DETAILED ACTION
This Action is in consideration of the Applicant’s response on November 17, 2021.  Claims 5 – 7, 9, 11, 13 -1 6, 21, and 22 are amended by the Applicant.  Claims 1, 3, 5 – 9, 11, 13 – 17, 19, and 21 – 24, where Claims 1, 9, and 17 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Response to Arguments
	Applicant’s arguments filed November 17, 2021 have been fully considered but they are not persuasive.  Applicant argued:
a)	Regarding Claims 1, 9, and 17, the combination of Cammack, Chou, and Ye do not disclose or suggest using one data cryptographic key that is generated using a hardware cryptographic key to encrypt data and decrypt the encrypted data.
The Office respectfully disagrees with Applicant’s assertions.
1.	With regards to a), in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
	The Applicant argues that each reference fails to disclose or suggest “using one data cryptographic key that is generated using a hardware cryptographic key to encrypt nd Para, Pg. 9, 2nd Para., Pg. 10, 3rd Para.].  However, the combination of Cammack, Chou, and Ye were used to reject Claims 1, 9, and 17.
	Particularly, the Office mapped Cammack to the limitation “a…cryptographic engine…configured to generate a data cryptographic key using the hardware cryptographic key of the processor, the…cryptographic engine to encrypt data for storage in the data storage…using the data cryptographic key [See Non-Final Rejection, mailed August 17, 2021 (hereinafter “Non-Final Action”), Pg. 3, citing Cammack, Fig. 4, Para. 0061-70].  Cammack discloses of creating the device-bound encryption key (claimed data cryptographic key) using both the device identifier (claimed hardware cryptographic key of the processor) and the manufacturer identifier [Para. 0065-66].  Cammack further discloses of decrypting an encrypted file using the unbound key and re-encrypting the decrypted file using the device-bound encryption key [Fig. 4; Para. 0069-70].  Therefore, Cammack discloses a single, device specific encryption key is used to encrypt a data file.
	As indicated in the Non-Final Action, Cammack discloses of decrypting the encrypted file, but does not specifically disclose that the decrypting utilizes the encryption key generated using the device identifier [See, Non-Final Action, Pg. 3, last Para – Pg. 4, 1st Para.].  This portion of Cammack was used to indicate that decryption of a stored encrypted file can also be performed.  The use of an encryption key generated using the device identifier was not specifically taught by Cammack.
	The Office indicates that Chou discloses using a device specific key to decrypt an encrypted file [See, Non-Final Action, Pg. 4, 2nd Para., citing Chou, Para. 0023-25].  
	The Office further indicates that Ye disclose the storing of at least one device specific key in a cryptographic unit and is transparent to traditional software including operating systems and applications (claimed hardware cryptographic key is inaccessible to all applications executed by the processor) [See, Non-Final Action, Pg. 4, last Para., citing Ye, Fig. 1, Para. 0013, 0035, 0037].  Therefore, the combination of Cammack, Chou, and Ye discloses of all the limitations of Claims 1, 9, and 17.
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 3, 5 – 9, 11, 13 – 17, 19, and 21 – 24 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over PGPub. 2003/0056107 (hereinafter “Cammack”), in view of PGPub. 2011/0191599 (hereinafter “Chou”), in further view of PGPub. 2007/0113103 (hereinafter “Ye”).
2.	Regarding Claims 1, 9, and 17, Cammack discloses of a mobile computing device [Fig. 1, item 110] comprising: 

a processor having a hardware cryptographic key stored therein [Fig. 1, item 130; Para. 0029, 0034-35; DSP internally stores a manufacturer identifier and a device identifier (either can be considered hardware cryptographic key)]; and
a 
	Cammack further discloses that the secure bootloader can generate a decryption key, such as the bound key, using the hardware cryptographic key that is used to decrypt a content key used to decrypt the encrypted data [Fig. 3; Para. 0045, 0050, 0058].  Cammack, however, does not specifically disclose that the cryptographic engine is a hardware cryptographic engine included in the processor, wherein the hardware cryptographic key is inaccessible to all application executed by the processor, and of decrypting the encrypted data from the data storage using the data cryptographic key.
	Chou discloses a system and method for utilizing a hardware security module decrypt or encrypt data utilizing a secure processor and a device specific key [Abstract; Para. 0023].  Chou further discloses that the device specific key can be used to decrypt 
	Chou, however, does not specifically disclose that the cryptographic engine is a hardware cryptographic engine included in the processor, wherein the hardware cryptographic key is inaccessible to all application executed by the processor.
Ye discloses a processor including a hardware cryptographic unit [Abstract; Fig. 1; Para. 0013, 0018, 0030].  Ye further discloses that at least one device specific key is stored within the cryptographic unit and is transparent to traditional software including operating systems and applications (the hardware cryptographic key is inaccessible to all application executed by the processor) [Fig. 1; Para. 0013, 0035, 0037].  It would have been obvious to one skilled in the art at the time of the invention to combine the teachings of Ye with Cammack since both system can be used to verify the integrity and security of software code that is about to run on a device.  The combination of Ye would enable the DSP of Cammack to be implemented as a processor that includes a hardware cryptographic engine within it and prevents exposure of the device specific 
3.  	Regarding Claims 3, 11, and 19, Cammack, in view of Chou and Ye, discloses all the limitations of Claims 1, 9, and 17 above.  Cammack further discloses that the hardware cryptographic key is provisioned in the processor during a manufacturing process of the processor [Para. 0044].
4.    	Regarding Claims 5, 13, and 21, Cammack, in view of Chou and Ye, discloses all the limitations of Claims 1, 9, and 17 above.  Cammack further discloses that the cryptographic engine is dedicated to the processor [Fig. 3; Para. 0043-44].  Ye discloses of a hardware cryptographic engine [Abstract; Fig. 1; Para. 0013, 0018, 0030].
5. 	Regarding Claims 6, 14, and 22, Cammack, in view of Chou and Ye, discloses all the limitations of Claims 1, 9, and 17 above.  Cammack further discloses that the hardware cryptographic key is usable only be the cryptographic engine [Para. 0034-35, 0043; subset can be only secure bootloader].  Ye discloses of a hardware cryptographic engine [Abstract; Fig. 1; Para. 0013, 0018, 0030].
6.   	Regarding Claims 7, 15, and 23, Cammack, in view of Chou and Ye, discloses all the limitations of Claims 1, 9, and 17 above.  Cammack further discloses wherein the cryptographic engine is to generate the data cryptographic key using the hardware cryptographic key and another cryptographic key [Para. 0044, 0061].  Ye discloses of a hardware cryptographic engine [Abstract; Fig. 1; Para. 0013, 0018, 0030].
7. 	Regarding Claims 8, 16, and 24, Cammack, in view of Chou and Ye, discloses all the limitations of Claims 1, 9, and 17 above.  Cammack further discloses that the .
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.

/TAE K KIM/Primary Examiner, Art Unit 2496