DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on September 23, 2020, is accepted.
Claims 1 – 32 are being considered on the merits.

Drawings
The drawings, filed on September 23, 2020, are accepted.

Specification
The specification, filed on September 23, 2020, is accepted.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 – 32 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. The claims recite a circuit in which describes limitations such as receiving, storing, comparing, and manipulation with the generation of data or keys to determine a next round key corresponding to a block-cipher. This judicial exception is not integrated into a practical application.  The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The dependent claims only further recite the similar limitations. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6 – 12, 15 – 18, 29, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180176011 A1 to Hars in view of US 20200250318 A1 to AL Belooshi.
Regarding claim 1, Hars teaches a round key control-circuit configured to: store at least one key schedule comprising round keys, [Hars, para. 38 discloses Bit-mixers use a large amount of key material. When stored in digital memory or registers, this key material allows the personalization of the cipher (dependent of this key material, different ciphers are defined). The other alternative is hardcoding the subkeys of the bit-mixers. It makes the key schedule faster, but the resulting ciphers are also fixed, they cannot be personalized.] each round key corresponding to a data transformation round of a block cipher and comprising a plurality of key words; [Hars, para. 33 discloses Block ciphers, using secret keys, encrypt data blocks, called plaintext to ciphertext blocks, by performing iterations of transformation steps, called rounds. Round keys, derived from the cipher key, influence the transformations. The security and speed of the cipher depend on how these round keys are generated.] receive a key-word set comprising a plurality of key words of a key schedule, the key-word set comprising at least one round key; [Hars, para. 16 discloses  obtain one or more first inputs and one or more second inputs; perform, by at least one electronic circuit, a bit-mixer operation on each of the one or more first inputs and the one or more second inputs; and generate, by at least one electronic circuit, one or more round keys based on the performing. In some examples, the one or more first inputs comprise a plurality of equal sized subkeys from a key material that is divided into a plurality of equal sized key material sub-blocks, a cipher key and the one or more second inputs comprise a random input, one or more previous round keys, a round number.], but Hars does not teach determine whether the key-word set is stored in a key-schedule cache; and in response to determining the key-word set is stored in the key-schedule cache: determine whether a next round key, based on the key-word set, is stored in the key-schedule cache; in response to determining the next round key is stored in the key- schedule cache, read the next round key from the key-schedule cache; and supply the next round key to a next round key output.
However, Al Belooshi does teach determine whether the key-word set is stored in a key-schedule cache; [Al Belooshi, para. 12 discloses the key comprising a plurality of key chunks, the method comprising the steps of generating a plurality of scattered memory addresses, storing the plurality of key chunks in the plurality of generated scattered memory addresses, such that each scattered memory address stores a single key chunk among the plurality of key chunks; and generating a plurality of temporary memory addresses, wherein each temporary memory address stores a temporary value used for calculating a round key, wherein the plurality of key chunks are scattered column-wise within the plurality of scattered memory addresses.] and in response to determining the key-word set is stored in the key-schedule cache: determine whether a next round key, based on the key-word set, is stored in the key-schedule cache; [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key.] in response to determining the next round key is stored in the key-schedule cache, read the next round key from the key-schedule cache; [Al Belooshi, para. 73 discloses generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again] and supply the next round key to a next round key output. [Al Belooshi, para. 59 discloses These addresses (303 and 305) are then used to distribute the round keys. When decrypting the data, the same seed value is used to re-generate the same random addresses and retrieve the key values. At any point in time only one byte of the round key is reconstructed. The AES-CBC encryption algorithm is modified to integrate gather-decrypt phase when using the scattered round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

As per claim 6, modified Hars teaches the round key control-circuit of claim 1, further configured to receive an instruction comprising the key-word set, the instruction further comprising a request for the next round key. [Hars, para. 67 discloses The encryption unit may be configured or operable to encrypt and decrypt data for all read and write operations with an appropriate memory 204 in response to read or write requests invoking the SMTU 206. And the data-hashing unit may be configured or operable to produce data authentication tags for encrypted data (ciphertext) read from and written to the memory. In some examples, either or both of the encryption unit or data-hashing unit may employ a parallelizable cipher construction such as that described herein. And in some examples in which only one but not the other uses the parallelizable cipher construction, the other may use any of a number of other constructs. For example, the encryption unit may be configured or operable to employ an AES cipher for encryption and decryption operations, or the data-hashing unit may be configured or operable to employ a keyed hash function, as modified by using the bit-mixer round key generation as provided herein.]

Regarding claim 7, modified Hars teaches the round key control-circuit of claim 6, but Hars does not teach wherein: determining whether the key-word set is stored in the key-schedule cache is based on comparing at least a portion of the key-word set to at least a portion of key words stored in at least one cache entry.  
However, Al Belooshi does teach wherein: determining whether the key-word set is stored in the key-schedule cache is based on comparing at least a portion of the key-word set to at least a portion of key words stored in at least one cache entry. [Al Belooshi, para. 12 discloses the key comprising a plurality of key chunks, the method comprising the steps of generating a plurality of scattered memory addresses, storing the plurality of key chunks in the plurality of generated scattered memory addresses, such that each scattered memory address stores a single key chunk among the plurality of key chunks; and generating a plurality of temporary memory addresses, wherein each temporary memory address stores a temporary value used for calculating a round key, wherein the plurality of key chunks are scattered column-wise within the plurality of scattered memory addresses.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 8, modified Hars teaches the round key control-circuit of claim 6, but Hars does not teach wherein: the instruction further comprises an indication of a round number of the block cipher; determining whether the key-word set is stored in the key-schedule cache is based on comparing at least a portion of the key-word set to at least a30WT Ref. No. 1173-615Qualcomm Ref. No. 185142 portion of key words stored in at least one cache entry indicated by the round number; and in response to determining the key-word set is stored in a first one of the at least one cache entry indicated by the round number, determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to a second cache entry corresponding to the first one of the at least one cache entry.  
However, Al Belooshi does teach wherein: the instruction further comprises an indication of a round number of the block cipher; [Al Belooshi, para. 66 discloses considering the key gathering and decryption process, each time a cloud-based application needs to access the data (step 5), the agent will start an integrated gather-decrypt procedure (step 6) that will decrypt the requested data using the scattered key in the RAM (step 7). Only one byte of the AES round key is reconstructed each time. The process starts with getting the last 4 bytes values from the randomly generated memory addresses. Such values will be used to generate the round key columns and XOR the plain text state in the different rounds. After XOR process, the new generated byte value will replace the previous value stored in the RAM.] determining whether the key-word set is stored in the key-schedule cache is based on comparing at least a portion of the key-word set to at least a30WT Ref. No. 1173-615Qualcomm Ref. No. 185142 portion of key words stored in at least one cache entry indicated by the round number; [Al Belooshi, para. 12 discloses the key comprising a plurality of key chunks, the method comprising the steps of generating a plurality of scattered memory addresses, storing the plurality of key chunks in the plurality of generated scattered memory addresses, such that each scattered memory address stores a single key chunk among the plurality of key chunks; and generating a plurality of temporary memory addresses, wherein each temporary memory address stores a temporary value used for calculating a round key, wherein the plurality of key chunks are scattered column-wise within the plurality of scattered memory addresses.]
 and in response to determining the key-word set is stored in a first one of the at least one cache entry indicated by the round number, determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to a second cache entry corresponding to the first one of the at least one cache entry. [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key. In this case, the cipher key is decrypted once, using vTPM.RSA public key (PKvTPM) and stored in the scattered cached addresses. In order to generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again, repeating step 2.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 9, modified Hars teaches the round key control-circuit of claim 7, but Hars does not teach wherein: the instruction further comprises an indication of a round number of the block cipher; the key-word set comprises a cipher key; the cipher key is stored in a first cache entry; and determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to a target cache entry indicated by the first cache entry and the round number.  
	However, Al Belooshi does teach wherein: the instruction further comprises an indication of a round number of the block cipher; [Al Belooshi, para. 66 discloses considering the key gathering and decryption process, each time a cloud-based application needs to access the data (step 5), the agent will start an integrated gather-decrypt procedure (step 6) that will decrypt the requested data using the scattered key in the RAM (step 7). Only one byte of the AES round key is reconstructed each time. The process starts with getting the last 4 bytes values from the randomly generated memory addresses. Such values will be used to generate the round key columns and XOR the plain text state in the different rounds. After XOR process, the new generated byte value will replace the previous value stored in the RAM.] the key-word set comprises a cipher key; [Al Belooshi, para. 74 discloses Considering two block scattering, the first block called the cached block, is to scatter the cipher key after decryption, while the other block called the round keys block, scatters the newly generated round keys. This is depicted as step 1 and 2 in FIG. 8 (b). The cached block values never change while the round keys block values change continuously to generate new round keys and encrypt or decrypt data. With this technique the cipher key is decrypted once and scattered in a randomly allocated block, similar to the single block technique] the cipher key is stored in a first cache entry; [Al Belooshi, para. 74 discloses a single seed value is used for both blocks to save space in the vTPM storage. The uniqueness of the 20 generated addresses is checked for both blocks. Once the seed value is set, the decryption of the cipher key will start. The cached block will be filled first (step 3) with the decrypted key bytes. Then its values are copied to the round keys block addresses] and determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to a target cache entry indicated by the first cache entry and the round number. [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key. In this case, the cipher key is decrypted once, using vTPM.RSA public key (PKvTPM) and stored in the scattered cached addresses. In order to generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again, repeating step 2.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 10, modified Hars teaches the round key control-circuit of claim 9, but Hars does not teach wherein: the instruction further comprises an encryption/decryption indicator; the encryption/decryption indicator indicates encryption; and determining whether the next round key is stored in the key-schedule cache is based on the valid key indicator of a cache entry for storing a subsequent round key in an encryption order according to a key expansion algorithm of the block cipher.  
However, Al Belooshi does teach wherein: the instruction further comprises an encryption/decryption indicator; [Al Belooshi, para. 62 discloses This cryptographic service may be placed within the same VM as the cloud-based application requesting encryption/decryption or on a separate VM, in the same or in different cloud providers' environments. Our TCB (trusted computing base/the totality of protection mechanisms —hardware, firmware and software—that provide a secure computing environment) includes only the hardware, hypervisor and the vTPM (virtual trusted platform module) components.] the encryption/decryption indicator indicates encryption; [Al Belloshi, para. 44  discloses The proposed solution aims at securing cryptographic keys in the cloud. The solution carries out encryption or decryption while protecting the cryptographic keys from unauthorized access to the virtual machine (VM) random access memory (RAM), where the keys get stored. A decrypt-scatter or gather-decrypt solution which allows users to carry out encryption or decryption while protecting keys from unauthorized peeks by the cloud administrators is proposed. Para. 74 discloses the cached block values never change while the round keys block values change continuously to generate new round keys and encrypt or decrypt data.] and determining whether the next round key is stored in the key-schedule cache is based on the valid key indicator of a cache entry for storing a subsequent round key in an encryption order according to a key expansion algorithm of the block cipher. [Al Belooshi, para. 79 discloses the first main step in decrypt-scatter is to retrieve the scattered address (Line 6 of Pseudo code 1). Kaddr(i) represents the address of the key byte at position i. For the first 16 generated addresses, the encrypted cipher key will be decrypted one byte at a time using the vTPM RSA private key. Each byte is then saved in the generated addresses sequences (Line 8). The temporary column values (16,17,18,19) are prepared for generation of the next round key. For this purpose, the RotWord, SubWord and Rcon functions are performed while copying the values. For those addresses, the values are copied from values in addresses (13,14,15), respectively and their SubWord values are calculated as shown in Line 10.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 11, modified Hars teaches the round key control-circuit of claim 9, but Hars does not teach wherein: the instruction further comprises an encryption/decryption indicator; the encryption/decryption indicator indicates decryption; and determining whether the next round key is stored in the key-schedule cache is based on the valid key indicator of a cache entry for storing a subsequent round key in a decryption order according to a key expansion algorithm of the block cipher.  
However, Al Belooshi does teach further configured to: wherein: the instruction further comprises an encryption/decryption indicator; [Al Belooshi, para. 62 discloses This cryptographic service may be placed within the same VM as the cloud-based application requesting encryption/decryption or on a separate VM, in the same or in different cloud providers' environments. Our TCB (trusted computing base/the totality of protection mechanisms —hardware, firmware and software—that provide a secure computing environment) includes only the hardware, hypervisor and the vTPM (virtual trusted platform module) components.] the encryption/decryption indicator indicates decryption; [Al Belooshi, para. 44  discloses the proposed solution aims at securing cryptographic keys in the cloud. The solution carries out encryption or decryption while protecting the cryptographic keys from unauthorized access to the virtual machine (VM) random access memory (RAM), where the keys get stored. A decrypt-scatter or gather-decrypt solution which allows users to carry out encryption or decryption while protecting keys from unauthorized peeks by the cloud administrators is proposed. Para. 66 discloses considering the key gathering and decryption process, each time a cloud-based application needs to access the data (step 5), the agent will start an integrated gather-decrypt procedure (step 6) that will decrypt the requested data using the scattered key in the RAM (step 7). Para. 74 discloses the cached block values never change while the round keys block values change continuously to generate new round keys and encrypt or decrypt data.] and determining whether the next round key is stored in the key-schedule cache is based on the valid key indicator of a cache entry for storing a subsequent round key in a decryption order according to a key expansion algorithm of the block cipher. [Al Belooshi, para. 70 discloses The present implementation is based on replacing the key scheduling process and the AddRoundKey function with decrypt-scatter and gather-decrypt shown in FIG. 6 (a). Considering decrypt-scatter, one kilobyte memory block are allocated to scatter the key bytes, as illustrated in FIG. 6 (b). The seed value is then generated and the uniqueness of the addresses generated from that seed is checked. After that, a single byte of the encrypted key is decrypted at a time and scattered in the generated memory addresses. Moreover, four temporary bytes are calculated by applying the functions RotWord, SubWord and Rcon and stored in four additional temporary addresses. Therefore, the scattered key will have five words instead of four which implies scattering in (16+4) different addresses. This additional word is used in generating the first column of each new round key, and holds the output of the core key schedule functions (RotWord, SubWord and Rcon) which are important in generating the new round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 12, modified Hars teaches the round key control-circuit of claim 1, but Hars does not teach further configured to: receive an instruction comprising the key-word set, a request for all round keys of the key schedule, and an encryption/decryption indicator.  
However, Al Belooshi does teach further configured to: receive an instruction comprising the key-word set, a request for all round keys of the key schedule, and an encryption/decryption indicator.  [Al Belooshi, para. 62 discloses This cryptographic service may be placed within the same VM as the cloud-based application requesting encryption/decryption or on a separate VM, in the same or in different cloud providers' environments. Our TCB (trusted computing base/the totality of protection mechanisms —hardware, firmware and software—that provide a secure computing environment) includes only the hardware, hypervisor and the vTPM (virtual trusted platform module) components.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 15, modified Hars teaches the round key control-circuit of claim 1, further comprising: the key-schedule cache configured to store the at least one key schedule; [Hars, para. 38 discloses Bit-mixers use a large amount of key material. When stored in digital memory or registers, this key material allows the personalization of the cipher (dependent of this key material, different ciphers are defined). The other alternative is hardcoding the subkeys of the bit-mixers. It makes the key schedule faster, but the resulting ciphers are also fixed, they cannot be personalized.] a comparator circuit configured to: receive the key-word set; [Hars, para. 16 discloses  obtain one or more first inputs and one or more second inputs; perform, by at least one electronic circuit, a bit-mixer operation on each of the one or more first inputs and the one or more second inputs; and generate, by at least one electronic circuit, one or more round keys based on the performing. In some examples, the one or more first inputs comprise a plurality of equal sized subkeys from a key material that is divided into a plurality of equal sized key material sub-blocks, a cipher key and the one or more second inputs comprise a random input, one or more previous round keys, a round number.], Hars does not teach further comprising: determine whether the key-word set is stored in the key-schedule cache; a valid key indication circuit configured to determine whether the next round key is stored in the key-schedule cache; and a next round key circuit configured to: in response to determining the round key is stored in the key-schedule cache, read the next round key from the key-schedule cache; in response to determining the round key is not stored in the key- schedule cache, generate the next round key based on the key- word set; and supply the next round key to the next round key output. 
However, Al Belooshi does teach further comprising: determine whether the key-word set is stored in the key-schedule cache; [Al Belooshi, para. 12 discloses the key comprising a plurality of key chunks, the method comprising the steps of generating a plurality of scattered memory addresses, storing the plurality of key chunks in the plurality of generated scattered memory addresses, such that each scattered memory address stores a single key chunk among the plurality of key chunks; and generating a plurality of temporary memory addresses, wherein each temporary memory address stores a temporary value used for calculating a round key, wherein the plurality of key chunks are scattered column-wise within the plurality of scattered memory addresses.] a valid key indication circuit configured to determine whether the next round key is stored in the key-schedule cache; [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key. In this case, the cipher key is decrypted once, using vTPM.RSA public key (PKvTPM) and stored in the scattered cached addresses. In order to generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again, repeating step 2.]  and a next round key circuit configured to: in response to determining the round key is stored in the key-schedule cache, read the next round key from the key-schedule cache; [Al Belooshi, para. 73 discloses generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again]  in response to determining the round key is not stored in the key- schedule cache, generate the next round key based on the key- word set; [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key] and supply the next round key to the next round key output.  [Al Belooshi, para. 59 discloses These addresses (303 and 305) are then used to distribute the round keys. When decrypting the data, the same seed value is used to re-generate the same random addresses and retrieve the key values. At any point in time only one byte of the round key is reconstructed. The AES-CBC encryption algorithm is modified to integrate gather-decrypt phase when using the scattered round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

As per claim 16, modified Hars teaches the round key control-circuit of claim 1 integrated in an integrated circuit (IC). [Hars, para. 41 discloses the system may include one or more of each of a number of components, units or the like (generally “components”) at least some of which may be composed of logic circuits such as multiplexers, registers, arithmetic logic units, memory, microprocessors and the like. The system may be designed for any of a number of different applications, and may have particular applicability in systems including or coupled to memory susceptible to attacks, such as in-flight computers, military and space programs, corporate network, personal and laptop computers, smart mobile devices.]

As per claim 17, modified Hars teaches the round key control-circuit of claim 1, integrated into a device selected from the group consisting of: a set top box; an entertainment unit; a navigation device; a communications device; a fixed location data unit; a mobile location data unit; a global positioning system (GPS) device; a mobile phone; a cellular phone; a smart phone; a session initiation protocol (SIP) phone; a tablet; a phablet; a server; a computer; a portable computer; a mobile computing device; a wearable computing device; a desktop computer; a personal digital assistant (PDA); a monitor; a computer monitor; a television; a tuner; a radio; a satellite radio; a music player; a digital music player; a portable music player; a digital video player; a video player; a digital video disc (DVD) player; a portable digital video player; an automobile; a vehicle component; avionics systems; a drone; and a multicopter. [Hars, para. 35 discloses the disclosed methods improve the quality of the generated round-keys for block ciphers, by employing highly nonlinear, very complex algorithms, bit-mixers, which are best implemented in electronic hardware. They improve the generation speed, power use, and the security of the ciphers. Using them in embedded systems (employed in e.g. board computers of aircrafts) is of low cost. They don't significantly increase the circuit size, but reduce the overall power usage. Deployed systems can use slower electronic components, further reducing costs, and the energy and power consumption of the computing system. The operational speed and security is also improved. Affected systems include security subsystems of flight computers, military and space programs, corporate networks, personal and laptop computers, smart mobile devices, even secure communication networks. The manufacturers of high performance computers, secure microprocessors, security electronics or security software always want to improve the quality, the speed, the security and the power use of their products. The disclosed methods and systems improve the power use, the performance and the security of computing systems: in-flight computers, military and space programs, corporate networks, personal and laptop computers, smart mobile devices, even secure communication networks.] 

Regarding claim 18, it recites features similar to features within claim 1, therefore, it is rejected in a similar manner.

Regarding claim 29, it recites features similar to features within claim 12, therefore, it is rejected in a similar manner.

Regarding claim 32, it recites features similar to features within claim 1, therefore, it is rejected in a similar manner.

Claims 2 – 5, 13 – 14, 19 – 28, and 30 – 31 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180176011 A1 to Hars in view of US 20200250318 A1 to AL Belooshi in further view of US 20130219008 A1 to Zhou et al., (hereinafter, “Zhou”).
Regarding claim 2, modified Hars teaches the round key control-circuit of claim 1, but Hars does not teach further configured to: in response to determining the key-word set is not stored in the key-schedule cache, generate the next round key based on the key-word set; in response to determining the next round key is not stored in the key-schedule cache, generate the next round key based on the key-word set; and supply the next round key to the next round key output.  
However, Zhou does teach further configured to: in response to determining the key-word set is not stored in the key-schedule cache, generate the next round key based on the key-word set; [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.] in response to determining the next round key is not stored in the key-schedule cache, generate the next round key based on the key-word set; [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Zhou’s system with Hars’s system, with a motivation to improve backhaul link bandwidth utilization. IDCM module operations 500, 600 may be indicative of operations occurring in IDCM modules 250 and 245 as these components perform caching, using reference keys and/or hyper reference keys, to improve backhaul link bandwidth utilization at a content end of a TCP session. [Zhou, para. 57]
However, Hars in view of Zhou does not teach supply the next round key to the next round key output, but Al Belooshi does teach supply the next round key to the next round key output. [Al Belooshi, para. 59 discloses These addresses (303 and 305) are then used to distribute the round keys. When decrypting the data, the same seed value is used to re-generate the same random addresses and retrieve the key values. At any point in time only one byte of the round key is reconstructed. The AES-CBC encryption algorithm is modified to integrate gather-decrypt phase when using the scattered round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 3, modified Hars teaches the round key control-circuit of claim 1, but Hars does not teach further configured to: in response to determining the key-word set is not stored in the key-schedule cache, store the key-word set in the key-schedule cache; and in response to generating the next round key: store the next round key in the key-schedule cache: and supply the next round key to a next round key output.
However, Al Belooshi does teach in response to generating the next round key: store the next round key in the key-schedule cache: [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key.] and supply the next round key to a next round key output. [Al Belooshi, para. 74 discloses Considering two block scattering, the first block called the cached block, is to scatter the cipher key after decryption, while the other block called the round keys block, scatters the newly generated round keys. This is depicted as step 1 and 2 in FIG. 8 (b). The cached block values never change while the round keys block values change continuously to generate new round keys and encrypt or decrypt data.] and supply the next round key to the next round key output. [Al Belooshi, para. 59 discloses These addresses (303 and 305) are then used to distribute the round keys. When decrypting the data, the same seed value is used to re-generate the same random addresses and retrieve the key values. At any point in time only one byte of the round key is reconstructed. The AES-CBC encryption algorithm is modified to integrate gather-decrypt phase when using the scattered round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]
However, Hars in view of Al Belooshi does not teach further configured to: in response to determining the key-word set is not stored in the key-schedule cache, store the key-word set in the key-schedule cache;, but Zhou does teach further configured to: in response to determining the key-word set is not stored in the key-schedule cache, store the key-word set in the key-schedule cache; [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Zhou’s system with Hars’s system, with a motivation to improve backhaul link bandwidth utilization. IDCM module operations 500, 600 may be indicative of operations occurring in IDCM modules 250 and 245 as these components perform caching, using reference keys and/or hyper reference keys, to improve backhaul link bandwidth utilization at a content end of a TCP session. [Zhou, para. 57]

Regarding claim 4, modified Hars teaches the round key control-circuit of claim 2, further configured to identify a key expansion algorithm based on a number of key words in the received key-word set, wherein: generating the next round key comprises generating a next key-word set comprising at least a portion of the next round key based on the key expansion algorithm; [Hars, para. 37 discloses the input of a bit-mixer used in round-key generation includes the secret key of the cipher, and may include at least one of the round counter and earlier round-keys. This round counter is short (4 . . . 7 bits), because no practical ciphers use more than 128 rounds. The counter can be expanded to the same length as the key, by shuffling and repeating its bits, some of them possibly inverted. By way of one example, the key-schedule algorithm can use an expanded counter as an input of the bit-mixer, and the cipher key is (part of) the key material of the bit-mixer. The simplest case is when the cipher key is the first subkey of the bit-mixer. The other subkeys can be (a) kept constant or (b) derived from the cipher key by a simple algorithm. Another example includes the secret key of the cipher as the input of the bit-mixer and the expanded counter is the first subkey of the bit mixer. The other subkeys are (a) kept constant or (b) derived from the cipher key by a simple algorithm. Still another example of the key-schedule algorithm includes the expanded counter and the cipher key being bitwise XORed to provide the input of the bit-mixer.], but Hars does not teach storing the next round key in the key-schedule cache comprises storing the next key-word set in the key-schedule cache.  
However, Al Belooshi does teach storing the next round key in the key-schedule cache comprises storing the next key-word set in the key-schedule cache. [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key.]  
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 5, modified Hars teaches the round key control-circuit of claim 2, further configured to: receive an instruction comprising the key-word set; and determine a key expansion algorithm based on the instruction, [Hars, para. 67 discloses The encryption unit may be configured or operable to encrypt and decrypt data for all read and write operations with an appropriate memory 204 in response to read or write requests invoking the SMTU 206. And the data-hashing unit may be configured or operable to produce data authentication tags for encrypted data (ciphertext) read from and written to the memory. In some examples, either or both of the encryption unit or data-hashing unit may employ a parallelizable cipher construction such as that described herein. And in some examples in which only one but not the other uses the parallelizable cipher construction, the other may use any of a number of other constructs. For example, the encryption unit may be configured or operable to employ an AES cipher for encryption and decryption operations, or the data-hashing unit may be configured or operable to employ a keyed hash function, as modified by using the bit-mixer round key generation as provided herein.] wherein: generating the next round key comprises generating a next key-word set comprising at least a portion of the next round key based on the key expansion algorithm; [Hars, para. 37 discloses the input of a bit-mixer used in round-key generation includes the secret key of the cipher, and may include at least one of the round counter and earlier round-keys. This round counter is short (4 . . . 7 bits), because no practical ciphers use more than 128 rounds. The counter can be expanded to the same length as the key, by shuffling and repeating its bits, some of them possibly inverted. By way of one example, the key-schedule algorithm can use an expanded counter as an input of the bit-mixer, and the cipher key is (part of) the key material of the bit-mixer. The simplest case is when the cipher key is the first subkey of the bit-mixer. The other subkeys can be (a) kept constant or (b) derived from the cipher key by a simple algorithm. Another example includes the secret key of the cipher as the input of the bit-mixer and the expanded counter is the first subkey of the bit mixer. The other subkeys are (a) kept constant or (b) derived from the cipher key by a simple algorithm. Still another example of the key-schedule algorithm includes the expanded counter and the cipher key being bitwise XORed to provide the input of the bit-mixer.], but Hars does not teach storing the next round key in the key-schedule cache comprises storing the next key-word set in the key-schedule cache. 
However, Al Belooshi does teach storing the next round key in the key-schedule cache comprises storing the next key-word set in the key-schedule cache. [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key]  
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 13, modified Hars teaches the round key control-circuit of claim 12, Hars does not teach wherein: the key schedule is based on a cipher key; the key-word set comprises the cipher key; in response to determining the key-word set is not stored in the key-schedule cache, store the cipher key in the key-schedule cache; and in response to the encryption/decryption indicator indicating encryption, the round key control-circuit is further configured to: for each round key of the key schedule based on the cipher key, in an order of round key generation, the round key control-circuit is further configured to: determine whether the round key is stored in the key-schedule cache; in response to determining the round key is stored in the key- schedule cache, read the round key from the key-schedule cache; in response to determining the round key is not stored in the key- schedule cache, generate the round key and store the round key in the key-schedule cache; and supply the round key to the next round key output.  
However, Al Belooshi does teach wherein: the key schedule is based on a cipher key; the key-word set comprises the cipher key; [Al Belooshi, para. 74 discloses Considering two block scattering, the first block called the cached block, is to scatter the cipher key after decryption, while the other block called the round keys block, scatters the newly generated round keys. This is depicted as step 1 and 2 in FIG. 8 (b). The cached block values never change while the round keys block values change continuously to generate new round keys and encrypt or decrypt data. With this technique the cipher key is decrypted once and scattered in a randomly allocated block, similar to the single block technique] and in response to the encryption/decryption indicator indicating encryption, the round key control-circuit is further configured to: for each round key of the key schedule based on the cipher key, in an order of round key generation, the round key control-circuit is further configured to: determine whether the round key is stored in the key-schedule cache; [Al Belooshi, para. 70 discloses the round keys are calculated on-the-fly and XORed with the state as needed. The present implementation is based on replacing the key scheduling process and the AddRoundKey function with decrypt-scatter and gather-decrypt shown in FIG. 6 (a). Considering decrypt-scatter, one kilobyte memory block are allocated to scatter the key bytes, as illustrated in FIG. 6 (b). The seed value is then generated and the uniqueness of the addresses generated from that seed is checked. After that, a single byte of the encrypted key is decrypted at a time and scattered in the generated memory addresses. Moreover, four temporary bytes are calculated by applying the functions RotWord, SubWord and Rcon and stored in four additional temporary addresses. Therefore, the scattered key will have five words instead of four which implies scattering in (16+4) different addresses. This additional word is used in generating the first column of each new round key, and holds the output of the core key schedule functions (RotWord, SubWord and Rcon) which are important in generating the new round keys. Para. 79 discloses the first main step in decrypt-scatter is to retrieve the scattered address (Line 6 of Pseudo code 1). Kaddr(i) represents the address of the key byte at position i. For the first 16 generated addresses, the encrypted cipher key will be decrypted one byte at a time using the vTPM RSA private key. Each byte is then saved in the generated addresses sequences (Line 8). The temporary column values (16,17,18,19) are prepared for generation of the next round key. For this purpose, the RotWord, SubWord and Rcon functions are performed while copying the values. For those addresses, the values are copied from values in addresses (13,14,15), respectively and their SubWord values are calculated as shown in Line 10.] in response to determining the round key is stored in the key- schedule cache, read the round key from the key-schedule cache; [Al Belooshi, para. 73 discloses generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again] and supply the round key to the next round key output. [Al Belooshi, para. 59 discloses These addresses (303 and 305) are then used to distribute the round keys. When decrypting the data, the same seed value is used to re-generate the same random addresses and retrieve the key values. At any point in time only one byte of the round key is reconstructed. The AES-CBC encryption algorithm is modified to integrate gather-decrypt phase when using the scattered round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]
However, Hars in view of Al Belooshi does not teach in response to determining the key-word set is not stored in the key-schedule cache, store the cipher key in the key-schedule cache; in response to determining the round key is not stored in the key- schedule cache, generate the round key and store the round key in the key-schedule cache, but Zhou does teach in response to determining the key-word set is not stored in the key-schedule cache, store the cipher key in the key-schedule cache; [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.]  in response to determining the round key is not stored in the key- schedule cache, generate the round key and store the round key in the key-schedule cache [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Zhou’s system with Hars’s system, with a motivation to improve backhaul link bandwidth utilization. IDCM module operations 500, 600 may be indicative of operations occurring in IDCM modules 250 and 245 as these components perform caching, using reference keys and/or hyper reference keys, to improve backhaul link bandwidth utilization at a content end of a TCP session. [Zhou, para. 57]

Regarding claim 14, modified Hars teaches the round key control-circuit of claim 12, but Hars does not teach further configured to receive an indication of a round number of the block cipher; wherein: determining whether the key-word set is stored in the key-schedule cache is based on comparing at least a portion of the key-word set to at least a portion of key words stored in at least one cache entry indicated by the round number; 32 WT Ref. No. 1173-615Qualcomm Ref. No. 185142 in response to determining the key-word set is not stored in the key-schedule cache, store the key-word set in the key-schedule cache; and in response to the encryption/decryption indicator indicating encryption, the round key control-circuit is further configured to: for each round key of the key schedule based on a cipher key, in an order of round key generation starting with the next round key indicated by the round number, the round key control-circuit is further configured to: determine whether the round key is stored in the key-schedule cache; in response to determining the round key is stored in the key- schedule cache, read the round key from the key-schedule cache; in response to determining the round key is not stored in the key- schedule cache, generate the round key and store the round key in the key-schedule cache; and supply the round key to the next round key output.  
However, Al Belooshi does teach further configured to receive an indication of a round number of the block cipher; [Al Belooshi, para. 66 discloses considering the key gathering and decryption process, each time a cloud-based application needs to access the data (step 5), the agent will start an integrated gather-decrypt procedure (step 6) that will decrypt the requested data using the scattered key in the RAM (step 7). Only one byte of the AES round key is reconstructed each time. The process starts with getting the last 4 bytes values from the randomly generated memory addresses. Such values will be used to generate the round key columns and XOR the plain text state in the different rounds. After XOR process, the new generated byte value will replace the previous value stored in the RAM.] wherein: determining whether the key-word set is stored in the key-schedule cache is based on comparing at least a portion of the key-word set to at least a portion of key words stored in at least one cache entry indicated by the round number; [Al Belooshi, para. 12 discloses the key comprising a plurality of key chunks, the method comprising the steps of generating a plurality of scattered memory addresses, storing the plurality of key chunks in the plurality of generated scattered memory addresses, such that each scattered memory address stores a single key chunk among the plurality of key chunks; and generating a plurality of temporary memory addresses, wherein each temporary memory address stores a temporary value used for calculating a round key, wherein the plurality of key chunks are scattered column-wise within the plurality of scattered memory addresses.]32WT Ref. No. 1173-615Qualcomm Ref. No. 185142 and in response to the encryption/decryption indicator indicating encryption, the round key control-circuit is further configured to: for each round key of the key schedule based on a cipher key, in an order of round key generation starting with the next round key indicated by the round number, the round key control-circuit is further configured to: determine whether the round key is stored in the key-schedule cache; [Al Belooshi, para. 70 discloses the round keys are calculated on-the-fly and XORed with the state as needed. The present implementation is based on replacing the key scheduling process and the AddRoundKey function with decrypt-scatter and gather-decrypt shown in FIG. 6 (a). Considering decrypt-scatter, one kilobyte memory block are allocated to scatter the key bytes, as illustrated in FIG. 6 (b). The seed value is then generated and the uniqueness of the addresses generated from that seed is checked. After that, a single byte of the encrypted key is decrypted at a time and scattered in the generated memory addresses. Moreover, four temporary bytes are calculated by applying the functions RotWord, SubWord and Rcon and stored in four additional temporary addresses. Therefore, the scattered key will have five words instead of four which implies scattering in (16+4) different addresses. This additional word is used in generating the first column of each new round key, and holds the output of the core key schedule functions (RotWord, SubWord and Rcon) which are important in generating the new round keys. Para. 79 discloses the first main step in decrypt-scatter is to retrieve the scattered address (Line 6 of Pseudo code 1). Kaddr(i) represents the address of the key byte at position i. For the first 16 generated addresses, the encrypted cipher key will be decrypted one byte at a time using the vTPM RSA private key. Each byte is then saved in the generated addresses sequences (Line 8). The temporary column values (16,17,18,19) are prepared for generation of the next round key. For this purpose, the RotWord, SubWord and Rcon functions are performed while copying the values. For those addresses, the values are copied from values in addresses (13,14,15), respectively and their SubWord values are calculated as shown in Line 10.] in response to determining the round key is stored in the key-schedule cache, read the round key from the key-schedule cache; [Al Belooshi, para. 73 discloses generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again] and supply the round key to the next round key output. [Al Belooshi, para. 59 discloses These addresses (303 and 305) are then used to distribute the round keys. When decrypting the data, the same seed value is used to re-generate the same random addresses and retrieve the key values. At any point in time only one byte of the round key is reconstructed. The AES-CBC encryption algorithm is modified to integrate gather-decrypt phase when using the scattered round keys.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]
However, Hars in view of Al Belooshi does not teach in response to determining the key-word set is not stored in the key-schedule cache, store the key-word set in the key-schedule cache; in response to determining the round key is not stored in the key- schedule cache, generate the round key and store the round key in the key-schedule cache, but Zhou does teach in response to determining the key-word set is not stored in the key-schedule cache, store the key-word set in the key-schedule cache; [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.] in response to determining the round key is not stored in the key- schedule cache, generate the round key and store the round key in the key-schedule cache [Zhou, para. 58 discloses CAD 215 receives data (e.g., a video file) from content provider 235 or data center 236. In block 504, the IDCM module 250 of CAD 215 divides the content into blocks and generates a distinct key for each of those blocks. In an embodiment, the IDCM module 250 also divides the content into hyper blocks and generates hyper keys for each of those blocks. At block 506, the cache data handler 319 in the IDCM module 250 searches its cache to determine if each of the reference keys is in the cache. For those reference keys that are found in the cache, the IDCM module 250 sends the reference keys to the eNB 210 in block 508. For those reference keys not found in the cache, the IDCM module 250 saves the new reference keys in its cache in block 510. In block 512, the IDCM module 250 of CAD 215 sends the new reference keys and the corresponding blocks to the eNB 210. In an embodiment, the IDCM module 250 of CAD 215 sends all the reference keys, including those found in its cache and those that were newly created, simultaneously.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Zhou’s system with Hars’s system, with a motivation to improve backhaul link bandwidth utilization. IDCM module operations 500, 600 may be indicative of operations occurring in IDCM modules 250 and 245 as these components perform caching, using reference keys and/or hyper reference keys, to improve backhaul link bandwidth utilization at a content end of a TCP session. [Zhou, para. 57]

Regarding claims 19 – 24, they recite features similar to features within claims 2 – 7, therefore, they are rejected in a similar manner.

Regarding claim 25, modified Hars teaches the method of claim 24, but Hars does not teach wherein: the instruction further comprises an indication of a round number of the block cipher; the round number indicates a target cache entry for storing the next round key based on a cipher key cache entry storing at least a portion of a cipher key; and determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to the target cache entry.  
However, Al Belooshi does teach wherein: the instruction further comprises an indication of a round number of the block cipher; [Al Belooshi, para. 66 discloses considering the key gathering and decryption process, each time a cloud-based application needs to access the data (step 5), the agent will start an integrated gather-decrypt procedure (step 6) that will decrypt the requested data using the scattered key in the RAM (step 7). Only one byte of the AES round key is reconstructed each time. The process starts with getting the last 4 bytes values from the randomly generated memory addresses. Such values will be used to generate the round key columns and XOR the plain text state in the different rounds. After XOR process, the new generated byte value will replace the previous value stored in the RAM.] the round number indicates a target cache entry for storing the next round key based on a cipher key cache entry storing at least a portion of a cipher key; [Al Belooshi, para. 12 discloses the key comprising a plurality of key chunks, the method comprising the steps of generating a plurality of scattered memory addresses, storing the plurality of key chunks in the plurality of generated scattered memory addresses, such that each scattered memory address stores a single key chunk among the plurality of key chunks; and generating a plurality of temporary memory addresses, wherein each temporary memory address stores a temporary value used for calculating a round key, wherein the plurality of key chunks are scattered column-wise within the plurality of scattered memory addresses.] and determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to the target cache entry. [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key. In this case, the cipher key is decrypted once, using vTPM.RSA public key (PKvTPM) and stored in the scattered cached addresses. In order to generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again, repeating step 2.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claim 26, modified Hars teaches the method of claim 24, but Hars does not teach wherein: at least a key word of the key-word set is stored in a first cache entry; and determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to a target cache entry adjacent to the first cache entry. 
 However, Al Belooshi does teach wherein: at least a key word of the key-word set is stored in a first cache entry; [Al Belooshi, para. 74 discloses a single seed value is used for both blocks to save space in the vTPM storage. The uniqueness of the 20 generated addresses is checked for both blocks. Once the seed value is set, the decryption of the cipher key will start. The cached block will be filled first (step 3) with the decrypted key bytes. Then its values are copied to the round keys block addresses] and determining whether the next round key is stored in the key-schedule cache is based on a valid key indicator corresponding to a target cache entry adjacent to the first cache entry. [Al Belooshi, para. 73 discloses Key scattering in memory is implemented in different ways based on the number of allocated memory blocks. The key may be scattered within a single block, two blocks or multiple blocks. Scattering within a single block will require generating 16 different addresses to store the original key and four additional addresses to store the temporary values. Those addresses will be used as cached addresses to store the initial cryptographic key. In this case, the cipher key is decrypted once, using vTPM.RSA public key (PKvTPM) and stored in the scattered cached addresses. In order to generate the remaining round keys, another 20 different addresses will be generated to hold the newly calculated keys that are used to do the actual plaintext encryption. The values from the cached addresses will then be copied to the round keys addresses, as shown in step 2. Hence, in this technique 40 different addresses are to be maintained within a single block of RAM. After encrypting each plaintext block of 16-bytes, the values scattered in the cached addresses are copied to the round keys addresses and the gathering operation starts again, repeating step 2.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Al Belooshi’s system with Hars’s system, with a motivation for Encryption keys are scattered dynamically to random memory address locations. An encryption/decryption agent runs a custom implementation of the AES encryption algorithm on the scattered key which is never gathered as a whole (never fully assembled), preventing the cloud administrator to peek at the key. On-the-fly round key generation is used, which means the agent, at any point of time, will hold only a minimum portion of the round key needed to decrypt the data, which is one byte. [Al Belooshi, para. 58]

Regarding claims 27 – 28, they recite features similar to features within claims 10 – 11, therefore, they are rejected in a similar manner.

Regarding claims 30 – 31, they recite features similar to features within claims 13 – 14, therefore, they are rejected in a similar manner.

Conclusion
Pertinent prior art made of record however not relied upon includes:
US 20080240426 A1 to Gueron et al.
“ A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a "one round" pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434