DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on December 27, 2019, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on December 27, 2019, are accepted.

Specification
The specification, filed on December 27, 2019, is accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "the plurality of full encryption keys" in line 6.  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, "the plurality of full encryption keys" is interpreted as "a plurality of full encryption keys"

Claim 1 recites the limitation "the encryption circuitry" in line 10.  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, "the encryption circuitry " is interpreted as "an encryption circuitry "

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4 – 6, 8, 11 – 13, 15, and 18 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20110296206 A1 to Henry et al., (hereinafter, “Henry) in view of US 20210067334 A1 to Angel and in view of US 20110167273 A1 to Maas et al., (hereinafter, “Maas”).
Regarding claim 1, Henry teaches a processor comprising: fetch circuitry to fetch an instruction; [Henry, para. 41 discloses the fetch unit 104 fetches instruction data 106 from the instruction cache 102. The fetch unit 104 operates in one of two modes: a decryption mode and a plain text mode. An E bit 148 in a control register 144 of the fetch unit 104 determines whether the fetch unit 104 is operating in decryption mode (E bit set) or plain text mode (E bit clear). In plain text mode, the fetch unit 104 treats the instruction data 106 fetched from the instruction cache 102 as non-encrypted, or plain text, instruction data and therefore does not decrypt the instruction data 106; however, in decryption mode, the fetch unit 104 treats the instruction data 106 fetched from the instruction cache 102 as encrypted instruction data that must be decrypted using decryption keys stored in a master key register file 142 of the fetch unit 104 into plain text instruction data] decode circuitry to decode the fetched instruction, [Henry, para. 43 discloses the decode unit 108 which decodes the stream of plain text instruction data 162, breaks it down into distinct x86 instructions, and issues them to the execution units 112 for execution. In one embodiment, the decode unit 108 includes buffers, or queues, for buffering the stream of plain text instruction data 162 prior to and during decoding. In one embodiment, the decode unit 108 includes an instruction translator that translates the x86 instructions into microinstructions, or micro-ops, that are executed by the execution units 112. As the decode unit 108 emits instructions, it also emits a bit for each instruction that proceeds down the pipeline with the instruction to indicate whether or not the instruction was an encrypted instruction] the fetched instruction to specify an opcode, an address, and a key identifier, the opcode indicating the processor is to use the address to determine whether to use an explicit key, in which case the processor is to use the key identifier to select a cryptographic key among the plurality of full encryption keys, [Henry, para. 5 discloses The microprocessor includes a branch target address cache (BTAC), configured to cache history information associated with a plurality of previously executed branch and switch key instructions. The history information includes a target address and an identifier for identifying key values associated with each of the previously executed branch and switch key instructions. The microprocessor also includes a fetch unit, coupled to the BTAC. The fetch unit is configured to receive from the BTAC a prediction that the fetch unit fetched one of the plurality of previously executed branch and switch key instructions and receive from the BTAC the target address and identifier associated with the fetched branch and switch key instruction] the processor further to use the cryptographic key with the encryption circuitry to perform a cryptographic operation on an encrypted memory location; [Henry, para. 82 discloses A post-processor that encrypts the program knows the memory address of the location of each switch key instruction 600 and uses that information, namely the relevant address bits of the fetch address, along with the switch key instruction 600 key values to generate the encryption key bytes to encrypt the program.] and execution circuitry to perform the instruction as per the opcode, [Henry, para, 43 discloses the decode unit 108 includes an instruction translator that translates the x86 instructions into microinstructions, or micro-ops, that are executed by the execution units 112. The bit enables the execution units 112 and retire unit 114 to make decisions and take actions based on whether the instruction was an encrypted instruction or a plain text instruction when it was fetched from the instruction cache 102. In one embodiment, plain text instructions are not allowed to perform certain actions related to instruction decryption mode operation.], but Henry does not teach otherwise, the processor is to dynamically derive the cryptographic key by using the key identifier to select a key split among the plurality of key splits, and provide the key split and a root key to a key derivation function (KDF), wherein each of the key splits requires less storage than each of the full encryption keys.
However, Angel does teach otherwise, the processor is to dynamically derive the cryptographic key by using the key identifier to select a key split among the plurality of key splits, and provide the key split and a root key to a key derivation function (KDF), [Angel, para. 97 discloses each KFM instance may be configured to compute the pseudo-identifier. The pseudo-identifier may be computed by applying a derivation function on the root key fragment and on the data identifier. The derivation function may be an KDF algorithm where the root key fragment used as the key and the data identifier is used as the salt, an HMAC algorithm where the root key fragment used as the key and the data identifier is used as the message, or the like. Para. 38 discloses the data-specific key may be a combination of the plurality of data-specific key fragments generated by the plurality of KFM instances. As an example, the data-specific key may be created by applying a XOR operation on all data-specific key fragments. However, it may be noted that other computations may be used to assemble the data-specific key based on the key fragments, such as but not limited to concatenation, multiplication, or the like. It may be noted that the client may not have access to the root key fragments as units. As an example, given N KFM instances, each may generate one root key fragment f, the root key K may be: K= f′1⊕ f′2⊕ . . . ⊕ f′n. The client may receive the data-specific fragments f′1, , , f′n and assemble the data-specific key K′, but not f1 . . . fn. In some exemplary embodiments, in order to retrieve the root key, all of the plurality of KFM instances may need to be accessed to retrieve all root key fragments]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Angel’s system with Henry’s system, with a motivation to provide an architecture for Cryptographic Key Management Service, which offers an absolute split of keys so that the key will never exist in one place, thereby completely preventing any part of the system from being a single point of failure. [Angel, para. 28] 
However, Henry in view of Angel does not teach wherein each of the key splits requires less storage than each of the full encryption keys, but Maas does teach wherein each of the key splits requires less storage than each of the full encryption keys. [Maas, para. 64 discloses the key segments k.sub.i may be simply concatenated in order to get the eventual key K: K=k.sub.1.parallel.k.sub.2.parallel. . . . .parallel.k.sub.t. In this case where the number of key segments used for composing the key K is t, the bit length of the key segments is a factor t smaller than the bit length of the eventual key K, so there is no storage or computation overhead. Such a composition makes it possible to increase computation efficiency of the method.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Maas’s system with Henry’s system, with a motivation to increase computation efficiency. [Maas, para. 64] 

As per claim 4, modified Henry teaches the processor of claim 1, wherein the instruction further has a field to specify write data, [Henry, para. 47 discloses special instructions exist within the instruction set architecture of the microprocessor 100 to read and write the secure memory area 122] and wherein the opcode calls for the processor to encrypt the write data and store encrypted write data to the location identified by the address [Henry, para. 48 discloses the microprocessor 100 will initially use the initial set of keys to decrypt an encrypted program. Additionally, the encrypted program itself may subsequently write new keys into the secure memory area 122, load the keys from the secure memory area 122 into the key register file 124 (via the load key instruction), and load the keys from the key register file 124 into the master key registers 142 (via the switch key instruction).]

As per claim 5, modified Henry teaches the processor of claim 1, wherein the opcode calls for the fetch of read data from the location identified by the address, and to use the cryptographic key to decrypt the read data. [Henry, para. 6 discloses The method also includes fetching encrypted instruction data at the associated target address and decrypting the fetched encrypted instruction data based on the key values identified by the identifier, in response to the receiving the prediction.]  

Regarding claim 6, modified Henry teaches the processor of claim 1, but Henry does not teach wherein the KDF uses multiple iterations of a pseudorandom function in either a counter mode or a feedback mode.  
However, Angel does teach wherein the KDF uses multiple iterations of a pseudorandom function in either a counter mode or a feedback mode. [Angel, para. 36 discloses each KFM instance may be configured to generate a respective root key fragment using a random function. A root key that is an aggregation of the root key fragments may never be assembled. Para. 42 discloses KDF function may be configured to derive one or more secret keys from a secret value such as a master key, a password, a passphrase, or the like using a pseudorandom function, such as, but not limited to, Keyed cryptographic hash functions, or the like. In some exemplary embodiments, any KDF function may be used, such as, for example, HMAC-based Extract-and-Expand Key Derivation Function (HKDF) or the like.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Angel’s system with Henry’s system, with a motivation to provide an architecture for Cryptographic Key Management Service, which offers an absolute split of keys so that the key will never exist in one place, thereby completely preventing any part of the system from being a single point of failure. [Angel, para. 28] 

Regarding claim 8, Henry teaches method to be performed by a processor comprising a memory controller to use cryptographic circuitry to encrypt and decrypt data [Henry, para. 86 discloses each 16-byte block of instruction data of the encrypted program to be fetched by the fetch unit 104 must be encrypted (XORed) with the same 16-bytes of decryption key 174 values that will be used by the fetch unit 104 to decrypt (XOR) the fetched block of instruction data 106. As described above, the decryption key 174 byte values are computed by the fetch unit 104 based on two inputs: the master key byte values stored in the master key registers 142 and certain bits of the fetch address 134 of the 16-byte block of instruction data 106 being fetched (bits [10:4] in the example embodiment of FIG. 2). Therefore, a post-processor that encrypts the programs to be executed by the microprocessor 100 knows both the master key byte values that will be stored in the master key registers 142 and the address, or more specifically the relevant address bits, at which the encrypted program will be loaded into memory and from which the microprocessor 100 will subsequently fetch the blocks of instruction data of the encrypted program. From this information, the post-processor generates the appropriate decryption key 174 value to use to encrypt each 16-byte instruction data block of the program], but Henry does not teach storage to store a plurality of key splits and a plurality of full encryption keys.
However, Angel does teach storage to store a plurality of key splits and a plurality of full encryption keys. [Angel, para. 34 discloses The KFM system may be configured to generate secure random strong encryption keys, manage data storage for key fragments, and perform a key fragment derivation function, which generates a derived fragment from an original key fragment. The KFM system may comprise a plurality of instances of a KFM service. Each KFM instance may be isolated from other KFM instances. In some exemplary embodiments, each KFM instance may be configured to generate a data-specific key fragments. The plurality of data-specific key fragments may be utilized to generating a data-specific key to be utilized for performing a cryptographic process relating to a data item (e.g., encryption of the data item using the data-specific key to provide an encrypted data item, or decryption of an encrypted data item using the data-specific key to obtain the data item).]
The rest of features cited in claim 8 are similar to features in claim 1 and therefore they are rejected in a similar manner.

	Regarding claim 11 – 13, they recite features similar to features in claims 4 – 6, and therefore they are rejected in a similar manner.

Regarding claim 15, it recites features similar to features in claim 1, and therefore it is rejected in a similar manner. 

Regarding claim 18 – 20, they recite features similar to features in claims 4 – 6, and therefore they are rejected in a similar manner.

Claims 2 – 3, 9 – 10, and 16 – 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 20110296206 A1 to Henry et al., (hereinafter, “Henry) in view of US 20210067334 A1 to Angel and in view of US 20110167273 A1 to Maas et al., (hereinafter, “Maas”) further in view of US 20110314303 A1 to Shevchenko et al., (hereinafter, Shevchenko).
Regarding claim 2, modified Henry teaches the processor of claim 1, but Henry does not teach further comprising a plurality of cores, each comprising an instance of a fetch, decode, and execution circuitry, wherein a least a proper subset of the plurality of cores are to execute plurality of virtual machines, each virtual machine having a unique cryptographic key.  
	However, Shevchenko does teach further comprising a plurality of cores, [Shevchenko, para. 71 discloses the concept of the present disclosure discussed in connection with FIGS. 4 and 5 is also applicable to a multi-core processor composed of two or more independent cores. Multiple cores of a multi-core processor may be associated with respective code conversion matrixes to operate with different unique codes in a manner similar to operations of different VMs discussed in connection with FIG. 5. For example, the memory section 202 may hold codes unique for the respective cores. The code conversion matrixes 218 may convert the respective unique codes into the generic code supplied to the respective cores. In this case, even if an attacker injects a malicious code in one of the cores, he would not be able to penetrate another core of the same processor via resources shared by the cores] each comprising an instance of a fetch, decode, and execution circuitry, [Shevchenko, para. 58 discloses a computing device 200 may comprise a memory section 202, a conversion matrix section 204, and a CPU including a front end section 206 and a back end section 208. Similarly to the memory section in FIG. 4, the memory section 202 may include any internal or external information storage that can be used by the computing device 200, such as a cache memory, hard drive memory, flash memory, random access memory, read only memory, etc. The front end section 206 and the back end section 208 may operate in a manner similar to the respective sections in FIG. 4. The front end section 206 includes an instruction fetch unit 210 for fetching instructions to be executed, a translate/decode unit 212 for translating or decoding fetched instructions, and a branch unit 214 that predicts which sequence will be executed each time the instruction set contains a conditional jump, so that the fetch and translate/decode units can get the instructions ready in advance. The back end section 208 may contain registers, ALU and FPU used for executing instructions] wherein a least a proper subset of the plurality of cores are to execute plurality of virtual machines, [Shevchenko, para. 59 discloses the computing device 200 is configured for running multiple virtual machines VM1 to VMn using common physical resources such as a CPU, memory section, peripheral devices, etc. Each virtual machine VM is a software implementation of a physical computer that executes programs like a physical machine. The virtual machines VM1 to VMn may be system virtual machines providing complete system platforms to supports the execution of separate operating systems] each virtual machine having a unique cryptographic key.  [Shevchenko, para. 63 discloses a key unit 220 is provided to store a unique cryptographic key for the hypervisor, and unique cryptographic keys for each of the virtual machines VM1 to VMn. The code conversion matrix 216 and 218-1 to 218-n may be originally configured to operate in a "transparent" mode to produce at their outputs codes applied to their inputs. The unique key for the hypervisor is selected to reconfigure the code conversion matrix 216 so as to convert the unique code of the hypervisor into the generic code. The unique keys for virtual machines VM1 to VMnare selected to respectively reconfigure the code conversion matrixes 218-1 to 218.sub.n so as to respectively convert the unique codes CODE1 to CODEn into the generic code.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Shevchenko’s system with modified Henry’s system, with a motivation to prevent the computing device from executing instructions that are not supplied from the output of the code conversion unit. Therefore, the computing device will not execute instructions in a generic code which are not converted from the unique code of that particular computing device. Hence, malicious instructions cannot be executed. [Shevchenko, para. 14]

Regarding claim 3, modified Henry teaches the processor of claim 1, but modified Henry does not teach wherein the instruction is associated with a virtual machine being executed by one of a plurality of cores of the processor.  
However, Shevchenko does teach wherein the instruction is associated with a virtual machine being executed by one of a plurality of cores of the processor.  [Shevchenko, para. 62 discloses the code CODE MAIN is a code unique for the hypervisor. The codes CODE1 to CODE.sub.n are unique for respective virtual machines VM1 to VM.sub.n. The unique hypervisor's code differs from the unique codes of the virtual machines VM1 to VM.sub.n. The unique code of each VM differs from the unique code of any other VM run on the same computing device 200. The unique codes of hypervisor and VMs may differ from a generic code of instructions executable by the CPU that may be defined by the instruction set architecture (ISA) used by the CPU.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Shevchenko’s system with modified Henry’s system, with a motivation to prevent the computing device from executing instructions that are not supplied from the output of the code conversion unit. Therefore, the computing device will not execute instructions in a generic code which are not converted from the unique code of that particular computing device. Hence, malicious instructions cannot be executed. [Shevchenko, para. 14]

	Regarding claim 9 – 10, they recite features similar to features in claims 2 – 3, and therefore they are rejected in a similar manner.

Regarding claim 16 – 17, they recite features similar to features in claims 2 – 3, and therefore they are rejected in a similar manner.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20110296206 A1 to Henry et al., (hereinafter, “Henry) in view of US 20210067334 A1 to Angel and in view of US 20110167273 A1 to Maas et al., (hereinafter, “Maas”) further in view of US 10521618 B1 to Zhang et al., (hereinafter, “Zhang”).
Regarding claim 7, modified Henry teaches the processor of claim 1, but modified Henry does not teach wherein the root key comprises either 128 bits or 256 bits.  
However, Zhang does teach wherein the root key comprises either 128 bits or 256 bits. [Zhang, col. 6 lines 26 – 34 discloses the root key programming interface register 220 can store a received or generated key for burning into the OTP memory 202. The device root key register 222 in the OTP memory 202 can store data or a key of any suitable size, such as 128 bits, 256 bits, 512 bits, and so on. The root key ECC register 224 is also implemented in the OTP memory 202 and configured to store an ECC value associated with a device-level root key.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Zhang’s system with modified Henry’s system, with a motivation to comprise any suitable number of bits, such as 64, 128, 256, 512. The OTP memory or register from which the root key value is loaded may also be a write-only section of memory or register. By storing or maintaining the root key value in write-only memory and registers, exposure of the root key value is minimized to protect the root key value from unauthorized access. [Zhang, col. 10 lines 55 – 61]

Regarding claim 14, it recites features similar to features in claim 14, and therefore it is rejected in a similar manner.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20200082070 A1 to Semeria et al. describes embodiments that enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.
US 20150161059 A1 to Durham et al. describes systems and methods that may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434