DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/20/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1, 5-6, 9 and 19-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Mattsson, US-20070180228-A1 (hereinafter “Mattsson ‘228”).
Per claim 1 (independent):
Mattsson ‘228 discloses: A hardware security module (HSM), comprising a plurality of processors (FIG. 1, [0016], a test device 102 (a HSM) … The module includes a cryptographic chip 104 (a processor) … a DRAM module 108, a general-purpose computing environment such as a 486-class CPU 110 (a processor).) configured to:
receive a request to perform one or more cryptographic operations, wherein the request comprises a first batch data structure storing a plurality of data elements (FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES (cryptographic operations) requests into one request (a first batch data structure), which is then sent (step 504) to the hardware security module 400; [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400);
process the first batch data structure in accordance with the received request and the one or more cryptographic operations, wherein to process the first batch data structure the plurality of processors are configured to:
unbatch the plurality of data elements, perform the one or more cryptographic operations on the plurality of data elements to generate a plurality of outputs, and generate an output batch data structure storing the plurality of outputs
(FIG. 5, [0022], The card-side application 420 is correspondingly modified to receive the sequence from the host-side application in one step 506, and to send each short-DES request (i.e., the sequence is unbatched into each short-DES request) to the encryption engine 422 in a repeated step 508 … The encryption engine 422 processes (step 412) each request … and returns (step 414) corresponding results (a plurality of outputs) to the card-side application 420. After the concatenation step 510 (i.e. generate an output batch data structure), the card-side application 420 either returns to step 508 for the next request or sends all the completed requests back to the host.).

Per claim 5 (dependent on claim 1):
Mattsson ‘228 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Mattsson ‘228 discloses: The hardware security module of claim 1, wherein the request and the batch data structure are formed in accordance with a respective definition by a batch HSM application program interface (API) ([0033], API Approaches, to reduce the per-operation overhead … For example, the host application might, within a batch of operations, interleave "parameter blocks" (form the batch data structure) that assert … that the next N operations all use a particular key. This eliminates repeated interaction with the key index.).

Per claim 6 (dependent on claim 5):
Mattsson ‘228 discloses the elements detailed in the rejection of claim 5 above, incorporated herein by reference.
Mattsson ‘228 discloses: The hardware security module of claim 5, wherein the one or more cryptographic operations the HSM is configured to perform are defined in accordance with the batch HSM API ([0033], API Approaches, to reduce the per-operation overhead … For example, the host application might, within a batch of operations, interleave "parameter blocks" that assert … that the next N operations all use a particular key. This eliminates repeated interaction with the key index (associated with cryptographic operations).).

Per claim 9 (dependent on claim 1):
Mattsson ‘228 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Mattsson ‘228 discloses: The hardware security module of claim 1, wherein the request is a first request, wherein the HSM is coupled to a computing device, and
wherein the plurality of processors is further configured to receive and process a second request comprising a second batch data structure comprising data elements batched by the computing device 
(FIG. 1, [0016], a test device 102 (the HSM) in communication with a host computer 100 (a computing device) … The module includes a cryptographic chip 104 (a processor) … a DRAM module 108, a general-purpose computing environment such as a 486-class CPU 110 (a processor); FIG. 5, [0022], the host-side application 402 (the computing device) is modified to batch (step 502) a sequence of short-DES requests into one request (a second batch data structure), which is then sent (step 504) to the hardware security module 400 (the HSM); [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400 ).

Per claim 19 (independent):
Mattsson ‘228 discloses: A computer-implemented method, comprising: receiving, by a hardware security module, a request to perform one or more cryptographic operations, wherein the request comprises a first batch data structure storing a plurality of data elements (FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES (cryptographic operations) requests into one request (a first batch data structure), which is then sent (step 504) to the hardware security module 400 (a HSM); [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400);
processing, by the hardware security module, the first batch data structure in accordance with the received request and the one or more cryptographic operations, wherein processing the first batch data structure comprises:
unbatching the plurality of data elements, performing the one or more cryptographic operations on the plurality of data elements to generate a plurality of outputs, and generating an output batch data structure storing the plurality of outputs (FIG. 5, [0022], The card-side application 420 (the hardware security module) is correspondingly modified to receive the sequence from the host-side application in one step 506, and to send each short-DES request (i.e., the sequence is unbatched into each short-DES request) to the encryption engine 422 in a repeated step 508 … The encryption engine 422 processes (step 412) each request … and returns (step 414) corresponding results (a plurality of outputs) to the card-side application 420. After the concatenation step 510 (i.e. generate an output batch data structure), the card-side application 420 either returns to step 508 for the next request or sends all the completed requests back to the host.).

Per claim 20 (dependent on claim 19):
Mattsson ‘228 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.
Mattsson ‘228 discloses: The method of claim 19, wherein the one or more cryptographic operations comprise operations for encryption, decryption, key generation, signature generation, signature verification, random number generation, or message authentication (FIG. 5, [0022], to send each short-DES request to the encryption engine 422 in a repeated step 508 … The encryption engine 422 processes (step 412) each request.).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mattsson ‘228 in view of Iyer et al., US-20200175179-A1 (hereinafter “Iyer ‘179”).
Per claim 2 (dependent on claim 1):
Mattsson ‘228 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Mattsson ‘228 discloses: The hardware security module of claim 1, wherein the request is a first request, the one or more cryptographic operations are one or more first cryptographic operations, and the plurality of data elements are a plurality of first data elements (FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES (first cryptographic operations) requests into one request, which is then sent (step 504) to the hardware security module 400 (the HSM); [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; first data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400); 
wherein the plurality of processors are further configured to (FIG. 1, [0016], a test device 102 … The module includes a cryptographic chip 104 (a processor) … a DRAM module 108, a general-purpose computing environment such as a 486-class CPU 110 (a processor).): 
receive a second request to perform one or more second cryptographic operations on a second batch data structure, wherein the second batch data structure comprises a plurality of second data elements (FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES (second cryptographic operations) requests into one request (a second batch data structure), which is then sent (step 504) to the hardware security module 400; [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; second data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400);
process the second batch data structure in accordance with the second request and use a cryptographic key as input to the one or more second cryptographic operations (FIG. 5, [0022], The card-side application 420 is correspondingly modified to receive the sequence (the second batch data structure) from the host-side application in one step 506, and to send each short-DES request to the encryption engine 422 in a repeated step 508 … The encryption engine 422 processes (step 412) each request; [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey (a cryptographic key), initialization vector, data) and sends (step 406) them to … the hardware security module 400.).
Mattsson ‘228 discloses that the cipherkey can be sent along with the data to the hardware security module instead of maintaining cryptographic keys in the HSM. Iyer ‘179 discloses: maintain, in memory coupled to the HSM, one or more cryptographic keys ([0057], the HSM (e.g., the memory within, or the like) may be split into a plurality of partitions that separate the encryption keys (cryptographic keys) from each other … and/or for improving management of the encryption keys within the HSM.);
wherein batch data comprises a key identifier and a plurality of data elements, determine whether the key identifier corresponds to a cryptographic key of the one or more cryptographic keys, and in response to a determination that the key identifier corresponds to an identified cryptographic key, process the batch data in accordance with the second request and use the identified cryptographic key as input to the one or more second cryptographic operations 
(FIG. 2, [0059], Block 140 of FIG. 2, further illustrates that the encryption key (e.g., generated and/or retrieved) is stored within the HSM … the encryption key may be assigned a key identifier (e.g., application identifier, data identifier, handle, and/or the like) that associates the  (identified) encryption key with an application and/or data associated therewith; [0060], block 150, that a request is received from an application from a plurality of applications. The request may be to decrypt data (cryptographic operations) associated with the application making the request. The application (e.g., the system, application, and/or entity) may be authenticated to access the encryption key, i.e. in response to a determination that the key identifier corresponds to an identified cryptographic key.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mattsson ‘228 with the selection of encryption keys stored in a HSM by matching a key identifier as taught by Iyer ‘179 because it would protect cryptographic keys more securely by managing them in the HSM providing authentication to access the keys. Additionally, Iyer ‘179 is analogous to the claimed invention because it teaches an HSM encryption service for a plurality of applications [0054].

Claim(s) 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mattsson ‘228 in view of Warnez et al., US-20180012037-A1 (hereinafter “Warnez ‘037”).
Per claim 3 (dependent on claim 1):
Mattsson ‘228 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Mattsson ‘228 discloses: The hardware security module of claim 1, wherein the plurality of processors comprise a first processor and a second processor (FIG. 1, [0016], a test device 102 (a HSM) … The module includes a cryptographic chip 104 (a second processor) … a DRAM module 108, a general-purpose computing environment such as a 486-class CPU 110 (a first processor).), wherein the first processor is configured to:
receive, as input, the batch data structure, 
perform one or more pre-processing operations on the batch data structure,
(FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES requests into one request (the batch data structure), which is then sent (step 504) to the hardware security module 400. The card-side application 420 (the first processor) is correspondingly modified to receive the sequence from the host-side application in one step 506, and to send each short-DES request (i.e., the sequence is pre-processed into each short-DES request) to the encryption engine 422 (the second processor) in a repeated step 508).
Mattsson ‘228 does not disclose but Warnez ‘037 discloses: determine whether the batch data is valid for processing, and in response to a determination that the batch data is valid for processing, send the validated batch data to the second processor ([0025], commands (the batch data) from the first circuit are processed via the validation circuitry for ensuing execution of secure operations on the second circuit … The validation circuitry may also pass commands from the first circuit to the second circuit (to the second processor), based on the verification, i.e. in response to a determination that the batch data is valid for processing. In this context, the second circuit may operate based on the received information from the validation circuitry.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mattsson ‘228 with the provision of authorization/access to unsecure instructions performed on a secure element (processor) via a trusted execution environment circuit (processor) as taught by Warnez ‘037 because it would provide security against attacks and used to control execution of scripts/instructions on the SE [0017]. Additionally, Warnez ‘037 is analogous to the claimed invention because it teaches validation circuitry (e.g., a trusted execution environment) that is connected to the first and second circuits validates and controls accesses to the second circuit by storing validation instructions.

Per claim 4 (dependent on claim 3):
Mattsson ‘228 in view of Warnez ‘037 discloses the elements detailed in the rejection of claim 3 above, incorporated herein by reference.
Mattsson ‘228 discloses: The hardware security module of claim 3, wherein the first processor is a general-purpose processor and the second processor is a cryptoprocessor (FIG. 1, [0016], a test device 102 (the hardware security model) … The module includes a cryptographic chip 104 (the second processor) … a DRAM module 108, a general-purpose computing environment such as a 486-class CPU 110 (the first processor).) configured to perform the one or more cryptographic operations on the pre-processed batch data structure (FIG. 5, [0022], The card-side application 420 is correspondingly modified to receive the sequence from the host-side application in one step 506, and to send each short-DES request (the pre-processed batch data structure)  to the encryption engine 422 in a repeated step 508 … The encryption engine 422 processes (step 412) each request). 

Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Warnez ‘037 in view of Mattsson ‘228.
Per claim 10 (independent):
Warnez ‘037 discloses: A system comprising: a computing device comprising a plurality of processors and coupled to a hardware security module (FIG. 3, [0035], a device 310 (a computing device) … for performing secure communications; [0036], The device 310 includes … a main processor 330 and TEE 332 (the plurality of processors), which may be implemented as part of the main processor (shown by dashed lines), and a secure element (SE) 340 (a hardware security module); [0017], a secure element (SE) having a processor … Relatively unsecure "rich" features of the rich OS are used to carry out secure functions within the SE, by communicating encrypted instructions (e.g., commands and/or scripts), with the TEE providing authorization/access to the instructions.).
Warnez ‘037 does not disclose but Mattsson ‘228 discloses: wherein the plurality of processors (FIG. 1, [0016], a test device 102 … The module includes a cryptographic chip 104 (a processor) … a DRAM module 108, a general-purpose computing environment such as a 486-class CPU 110 (a processor).) are configured to: 
receive a plurality of requests to perform one or more cryptographic operations in one or more respective data elements of each request, 
batch the one or more respective data elements of each request into a first batch data structure, 
send, to the hardware security module, the first batch data structure as part of a batch request to perform the one or more cryptographic operations on first data elements of the first batch data structure 
(FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES (cryptographic operations) requests into one request (a first batch data structure), which is then sent (step 504) to the hardware security module 400 (the hardware security module); [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400);
  receive, in response to the batch request, an output batch data structure comprising output data elements generated as output by the hardware security module performing the one or more cryptographic operations on the data elements of the first batch data structure (FIG. 5, [0022], The card-side application 420 is correspondingly modified to receive the sequence (the first batch data structure) from the host-side application in one step 506, and to send each short-DES request to the encryption engine 422 in a repeated step 508 … The encryption engine 422 processes (step 412) each request … and returns (step 414) corresponding results (output data elements) to the card-side application 420. After the concatenation step 510 (i.e. an output batch data structure), the card-side application 420 either returns to step 508 for the next request or sends all the completed requests back to the host.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Warnez ‘037 with the operations of batch/unbatch to input/output data fed into a HSM performing cryptographic activity as taught by Mattsson ‘228 because it would reduce the number of unnecessary interactions between a host processor and a cryptographic device. Additionally, Mattsson ‘228 is analogous to the claimed invention because it teaches a system for encrypting data includes, on a hardware cryptography module, receiving a batch that includes a plurality of requests for cryptographic activity [Abstract].

Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Warnez ‘037 in view of Mattsson ‘228 as applied to claim 10 above, and further in view of Iyer ‘179.
Per claim 11 (dependent on claim 10):
Warnez ‘037 in view of Mattsson ‘228 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
Warnez ‘037 does not disclose but Mattsson ‘228 discloses: The system of claim 10, wherein each of the plurality of requests corresponds to data elements, and wherein the batch request further comprises the data elements (FIG. 5, [0022], the host-side application 402 is modified to batch (step 502) a sequence of short-DES requests into one request (a batch request); [0020], a host application 402 that generates (step 404) sequences of short-DES requests (cipherkey, initialization vector, data; data elements) and sends (step 406) them to a card-side application 420 running on the hardware security module 400).
Warnez ‘037 in view of Mattsson ‘228 does not disclose that each request (the batch request) include a key identifier. Iyer ‘179 discloses: each request corresponds to a first key identifier (FIG. 2, [0059], the encryption key may be assigned a key identifier (e.g., application identifier, data identifier, handle, and/or the like) that associates the encryption key with an application and/or data associated therewith; [0060], block 150, that a request is received from an application from a plurality of applications. The request may be to decrypt data associated with the application making the request. The application (e.g., the system, application, and/or entity) may be authenticated to access the encryption key.).

Allowable Subject Matter
Claim(s) 7-8 and 12-18 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332. The examiner can normally be reached Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA can be reached on (571)272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANGSEOK PARK/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499