DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on June 09, 2022.
Status of claims in the instant application:
Claims 1 – 20 are pending.
Claims 1, 11 – 13, and 17 – 19 are amended.

Response to Amendment
Applicant’s argument, see page [6 – 7] of Applicant’s remarks on June 09, 2022, with respect to claims 1 – 4 that were rejected under 35 U.S.C. 103 as being unpatentable over US 9792229 B2 to Kishinevsky et al., (hereafter, "Kishi") in view of US 11055006 B1 to Chen et al., (hereinafter, “Chen”) and in view of US 20100042824 A1 to Lee et al., (hereinafter, “Lee”),  have been fully considered in view of the filed claim amendments, but they are not persuasive. Therefore, the application is directed to the response below:
Applicant’s arguments with respect to claim 1 has been considered but are moot because the new ground of rejection does rely on the reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claims 1 – 4 are rejected under 35 U.S.C. 103 as being unpatentable over US 9792229 B2 to Kishinevsky et al., (hereafter, "Kishi") in view of US 11055006 B1 to Chen et al., (hereinafter, “Chen”) and in view of US 20100042824 A1 to Lee et al., (hereinafter, “Lee”).
Regarding claim 1, Kishi teaches a processor, comprising: an execution unit comprising circuitry to securely access a trusted execution environment (TEE) including a secure memory region; [Kishi, col. 3 lines 53 – 67 to col. 4 lines 1 – 5 discloses for purposes of performing total memory protection as described herein, a total memory protection (TMP) module 140 is present. Understand that TMP module 140 may be implemented as appropriate combinations of hardware, software and/or firmware. In different processor implementations, the circuitry of TMP module 140 may be implemented in a standalone fashion to act as an interface between shared cache 130 and a given memory coupled to processor 100 such as a dynamic random-access memory (DRAM) or other such system memory. In other cases, TMP module 140 may be implemented within an integrated memory controller of processor 100 that acts to provide an interface and control for the associated memory. In yet other cases, TMP module 140 may be implemented within a memory execution engine (MEE) that may be part of a trusted portion of processor 100 such as circuitry within a security coprocessor, manageability engine or so forth configured to operate in a trusted execution environment. Of course, other implementations of TMP module 140 and its constituent components are possible] first circuitry to rotate encryption keys for the secure memory region [Kishi, col. 4 lines 35 – 49 discloses TMP module 140 may include a variety of storages. Specifically shown in TMP module 140 is a key storage 143 and a TMP cache memory 145. Key storage 143 may be configured to store keys used to generate MACs. In an embodiment in which re-keying is performed to provide rollback protection, key storage 143 may include at least two entries, each to store one of two keys, where a first key is an old key that was used to encrypt MACs and a second key is a new key used to perform a re-keying operation as MACs within a storage undergo a re-keying cycle. In some cases, upon completion of a full re-keying cycle, the old key may be deleted and a new key to be used for a next re-keying cycle may be stored in the first entry. As further shown in FIG. 1, TMP module 140 includes TMP cache memory 145. In an embodiment, cache memory 145 may be configured to store MACs such that off-chip access latency can be avoided for re-keying operations. Of course other TMP-associated data may be stored in TMP cache memory 145] but Kishi does not teach an on-die memory hash register (MHR); second circuitry to compute a hash from the secure memory region, wherein computing the hash comprises computing a cipher or secure hash function that includes respectively a physical address of individual memory lines from the secure memory region, and a message authentication code (MAC) associated with the physical address of an individual memory line; and third circuitry to update the on-die MHR according to the computed hash.
However, Chen does teach second circuitry to compute a hash from the secure memory region, wherein computing the hash comprises computing a cipher or secure hash function that includes respectively a physical address of individual memory lines from the secure memory region; [Chen col. 4 lines 65 – 67 discloses Hashing is used for the content addressing, and the hashing produces evenly distributed results over the allowed input range. Advantageously, the hashing Col. 5 lines 55 – 50 discloses the data modules 16 contain the hash to physical (H2P) Solid State Drive (SSD) address mapping. The data modules 16 are also responsible for IO operations to the SSDs themselves, as well as managing the data protection scheme. In a particular embodiment the data module may include a plurality of counters 28. Col. 5 lines 67 to col. 6 lines 1 – 8 discloses the extracts may be computed by cryptographic hashing of the data, e.g., the modules may calculate hash values for data that are the subject of I/O commands, and the hash values may later be used for retrieval. In particular embodiments, hashing used for the content addressing produces evenly distributed results over the allowed input range. The hashing defines the physical addresses so that data storage makes even use of the system resources.], and a message authentication code (MAC) associated with the physical address of an individual memory line; [Chen, col. 1 lines 54 – 67 to col. 2 lines discloses the system may map the policies to virtual storage domains (VSD) each with a unique domain ID. The domain IDs may be added to hash functions when the system calculates hash for incoming data. One aspect provides a method for providing virtual storage domains for a content addressable system. In one embodiment, the method may include configuring at least one tenant data storage policy for at least one tenant in a storage system. The method further includes creating a virtual storage domain based on the tenant data storage policy, each virtual storage domain having a unique identifier (ID). The method also includes tagging corresponding virtual storage domain IDs to a data request based on a data set policy when data belonging to a data set gets written to the storage system. The method additionally includes calculating a hash signature for the data taking the data content and the storage domain ID as inputs to calculate the hash signature.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Chen’s system with Kishi’s system, with a motivation to define the physical addresses by the hashing so that data storage makes even use of the system resources. [Chen, col. 5 lines 1 – 2], but Kishi in view of Chen does not teach an on-die memory hash register (MHR); and third circuitry to update the on-die MHR according to the computed hash.
However, Lee does teach an on-die memory hash register (MHR); [Lee, para. 69 discloses this secure storage structure incorporates a Merkle hashtree mechanism, R. C. Merkle, "Protocols for public key cryptography," IEEE Symposium on Security and Privacy, pp. 122U134, 1980, hereby incorporated by reference herein, with the root hash stored in the Storage Root Hash (SRH) register on-chip] and third circuitry to update the on-die MHR according to the computed hash. [Lee, para. 69 discloses the root hash, updated only by the TSM, ensures integrity of the keys or other secrets stored in the secure storage against malicious modifications by untrusted software. Since the root hash is stored on-chip, the secure storage is also protected against replay attacks--changes to the secure storage structure are made permanent, including deletions. Stale (deleted) data cannot be replayed since the root hash will no longer match.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with Kishi’s system, with a motivation to store a root hash in our preferred embodiment permits the TSM to extend the trust of the on-chip storage to a larger quantity of data, protect any data in addition to keys, and to protect and enforce any security policy whether or not that policy is tied to a key. [Lee, para. 70]

As per claim 2, modified Kishi teaches the processor of claim 1, further comprising a message authentication code (MAC) data structure for encryption keys, [Kishi, col. 2 lines 6 – 10 discloses rollback protection may be realized without expensive counter storage by performing periodic regeneration of the encryption keys used to generate the MAC values (also referred to herein as MAC keys) and regeneration of the MACs themselves] wherein the first circuitry is to read a MAC with an old key and re-encrypt the MAC with a new key. [Kishi, col. 4 lines 39 – 47 discloses in an embodiment in which re-keying is performed to provide rollback protection, key storage 143 may include at least two entries, each to store one of two keys, where a first key is an old key that was used to encrypt MACs and a second key is a new key used to perform a re-keying operation as MACs within a storage undergo a re-keying cycle. In some cases, upon completion of a full re-keying cycle, the old key may be deleted and a new key to be used for a next re-keying cycle may be stored in the first entry.]

As per claim 3, modified Kishi teaches the processor of claim 1, wherein the first circuitry is to iterate over the encryption keys periodically. [Kishi, col. 2 lines 6 – 10 discloses rollback protection may be realized without expensive counter storage by performing periodic regeneration of the encryption keys used to generate the MAC values (also referred to herein as MAC keys) and regeneration of the MACs themselves]

Regarding claim 4, modified Kishi teaches the processor of claim 1, but modified Kishi does not teach wherein the first circuitry is to update the on-die MHR periodically.
However, Lee does teach wherein the first circuitry is to update the on-die MHR periodically. [Lee, para. 69 discloses this secure storage structure incorporates a Merkle hashtree mechanism, R. C. Merkle, "Protocols for public key cryptography," IEEE Symposium on Security and Privacy, pp. 122U134, 1980, hereby incorporated by reference herein, with the root hash stored in the Storage Root Hash (SRH) register on-chip. The root hash, updated only by the TSM, ensures integrity of the keys or other secrets stored in the secure storage against malicious modifications by untrusted software. Since the root hash is stored on-chip, the secure storage is also protected against replay attacks--changes to the secure storage structure are made permanent, including deletions. Stale (deleted) data cannot be replayed since the root hash will no longer match.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with modified Kishi’s system, with a motivation to store a root hash in our preferred embodiment permits the TSM to extend the trust of the on-chip storage to a larger quantity of data, protect any data in addition to keys, and to protect and enforce any security policy whether or not that policy is tied to a key. [Lee, para. 70]

Claims 5 – 6, 9 – 15, and 19 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 9792229 B2 to Kishinevsky et al., (hereafter, "Kishi") in view of US 11055006 B1 to Chen et al., (hereinafter, “Chen”) and in view of US 20100042824 A1 to Lee et al., (hereinafter, “Lee”) in further view of US 20190132133 A1 to Druker.
Regarding claim 5, modified Kishi teaches the processor of claim 1, but Kishi does not teach wherein the first circuitry is to update the on-die MHR after each rotation of an encryption key.
However, Druker does teach wherein the first circuitry is to [update the on-die MHR] after each rotation of an encryption key. [Druker, para. 24 discloses the encryption engine can include a key rotation, which can encrypt data transmitted over the network 150 with different keys, typically per time period or transaction. For example, the encryption keys used to encrypt data transmitted by devices 105 can change every minute (e.g., each minute time-stamp can correspond to a different key). Additionally, the encryption keys used to encrypt data transmitted by devices 105 can change per communication transaction. Para. 26 discloses to successfully associate identical fields encrypted with different keys, a hash value can be generated prior to each encryption cycle, which remains uniform if the same cryptographic hash function is used to generate the hash. The hash value can then be used to associate the identical field values encrypted with different keys. ... The hash values can then be transmitted to the server 135 and stored in a hash table 175, along with the encrypted data 165 and a key identifier 170 referencing the corresponding encryption key. The hash table 175, encrypted data 165, and key identifier 170 can all be stored in memory 155 located on the server 135.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Druker’s system with Kishi’s system, with a motivation to alter the encryption key frequently to mitigate risk in symmetric key systems and ensure the system is more secure, as it makes searching the encrypted data for patterns significantly harder, as different data sets can be encrypted by different algorithms [Druker, para. 15], but Kishi in view of Druker does not teach update the on-die MHR.
However, Lee does teach update the on-die MHR. [Lee, para. 69 discloses the root hash, updated only by the TSM, ensures integrity of the keys or other secrets stored in the secure storage against malicious modifications by untrusted software. Since the root hash is stored on-chip, the secure storage is also protected against replay attacks--changes to the secure storage structure are made permanent, including deletions. Stale (deleted) data cannot be replayed since the root hash will no longer match.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with Kishi’s system, with a motivation to store a root hash in our preferred embodiment permits the TSM to extend the trust of the on-chip storage to a larger quantity of data, protect any data in addition to keys, and to protect and enforce any security policy whether or not that policy is tied to a key. [Lee, para. 70]

Regarding claim 6, modified Kishi teaches the processor of claim 5, but modified Kishi does not teach wherein the first circuitry is to maintain a running hash, wherein a next value of the running hash is a function of a previous value of the running hash and an encryption key being updated.
However, Druker does teach wherein the first circuitry is to maintain a running hash, wherein a next value of the running hash is a function of a previous value of the running hash and an encryption key being updated. [Druker, para. 29 discloses the encrypted value (E.sub.1), the key identifier (K.sub.1), and the hash value for the email address (H.sub.1) are then transmitted over network 150 to the server 135. The server 135 stores the encrypted value (E.sub.1) and key identifier (K.sub.1) in the encrypted data 165, and stores the hash value (H.sub.1) in the hash table. Para. 30 discloses the security application 125 then generates a hash value for the second email (H.sub.1), which is the same as the hash value for the first email because the email address is identical. The security application 125-1 then encrypts the email address at t.sub.2, to generate an encrypted value (E.sub.2) and a key identifier (K.sub.2) referencing the key used to encrypt the second email at t.sub.2. The encrypted value (E.sub.2), the key identifier (K.sub.2), and the hash value for the email address (H.sub.1) are then transmitted over network 150 to the server 135. The server 135 stores the encrypted value (E.sub.2) and key identifier (K.sub.2) in the encrypted data 165, and stores the hash value H.sub.1 in the hash table 175. The security application 160 then associates (E.sub.1) with (E.sub.2) by using the hash value (H.sub.1), which remains constant as the same hash function is applied to the same email address.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Druker’s system with modified Kishi’s system, with a motivation to utilize the association of encrypted values via the hash value to provide useful metrics about the overall system which can be beneficial, for example, in licensing scenarios, as the number of unique users utilizing a product (e.g., a cloud computing service) can be counted. If the number of hashes in the hash table 175 exceed the number of granted license, a determination can be made that unlicensed users are accessing the system. [Druker, para. 31]

Regarding claim 9, modified Kishi teaches the processor of claim 1, but modified Kishi does not teach wherein the first circuitry is to store a per-cycle MHR value.
However, Druker does teach wherein the first circuitry is to store a per-cycle MHR value. [Druker, para. 24 discloses the encryption engine can include a key rotation, which can encrypt data transmitted over the network 150 with different keys, typically per time period or transaction. For example, the encryption keys used to encrypt data transmitted by devices 105 can change every minute (e.g., each minute time-stamp can correspond to a different key). Additionally, the encryption keys used to encrypt data transmitted by devices 105 can change per communication transaction. Para. 26 discloses to successfully associate identical fields encrypted with different keys, a hash value can be generated prior to each encryption cycle, which remains uniform if the same cryptographic hash function is used to generate the hash. The hash value can then be used to associate the identical field values encrypted with different keys. ... The hash values can then be transmitted to the server 135 and stored in a hash table 175, along with the encrypted data 165 and a key identifier 170 referencing the corresponding encryption key. The hash table 175, encrypted data 165, and key identifier 170 can all be stored in memory 155 located on the server 135.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Druker’s system with modified Kishi’s system, with a motivation to alter the encryption key frequently to mitigate risk in symmetric key systems and ensure the system is more secure, as it makes searching the encrypted data for patterns significantly harder, as different data sets can be encrypted by different algorithms. [Druker, para. 15]

As per claim 10, modified Kishi teaches the processor of claim 9, wherein the per-cycle MHR value is stored on-die. [Kishi, col. 6 lines 66 – 67 to col. 7 lines 1 - 14 discloses method 400 begins by loading an old key and generating a new key (block 405). In an embodiment, this old key may be stored in a storage of the TMP module itself. The new key may be generated according to common key generation practices, utilizing a random number generator, hardware specific seed, and some cryptographic primitives to increase the entropy of the key. Similarly, the new key also may be stored in a storage of the TMP module. At block 410, a current re-MAC address may be set to a base MAC address. This current re-MAC address acts as a pointer to a particular location in a storage that includes the MAC values, and the base MAC address may be the address within the storage at which the first generated MAC value is stored. In the embodiment of FIG. 4, this storage may be a system memory. In other cases, the memory may be a cache memory of the processor such as a dedicated MAC storage.]

As per claim 11, modified Kishi teaches the processor of claim 9, wherein the first circuitry is to compare the per-cycle MHR value to a running MHR value at an end of a key rotation cycle. [Kishi, col. 7 lines 28 – 38 discloses at block 430 a MAC stored in the current MAC address may be loaded, along with its associated data. Using this information, the MAC may be re-keyed and the resulting new MAC may be stored at the current MAC address. To perform this re-keying the MAC validation regenerates the original MAC based on the original key and data. If the regenerated MAC matches the MAC loaded from memory, then the validation is successful and a new MAC may be generated. The new MAC is generated based on the new key and data. The new MAC is then written back to memory, replacing the original MAC.]

As per claim 12, modified Kishi teaches the processor of claim 11, wherein the first circuitry is to raise a security exception in case of a mismatch between the per-cycle MHR value and the running MHR value. [Kishi, col. 6 lines 1 – 14 discloses control next passes to diamond 360 where it is determined whether the decrypted MAC value matches the validation MAC value. If so, the integrity of the obtained data is verified and at block 370 the data is sent to the destination or requester (e.g., a core). Otherwise an integrity violation is reported (block 380) and thus the data is not provided to the destination. Understand that in some cases to reduce latency upon decryption, the data may be sent to the destination and if an integrity violation is thereafter determined (at diamond 360) the integrity violation report may be generated at block 380 and a fault signal may be sent to the destination to prevent the earlier sent decrypted data from being committed to a state of the machine.]

Regarding claim 13, modified Kishi teaches a computing system, comprising: a memory; [Kishi, col. 3 lines 54 - 62 discloses a total memory protection (TMP) module 140 is present. Understand that TMP module 140 may be implemented as appropriate combinations of hardware, software and/or firmware. In different processor implementations, the circuitry of TMP module 140 may be implemented in a standalone fashion to act as an interface between shared cache 130 and a given memory coupled to processor 100 such as a dynamic random access memory (DRAM) or other such system memory] a trusted execution environment circuit to provide a secure region of the memory; [Kishi, col. 3 lines 65 – 67 to col. 4 lines 1 - 3 discloses TMP module 140 may be implemented within a memory execution engine (MEE) that may be part of a trusted portion of processor 100 such as circuitry within a security coprocessor, manageability engine or so forth configured to operate in a trusted execution environment] and a memory integrity engine with deterministic rotation (MIE-DR) circuit to encrypt the secure region of the memory, the MIE-DR circuit comprising a key rotation engine to rotate message authentication code (MAC) keys within a MAC table for the secure region [Kishi, col. 4 lines 35 – 49 discloses TMP module 140 may include a variety of storages. Specifically shown in TMP module 140 is a key storage 143 and a TMP cache memory 145. Key storage 143 may be configured to store keys used to generate MACs. In an embodiment in which re-keying is performed to provide rollback protection, key storage 143 may include at least two entries, each to store one of two keys, where a first key is an old key that was used to encrypt MACs and a second key is a new key used to perform a re-keying operation as MACs within a storage undergo a re-keying cycle. In some cases, upon completion of a full re-keying cycle, the old key may be deleted and a new key to be used for a next re-keying cycle may be stored in the first entry. As further shown in FIG. 1, TMP module 140 includes TMP cache memory 145. In an embodiment, cache memory 145 may be configured to store MACs such that off-chip access latency can be avoided for re-keying operations. Of course, other TMP-associated data may be stored in TMP cache memory 145], but modified Kishi does not teach an on-die memory hash register (MHR) to maintain a current hash of the MAC table, wherein the current hash is computed according to a cipher or secure hash function that includes a physical address of individual memory lines from the secure region of the memory, and a MAC associated with the physical address of an individual memory line.
However, Druker does teach [an on-die memory hash register (MHR)] to maintain a current hash of the MAC table [Druker, para. 26 discloses the server 135 can use hash values to track (e.g., count, identify, or associate) identical data fields (e.g., user identities, locations, timings, machines) transmitted by the devices 105. Because the data transmitted by the devices 105 can be encrypted with different keys, identical fields can have multiple representations (e.g., appear as different encrypted values). To successfully associate identical fields encrypted with different keys, a hash value can be generated prior to each encryption cycle, which remains uniform if the same cryptographic hash function is used to generate the hash. The devices 105-1 can use a local hash engine, or alternatively, a hash engine provided by the server 135 (e.g., over network 150), to generate hash values for each set of identical fields prior to encrypting the identical fields with different keys. The hash values can then be transmitted to the server 135 and stored in a hash table 175, along with the encrypted data 165 and a key identifier 170 referencing the corresponding encryption key. The hash table 175, encrypted data 165, and key identifier 170 can all be stored in memory 155 located on the server 135], wherein the current hash is computed according to a cipher or secure hash function that includes a physical address of individual memory lines from the secure region of the memory [Druker, para. 17 discloses Aspects of the present disclosure associate identical fields encrypted with different keys via hash generation. Specifically, each identical field (e.g., user identity, location, machine, time, date, program, product etc.) can be hashed prior to each encryption cycle. Because the cryptographic hash function yields the same output for each respective identical field, the multiple representations generated by encrypting the fields with different keys are traceable. The hash values for each identical field can be associated with the corresponding encrypted values and key identifiers referencing the encryption keys used to generate those encrypted values. Various analytics can then be collected regarding the identical fields, including the number of users accessing the system and/or the relative activity of each user identity. Further, the hash values can be used to select data for decryption using the corresponding key identifiers. Para. 18 discloses analytics can be performed regarding various identical field types (e.g., user identities, time periods, locations, machines, products etc.) associated with the system. This is performed by generating unique hashes for each identical field, and linking each hash value to each identical field's multiple encrypted representations. Because the hash values are generally cryptographically unfeasible to reverse back into the plaintext, the system remains secure.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Druker’s system with Kishi’s system, with a motivation to alter the encryption key frequently to mitigate risk in symmetric key systems and ensure the system is more secure, as it makes searching the encrypted data for patterns significantly harder, as different data sets can be encrypted by different algorithms [Druker, para. 15], but Kishi in view of Druker does not teach update the on-die MHR.
However, Lee does teach update the on-die MHR. [Lee, para. 69 discloses this secure storage structure incorporates a Merkle hashtree mechanism, R. C. Merkle, "Protocols for public key cryptography," IEEE Symposium on Security and Privacy, pp. 122U134, 1980, hereby incorporated by reference herein, with the root hash stored in the Storage Root Hash (SRH) register on-chip.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with Kishi’s system, with a motivation to store a root hash in our preferred embodiment permits the TSM to extend the trust of the on-chip storage to a larger quantity of data, protect any data in addition to keys, and to protect and enforce any security policy whether or not that policy is tied to a key. [Lee, para. 70]
However, Kishi in view of Lee and Druker does not teach, wherein the current hash is computed according to a cipher or secure hash function that includes a physical address of individual memory lines from the secure region of the memory, and a MAC associated with the physical address of an individual memory line, but Chen does teach, wherein the current hash is computed according to a cipher or secure hash function that includes a physical address of individual memory lines from the secure region of the memory [Chen col. 4 lines 65 – 67 discloses Hashing is used for the content addressing, and the hashing produces evenly distributed results over the allowed input range. Advantageously, the hashing Col. 5 lines 55 – 50 discloses the data modules 16 contain the hash to physical (H2P) Solid State Drive (SSD) address mapping. The data modules 16 are also responsible for IO operations to the SSDs themselves, as well as managing the data protection scheme. In a particular embodiment the data module may include a plurality of counters 28. Col. 5 lines 67 to col. 6 lines 1 – 8 discloses the extracts may be computed by cryptographic hashing of the data, e.g., the modules may calculate hash values for data that are the subject of I/O commands, and the hash values may later be used for retrieval. In particular embodiments, hashing used for the content addressing produces evenly distributed results over the allowed input range. The hashing defines the physical addresses so that data storage makes even use of the system resources.], and a MAC associated with the physical address of an individual memory line. [Chen, col. 1 lines 54 – 67 to col. 2 lines 1 – 4 discloses the system may map the policies to virtual storage domains (VSD) each with a unique domain ID. The domain IDs may be added to hash functions when the system calculates hash for incoming data. One aspect provides a method for providing virtual storage domains for a content addressable system. In one embodiment, the method may include configuring at least one tenant data storage policy for at least one tenant in a storage system. The method further includes creating a virtual storage domain based on the tenant data storage policy, each virtual storage domain having a unique identifier (ID). The method also includes tagging corresponding virtual storage domain IDs to a data request based on a data set policy when data belonging to a data set gets written to the storage system. The method additionally includes calculating a hash signature for the data taking the data content and the storage domain ID as inputs to calculate the hash signature.]
 Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Chen’s system with Kishi’s system, with a motivation to define the physical addresses by the hashing so that data storage makes even use of the system resources. [Chen, col. 5 lines 1 – 2]

As per claim 14, modified Kishi teaches the computing system of claim 13, further comprising a basic input-output system (BIOS), comprising instructions to initialize the MAC table. [Kishi, col. 11 lines 8 – 15 discloses various input/output (I/O) devices 1514 may be coupled to first bus 1516, along with a bus bridge 1518 which couples first bus 1516 to a second bus 1520. Various devices may be coupled to second bus 1520 including, for example, a keyboard/mouse 1522, communication devices 1526 and a data storage unit 1528 such as a disk drive or other mass storage device which may include code 1530 and one or more manifests. Col. 8 lines 34 – 43 discloses MAC storage 500 may be a dedicated cache memory of a processor (such as TMP cache 145 of FIG. 1) or a region of a system memory. As seen, MAC storage 500 includes a first region 510 to store re-keyed MACs and a second region 520 to store MACs generated with a prior key. Thus, entries 512a-512n store MAC values generated with a new key 530, while entries 522a-522n store MAC values generated using an old key 535. A pointer 540 points to a location of the MAC that is currently undergoing re-keying.]

As per claim 15, modified Kishi teaches the computing system of claim 14, wherein the BIOS further comprises instructions to initialize the on-die MHR. [Kishi, col. 11 lines 8 – 15 discloses various input/output (I/O) devices 1514 may be coupled to first bus 1516, along with a bus bridge 1518 which couples first bus 1516 to a second bus 1520. Various devices may be coupled to second bus 1520 including, for example, a keyboard/mouse 1522, communication devices 1526 and a data storage unit 1528 such as a disk drive or other mass storage device which may include code 1530 and one or more manifests. Col. 3 lines 54 - 62 discloses a total memory protection (TMP) module 140 is present. Understand that TMP module 140 may be implemented as appropriate combinations of hardware, software and/or firmware. In different processor implementations, the circuitry of TMP module 140 may be implemented in a standalone fashion to act as an interface between shared cache 130 and a given memory coupled to processor 100 such as a dynamic random-access memory (DRAM) or other such system memory]

Regarding claim 19, Kishi teaches a method of providing deterministic key rotation for an encrypted computer memory, comprising: the MAC values encrypted with an encryption key each; [Kishi, col. 2 lines 6 – 10 discloses rollback protection may be realized without expensive counter storage by performing periodic regeneration of the encryption keys used to generate the MAC values (also referred to herein as MAC keys) and regeneration of the MACs themselves], but Kishi does not teach initializing an encrypted message authentication code (MAC) table, the encrypted MAC table comprising MAC values for accessing an encrypted memory, initializing a memory hash register (MHR) with a hash of the MAC table; periodically sequentially obsoleting and refreshing MAC values in the MAC tables; and after an update to the MAC table, recalculating the hash of the MHR, wherein recalculating the hash comprises computing a cipher or secure hash function that includes a physical address of individual memory lines from a secure memory region, and a message authentication code (MAC) associated with athe physical address of an individual memory line.
However, Druker does teach initializing an encrypted message authentication code (MAC) table, the encrypted MAC table comprising MAC values for accessing an encrypted memory, initializing [an on-die memory hash register (MHR)] with a hash of the MAC table; [Druker, para. 25 discloses the security applications 125 and/or 160 include a hash engine. The hash engines can include a cryptographic hash function (e.g., Secure Hash Algorithm-1 (SHA1) or MD5), to generate hash values for plaintext data included on the devices 105 and/or server 135. By running the plaintext through the hash function, a hash value (e.g., an irreversible or one-way hash) can be generated. The hash value can be used to verify the integrity of data. Para. 26 discloses the hash values can then be transmitted to the server 135 and stored in a hash table 175, along with the encrypted data 165 and a key identifier 170 referencing the corresponding encryption key] periodically sequentially obsoleting and refreshing MAC values in the MAC tables; [Druker, para. 24 discloses the encryption engine can include a key rotation, which can encrypt data transmitted over the network 150 with different keys, typically per time period or transaction. For example, the encryption keys used to encrypt data transmitted by devices 105 can change every minute (e.g., each minute time-stamp can correspond to a different key). Additionally, the encryption keys used to encrypt data transmitted by devices 105 can change per communication transaction. Para. 26 discloses to successfully associate identical fields encrypted with different keys, a hash value can be generated prior to each encryption cycle, which remains uniform if the same cryptographic hash function is used to generate the hash. The hash value can then be used to associate the identical field values encrypted with different keys. ... The hash values can then be transmitted to the server 135 and stored in a hash table 175, along with the encrypted data 165 and a key identifier 170 referencing the corresponding encryption key. The hash table 175, encrypted data 165, and key identifier 170 can all be stored in memory 155 located on the server 135] and after an update to the MAC table, recalculating the hash of the MHR. [Druker, para. 29 discloses the encrypted value (E.sub.1), the key identifier (K.sub.1), and the hash value for the email address (H.sub.1) are then transmitted over network 150 to the server 135. The server 135 stores the encrypted value (E.sub.1) and key identifier (K.sub.1) in the encrypted data 165, and stores the hash value (H.sub.1) in the hash table. Para. 30 discloses the security application 125 then generates a hash value for the second email (H.sub.1), which is the same as the hash value for the first email because the email address is identical. The security application 125-1 then encrypts the email address at t.sub.2, to generate an encrypted value (E.sub.2) and a key identifier (K.sub.2) referencing the key used to encrypt the second email at t.sub.2. The encrypted value (E.sub.2), the key identifier (K.sub.2), and the hash value for the email address (H.sub.1) are then transmitted over network 150 to the server 135. The server 135 stores the encrypted value (E.sub.2) and key identifier (K.sub.2) in the encrypted data 165, and stores the hash value H.sub.1 in the hash table 175. The security application 160 then associates (E.sub.1) with (E.sub.2) by using the hash value (H.sub.1), which remains constant as the same hash function is applied to the same email address.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Druker’s system with Kishi’s system, with a motivation to alter the encryption key frequently to mitigate risk in symmetric key systems and ensure the system is more secure, as it makes searching the encrypted data for patterns significantly harder, as different data sets can be encrypted by different algorithms [Druker, para. 15], but Kishi in view of Druker does not teach update the on-die MHR.
However, Lee does teach update the on-die MHR. [Lee, para. 69 discloses this secure storage structure incorporates a Merkle hashtree mechanism, R. C. Merkle, "Protocols for public key cryptography," IEEE Symposium on Security and Privacy, pp. 122U134, 1980, hereby incorporated by reference herein, with the root hash stored in the Storage Root Hash (SRH) register on-chip.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with Kishi’s system, with a motivation to store a root hash in our preferred embodiment permits the TSM to extend the trust of the on-chip storage to a larger quantity of data, protect any data in addition to keys, and to protect and enforce any security policy whether or not that policy is tied to a key. [Lee, para. 70]
However, Kishi in view of Lee and Druker does not teach, wherein recalculating the hash comprises computing a cipher or secure hash function that includes the physical address of individual memory lines from the secure memory region, and a message authentication code (MAC) associated with athe physical address of an individual memory line, but Chen does teach, wherein recalculating the hash comprises computing a cipher or secure hash function that includes the physical address of individual memory lines from the secure memory region. [Chen col. 4 lines 65 – 67 discloses Hashing is used for the content addressing, and the hashing produces evenly distributed results over the allowed input range. Advantageously, the hashing Col. 5 lines 55 – 50 discloses the data modules 16 contain the hash to physical (H2P) Solid State Drive (SSD) address mapping. The data modules 16 are also responsible for IO operations to the SSDs themselves, as well as managing the data protection scheme. In a particular embodiment the data module may include a plurality of counters 28. Col. 5 lines 67 to col. 6 lines 1 – 8 discloses the extracts may be computed by cryptographic hashing of the data, e.g., the modules may calculate hash values for data that are the subject of I/O commands, and the hash values may later be used for retrieval. In particular embodiments, hashing used for the content addressing produces evenly distributed results over the allowed input range. The hashing defines the physical addresses so that data storage makes even use of the system resources.], and a message authentication code (MAC) associated with athe physical address of an individual memory line. [Chen, col. 1 lines 54 – 67 to col. 2 lines discloses the system may map the policies to virtual storage domains (VSD) each with a unique domain ID. The domain IDs may be added to hash functions when the system calculates hash for incoming data. One aspect provides a method for providing virtual storage domains for a content addressable system. In one embodiment, the method may include configuring at least one tenant data storage policy for at least one tenant in a storage system. The method further includes creating a virtual storage domain based on the tenant data storage policy, each virtual storage domain having a unique identifier (ID). The method also includes tagging corresponding virtual storage domain IDs to a data request based on a data set policy when data belonging to a data set gets written to the storage system. The method additionally includes calculating a hash signature for the data taking the data content and the storage domain ID as inputs to calculate the hash signature.]

 Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Chen’s system with Kishi’s system, with a motivation to define the physical addresses by the hashing so that data storage makes even use of the system resources. [Chen, col. 5 lines 1 – 2]

As per claim 20, modified Kishi teaches the method of claim 19, wherein periodically sequentially obsoleting and refreshing MAC values in the MAC tables comprises reading a MAC with an old encryption key and re-encrypting the MAC with a new encryption key. [Kishi, Kishi, col. 2 lines 6 – 10 discloses rollback protection may be realized without expensive counter storage by performing periodic regeneration of the encryption keys used to generate the MAC values (also referred to herein as MAC keys) and regeneration of the MACs themselves. Col. 4 lines 39 – 47 discloses in an embodiment in which re-keying is performed to provide rollback protection, key storage 143 may include at least two entries, each to store one of two keys, where a first key is an old key that was used to encrypt MACs and a second key is a new key used to perform a re-keying operation as MACs within a storage undergo a re-keying cycle. In some cases, upon completion of a full re-keying cycle, the old key may be deleted and a new key to be used for a next re-keying cycle may be stored in the first entry.]

Claims 7 – 8 are rejected under 35 U.S.C. 103 as being unpatentable over US 9792229 B2 to Kishinevsky et al., (hereafter, "Kishi") in view of US 11055006 B1 to Chen et al., (hereinafter, “Chen”) and in view of US 20100042824 A1 to Lee et al., (hereinafter, “Lee”) in further view of US 20190132133 A1 to Druker and in further view of US 20100303229 A1 to Unruh.
Regarding claim 7, modified Kishi teaches the processor of claim 6, but modified Kishi does not teach wherein the function is an exclusive-OR (XOR).
	However, Unruh does teach wherein the function is an exclusive-OR (XOR). [Unruh, para. 46 discloses the multiplier 242 then generates a hash value for the result of the XOR operation 241, and the hash value is XORed with the result of the encryption operation 246 to generate the authentication tag 248, i.e., the authentication code for the cipher text.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Unruh’s system with modified Kishi’s system, with a motivation to reduce the amount of information leakage when introducing an initialization vector that is XORed with the plaintext before the plaintext is passed to the block cipher. [Unruh, para. 9]
	
Regarding claim 8, modified Kishi teaches the processor of claim 6, but modified Kishi does not teach wherein the function is a Galois field multiplication function (GFMUL).
However, Unruh does teach wherein the function is a Galois field multiplication function (GFMUL). [Unruh, para. 61 discloses generate an intermediate value of the authentication code, also referred to herein as a hash value ... Block 408 XOR's the i.sup.th block of ciphertext with the hash value produced for the previous ciphertext block (i.e., block i-1). Block 410 multiplies the result of Block 408 by the hash factor H using Galois field multiplication to produce the hash value of ciphertext block i.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Unruh’s system with modified Kishi’s system, with a motivation to produce a ciphertext block having the aforementioned exclusive-or property (exclusive-or of ciphertext equals exclusive-or of plaintext), but the frequency of such as occurrence is very low compared to the existing GCM technique, occurring in a single block.  [Unruh, para. 9]
	
Claims 16 – 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 9792229 B2 to Kishinevsky et al., (hereafter, "Kishi") in view of US 11055006 B1 to Chen et al., (hereinafter, “Chen”) and in view of US 20100042824 A1 to Lee et al., (hereinafter, “Lee”) in further view of US 20190132133 A1 to Druker and in further view of US 20180091308 A1 to Durham et al., (hereafter, “Durham”).
Regarding claim 16, modified Kishi teaches the computing system of claim 13, but modified Kishi does not teach further comprising an error correction code (ECC) memory for correcting memory errors.
However, Durham does teach further comprising an error correction code (ECC) memory for correcting memory errors. [Durham, para. 17 discloses Error correcting code (ECC) memory can include using additional integrated circuits or devices or chips of physical memory to correct corrupted data.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Durham’s system with modified Kishi’s system, with a motivation to maintain error correcting capabilities to provide high performance memory that can mitigate random bit errors, memory based integrated circuit failures, and malicious adversaries. [Durham, para. 17]

Regarding claim 17, modified Kishi teaches the computing system of claim 16, but modified Kishi does not teach wherein the MIE-DR circuit is to store the MAC table in the ECC memory.
However, Durham does teach wherein the MIE-DR circuit is to store the MAC table in the ECC memory. [Durham, para. 83 discloses the MAC of the replay tree can include a parent counter value for the cache line. A root counter/nonce (or counters/nonces for multiple memory regions) can also be embedded in the hardware, on-die. The first level in the tree in memory contains a cache line with a set of counter/nonce values and the MAC in ECC memory. This MAC is calculated over all the counter values comprising the cache line and the associated root counter/nonce stored on-die. Each counter/nonce value on the line is a parent for the next level of the tree.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Durham’s system with modified Kishi’s system, with a motivation to maintain error correcting capabilities to provide high performance memory that can mitigate random bit errors, memory based integrated circuit failures, and malicious adversaries. [Durham, para. 17]

Regarding claim 18, modified Kishi teaches the computing system of claim 16, but modified Kishi does not teach wherein the MIE-DR circuit is to combine the MAC table with the ECC memory.
However, Durham does teach wherein the MIE-DR circuit is to combine the MAC table with the ECC memory. [Durham, para. 83 discloses the next level of the tree is a line with counter/nonce values, again where the MAC in ECC memory hashes all the counter/nonce values in the line and a single parent nonce/counter from the previous line in the tree. The last level/leaf of the tree consists of the data line and its MAC in ECC memory as described previously, the one difference being that the MAC is also hashed over the parent counter/nonce value. In this way, replay can be prevented as every time data is written to memory, the root counter and all counter values in the branch of the counter/nonce tree leading to the updated data line are incremented/updated and all the affected MACs in ECC memory recalculated.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Durham’s system with modified Kishi’s system, with a motivation to maintain error correcting capabilities to provide high performance memory that can mitigate random bit errors, memory based integrated circuit failures, and malicious adversaries. [Durham, para. 17]

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (USA OR CANADA) or 571-272-1000.
 /P.P./Patent Examiner, Art Unit 2434  

/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434