DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Zachary
 Kelton on 03/11/2021.
The application has been amended as follows: 
		1-20. (Canceled)
	21. (New)  A computing device comprising:
	a processing device; and
	a memory device including instructions that are executable by the processing device for causing the processing device to:
		receive an indication from a software application that an encrypted communication transmitted by a remote device is stored in a memory location;
		in response to receiving the indication, retrieve the encrypted communication from the memory location;
		in response to retrieving the encrypted communication, decrypt the encrypted communication using a first key to determine a decrypted version of the encrypted communication; and

use the second key to decrypt a set of encrypted data stored in a non-volatile memory device that is accessible to the computing device.
		
22. (New)   The computing device of claim 21, wherein the encrypted communication is stored in the memory location by the software application in response to the software application determining that the encrypted communication satisfies at least one criterion.

23. (New)   The computing device of claim 21, wherein the memory device further includes instructions that are executable by the processing device for causing the processing device to detect the indication by repeatedly checking for a flag in a particular memory location that is different from the memory location storing the encrypted communication.

24. (New) The computing device of claim 21, wherein the software application is a hypervisor application.

25. (New)   The computing device of claim 21, wherein the memory location is a shared memory location that is accessible to the software application and the processing device.

26. (New)   The computing device of claim 21, wherein the software application is configured to discard encrypted communications that do not satisfy at least one criterion.

27. (New)   The computing device of claim 21, wherein the memory device further comprises instructions that are executable by the processing device for causing the processing device to, subsequent to retrieving the encrypted communication:

	in response to determining that the encrypted communication was authenticated by the software application, decrypt the encrypted communication using the first key.

28. (New)    A method comprising:
receiving, by a processing device of a computing device, an indication from a software application that an encrypted communication transmitted by a remote device is stored in a memory location;
	in response to receiving the indication, retrieving, by the processing device, the encrypted communication from the memory location;
	in response to retrieving the encrypted communication, decrypting, by the processing device, the encrypted communication using a first key to determine a decrypted version of the encrypted communication; and
	extracting, by the processing device, a second key from the decrypted version of the encrypted communication, the second key being different from the first key; and 
using, by the processing device, the second key to decrypt a set of encrypted data stored in a non-volatile memory device that is accessible to the computing device.
		
29. (New)  The method of claim 28, wherein the encrypted communication is stored in the memory location by the software application in response to the software application determining that the encrypted communication satisfies at least one criterion.

30. (New)  The method of claim 28, further comprising detecting the indication by repeatedly checking the memory location for data.



32. (New)   The method of claim 28, wherein the memory location is a shared memory location that is accessible to the software application and the processing device.

33. (New)   The method of claim 28, wherein the software application is configured to discard encrypted communications that do not satisfy at least one criterion.

34. (New)   The method of claim 28, further comprising, subsequent to retrieving the encrypted communication:
	determining if the encrypted communication was authenticated by the software application; and
	in response to determining that the encrypted communication was authenticated by the software application, decrypting the encrypted communication using the first key.

35. (New)  A non-transitory computer-readable medium comprising program code that is executable by a processing device for causing the processing device to:
	receive an indication from a software application that an encrypted communication transmitted by a remote device is stored in a memory location;
	in response to receiving the indication, retrieve the encrypted communication from the memory location;
	in response to retrieving the encrypted communication, decrypt the encrypted communication using a first key to determine a decrypted version of the encrypted communication; and
	extract a second key from the decrypted version of the encrypted communication, the second key being different from the first key, and the second key being a decryption key that includes information usable to decrypt a set of encrypted 
		
36. (New)   The non-transitory computer-readable medium of claim 35, wherein the encrypted communication is stored in the memory location by the software application in response to the software application determining that the encrypted communication satisfies at least one criterion.

37. (New)   The non-transitory computer-readable medium of claim 35, wherein the software application is a hypervisor application.

38. (New) The non-transitory computer-readable medium of claim 35, wherein the memory location is a shared memory location that is accessible to the software application and the processing device.

39. (New) The non-transitory computer-readable medium of claim 35, wherein the software application is configured to discard encrypted communications that do not satisfy at least one criterion.

40. (New)  The non-transitory computer-readable medium of claim 35, further comprising program code that is executable by the processing device for causing the processing device to, subsequent to retrieving the encrypted communication:
	determine if the encrypted communication was authenticated by the software application; and
		in response to determining that the encrypted communication was authenticated by the software application, decrypt the encrypted communication using the first key.


Response to Amendment
Claims 21-40 are pending. Claims 1-20 are canceled. 
Amendments will overcome each and every 112(a) and 112(b) rejections previously set forth in the Non-Final Office Action mailed 10/14/2020.

Terminal Disclaimer
The terminal disclaimer filed on 01/07/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No. 10,505,730 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Allowable Subject Matter
Claims 21-40 are allowed. 
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: After further search and consideration, the prior art taken either alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art Carlson (US Pub No. 2015/0326547) discloses data may be protected using a combination of symmetric and asymmetric cryptography.  A symmetric key may be generated and the data may be encrypted with the symmetric key.  The symmetric key and only a portion of the symmetrically encrypted data may then be encrypted with an asymmetric public key.  The entire set of encrypted data, including the asymmetrically encrypted symmetric key, the doubly encrypted Carlson, Abstract), Kim et al. (US Pub No. 2016/0191235) discloses enabling a security mode in response to a first command received from a host; generating a security key based on a host key received from the host; storing the security key in a security key storing unit; and/or performing a first data processing operation of encrypting data received from the host and decrypting data stored in a non-volatile memory device, based on the security key, when the security mode is enabled (Kim, Abstract), Roth et al. (US Pub No. 2015/0089244) discloses upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request.  The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity.  Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key (Roth, Abstract), SENDA (US Pub No. 2011/0197066) discloses multi-functional system includes a main system, and sub-systems operated by sub-programs and the main system.  The sub-systems includes a first memory storing a first public key, and a second memory storing an encrypted sub-program and second public key, a first communication controller transmitting the first public key for encrypted communication, a decryption unit decrypting the encrypted sub-program and second public key using an encryption key, and a second controller transmitting the decrypted second public key for encrypted communication.  The main system includes a first public key, a second public key, a security device, and first and second communication controllers (SENDA, Abstract), Luthra et al. (US Pub No. 2016/0321290) discloses managing Luthra, page 1, paragraph 0003), Damgard et al. (US Patent No. 10,354,084) discloses managing confidential data in a cloud service is provided.  The system comprises a cryptographic key service comprising two or more cryptographic key servers, S.sub.i, each being arranged to compute file encryption keys, k.sub.j, on the basis of information regarding data and using one or more cryptographic keys, K.sub.j.  The cryptographic keys, K.sub.j, are secretly shared among the cryptographic key servers, S.sub.i, and none of the cryptographic key servers, S.sub.i, possesses knowledge of all of the cryptographic keys, K.sub.j, therefore a single point of trust at the cryptographic key service is avoided (Damgard, Abstract), Zhang et al. (US Pub No. 2014/0126723) discloses protecting cloud data security.  A key management center encrypts original data M sent by a first terminal using a key K, and uploads encrypted data C1 to a cloud server.  When the key management center receives a request from a second terminal for the data M, it generates encrypted data C2, which is generated by first encrypting C1 with a key Kb of the second terminal and then decrypted by the key K that was used to encrypt the original data M to generate C1.  The key management center then sends the encrypted data C2 to the second terminal.  The second terminal decrypts the encrypted data C2 using its own key Kb to obtain the original data M (Zhang, Abstract) and Lazier et al. (US Patent No. 10,608,813) discloses  encrypting long-term data using layered encryption based on difficult to obtain secrets (Lazier, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “ in response to retrieving the encrypted communication, decrypt the encrypted communication using a first key to determine a decrypted version of the encrypted communication; and extract a second key from the decrypted version of the encrypted communication, the second key being different from the first key, and use the second key to decrypt a set of encrypted data stored in a non-volatile memory device that is accessible to the computing device” (as recited in claims 21, 28 and 35), in combination with the rest of the claim limitations. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 






/SHAQUEAL D WADE/Examiner, Art Unit 2437  

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437