DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 6, 9,11-13, and 16-24 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Response to Amendment
This action is in response to the communications and remarks filed on 06/03/2022. Claims 25-32 have been previously withdrawn. Claim 3-4 and 34 have been previously cancelled. No claim amendments. Claims 1-2, 5, 7-8, 10, 14-15, 33, and 35 have been examined and are pending.
Response to Arguments
Applicant’s arguments, see pages 12-15, filed 06/03/2022, with respect to the rejection(s) of claim(s) 1-2, 5, 7-8, 10, 14-15, 33, and 35 under Durham et al., hereinafter (“Durham”), US PG Publication (20160371199 A1), in view of Lee, US Patent (10,164,770 B1)  have been fully considered and are not persuasive.  

Applicants’ arguments in the instant Amendment, filed on 06/03/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “...claims 1, 2, 5, 8, 10, 14, 15, 33, and 35 under 35 U.S.C. §103 as being unpatentable over U.S. Patent Application Publication No. 2016/0371199 of Durham et al. (hereinafter "Durham") in view of U.S. Patent No. 10,164,770 issued to Lee et al. (hereinafter "Lee"). The Examiner further rejects various claims under 35 U.S.C. §103 as being unpatentable over several references, including Durham, Lee, and U.S. Patent No. 6,594,751 issued to Leivent et al. (hereinafter "Leivent"). These rejections are respectfully traversed...” The Office Action relies on Lee as allegedly disclosing these features; however, Lee does not disclose an identification tag of a memory address pointer being used as a tweak to an encryption of data object, nor does it disclose an encryption tag of a memory address pointer that identifies encryption keys used in the encryption. Instead, the cited portions of Lee describe "tweak build information" (relied upon as allegedly disclosing the recited "encryption tag") stored in a buffer (e.g., 121/122 of Fig. 3 of Lee), which includes (among other things) a "valid bit" (relied upon as allegedly disclosing the recited identification tag) and a "Key 1" (relied upon as allegedly disclosing the recited encryption keys). However, none of these things in Lee are tags to a memory address pointer as recited by claim 1, and none of them are used to identify encryption keys used in the encryption process. Thus, Lee does not disclose the recited identification tag and encryption tag of claim 1.  
The Examiner respectfully submits that Lee does disclose “an identification tag of a memory address pointer being used as a tweak to an encryption of data object and an encryption tag of a memory address pointer that identifies encryption keys used in the encryption.” Examiner sees how the previous underlining may have been misleading for the mapping of an identification tag of a memory address pointer being used as a tweak to an encryption of a data object as analogous to the buffer ID; thus are elements of: tweak zero (0) value and the last round key value stored in buffer 121/buffer 122 of the tweak buffer logic 120 points to the selected buffer to be mapped and store the tweak information based partially on the buffer ID. 
Arguably, Examiner viewed the tweak builder 110, tweak buffer logic 120 and processing logic 140 of the data cryptography device 100; as analogous to the pointer metadata table 162, pointer circuitry 126 and encryption circuitry 122, respectively: components of the CPU 112 [specification, p. 4, lines 15-18, p. 5, lines 29-30, and p. 8, lines 23-30]. The identification tag 204 is appended to physical address 208 [specification, p. 9, lines 24-25].
Hence, the output of the tweak buffer logic 120 temporarily stores tweak build information that includes at least a tweak zero (0) value, a last round key value computed from the tweak builder logic 110 for each sector of the input data as part of the cryptography process [Lee, Figs. 2 and 3; Col 5, lines 58-67]. Lee states that the input data known as the Tweak Builder interface – TWB I/F – is the tweak build request, which starts the computation of the tweak zero (0) and last round value to be stored in a buffer (i.e. buffer 121 or buffer 122 pointed by the buffer ID) by the Range Search logic 113 and AES Encryption Core 112. The range information can include encryption/decryption keys (Key 1, Key 2), an initialization vector (IV), and operational configuration data related to AES operation. A tweak zero (0) computation latency is caused by computing a tweak zero (0) value related to AES operation. A last round key computation latency is caused by computing a last round key value related to AES operation which is used in decryption. Range searching, tweak zero (0) computations, and last round key computations are discussed further later herein [Lee, Col 5, lines 20-29].  The tweak build request consists of the sector LBA, Sector size, and Buffer ID (an identification tag of a memory address pointer being used as a tweak to an encryption of data object) initiates the computation by performing range searches. Along with the tweak zero (0) and the last round key (an encryption tag of a memory address pointer  ), a sector size, a bypass indicator, Key 1 (encryption keys), Key size, and a valid bit as a tweak build information (a tweak input to an encryption algorithm). The MUX 125 is configured to transfer the tweak build information, which is the encryption/decryption information, out of tweak buffer logic 120 to processing logic 140 to perform encryption/decryption algorithm of method 400 [Lee, Col 5, lines 67 – Col 6, lines 1-2; Fig. 3, Col 7, lines 44-67; and Col 8, lines 29-32 and 37-38]. Examiner interprets all the concatenated or multiplexed elements as analogous to the tweak input to the encryption algorithm, which is then further multiplexed before the processing logic 140 performs the exclusive-OR (XOR’d) logic 141 based encryption techniques. Processing logic 140 is configured to perform pipeline processing on multiple blocks of each sector of the input data, via a multi-core processor, based at least in part on the tweak zero (0) value and the last round key value computed for each sector by tweak builder logic 110. Processing logic 140 is also configured to perform pipeline processing on multiple sectors for each command of the input data based at least in part on the path control information [Lee, Col 5, lines 14-22].
As such, Examiner has remapped to properly cite and convey analogous elements. Thus, Lee is maintained as the secondary reference to reject claims 1, 2, 5, 8, 10, 14, 15, 33, and 35.
Applicant’s arguments: “Further, Durham discloses range and permission metadata that have specific purposes, e.g., range metadata "allows a executing programs to manipulate the value of the indirect address 114 within a valid range, but will corrupt the indirect address 114 if the memory is accessed ... beyond the valid range"1 and permission metadata that "can prevent program code from accessing memory that it does not have permission to access."2 The Office Action has not shown that either one of these metadata of Durham are used to identify encryption keys used in an encryption of underlying data objects. Moreover, modifying the teachings of Durham to include the "tweak build information" of Lee would only contribute potentially to what tweak is used in the encryption, and would not address this deficiency of the rejection with respect to the recited encryption tag. 
		For at least these reasons, Applicant asserts that independent Claim 1 is allowable over each of the references of record, both individually and combinations thereof. The other independent claims recite limitations similar, but not identical, to those recited in independent Claim 1. Therefore, these claims are also allowable, for example, for the same reasons as identified above. Additionally, the corresponding dependent claims from these independent claims are also patentably distinct for analogous reasons. Notice to this effect is respectfully requested in the form of a full allowance of these claims.”
The Examiner respectfully submits that Durham does disclose “...identify encryption keys used in an encryption of underlying data objects”. 
In block 422, the computing device 100 encrypts a portion of the indirect address, where the portion of the indirect address to be encrypted is determined by the valid range metadata (e.g., exponent/2's power) and the adjustment value. The valid range metadata determines the number of the most significant address bits of the encoded address that are to be encrypted (e.g., down to a minimum number so some address bits will always be encrypted). In some embodiments, the adjustment value is encrypted as well (e.g., to create a reasonable block size for a block cipher). In some embodiments, the most significant bits of the used bits/canonical address identified in the valid range metadata are encrypted with a secret key (e.g., the secret key 116), using the valid range metadata (which may or may not include the adjustment value) as a tweak [Durham, ¶0047].
The illustrative indirect address 114 is embodied as a register 112 (e.g., a general purpose register of the processor 102). The illustrative secret key 116 is generated by a key creation module 148 of a privileged system component 142, and stored in one of the registers 112 (e.g., a special purpose register or machine specific register (MSR)), or another memory location that is readable by the processor 102. In other embodiments, the secret key 116 used to secure indirect addresses can be stored in another memory location, such as in firmware, in a secure portion of the data storage device 126 or another data storage device, or another form of memory suitable for performing the functions described herein [Durham, ¶0022].
Examiner sees how the previous mapping of claim limitations which may have been misleading. As such, Examiner has remapped to properly cite and convey analogous elements. Thus, Durham is maintained as the primary reference used to reject the claims below.
Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 5, 8, 10, 14-15, 33, and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Durham et al., hereinafter (“Durham”), US PG Publication (20160371199 A1), in view of Lee, US Patent (10,164,770 B1).

Regarding  claim 1, Durham teaches an apparatus, comprising: 
a plurality of processor cores; [Durham, ¶0030: multi-core processor or other multiple-CPU processor] 
cache memory communicatively coupled to one or more of the plurality of processor cores; [Durham, ¶¶0020 and 0030-0031] and
pointer security circuitry to define memory tags in memory address pointers, the memory tags comprising an identification tag and an encryption tag; [Durham, ¶0018: FIG. 1, an embodiment of a computing device 100 includes a processor 102 having a set of secure memory access logic 150 and a number of registers 112. ¶0020: The secure memory access logic 150 (pointer security circuitry) is executable by the computing device 100 to provide security for indirect addresses “inline,” e.g., during execution of a program (such as a user space software application) by the computing device 100. As used herein, “indirect address” may refer to, among other things, an address of a memory location at which other data or instructions are stored, e.g., a register acting as a pointer. As such, the indirect address 114 (memory address pointers)  may be embodied as, for example, a data pointer (which refers to a location of data), a code pointer (which refers to a location of executable code), an instruction pointer, or a stack pointer. Indirect addresses may be referred to by other terminology, such as “pointer,” “address pointer,” or “pointer address.” As used herein, “metadata” (memory tags) may refer to, among other things, information about or relating to an indirect address 114, such as a valid data range, a valid code range, pointer access permissions, etc. ¶0044: ...a simple example of range metadata encoding of addresses 0000b-0011b to fit the range 0-3 where the upper two bits do not change. However, if a pointer is modified to go to the index 4, one of the upper bits will change. Accordingly, the valid range metadata can be encoded as [2] the valid range metadata can be encoded as [2] (for the upper two bits to encode a range of 4) and the valid range metadata can be stored in the higher non-canonical bits (an identification tag), e.g., “[2] 00xxb.” In this example, the exponent would be 2 bits in size (e.g., values [1-4]), to cover the 4 bit addresses used in the example. ¶0045: In the encoded addresses in the third column of Table 1, the number in brackets, e.g., [2], is the exponent or valid range metadata; the number in braces, e.g., {3}, is the adjustment value, and the address to the right of the adjustment value indicates the unused/non-canonical bits in which the valid range metadata and adjustment value are stored. In block 420, the computing device 100 determines the adjustment (or “offset”) to be applied to the valid range (an encryption tag), and stores the adjustment value in the unused/non-canonical bits of the indirect address. ] and
While Durham teaches an identification tag, encryption circuitry, one or more encryption keys used in the encryption algorithm, and a tweak input [Durham, ¶0025: encrypting logic 158 (encryption algorithm) encrypts using secret key 116 (one or more encryption keys) and a tweak (a tweak input); ¶0044:  the valid range metadata can be stored in the higher non-canonical bits (an identification tag) and the adjustment (or “offset”) to be applied to the valid range (an encryption tag)]; however, Durham fails to explicitly teach but Lee teaches encryption circuitry to cryptographically secure data objects at least partially based on the memory tags, wherein the encryption circuitry is to use the identification tag to at least partially define a tweak input to an encryption algorithm used to cryptographically secure the data objects and use the encryption tag to identify one or more encryption keys used in the encryption algorithm. [Lee, Col 5, lines 67 – Col 6, lines 1-2 and Fig. 3; Col 7, lines 44-67] tweak build request consists of the sector LBA, Sector size, and Buffer ID (an identification tag to at least partially define a tweak input to an encryption algorithm used to cryptographically secure the data objects) initiates the computation by performing range searches. Along with the tweak zero (0) and the last round key (use the encryption tag to identify one or more encryption keys used in the encryption algorithm), a sector size, a bypass indicator, Keys 1/2 (encryption keys), Key size, and a valid bit as a tweak build information (a tweak input to an encryption algorithm). The MUX 125 is configured to transfer the tweak build information, which is the encryption/decryption information, out of tweak buffer logic 120 to processing logic 140 (encryption circuitry to cryptographically secure data objects)]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of a cryptographic pointer address encoding system of Durham before him or her by including the teachings of pipelined data cryptography device and method of Lee. The motivation/suggestion would have been to show that it would be obvious to try the secure memory access logic 150 of Durham with the processing logic 140 performing pipeline to process input data based to compute on tweak zero (0) value and last round key to encryption of Lee [Lee, Col 3, lines 27-35 and Col 6, lines 12-22].
Regarding claim 2, the combination of Durham and Lee claim 1 as described above.
Durham teaches wherein the identification tag identifies a type, a function, a memory location, or a use for a data object. [Durham, ¶0042: computing device 100 determines whether calling code initiates memory allocation by the memory manager module 144 based on the encoded addresses on the indirect address 114.] 

Regarding claim 5, the combination of Durham and Lee claim 1 as described above.
Durham teaches wherein the memory tags include a small object tag, wherein the pointer security circuitry is to determine a value for a tweak input to the encryption algorithm at least partially based on a value of the small object tag. [Durham,  ¶0042: ... the computing device 100 may simply use the higher (e.g., most significant) unused/non-canonical bits (a small object tag) of the indirect address. See ¶0044:  the valid range metadata can be stored in the higher non-canonical bits (an identification tag) and the adjustment (or “offset”) to be applied to the valid range (an encryption tag); ¶0048: a second input to block cipher is referred as tweak (a tweak input). Hence]

Regarding  claim 8, the combination of Durham and Lee teach claim 1 as described above.
Durham teaches wherein the ¶0054: In block 510, the computing device 100 obtains the encoded indirect address (e.g., the encoded address 206, which may be obtained from a register 112). In block 512, the computing device 100 determines whether the encoded address obtained in block 510 has unused or non-canonical bits. If the computing device 100 determines that the encoded address does not have unused/non-canonical bit (e.g., the address doesn't fall within the non-canonical, or otherwise reserved, range of addresses, whether the address range is 32-bit, 64-bit, 128-bit or whatever range an alternate architecture may require). Method 500 allows the computing device 100 to verify the range-encoded indirect address and enforce the embedded range (a bound tag embedded within a virtual memory address) check before converting the range-encoded address into a real memory address.]
Regarding claim 10, Durham teaches computer-readable device having instructions, which when executed by at least one processor, cause the at least one processor to perform operations, comprising:
receive a request to define a memory address pointer; [Durham, ¶0018: Address encoding logic 152 of the secure memory access logic 150 is invoked (a request) by a function (i.e. malloc, alloc, or new; or implicitly via the loader, or statically allocating memory by the compiler) when memory is allocated. As a result, the indirect address 114 (a memory address pointer), which points to the allocated memory, is encoded with the address metadata.]
identify a type or function of data referenced by the memory address pointer; [See Durham, ¶0018: Address encoding logic 152 of the secure memory access logic 150 is invoked (a request) by a function (i.e. malloc, alloc, or new; or implicitly via the loader, or statically allocating memory by the compiler) when memory is allocated. As a result, the indirect address 114 (a memory address pointer), which points to the allocated memory, is encoded with the address metadata (a type).]
generate an identification tag associated with the type or function of the data; [Durham, See ¶0044: ... the valid range metadata can be stored in the higher non-canonical bits (an identification tag), e.g., “[2] 00xxb.” In this example, the exponent would be 2 bits in size (e.g., values [1-4]), to cover the 4 bit addresses (type of the data) used in the example. ]
embed the identification tag within the memory address pointer; [Durham, 
See ¶0020: As used herein, “indirect address” may refer to, among other things, an address of a memory location at which other data or instructions are stored, e.g., a register acting as a pointer. As such, the indirect address 114  (memory address pointers)  may be embodied as, for example, a data pointer (which refers to a location of data) ¶0044: ..., the valid range metadata can be encoded as [2] the valid range metadata can be encoded as [2] (for the upper two bits to encode a range of 4) and the valid range metadata can be stored in the higher non-canonical bits (an identification tag), e.g., “[2] 00xxb.”.]
While Durham teaches one or more encryption keys [See Durham, ¶0025:...encrypting logic 158 encrypts the selected portion of the indirect address 114 (and the adjustment, in some embodiments), using the secret key 116 and a tweak.]; however, Durham fails to explicitly teach but Lee teaches generate an encryption tag that identifies one or more encryption keys; [Lee, Col 7, lines 57-63: tweak zero (0) value and the last round key value stored in buffer 121/buffer 122 pointed to by the buffer ID of the tweak buffer logic 120 along with a Key 1 (one or more encryption keys), Key size, and a valid bit as tweak build information (encryption tag) (encryption/decryption information in Fig. 3).]
embed the encryption tag within the memory address pointer; [Lee, Col 5, lines 44-47: processing logic 140 receives input data via I/F to be encrypted or decrypted as part of cryptography process on sector-by-sector basis. Col 6, lines 1-2: tweak build information out of tweak buffer logic 120 to processing logic 140. Col 7, lines 1-6: a write pointer (start) from core control logic 143 to determine idle core of multi-core processor 144] and 
encrypt the data with an encryption algorithm using the one or more encryption keys and tweak to the encryption algorithm that is at least partially defined by the identification tag. [Lee, Col 6, lines 41-45: processing logic 140 is started by start request along with encrypt information (tweak build information), such as Key 1, from tweak buffer logic 120. Col 6, lines 50-61: processing logic 140 includes excludes-OR (XOR) logic 141 and output XOR logic 142, where input data stream is divided into 16-byte AES blocks and each AES block XOR’d associated with a tweak value before encryption.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of a cryptographic pointer address encoding system of Durham before him or her by including the teachings of pipelined data cryptography device and method of Lee. The motivation/suggestion would have been to show that it would be obvious to try the Address encoding logic 152 of the secure memory access logic 150 of Durham with the processing logic 140 performing pipeline to process input data based on tweak zero (0) value and last round key to encryption [Lee, Col 3, lines 27-35 and Col 6, lines 12-22].
Regarding claim 14, the combination of Durham and Lee teach claim 10 as described above.
 Durham teaches wherein the memory address pointer is a virtual memory address pointer. [Durham, ¶0036: memory manager module 144 allocates portions of memory 122 (i.e. ranges of virtual memory addresses)] 

Regarding claim 15, the combination of Durham and Lee teach claim 10 as described above.
Durham teaches wherein the tweak to the encryption algorithm includes the identification tag and a physical memory address. [Durham, See  ¶0044: ... the valid range metadata can be encoded as [2] the valid range metadata can be encoded as [2] (for the upper two bits to encode a range of 4) and the valid range metadata can be stored in the higher non-canonical bits (an identification tag), e.g., “[2] 00xxb.” In this example, the exponent would be 2 bits in size (e.g., values [1-4]), to cover the 4 bit addresses used in the example. ¶0045:..the computing device 100 determines the adjustment (or “offset”) to be applied to the valid range (an encryption tag), and stores the adjustment value in the unused/non-canonical bits of the indirect address. ]

Regarding claim 33, the combination of Durham and Lee teach claim 1 as described above.
 Durham teaches wherein the encryption circuitry further is to use the identification tag to identify the one or more encryption keys used in the encryption algorithm. [Durham, See Durham, ¶0022: secret key 116 (one or more encryption keys used in the encryption algorithm) is generated by a key creation module 148 of a privileged system component 142, and stored in one of the registers 112. ¶0023: ...returns an indirect address 114 and metadata (e.g. range (an identification tag). ¶0025: a tweak (a tweak input). ¶0036: algorithm] 

Regarding new claim 35, the combination of Durham and Lee teach claim 1 as described above.
Durham teaches wherein the encryption tag is used to identify the one or more encryption keys in a key table of the apparatus. [Durham, See ¶0022: secret key 116 (one or more encryption keys used in the encryption algorithm) is generated by a key creation module 148 of a privileged system component 142, and stored in one of the registers 112 (a key table of the apparatus).] 
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Durham et al., hereinafter (“Durham”), US PG Publication (20160371199 A1), in view of Lee, US Patent (10,164,770 B1), in view of Leivent et al., hereinafter (“Leivent”), US PG Publication (6,594,751 B1).
Regarding claim 7, the combination of Durham and Lee teach claim 1 as described above.
However, the combination of Durham and Lee fail to explicitly teach but Leivent teaches wherein the one or more memory tags include a bound distance tag, wherein the pointer security circuitry is configured to identify a distance of stray of a memory address pointer from a location of an object. [Leivent, Col 9, lines 45-47: a cluster field 217 indicating the cluster in the Segment of that database, and an offset field 218 indicating the offset or distance in addressable units (bytes) from the beginning of the cluster at which the region begins]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Durham and Lee before him or her by including the teachings of Leivent. The motivation/suggestion would have been to show that it would be obvious to try using components of a databases’ segments specifically the cluster 73 which contain: addressable locations and an offset or addressable distance of that cluster segment [Leivent, Col 5, lines 9-15].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Chung et al (10474589 B1) discloses Security Devices, Electronic Devices And Methods Of Operating Electronic Devices.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Sakinah White Taylor/Primary Examiner, Art Unit 2497