DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending. Claims 1, 11, and 16 have been amended as per Applicants' request.

Papers Submitted
It is hereby acknowledged that the following papers have been received and placed of record in the file:
Amended Claims as filed on May 18, 2022

Information Disclosure Statement
The information disclosure statement (IDS) submitted on February 15, 2022 is/are in compliance with the provisional of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Durham et al. (US 2016/0092702) (hereinafter Durham1) (published March 31, 2016) in view of Zmudzinski et al. (US 2019/0227827) (hereinafter Zmudzinski) (published July 25, 2019) and Durham et al. (US 2019/0042799) (hereinafter Durham2) (published February 7, 2019).
Regarding Claims 1, 11, and 16, taking claim 1 as exemplary, Durham1 discloses a processor unit, comprising: a first memory element to store an encoded pointer to a memory location,
““indirect address” may refer to, among other things, an address of a memory location at which other data or instructions are stored, e.g., a register acting as a pointer. As such, the indirect address 114 may be embodied as, for example, a data pointer (which refers to a location of data), a code pointer (which refers to a location of executable code), an instruction pointer, or a stack pointer. Indirect addresses may be referred to by other terminology, such as “pointer,” “address pointer,” or “pointer address.”” (Durham1 [0019])

“The indirect address 114 and the secret key 116 are stored in registers 112” (Durham1 [0029])

“the instruction pointer may itself be represented as an encoded pointer (e.g., range-based)” (Durham1 [0051])

wherein the encoded pointer comprises first context information and a slice of a memory address of the memory location,
“The secure memory access logic 150 utilizes metadata about an indirect address 114, which is encoded into unused bits of the indirect address 114 (e.g., non-canonical bits of a 64-bit address, or a range of addresses set aside, e.g., by the operating system, such that the corresponding high order bits of the address range may be used to store the metadata), in order to secure and/or provide access control to memory locations pointed to by the indirect address 114” (Durham1 [0017])

“As used herein, “metadata” may refer to, among other things, information about or relating to an indirect address 114, such as a valid data range, a valid code range, pointer access permissions, etc.” (Durham1 [0019])

circuitry to: use the address key to cryptographically decode a portion of the encoded pointer during a determination of the memory address of the memory location;
“the address decoding logic 162 decodes the previously-encoded indirect address 114. To do this, the decrypting logic 164 decrypts the encrypted portion of the indirect address 114 (and in some embodiments, the encrypted adjustment) using the secret key 116 and the tweak, as described further below” (Durham1 [0024] the secret key is the address key which is used in the decryption to determine the address)

“The address restoration logic 166 returns the indirect address 114 to its original (e.g., canonical) form, in order to restore the original value of the indirect address 114 (e.g., the true, original linear memory address)” (Durham1 [0025])

“Example 1 includes a computing device to cryptographically encode indirect addresses” (Durham1 [0060])

use the determined memory address to access data at the memory location; and
“If the indirect address 114 decodes successfully, the memory access operation completes successfully” (Durham1 [0025])

But does not explicitly state wherein the first context information includes an identification of an address key; encrypted data and decrypt the encrypted data based on a data key.
Durham1 however discloses metadata includes information required for the encoded addresses
“This approach can enable better utilization of the address space by selectively determining what metadata is required for the encoded addresses, and selectively extending the available address bits into the space previously reserved for the adjustment value” (Durham1 [0058])

and an address key
“As described in more detail below, the address encoding logic 152 and the address decoding logic 162 each operate on an indirect address 114 using metadata (e.g., valid range and/or permission metadata) and a secret key 116, in order to secure the indirect address 114 at the memory allocation/access level” (Durham1 [0020])

Zmudzinski discloses wherein the first context information includes an identification of an address key; and
“the encryption key ID identifies a key used to encrypt memory and is indicated as the upper bits of the memory addresses” (Zmudzinski [0014])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the key ID being in the upper bits of the memory address in Zmudzinski to be part of the metadata in Durham1 to yield the predictable results of easier identification of the right key to decrypt to the correct address.
Durham2 discloses encrypted data and decrypt the encrypted data based on the data key.
“When reading memory, if the identification tag corresponds to the same encryption tweak (e.g. using XTS mode, XEX-based tweaked-codebook mode with ciphertext stealing) originally used to encrypt the data in memory, then the same identification tag will result in the corresponding tweak value used to properly decrypt the memory contents and/or verify its integrity using a MAC” (Durham2 [0039])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the storing of the identification of a key in the pointer and decoding encrypted data using the identified key in Durham2 with the combination of Durham1 and Zmudzinski to yield the predictable results of having an extra layer of protection by further having the data being pointed to encrypted.
Claims 11 and 16 have similar limitations to claim 1 and is rejected for similar reasons.

Regarding Claims 2, 12, and 17, Durham1 further discloses wherein the encoded pointer has a length of at least 128 bits.
“If the computing device 100 determines that the encoded address does not have unused/non-canonical bit (e.g., the address doesn't fall within the non-canonical, or otherwise reserved, range of addresses, whether the address range is 32-bit, 64-bit, 128-bit or whatever range an alternate architecture may require), a fault is raised (514)” (Durham1 [0053] furthermore the length of the pointer is a design choice as it does not add any extra functionality to the claims)

Regarding Claims 3, 13, and 18, Durham1 further discloses wherein the first context information is plaintext within the encoded pointer and the encoded pointer further comprises encrypted second context information.
“In some embodiments, the most significant bits of the used bits/canonical address identified in the valid range metadata are encrypted with a secret key (e.g., the secret key 116), using the valid range metadata (which may or may not include the adjustment value) as a tweak. In the illustrated embodiments, the valid range metadata (e.g., exponent/2's power) would not be encrypted because the processor uses the valid range metadata plaintext to determine the number of bits to decrypt” (Durham1 [0046])

Regarding Claims 4, 14, and 19, Durham1 further discloses wherein the encrypted second context information is encrypted in a block of the encoded pointer that further comprises an encrypted portion of the memory address.
“In block 422, the computing device 100 encrypts a portion of the indirect address, where the portion of the indirect address to be encrypted is determined by the valid range metadata (e.g., exponent/2's power) and the adjustment value. The valid range metadata determines the number of the most significant address bits of the encoded address that are to be encrypted (e.g., down to a minimum number so some address bits will always be encrypted)” (Durham1 [0046])

Regarding Claims 5, 15, and 20, Durham1 further discloses the circuitry to decrypt the encrypted data based further on a first tweak, the first tweak including one or more bits derived, at least in part, from the first context information and the second context information.
“Other data values that may be used as tweaks include: data stored in the unused bits of the indirect address, the upper limit on the buffer size, an exponent of a two's power boundary selected as the upper limit on the buffer size, an adjustment value applied to the two's power boundary, a code block identifier, instruction pointer data, permission information encoded in the metadata, and/or version number (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register)” (Durham1 [0046])

“In this way, code and data can be associated, and access controlled, such that an adversary coming from a different code block will not be able to access data of the protected block using the encrypted pointers, because the encrypted pointers will not decode properly if the wrong code block identifier is used as a tweak” (Durham1 [0051])

Regarding Claim 6, Durham2 further discloses wherein the first context information comprises a message authentication code calculated based on at least a portion of the memory address.
“An alternative to memory tagging is to authenticate pointer data using a cryptographic MAC embedded in the pointer” (Durham2 [0087])

Regarding Claim 7, Durham1 further discloses wherein the first context information comprises permission bits indicating a level of access authorized for the memory location.
“As described in more detail below, the address encoding logic 152 and the address decoding logic 162 each operate on an indirect address 114 using metadata (e.g., valid range and/or permission metadata) and a secret key 116, in order to secure the indirect address 114 at the memory allocation/access level” (Durham1 [0020])

Regarding Claim 8, Durham2 further discloses wherein the first context information comprises type bits indicating a class of the encrypted data in the memory location.
“wherein the one or more memory tags include an identification tag to identify a type, a function, a memory location, or a use for a data object” (Durham2 [0106])

Regarding Claim 9, Durham1 further discloses wherein the first context information comprises version bits representing a deterministically different value associated with the encoded pointer.
“Other data values that may be used as tweaks include: data stored in the unused bits of the indirect address, the upper limit on the buffer size, an exponent of a two's power boundary selected as the upper limit on the buffer size, an adjustment value applied to the two's power boundary, a code block identifier, instruction pointer data, permission information encoded in the metadata, and/or version number (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register)” (Durham1 [0046])

Regarding Claim 10, Durham2 further discloses wherein the first context information comprises a lookup tag to index to an entry of a table, wherein the entry comprises second context information.
“An encryption tag 214 may be appended to the identification tag 204 and the physical address 208 to identify one or more encryption keys through the key table 156 (shown in FIG. 1), according to an embodiment” (Durham2 [0033])


Response to Arguments
Applicant’s arguments, see page 6 of remarks, filed May 18, 2022, with respect to the 101 rejection of claim 16-20 have been fully considered and are persuasive.  The 101 rejection of claims 16-20 has been withdrawn.
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIDNEY LI whose telephone number is (571)270-5967. The examiner can normally be reached Monday to Friday 10:00 AM to 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SIDNEY LI/Examiner, Art Unit 2136        

/EDWARD J DUDEK  JR/Primary Examiner, Art Unit 2136