aside, it is further not clear that this excerpt offers any support for the amended claim limitation.  As the claims, at separate points, refer to ‘initiating modules’ as ‘HSM’s, and ‘target modules’ as ‘FLU’s, those terms will be used here.  The claims recite ‘one or more FLUs’ executing a function ‘within a selected time interval.’  The specifications recite a single ‘FLU matrix’ with a ‘time window reserved to the HSM.’  Only with flexibility granted to mapping the claim terms to the specification can an ‘FLU matrix’ be considered equivalent to ‘one or more FLU’s.  Even then, the claims recite a selected ‘transaction target functional module’ or ‘FLU’ making use of a selected time interval, which implies that the interval applies only to the currently selected modules.  The specifications, on the other hand, refer to the entire ‘matrix’ using a single time window, and make no reference to a selected ‘transaction target functional module,’ ‘FLU,’ or ‘time interval.’  For the purposes of examination, this ‘time interval’ will be interpreted as the time during which exclusive access is granted between the selected HSM and FLU.
Additionally, claim 16 recites, “… the exclusive access granted to the hardware secure module allocates the flexible logic unit to execute the secure task in the selected time interval.”  This limitation is not supported by the specification. Throughout the specification there are numerous references to the HSM being given exclusive access to an FLU; however, there is no recitation which refers to granting of exclusive access as somehow directly allocating an FLU for a secure task.  On the contrary, the specification seems to teach that exclusive access is given for the performance of all tasks, both secure and not secure.  For the purposes of this examination, this limitation will be interpreted as equivalent to the previous recitation in the claim regarding the ability of the FLU to perform both secure and unsecure tasks.
Regarding claims 17-20, 22, 25-28, and 30-34:
They are dependent on one or more rejected claims, and thus inherit those rejections.  This rejection could be overcome by overcoming the rejection(s) to any claims upon which these claims depend, or by amending the claims such that they are no longer dependent on any rejected claim.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 16-20, 22, 25-28, and 30-34 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 16:
The claim recites, “… wherein the one or more protection units prevents … access to the one or more transaction target functional modules executing the function … via the fourth interconnect fabric …”.  First, it is unclear whether the ‘protection units’ are preventing access which is attempted via the ‘fourth interconnect fabric,’ the ‘protection units’ are accomplishing the ‘preventing’ via the ‘fourth interconnect fabric,’ or both.  Secondly, as the ‘protection units’ are previously recited as being located “between the transaction initiating functional modules and the first interconnect fabric,” it follows that the ‘protection units’ must therefore be connected to both the first and fourth ‘interconnect fabrics;’ however, there is no mention of connections between the ‘protection units’ and fourth fabric, despite an explicit mention of connections with the first fabric.  The relationship between the protection units and fourth fabric is unclear and makes the claim indefinite.
Regarding claims 16 and 18-20:
Claim 16 recites, “… functional modules comprising: one or more transaction initiating functional modules comprising one or more hardware secure modules …”.  Claim 16 goes on to recite, “… the selected transaction initiating functional module is a hardware secure module”.  The first recitation implies that all ‘transaction initiating functional modules’ are ‘HSM’s.  The second, by itself, seems merely redundant in this context; however, taken with the further reference from claim 16, “the protection means are configured to … prevent transaction initiating functional modules other than the hardware secure module from access …”, it becomes unclear whether there exists ‘transaction initiating functional modules’ which are not ‘hardware secure modules’.  If the intent is for mentions other than the first of ‘hardware secure modules’ to be taken as equivalent to the ‘selected transaction initiating functional module,’ the claims should be amended to make this clear (i.e. “… the selected transaction initiating functional module is a selected hardware secure module …”).
Claims 18, 19, and 20 contain similar language and are similarly rejected as indefinite.
Regarding claims 17, 22, 25-28, and 30-34:
These claims are dependent on one or more rejected claims, and thus inherit those claims’ rejections.  This rejection could be overcome by overcoming the rejections to the depended-on claim(s), or by amending the claims such that they are no longer dependent on a rejected claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 16, 28, and 34 are rejected under 35 U.S.C. 103 as being unpatentable over SHULER et al (Doc ID US 20170255590 A1), and further in view of ROSEN (Doc ID US 5453601 A), LE QUERE (Doc ID US 20050185790 A1), HIGGS et al (Doc ID US 20090100320 A1), and SHEKHAR (Doc ID US 20190042491 A1).
Regarding claim 16:
SHULER teaches: 
wherein each transaction target functional module is operable to execute a function for and on behalf of one of the one or more transaction initiating functional modules (Fig 1 and [0041] "… In this example, there is an initiator process from a group of processes 20 executing on a host 22. Node 12 or node 14, functioning as the initiator, submits a request for a resource to NIC 24 ... to send a message to a target process from among a group of processes 20 executing on the host 22 of a target (responder) node 16, 18. Upon receiving the work request, The NIC of the initiator node sends a packet to the NIC of the responder node to establish a connection.");
a first interconnect fabric connecting the functional modules and providing communication between the functional modules connected by the first interconnect fabric ([0031] A “switch fabric” or “fabric” refers to a network topology in in which network nodes interconnect .... The interconnections are configurable such that data is transmitted from one node to another node via designated ports."); and
the one or more selected transaction target functional modules operably execute within a selected time interval the function for and on behalf of the hardware secure module (Fig 1 and [0041] "… In this example, there is an initiator process from a group of processes 20 executing on a host 22. Node 12 or node 14, functioning as the initiator, submits a request for a resource to NIC 24 ... to send a message to a target process from among a group of processes 20 executing on the host 22 of a target (responder) node 16, 18. Upon receiving the work request, The NIC of the initiator node sends a packet to the NIC of the responder node to establish a connection." As explained in the rejection of this claim under 35 USC 112(a), this limitation is at least partially unsupported by the specification and is being interpreted as a function taking place during the previously claimed exclusive access.);
SHULER does NOT teach:
An electric arrangement, comprising: functional modules comprising: one or more transaction initiating functional modules comprising one or more hardware secure modules; and one or more transaction target functional modules,
a protection means comprising one or more protection units provided between the transaction initiating functional modules and the first interconnect fabric,
wherein the one or more protection units is operably controlled by a selected transaction initiating functional module of the one or more transaction initiating functional modules to create exclusive access of the selected transaction initiating functional module to one or more selected transaction target functional modules of the one or more transaction target functional modules and
to prevent transaction initiating functional modules other than the selected transaction initiating functional module from access to the one or more selected transaction target functional modules; and
a fourth interconnect fabric, the fourth interconnect fabric comprising direct connections between a subset of the functional modules,
wherein the one or more protection units prevents the transaction initiating functional modules other than the selected transaction initiating functional module from access to the one or more transaction target functional modules executing the function for and on behalf of the selected transaction initiating functional module via the fourth interconnect fabric,
wherein: the selected transaction initiating functional module is a hardware secure module; and
wherein the one or more selected transaction target functional modules comprises a flexible logic unit,
wherein the flexible logic unit is allocable for executing either a secure task or a non-secure task during the selected time interval; and
the protection means are configured to grant the hardware secure module exclusive access to the flexible logic unit and to prevent transaction initiating functional modules other than the hardware secure module from access to the flexible logic unit,
wherein the exclusive access granted to the hardware secure module allocates the flexible logic unit to execute the secure task in the selected time interval.
ROSEN teaches:
An electric arrangement, comprising: functional modules comprising: one or more transaction initiating functional modules comprising one or more hardware secure modules; and one or more transaction target functional modules (Col 3 line 63 to col 4 line 2 "... the functions of the money generating devices, the transaction devices, and the teller devices will be performed by a combination of tamper-proof computer hardware and application software modules that may be networked together. Information is transmitted in an encrypted form to provide security ...".  Examiner notes that "hardware secure module" is not given meaningful definition in the claims.  However, for the purposes of this examination, it is assumed that "hardware secure module" is equatable to "hardware security module," which is a commonly used apparatus in the art and is often abbreviated as "HSM."  It should be noted, however, that the broadest reasonable interpretation of "hardware secure module" potentially includes art which recites a module which is secure against hardware, such as a computing device with no external connections or ports.),
wherein: the selected transaction initiating functional module is a hardware secure module (Col 3 line 63 to col 4 line 2 "... the functions ... will be performed by a combination of tamper-proof computer hardware and application software modules ...".); and
	Defining output and input nodes in an arrangement, where input nodes perform a task directed by the output nodes, and contained within a computing fabric are known techniques in the art, as demonstrated by SHULER.
	Further, using a secure hardware module to perform sensitive operations is a known technique in the art, as demonstrated by ROSEN.
It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER with the secure hardware module arrangement of ROSEN with the motivation to create an environment in which operations performed by the fabric are secure against outside interference.  It is obvious in a system meant to produce encrypted communications to use secure hardware modules which are tamper-resistant.
The combination of SHULER and ROSEN does NOT teach:
a protection means comprising one or more protection units provided between the transaction initiating functional modules and the first interconnect fabric,
wherein the one or more protection units is operably controlled by a selected transaction initiating functional module of the one or more transaction initiating functional modules to create exclusive access of the selected transaction initiating functional module to one or more selected transaction target functional modules of the one or more transaction target functional modules and
to prevent transaction initiating functional modules other than the selected transaction initiating functional module from access to the one or more selected transaction target functional modules; and
a fourth interconnect fabric, the fourth interconnect fabric comprising direct connections between a subset of the functional modules,
wherein the one or more protection units prevents the transaction initiating functional modules other than the selected transaction initiating functional module from access to the one or more transaction target functional modules executing the function for and on behalf of the selected transaction initiating functional module via the fourth interconnect fabric,
wherein the one or more selected transaction target functional modules comprises a flexible logic unit,
wherein the flexible logic unit is allocable for executing either a secure task or a non-secure task during the selected time interval; and
the protection means are configured to grant the hardware secure module exclusive access to the flexible logic unit and to prevent transaction initiating functional modules other than the hardware secure module from access to the flexible logic unit,
wherein the exclusive access granted to the hardware secure module allocates the flexible logic unit to execute the secure task in the selected time interval.
LE QUERE teaches:
a protection means comprising one or more protection units provided between the transaction initiating functional modules and the first interconnect fabric ([0032] "... the central interconnect module includes ... arbitration submodules that prevent simultaneous access conflicts between modules ..."),
wherein the one or more protection units is operably controlled by a selected transaction initiating functional module of the one or more transaction initiating functional modules to create exclusive access of the selected transaction initiating functional module to one or more selected transaction target functional modules of the one or more transaction target functional modules ([0032] "... the central interconnect module includes ... arbitration submodules that prevent simultaneous access conflicts between modules ...") and
to prevent transaction initiating functional modules other than the selected transaction initiating functional module from access to the one or more selected transaction target functional modules ([0032] "... the central interconnect module includes ... arbitration submodules that prevent simultaneous access conflicts between modules ..."); and
wherein the one or more protection units prevents the transaction initiating functional modules other than the selected transaction initiating functional module from access to the one or more transaction target functional modules executing the function for and on behalf of the selected transaction initiating functional module via the fourth interconnect fabric (LE QUERE [0032] "... the central interconnect module includes a series of data and address multiplexers that allow the modules of the cryptographic system to access other modules of said system, arbitration submodules that prevent simultaneous access conflicts between modules ..."),
the protection means are configured to grant the hardware secure module exclusive access to the flexible logic unit and to prevent transaction initiating functional modules other than the hardware secure module from access to the flexible logic unit ([0032] "... the central interconnect module includes a series of data and address multiplexers that allow the modules of the cryptographic system to access other modules of said system, arbitration submodules that prevent simultaneous access conflicts between modules ..."),
Providing exclusive access between executing node pairs, and doing so through a protection means of an additional module are known techniques in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER and ROSEN with the exclusive access arrangement of LE QUERE with the motivation to provide a secure computing environment that does not allow concurrent access to a node by more than one other node.  It is obvious to accomplish this by using exclusive access to a node to prevent interrupted or corrupted processing caused by multiple processes manipulating the same data at the same time.
The combination of SHULER, ROSEN, and LE QUERE does NOT teach:
a fourth interconnect fabric, the fourth interconnect fabric comprising direct connections between a subset of the functional modules,
wherein the one or more selected transaction target functional modules comprises a flexible logic unit,
wherein the flexible logic unit is allocable for executing either a secure task or a non-secure task during the selected time interval; and
wherein the exclusive access granted to the hardware secure module allocates the flexible logic unit to execute the secure task in the selected time interval.
HIGGS teaches:
a fourth interconnect fabric, the fourth interconnect fabric comprising direct connections between a subset of the functional modules, ([0035] "In a Fibre Channel fabric, nodes are connected by physical point-to-point links …")
Connecting functional modules directly through a computing fabric is a known technique in the art, as demonstrated by HIGGS.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, and LE QUERE with the direct module connection fabric arrangement of HIGGS with the motivation to maintain security through direct links.  It is obvious to use direct connections in a system meant to transmit secure communications between modules in order to prevent interception of the communications between modules.
The combination of SHULER, ROSEN, LE QUERE, and HIGGS does NOT teach:
wherein the one or more selected transaction target functional modules comprises a flexible logic unit,
wherein the flexible logic unit is allocable for executing either a secure task or a non-secure task during the selected time interval; and
wherein the exclusive access granted to the hardware secure module allocates the flexible logic unit to execute the secure task in the selected time interval.
SHEKAR teaches:
wherein the one or more selected transaction target functional modules comprises a flexible logic unit ([0016] "... The integrated circuit 102 may be implemented in one or more programmable logic devices (PLD), a field programmable gate arrays (FPGA), application specific integrated circuits (ASIC), and/or a hybrid devices that include hardened circuitry and programmable fabric."),
wherein the flexible logic unit is allocable for executing either a secure task or a non-secure task during the selected time interval ([0017] "... Examples of functional modules include modules that may perform ... encryption operations, decryption operations, mathematical transformations ..., filtering, and/or combination of the multiple operations."); and
wherein the exclusive access granted to the hardware secure module allocates the flexible logic unit to execute the secure task in the selected time interval ([0017] "... Examples of functional modules include modules that may perform ... encryption operations, decryption operations, mathematical transformations ..., filtering, and/or combination of the multiple operations."  As explained in the rejection of this claim under 35 USC 112(a), this limitation is not supported by the specification and is being interpreted as equivalent to other limitations mapped to this prior art.).
Utilizing a flexible logic unit (FLU) as a functional module to perform directed tasks is a known technique in the art, as demonstrated by SHEKAR.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, and HIGGS with the FLU of SHEKAR with the motivation to have a flexible means of execution for switching between unsecure and secure tasks.  It is obvious when maximizing flexibility to incorporate an FLU such as an FPGA to perform various tasks.
Regarding claim 28:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKAR teaches:
The electric arrangement of claim 16, wherein one or more of the functional modules is a peripheral hardware unit that is optionally dedicated to mathematical accelerator functions (SHEKHAR [0017] "... functional modules may refer to logic blocks or logic functions that may be used to perform data operations. Examples of functional modules include modules that may perform ... encryption operations, decryption operations, mathematical transformations ...").
Using modules configured for mathematical operations in a computing fabric is a known technique in the art, as demonstrated by SHEKHAR.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKAR with the mathematical operations arrangement of SHEKHAR with the motivation to provide the capability to perform complicated mathematical  operations.  It is obvious to do this in a system intended to perform cryptographic operations which by their nature require complex mathematical operations.
Regarding claim 34:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKAR teaches:
The electric arrangement of claim 16, wherein the one or more protection units are provided between the transaction target functional modules and the first interconnect fabric (LE QUERE [0032] "... the central interconnect module includes ... arbitration submodules that prevent simultaneous access conflicts between modules ...").
Providing exclusive access between executing node pairs, and doing so through a protection means of an additional module are known techniques in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKAR with the exclusive access arrangement of LE QUERE with the motivation to provide a secure computing environment that does not allow concurrent access to a node by more than one other node.  It is obvious to accomplish this by using exclusive access to a node to prevent interrupted or corrupted processing caused by multiple processes manipulating the same data at the same time.

Claims 17, 25, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over SHULER et al (Doc ID US 20170255590 A1), ROSEN (Doc ID US 5453601 A), LE QUERE (Doc ID US 20050185790 A1), HIGGS et al (Doc ID US 20090100320 A1), and SHEKHAR (Doc ID US 20190042491 A1) as applied to claim 16 above, and further in view of HERBECK et al (Doc ID US 20160055110 A1).
Regarding claim 17:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR teaches:
The electric arrangement of claim 16, 
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR does NOT teach:
wherein the protection units provide transaction filtering.
HERBECK teaches this limitation:
[0024] "... each of the functional circuit blocks 12 includes a transaction filter 20. ... When a functional circuit block 12 generates a transaction ... to be transmitted to another destination in IC 10, the transaction may first be received by its corresponding transaction filter 20."
Filtering transactions between modules through an additional module is a known technique in the art, as demonstrated by HERBECK.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR with the transaction filtering arrangement of HERBECK with the motivation to prevent unwanted transactions from reaching target modules.  It is obvious to provide filtering in a system with limited resources in order to ensure tasks are performed by the most ideal node, and to prevent any one node from being overloaded with tasks.
Regarding claim 25:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR teaches:
The electric arrangement of claim 16, wherein access for transaction initiating functional modules to one of the one or more transaction target functional modules is partly arranged via a system bus (LE QUERE [0062] "… A first interface (52) linked to the central interconnect module (2) is used for movements of data, commands and keys. The interface signals from the internal bus of the interconnect module") and
Partially managing access between modules via a system bus is a known technique in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR with the system bus communication method of LE QUERE with the motivation to utilize one of the primary communication methods available in a computing system for communication between various internal components.  It is obvious to use the system bus in this fashion as it is a standard method of communication.
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR does NOT teach:
an access unit to filter the access based on transaction action characteristics.
HERBECK teaches this limitation:
[0024] "... each of the functional circuit blocks 12 includes a transaction filter 20. ... When a functional circuit block 12 generates a transaction ... to be transmitted to another destination in IC 10, the transaction may first be received by its corresponding transaction filter 20."
Filtering transactions between modules through an additional module is a known technique in the art, as demonstrated by HERBECK.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR with the transaction filtering arrangement of HERBECK with the motivation to prevent unwanted transactions from reaching target modules.  It is obvious to provide filtering in a system with limited resources in order to ensure tasks are performed by the most ideal node, and to prevent any one node from being overloaded with tasks.
Regarding claim 26:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and HERBECK teaches:
The electric arrangement as in claim 25, wherein the access unit acts as the protection units (HERBECK [0024] "... the transaction filters 20 need not be implemented within their respective functional circuit blocks 12, although they may still be associated with the same. When a functional circuit block 12 generates a transaction ..., the transaction may first be received by its corresponding transaction filter 20. The transaction filter 20 may in turn determine if the destination is currently available .... If the intended destination is active, transaction filter 20 may forward the transaction thereto.").
Utilizing an access node to protect access to a node is a known technique in the art, as demonstrated by HERBECK.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and HERBECK with the access unit of HERBECK with the motivation to protect a node from simultaneous or unauthorized access.  It is obvious to use an already existing node which manages node access to prevent unwanted access to the node.

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over SHULER et al (Doc ID US 20170255590 A1), ROSEN (Doc ID US 5453601 A), LE QUERE (Doc ID US 20050185790 A1), HIGGS et al (Doc ID US 20090100320 A1), and SHEKHAR (Doc ID US 20190042491 A1) as applied to claim 16 above, and further in view of LONG et al (Doc ID US 20120124183 A1).
Regarding claim 18:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR teaches:
The electric arrangement of claim 16, 
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR does NOT teach:
wherein transaction initiating functional modules other than the hardware secure module are configured to access the one or more selected transaction targeting functional modules via the first interconnect fabric based on a service request sent to and approved by the hardware secure module.
LONG teaches this limitation:
[0043] "Transfer requesting instructions 325 may send a request to transfer exclusive access to another user, such as a user of second client computing device 340, by transmitting a request to remote server 350."
Releasing exclusive access of a resource after a request by a new node requiring access is a known technique in the art, as demonstrated by LONG.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR with the exclusive access release request arrangement of LONG with the motivation to ensure all nodes requiring tasks to be completed are given the opportunity to request access to a node to complete their tasks.  It is obvious to do this with a request in a distributed system so that the requesting node does not have to first check a registry to know whether a desired node is free.

Claims 19, 20, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over SHULER et al (Doc ID US 20170255590 A1), ROSEN (Doc ID US 5453601 A), LE QUERE (Doc ID US 20050185790 A1), HIGGS et al (Doc ID US 20090100320 A1), and SHEKHAR (Doc ID US 20190042491 A1) as applied to claim 16 above, and further in view of BALASUBRAMANIAN et al (Doc ID US 20040085908 A1).
Regarding claim 19:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR teaches:
The electric arrangement of claim 16, 
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR does NOT teach:
wherein: the one or more protection units are further connected by a second interconnect fabric for configuring the one or more protection units,
one or more further protection units are provided between the first interconnect fabric and the second interconnect fabric; and
the configuring of the further protection units is controlled by the hardware secure module.
BALASUBRAMANIAN teaches:
wherein: the one or more protection units are further connected by a second interconnect fabric for configuring the one or more protection units (Claim 12 "... a plurality of nodes ..., each node including two communications ports ... for requesting control of a shared resource, one of the communication ports connected to a first fabric and the other of the communications connected to a second fabric for each node ..."),
one or more further protection units are provided between the first interconnect fabric and the second interconnect fabric (Claim 12 "A device for use with a plurality of nodes ..., the device comprising: a plurality of communications ports for coupling to the nodes, ... storing programs ..., wherein said stored programs include a program for controlling lock status and a program to compare lock status for the first and second fabrics ..."); and
the configuring of the further protection units is controlled by the hardware secure module (Claim 12 "A device for use with a plurality of nodes ..., the device comprising: ... a processor; ... storing programs executed by said processor; ... said processor executing said lock status stored programs to process lock messages from the nodes.").
Connecting a second set of nodes through a second computing fabric, connecting two fabrics with nodes, and configuring the nodes from within the fabric are known techniques in the art, as demonstrated by BALASUBRAMANIAN.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR with the multiple fabric connection arrangement of BALASUBRAMANIAN with the motivation to keep the protection nodes on a different fabric than the primary functional modules.  It is obvious to prevent congestion in the first fabric by connecting the protection nodes separately, as well as to increase the efficiency of the system by ensuring communication between nodes controlling exclusive access is not hindered.
Regarding claim 20:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and BALASUBRAMANIAN teaches:
The electric arrangement of claim 19, further comprising a third interconnect fabric for exchanging task specific trigger signals between functional modules, the third interconnect fabric comprising a trigger router module that is able to route an input trigger to any output trigger (BALASUBRAMANIAN [0046] "... the various data messages, which are transferred between the nodes .... These data messages are addressed to the appropriate node and are transferred through the switches forming the fabric as appropriate."),
the trigger router module being adapted to prevent the transaction initiating functional modules other than the hardware secure module from access to the trigger router module via the third interconnect fabric (BALASUBRAMANIAN [0043] A local cluster control switch 302B is shown in FIG. 4B. The local switch 302B is very similar to the principal switch 302A, except that the local switch 302B includes ... a local lock manager 308B .... the local versions of the modules only act as interfaces between the nodes and the principal switch 302A, storing ... local copies of lock status for nodes connected to the local switch. The ... lock manager module 308A performs the primary or fabric-wide lock function ...").
Using a computing fabric to communicate specific messages and block specific access is a known technique in the art, as demonstrated by BALASUBRAMANIAN.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and BALASUBRAMANIAN with the multiple fabric connection arrangement of BALASUBRAMANIAN with the motivation to route specific communications efficiently.  It is obvious to use an additional specialized fabric to route only the signals which initiate actions by the nodes.
Regarding claim 22:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and BALASUBRAMANIAN teaches:
The electric arrangement of claim 20, wherein the trigger router module is configurable via the second interconnect fabric (SHULER [0031] "A ... “fabric” refers to a network topology in in which network nodes interconnect via one or more network switches.... The interconnections are configurable such that data is transmitted from one node to another ...").

Claims 27, and 30-33 are rejected under 35 U.S.C. 103 as being unpatentable over SHULER et al (Doc ID US 20170255590 A1), ROSEN (Doc ID US 5453601 A), LE QUERE (Doc ID US 20050185790 A1), HIGGS et al (Doc ID US 20090100320 A1), and SHEKHAR (Doc ID US 20190042491 A1) as applied to claim 16 above, and further in view of FRANKEL et al (Doc ID US 20200236064 A1).
Regarding claim 27:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR teaches:
The electric arrangement of claim 16,
The combination of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR does NOT teach:
wherein one or more of the functional modules is a hardware programmable unit, the hardware programmable unit being a programmable logic matrix adapted for sequentially executing at least two tasks and/or
comprising a plurality of flexible logic unit arrangements arranged side-by-side and adapted for being either physically connected or isolated.
FRANKEL teaches:
comprising a plurality of flexible logic unit arrangements arranged side-by-side and adapted for being either physically connected or isolated ([0021] "The virtual fabric includes a flat interconnect architecture .... Each FPGA is a node in the network of the virtual fabric …").
Using a series of flexible logic units such as a field-programmable gate arrays as nodes in a computing fabric is a known technique in the art, as demonstrated by FRANKEL.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, and SHEKHAR with the FPGA arrangement of FRANKEL with the motivation to have a computing fabric which is modular and reprogrammable.  It is obvious to use a structure such as FPGAs to ensure that the nodes of the fabric can be reconfigured as needed.
Regarding claim 30:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL teaches:
The electric arrangement of claim 27, wherein: one or more of the functional modules is a peripheral hardware unit that is optionally dedicated to mathematical accelerator functions (SHEKHAR [0017] "... functional modules may refer to logic blocks or logic functions that may be used to perform data operations. Examples of functional modules include modules that may perform ... encryption operations, decryption operations, mathematical transformations ..."); and
Using modules configured for mathematical operations in a computing fabric is a known technique in the art, as demonstrated by SHEKHAR.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL with the mathematical operations arrangement of SHEKHAR with the motivation to provide the capability to perform complicated mathematical  operations.  It is obvious to do this in a system intended to perform cryptographic operations which by their nature require complex mathematical operations.
the electric arrangement is a heterogeneous hardware system (LE QUERE [0061] "The modules ... are of different types .... the system (1) comprises a central interconnect module (2), memory modules (3, 3', 3"), external interface modules (4, 4', 4"), algorithm modules (5, 5', 5") and a control unit (6) comprising a sequencer module (7), an administration module (8), an alarm module (9) and a protocol module (10).").
Utilizing a variety of different hardware is a known technique in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL with the heterogeneous hardware of LE QUERE with the motivation to utilize the strengths of a variety of different hardware systems.  It is obvious to use a heterogeneous hardware system when multiple operations are required, any one of which may be best performed by specific types of hardware.
Regarding claim 31:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL teaches:
The electric arrangement of claim 27, wherein the electric arrangement is a heterogeneous hardware system (LE QUERE [0061] "The modules ... are of different types .... the system (1) comprises a central interconnect module (2), memory modules (3, 3', 3"), external interface modules (4, 4', 4"), algorithm modules (5, 5', 5") and a control unit (6) comprising a sequencer module (7), an administration module (8), an alarm module (9) and a protocol module (10).").
Utilizing a variety of different hardware is a known technique in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL with the heterogeneous hardware of LE QUERE with the motivation to utilize the strengths of a variety of different hardware systems.  It is obvious to use a heterogeneous hardware system when multiple operations are required, any one of which may be best performed by specific types of hardware.
Regarding claim 32:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL teaches:
The electric arrangement of claim 27, wherein: one or more of the functional modules is a peripheral hardware unit that is optionally dedicated to electric control unit hardware functions or mathematical accelerator functions (SHEKHAR [0017] "... functional modules may refer to logic blocks or logic functions that may be used to perform data operations. Examples of functional modules include modules that may perform ... encryption operations, decryption operations, mathematical transformations ..."); and
Using modules configured for mathematical operations in a computing fabric is a known technique in the art, as demonstrated by SHEKHAR.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL with the mathematical operations arrangement of SHEKHAR with the motivation to provide the capability to perform complicated mathematical  operations.  It is obvious to do this in a system intended to perform cryptographic operations which by their nature require complex mathematical operations.
the electric arrangement is a heterogeneous hardware system (LE QUERE [0061] "The modules ... are of different types .... the system (1) comprises a central interconnect module (2), memory modules (3, 3', 3"), external interface modules (4, 4', 4"), algorithm modules (5, 5', 5") and a control unit (6) comprising a sequencer module (7), an administration module (8), an alarm module (9) and a protocol module (10).").
Utilizing a variety of different hardware is a known technique in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL with the heterogeneous hardware of LE QUERE with the motivation to utilize the strengths of a variety of different hardware systems.  It is obvious to use a heterogeneous hardware system when multiple operations are required, any one of which may be best performed by specific types of hardware.
Regarding claim 33:
The combination of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL teaches:
The electric arrangement of claim 27, wherein at least one of the programmable logic matrices is configured at least in part for execution of a cryptographic algorithm (LE QUERE [0062] "… The heart submodule (Sa) allows the implementation of an encryption or decryption or authentication algorithm.").
Including cryptographic functions to a computing fabric is a known technique in the art, as demonstrated by LE QUERE.  It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to combine the computing fabric arrangement of SHULER, ROSEN, LE QUERE, HIGGS, SHEKHAR, and FRANKEL with the cryptographic capability of LE QUERE with the motivation to utilize a cryptographic algorithm to allow the nodes to send encrypted messages.  It is obvious for a system already using HSMs to also send messages which are encrypted.

Conclusion 
	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
NICOL (US 20190057060 A1) recites a similar system of interconnected computing fabrics.  However, it lacks the nodal control points between each fabric, instead opting to spread the connections between fabrics across many points.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON BINCZAK whose telephone number is (703)756-4528. The examiner can normally be reached M-F 0800-1700.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BB/Examiner, Art Unit 2437


/ALEXANDER LAGOR/Supervisory Patent Examiner, Art Unit 2437


Retrieved from "https://wikipatents.org/index.php?title=Patent_Application_17772008_-_A_SECURE_HARDWARE_PROGRAMMABLE_ARCHITECTURE_-_Rejection&oldid=507544"

(Ad) Transform your business with AI in minutes, not months

✓
Custom AI strategy tailored to your specific industry needs
✓
Step-by-step implementation with measurable ROI
✓
5-minute setup that requires zero technical skills
Get your AI playbook

Trusted by 1,000+ companies worldwide

Cookies help us deliver our services. By using our services, you agree to our use of cookies.