Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to papers filed on 02/11/2021. Claims 1-20 are pending. Claims 1, 11, and 16 are independent.

Priority
Acknowledgment is made of applicant’s claim for domestic benefit under 35 U.S.C. 119 (e). This application claims the domestic benefit of U.S. provisional patent application 62/133,080 filed on 12/31/2020. 

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 07/08/2021 and 06/16/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the Examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 16-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

As per claim 16:
Claim 1 recites: “… a plurality of subsystems of the SoC”. The term “the SoC” makes the claims indefinite as it lacks proper antecedent basis.

As per claims 17-20:
Claim 16 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter. Thus, dependent claims 17-20 are similarly rejected by virtue of their dependency on independent claim 16.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-2 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Hassan et al., US 2021/0119780 A1 (hereafter, “Hassan ‘780”), in view of Taylor et al., US 2009/0060197 A1 (hereinafter, “Taylor ‘197”). 

As per claim 1: Hassan ‘780 discloses:
A system on a chip (SoC) (microcontroller unit (MCU) 600, 800 which may be implemented within a common chip [Hassan ‘780, ¶¶83-84, 126-127, 156; Fig. 6, Fig. 8]) comprising: 
a system microcontroller comprising processing circuitry configured to orchestrate operations on the SoC (mode selector 622, 822 configured to select and manage operations on the MCU 600, 800 [Hassan ‘780, ¶¶89, 96-99; Fig. 6, Fig. 8]); 
(storing cryptographic key pairs in a key memory 402, 502 [Hassan ‘780, ¶¶40, 50, 61, 71, 163; Fig. 4, Fig. 5]), each of the key-pairs having a first key and a second key (a first and second key, Key1 and Key2 [Hassan ‘780, ¶¶37, 40, 50]), each of the key-pairs associated with one of a plurality of subsystems of the SoC (the cryptographic key pairs are associated with certain components or systems within the MCU 600, 800, such as key selector 404, 504, pre-tweak generator 406, 506, tweak generator 412, 512, AES-XTS circuit 414, 514, and key memory 402, 502 [Hassan ‘780, ¶¶40, 50, 61, 71; Fig. 4, Fig. 5]); 
a Direct Memory Access (DMA) engine comprising circuitry (direct memory access (DMA) engines 608, 808 [Hassan ‘780, ¶¶68, 83, 126; Fig. 6, Fig. 8]) configured to receive, from a subsystem of the plurality of subsystems, storage access parameters (DMA engines 608, 808, or DMA master devices, generate encrypt instruction parameters, where encrypt instruction parameters include one or more memory-related parameters and identifiers derived from components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶47, 91-95]) identifying source data (a master identifier (M_ID) which identifies a master device that comprises the one or more processors 102 that is the source of the data to be encrypted 416 [Hassan ‘780, ¶¶30, 42-44, 47]), (encrypt instruction parameters include a memory address including a memory sector address indicating a memory sector of the processor-external memory 110 and a memory block address indicating a memory block within the indicated memory sector of the processor-external memory 110 in which the encrypted data or encrypted and authenticated data is to be stored, where a memory sector is to be understood as the transaction size of the processor-external memory 110 [Hassan ‘780, ¶¶34, 44-45, 49, 92]); and 
an encryption engine coupled to the DMA engine (cryptographic device 400, 500, 612, 812 receives encrypt instruction parameters and data to be encrypted 416 from the DMA engines 608, 808, or DMA master devices, where the cryptographic device 400, 500, 612, 812 is coupled to the DMA engines 608, 808, or DMA master devices, via interface 106 [Hassan ‘780, ¶¶30, 42-44, 47, 83; Fig. 1, Fig. 6]), the encryption engine comprising processing circuitry configured to: 
determine a first tweak value based on a first sector address of the storage device (determine a first tweak value based on based on a memory sector address i [Hassan ‘780, ¶37; Fig. 3]), the first sector address based on the destination storage address (the memory sector address i indicating the sector of the memory into which the encrypted data is to be stored [Hassan ‘780, ¶37; Fig. 3]); 
encrypt the first tweak value according to the second key of the key-pair associated with the subsystem (encrypting the first tweak value using Key2 of the cryptographic key pair, where the cryptographic key pair is associated with certain components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶37, 40, 50, 61, 71; Fig. 3]); 
encrypt a first portion of the source data according to the first key of the key-pair associated with the subsystem and the encrypted first tweak value (encrypt a first block or chunk of the input data using Key1 of the cryptographic key pair and the encrypted tweak value, where the cryptographic key pair is associated with certain components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶37, 40, 50, 61, 71; Fig. 3]); 
determine a second tweak value based on a second sector address of the storage device (determine a second tweak value based on a memory sector address i (Sector Address i), where the memory sector address i may be associated with a subsequent memory block within the memory sector of the processor-external memory 110 [Hassan ‘780, ¶¶37-38, 42; Fig. 4]) and encrypt the second tweak value according to the second key (the second tweak value may be encrypted using the Key2 within the pre-tweak generator 406 and stored within the pre-tweak cache 408 [Hassan ‘780, ¶¶50, 54; Fig. 4]), 
wherein the second tweak value is determined and encrypted prior to completing encryption of the first portion of the source data (all tweak values, including the second tweak value, may be precalculated by the pre-tweak generator 406 and stored within the pre-tweak cache 408, where if the tweak value for the input memory address is already precalculated and residing in the pre-tweak cache 408, the cache controller reads the found tweak value from the pre-tweak cache 408 and provides the tweak value to be used in the encryption of input data blocks or chunks; thus the second tweak value may be determined, encrypted, and stored prior to the encryption blocks or chunks of the input data, including the first block or chunk of the input data [Hassan ‘780, ¶¶51-53; Fig. 4]); and 
encrypt a second portion of the source data according to the first key and the encrypted second tweak value (encrypt a second chunk or block of input data using Key1 and the encrypted second tweak value [Hassan ‘780, ¶¶56-59; Fig. 4]).

Hassan ‘780, as stated above, does not explicitly disclose: “a security processor comprising processing circuitry configured to store a plurality of key-pairs to a key vault … a Direct Memory Access (DMA) engine comprising circuitry configured to receive … parameters identifying … a data size …”.
Taylor ‘197, however, discloses:
a security processor comprising processing circuitry configured to store a plurality of key-pairs to a key vault … (the key management processor (KMP) is configured to load keys generated by circuits on the IC 350 into the key table 308, where the keys may be used in AES-XTS encryption [Taylor ‘197, ¶¶82-83, 85; Fig. 3]) …
a Direct Memory Access (DMA) engine comprising circuitry configured to receive … parameters identifying … a data size … (meta-data is fetched by the DMA engine circuit 101, where the meta-data files include a data unit size [Taylor ‘197, ¶92; Fig. 3])

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197, namely to incorporate a secure the key management processor (KMP), as disclosed in Taylor ‘197 to transfer keys to and from the key memory 402, 502, as disclosed in Hassan ‘780; and to include a data unit size, as disclosed in Taylor ‘197, into the encrypt instruction parameters, as disclosed in Hassan ‘780. The motivation for doing so would be to increase the protection of cryptographic keys within the system by ensuring that keys may be securely loaded into or transferred out of the IC 350 using the KMP; furthermore, to simplify and provide greater control to the encryption process by providing a plurality of meta-data parameters, such as the data unit size, to facilitate in the encryption of data (see Taylor ‘197, ¶¶92, 99).

As per claim 2: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Hassan ‘780 does not explicitly disclose the limitations of claim 2. Taylor ‘197, however, discloses:
wherein the DMA engine is further configured to receive a key identifier (ID) identifying a location of the key-pair in the key vault (the DMA engine circuit 101 fetches meta-data, where the meta-data is associated with a key index the location of cryptographic keys pairs in the key table 308 [Taylor ‘197, ¶¶91-92, 104-105; Fig. 3]).

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197, namely to have the DMA engines 608, 808, as disclosed in Hassan ‘780, to receive meta-data is associated with a key index the location of cryptographic keys pairs, as disclosed in Taylor ‘197. The motivation for doing so would be to facilitate the efficient identification and retrieval of cryptographic keys using and identifier such as a key index  (see Taylor ‘197, ¶¶91-92).
 
As per claim 16: Hassan ‘780 discloses:
A method comprising:
generating,(generating cryptographic key pairs [Hassan ‘780, ¶¶37, 40-41]);
providing, (providing the cryptographic key pairs to the cryptographic device 400, 500, 612, 812 [Hassan ‘780, ¶¶40-41, 50, Fig. 4]), wherein the encryption engine stores the plurality of key-pairs to a key vault (storing cryptographic key pairs in a key memory 402, 502 [Hassan ‘780, ¶¶40, 50, 61, 71, 163; Fig. 4, Fig. 5]), each of the key-pairs having a first key and a second key (a first and second key, Key1 and Key2 [Hassan ‘780, ¶¶37, 40, 50]), each of the key-pairs associated with one of a plurality of subsystems of the SoC (the cryptographic key pairs are associated with certain components or systems within the MCU 600, 800, such as key selector 404, 504, pre-tweak generator 406, 506, tweak generator 412, 512, AES-XTS circuit 414, 514, and key memory 402, 502 [Hassan ‘780, ¶¶40, 50, 61, 71; Fig. 4, Fig. 5]); 
receiving, by a DMA engine (direct memory access (DMA) engines 608, 808 [Hassan ‘780, ¶¶68, 83, 126; Fig. 6, Fig. 8]) and from a subsystem of the plurality of subsystems, storage access parameters (DMA engines 608, 808, or DMA master devices, generate encrypt instruction parameters, where encrypt instruction parameters include one or more memory-related parameters and identifiers derived from components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶47, 91-95]) identifying source data (a master identifier (M_ID) which identifies a master device that comprises the one or more processors 102 that is the source of the data to be encrypted 416 [Hassan ‘780, ¶¶30, 42-44, 47]), (encrypt instruction parameters include a memory address including a memory sector address indicating a memory sector of the processor-external memory 110 and a memory block address indicating a memory block within the indicated memory sector of the processor-external memory 110 in which the encrypted data or encrypted and authenticated data is to be stored, where a memory sector is to be understood as the transaction size of the processor-external memory 110 [Hassan ‘780, ¶¶34, 44-45, 49, 92]); 
determining, by the encryption engine, a first tweak value based on a first sector address of the storage device (determine a first tweak value based on based on a memory sector address i [Hassan ‘780, ¶37; Fig. 3]), the first sector address based on the destination storage address (the memory sector address i indicating the sector of the memory into which the encrypted data is to be stored [Hassan ‘780, ¶37; Fig. 3]); 
encrypting, by the encryption engine, the first tweak value according to the second key of the key-pair associated with the subsystem (encrypting the first tweak value using Key2 of the cryptographic key pair, where the cryptographic key pair is associated with certain components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶37, 40, 50, 61, 71; Fig. 3]); 
encrypting, by the encryption engine, a first portion of the source data according to the first key of the key-pair associated with the subsystem and the encrypted first tweak value (encrypt a first block or chunk of the input data using Key1 of the cryptographic key pair and the encrypted tweak value, where the cryptographic key pair is associated with certain components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶37, 40, 50, 61, 71; Fig. 3]); 
determining, by the encryption engine, a second tweak value based on a second sector address of the storage device (determine a second tweak value based on a memory sector address i (Sector Address i), where the memory sector address i may be associated with a subsequent memory block within the memory sector of the processor-external memory 110 [Hassan ‘780, ¶¶37-38, 42; Fig. 4]) and encrypting the second tweak value according to the second key (the second tweak value may be encrypted using the Key2 within the pre-tweak generator 406 and stored within the pre-tweak cache 408 [Hassan ‘780, ¶¶50, 54; Fig. 4]), 
wherein the second tweak value is determined and encrypted prior to completing encryption of the first portion of the source data (all tweak values, including the second tweak value, may be precalculated by the pre-tweak generator 406 and stored within the pre-tweak cache 408, where if the tweak value for the input memory address is already precalculated and residing in the pre-tweak cache 408, the cache controller reads the found tweak value from the pre-tweak cache 408 and provides the tweak value to be used in the encryption of input data blocks or chunks; thus the second tweak value may be determined, encrypted, and stored prior to the encryption blocks or chunks of the input data, including the first block or chunk of the input data [Hassan ‘780, ¶¶51-53; Fig. 4]); and 
encrypting, by the encryption engine, a second portion of the source data according to the first key and the encrypted second tweak value (encrypt a second chunk or block of input data using Key1 and the encrypted second tweak value [Hassan ‘780, ¶¶56-59; Fig. 4]).

Hassan ‘780, as stated above, does not explicitly disclose: “generating, by a security processor, a plurality of key-pairs; providing, by the security processor, the plurality of key-pairs to an encryption engine … receiving, by a DMA engine … parameters identifying … a data size …”.
Taylor ‘197, however, discloses:
generating, by a security processor, a plurality of key-pairs; providing, by the security processor, the plurality of key-pairs to an encryption engine (the key management processor (KMP) 309 generates and loads cryptographic keys, where the cryptographic keys are provided to the encryption device 350, and where the cryptographic keys may be key pairs [Taylor ‘197, ¶¶94, 104-106]) … 
receiving, by a DMA engine … parameters identifying … a data size … (meta-data is fetched by the DMA engine circuit 101, where the meta-data files include a data unit size [Taylor ‘197, ¶92; Fig. 3])

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197.

As per claim 17: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 16, as stated above, from which claim 17 is dependent upon. Hassan ‘780 does not explicitly disclose the limitations of claim 17. Taylor ‘197, however, discloses:
receiving, by the DMA engine, a key identifier (ID) identifying a location of the key-pair in the key vault (the DMA engine circuit 101 fetches meta-data, where the meta-data is associated with a key index the location of cryptographic keys pairs in the key table 308 [Taylor ‘197, ¶¶91-92, 104-105; Fig. 3]).

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197.
 
Claims 3, 6, 8, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Lam et al., US 8,762,609 B1 (hereinafter, Lam ‘609). 

As per claim 3: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claims 1-2, as stated above, from which claim 3 is dependent upon. Furthermore, Hassan ‘780 discloses:
	further comprising (a plurality of encrypt instructions 418, where encrypt instructions specify parameters, addresses, and identifiers that are used in an encryption operation [Hassan ‘780, ¶¶44, 49-52]), each of the task records comprising (encrypt instructions include a sector address [Hassan ‘780, ¶45]), and the key ID (under the broadest reasonable interpretation, the ‘key ID’ is interpreted as the combination of the tag_ID, M_ID, and VM_ID, where the key selector 404 may use the control information (tag_ID, M_ID, VM_ID) to select the key pair from the key memory 402, and where the tag_ID, M_ID, and VM_ID are contained within the encrypt instructions 418 [Hassan ‘780, ¶¶44, 163]), wherein the encryption engine obtains a task record (cryptographic device 400, 500, 612, 812 receives encrypt instructions 418 to determine a first sector address and cryptographic key pairs [Hassan ‘780, ¶42-45, 49-50]).

	As stated above, Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose: “a First-in, First-out (FIFO) queue configured to store a plurality of task records … comprising a block length …”. 
	Lam ‘609, however, discloses:
	a First-in, First-out (FIFO) queue configured to store a plurality of task records (First-In-First-Out (FIFO) queues for storing references to descriptors, where descriptors are used to provide the necessary information for an engine to operate on a task [Lam ‘609, Col. 13 lines 21-32, Col. 14 lines 20-40; Fig. 8, Fig. 9]) … comprising a block length (the descriptor comprises a plurality of parameters, such as block size [Lam ‘609, Col. 13 lines 33-46; Fig. 8])…

Hassan ‘780 (modified by Taylor ‘197) and Lam ‘609 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Lam ‘609 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Lam ‘609, namely to implement a FIFO queue that provides a plurality of parameters, such as a block size, as disclosed in Lam ‘609, such that the plurality of encrypt instructions 418, as disclosed in Hassan ‘780, may be incorporated into the FIFO queue. The motivation for doing so would be to reduce processing latency and organize descriptor transfers by utilizing FIFO schemes; furthermore, to provide the necessary information, such as block size, for an engine to operate on a task, such as the encryption and transfer of data within blocks (see Lam ‘609, Col. 11 line 63-64, Col. 13 lines 22-46, Col. 14 lines 36-40).

As per claim 6: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Furthermore, Hassan ‘780 discloses:
wherein the encryption engine comprises a plurality of interfaces (cryptographic device 400, 500, 612, 812 comprises a plurality of interfaces, such as interface 106 and memory transaction generator 624, 824 [Hassan ‘780, ¶¶40, 42, 118; Fig. 1, Fig. 6]), including 
a first interface to receive the source data (interface 106 to receive data to be encrypted [Hassan ‘780, ¶¶30, 42-43; Fig. 1, Fig. 4]), 
a second interface to output encrypted source data (memory transaction generator 624, 824 to output the encrypted results to the processor-external memory 110 [Hassan ‘780, ¶118; Fig. 6]), and 
a (interface 106 to receive encrypt instruction parameters of the data to be encrypted, where encrypt instruction parameters include one or more memory-related parameters and identifiers derived from components or systems within the MCU 600, 800, and where the encrypt instruction parameters are generated by DMA engines 608, 808, or DMA master devices [Hassan ‘780, ¶¶42-48; Fig. 4), the metadata comprising (sector address [Hassan ‘780, ¶45]), and a key ID (under the broadest reasonable interpretation, the ‘key ID’ is interpreted as the combination of the tag_ID, M_ID, and VM_ID, where the key selector 404 may use the control information (tag_ID, M_ID, VM_ID) to select the key pair from the key memory 402, and where the tag_ID, M_ID, and VM_ID are contained within the encrypt instructions 418 [Hassan ‘780, ¶¶44, 163]).

	As stated above, Hassan ‘780 does not explicitly disclose: “a third interface to receive metadata describing a DMA transfer of the source data … the metadata comprising a block length …”.
	 Taylor ‘197, however, discloses: 
a third interface to receive metadata describing a DMA transfer of the source data (a third interface 114, where input commands and data are passed from the DMA engine circuit 101 across interface 114 [Taylor ‘197, ¶66; Fig. 3]) 

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197, namely to have a third interface 114, as disclosed in Taylor ‘197, that is different from the interface 106, as disclosed in Hassan ‘780. The motivation for doing so would be to have separate interface 114 that can transfer data independently from DMA engine circuit 101 to the data routing and control circuit 102 without being affected by the plurality other interfaces within the system (see Taylor ‘197, ¶¶65-66; Fig. 3).

As stated above, Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose: “… the metadata comprising a block length …”.
	Lam ‘609, however, discloses:
	… the metadata comprising a block length (the descriptor comprises a plurality of parameters, such as block size [Lam ‘609, Col. 13 lines 33-46; Fig. 8]) …

Hassan ‘780 (modified by Taylor ‘197) and Lam ‘609 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Lam ‘609 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Lam ‘609, namely to receive DMA metadata in the form of parameters, as disclosed in Lam ‘609, where the parameters include a block size. The motivation for doing so would be to provide the necessary information, such as block size, for an engine to operate on a task, such as the encryption and transfer of data within blocks (see Lam ‘609, Col. 13 lines 22-56). 

As per claim 8: Hassan ‘780 in view of Taylor ‘197 and further in view of Lam ‘609 discloses all limitations of claims 1 and 6, as stated above, from which claim 8 is dependent upon. Furthermore, Hassan ‘780 discloses:
	wherein the first interface (interface 106 to receive data to be encrypted [Hassan ‘780, ¶¶30, 42-43; Fig. 1, Fig. 4]) is communicatively coupled to the DMA engine (DMA engines 608, 808, or DMA master devices, is coupled to the interface 106 such that the DMA engines 608, 808 is able to transfer data to be encrypted 416 to the cryptographic device 400, 500, 612, 812 via the interface 106 [Hassan ‘780, ¶¶30, 42-43, 47; Fig. 1, Fig. 4]) and 
the (interface 106 to receive encrypt instruction parameters of the data to be encrypted, where encrypt instruction parameters include one or more memory-related parameters and identifiers derived from components or systems within the MCU 600, 800, and where the encrypt instruction parameters are generated by DMA engines 608, 808, or DMA master devices [Hassan ‘780, ¶¶42-48; Fig. 4) is communicatively coupled to the system microcontroller (mode selector 622, 822 configured to select and manage operations on the MCU 600, 800, where the mode selector 622, 822 is coupled to the interface 106  [Hassan ‘780, ¶¶89, 97; Fig. 6, Fig. 8]).

	As stated above, Hassan ‘780 in view of Lam ‘609 does not explicitly disclose: “a third interface is communicatively coupled to the system microcontroller”.
	 Taylor ‘197, however, discloses: 
a third interface (a third interface 114 [Taylor ‘197, ¶66; Fig. 3]) is communicatively coupled to the system microcontroller (a third interface 114 is coupled to the data routing and control circuit 102, such that input commands and data are passed from the DMA engine circuit 101 to the data routing and control circuit 102 across interface 114 [Taylor ‘197, ¶66; Fig. 3]) 

Hassan ‘780 (modified by Lam ‘609) and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 6, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Lam ‘609) and Taylor ‘197 before them, to modify the method in Hassan ‘780 (modified by Lam ‘609) to include the teachings of Taylor ‘197.

As per claim 18: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claims 16-17, as stated above, from which claim 18 is dependent upon. Furthermore, Hassan ‘780 discloses:
obtaining, by the encryption engine (cryptographic device 400, 500, 612, 812 obtains a plurality of encrypt instructions 418, where encrypt instructions specify parameters, addresses, and identifiers that are used in an encryption operation [Hassan ‘780, ¶¶44, 49-52]), a sector address (encrypt instructions include a sector address [Hassan ‘780, ¶45]), and the key ID (under the broadest reasonable interpretation, the ‘key ID’ is interpreted as the combination of the tag_ID, M_ID, and VM_ID, where the key selector 404 may use the control information (tag_ID, M_ID, VM_ID) to select the key pair from the key memory 402, and where the tag_ID, M_ID, and VM_ID are contained within the encrypt instructions 418 [Hassan ‘780, ¶¶44, 163]), wherein the encryption engine obtains (cryptographic device 400, 500, 612, 812 receives encrypt instructions 418 to determine a first sector address and cryptographic key pairs [Hassan ‘780, ¶42-45, 49-50]). 

	As stated above, Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose: “… encryption engine obtains a task record from a FIFO queue …”. 
	Lam ‘609, however, discloses:
… encryption engine obtains a task record from a FIFO queue … (First-In-First-Out (FIFO) queues for storing references to descriptors, where descriptors are used to provide the necessary information for an engine to operate on a task, and where the descriptor comprises a plurality of parameters, such as destination address and key value [Lam ‘609, Col. 13 lines 21-46, Col. 14 lines 20-40, Col. 25 lines 7-13; Fig. 8, Fig. 9]) 

Hassan ‘780 (modified by Taylor ‘197) and Lam ‘609 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 3, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Lam ‘609 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Lam ‘609.

Claims 4 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Lee, US 10,164,770 B1 (hereinafter, Lee ‘770). 

As per claim 4: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Furthermore, Hassan ‘780 discloses:
further comprising (a sector is defined by the encrypt instructions 418, where the encrypt instructions 418 provide a memory address including a memory sector address indicating a memory sector of the processor-external memory 110 and a memory block address indicating a memory block within the indicated memory sector of the processor-external memory 110, and a memory tag identifier (Tag_ID) identifying a portion of the processor-external memory 110 [Hassan ‘780, ¶¶42-46; Fig. 4]), wherein the encryption engine utilizes the sector (the cryptographic device 400, 500, 612, 812 uses the encrypt instruction parameters within the encrypt instructions 418 to determine a plurality of tweak values, where the plurality of tweak values may include a second tweak value [Hassan ‘780, ¶¶49, 51, 54, 56-57; Fig. 4]).

As stated above, Hassan ‘780 does not explicitly disclose: “… a configuration status register associated with the storage device, the configuration status register defining a sector size … utilizes the sector size to determine …”
Taylor ‘197, however, discloses:
… a configuration status register associated with the storage device, the configuration status register (a set of configuration registers within the DMA engine circuit 101, where the DMA engine circuit 101 utilizes the configuration registers in transferring data from the integrated circuit to a memory [Taylor ‘197, ¶¶64-66; Fig. 1, Fig. 4(a)]) 

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197, namely to implement a set of configuration registers, as disclosed in Taylor ‘197, where the configuration registers is able to provide information to the cryptographic device 400, 500, 612, 812, as disclosed in Hassan ‘780, that facilitates the determination of tweak values. The motivation for doing so would be to provide a location that allows components within the system to access important system information to assist in the processing of data (see Taylor ‘197, ¶65). 

As stated above, Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose: “… defining a sector size … utilizes the sector size to determine …”. 
	Lee ‘770, however, discloses:
	… defining a sector size (tweak buffer storing tweak build information, where tweak build information defines a sector size [Lee ‘770, Col. 5 lines 58-67, Col. 7 lines 57-67]) … utilizes the sector size to determine (the tweak build information, which comprises the sector size, is used by the processing logic 140 to process and encrypt the corresponding sectors [Lee ‘770, Col. 6 lines 35-49, Col. 10 lines 11-49; Fig. 2]) …

Hassan ‘780 (modified by Taylor ‘197) and Lee ‘770 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Lee ‘770 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Lee ‘770, namely to define a sector size, as disclosed in Lee ‘770, that may be stored within configuration registers, as disclosed in Taylor ‘197, such that cryptographic device 400, 500, 612, 812, may reference the stored sector size to determine tweak values, as disclosed in Hassan ‘780. The motivation for doing so would be to provide the necessary tweak information, such as sector size, for the system logic to efficiently perform an operation, such as the encryption and transfer of data within sectors (see Lee ‘770, Col. 6 lines 58-67, Col. 7 lines 57-67). 

As per claim 19: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 16, as stated above, from which claim 19 is dependent upon. Furthermore, Hassan ‘780 discloses:
obtaining, by the encryption engine, a sector (obtaining, by the cryptographic device 400, 500, 612, 812, parameters within the encrypt instructions 418, where the encrypt instructions 418 provide a memory address including a memory sector address indicating a memory sector of the processor-external memory 110 and a memory block address indicating a memory block within the indicated memory sector of the processor-external memory 110, and a memory tag identifier (Tag_ID) identifying a portion of the processor-external memory 110 [Hassan ‘780, ¶¶42-46; Fig. 4]) 
utilizing the sector (the cryptographic device 400, 500, 612, 812 uses the encrypt instruction parameters within the encrypt instructions 418 to determine a plurality of tweak values, where the plurality of tweak values may include a second tweak value [Hassan ‘780, ¶¶49, 51, 54, 56-57; Fig. 4]).

As stated above, Hassan ‘780 does not explicitly disclose: “obtaining … a sector size … from a configuration status register associated with the storage device; and utilizing the sector size to determine …”.
Taylor ‘197, however, discloses:
obtaining …  from a configuration status register associated with the storage device (a set of configuration registers within the DMA engine circuit 101, where the DMA engine circuit 101 utilizes the configuration registers in transferring data from the integrated circuit to a memory [Taylor ‘197, ¶¶64-66; Fig. 1, Fig. 4(a)]); 

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for encryption and storage of data. For the reasons stated in Claim 4, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197. 

As stated above, Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose: “obtaining … a size … and utilizing the sector size to determine …”.
Lee ‘770, however, discloses:
obtaining … a sector size (tweak buffer storing tweak build information, where tweak build information defines a sector size [Lee ‘770, Col. 5 lines 58-67, Col. 7 lines 57-67]) … and utilizing the sector size to determine (the tweak build information, which comprises the sector size, is used by the processing logic 140 to process and encrypt the corresponding sectors [Lee ‘770, Col. 6 lines 35-49, Col. 10 lines 11-49; Fig. 2]) …

Hassan ‘780 (modified by Taylor ‘197) and Lee ‘770 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 4, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Lee ‘770 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Lee ‘770. 
 
Claims 5 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Kishinevsky et al., US 2016/0182223 A1 (hereinafter, Kishinevsky ‘223), and further in view of Case et al., US 2016/0364343 A1 (hereinafter, Case ‘343).

As per claim 5: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose the limitations of claim 5. Kishinevsky ‘223, however, discloses:
wherein the encryption engine is configured to bypass encryption of the source data in response to a determination that the source data is not received over an (the encryption interface 104 is configured to bypass the cryptographic logic for certain traffic data in response to a determination that the data is not received over a non-dynamic bypass path [Kishinevsky ‘223, ¶47]).

Hassan ‘780 (modified by Taylor ‘197) and Kishinevsky ‘223 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Kishinevsky ‘223 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Kishinevsky ‘223, namely to implement a dynamic bypass path, as disclosed in Kishinevsky ‘223, that allows certain data traffic to bypass the encryption operations of the cryptographic device 400, 500, 612, 812, as disclosed in Hassan ‘780, where a determination that the data is not received over a non-dynamic bypass path will cause the traffic to bypass the encryption operations. The motivation for doing so would be to decrease processing times and latency such that memory traffic that may not require encryption or may have stringent latency requirements may bypass unnecessary encryption operations (see Kishinevsky ‘223, ¶47). 

As stated above, Hassan ‘780 in view of Taylor ‘197 and further in view of Kishinevsky ‘223 does not explicitly disclose: “… over an AXI write channel.” 
Case ‘343, however, discloses:
 … over an AXI write channel (paths between components in SOC 100 can be implemented with communication buses, such as an Advanced eXtensible Interface (AXI), where the connections may be used for write operations 222, 226 [Case ‘343, ¶¶18, 31, 33, 44; Fig. 2]).

Hassan ‘780 (modified by Taylor ‘197 & Kishinevsky ‘223) and Case ‘343 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197 & Kishinevsky ‘223) and Case ‘343 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197 & Kishinevsky ‘223) to include the teachings of Case ‘343, namely to implement a dynamic bypass path, as disclosed in Kishinevsky ‘223, that allows certain data traffic to bypass the encryption operations of the cryptographic device 400, 500, 612, 812, as disclosed in Hassan ‘780, where a determination that the data is not received over a non-dynamic bypass path will cause the traffic to bypass the encryption operations, and where the non-dynamic bypass paths is implemented as AXI write buses, as disclosed in Case ‘343. The motivation for doing so would be to use a versatile and suitable communication bus for an SoC, such as an AXI bus, to implement a write bus, where the AXI bus is a suitable communication bus for transferring data to be encrypted by the encryption logic 212 (see Case ‘343, ¶¶18, 27, 31; Fig. 2). 
 
As per claim 20: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 16, as stated above, from which claim 20 is dependent upon. Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose the limitations of claim 20. Kishinevsky ‘223, however, discloses:
bypassing encryption of the source data in response to a determining that the source data is not received over an (the encryption interface 104 is configured to bypass the cryptographic logic for certain traffic data in response to a determination that the data is not received over a non-dynamic bypass path [Kishinevsky ‘223, ¶47]).

Hassan ‘780 (modified by Taylor ‘197) and Kishinevsky ‘223 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 5, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Kishinevsky ‘223 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Kishinevsky ‘223. 
 
As stated above, Hassan ‘780 in view of Taylor ‘197 and further in view of Kishinevsky ‘223 does not explicitly disclose: “… over an AXI write channel.” 
Case ‘343, however, discloses:
 … over an AXI write channel (paths between components in SOC 100 can be implemented with communication buses, such as an Advanced eXtensible Interface (AXI), where the connections may be used for write operations 222, 226 [Case ‘343, ¶¶18, 31, 33, 44; Fig. 2]).

Hassan ‘780 (modified by Taylor ‘197 & Kishinevsky ‘223) and Case ‘343 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 5, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197 & Kishinevsky ‘223) and Case ‘343 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197 & Kishinevsky ‘223) to include the teachings of Case ‘343. 

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Lam ‘609, and further in view of Chen et al., US 2019/0158293 A1 (hereinafter, Chen ‘293). 

As per claim 7: Hassan ‘780 in view of Taylor ‘197, and further in view of Lam ‘609 discloses all limitations of claims 1 and 6, as stated above, from which claim 7 is dependent upon. Hassan ‘780 does not explicitly disclose the limitations of claim 7. Taylor ‘197, however, discloses:
wherein the plurality of interfaces include a (the key table 308 receives cryptographic keys via interface 326, where the cryptographic keys may be a key pair [Taylor ‘197, ¶¶87, 94, 104-105; Fig. 3]).

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197, namely to incorporate a secure the key management processor (KMP) coupled to interface 326, as disclosed in Taylor ‘197, to transfer keys to and from the key memory 402, 502, as disclosed in Hassan ‘780. The motivation for doing so would be to increase the protection of cryptographic keys within the system by ensuring that keys may be securely loaded into or transferred out of the IC 350 using the KMP and the interface 326 (see Taylor ‘197, ¶¶87, 94, 99; Fig. 3).
 
As stated above, Hassan ‘780 in view of Taylor ‘197, and further in view of Lam ‘609 does not explicitly disclose: “… a one-way interface to receive … for storage in the key vault.”
 Chen ‘293, however, discloses:
… a one-way interface to receive a … for storage in the key vault (one-way receiving interface 22 for receiving cryptographic keys for storage in the storage circuit 28 [Chen ‘293, ¶30; Fig. 1]).

Hassan ‘780 (modified by Taylor ‘197 & Lam ‘609) and Chen ‘293 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing stored cryptographic keys for data encryption. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197 & Lam ‘609) and Chen ‘293 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197 & Lam ‘609) to include the teachings of Chen ‘293, namely to implement the interface 326, as disclosed in Taylor ‘197, as a one-way receiving interface 22, as disclosed in Chen ‘293, such that the key memory 402, 502, as disclosed in Hassan ‘780, may receive cryptographic key pairs via the one-way receiving interface 22. The motivation for doing so would be to provide further protection of stored cryptographic key by ensuring that external devices cannot access the stored keys through the one-way receiving interface 22 (see Chen ‘293, ¶30). 
 
Claims 9-12 are rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Zage et al., US 2022/0138286 A1 (hereinafter, Zage ‘286). 

As per claim 9: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 1, as stated above, from which claim 9 is dependent upon. Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose the limitations of claim 9. Zage ‘286, however, discloses:
wherein the SoC (processing system 1400 may be incorporated within a system-on-a-chip (SOC), where the processing system may perform AES-XTS encryption operations [Zage ‘286, ¶¶364, 385; Fig. 10]) is configured to support an artificial reality application (processing system 1400 may support augmented reality (AR) or virtual reality (VR) features and applications [Zage ‘286, ¶¶386, 391]).

Hassan ‘780 (modified by Taylor ‘197) and Zage ‘286 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Zage ‘286 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Zage ‘286, namely to implement the MCU 600, 800, as disclosed in Hassan ‘780, as an SoC processing system that is configured to support AR or VR features and applications, as disclosed in Zage ‘286. The motivation for doing so would be to increase data processing efficiency and data security of systems that utilize graphics processors, such as AR/VR systems, by using AES-XTS encryption operations within the SoC of the AR/VR systems (see Zage ‘286, ¶¶4, 365-366, 386). 

As per claim 10: Hassan ‘780 in view of Taylor ‘197 discloses all limitations of claim 1, as stated above, from which claim 10 is dependent upon. Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose the limitations of claim 10. Zage ‘286, however, discloses:
wherein the SoC is integrated into a peripheral device (the system 1400, which may be incorporated into an SOC, may be integrated into a device, such as a handheld game console or a game platform [Zage ‘286, ¶¶385-386; Fig. 10]) that is communicatively coupled to a head-mounted device (HMD) (the system 1400 may be coupled with or connected to a head mounted display device (HMD) 1411 [Zage ‘286, ¶¶386, 391, 443; Fig. 10]).

Hassan ‘780 (modified by Taylor ‘197) and Zage ‘286 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Zage ‘286 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Zage ‘286, namely to implement the MCU 600, 800, as disclosed in Hassan ‘780, as an SoC processing system within a device, such as a handheld game console or a game platform, as disclosed in Zage ‘286, where the device may be coupled with an HMD device 1411. The motivation for doing so would be to increase data processing efficiency and data security of systems that utilize graphics processors, such as AR/VR systems, by using AES-XTS encryption operations within the SoC of the AR/VR systems, where the AR/VR systems are commonly coupled with or connected to another device such as an HMD device 1411 (see Zage ‘286, ¶¶4, 365, 391, 443). 
 
As per claim 11: Hassan ‘780 discloses:
An (system 100 [Hassan ‘780, ¶29; Fig. 1]) comprising:
a storage device (processor-external memory 110 [Hassan ‘780, ¶¶30, 41, 43; Fig. 1, Fig. 4]);
(microcontroller unit (MCU) 600, 800 which may be implemented within a common chip [Hassan ‘780, ¶¶83-84, 126-127, 156; Fig. 6, Fig. 8]), wherein the at least one SoC comprises:
(storing cryptographic key pairs in a key memory 402, 502 [Hassan ‘780, ¶¶40, 50, 61, 71, 163; Fig. 4, Fig. 5]), each of the key-pairs having a first key and a second key (a first and second key, Key1 and Key2 [Hassan ‘780, ¶¶37, 40, 50]), each of the key-pairs associated with one of a plurality of subsystems of the SoC (the cryptographic key pairs are associated with certain components or systems within the MCU 600, 800, such as key selector 404, 504, pre-tweak generator 406, 506, tweak generator 412, 512, AES-XTS circuit 414, 514, and key memory 402, 502 [Hassan ‘780, ¶¶40, 50, 61, 71; Fig. 4, Fig. 5]); 
a Direct Memory Access (DMA) engine comprising circuitry (direct memory access (DMA) engines 608, 808 [Hassan ‘780, ¶¶68, 83, 126; Fig. 6, Fig. 8]) configured to receive, from a subsystem of the plurality of subsystems, storage access parameters (DMA engines 608, 808, or DMA master devices, generate encrypt instruction parameters, where encrypt instruction parameters include one or more memory-related parameters and identifiers derived from components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶47, 91-95]) identifying source data (a master identifier (M_ID) which identifies a master device that comprises the one or more processors 102 that is the source of the data to be encrypted 416 [Hassan ‘780, ¶¶30, 42-44, 47]), storage device (encrypt instruction parameters include a memory address including a memory sector address indicating a memory sector of the processor-external memory 110 and a memory block address indicating a memory block within the indicated memory sector of the processor-external memory 110 in which the encrypted data or encrypted and authenticated data is to be stored, where a memory sector is to be understood as the transaction size of the processor-external memory 110 [Hassan ‘780, ¶¶34, 44-45, 49, 92]); and 
an encryption engine coupled to the DMA engine (cryptographic device 400, 500, 612, 812 receives encrypt instruction parameters and data to be encrypted 416 from the DMA engines 608, 808, or DMA master devices, where the cryptographic device 400, 500, 612, 812 is coupled to the DMA engines 608, 808, or DMA master devices, via interface 106 [Hassan ‘780, ¶¶30, 42-44, 47, 83; Fig. 1, Fig. 6]), the encryption engine comprising processing circuitry configured to: 
determine a first tweak value based on a first sector address of the storage device (determine a first tweak value based on based on a memory sector address i [Hassan ‘780, ¶37; Fig. 3]), the first sector address based on the destination storage address (the memory sector address i indicating the sector of the memory into which the encrypted data is to be stored [Hassan ‘780, ¶37; Fig. 3]); 
encrypt the first tweak value according to the second key of the key-pair associated with the subsystem (encrypting the first tweak value using Key2 of the cryptographic key pair, where the cryptographic key pair is associated with certain components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶37, 40, 50, 61, 71; Fig. 3]); 
encrypt a first portion of the source data according to the first key of the key-pair associated with the subsystem and the encrypted first tweak value (encrypt a first block or chunk of the input data using Key1 of the cryptographic key pair and the encrypted tweak value, where the cryptographic key pair is associated with certain components or systems within the MCU 600, 800 [Hassan ‘780, ¶¶37, 40, 50, 61, 71; Fig. 3]); 
determine a second tweak value based on a second sector address of the storage device (determine a second tweak value based on a memory sector address i (Sector Address i), where the memory sector address i may be associated with a subsequent memory block within the memory sector of the processor-external memory 110 [Hassan ‘780, ¶¶37-38, 42; Fig. 4]) and encrypt the second tweak value according to the second key (the second tweak value may be encrypted using the Key2 within the pre-tweak generator 406 and stored within the pre-tweak cache 408 [Hassan ‘780, ¶¶50, 54; Fig. 4]), 
wherein the second tweak value is determined and encrypted prior to completing encryption of the first portion of the source data (all tweak values, including the second tweak value, may be precalculated by the pre-tweak generator 406 and stored within the pre-tweak cache 408, where if the tweak value for the input memory address is already precalculated and residing in the pre-tweak cache 408, the cache controller reads the found tweak value from the pre-tweak cache 408 and provides the tweak value to be used in the encryption of input data blocks or chunks; thus the second tweak value may be determined, encrypted, and stored prior to the encryption blocks or chunks of the input data, including the first block or chunk of the input data [Hassan ‘780, ¶¶51-53; Fig. 4]); and 
encrypt a second portion of the source data according to the first key and the encrypted second tweak value (encrypt a second chunk or block of input data using Key1 and the encrypted second tweak value [Hassan ‘780, ¶¶56-59; Fig. 4]).

Hassan ‘780, as stated above, does not explicitly disclose: “An artificial reality system comprising: … a head mounted display (HMD) configured to output artificial reality content, the HMD including at least one system on chip (SoC), wherein the at least one SoC comprises: a security processor comprising processing circuitry configured to store a plurality of key-pairs to a key vault … a Direct Memory Access (DMA) engine comprising circuitry configured to receive … parameters identifying a data size …”.
Taylor ‘197, however, discloses:

a security processor comprising processing circuitry configured to store a plurality of key-pairs to a key vault … (the key management processor (KMP) is configured to load keys generated by circuits on the IC 350 into the key table 308, where the keys may be used in AES-XTS encryption [Taylor ‘197, ¶¶82-83, 85; Fig. 3]) …
a Direct Memory Access (DMA) engine comprising circuitry configured to receive … parameters identifying a data size … (meta-data is fetched by the DMA engine circuit 101, where the meta-data files include a data unit size [Taylor ‘197, ¶92; Fig. 3])

Hassan ‘780 and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for encryption and storage of data. For the reasons stated in Claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 and Taylor ‘197 before them, to modify the method in Hassan ‘780 to include the teachings of Taylor ‘197.

As stated above, Hassan ‘780 in view of Taylor ‘197 does not explicitly disclose: “An artificial reality system comprising: … a head mounted display (HMD) configured to output artificial reality content, the HMD including at least one system on chip (SoC), wherein the at least one SoC comprises: …”.
Zage ‘286, however, discloses:
An artificial reality system (processing system 1400 may be incorporated within a system-on-a-chip (SOC), where the processing system may perform AES-XTS encryption operations, and where processing system 1400 may support augmented reality (AR) or virtual reality (VR) features and applications [Zage ‘286, ¶¶364, 385-386m 391; Fig. 10]) comprising: … a head mounted display (HMD) configured to output artificial reality content, the HMD including at least one system on chip (SoC) (the system 1400, which may be incorporated into an SOC, may be integrated into a device, such as a handheld game console or a game platform, where the system 1400 may be coupled with or connected to a head mounted display device (HMD) 1411 that support AR or VR features and applications [Zage ‘286, ¶¶385-386, 391, 443; Fig. 10]), wherein the at least one SoC comprises: …

Hassan ‘780 (modified by Taylor ‘197) and Zage ‘286 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 10, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197) and Zage ‘286 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197) to include the teachings of Zage ‘286. 
 
As per claim 12: Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 discloses all limitations of claim 11, as stated above, from which claim 12 is dependent upon. Hassan ‘780 in view of Zage ‘286 does not explicitly disclose the limitations of claim 12. Taylor ‘197, however, discloses:
wherein the DMA engine is further configured to receive a key identifier (ID) identifying a location of the key-pair in the key vault (the DMA engine circuit 101 fetches meta-data, where the meta-data is associated with a key index the location of cryptographic keys pairs in the key table 308 [Taylor ‘197, ¶¶91-92, 104-105; Fig. 3]).

Hassan ‘780 (modified by Zage ‘286) and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 2, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Zage ‘286) and Taylor ‘197 before them, to modify the method in Hassan ‘780 (modified by Zage ‘286) to include the teachings of Taylor ‘197.

Claims 13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Zage ‘286, and further in view of Lam ‘609. 

As per claim 13: Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 discloses all limitations of claims 11-12, as stated above, from which claim 13 is dependent upon. Furthermore, Hassan ‘780 discloses:
	wherein the SoC (microcontroller unit (MCU) 600, 800 which may be implemented within a common chip [Hassan ‘780, ¶¶83-84, 126-127, 156; Fig. 6, Fig. 8]) further comprises (a plurality of encrypt instructions 418, where encrypt instructions specify parameters, addresses, and identifiers that are used in an encryption operation [Hassan ‘780, ¶¶44, 49-52]), each of the task records comprising (encrypt instructions include a sector address [Hassan ‘780, ¶45]), and the key ID (under the broadest reasonable interpretation, the ‘key ID’ is interpreted as the combination of the tag_ID, M_ID, and VM_ID, where the key selector 404 may use the control information (tag_ID, M_ID, VM_ID) to select the key pair from the key memory 402, and where the tag_ID, M_ID, and VM_ID are contained within the encrypt instructions 418 [Hassan ‘780, ¶¶44, 163]), wherein the encryption engine obtains a task record (cryptographic device 400, 500, 612, 812 receives encrypt instructions 418 to determine a first sector address and cryptographic key pairs [Hassan ‘780, ¶42-45, 49-50]).

	As stated above, Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 does not explicitly disclose: “a First-in, First-out (FIFO) queue configured to store a plurality of task records … comprising a block length …”. 
	Lam ‘609, however, discloses:
	a First-in, First-out (FIFO) queue configured to store a plurality of task records (First-In-First-Out (FIFO) queues for storing references to descriptors, where descriptors are used to provide the necessary information for an engine to operate on a task [Lam ‘609, Col. 13 lines 21-32, Col. 14 lines 20-40; Fig. 8, Fig. 9]) … comprising a block length (the descriptor comprises a plurality of parameters, such as block size [Lam ‘609, Col. 13 lines 33-46; Fig. 8])…

Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) and Lam ‘609 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 3, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) and Lam ‘609 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) to include the teachings of Lam ‘609.
 
As per claim 15: Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 discloses all limitations of claim 11, as stated above, from which claim 15 is dependent upon. Furthermore, Hassan ‘780 discloses:
wherein the encryption engine comprises a plurality of interfaces (cryptographic device 400, 500, 612, 812 comprises a plurality of interfaces, such as interface 106 and memory transaction generator 624, 824 [Hassan ‘780, ¶¶40, 42, 118; Fig. 1, Fig. 6]), including 
a first interface to receive the source data (interface 106 to receive data to be encrypted [Hassan ‘780, ¶¶30, 42-43; Fig. 1, Fig. 4]), 
a second interface to output encrypted source data (memory transaction generator 624, 824 to output the encrypted results to the processor-external memory 110 [Hassan ‘780, ¶118; Fig. 6]), and 
a (interface 106 to receive encrypt instruction parameters of the data to be encrypted, where encrypt instruction parameters include one or more memory-related parameters and identifiers derived from components or systems within the MCU 600, 800, and where the encrypt instruction parameters are generated by DMA engines 608, 808, or DMA master devices [Hassan ‘780, ¶¶42-48; Fig. 4), the metadata comprising (sector address [Hassan ‘780, ¶45]), and a key ID (under the broadest reasonable interpretation, the ‘key ID’ is interpreted as the combination of the tag_ID, M_ID, and VM_ID, where the key selector 404 may use the control information (tag_ID, M_ID, VM_ID) to select the key pair from the key memory 402, and where the tag_ID, M_ID, and VM_ID are contained within the encrypt instructions 418 [Hassan ‘780, ¶¶44, 163]).

	As stated above, Hassan ‘780 in view of Zage ‘286 does not explicitly disclose: “a third interface to receive metadata describing a DMA transfer of the source data … the metadata comprising a block length …”.
	 Taylor ‘197, however, discloses: 
a third interface to receive metadata describing a DMA transfer of the source data (a third interface 114, where input commands and data are passed from the DMA engine circuit 101 across interface 114 [Taylor ‘197, ¶66; Fig. 3]) 

Hassan ‘780 (modified by Zage ‘286) and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 6, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Zage ‘286) and Taylor ‘197 before them, to modify the method in Hassan ‘780 (modified by Zage ‘286) to include the teachings of Taylor ‘197. 

As stated above, Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 does not explicitly disclose: “… the metadata comprising a block length …”.
	Lam ‘609, however, discloses:
	… the metadata comprising a block length (the descriptor comprises a plurality of parameters, such as block size [Lam ‘609, Col. 13 lines 33-46; Fig. 8]) …

Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) and Lam ‘609 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 6, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) and Lam ‘609 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) to include the teachings of Lam ‘609. 

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Hassan ‘780, in view of Taylor ‘197, and further in view of Zage ‘286, and further in view of Lee ‘770. 

As per claim 14: Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 discloses all limitations of claim 11, as stated above, from which claim 14 is dependent upon. Furthermore, Hassan ‘780 discloses:
wherein the SoC (microcontroller unit (MCU) 600, 800 which may be implemented within a common chip [Hassan ‘780, ¶¶83-84, 126-127, 156; Fig. 6, Fig. 8]) further comprises (a sector is defined by the encrypt instructions 418, where the encrypt instructions 418 provide a memory address including a memory sector address indicating a memory sector of the processor-external memory 110 and a memory block address indicating a memory block within the indicated memory sector of the processor-external memory 110, and a memory tag identifier (Tag_ID) identifying a portion of the processor-external memory 110 [Hassan ‘780, ¶¶42-46; Fig. 4]), wherein the encryption engine utilizes the sector (the cryptographic device 400, 500, 612, 812 uses the encrypt instruction parameters within the encrypt instructions 418 to determine a plurality of tweak values, where the plurality of tweak values may include a second tweak value [Hassan ‘780, ¶¶49, 51, 54, 56-57; Fig. 4]).

As stated above, Hassan ‘780 in view of Zage ‘286 does not explicitly disclose: “… a configuration status register associated with the storage device, the configuration status register defining a sector size … utilizes the sector size to determine …”
Taylor ‘197, however, discloses:
… a configuration status register associated with the storage device, the configuration status register (a set of configuration registers within the DMA engine circuit 101, where the DMA engine circuit 101 utilizes the configuration registers in transferring data from the integrated circuit to a memory [Taylor ‘197, ¶¶64-66; Fig. 1, Fig. 4(a)]) 

Hassan ‘780 (modified by Zage ‘286) and Taylor ‘197 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for encryption and storage of data. For the reasons stated in Claim 4, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Zage ‘286) and Taylor ‘197 before them, to modify the method in Hassan ‘780 (modified by Zage ‘286) to include the teachings of Taylor ‘197. 

As stated above, Hassan ‘780 in view of Taylor ‘197 and further in view of Zage ‘286 does not explicitly disclose: “… defining a sector size … utilizes the sector size to determine …”. 
	Lee ‘770, however, discloses:
	… defining a sector size (tweak buffer storing tweak build information, where tweak build information defines a sector size [Lee ‘770, Col. 5 lines 58-67, Col. 7 lines 57-67]) … utilizes the sector size to determine (the tweak build information, which comprises the sector size, is used by the processing logic 140 to process and encrypt the corresponding sectors [Lee ‘770, Col. 6 lines 35-49, Col. 10 lines 11-49; Fig. 2]) …

Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) and Lee ‘770 are analogous art because they are from the same field of endeavor, namely that of cryptographic devices utilizing XTS for encryption and storage of data. For the reasons stated in Claim 4, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) and Lee ‘770 before them, to modify the method in Hassan ‘780 (modified by Taylor ‘197 & Zage ‘286) to include the teachings of Lee ‘770. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Choi et al., US 2017/0054550 A1: method for encryption in a device by generating a tweak value corresponding to block data from among sequential block data and performing the encryption from the block data using the tweak value.
Bhattacharrya et al., US 2017/0063532 A1: directing selection of AES-XTS encrypted data from encryption pipelines to which a physical address of a memory request is directed. The result of the selection may result in bypassing encryption/decryption of the data.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 8:00am-5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494


/SHANTO ABEDIN/Primary Examiner, Art Unit 2494