Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the communication filed on 5/10/2022.
The examiner has considered the applicants’ arguments filed 5/10/2022.  Because they pertain to the claim amendments which added new subject matter, the arguments are moot in view of the new grounds of rejection presented below.
The examiner notes the applicants’ lack of traverse of the examiner’s previous statements regarding what was well known in the art before the effective filing date of the invention.  As such, the examiner is now considering those statements to be applicant admitted prior art.  See MPEP Section 2144.03(c).
All objections and rejections not set forth below have been withdrawn.
Claims 1-6, 8-17, and 19-21 have been examined.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-6, 8-17, and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Awad et al. (US Patent Application Publication Number 2019/0394021), and further in view of Nardi et al. (US Patent Application Publication Number 2020/0401534), and further in view of Yoshino et al. (US Patent Application Publication Number 2019/0130125).
Regarding claim 1, Awad disclosed an apparatus comprising: memory control circuitry configured to control access to data stored in memory (Awad Fig. 1 and Paragraphs 0094-0096 for example); and memory security circuitry configured to generate encrypted data to be stored in the memory, the encrypted data being based on target data and a first one-time-pad (OTP) (Awad Fig. 1 and Paragraphs 0094-0096 for example); wherein, in response to an OTP update event indicating that the first OTP is to be updated to a second OTP different to the first OTP, the memory security circuitry is configured to issue a re-encryption request to cause updated encrypted data to be generated in a downstream component based on the encrypted data and to cause the encrypted data to be replaced in the memory by the updated encrypted data (Awad Fig. 1 and Paragraphs 0094-0096 for example), but Awad did not explicitly teach that the updated encrypted data is generated in at least one of: the memory; a memory controller for controlling access to the memory; at least one dynamic random access memory unit; and a controller associated with a three-dimensional integrated circuit comprising a plurality of memory storage integrated circuit layers.
In an analogous art of memory encryption, Nardi taught that encryption and decryption of the data being written to and read from memory can be performed within the memory itself (Nardi Paragraphs 0026-0028 for example).  It would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the teachings of Nardi in the memory encryption system of Awad and Yoshino by implementing the encryption and decryption operations, including data re-encryption, in the memory itself.  This would have been obvious because the person having ordinary skill in the art would have been motivated to reduce the latency of the encryption/decryption operations.  
Further, Awad and Nardi did not explicitly teach how the re-encryption was accomplished or that the memory security circuitry is configured to generate a re-encryption value based on the first OTP and the second OTP.
Yoshino taught a method for data encryption where data is encrypted by XOR with a keystream, and taught re-encrypting the data involving generating a new key stream, XOR between the old key stream and the new key stream to produce a re-encryption value, and then performing XOR between the encrypted data and the re-encryption value to produce reencrypted data (Yoshino Figs. 7, 12, and 13 and Paragraphs 0137-0142, and 0227-0249).
It would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the teachings of Yoshino in the encryption system of Awad and Nardi by using the re-encryption method of Yoshino to perform the generically taught re-encryption of Awad and Nardi.  This would have been obvious because the person having ordinary skill in the art would have been motivated to provide a specific means for re-encrypting the memory without exposing the plaintext data.

Regarding claims 19 and 20, Awad disclosed a method comprising: generating encrypted data to be stored in memory, the encrypted data being based on target data and a first one-time-pad (OTP) (Awad Fig. 1 and Paragraphs 0094-0096 for example); and in response to an OTP update event indicating that the first OTP is to be updated to a second OTP different from the first OTP issuing a re-encryption request to cause updated encrypted data to be generated in a downstream component based on the encrypted data and to cause the encrypted data to be replaced in the memory by the updated encrypted data (Awad Fig. 1 and Paragraphs 0094-0096 for example), but Awad did not explicitly teach that the updated encrypted data is generated in at least one of: the memory; a memory controller for controlling access to the memory; at least one dynamic random access memory unit; and a controller associated with a three-dimensional integrated circuit comprising a plurality of memory storage integrated circuit layers.
In an analogous art of memory encryption, Nardi taught that encryption and decryption of the data being written to and read from memory can be performed within the memory itself (Nardi Paragraphs 0026-0028 for example).  It would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the teachings of Nardi in the memory encryption system of Awad and Yoshino by implementing the encryption and decryption operations, including data re-encryption, in the memory itself.  This would have been obvious because the person having ordinary skill in the art would have been motivated to reduce the latency of the encryption/decryption operations.  
Further, Awad and Nardi did not explicitly teach how the re-encryption was accomplished or that the memory security circuitry is configured to generate a re-encryption value based on the first OTP and the second OTP.
Yoshino taught a method for data encryption where data is encrypted by XOR with a keystream, and taught re-encrypting the data involving generating a new key stream, XOR between the old key stream and the new key stream to produce a re-encryption value, and then performing XOR between the encrypted data and the re-encryption value to produce reencrypted data (Yoshino Figs. 7, 12, and 13 and Paragraphs 0137-0142, and 0227-0249).
It would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the teachings of Yoshino in the encryption system of Awad and Nardi by using the re-encryption method of Yoshino to perform the generically taught re-encryption of Awad and Nardi.  This would have been obvious because the person having ordinary skill in the art would have been motivated to provide a specific means for re-encrypting the memory without exposing the plaintext data.

Regarding claim 2, Awad, Nardi, and Yoshino taught that the first OTP is dependent on first values of a key and a nonce at a time of encrypting the target data (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); the second OTP is dependent on second values of the key and the nonce obtained in response to the OTP update event (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); and the memory security circuitry is configured to generate the re-encryption value based on the first values of the key and the nonce and the second values of the key and the nonce (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example, and Yoshino Paragraph 0234).
Regarding claim 3, Awad, Nardi, and Yoshino taught that the OTP update event comprises an indication that a predetermined period has passed since a previous key update event for updating the key (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example).
Regarding claim 4, Awad, Nardi, and Yoshino taught that the nonce comprises a counter, and the memory security circuitry is configured to increment the counter in response to a write to the address in memory associated with the encrypted data (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); and the OTP update event comprises a counter overflow event associated with the counter (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example).
Regarding claim 5, Awad, Nardi, and Yoshino taught that the counter comprises a split counter comprising a combination of a major counter shared between a plurality of data blocks including the target data and at least one other data block, and a respective minor counter specified separately for each data block in the plurality of data blocks (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); and the OTP update event comprises at least one of: a major counter overflow event associated with the major counter (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); and a minor counter overflow event associated with a minor counter associated with a given data block among said at least one other data block (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example).
Regarding claim 6, Awad, Nardi, and Yoshino taught that the memory security circuitry is configured to perform at least one of: in response to the minor counter overflow event, incrementing the major counter and issuing the re-encryption request for the plurality of data blocks other than said given data block (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); and in response to the major counter overflow event, updating the key and issuing the re-encryption request for data blocks encrypted using the previous value of the key (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example).
Regarding claim 8, Awad, Nardi, and Yoshino taught that the memory security circuitry is configured to be within a trust boundary of the apparatus, wherein data stored outside the trust boundary is accessible to external agents (Awad Paragraph 0110 for example); but did not explicitly teach that the memory security circuitry is configured to issue the re-encryption request beyond the trust boundary to cause the updated encrypted data to be generated outside the trust boundary.  However, it was well known in the art before the effective filing date of the invention for secure memory to include the encryption/decryption circuitry and for the encryption/decryption of data being stored to/retrieved from to be performed by the cryptographic circuitry of the secure memory.  As such, it would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed this common knowledge into the system of Awad, Nardi, and Yoshino by having the encryption/decryption be performed by cryptographic circuitry in the secure memory.  This would have been obvious because the person having ordinary skill in the art would have been motivated to lessen the cryptographic processing load on the processor.

Regarding claim 9, Awad, Nardi, and Yoshino taught that the re-encryption request comprises a request to cause the updated encrypted data to be generated in the downstream component by applying an exclusive-OR function to the re-encryption value and the encrypted data (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example and Yoshino Figs. 7, 12, and 13 and Paragraphs 0137-0142, and 0227-0249).
Regarding claim 10, Awad, Nardi, and Yoshino taught that following the re-encryption request, the updated encrypted data is decryptable based on the second OTP independently of the first OTP (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example and Yoshino Figs. 7, 12, and 13 and Paragraphs 0137-0142, and 0227-0249).
Regarding claim 11, Awad, Nardi, and Yoshino taught that the memory security circuitry is configured to generate an authentication code to be stored in the memory, generation of the authentication code comprising applying a hash function to the target data (Awad Paragraphs 0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC); at a time of reading data from an address associated with the target data in the memory, the memory security circuitry is configured to compare the authentication code with a result of decrypting the read data and applying the hash function to the decrypted data (Awad Paragraphs 0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC).
Regarding claim 12, Awad, Nardi, and Yoshino taught that in the generation of the authentication code, the hash function is applied to a value which the target data has prior to encryption based on the first OTP (Awad Paragraphs 0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC).
Regarding claim 13, Awad, Nardi, and Yoshino taught that the generation of the authentication code comprises applying an operation to a first value dependent on a hash value obtained by applying the hash function to the target data, and a second value dependent on an authentication OTP, the authentication OTP being independent of the target data (Awad Paragraphs 0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC).
Regarding claim 14, Awad, Nardi, and Yoshino taught that the operation and an inverse of the operation each comprise an associative operation (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example XOR encryption).
Regarding claim 15, Awad, Nardi, and Yoshino taught that the first value depends on a first key, and the authentication OTP depends on a second key (Awad Paragraphs 0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC).
Regarding claim 16, Awad, Nardi, and Yoshino taught that in response to an authentication update event indicating that the authentication OTP is to be replaced by an updated authentication OTP different from the authentication OTP (Awad Paragraphs 0094-0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC), the memory security circuitry is configured to generate an authentication re-calculation value based on the authentication OTP and the updated authentication OTP, and the memory security circuitry is configured to issue an authentication re-calculation request to cause an updated authentication code to be generated in the downstream component based on the authentication code and the re-calculation value and to cause the authentication code to be replaced in memory by the updated authentication code (Awad Paragraphs 0094-0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC).
Regarding claim 17, Awad, Nardi, and Yoshino taught that the authentication OTP is dependent on an authentication key and an authentication nonce (Awad Paragraphs 0094-0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC); and the authentication update event comprises at least one of: an event indicating that the authentication key is to be replaced by an updated authentication key different from the authentication key (Awad Paragraphs 0094-0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC); an event indicating that the authentication nonce is to be replaced by an updated authentication nonce different from the authentication nonce (Awad Paragraphs 0094-0098 and 0124 for example, and further see Rogers “Using address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance- Friendly” which was incorporated by reference in Awad as citation 14, which shows that the MAC of Awad is an HMAC).
Regarding claim 21, Awad, Nardi, and Yoshino taught that the memory security circuitry is configured to perform at least one of: generating the encrypted data by applying an exclusive-OR function to the target data and the first OTP (Awad Figs. 1 and 7 and Paragraphs 0094-0096 for example); generating the re-encryption value by applying an exclusive-OR function to the first OTP and the second OTP (Yoshino Figs. 7, 12, and 13 and Paragraphs 0137-0142, and 0227-0249).
Conclusion
Claims 1-6, 8-17, and 19-21 have been rejected.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 2015/0371063 taught that encryption/decryption of data being written to/read from memory can be performed within the memory controller.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790. The examiner can normally be reached Monday- Thursday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MATTHEW T HENNING/            Primary Examiner, Art Unit 2491