DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remarks
Claims 1-16 have been cancelled and newly presented claims 17-36 are pending in the application per the preliminary amendment filed 26 July 2021. 

CLAIM INTERPRETATION
Interpretation Note: 
In claim 19, although “the decrypted first data” does not find explicit antecedent basis in claim 17, the Examiner finds that “the decrypted first data” finds implicit antecedent basis in the data the results from the “first data” that the first encryption/decryption engine decrypts by “utilize[ing] the first decryption key”. 
In claim 19, although “the decrypted second data” does not find explicit antecedent basis in claim 17, the Examiner finds that “the decrypted second data” finds implicit antecedent basis in the data the results from the “second data” that the second encryption/decryption engine decrypts by “utilize[ing] the second decryption key”. 
In claim 24, although “the encrypted third data” does not find explicit antecedent basis in the claim, the Examiner finds that “the encrypted third data” finds implicit antecedent basis in the data the results from the “third data” that the first encryption/decryption engine encrypts by “utilize[ing] the first encryption key”. 
In claim 24, although “the encrypted fourth data” does not find explicit antecedent basis in the claim, the Examiner finds that “the encrypted fourth data” finds implicit 
In claim 28, although “the decrypted first data” does not find explicit antecedent basis in claim 25, the Examiner finds that “the decrypted first data” finds implicit antecedent basis in the data the results from the “first data” that the second core decrypts by “using a first key”. 
In claim 28, although “the decrypted second data” does not find explicit antecedent basis in claim 25, the Examiner finds that “the decrypted second data” finds implicit antecedent basis in the data the results from the “second data” that the second core decrypts by “using a second key”. 
In claim 36, although “the decrypted first data” does not find explicit antecedent basis in claim 33, the Examiner finds that “the decrypted first data” finds implicit antecedent basis in the data the results from the “first data” that the first core decrypts by “using a first key”. 
In claim 36, although “the decrypted second data” does not find explicit antecedent basis in claim 33, the Examiner finds that “the decrypted second data” finds implicit antecedent basis in the data the results from the “second data” that the second core decrypts by “using a second key”. 

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
From claim 17: “a first encryption/decryption engine to access....”
From claim 17: “a second encryption/decryption engine to access....” 
From claim 25: “a first cryptographic engine to decrypt...” 
From claim 25: “a second cryptographic engine to decrypt...”
From claim 33: “a first cryptographic engine to decrypt...”
From claim 33: “a first cryptographic engine to decrypt...”
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
In the present case, all the limitations interpreted under 112(f) above (i.e. limitations a-f) are interpreted to cover “code in execution by a processor” from [0022] of the specification.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Objections
Claims 17-24 are objected to because of the following informalities: 
Claim 17 recites, “encryption/decryption engine”, which may, at first blush, be interpreted by a reader to mean “encryption or decryption engine”. However, in context, the “encryption and decryption engine” is a more appropriate reading of the limitation when considering the disclosure in the specification. Accordingly, to avoid reader confusion, the Examiner requests that the limitation is amended to recite, “encryption and decryption engine”. 
Claims 18-24 are objected to for failing to cure the deficiencies of a base claim from which they depend.
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:



Claims 33-36 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Regarding claims 33-36:
The claims do not fall within at least one of the four categories of patent eligible subject matter because the claims are directed to a “computer readable medium” without limiting computer readable mediums to their non-transitory forms. Since computer readable mediums include transitory forms of signal transmission, such as propagating electrical or electromagnetic signal or carrier waves, the claims recite “signals per se” and are therefore rejected as not falling within one of the four categories of patent eligible subject matter [See MPEP 2016.03(I)]. The Examiner notes that Applicant may act as their own lexicographer to define claim limitations in the specification. However, in the present case, the Applicant has not specifically defined computer readable mediums to explicitly exclude their transitory forms. Instead, specification paragraph [0036] merely offers that a non-transitory machine-readable storage medium is an example of a machine or computer-readable medium, which is non-limiting. Since applicant has not restricted “computer readable medium” in the specification to exclude transitory forms, the claims’ recitations of “computer readable medium” include signals per se and are rejected accordingly.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:



Claim 24 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 24: 
Claim 24 recites, “the second process executed by the first core”. There is insufficient antecedent basis for this limitation in the claim. Accordingly, the scope of the claim cannot be determined and the claim is indefinite. For the purposes of Examination, the Examiner will read the limitation to recite, “the second process executed by the second core”.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 33 is rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by US Patent Application Pub. No. US 2018/0048470 A1 (Bower).
Regarding claim 33: 
Bower discloses, a computer-readable medium, comprising instructions stored thereon, that if executed by one or more devices, cause (by disclosing that the disclosed invention may be embodied by a computer program product, including software, that may be executed by a processor [0036] [0051-0054]) a first core to access a first cryptographic engine to decrypt first data using a first key (by disclosing a computing node having multiple CPU packages (10) [0034] [Fig. 1]. The CPU packages each contain a processor core (20) (i.e. at least a first processor core) that accesses either encryption and decryption module (26) or encryption and decryption module (44) to decrypt (and encrypt) data (such as in registers (24)) using a key from a trusted key store (30) or a second key store for the encryption and decryption module (44) [Fig. 1] [0012] [0034-0035] [0037] [0039]. Encryption and decryption module (26) is part of processor core (20) [0037], and encryption and decryption module (44) is described as a module where a “module” may be a software and hardware combination understood as being implemented in computer program instructions which may be executed by a processor [0051] [0054] [0057]. The key is determined based on a tag (i.e. key ID) that identifies the process executing in the core [0020] [0024]) and a second core to access a second cryptographic engine to decrypt second data using a second key (by disclosing a computing node having multiple CPU packages (10) [0034] [Fig. 1]. The CPU packages contain a processor core (20) (i.e. at least a second processor core of a second CPU package) that accesses either encryption and decryption module (26) (i.e. of the second CPU package) or encryption and decryption module (44) (i.e. of the second CPU package) to decrypt (and encrypt) data (such as in registers (24)) using a key from a trusted key store (30) (i.e. of the second CPU package) or a second key store for the encryption and decryption module (44) [Fig. 1] [0012] [0034-0035] [0037] [0039]. Encryption and decryption module (26) is part of processor core (20) [0037], and encryption and decryption module (44) is described as a module where a “module” may be a software and hardware combination understood as being implemented in computer program instructions which may be executed by a processor [0051] [0054] [0057]. The  wherein the first and second cryptographic engines are separate (a set of encryption and decryption modules (26 and 44) belongs to a first CPU package and another set belongs to the second CPU package (10) [0034]) and wherein: for the first core, unique keys are mapped to key identifiers on a per-process basis (the processes (with tags for the process IDs) are mapped to unique keys in the key store (30) based on a key-tag pair, where the tag is based on the process ID of the processes for the core [0010] [0021] [0024] [0030] [0045]) so that a key identifier value associated with a first process executed by the first core accesses a different key than a key accessed using a key identifier value associated with a second process executed by the first core (by disclosing that processes are assigned unique key-tag pairs (72) (i.e. a different key than a key accessed using a key identifier value associated with a second process) so that they cannot access the data of another process, where there are a plurality of processes (i.e. a first process and a second process) executing on a CPU package [0020-0021] [0037] [Fig. 1] [Fig. 2] [Fig. 3]. The same process executing in two CPU packages may have different tags and keys [0034])  and for the second core, unique keys are mapped to key identifiers on a per-process basis so that a key identifier value associated with a third process executed by the second Application No.: 17/127,729Examiner: TBDAttorney Docket No.: AB1865-US-C1Art Unit: 21395Attorney Docket No.: AB1865-US-C1core accesses a different key than a key accessed using a key identifier value associated with a fourth process executed by the second core (by disclosing that processes are assigned unique key-tag pairs (72) so that they cannot access the data of another process, where there are a plurality of processes executing on a CPU package [0020-0021] [0037] [Fig. 1] [Fig. 2] [Fig. 3]. The other CPU package may execute other processes or the same processes and assign them other unique key-tag pairs (i.e. a third process and a fourth process with a different key and a key accessed using a key identifier value associated with a fourth process [0034])

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 17-18 and 23-27 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application Pub. No. US 2018/0048470 A1 (Bower) in view of US Patent Application Pub. No. US 2019/0182040 A1 (Hunt).
Regarding claim 17: 
Bower discloses an apparatus comprising (by disclosing a compute node having multiple CPU packages [0034]) a first core comprising (by disclosing that a CPU package (10) has at least one processor core (20) [0013] [0034] [Fig. 1]): a first encryption/decryption engine (by disclosing encryption and decryption module (26) as part of processor core (20) [0037], where a “module” may be a software and hardware combination understood as being implemented in computer program instructions which may be executed by a processor [0051] [0054] [0057]) to access a first process-specific key table (by disclosing the trusted key store (30), accessible to the first encryption and decryption module (26) [Fig. 1] [0037]. The trusted key store includes keys assigned to each of a plurality of processes (i.e. the keys are process-specific (i.e. process-specific key table)), among at least two process-specific key tables associated with the first core (by disclosing that a CPU package may have a second key store that is accessible to a second encryption and decryption module (44) and is configured to store the encryption key assigned to each of the plurality of processes (i.e. a second process-specific key table), the key store stores process IDs (tags) and keys for processes that run on the core (20) (i.e. associated with the first core) [0010] [0012] [0035]), to determine a first decryption key associated with a first process executed by the first core and to utilize the first decryption key to decrypt first data (by disclosing that a process that owns encrypted data, stored in the data registers (24) or the external memory, will have permission for the encryption and decryption module (26) to decrypt (77) (85) and provide that data to the process (i.e. decrypt first data) using the encryption key for the process stored in the key table based on an ID associated with the process [0041] [0049] [0050] [Fig. 1] [Fig. 2] [Fig. 3]) and a second core comprising (by disclosing a compute node having multiple CPU packages [0034], and each CPU package (10) has at least one processor core (20) [0013] [0034] [Fig. 1]) a second encryption/decryption engine to access a second process-specific key table (by disclosing encryption and decryption module (26) [0037] as part of a core (20) of a CPU package (10), where a “module” may be a software and hardware combination understood as being implemented in computer program instructions which may be executed by a processor [0051] [0054] [0057])), among at least two process-specific key tables associated with the second core (by disclosing that a CPU package may have a second key store that is accessible to a second encryption and decryption module and is configured to store the encryption key assigned to each of the plurality of processes (i.e. a second process-specific key table), the key store stores process IDs and keys for processes that run on the core (20) (i.e. associated with the second core) [0012] [0035]), to determine a second decryption key associated with a second process executed by the second core and to utilize the second decryption key to decrypt second data (by disclosing that a process that owns encrypted data, stored in the data registers (24) or the external memory, will have permission for the encryption and decryption module (26) to decrypt (77) (85) and provide that data to the process (i.e. decrypt first data) using the encryption key for the process stored in the key table based on an ID associated with the process [0041] [0049] [0050] [Fig. 1] [Fig. 2] [Fig. 3]. There may be a plurality of processes (81) in execution by the multiple CPU cores (20) and packages (10) (i.e. 
Bower does not explicitly disclose, but Hunt teaches, wherein a same set of key identifier values are utilized by at least two processes executed by the first core and wherein a same set of key identifier values are utilized by at least two processes executed by the second core (by teaching that a remapping a system-level security key identifier to a local security key identifier having fewer bits of storage space than a system-level security key it was mapped from may save storage space in a system [0007]. As a processing system may support more encryption keys (and associated KeyIDs) than could be used simultaneously within any compute complex, to reduce the hardware overhead for keeping track of KeyIDs, the processing system remaps the KeyIDs to a smaller local-level keyID (i.e. local to the compute complexes) requiring fewer bits [0021]. When addressing the data, the cores only need to include the local KeyID, and only maintain local Key IDs for processes that are actively running, thereby saving hardware storage compared to the longer systemID [0021] [0023] [0027]. The local KeyIDs may not map the same process to the same KeyID in each compute complex. However, each compute complex will use the same local KeyIDs (i.e. 3 bits, i.e. 0-7 in the example given in Hunt) to map their currently running processes and each process running on each compute complex will be mapped to the same 3 bits of KeyIDs (i.e. 0-7) (i.e. same set)).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified process ID tags disclosed by Bower to include remapping to local process ID tags for only the active processes currently executing in the core as taught by Hunt so that the tag storage (i.e. in the registers of Bower) would require fewer bits compared to the system-level KeyIDs and use the same set of local-level KeyIDs (i.e. such as those keys indicated by 3 or fewer bits) as taught by Hunt
One of ordinary skill in the art would have been motivated to make this modification because remapping the KeyIDs to local-level KeyIDs with a fewer required number of bits saves storage space in the system and reduces hardware requirements, as taught by Hunt in [0007] [0021].  
Regarding claim 18:
The apparatus of claim 17 is made obvious by Bower in view of Hunt. 
Bower further discloses, wherein the first process comprises one or more of: a thread, a container, or a virtual machine (VM) and the second process comprises one or more of: a thread, a container, or a VM (by disclosing that the process may be a thread of execution [0029]).
Regarding claim 23:
The apparatus of claim 17 is made obvious by Bower in view of Hunt. 
Bower further discloses comprising a memory device to store one or more of the first data and the second data prior to decryption (by disclosing the on-chip data registers (24) for storing the data prior to decryption by the encryption and decryption module (26) of the CPU packages when it is decrypted for the processes (22) [Fig. 1] [0034] [0037]). 
Regarding claim 24: 
The apparatus of claim 17 is made obvious by Bower in view of Hunt. 
Bower further discloses, wherein the first encryption/decryption engine to access the first process-specific key table and determine a first encryption key associated with the first process executed by the first core and to utilize the first encryption key to encrypt third data prior to storage of the encrypted third data (by disclosing the encryption and decryption module (26), which is to encrypt and store data (i.e. third data) in the data registers (24) for each of a plurality of processes being handled in the instruction path [0037]. The data is encrypted and decrypted for the process based on a key in the key store (30) assigned to the process (i.e. a first encryption key) [0020] [0027] [0037]). and the second encryption/decryption engine to access the second process-specific key table and determine a second encryption key associated with the second process executed by the first core and to utilize the second encryption key to encrypt fourth data prior to storage of the encrypted fourth data (by disclosing the encryption and decryption module (26), which is to encrypt and store data (i.e. third data) in the data registers (24) for each of a plurality of processes being handled in the instruction path [0037]. The data is encrypted and decrypted for the process based on a key in the key store (30) assigned to the process (i.e. a first encryption key) [0020] [0027] [0037]. There may be a plurality of CPU packages (10) including more than one processor core (20) in a compute node (i.e. including a second process-specific key table, a second encryption key, a second process and fourth data encrypted with the second encryption key) [0034]).
Regarding claim 25: 
Bower discloses, A method comprising: Application No.: 17/127,729Examiner: TBDAttorney Docket No.: AB1865-US-C1Art Unit: 21393Attorney Docket No.: AB1865-US-C1a first core accessing a first cryptographic engine to decrypt first data using a first key (by disclosing a computing node having multiple CPU packages (10) [0034] [Fig. 1]. The CPU packages contain a processor core (20) (i.e. at least a first processor core) that accesses either encryption and decryption module (26) or encryption and decryption module (44) to decrypt data using a key from a trusted key store (30) or a second key store for the encryption and decryption module (44) [Fig. 1] [0012] [0034-0035] [0037] [0039]. The key is determined based on a tag (i.e. key ID) that identifies the process executing in the core [0020] [0024]) and a second core accessing a second cryptographic engine to decrypt second data using a second key (by disclosing a computing node having multiple CPU packages (10) [0034] [Fig. 1]. The CPU packages contain a processor core (20) (i.e. at least a second processor core of a second CPU package) that accesses either encryption and decryption module (26) (i.e. of the second CPU package) or encryption and decryption module (44) (i.e. of the second CPU package) to decrypt data using a key from a trusted key store (30) (i.e. of the second CPU package) or a second key store for the encryption  wherein the first and second cryptographic engines are separate (a set of encryption and decryption modules (26 and 44) belongs to a first CPU package and another set belongs to the second CPU package (10) [0034]) and wherein: for the first core, unique keys are mapped to key identifiers on a per-process basis (the processes (with tags for the process IDs) are mapped to unique keys in the key store (30) based on a key-tag pair, where the tag is based on the process ID of the processes for the core [0010] [0021] [0024] [0030] [0045]) and for the second core, unique keys are mapped to key identifiers on a per-process basis (the processes (with tags for the process IDs) are mapped to unique keys in the key store (30) based on a key-tag pair, where the tag is based on the process ID of the processes for the core [0010] [0021] [0024] [0030] [0045]. As there is more than one CPU package, a second CPU package would have its own core (i.e. second core) with its own processes and keys [0020-0021] [0034]. Despite potentially having the same process, different packages may use their own tag IDs and keys [0034]) 
Bower does not explicitly disclose, but Hunt teaches, wherein a same set of key identifier values are utilized by at least two processes executed by the first core and wherein a same set of key identifier values are utilized by at least two processes executed by the second core (by teaching that a remapping a system-level security key identifier to a local security key identifier having fewer bits of storage space than a system-level security key it was mapped from may save storage space in a system [0007]. As a processing system may support more encryption keys (and associated KeyIDs) than could be used simultaneously within any compute complex, to reduce the hardware overhead for keeping track of KeyIDs, the processing system remaps the KeyIDs to a smaller local-level keyID (i.e. local to the compute complexes) requiring fewer bits [0021]. When addressing the data, the cores only need to include the local KeyID, and only maintain local Key IDs for processes that are actively Hunt) to map their currently running processes and each process running on each compute complex will be mapped to the same 3 bits of KeyIDs (i.e. 0-7) (i.e. same set)).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified process ID tags disclosed by Bower to include remapping to local process ID tags for only the active processes currently executing in the core as taught by Hunt so that the tag storage (i.e. in the registers of Bower) would require fewer bits compared to the system-level KeyIDs and use the same set of local-level KeyIDs (i.e. such as those keys indicated by 3 or fewer bits) as taught by Hunt. 
One of ordinary skill in the art would have been motivated to make this modification because remapping the KeyIDs to local-level KeyIDs with a fewer required number of bits saves storage space in the system and reduces hardware requirements, as taught by Hunt in [0007] [0021].  
Regarding claim 26: 
The method of claim 25 is made obvious by Bower in view of Hunt. 
Bower further discloses, accessing the first key from a first key table associated with a first process (by disclosing that a first key (for example, key DEF in key store (30)) may be accessed to encrypt or decrypt data associated with a process (for example, process A) [Fig. 1] [Fig. 2] [Fig. 3]) and accessing the second key from a second key table associated with a second process (by disclosing that there may a be a plurality of processes running on a plurality of CPU packages, such that a different process on a different CPU package will map to a different unique key using the key store (30) on the second CPU package (i.e. a CPU core on the second CPU package will access a second key table associated with a second process). 
Regarding claim 27: 
The method of claim 26 is made obvious by Bower in view of Hunt. 
Bower further discloses, wherein the first process comprises one or more of: a thread, a container, or a virtual machine (VM) and the second process comprises one or more of: a thread, a container, or a VM (by teaching that the processes are executing in a thread of execution (i.e. comprises a thread) [0029]). 

Claims 19-21 and 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Bower in view of Hunt in further view of US Patent Application Pub. No. US 2015/0248357 A1 (Kaplan).
Regarding claim 19:
The apparatus of claim 17 is made obvious by Bower in view of Hunt. 
Bower does not explicitly disclose that the data stored in the registers (24) and decrypted may be instructions such that it does not teach, but Kaplan teaches wherein the decrypted first data comprises instructions and the decrypted second data comprises instructions (by teaching that the data which is to be cryptographically protected may be indicated with control bits included with the memory address, such as based on the type of information or where the information is stored in the memory. This allows large collections of data to be easily classified as secured information, providing for efficient information protection [0025]). 
 It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data stored and retrieved by the processes disclosed by Bower to include the control bits in the memory address to classify whether the information should be cryptographically protected based on whether it contains instructions or Kaplan. 
One of ordinary skill in the art would have been motivated to make this modification because including control bits in the memory address to indicate that information such as instructions should be cryptographically protected allows large collections of data to be easily classified as secured information, and the control bits can be designated in a more fine-grained fashion and allows for protection of crucial information, such as programs, as taught by Kaplan in [0025].  
Regarding claim 20:
The apparatus of claim 17 is made obvious by Bower in view of Hunt. 
Bower discloses (through the analysis performed for claim 17) wherein Application No.: 17/127,729Examiner: TBDAttorney Docket No.: AB1865-US-C1Art Unit: 21392Attorney Docket No.: AB1865-US-C1the first encryption/decryption engine is to access the first process-specific key table and determine the first decryption key by a first key identifier value and the second encryption/decryption engine is to access the second process-specific key table and determine the second decryption key by a second key identifier value.
Bower does not explicitly disclose, but Kaplan teaches, wherein: the first encryption/decryption engine is to access the first process-specific key table and determine the first decryption key by a first key identifier value that is based on a portion of a memory address of the first data and the second encryption/decryption engine is to access the second process-specific key table and determine the second decryption key by a second key identifier value that is based on a portion of a memory address of the second data (by teaching that an address tag (VM Tag) value may be derived from a memory access request address, to identify the requesting VM (i.e. process) [0042] [0049] [0053-0054]. In this case, the VM tag (i.e. like the process ID or tag value taught by Bower
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the process ID or tag value taught by Bower (like the VM tag of Kaplan) to be indicated using address bits of a memory request address as taught by Kaplan. 
One of ordinary skill in the art would have been motivated to make this modification because repurposing address bits as a tag value to identify the executing VMs (i.e. processes) saves silicon area as taught by Kaplan in [0037] [0049].  
Regarding claim 21:
The method of claim 20 is made obvious by Bower in view of Hunt as motivated by Kaplan. 
Bower does not explicitly disclose, but Kaplan teaches, wherein the memory address of the first data comprises a virtual or physical memory address and the memory address of the second data comprises a virtual or physical memory address (by teaching that the memory address bits that are repurposed to indicate the VM tag are the physical address bits [0049]). 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the process ID or tag value taught by Bower (like the VM tag of Kaplan) to be indicated using address bits of a memory request address as taught by Kaplan. 
One of ordinary skill in the art would have been motivated to make this modification because repurposing address bits as a tag value to identify the executing VMs (i.e. processes) saves silicon area as taught by Kaplan in [0037] [0049].  
Regarding claim 28: 
The method of claim 25 is made obvious by Bower in view of Hunt. 
Bower does not explicitly disclose that the data stored in the registers (24) and decrypted may be instructions such that it does not teach, but Kaplan teaches wherein the decrypted first data comprises instructions and the decrypted second data comprises instructions (by teaching that the data which is to be cryptographically protected may be indicated with control bits included with the memory address, such as based on the type of information or where the information is stored in the memory. This allows large collections of data to be easily classified as secured information, providing for efficient information protection [0025]). 
 It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data stored and retrieved by the processes disclosed by Bower to include the control bits in the memory address to classify whether the information should be cryptographically protected based on whether it contains instructions or data, such that data such as instructions can be cryptographically protected as taught as taught by Kaplan. 
One of ordinary skill in the art would have been motivated to make this modification because including control bits in the memory address to indicate that information such as instructions should be cryptographically protected allows large collections of data to be easily classified as secured information, and the control bits can be designated in a more fine-grained fashion and allows for protection of crucial information, such as programs, as taught by Kaplan in [0025].  
Regarding claim 29: 
The method of claim 25 is made obvious by Bower in view of Hunt. 
Bower further discloses (through the analysis performed for claim 25 comprising: the first cryptographic engine accessing a first process-specific key table and determining the first key based on a first key identifier value and the second cryptographic engine accessing a second process-specific key table and determining the second key based on a second key identifier value. 
Bower does not explicitly disclose, but Kaplan teaches, comprising: the first cryptographic engine accessing a first process-specific key table and determine the first key based on a first key identifier value that is based on a portion of a memory address of the first data and the second cryptographic engine accessing a second process-specific key table and determine the second key based on a second key identifier value that is based on a portion of a memory address of the second data (by teaching that an address tag (VM Tag) value may be derived from a memory access request address, to identify the requesting VM (i.e. process) [0042] [0049] [0053-0054]. In this case, the VM tag (i.e. like the process ID or tag value taught by Bower) value may be used to identify the key that is used to encrypt or decrypt data for the VM (i.e. process) [0058]).  
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the process ID or tag value taught by Bower (like the VM tag of Kaplan) to be indicated using address bits of a memory request address as taught by Kaplan. 
One of ordinary skill in the art would have been motivated to make this modification because repurposing address bits as a tag value to identify the executing VMs (i.e. processes) saves silicon area as taught by Kaplan in [0037] [0049].  
Regarding claim 30: 
The method of claim 29 is made obvious by Bower in view of Hunt in further view of Kaplan. 
Bower does not explicitly disclose, but Kaplan teaches, wherein the memory address associated with the first data comprises a virtual or physical memory address and the memory address associated with the second data comprises a virtual or physical memory address 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the process ID or tag value taught by Bower (like the VM tag of Kaplan) to be indicated using address bits of a memory request address as taught by Kaplan. 
One of ordinary skill in the art would have been motivated to make this modification because repurposing address bits as a tag value to identify the executing VMs (i.e. processes) saves silicon area as taught by Kaplan in [0037] [0049].  

Claim 36 is rejected under 35 U.S.C. 103 as being unpatentable over Bower in view of Kaplan. 
Regarding claim 36: 
The computer-readable medium of claim 33 is anticipated by Bower. 
Bower does not explicitly disclose that the data stored in the registers (24) and decrypted may be instructions such that it does not teach, but Kaplan teaches wherein the decrypted first data comprises instructions and the decrypted second data comprises instructions (by teaching that the data which is to be cryptographically protected may be indicated with control bits included with the memory address, such as based on the type of information or where the information is stored in the memory. This allows large collections of data to be easily classified as secured information, providing for efficient information protection [0025]). 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data stored and retrieved by the processes disclosed by Bower to include the control bits in the memory address to classify whether the information should be cryptographically protected based on whether it contains instructions or data, such that data such as instructions can be cryptographically protected as taught as taught by Kaplan
One of ordinary skill in the art would have been motivated to make this modification because including control bits in the memory address to indicate that information such as instructions should be cryptographically protected allows large collections of data to be easily classified as secured information, and the control bits can be designated in a more fine-grained fashion and allows for protection of crucial information, such as programs, as taught by Kaplan in [0025].  

Allowable Subject Matter
Claim 22 is objected to for depending from a rejected base claim, but would be allowable if rewritten in independent form, including all the limitations of the claims from which it depends, and if the objection to the claim from the corresponding objection section above is addressed. 
The subject matter of claims 22, 31 and 32 was searched for in the prior art, but could not be found. Accordingly, a prior art rejection for claims 21, 31 and 32 has not been made. Although claims 31 and 32 are not rejected with prior art, they are not indicated as allowable for failing to recite patentable subject matter according to the analysis performed in the corresponding 35 U.S.C. §101 rejection section above. 
The following is a statement of reasons for the indication of allowable subject matter:
Regarding claim 22, the closest prior art of record, Bower, does not teach “circuitry to load the first process-specific key table prior to execution of the first process by the first core and load a third process-specific key table associated with a third process prior to execution of the third process by the first core” in combination with the other limitations because Bower does not teach that the process-specific key tables are already loaded in the CPU package prior to execution of the process (i.e. key-tag pairs are assigned (72) (82) after a new process has started (i.e. process-specific key-tag tables are loaded after execution) (71) (81) [Figs. 2-3] and Bower does not teach a third process-specific key table associated with a third process executed by the first core. The 
The subject matter of claims 31 and 32 are not made obvious by the prior art for reasons analogous to the reasons indicated for claim 22. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Application Pub. No. US 2017/0201503 A1 (Jayasena) teaches a multi-core processor that uses a crypto engine (110) and (124) to encrypt and decrypt data that it sends to a from memory module (104) [Fig. 1] [0025-0027]. The crypto engines use keys from first key store (114) and second key store (130) to encrypt and decrypt the memory. The keys are indexed in the key store according to a requestor ID, such as a thread ID, process ID, address space ID, or core ID [0024]. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CURTIS JAMES KORTMAN whose telephone number is (303)297-4404. The examiner can normally be reached Monday through Thursday 7:30 AM through 5:00 PM MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald Bragdon can be reached on (571) 272-4204. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CURTIS JAMES KORTMAN/Examiner, Art Unit 2139