DETAILED ACTION
1. 	This Non-Final Office Action is in response to application filed on 09/23/2020.  	Claims 1-20 are being considered on the merits. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
2. 	The drawings filed on 09/23/2020 are accepted. 
Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 09/23/2020, 10/25/2021 and 08/10/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copies of the Applicant’s IDS forms 1449 filed on 09/23/2020, 10/25/2021 and 08/10/2022 are attached to this office action. 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

4.	Claim 20 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Claim 20 is structured as an independent claims includes the limitation to “the data processing method according to claim 1” Claim limitations do not further limit the subject matter of claim 1 upon which they depend. Applicant may cancel the claims, amend the claims) to place the claims in proper dependent form, rewrite the claims in independent form, or present a sufficient showing that the dependent claims complies with the statutory requirements.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



5.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2005/0021986 A1 to Graunke, (hereinafter, “Graunke”), as disclosed in IDS submitted on 08/10/2022 in view of US Pub. No. US 2018/0137294 A1 to Van Antwerpen, (hereinafter, “Van”).
As per claims 1, 8, 16 and 20, Graunke teaches a data processing method, a data processing circuit, a terminal device and a storage medium, respectively, comprising:
a data processing circuit, a microcontroller unit (MCU) and a flash; wherein two ends of the data processing circuit are respectively connected with the MCU and the flash; wherein the processing circuit comprises: a processor; and a memory (Graunke, para. [0026] “FIG. 1 is a block diagram illustrating a computer system 100 including memory encryption/decryption logic 200, in accordance with one embodiment of the invention. Computer system 100 comprises a processor system bus (front side bus (FSB)) 102 for communicating information between a processor (CPU) 110 and a chipset 180, coupled together via FSB 102.” And para. [0027] “Chipset 180 is coupled to main memory 140 and one or more graphic devices 130.”), configured to store instructions executable by the processor to cause the processor to execute the following steps: 
generating a decryption keystream of first data according to a physical start address of the first data before or during reading the first data from a flash (Graunke, para. [0022] “During reading of the encrypted data block, a keystream used to encrypt the data block is regenerated according to one or more stored criteria of the encrypted data block. Once the encrypted data block is read, the encrypted data block is decrypted using the regenerated keystream.” And para. [0026] “FIG. 1 is a block diagram illustrating a computer system 100 including memory encryption/decryption logic 200, in accordance with one embodiment of the invention. Computer system 100 comprises a processor system bus (front side bus (FSB)) 102 for communicating information between a processor (CPU) 110 and a chipset 180, coupled together via FSB 102.” And para. [0041] “in response to a memory read operation, an encrypted data block is requested from memory via, for example, external bus unit 104 (FIG. 2) according to address 210.” And para. [0042] “based on the page address as well as the block address, BC 270 provides an index to PIV 280 to provide block IV value 282, as well as a block counter value 274, stored during encryption of plaintext 204, to form IV 220. In a further embodiment, initialization vector 220 includes a page address 212 and an N-C bit most significant bits (MSB) of block address 214, where N represents a bit length of the address, while C represents a bit length of block counter value 274…Based on this information, a unique IV 220 is formed provided to cipher logic 230 to generate keystream 234.”); and 
decrypting the first data through the decryption keystream (Graunke, para. [0031] “FIG. 3 illustrates logic 200 in an embodiment for a memory read decryption operation, in accordance with one embodiment of the invention. As illustrated logic 200 includes cipher logic 230 to generate a keystream 234 according to a secret key 232, as well as an initialization vector (IV) 220. Once the keystream is formed, logic 200 performs a logical exclusive OR operation (XOR) of keystream 234 with ciphertext 202, using XOR block 240. to form plaintext 204.”)
Graunke teaches all the limitations of claims 1, 8, 16 and 20, however fails to explicitly teach but Van teaches:
and writing the decrypted first data into a cache (Van, para. [0122] “a device (e.g., such as a microcontroller or a system-on-chip, SOC) is configured to encrypt plaintext data into ciphertext data (e.g., for write operations) and to decrypt ciphertext data into plaintext (e.g., for read operations). Unencrypted/plaintext data is used inside of the device, and encrypted/ciphertext data is transferred over a serial interface to an external (off-chip) memory device. Such secure encrypted connections may be provided to off-chip NOR flash, SRAM, and/or non-volatile SRAM memory devices over a single/dual/quad/octal SPI serial interface or a HyperBus serial interface. Access to the off-chip memory device may be provided in XIP mode or MMIO mode that are multiplexed in the same control path.” And para. [0125] “External memory controller block 1030 includes two XIP AHB-Lite interfaces, 1032a and 1032b, which are hardware blocks coupled to process XIP data transfers between AHB interconnect 1022 and port arbitration block 1038. Fast XIP interface 1032a and slow XIP interface 1032b are configured as slaves on the AHB interconnect 1022 and have a shared configurable XIP address space. The XIP address space supports the XIP mode of operation and may be (at least partially) populated by external memory devices coupled to block 1030. Any data/command transfers through interfaces 1032a and 1032b to the XIP address space either access SRAM caches within the interfaces or are translated “on-the-fly” into SPI transfers to an external memory device…If any of the interfaces 1032a and 1032b are configured with a SRAM cache, such cache may be used to cache read data.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Van’s encryption and access to external memory devices into Graunke’s memory encryption with reduced decryption latency, with a motivation for protection against code theft when using external memory with microcontroller devices (Van, para. [0004]).
As per claims 2, 9 and 17, the combination of Graunke and Van teach the method according to claim 1, the circuit according to claim 8, and the terminal device according to claim 16, respectively, further comprising: 
when the first data is initial first data, acquiring a logical start address of the initial first data from a microcontroller unit (MCU) and determining the physical start address of the initial first data according to the logical start address (Graunke, para. [0041] “in response to a memory read operation, an encrypted data block is requested from memory via, for example, external bus unit 104 (FIG. 2) according to address 210. Based on, for example, the page address, encryption page structure 260 is queried to identify a corresponding page within, for example, PIV 280. In addition, an index to PIV 280 is provided via a data structure such as a block IV counter (BC) 270 (270-1, . . . , 270-N). In one embodiment, BC 270 stores, for example, a two-dimensional data structure including a PWC value, as well as an initialization vector index or IVC value.” And para. [0042] “based on the page address as well as the block address, BC 270 provides an index to PIV 280 to provide block IV value 282, as well as a block counter value 274, stored during encryption of plaintext 204, to form IV 220. In a further embodiment, initialization vector 220 includes a page address 212 and an N-C bit most significant bits (MSB) of block address 214, where N represents a bit length of the address, while C represents a bit length of block counter value 274. In one embodiment, P is a log2 (number of bytes in a page), C is log2 (number of bytes in a cache block), N is (P-C), or N is log2 (number of cache blocks in a page). Based on this information, a unique IV 220 is formed provided to cipher logic 230 to generate keystream 234.”); and 
when the first data is non-initial first data, determining the physical start address of the non-initial first data according to the physical start address of the initial first data and an offset between the physical start address of the non-initial first data and the physical start address of the initial first data (Van, para. [0104], “It is noted that registers of the MMIO interface are located in the external memory controller, but the data blocks for the access operations in MMIO mode still reside on the external memory device. The difference between the MMIO mode and the XIP mode, however, is in the control path—for example, in XIP mode an operation/CPU address for a data block is an address in the controller's XIP address portion, while in MMIO mode an operation/CPU address for a data block is directly mapped to a controller's register (e.g., ENC_ADDR) and the controller registers are used to store the ciphertext address, CA[127:0]. Other than that, the data path (for storing/retrieving data blocks to/from the external memory device) is the same for both MMIO and XIP modes, such that in both modes the data blocks associated with operation addresses reside in the external memory device.”).

As per claims 3 and 10, the combination of Graunke and Van teach the method according to claim 2 and the circuit according to claim 9, respectively, further comprising: 
determining that the first data is the initial first data when a first enable signal is received (Graunke, para. [0041] “in response to a memory read operation, an encrypted data block is requested from memory via, for example, external bus unit 104 (FIG. 2) according to address 210. Based on, for example, the page address, encryption page structure 260 is queried to identify a corresponding page within, for example, PIV 280. In addition, an index to PIV 280 is provided via a data structure such as a block IV counter (BC) 270 (270-1, . . . , 270-N). In one embodiment, BC 270 stores, for example, a two-dimensional data structure including a PWC value, as well as an initialization vector index or IVC value.” And para. [0042] “based on the page address as well as the block address, BC 270 provides an index to PIV 280 to provide block IV value 282, as well as a block counter value 274, stored during encryption of plaintext 204, to form IV 220. In a further embodiment, initialization vector 220 includes a page address 212 and an N-C bit most significant bits (MSB) of block address 214, where N represents a bit length of the address, while C represents a bit length of block counter value 274. In one embodiment, P is a log2 (number of bytes in a page), C is log2 (number of bytes in a cache block), N is (P-C), or N is log2 (number of cache blocks in a page). Based on this information, a unique IV 220 is formed provided to cipher logic 230 to generate keystream 234.” And Van, para. [0123] “In FIG. 10, external memory controller block 1030 is configured to multiplex access to off-chip memory devices between XIP mode and MMIO mode. Within the semiconductor device, external memory controller block 1030 is coupled through AHB interconnect bus 1022 to a CPU subsystem (not shown), and directly or indirectly (e.g., through one or more other components) to I/O pins 1050. I/O pins 1050 are configured to be coupled to one or more external memory devices over a serial interface (e.g., such as a SPI interface) through pins for control signals (e.g., such as clock and select signals) and pins for data signals”); and 
determining that the first data is non-initial first data when a second enable signal is received, wherein the first enable signal is different from the second enable signal (Graunke, para. [0055] “an initial portion (page IV) of an initialization vector used to encrypt the data block is identified according to a page containing the encrypted data block. In one embodiment, the page in conjunction with a block number provides an index to a data structure containing a plurality of initialization vectors (page IVs), such as PIV 280 (FIG. 3).” And para. [0056] “a remaining portion of the initialization vector used to encrypt the data block is identified according to a block number of the data block such as, for example, a block counter value. At process block 416, a keystream is computed according to the identified initial portion of the initialization vector and the identified remaining portion of the initialization vector, as well as a secret key. As such, in the embodiments described, the initialization vector is made public or can be made public without jeopardizing the security of the memory encryption/decryption” and Van, para. [0082] “MMIO address space 604 includes general control registers 606 and encryption control registers 608 that are mapped directly to addresses accessible by the CPU in the microcontroller. General control registers 606 include registers that are used for controlling access to the various images that are mapped to the various memory address regions. For example, some general control registers (e.g., such as CTL.XIP_MODE) may be used to control the access to all regions, while other general control registers may be specific for each memory address region i—e.g., such as registers identifying the location of a particular region i (e.g., CTLi.BASE_ADDR, CTLi.SIZE), registers specifying the type (e.g., read/write) of access to a particular region i (e.g., CTLi.RD_ENC, CTLi.WR_ENC), and registers that store the secret key associated with a particular region i (e.g., ENC_KEY0i . . . ENC_KEY3i). Encryption control registers 608 include resisters that are used for controlling the encryption/decryption operations—e.g., such as registers used to start the encryption operation(s) (e.g., CMD.START_ENC), registers that store the address for a CPU instruction that is being processed (e.g., ENC_ADDR), and registers that store the result of an encryption operation on the secret key (e.g., such as ENC_RESULT0 . . . ENC_RESULT3).”).

As per claims 4 and 11, the combination of Graunke and Van teach the method according to claim 1 and the circuit according to claim 8, respectively, wherein the decrypting of the first data through the decryption keystream comprises: 
performing an XOR operation on the decryption keystream and the first data to decrypt the first data, when a length of the decryption keystream and a length of the first data are the same (Graunke, para. [0036] “cipher logic 230 may function according to a counter mode (CTR) that features the application of forward cipher to a set of input blocks called counters to produce a sequence of output blocks that are logically combined (XOR) with the plaintext to produce the ciphertext and vice versa. Generation of the unique IV is required since, if a plaintext block that is encrypted using a known IV value, then the output of the forward cipher function is easily determined from the associated ciphertext. This output allows easy recover of easy recovery of any other plaintext blocks that are encrypted using the same IV from their associated cipher blocks. As such, in order to generate unique IVs, in one embodiment, an encryption page structure 260 is provided.”); and 
performing an extraction on the decryption keystream in accordance with the length of the first data and performing the XOR operation on the decryption keystream obtained after the extraction and the first data to decrypt the first data, when the length of the decryption keystream is greater than the length of the first data (Van, para. [0100] “In addition to the external memory address, A[ ], a plaintext address, PA[127:0], is constructed. The plaintext address PA[127:0] is the input to the AES-128 encryption block, and a ciphertext address, CA[127:0], is the output of the AES-128 encryption block… the first operation initializes the plaintext address, PA[127:0], and the second operation selects the range from the top n−1 bits to the lower 4 bits of the 32-bit access operation address. It is noted that the lower 4 bits of the plaintext address, PA[127:0], are always 0, and the upper n to 127 bits are also always 0. The former ensures that the plaintext address, PA[127:0], is always a multiple of 16 bytes, while the latter ensures that the plaintext address is padded with zeros to a 128-bit length (which is the required length of an AES-128 input). In this embodiment, every 16-byte group in the XIP memory space has a unique plaintext address, PA[127:0], because the external memory controller always fetches data 16 bytes at a time (e.g., a data block for a read operation is always 16 bytes in length). It is noted, however, that various embodiments may use various mechanisms to derive the plaintext address from the access operation address—e.g., depending on the length of the access operation address, the size of reads allowed by the external memory, the level of acceptable latency of the strong encryption as compared to the access operation latency, and the like.” and para. [0124] “When executing an instruction or transfer that accesses an external memory device, the CPU subsystem places the instruction/transfer, its address, and its data (if applicable) on AHB interconnect 1022. External memory controller block 1030 receives the instruction/transfer and its address, and performs an encryption or decryption on the data…Within the address range, external memory controller block 1030 may have some blocks of addresses that are directly mapped to its registers and some blocks of addresses that are mapped to the external memory device.”).

As per claims 5, 12 and 18, the combination of Graunke and Van teach the method according to claim 1, the circuit according to claim 8, and the terminal device according to claim 16, respectively, further comprising: 
generating an encryption keystream of second data according to a physical start address of the second data (Graunke, para. [0043] “FIG. 4, counter logic 290 includes, for example, a PWC value and a current IVC value for each page. Accordingly, in response to a write request of plaintext 204, a current IVC value is used to reference PIV 280 to generate a block IV value 282. In addition, a current PWC value is used as a block counter value 274. In one embodiment, the block IV value 282 and block counter value 274 are stored within BC 270 according to a block number of plaintext 204.”); and 
encrypting the second data through the encryption keystream and writing the encrypted second data into the flash (Graunke, para. [0044] “an N-C most significant bits of block address 214, as well as page address 212, complete formation of IV 220. As such, using the counter values in conjunction with reuse of a page initialization vector, IV 220 is guaranteed to be unique for each iteration without the need for off-chip storage of IVs. Accordingly, utilizing IV 220, the stream cipher 250 generates keystream 252 using IV 220 as well as secret key 232. Once keystream 252 is generated, keystream 252 is combined with plaintext 204 using, for example, XOR logic 240 to form ciphertext 202. Once formed, ciphertext 202 may be provided to external bus unit 104 which writes the ciphertext to memory according to address 210.”).
As per claims 6, 13 and 19, the combination of Graunke and Van teach the method according to claim 5, the circuit according to claim 12, and the terminal device according to claim 18, respectively,  further comprising: 
when the second data is initial second data, acquiring a logical start address of the initial second data from an MCU and determining the physical start address of the initial second data according to the logical start address (Graunke, para. [0046] “this is performed by identifying a data block having the oldest or least recently used IV 220. When such is detected, using for example stale IV logic 320, recode logic 330 may select a new IV 332 and recode (re-encrypt) the identified data block using cipher logic 230 and cipher logic 250 to form ciphertext 202. In one embodiment, new IV 332 is generated by replacing a page IV portion of the stale IV with a different page IV from PIV 280 according to a current value of IVC 272 for the page containing the identified data block. In one embodiment, block cipher 230 (FIG. 5) is another instance of stream cipher 250, such that the same stream cipher is to decrypt and re-encrypt).”); and 
when the second data is non-initial second data, determining the physical start address of the non-initial second data according to the physical start address of the initial second data and an offset between the physical start address of the non-initial second data and the physical start address of the initial second data (Van, para. [0104], “It is noted that registers of the MMIO interface are located in the external memory controller, but the data blocks for the access operations in MMIO mode still reside on the external memory device. The difference between the MMIO mode and the XIP mode, however, is in the control path—for example, in XIP mode an operation/CPU address for a data block is an address in the controller's XIP address portion, while in MMIO mode an operation/CPU address for a data block is directly mapped to a controller's register (e.g., ENC_ADDR) and the controller registers are used to store the ciphertext address, CA[127:0]. Other than that, the data path (for storing/retrieving data blocks to/from the external memory device) is the same for both MMIO and XIP modes, such that in both modes the data blocks associated with operation addresses reside in the external memory device.”).
As per claims 7 and 14, the combination of Graunke and Van teach the method according to claim 5 and the circuit according to claim 12, respectively, wherein the encrypting of the second data through the encryption keystream comprises: 
performing an XOR operation on the encryption keystream and the second data to encrypt the second data, when a length of the encryption keystream and a length of the second data are the same (Graunke, para. [0044] “an N-C most significant bits of block address 214, as well as page address 212, complete formation of IV 220. As such, using the counter values in conjunction with reuse of a page initialization vector, IV 220 is guaranteed to be unique for each iteration without the need for off-chip storage of IVs. Accordingly, utilizing IV 220, the stream cipher 250 generates keystream 252 using IV 220 as well as secret key 232. Once keystream 252 is generated, keystream 252 is combined with plaintext 204 using, for example, XOR logic 240 to form ciphertext 202. Once formed, ciphertext 202 may be provided to external bus unit 104 which writes the ciphertext to memory according to address 210.”); 
performing an extraction on the encryption keystream in accordance with the length of the second data and performing the XOR operation on the encryption keystream obtained after the extraction and the second data to encrypt the second data, when the length of the encrypted keystream is greater than the length of the second data (Van, para. [0100] “In addition to the external memory address, A[ ], a plaintext address, PA[127:0], is constructed. The plaintext address PA[127:0] is the input to the AES-128 encryption block, and a ciphertext address, CA[127:0], is the output of the AES-128 encryption block… the first operation initializes the plaintext address, PA[127:0], and the second operation selects the range from the top n−1 bits to the lower 4 bits of the 32-bit access operation address. It is noted that the lower 4 bits of the plaintext address, PA[127:0], are always 0, and the upper n to 127 bits are also always 0. The former ensures that the plaintext address, PA[127:0], is always a multiple of 16 bytes, while the latter ensures that the plaintext address is padded with zeros to a 128-bit length (which is the required length of an AES-128 input). In this embodiment, every 16-byte group in the XIP memory space has a unique plaintext address, PA[127:0], because the external memory controller always fetches data 16 bytes at a time (e.g., a data block for a read operation is always 16 bytes in length). It is noted, however, that various embodiments may use various mechanisms to derive the plaintext address from the access operation address—e.g., depending on the length of the access operation address, the size of reads allowed by the external memory, the level of acceptable latency of the strong encryption as compared to the access operation latency, and the like.” and para. [0124] “When executing an instruction or transfer that accesses an external memory device, the CPU subsystem places the instruction/transfer, its address, and its data (if applicable) on AHB interconnect 1022. External memory controller block 1030 receives the instruction/transfer and its address, and performs an encryption or decryption on the data…Within the address range, external memory controller block 1030 may have some blocks of addresses that are directly mapped to its registers and some blocks of addresses that are mapped to the external memory device.”).
As per claim 15, the combination of Graunke and Van teach the circuit according to claim 8, wherein the circuit is any one of the following: a circuit in a flash controller, a flash controller, and a system-on-a-chip (SoC) (Van, para. [0027] “Among other components (not shown in FIG. 1), system 10 includes microcontroller 100 that is coupled to one or more external (e.g., flash) memory devices 160 that are external (e.g., off-chip) to the chip or chip-module that houses the microcontroller.” And para. [0028] Microcontroller 100 is typically fabricated on a single chip or chip module. Among other components (not shown in FIG. 1), microcontroller 100 includes CPU 102, internal (e.g., flash) memory 126, and external memory controller 130. CPU 102 is coupled over internal bus 122 to internal memory 126 and to external memory controller 130.” And para. [0064] “FIG. 5 illustrates an example embodiment of a programmable system-on-chip device (e.g., such as a PSoC™ device). In some embodiments, a system-on-chip device (e.g., such as device 500) is fabricated as an IC on a semiconductor die, which is packaged as a chip in a suitable chip-carrier package. As illustrated in FIG. 5, device 500 may be configured as a microcontroller that includes CPU subsystem 502, peripheral interconnect (PI) 516, internal bus 522, programmable core (PC) 524, high-speed input/output (HSIO) matrix 540, digital system interface (DSI) 542, analog interconnect (AI) 544, and input/output (IO) pins 550.”).
Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20170180116 A1 – Protection scheme with encrypted memory and storage.
US 20150058637 A1 – Transparently encrypting and decrypting.
US 20150046702 A1 – Embedded encryption and secure memory management.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437