DETAILED ACTION
	This Office Action is in response to the Amendment filed on 01/05/2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 01/05/2021 have been fully considered but are moot in view of the new rejections and/or interpretation of the reference below.
	In addition, to clarify the Examiner’s position, Applicant’s argument is addressed below:
	Regarding claims 1, 10 and 14, Applicant argues that Case does not disclose a cryptography engine forming a component of the memory resource.
	In response, Examiner respectfully disagrees, and submits that in the Non-Final rejection dated 10/13/2020, memory 130 of Case was given as one example, NOT the only example that is said to be equivalent to the recited memory resource. Case discloses having many different memories, i.e.: RAM, SRAM, DRM, OCRAM and etc. (at least [0015][0019].) All these memories collectively are equivalent to the recited “memory resource.”  As also discloses in Case, the inline encryption engine (IEE) is included in the system-on-a-chip ([0017]), so, the IEE clearly resides in one of the memories of the SOC, therefore the IEE is a component of the memory resource. As 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-2, 4-5, 8-12, 14 and 16-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Case et al. (US 2016/0364343 A1-hereinafter Case.)
Regarding claim 1, Case discloses a system comprising: 
a processing resource (figure 1, i.e.: core 102); 
a memory resource ([0016][0019], i.e.: storage/memory space in system-on-a-chip (SOC) ); and 
a cryptography engine forming a component of the memory resource (figure 1, [0015][0017][0019], inline-encryption engine (IEE) is included in the SOC, thus resides in the storage/memory space of the SOC, and therefore is a component of the memory resource) and arranged in-line with the memory resource and the processing resource (figure 1, at least elements 110, 112 & 114, [0017], inline encryption engine (IEE) and fabrics 110 & 114 collectively interpreted as corresponding to the recited cryptography engine), the cryptography engine to:
(at least figures 1, 3 & 9; [0016][0024][0026][0044][0083], i.e.: a cryptographic context information is obtained in response to receiving a read/write instruction);
when the indication indicates that the instruction corresponds to a sensitive data operation (at least figures 3 & 9, [0044], when address matches an address in encrypted data region): 
determine that the cryptography engine is to perform a cryptographic operation on the data for the memory resource access (figure 3 & 9, at least [0044] [0048], i.e.: IEE & fabric 114 determines that the IEE is to perform a cryptographic operation); and 
in response to the determination, perform the cryptographic operation on the data (at least figures 3 & 9, [0044][0084]-[0087], i.e.: when it’s determined that the IEE is to perform a cryptographic operation (because data access requested is in an encrypted region),  IEE encrypts/decrypts the data.) 

Regarding claim 2, Case discloses the system of claim 1, wherein the cryptography engine is to determine whether to perform the cryptographic operation on the data prior to the access of the data the processing resource (at least figures 3 & 9, a cryptographic operation is performed on data before access is given to requesting resource.)

Regarding claim 4, Case discloses the system of claim 1. Case also discloses wherein the cryptography engine to: 
for a first read access of the memory resource by the processing resource: 
decrypt data read from the memory resource, send the decrypted data to the processing resource (figure 9, at least steps 922-932; [0087], when data request is in encrypted memory region, data is decrypted before sending to requesting resource); 
for a second read access of the memory resource by the processing resource, 
send the data to the processing resource without decrypting the data (figure 9, at least steps 908, 934-942, when data request is in unencrypted memory region, retrieve and send data to requesting resource without decrypting the data.)

Regarding claim 5, Case discloses the system of claim 1. Case also discloses the access comprises a write access, and wherein to perform the cryptographic operation on the data during write operation the cryptography engine to, encrypt data during the write access of the memory resource by the processing resource (figures 3 & 9; data is encrypted.)

Regarding claim 8, Case discloses the system of claim 1. Case also discloses the cryptography engine to: 
for a first write access of the memory resource by the processing resource: 
(figure 9, at least steps 914-926, [0085]-[0087], when a request to write data in an encrypted memory region is received, encrypt the data and stored encrypted data in the encrypted memory region.)
for a second write access of the memory resource by the processing resource, write data sent from the processing resource to the memory resource without encrypting the data (figure 9, a least steps 904-938, [0088], when a request to write data in an unencrypted memory region is received, stored data without encrypting.)

Regarding claim 9, Case discloses the system of claim 1. Case also discloses a memory management unit connected between the processing resource and the cryptography engine (figure 1, i.e.: memory region controllers (MRCs).) 

Regarding claim 10, Case discloses a method for a system that comprises a processing resource, a memory resource, and a cryptography engine forming a component of the memory resource (figure 1, [0015][0017][0019], inline-encryption engine (IEE) is included in the SOC, thus resides in the storage/memory space of the SOC, and therefore is a component of the memory resource)  arranged in-line with the processing resource and the memory resource (figure 1, at least elements 102, 104, 112, 126, and 130, core, memory and inline encryption engine), the method comprising: 
during a read access of the memory resource by the processing resource:
(at least [0016][0044], in response to receive a read request), determining based on an indication in the kernel of an operating system of the system, whether the read access corresponds to a sensitive data operation (figure 3 & 9, at least [0016][0044][0048][0083][0085]-[0087], i.e.: based on context information in the core, a determination is made whether a read request corresponds to an encrypted memory region); and 
when the determination is affirmative, decrypting data read from the memory resource with the cryptography engine during execution of the process instruction (figure 9; [0085]-[0087], if data is stored in encrypted memory region, decrypt data); and 
sending the decrypted data to the processing resource (at least [0087], decrypted data is transferred/sent to the requesting resource);
during a write access of the memory resource by the processing resource; 
in response to receiving the write access at the memory resource, determining, based on an indication in the kernel of an operating system of the system, whether the write access corresponds to a sensitive data operation (figures 3 & 9, at least [0044] [0048][0083]-[0087], i.e.: based on context information, a determination is made whether a write request corresponds to an encrypted memory region),  and 
when the determination is affirmative, encrypting data sent from the processing resource to the memory resource with the cryptography engine (figure 9; [0085]-[0087], if data is to be stored in an encrypted memory region, encrypt data.) 

Claim 11 is rejected for the same rationale as claim 4 above.
Claim 12 is rejected for the same rationale as claim 8 above.

Regarding claim 14, Case discloses a non-transitory machine-readable storage medium comprising instructions executable by a cryptography engine forming a component of a memory resource (figure 1, [0015][0017][0019], inline-encryption engine (IEE) is included in the SOC, thus resides in the storage/memory space of the SOC, and therefore is a component of the memory resource) to cause the cryptography engine to: 
In response to receiving a read access at the memory resource from a processing resource (at least [0016][0044], in response to receive a read request): 
determine whether to decrypt data read from the memory resource prior to sending the read data to the processing resource based on an indication in a kernel of an operating system that the read access corresponds to a sensitive data operation (at least figures 1, 3 & 9, [0016][0044][0083][0085]-[0087], i.e.: based on context information, a determination is made whether a read request corresponds to an encrypted memory region); 
in response to determining to decrypt the read data, decrypt the read data and send the decrypted data from the cryptography engine to the processing resource (figures 5 & 9; [0087], when data for read request is determined to be in encrypted memory region, decrypt data, and decrypted data is sent to requesting resource (core)); 
in response to determining to not decrypt the read data, send the read data to the processing resource (figure 9; [0088], unencrypted data is sent to requesting resource (core)); and 
in response to receiving a write access at the memory resource from the processing resource (at least [0016][0044], in response to receive a write request): 
determine whether to encrypt data sent from the processing resource prior to writing the data to the memory resource based on indication in a kernel of an operating system that the write access corresponds to a sensitive data operation (figure 9, [0087]-[0088], determine if data is be stored in encrypted or unencrypted memory region); 
in response to determining to encrypt the data prior to writing the data, encrypt the data and write the encrypted data to the memory resource (figure 9, [0085]-[0087], encrypt data and store data in encrypted memory region); 
in response to determining to not encrypt the data prior to writing the data, write the data to the memory resource (figure 9, [0087]-[0088], if memory region to be stored is unencrypted, then data does not need to be encrypted.) 

Regarding claim 16, Case discloses the system of claim 1.  Case also discloses the access comprises a read access, and wherein to perform the cryptographic operation on the data during the read access, the cryptographic engine is to decrypt the (figure 9, [0085]-[0087], decrypt data for a read request.)

Regarding claim 17, Case discloses the system of claim 1. Cases also discloses  wherein, to obtain the indication, the cryptography engine is to determine whether a virtual address associated with the memory resource access corresponds to sensitive data (at least figures 7 & 9; [0084]-[0085], virtual address is translated to physical address, physical address is determined whether it is in encrypted (sensitive data) region.)

	Regarding claim 18, Case discloses the system of claim 17. Case also discloses  when the memory resource access comprises a read access, to perform the cryptographic operation, the cryptography engine is to: translate the virtual address to a physical address to obtain the data (at least figure 9, virtual address is translated to physical address, and data is retrieved); decrypt the data (at least figure 9, step 930, data is decrypted); and send the decrypted data to the processing resource (at least figure 9, step 932, decrypted data transferred/sent to requesting resource.)

Regarding claim 19, Case discloses the system of claim 17. Case also discloses  when the memory resource access comprises a write access, to perform the cryptographic operation, the cryptography engine is to: encrypt the data (figure 9, at least step 916, data is encrypted); translate the virtual address to a physical address (figure 9, at least step 906, virtual address is translated to physical address); and (figure 9, at least step 926, encrypted data is written/stored in translated memory region.)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317.  The examiner can normally be reached on Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHY ANH T VU/          Primary Examiner, Art Unit 2438