DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 11/29/2021.
Claims 1, 3-6, 8, 12, 14-17, 19, 21 and 23-25 have been amended.
Claims 2, 13 and 22 have been canceled.
Claims 1, 3-12, 14-21 and 23-25 are submitted for examination.
Claims 1, 3-12, 14-21 and 23-25 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment, filed on November 29, 2021, has claims 1, 3-6, 8, 12, 14-17, 19, 21 and 23-25 amended, claims 2, 13 and 22 have been canceled and all other claims previously presented. Among the amended claims, claims 1, 12 and 21 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on November 29, 2021 at page 15, asserts, “The rejection of the claims under Section 102 has been mooted by virtue of the incorporation into the 
Applicant’s argument presented above has been considered and is found persuasive, rejection to claims 1, 12 and 21 under U.S.C. 102 has been withdrawn. In the light of the claim amendment, a new ground of rejection under U.S.C. 103 is presented.  Please refer to the detailed rejection below.
Applicant’s remark, filed on November 29, 2021 at page 16-23, asserts, “It is respectfully submitted that the rejected claims are patentable over the art of record based on at least the third criterion of obviousness: none of the references alone or in combination teach, suggest, or disclose each claim limitation of the independent claims. … Kim, Vembu and Chhabra fail to disclose or even remotely suggest, either alone or in combination, the features of embodiments as claimed in independent claim 1. In particular, the Office Action categorically fails to show how Kim, Vembu and Chhabra, either alone or in combination, disclose or remotely suggest one or more processors of an apparatus of a computing system as claimed in independent claim 1 … It is not at all clear from Kim, the primary reference, whether the Examiner is intending to refer to the host controller interface 1400A or to CPU 1110 or 1120 of Kim as the apparatus that is being claimed, or as a computing engine with which processors of the apparatus are to communicate. The Office Action merely states that "Examiner submits the Host Controller Interface Unit having the security manage unit [sic], data projector and storage controller and the CPU of Kim or being treated as one of the one or more processors or as one of the one or more computing engines of the computing system 
Applicant’s argument presented above has been considered and is found persuasive due to Applicant’s amendment necessitates a new ground of rejection.
Accordingly, a new ground of rejection based on newly identified prior-art by Guotao et al. (WO 2019233118) has been applied to the amendment.
Specifically, Guotao discloses a data processing apparatus and method, which improve the efficiency of data compression and decryption or decryption and decompression, and reduce the system bandwidth. In the process of compression and encryption, after the data to be processed is compressed, there is no need to store the compressed data in the memory, and before the compressed data is encrypted, there is no need to read the compressed data from the memory, and only the memory needs to be executed in the whole process. One read and one write is enough, that is, the processor only needs to interact with the storage module twice. In addition, in this decryption and decompression process, after decrypting the data to be processed, there is no need to write the decrypted data into the storage module, and before decompressing the decrypted data, there is no need to read the decrypted data from the storage module. The storage module can perform one read and one write, that is, the processor only needs to interact with the storage module twice.   Finally, Guotao discloses a control logic configured to control the second format conversion logic to convert the format of the decompressed data into the original format, and send the decompressed data in the original format to the data output logic. In the embodiment of the application, the second format transformation logic is used to transform the format of the decompressed data into the original format, so that the decompressed data can be conveniently used, compressed or encrypted (See Parag [0038-0044]).
Thus, Examiner submits that Guotao teaches the amended feature limitation, “… the first computing engine to process the decrypted first content to generate the second content the second content corresponding to a decompressed version of the decrypted first content;”.

rejection below for details.
The Examiner respectfully submits that Vembu and Chhabra does not change the principle of operation of the primary reference or render the reference inoperable for its intended purpose. See MPEP § 2143.01. The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference by Kim. Rather, the test is what the combined teachings of those references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425, 208 USPQ 871, 881 (CCPA 1981). See also In re Sneed, 710 F.2d 1544, 1550, 218 USPQ 385, 389 (Fed. Cir. 1983). It is not necessary that the inventions of the references be physically combinable to render obvious the invention under review.”; and In re Nievelt, 482 F.2d 965, 179 USPQ 224, 226 (CCPA 1973). Combining the teachings of references Kim in view of Vembu and Chhabra does not involve an ability to combine their specific structures. Thus, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Thus, the claimed invention, as a whole, is at least prima facie obvious.
Primary reference by Kim, clearly, shows a computing system with one or more processors to execute the instructions or commands (i.e. read/write data), and a a graphic engine (i.e., the second computing engine), processes decrypted data or content to be display. See Fig. 1 and 3 of Vembu.  Specifically, Vembu discloses in Parag. [0017] and [0034] that the engine 18 (an encryption/decryption engine) is part of the graphics engine, and this particular engine is responsible to encrypt/decrypt the content using a key and provide the data for displaying purposes. Finally, Chhabra describes an invention that provides memory encryption that supports multiple keys and is configurable or programmable. The number of supported keys, for example, can be implementation-dependent. In some embodiments, for example, a memory protection engine can be configured or programmed (e. g., by software) to encrypt different regions or pages of memory using different encryption keys and/or algorithms (See Parag. [0012-0013] and Fig. 2).
Applicant’s remarks regarding amended independent claims 12 and 21 has been considered and is addressed based on the same rationale presented for the amended claim 1.
Applicant further recites similar remarks as listed above for dependent claims, 3-11, 14-20 and 23-25. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Kim, Vembu, Chhabra and Guotao would render the claimed limitations obvious.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-12, 14-21 and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over  Kim et al. (US 2014/0115656) hereinafter as Kim in view of Vembu et al. (US 2009/0172331) hereinafter Vembu, and in further view of Chhabra et al. (US (US 2019/0004973) hereinafter as Chhabra and Guotao et al. (WO 2019233118) hereinafter Guotao.
As per claim 1, Kim teaches an apparatus of a computing system (Kim, Parag. [0032]; “The term "computer system" is used herein to broadly denote a digital platform capable of performing some form of data processing on data to be stored in and/or data retrieved from a data storage device. A computer system will include logic circuitry that may generally be termed a "processor.”), the apparatus comprising one or more processors (Kim, Parag. [0154-0155]; “The computer system 3000 comprises a microprocessor 3200 connected to a bus 3100, a cache memory 3210, a read only memory (ROM) 3300, a main memory 3400, a main memory controller 3410, a storage device 3500, a host controller interface 3510, an I/O controller 3610, an I/O device 3600, a display device 3700, and a display controller 3710. The microprocessor 3200 is a control device entirely controlling the computer system 3000. The microprocessor 3200 may be embodied in a multi-core processor including a plurality of cores.”) and an input/output interface connected to the one or more processors to enable communication between the one or more processors and a computing engine of the computing system (Kim, Parag. [0035-0036]; “Referring to FIG. 1, a computer system 1000 comprises a central processing unit (CPU) 1100, a main memory 1200, a main memory controller 1300, a host controller interface 1400, and a data storage device 1500.”… Parag. [0039], “In conjunction with the CPU 1100, the main memory controller 1300 may be used to control the main memory 1200. The main memory controller 1300 may be configured to support a plurality of bus interface ports, and thereby the main memory controller 1300 may be connected to the secure CPU 1110, the non-secure CPU 1120, and the host controller interface 1400.” … The host controller interface 1400 provides a hardware-based interface capable of communicating data (e.g., DATA and DATA') between the main memory 1200 and storage device 1500. In certain embodiments of the inventive concept, the host controller interface 1400 may provide a direct memory access (DMA) master function… According to certain embodiments of the inventive concept, the host controller interface 1400 and the storage device 1500 may communicate using a serial ATA (SATA) interface, and a sector may be used as an address unit.”), the one or more processors to: 
Kim, Parags. [0093 – 0094]; “The storage controller 310 generates a sector key (SECTOR_KEY) based on sector information included in the buffer descriptor BD, and transmits the sector key to the security management unit 320 and the data protector 330 (S213). The security management unit 320 selects one of a plurality of entries included in the security policy table 322 in response to a sector key output from the storage controller 310 (S214). Here, the security policy table 322 includes entries each managing a security policy for each of the regions included in the storage device 1500.”)and [a second instruction including information on a second cryptographic key]; 
determine that the no-decrypt mode is to be inactive with respect to a read request from a first computing engine of the computing system to read a first content from the memory of the computing system (Kim, Parags. [0072 – 0074]; “In each one of the entries 41 to 44 and 48, includes information indicating whether the stored data is valid or invalid (VALID/INVALID) in view of the security policy. The security policy may further indicate whether read (R) and/or write (W) access is allowed for a particular region of the storage device 1500. The security policy may further indicate whether to allow an access on a secure (S) or non-secure (NS) basis for a particular region of the storage device 1500. Finally, the security policy may indicate whether an encryption (Enc) operation may be performed in relation to data written to or read from the region. In the illustrated example of FIG. 6, it is assumed that the data stored in the regions (sectors) associated with entries 41 to 44 are VALID. A first region has a size of A sectors from an address stored in Base sector address register 1. Only a read operation may be performed in the first region, the first region may be accessed only by an application having a security level, and encrypted data may be stored in the first region.” … Parag. [0142]; “According to the encryption/decryption indication signal, the data protector 430 may perform an encryption/decryption operation on data to be written to or read from the storage device 1500 via the host controller interface 1400B. That is, the data protector 430 may be used to determine whether to perform an encryption operation, a decryption operation, or a bypass operation based on the encryption/decoding indication signal provided by the security management unit 420.”); ATTORNEY DOCKET NO.PATENT APPLICATION AB2755-US16/457,909 Confirmation No. 8719 3 
determine that the no-decrypt mode is to be inactive (Kim, Parags. [0072 – 0074]; “In each one of the entries 41 to 44 and 48, includes information indicating whether the stored data is valid or invalid (VALID/INVALID) in view of the security policy. The security policy may further indicate whether read (R) and/or write (W) access is allowed for a particular region of the storage device 1500. The security policy may further indicate whether to allow an access on a secure (S) or non-secure (NS) basis for a particular region of the storage device 1500. Finally, the security policy may indicate whether an encryption (Enc) operation may be performed in relation to data written to or read from the region. In the illustrated example of FIG. 6, it is assumed that the data stored in the regions (sectors) associated with entries 41 to 44 are VALID. A first region has a size of A sectors from an address stored in Base sector address register 1. Only a read operation may be performed in the first region, the first region may be accessed only by an application having a security level, and encrypted data may be stored in the first region.” … Parag. [0142]; “According to the encryption/decryption indication signal, the data protector 430 may perform an encryption/decryption operation on data to be written to or read from the storage device 1500 via the host controller interface 1400B. That is, the data protector 430 may be used to determine whether to perform an encryption operation, a decryption operation, or a bypass operation based on the encryption/decoding indication signal provided by the security management unit 420.”) [with respect to a read request from a second computing engine of the computing system to read a second content from the memory of the computing system]; 
in response to receiving the read request from the first computing engine, decrypt the first content, using the first cryptographic key, to generate a decrypted first content, and send the decrypted first content to the first computing engine (Kim, Parag. [0065]; “Accordingly, the security management unit 320 may select one of the security policy table entries in response to a given the sector key (SECTOR_KEY) provided by the storage controller 310. The security management unit 320 may output an encryption/decryption indication signal ED, determining whether to perform an encryption operation on data according to a security policy included in the selected entry, to the data protector 330… Parag. [0074]; “A first region has a size of A sectors from an address stored in Base sector address register 1. Only a read operation may be performed in the first region, the first region may be accessed only by an application having a security level, and encrypted data may be stored in the first region.”), [the first computing engine to process the decrypted first content to generate the second content, the second content corresponding to a decompressed version of the decrypted first content]; 

[in response to receiving the read request from the second computing engine, decrypt the second content, using the second cryptographic key, to generate a decrypted second content, and send the decrypted second content to the second computing engine, the second computing engine to process the decrypted second content to generate processed second content].
Kim does not expressly teach the following limitations:
a second instruction including information on a second cryptographic key; 
determine … with respect to a read request from a second computing engine of the computing system to read a second content from the memory of the computing system;
 the first computing engine to process the decrypted first content to generate the second content the second content corresponding to a decompressed version of the decrypted first content;
in response to receiving a write request from the first computing engine to write the second content to the memory, encrypt the second content, using the second cryptographic key, to generate an encrypted second content, and write the encrypted second content to the memory;
in response to receiving the read request from the second computing engine, decrypt the second content, using the second cryptographic key, to generate a decrypted 
However, Vembu teaches:
determine … with respect to a read request from a second computing engine of the computing system to read a second content from the memory of the computing system (Vembu, Parags. [0008-0011]; “Referring to FIG. 1, a computer system 10 may receive encrypted content. The computer system 10 may include a graphics engine. A graphics engine is hardware that performs graphics processing tasks independently of the computer's central processing unit(s). A graphics engine may include a graphics coprocessor, a graphics accelerator, a display adapter, or a graphics adapter. Encrypted content may include any kind of encrypted material, including graphics, video, still pictures, text, games, software, or data. The encrypted information may come in from an application 14 which includes a key for decryption. The incoming data may be stored in a memory 12 within an unprotected memory portion 12a thereof. In one embodiment, the memory 12 may be associated with a graphics engine. While memory 12 is shown as one memory with protected and unprotected regions, separate memories may also be used. The memory 12 may include an integrated or external memory controller. In one embodiment, the memory 12 is system memory. As shown in FIG. 1, the encrypted material is stored on a buffer or surface 16. Even though the memory 12a is unprotected, because the information is still encrypted, security is maintained. When the encrypted content is needed, it may be read from the encrypted surface 16 in the unprotected memory 12a by an engine 18. In one embodiment, the engine 18 may be an encryption/decryption engine.” … Parag. [0017]; “The engine 18, which is part of the graphics engine, reads data from the unprotected memory 12a and decrypts and writes out the result into protected memory 12b.”);
[the first computing engine to process the decrypted first content to generate the second content the second content corresponding to a decompressed version of the decrypted first content];
[in response to receiving the read request] from the second computing engine, [decrypt the second content, using the second cryptographic key, to generate a decrypted second content, and send the decrypted second content to] the second computing engine, the second computing engine to process the decrypted second content to generate processed second content (Vembu, Parags. [0008-0009], “Referring to FIG. 1, a computer system 10 may receive encrypted content. The computer system 10 may include a graphics engine. A graphics engine is hardware that performs graphics processing tasks independently of the computer's central processing unit(s). A graphics engine may include a graphics coprocessor, a graphics accelerator, a display adapter, or a graphics adapter. Encrypted content may include any kind of encrypted material, including graphics, video, still pictures, text, games, software, or data. The encrypted information may come in from an application 14 which includes a key for decryption. The incoming data may be stored in a memory 12 within an unprotected memory portion 12a thereof. In one embodiment, the memory 12 may be associated with a graphics engine.”… Parags. [0011-0012]; “When the encrypted content is needed, it may be read from the encrypted surface 16 in the unprotected memory 12a by an engine 18. In one embodiment, the engine 18 may be an encryption/decryption engine… The engine 18 may be responsible for decrypting the encrypted content using a key, as indicated by the key K1. However, rather than storing the decrypted information, the engine 18 passes it on to a renderer engine 20 which is part of a graphics engine responsible for processing the content for display.”).
Kim and Vembu are from similar field of technology. Prior to the instant application’s effective filling date, provide memory encryption protection for content, such as graphics-related content using a converged cryptographic engine, simplifying the computing system design architecture, cutting costs, and improving performance.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vembu system into Kim system, with a motivation to provide graphics engine that may include a decryption device, a renderer, and a sprite or overlay engine, all connected to a display. A memory that may have protected and non-protected portions in one embodiment. (Vembu, Abstract).
The combination of Kim and Vembu does not expressly teach:
a second instruction including information on a second cryptographic key; and
the first computing engine to process the decrypted first content to generate the second content the second content corresponding to a decompressed version of the decrypted first content;
in response to receiving a write request from the first computing engine to write the second content to the memory, encrypt the second content, using the second cryptographic 
in response to receiving the read request [from the second computing engine], decrypt the second content, using the second cryptographic key, to generate a decrypted second content, and send the decrypted second content to [the second computing engine, the second computing engine to process the decrypted second content to generate processed second content].
However, Chhabra teaches:
a second instruction including information on a second cryptographic key (Chhabra, Parag. [0136]; “In one example embodiment of an apparatus, the memory encryption controller is further to: identify a command to add a second protected domain to the plurality of protected domains; identify a second protected memory region associated with the second protected domain; identify a second encryption key associated with the second protected domain; and configure the second protected domain based on the second protected memory region and the second encryption key.”);
in response to receiving a write request from the first computing engine to write the second content to the memory, encrypt the second content, using the second cryptographic key, to generate an encrypted second content, and write the encrypted second content to the memory (Chhabra, Parag. [0076]; “The flowchart may then proceed to block 508 to perform a cryptography operation (e. g., an encrypt and/or decrypt operation) on data associated with the memory location using the encryption key for the protected domain. For example, for a read operation, data may be obtained from the memory location and may then be decrypted using the identified encryption key. For a write operation, data that is to be written to the memory location may first be encrypted using the identified encryption key.” … Parag. [0131]; “In one example embodiment of an apparatus: the memory access operation comprises a memory write operation; and the memory encryption controller to perform the cryptography operation on the data associated with the memory access operation is further to encrypt the data based on the encryption key associated with the protected domain, wherein the result of the cryptography operation is to be written to the memory location of the memory.” … Parag. [0136]; “In one example embodiment of an apparatus, the memory encryption controller is further to: identify a command to add a second protected domain to the plurality of protected domains; identify a second protected memory region associated with the second protected domain; identify a second encryption key associated with the second protected domain; and configure the second protected domain based on the second protected memory region and the second encryption key.”);
in response to receiving the read request [from the second computing engine], decrypt the second content, using the second cryptographic key, to generate a decrypted second content, and send the decrypted second content to [the second computing engine, the second computing engine to process the decrypted second content to generate processed second content] (Chhabra, Parag. [0136]; “In one example embodiment of an apparatus, the memory encryption controller is further to: identify a command to add a second protected domain to the plurality of protected domains; identify a second protected memory region associated with the second protected domain; identify a second encryption key associated with the second protected domain; and configure the second protected domain based on the second protected memory region and the second encryption key.”… Parag. [0141]; “In one example embodiment of a storage medium: the memory access operation comprises a memory read operation; and the instructions that cause the machine to perform the cryptography operation on the data associated with the memory access operation further cause the machine to: obtain the data from the memory location of the memory; and decrypt the data based on the encryption key associated with the protected domain.).
Kim, Vembu and Chhabra are from similar field of technology. Prior to the instant application’s effective filling date, provide memory encryption protection for content, such as graphics-related content using a converged cryptographic engine, simplifying the computing system design architecture, cutting costs, and improving performance.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chhabra system into Kim-Vembu system, with a motivation to provide memory encryption protection, thus providing an additional layer of security by plugging the hole associated with unprotected or insecure memory (Chhabra, Parag. [0012]).
The combination of Kim, Vembu and Chhabra does not expressly teach:
the first computing engine to process the decrypted first content to generate the second content, the second content corresponding to a decompressed version of the decrypted first content;
However, Guotao teach:
Guotao, Parag. [0038]; “In the embodiment of the present application, after some data to be processed is decrypted, the decrypted data formed can be decompressed by the decompression component, so that the decryption operation of the decryption component and the decompression operation of the decompression component can be processed in parallel, without waiting for all after the decryption process is completed for the data to be processed, the decrypted data is decompressed, so as to further improve the efficiency of decryption and decompression.” … Parag. [0044]; “In the embodiment of the present application, the second format transformation logic is used to transform the format of the decompressed data into the original format, so that the decompressed data can be conveniently used, compressed or encrypted.” … Parag. [0069]; “Decompress the decrypted data to obtain decompressed data.” Examiner submits that the process of decompressing the decrypted data is used to obtain a decompressed data (i.e., second data) thus, is equivalent to the decrypted data decompressed.)
Kim, Vembu, Chhabra and Guotao are from similar field of technology. Prior to the instant application’s effective filling date, provide memory encryption protection for content, such as graphics-related content using a converged cryptographic engine, simplifying the computing system design architecture, cutting costs, and improving performance.
Guotao system into Kim-Vembu-Chhabra system, with a motivation to provide a data processing apparatus and method, which improve the efficiency of data compression and decryption or decryption and decompression, and reduce the system bandwidth (Guotao, Parag. [0006]).


As per Claim 3, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus of claim 1. Chhabra teaches wherein the one or more processors are further to: receive a third instruction including information on a third cryptographic key (Chhabra, Parag. [0050]; “For example, in the illustrated example, domain key table 207 includes four entries. The first entry identifies a protected domain corresponding to key ID 00000 (thus covering all memory addresses that contain 00000 in the highest order 5 bits), which is protected in default encryption mode using key "ABC.” The second entry identifies a protected domain corresponding to key ID 00001 (thus covering all memory addresses that contain 00001 in the highest order 5 bits), which is protected in plaintext mode and thus does not have an associated encryption key. The third entry identifies a protected domain corresponding to key ID 00010 (thus covering all memory addresses that contain 00010 in the highest order 5 bits), which is protected in custom encryption mode using key "XYZ.”… Parag. [0136]; “In one example embodiment of an apparatus, the memory encryption controller is further to: identify a command to add a second protected domain to the plurality of protected domains; identify a second protected memory region associated with the45 second protected domain; identify a second encryption key associated with the second protected domain; and configure the second protected domain based on the second protected memory region and the second encryption key. Examiner submits that this operation could be done or repeated for a third cryptographic and so on.”); and 
in response to receiving a write request from the second computing engine to write the processed second content to the memory, encrypt the processed second content, using the third cryptographic key (Chhabra, Parag. [0050]; “For example, in the illustrated example, domain key table 207 includes four entries. The first entry identifies a protected domain corresponding to key ID 00000 (thus covering all memory addresses that contain 00000 in the highest order 5 bits), which is protected in default encryption mode using key "ABC.” The second entry identifies a protected domain corresponding to key ID 00001 (thus covering all memory addresses that contain 00001 in the highest order 5 bits), which is protected in plaintext mode and thus does not have an associated encryption key. The third entry identifies a protected domain corresponding to key ID 00010 (thus covering all memory addresses that contain 00010 in the highest order 5 bits), which is protected in custom encryption mode using key "XYZ.”… Parag. [0136]; “In one example embodiment of an apparatus, the memory encryption controller is further to: identify a command to add a second protected domain to the plurality of protected domains; identify a second protected memory region associated with the second protected domain; identify a second encryption key associated with the second protected domain; and configure the second protected domain based on the second protected memory region and the second encryption key.”), to generate encrypted processed second content, and write the encrypted processed second content to the memory (Kim, Parag. [0076]; “A third region has a size of C sectors from an address stored in Base sector address register 3. Both a read and write operations may be performed in the third region, the third region may be accessed only by an application having a security level, and encrypted data may be stored in the third region.” Examiner submits that this operation could be done or repeated for a third cryptographic key and so on.”). 
Kim further teaches determine that the no-decrypt mode is to be active (Kim, Parags. [0072 – 0074]; “In each one of the entries 41 to 44 and 48, includes information indicating whether the stored data is valid or invalid (VALID/INVALID) in view of the security policy. The security policy may further indicate whether read (R) and/or write (W) access is allowed for a particular region of the storage device 1500. The security policy may further indicate whether to allow an access on a secure (S) or non-secure (NS) basis for a particular region of the storage device 1500. Finally, the security policy may indicate whether an encryption (Enc) operation may be performed in relation to data written to or read from the region. In the illustrated example of FIG. 6, it is assumed that the data stored in the regions (sectors) associated with entries 41 to 44 are VALID. A first region has a size of A sectors from an address stored in Base sector address register 1. Only a read operation may be performed in the first region, the first region may be accessed only by an application having a security level, and encrypted data may be stored in the first region.” … Parag. [0142]; “According to the encryption/decryption indication signal, the data protector 430 may perform an encryption/decryption operation on data to be written to or read from the storage device 1500 via the host controller interface 1400B. That is, the data protector 430 may be used to determine whether to perform an encryption operation, a decryption operation, or a bypass operation based on the encryption/decoding indication signal provided by the security management unit 420.”), and 
[in response to receiving the read request from the second computing engine to read the encrypted processed second content], send, without decrypting, the encrypted processed second content to the second computing engine (Kim, Parag. [0066]; “In response to the encryption/decryption indication signal ED provided by the security management unit 320, the data protector 330 may be used to perform encryption/decryption operation(s) on write data (DATA) to be written to the storage device 1500 and read data (DATA') retrieved from the storage device 1500 via the host controller interface 1400A. For example, the data protector 330 may determine whether to perform an encryption operation, a decryption operation, or a bypass operation for read/write data based on an encryption/decryption indication signal ED.” Kim, para [0142], “According to the encryption/decryption indication signal, the data protector 430 may perform an encryption/decryption operation on data to be written to or read from the storage device 1500 via the host controller interface 1400B. That is, the data protector 430 may be used to determine whether to perform an encryption operation, a decryption operation, or a bypass operation based on the encryption/decoding indication signal provided by the security management unit 420.” Examiner submits, by setting encryption/decryption indication signal ED to ‘BYPASS’ during a READ operation on C sector with data that are encrypted, the data is now fetched without decryption and sent to the RENDER Engine, the second computing engine.).
Vembu further teaches with respect to a read request from the second computing engine to read the processed second content from the memory of the computing system (Vembu, Parags. [0008-0011]; “Referring to FIG. 1, a computer system 10 may receive encrypted content. The computer system 10 may include a graphics engine. A graphics engine is hardware that performs graphics processing tasks independently of the computer's central processing unit(s). A graphics engine may include a graphics coprocessor, a graphics accelerator, a display adapter, or a graphics adapter. Encrypted content may include any kind of encrypted material, including graphics, video, still pictures, text, games, software, or data. The encrypted information may come in from an application 14 which includes a key for decryption. The incoming data may be stored in a memory 12 within an unprotected memory portion 12a thereof. In one embodiment, the memory 12 may be associated with a graphics engine. While memory 12 is shown as one memory with protected and unprotected regions, separate memories may also be used. The memory 12 may include an integrated or external memory controller. In one embodiment, the memory 12 is system memory. As shown in FIG. 1, the encrypted material is stored on a buffer or surface 16. Even though the memory 12a is unprotected, because the information is still encrypted, security is maintained. When the encrypted content is needed, it may be read from the encrypted surface 16 in the unprotected memory 12a by an engine 18.”).

4, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus of claim 1.  Vembu further teaches wherein the first computing engine is a graphics processing unit, and the second computing engine is a display engine (Vembu, Parag. [0008], “Referring to FIG. 1, a computer system 10 may receive encrypted content. The computer system 10 may include a graphics engine. A graphics engine is hardware that performs graphics processing tasks independently of the computer's central processing unit(s). A graphics engine may include a graphics coprocessor, a graphics accelerator, a display adapter, or a graphics adapter… Parag. [0034]; The graphics engine may include the renderer engine 20, the decryption engine 18, the display engine 30, and the sprite or overlay engine 26, in some embodiments. The display 74 may correspond to the display 34 of FIG. 1 in some embodiments… Parag [0012]; However, rather than storing the decrypted information, the engine 18 passes it on to a renderer engine 20 which is part of a graphics engine responsible for processing the content for display”. Examiner submits a part of the display engine within the graphics engine is being considered as the second computing engine and whereas the Host Controller Interface Unit 1400A of Kim can be considered as part of the first computing Graphics Engine.).

As per Claim 5, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus of claim 1. 
Chhabra additionally teaches wherein at least one of the instruction or the second instructions further includes: information on a key identifier (KeylD) corresponding to a corresponding one of the first cryptographic key or the second cryptographic key; and 
Chhabra, Parag. [0048]; “The entries 207a-d of domain key table 207 each correspond to a different protected domain. For example, each entry 207a-d includes a key or domain identifier (ID), a protection mode, and an associated encryption key (if applicable).” … Parag. [0049]; “Moreover, in some embodiments, multiple protection modes may be supported, and each protected domain may be protected using a particular protection mode. For example, in some embodiments, the supported protection modes may include plaintext mode (e. g., unencrypted), standard or default encryption mode (e. g., encrypted using a standard or default encryption key), and/or custom encryption mode (e. g., encrypted using a unique encryption key). Accordingly, key table 207 may identify the protection mode associated with each protected domain or key ID.” … Parag. [0051]; “In some embodiments, protected domains may be defined and/or configured using a processor instruction implemented by processor 202.”… Parag. [0073]; “In some embodiments, for example, a protected domain may be created and/or configured using a command, instruction, and/or register to identify a protection mode, encryption type, and/or encryption key for the protected domain.”).

As per claim 6, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus claim of claim 1. Chhabra further teaches:
 (Chhabra, Parag. [0136]; “In one example embodiment of an apparatus, the memory encryption controller is further to: identify a command to add a second protected domain to the plurality of protected domains; identify a second protected memory region associated with the second protected domain; identify a second encryption key associated with the second protected domain; and configure the second protected domain based on the second protected memory region and the second encryption key.”).
Additionally, Kim teaches:
cache memory, the cache memory coupled to the one or more processors, wherein the one or more processors are to (Kim, Parag. [0155]; “The computer system 3000 comprises a microprocessor 3200 connected to a bus 3100, a cache memory 3210, a read only memory (ROM) 3300, a main memory 3400, a main memory controller 3410, a storage device 3500, a host controller interface 3510, an I/O controller 3610, an I/O device 3600, a display device 3700, and a display controller 3710.”… Parag. [0156]; “The microprocessor 3200 is a control device entirely controlling the computer system 3000. The microprocessor 3200 may be embodied in a multi-core processor including a plurality of cores. The cache memory 3210 is positioned adjacent to the microprocessor 3200. The cache memory 3210 is a high speed memory device used to buffer a data processing speed between the microprocessor 3200 having a comparatively fast operation speed and the main memory 3400 having a comparatively slow operation speed. The ROM 3300 may store a boot code in a read-only memory device.”):
Kim, Parag. [0041]; “FIG. 2 is a block diagram illustrating a computer system according to certain embodiments of the inventive concept. Referring to FIG. 2, a computer system 2000 comprises a CPU 2100, a main memory 2200, a main memory controller 2300, a host controller interface 2400, and a storage device 2500. The CPU 2100, main memory 2200, main memory controller 2300, and host controller interface 2400 communicate via a system bus 2600.” … Parag. [0038]; “Accordingly, when a "current application" (i.e., an application currently being executed by CPU 1100) accesses data stored in the storage device 1500, the CPU 1100 may generate a "buffer descriptor" (BD) identifying a stored location for associated data (e.g., read/write data), and then store the buffer descriptor along with the data in main memory 1200, albeit, each generated buffer descriptor may be stored in a particular buffer descriptor (BD) region 1210 of the main memory 1200. In this context, the main memory 1200 may be understood as data storage media that is used to temporarily store data (e.g., a system memory or cache memory). Hence, the main memory 1200 may be used to store data according to a file system form, and/or to store buffer descriptor(s) generated by the CPU 1100 in the BD region 1210.” … Parag. [0069]; “FIG. 6 is a conceptual drawing illustrating one possible example of a security policy table that may be included in the security management unit of FIG. 5.” … Parag. [0070]; “Referring to FIG. 6, a security policy table 322A includes multiple entries, each entry managing a particular security policy for one or more regions (e.g., sectors) of the storage device 1500.” … Parag. [0091]; “Referring to FIGS. 1, 5, 9A, and 9B, the storage controller 310 reads a buffer descriptor BD including sector information from the storage region 1210 of the main memory 1200 by using a start address stored in the start register 311 (S211). Here, the buffer descriptor (BD) is generated by an application for accessing a specific region of the storage device 1500 corresponding to the sector information. The buffer descriptor is input to the storage controller 310 through the data protector 330.” … Parag. [0092]; “The storage controller 310 reads or fetches data (DATA) stored in the main memory 1200, e.g., a storage region corresponding to the source address, by using a source address (e.g., 11 of FIG. 3) included in the buffer descriptor (S212).” … Parag. [0093]; “The storage controller 310 generates a sector key (SECTOR_KEY) based on sector information included in the buffer descriptor BD, and transmits the sector key to the security management unit 320 and the data protector 330 (S213).” … Parag. [0094]; “The security management unit 320 selects one of a plurality of entries included in the security policy table 322 in response to a sector key output from the storage controller 310 (S214). Here, the security policy table 322 includes entries each managing a security policy for each of the regions included in the storage device 1500.” Examiner submits, see Host Controller Interface 2400 of unit 2000 of FIG. 2 and the Data Protector unit 330 of unit 1400A of FIG. 5 in which unit 330 receives DATA as well as have access to Buffer Descriptor resides in the Main Memory unit 2200.); and
in response to receiving the write request from the first computing engine to write the second content to the memory, encrypt the second content, using the second  (Kim, Parag. [0074]; “A first region has a size of A sectors from an address stored in Base sector address register 1. Only a read operation may be performed in the first region, the first region may be accessed only by an application having a security level, and encrypted data may be stored in the first region.” … Parag. [0076]; “A third region has a size of C sectors from an address stored in Base sector address register 3. Both a read and write operations may be performed in the third region, the third region may be accessed only by an application having a security level, and encrypted data may be stored in the third region.” … Parag. [0065]; “Accordingly, the security management unit 320 may select one of the security policy table entries in response to a given the sector key (SECTOR_KEY) provided by the storage controller 310. The security management unit 320 may output an encryption/decryption indication signal ED, determining whether to perform an encryption operation on data according to a security policy included in the selected entry, to the data protector 330.” … Parags. [0081-0082], “The table access control logic 321 may change a security policy in each region of the storage device 150 stored in the sector access control table 322 in response to a table update command TU_ CMD output from the secure CPU 1110. When the table-update command TU_CMD is input from the non-secure CPU 1120, the table access control logic 321 does not transmit a security policy change signal TU to the sector access control table 322, but transmits an error signal TUE to the non-secure CPU 1120. The table access control logic 321 may generate a security policy change signal TU for changing at least one entry of the sector access control table 322 in response to a table-update command TU_CMD output from the secure CPU 1110.” … Parag. [0067]; “When an encryption operation is performed on write data (DATA), the data protector 330 may perform an encryption operation using the sector key (SECTOR_KEY) provided by the storage controller 310.” Examiner submits a first computing engine CPU first READ the decrypted data from A sectors that are encrypted, then perform a WRITE operation of the same data into C sector that are re-encrypted using a different cryptographic key provided by the storage controller 310. In addition, the security policy for each memory regions can be changed dynamically as disclosed in Kim, paras [0081-0082] in above. Also, the first computing engine can process multiple cryptographic keys stored in the storage controller unit 310.).

As per claim 7, the rejections of claim 3 are incorporated. In addition, claim 7 recites limitations similar to claim 6. Therefore, claim 7 is rejected with the same rational as applied for claim 6 (Examiner submits, per Kim’s and Chhabra disclosures, Kim’s parags [0065] and [0094], the first computing engine can process and utilize multiple cryptographic keys for multiple READ/WRTIE operations, such as a first, second, third, fourth etc. cryptographic keys stored in the storage controller unit 310; and Chhabra’s parags [0050] and [0136] describes how a key is assigned to each memory portion to perform a READ/WRITE operations.).

As per claim 8, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus of claim 1. Kim additionally teaches wherein the one or more processors are to: 
 (Kim, Parag. [0032]; “The term "computer system" is used herein to broadly denote a digital platform capable of performing some form of data processing on data to be stored in and/or data retrieved from a data storage device. A computer system will include logic circuitry that may generally be termed a "processor." In certain embodiments of the inventive concept, the processor of computer system may be said to "execute" one or more applications in accordance with a constituent operating system (OS).” … Parag. [0033]; “The data (e.g., read/write data) implicated by or related to execution of an application by the processor may be stored in a "main memory". Thus, the "data" stored in the main memory may be program data defining a command within the application, and/or actual data (e.g., user data, payload data, computational data, etc.) operated upon or generated by the processor in response to command(s).” … Parag. [0093]; “The storage controller 310 generates a sector key (SECTOR_KEY) based on sector information included in the buffer descriptor BD, and transmits the sector key to the security management unit 320 and the data protector 330 (S213).” … Parag. [0094]; “The security management unit 320 selects one of a plurality of entries included in the security policy table 322 in response to a sector key output from the storage controller 310 (S214). Here, the security policy table 322 includes entries each managing a security policy for each of the regions included in the storage device 1500.”);
receive an instruction including information on another cryptographic key from a central processing unit of the computing system, wherein said corresponding one of the  (Kim, Parag. [0038]; “Accordingly, when a "current application" (i.e., an application currently being executed by CPU 1100) accesses data stored in the storage device 1500, the CPU 1100 may generate a "buffer descriptor" (BD) identifying a stored location for associated data (e.g., read/write data), and then store the buffer descriptor along with the data in main memory 1200, albeit, each generated buffer descriptor may be stored in a particular buffer descriptor (BD) region 1210 of the main memory 1200. In this context, the main memory 1200 may be understood as data storage media that is used to temporarily store data (e.g., a system memory or cache memory). Hence, the main memory 1200 may be used to store data according to a file system form, and/or to store buffer descriptor(s) generated by the CPU 1100 in the BD region 1210.” … Parag. [0091]; “Referring to FIGS. 1, 5, 9A, and 9B, the storage controller 310 reads a buffer descriptor BD including sector information from the storage region 1210 of the main memory 1200 by using a start address stored in the start register 311 (S211). Here, the buffer descriptor (BD) is generated by an application for accessing a specific region of the storage device 1500 corresponding to the sector information. The buffer descriptor is input to the storage controller 310 through the data protector 330.” … Parag. [0092]; “The storage controller 310 reads or fetches data (DATA) stored in the main memory 1200, e.g., a storage region corresponding to the source address, by using a source address (e.g., 11 of FIG. 3) included in the buffer descriptor (S212).” … Parag. [0093]; ”The storage controller 310 generates a sector key (SECTOR_KEY) based on sector information included in the buffer descriptor BD, and transmits the sector key to the security management unit 320 and the data protector 330 (S213).” … Parag. [0094]; ”The security management unit 320 selects one of a plurality of entries included in the security policy table 322 in response to a sector key output from the storage controller 310 (S214). Here, the security policy table 322 includes entries each managing a security policy for each of the regions included in the storage device 1500.”); and
in response to receiving a request from the computing engine to at least one of read the content from the memory or write the content to the memory, use said corresponding one of the first cryptographic key or the second cryptographic key to at least one of decrypt the content or encrypt the content without using said another cryptographic key (Kim, Parag. [0093]; ”The storage controller 310 generates a sector key (SECTOR_KEY) based on sector information included in the buffer descriptor BD, and transmits the sector key to the security management unit 320 and the data protector 330 (S213).” … Parag. [0142]; “According to the encryption/decryption indication signal, the data protector 430 may perform an encryption/decryption operation on data to be written to or read from the storage device 1500 via the host controller interface 1400B. That is, the data protector 430 may be used to determine whether to perform an encryption operation, a decryption operation, or a bypass operation based on the encryption/decoding indication signal provided by the security management unit 420.” … Parag. [0079]; “Different control methods may be used to establish a particular security policy (and corresponding entry in the security policy table 322A) according to certain embodiments of the inventive concept.” See FIG.4 and FIG. 6 table. Examiner submits, memory region 33 and 34 in FIG.4 is the equivalent of when NO-DECRYPT mode is set to ‘INACTIVE’ instructing the computing engine to DECRYPT data during READ operation.” … Parag. [0095]; “The security management unit 320 determines whether the fetched data is encrypted using the security policy included in the selected entry (S215). When an encryption operation needs to be performed on the fetched data, the data protector 330 may encrypt data using the sector key, for example. However, when an encryption operation does not need to be performed on the fetched data, the data protector 330 bypasses and transmits the data to the storage controller 310.” … Parag. [0079]; “A third region has a size of C sectors from an address stored in Base sector address register 3. Both a read and write operations may be performed in the third region, the third region may be accessed only by an application having a security level, and encrypted data may be stored in the third region.”).

As per claim 9, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus of claim 1.  Kim further teaches the one or more processors to receive central processing unit (CPU) instructions from a CPU of the computing system, the CPU instructions including instructions to program the one or more processors with a capability to implement the no-decrypt mod (Kim, Parag. [0033]; “The data (e.g., read/write data) implicated by or related to execution of an application by the processor may be stored in a "main memory". Thus, the "data" stored in the main memory may be program data defining a command within the application, and/or actual data (e.g., user data, payload data, computational data, etc.) operated upon or generated by the processor in response to command(s).” … Parag. [0038], “Accordingly, when a "current application" (i.e., an application currently being executed by CPU 1100) accesses data stored in the storage device 1500, the CPU 1100 may generate a "buffer descriptor" (BD) identifying a stored location for associated data (e.g., read/write data), and then store the buffer descriptor along with the data in main memory 1200, albeit, each generated buffer descriptor may be stored in a particular buffer descriptor (BD) region 1210 of the main memory 1200. In this context, the main memory 1200 may be understood as data storage media that is used to temporarily store data (e.g., a system memory or cache memory). Hence, the main memory 1200 may be used to store data according to a file system form, and/or to store buffer descriptor(s) generated by the CPU 1100 in the BD region 1210.” … Parag. [0093]; “The storage controller 310 generates a sector key (SECTOR_KEY) based on sector information included in the buffer descriptor BD, and transmits the sector key to the security management unit 320 and the data protector 330 (S213).” … Parag. [0142]; “According to the encryption/decryption indication signal, the data protector 430 may perform an encryption/decryption operation on data to be written to or read from the storage device 1500 via the host controller interface 1400B. That is, the data protector 430 may be used to determine whether to perform an encryption operation, a decryption operation, or a bypass operation based on the encryption/decoding indication signal provided by the security management unit 420.” … Parag. [0079]; “Different control methods may be used to establish a particular security policy (and corresponding entry in the security policy table 322A) according to certain embodiments of the inventive concept.” … Parag. [0095]; “The security management unit 320 determines whether the fetched data is encrypted using the security policy included in the selected entry (S215). When an encryption operation needs to be performed on the fetched data, the data protector 330 may encrypt data using the sector key, for example. However, when an encryption operation does not need to be performed on the fetched data, the data protector 330 bypasses and transmits the data to the storage controller 310.”).

As per claim 10, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus of claim 1.  Kim further teaches further including the memory, the memory including a system memory of the computing system (Kim, Parag. [0032]; “… A computer system will include logic circuitry that may generally be termed a "processor." In certain embodiments of the inventive concept, the processor of computer system may be said to "execute" one or more applications in accordance with a constituent operating system (OS).” … Parag. [0033]; “The data (e.g., read/write data) implicated by or related to execution of an application by the processor may be stored in a "main memory". Thus, the "data" stored in the main memory may be program data defining a command within the application, and/or actual data (e.g., user data, payload data, computational data, etc.) operated upon or generated by the processor in response to command(s).” … Parag. [0038]; “Accordingly, when a "current application" (i.e., an application currently being executed by CPU 1100) accesses data stored in the storage device 1500, the CPU 1100 may generate a "buffer descriptor" (BD) identifying a stored location for associated data ( e.g., read/write data), and then store the buffer descriptor along with the data in main memory 1200, albeit, each generated buffer descriptor may be stored in a particular buffer descriptor (BD) region 1210 of the main memory 1200. In this context, the main memory 1200 may be understood as data storage media that is used to temporarily store data (e.g., a system memory or cache memory). Hence, the main memory 1200 may be used to store data according to a file system form, and/or to store buffer descriptor(s) generated by the CPU 1100 in the BD region 1210.”).

As per claim 11, the combination of Kim, Vembu, Chhabra and Guotao teaches the apparatus claim of claim 10. Kim further teaches a memory controller connected to the memory and to the one or more processors (Kim, Fig. 1, Fig. 5, and Parag. [0035]; “FIG. 1 is a block diagram illustrating a computer system according to certain embodiments of the inventive concept. Referring to FIG. 1, a computer system 1000 comprises a central processing unit (CPU) 1100, a main memory 1200, a main memory controller 1300, a host controller interface 1400, and a data storage device 1500.”).

As per Claim 12, it is a product claim comprising one or more tangible computer-readable non-transitory medium that recites limitations that are similar to those of claim 1. Therefore, claim 12 is rejected with the same rationale as applied for claim 1.  In addition, Kim teaches the product comprising one or more tangible computer-readable non-transitory storage media comprising computer-executable instructions operable to, when executed by at least one computer processor, cause the at least one computer processor to implement operations at a computing system (Kim, Parag. [0155]; “The microprocessor 3200 is a control device entirely controlling the computer system 3000. The microprocessor 3200 may be embodied in a multi-core processor including a plurality of cores. The cache memory 3210 is positioned adjacent to the microprocessor 3200. The cache memory 3210 is a high speed memory device used to buffer a data processing speed between the microprocessor 3200 having a comparatively fast operation speed and the main memory 3400 having a comparatively slow operation speed. The ROM 3300 may store a boot code in a read-only memory device.   [0156] The main memory 3400 performing a substantially same function to the main memory 1200 or 2200 may be embodied in a dynamic random access memory (DRAM), a static random access memory (SRAM), or a mobile DRAM. The main memory controller 3410 performing a substantially same function to the main memory controller 1300 or 2300 controls the main memory 3400.  [0157] The storage device 3500 performing a substantially same function to the storage device 1500 or 2500 may be the same as a hard disk drive (HDD), a solid state drive (SSD), or a redundant array of independent disk (RAID). [0158] The storage device 3500 may be embodied in a non-volatile memory device, and the non-volatile memory device may include an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a flash memory, a Phase Change Random Access Memory (PRAM), a Resistance Random Access Memory (RRAM), a Nano Floating Gate Memory (NFGM), a Polymer Random Access Memory (PoRAM), a Magnetic Random Access Memory (MRAM), or a Ferroelectric Random Access Memory (FRAM)”).

14, the rejection of claim 12 is incorporated.  In addition, Claim 14 recites limitations that are similar to those of claim 3.  Therefore, claim 14 is rejected with the same rationale as applied for claim 3.

As per Claim 15, the rejection of claim 12 is incorporated.  In addition, Claim 15 recites limitations that are similar to those of claim 4.  Therefore, claim 15 is rejected with the same rationale as applied for claim 4.

As per Claim 16, the rejection of claim 12 is incorporated.  In addition, Claim 16 recites limitations that are similar to those of claim 5. Therefore, claim 16 is rejected with the same rationale as applied for claim 5.

As per claim 17, the rejection of claim 12 is incorporated.  In addition, claim 17 recites limitations that are similar to those of claim 6.  Therefore, claim 17 is rejected with the same rationale as applied for claim 6.
 
As per claim 18, the rejection of claim 14 is incorporated.  In addition, claim 18 recites limitations that are similar to those of claim 7.  Therefore, claim 18 is rejected with the same rationale as applied for claim 7.

19, the rejection of claim 12 is incorporated.  In addition, Claim 19 recites limitations that are similar to those of claim 8. Therefore, claim 19 is rejected with the same rationale as applied for claim 8.

As per Claim 20, the rejection of claim 12 is incorporated. In addition, Claim 20 recites limitations that are similar to those of claim 9. Therefore, claim 20 is rejected with the same rationale as applied for claim 9.

As per claim 21, it is a method claim that recites limitations that are similar to those of claim 1. Therefore, claim 21 is rejected with the same rationale as applied for claim 1.

As per Claim 23, the rejection of claim 22 is incorporated.  In addition, Claim 23 recites limitations that are similar to those of claim 3.  Therefore, claim 23 is rejected with the same rationale as applied for claim 3.

As per Claim 24, the rejection of claim 22 is incorporated.  In addition, Claim 24 recites limitations that are similar to those of claim 4. Therefore, claim 24 is rejected with the same rationale as applied for claim 4.

As per Claim 25, the rejection of claim 21 is incorporated.  In addition, Claim 25 recites limitations that are similar to those of claim 5. Therefore, claim 25 is rejected with the same rationale as applied for claim 5.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Edirisooriya, S. et al.; US 2019/0042474: relates to device security, and more particularly, to a system for implementing encryption and decryption of data in memory and storage device.
Shepard, D.; US 6,598,164: relates to the security of digitized information, and more particularly to the methods and devices for deterring the unauthorized duplication of digitized information.
Rakib, S.; US 2004/0181811: relates to retrieving the MPEG-2 packets containing the conditional access key(s) and storing them in memory; sending the packets containing conditional access key(s) to conditional access decryption circuit for description and recovery of a working key; Sending the MPEG-2 packets of the program to the conditional access circuit for decryption; Sending the decrypted data to MPEG decoder  for decompression; and sending the decompressed data for video, audio and any associated graphics to encoder for generation of analog television signals of any type for display.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for 



/A.D.C./Examiner, Art Unit 2498   

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498