DETAILED ACTION
   	This Office Action is in response to the examiner amendments based on an interview on 10/28/2021 in which claims 21-40 are presented for examination on the merits. Claims 1-20 have cancelled and claims 21-40 are new. Claims 21-40, now re-numbered as claims 1-20 are pending
Notice of Pre-AIA  or AIA  Status
 	The present application is being examined under the first inventor to file provisions of the AIA .
Terminal Disclaimer
The terminal disclaimer filed on 09/22/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of Patent No. US 10,078,749 B2, Patent No. US 9,747,435 B2, and Patent No. US 10,713,351 B2 have been reviewed and is accepted. The terminal disclaimer has been recorded.
Information Disclosure Statement

 	The information disclosure statement (IDS) submitted on 07/13/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
The drawings filed on 07/13/2020 are accepted by the examiner.
Priority
 	The application is filed on 07/13/2020 and CON of applications 16/133,625, 15/678,502, and 14/696,581 which claims a priority date of 04/27/2015. 

EXAMINER’S AMENDMENT
1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
     	Authorization for this examiner's amendment was given in a telephone interview with applicant’s representative Scott Pape on October 28, 2021. The examiner-initiated interview summary (PTO 413B) is attached herein.
		Remarks
2.	The instant application is a continuation of applications 16/133,625, 15/678,502, and 14/696,581. In order to advance the prosecution, the Examiner initiated an interview with applicant’s representative Scott Pape. Accordingly, a terminal disclaimer has been filed and a proposed amendments have been presented. In view of the Examiner’s amendments and upon further consideration, the application is placed in condition for allowance and claims 21-40 are allowed over the prior art of record.  			
Amendment to the Claims

3.	CLAIMS:
	Please amend the claims below as follows:
1-20.	(Cancelled)

21.	(New) An apparatus comprising:
	a peripheral circuit that includes:

		a security circuit configured to:
			extract the policy value from the data packet; 
			determine that the policy value includes an indication of a number of bits in the particular cryptographic keyword;
			extract the indicated number of bits from a bit field in the data packet that includes the particular cryptographic keyword; and
			use the policy value to determine whether the particular cryptographic keyword is valid for use by the peripheral circuit.

22.	(New) The apparatus of claim 21, wherein the security circuit is further configured to:
	determine that the policy value indicates that the data packet includes a different cryptographic keyword; and
	extract an indicated number of bits from the bit field in the data packet that includes the different cryptographic keyword, wherein the particular cryptographic keyword and the different cryptographic keyword are included in different bits of the bit field.

23.	(New) The apparatus of claim 22, wherein the security circuit is further configured to, using the policy value:
	restrict the particular cryptographic keyword for use with encrypting data; and 
	restrict the different cryptographic keyword for use with decrypting data.

24.	(New) The apparatus of claim 21, wherein the security circuit is further configured to, using the policy value, descramble the particular cryptographic keyword.

25.	(New) The apparatus of claim 21, wherein the security circuit is further configured to:

	discard the particular cryptographic keyword in response to a determination that the particular cryptographic keyword is on the updated revocation list.

26.	(New) The apparatus of claim 21, wherein the security circuit is further configured, in response to the interface control circuit receiving the data packet, to:
	authenticate the data packet prior to extracting the policy value; and
	extract the policy value in response to a successful authentication of the data packet.

27.	(New) The apparatus of claim 21, wherein the security circuit is further configured, in response to extracting the policy value, to use the policy value to determine one or more additional operations required to unwrap the particular cryptographic keyword from the data packet.

28.	(New) An apparatus comprising:
	a peripheral circuit including:
		an interface control circuit configured to receive a data packet including a first cryptographic keyword, a second cryptographic keyword, and a policy value, wherein the policy value includes one or more data bits indicative of one or more policies that define allowable usage of the first and second cryptographic keywords; and
		a security circuit configured to:
			extract the first and second cryptographic keywords and the policy value from the data packet; 
			based on the policy value, combine the first cryptographic keyword with the second cryptographic keyword to generate a third cryptographic keyword; and
			use the policy value to determine whether the particular cryptographic keyword is valid for use by the peripheral circuit.



30.	(New) The apparatus of claim 28, wherein the security circuit is further configured to:
	using the policy value, determine an expiration date and time of day for the first and second cryptographic keywords; and 
	discard the first and second cryptographic keywords in response to a determination that the expiration date and the time of day have been reached.

31.	(New) The apparatus of claim 28, wherein the policy value includes an indication of a number of bits included in the first and second cryptographic keywords.

32.	(New) The apparatus of claim 28, wherein the security circuit is further configured, in response to the interface control circuit receiving the data packet, to:
	authenticate the data packet prior to extracting the first and second cryptographic keywords; and
	extract the first and second cryptographic keywords and the policy value in response to a successful authentication of the data packet.

33.	(New) The apparatus of claim 28, wherein the security circuit is further configured, in response to extracting the policy value, to use the policy value to determine one or more additional operations required to unwrap the first and second cryptographic keywords from the data packet.



	a peripheral circuit that includes:
		an interface control circuit configured to receive a data packet including a particular cryptographic keyword and a policy value, wherein the policy value includes one or more data bits indicative of one or more policies that define allowable usage of the particular cryptographic keyword; and
		a security circuit configured to:
			extract the particular cryptographic keyword and the policy value 
from the data packet; 
			use the policy value to determine if the particular cryptographic 
keyword is valid for use by the peripheral circuit; and
			limit usage of the particular cryptographic keyword to encrypting data in response to a determination that the policy value restricts the particular cryptographic keyword to encryption usage.

35.	(New) The apparatus of claim 34, wherein the security circuit is further configured to determine that the data packet includes a different cryptographic keyword.

36. 	(New) The apparatus of claim 35, wherein the security circuit is further configured to limit usage of the different cryptographic keyword to decrypting data in response to a determination that the policy value restricts the different cryptographic keyword to decryption usage.

37.	(New) The apparatus of claim 34, wherein to limit usage of the particular cryptographic keyword to encrypting data, the security circuit is further configured to limit usage of the particular cryptographic keyword to use with a particular encryption algorithm indicated by the policy value.

38.	(New) The apparatus of claim 34, wherein the security circuit is further configured, in response to the interface control circuit receiving the data packet, to:
	authenticate the data packet prior to extracting the particular cryptographic keyword; and


39. 	(New) The apparatus of claim 38, wherein to authenticate the data packet, the security circuit is configured to:
	perform a hashing function on one or more of bit fields of the data packet to generate a hash value; and
	compare the generated hash value to a received hash value included in the data packet.

40.	(New) The apparatus of claim 34, wherein the security circuit is further configured, in response to extracting the particular cryptographic keyword and the policy value, to use the policy value to determine one or more additional operations required to unwrap the particular cryptographic keyword from the data packet.

				Allowable Subject Matter
4.	  Claims 21-40 are allowed over prior art of record.
				Allowable Subject Matter 
5. 	The following is an examiner’s statement of reasons for allowance:
 	 Independent claims 21, 28, and 34 are allowed and the corresponding dependent claims depend upon one of the above-mentioned allowed claims and are therefore allowed by virtue of their dependencies. 
 	Zheng et al. (US 20160154744 A1, prior art on the record) discloses a media processing device that includes a onetime programmable (OTP) memory to store a first set of cryptographic keys and rule set for the first set of cryptographic keys, a key store memory, and a rule set memory. The media processing device further includes an arbitration module to provision: a first segment of the key store memory to store cryptographic keys from the one-time programmable (OTP) memory; a first segment of 
 	Kim et al. (US 20130101114 A1, prior art on the record) discloses generating an identification key by a probabilistic determination of a short occurring between nodes constituting a circuit, by violating a design rule provided during a semiconductor manufacturing process. The identification key generating apparatus may include an identification key generator to generate an identification key based on whether a contact or a via used to electrically connect conductive layers in a semiconductor chip shorts the conductive layers, and an identification key reader to read the identification key by reading whether the contact or the via shorts the conductive layers (Kim, Abstract).
	Further, Kim et al. discloses that identification key generator may set a size of the contact or a size of the via so that a probability that the contact or the via shorts the conductive layers, and a probability that the contact or the via fails to short the conductive layers, may be equal. Here, a probability that a digital value generated by the identification key generator corresponding to 0, and a probability that a digital value generated by the identification key generator corresponding to 1 may equally correspond to 1/2, wherein a probability of 1/2 is equivalent to 50% hereinafter (Kim, Paragraph 0018).

 	Further, Yoo discloses that plurality of FW rules further include a content filtering rule; the hardware-based FW engine further includes a content filter; the packet stream capture unit is further configured to extract at least one of a keyword and a pattern, from the packet, and to provide to the content filter the extracted at least one of the keyword and the pattern; and the content filter is configured to perform matching of the at least one of the keyword and the pattern with the content filtering rule (Yoo, Paragraph 0017)
   	Although, the cited references above are from same or similar fields of endeavor however, the Applicant’s invention is directed towards authentication and control of encryption keys where an interface control circuit that is configured to receive a message including a cryptographic keyword and a policy value. The subject matters of independent claims 21, 28, and 34 are allowable since certain key features of the claimed invention are not taught or fairly suggested by the prior art. Specifically, the limitations in claim 21 that recite: “a security circuit configured to: extract the policy value from the data packet; determine that the policy value includes an indication of a number of bits in the particular cryptographic keyword; extract the indicated number of bits from a bit field in the data packet that includes the particular cryptographic keyword; and use the policy value to determine whether the particular cryptographic keyword is valid for use by the peripheral circuit” in combination with the rest of the limitations 
	 Independent claims 28 and 34 recite similar subject matters as to those in claim 21.
 	 The claimed subject matters are novel and non-obvious in scope over the prior art of record as the prior-art references fail to teach each and every features of the independent claim(s) including the limitations set forth above.
  	In view of the foregoing, the scope of claimed subject matters renders the invention patentably distinct as none of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
  	Furthermore, the Examiner performed updated search which does not yield other specific references that reasonably, either alone or in combination, would result a proper rejection of all the claimed features presented in each of the independent claims 21, 28, and 34 under 35 U.S.C 102 or 35 U.S.C.103 with proper motivation. 
  	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 
Conclusion	
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638.  The examiner can normally be reached on Monday thru Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498