Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remarks
2.	Claims 1-20 are pending. 
Claims 1, 8 and 15 are in independent form. 
Claims 1, 7, 8, 15 and 20 are amended. 

3.	The rejection of claims 1-14 are under 35 U.S.C. § 112, second paragraph, is withdrawn in view of applicant's amendments.

Information Disclosure Statement
4.	The information disclosure statement (IDS) submitted on 04/04/2022, the submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
5.	Applicant’s arguments with respect to claims 1-20 have been considered but are not persuasive. 
On page 8 of Applicant remark, Applicant argue that “Nara does not disclose or suggest the features "generate a first value based on a first device-specific identifier (ID), retrieved from a first memory device, and a first address." 

In response to the above argument, Applicant attention respectfully directed to fig. 1 of Van Antwerpen, show CPU 102 may be operable to generate secret key 171 and to persistently store it in internal memory 126, furthermore fig. 1 show external memory controller 130 may be configured to receive or retrieve secret key 171 from internal memory 126, to use encryption/decryption block 173, for example. Furthermore, Applicant attention respectfully directed to [see para. 0030]. Fig. 1 of Van Antwerpen show  that the CPU 102 may be configured to read(write) from(to) internal memory 126 over internal bus 122, as well as to send instructions to external memory controller 130 as part of XIP or MMIO execution of code that is stored in external memory device 160, i.e. a memory location from a CPU 102 component can read data or send data.

On page 10 of Applicant remark, Applicant argue that Nara does not disclose or suggest the features "encrypt first data with a first 
encryption key and the first value to generate first encrypted data." 

In response to the above argument, Applicant Attention respectfully directed to fig 1 of Van Antwerpen, this fig. shows CPU 102 generates, or receives from another component of system 10, a secret key 171 that is persistently stored in internal memory 126. Secret key 171 is used to encrypt one or more code images (e.g., encrypted image 175).

On page 11 of Applicant remark, “… the cited art does not disclose or suggest the “device specific identifier” recited in claim 1”. 

 In response to the above argument, Applicant attention respectfully directed to fig. 1 of Van Antwerpen, this fig. 1 shows Microcontroller 100 is typically fabricated on a single chip or chip module. Among other components (not shown in FIG. 1 of Van Antwerpen), microcontroller 100 includes CPU 102, internal (e.g., flash) memory 126, and external memory controller 130. CPU 102 is coupled over internal bus 122 to internal memory 126 and to external memory controller 130. For example, CPU 102 may be configured to read(write) from(to) internal memory 126 over internal bus 122, as well as to send instructions to external memory controller 130 as part of XIP or MMIO execution of code that is stored in external memory device 160. Internal memory 126 may be any type of non-volatile memory that is embedded on the same die as CPU 102 (e.g., the internal memory may be within the same microcontroller chip as the CPU). 

Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Van Van et al. (US Pub. 2018/0137294 A1, hereinafter refer as “Van”) in view of Narayanasamy (US Pub. 2018/0300261 A1, hereinafter refer as to “Narayanasamy”). 

Van Van provide an IC device comprises a serial interface and a controller that is configured to communicate with external memory devices over the serial interface. The controller comprises a control register and a cryptography block.

Narayanasamy provide a system that has a secure processor performing encryption and decryption. An enhanced memory unit is set in communication with the secure processor. The enhanced memory unit has multiple layers of semiconductor material. The secure processor transmits a request packet to the enhanced memory unit.

As per claim 1, Van discloses an apparatus comprising: an interface (fig. 1 , element 152, microcontroller 100 and external memory device 160 are coupled over a serial interface 152, furthermore see fig. 2 depicted operation on an internal bus that couples the CPU to an external memory controller, for example see operation 202- operation 214); and a control unit comprising circuitry configured to: generate a first value based on a first device-specific identifier ID (fig. 1 depicted CPU 102 may be operable to generate secret key 171 and to persistently store it in internal memory 126, for example), retrieved from a first memory device (para. 0030 discloses external memory controller 130 may be configured to receive or retrieve secret key 171 from internal memory 126, for example), and a first address; encrypt first data with a first encryption key (para. 0019 discloses a first encryption algorithm, for example) and the first value to generate first encrypted data; and store, via the interface (fig. 1 depicted peripheral interconnect provide the primary data and control interface between CPU subsystem and its peripherals and memory, and programmable core, for example), the first encrypted data on the first memory device (fig. 1 depicted external memory controller 130 may be configured to receive or retrieve secret key 171 from internal memory 126, to use encryption/decryption block 173 … encrypt image 175 with key 171, and to store the encrypted image 175 in external memory device 160, for example).   

Van failed to explicitly disclose generate a first value based on a first device-specific retrieved from a first memory device, and a first address; encrypt first data with a first encryption key and the first value to generate first encrypted data.

However, Narayanasamy disclose generate a first value based on a first device-specific retrieved from a first memory device, and a first address; encrypt first data with a first encryption key and the first value to generate first encrypted data (para. 0017 discloses the request packet transmitted by the secure processor is a read request packet. The read request packet includes an encrypted address and the encrypted address defines a location in the storage layer. In addition, the circuits in the logic layer are configured to decrypt the encrypted address included in the read request packet into a read address, retrieve data stored in the storage layer at the read address, and encrypt the retrieved data. The response packet includes the encrypted retrieved data, for example). 

Van and Narayanasamy are analogous art because they both are directed to a secure processor in communication with memory that has compute capabilities and one of ordinary skill in the art would have had a reasonable expectation of success to modify Van with the specified features of Narayanasamy because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Narayanasamy with the teaching of Van in order to the use of a secure processor in communication with memory that has compute capabilities [Narayanasamy: para. 0002]. 

As per claim 2, as applied above, Van as modified Narayanasamy discloses wherein the control unit is configured to encrypt, with a second encryption key (para. 0019 of Van discloses a second encryption algorithm that is used in decrypting the encrypted copy of the block of data, for example), a combination of the first device-specific ID and the first address to generate the first value, and wherein the first address is a memory channel offset address (para. 0030, 0044, 0047 of Van, for example). 

As per claim 3, as applied above, Van as modified Narayanasamy discloses wherein the first device-specific ID is appended to the first address (para. 0062 of Van discloses a first address for a first read operation to obtain a first encrypted address, for example) and encrypted with the second encryption key to generate the first value (para. 0019 of Van discloses encrypting the address for the read operation is based on a first encryption algorithm that takes more clock cycles than a second encryption algorithm that is used in decrypting the encrypted copy of the block of data, for example), and wherein the first device-specific ID is created from a plurality of metadata values retrieved from the first memory device (para. 0048,0103 of Van, for example). 

As per claim 4, as applied above, Van as modified Narayanasamy discloses wherein the control unit is configured to: receive a request to retrieve second data at a second address from a second memory device (para. 0062 of Van, for example); generate a second value based on the second address and a second device-specific ID retrieved from the second memory device via the interface (fig. 1 of Van depicted microcontroller 100 and external memory device 160 are coupled over a serial interface 152, for example), wherein the second device-specific ID is different from the first device-specific ID; decrypt second encrypted data, retrieved from the second address, with the first encryption key and the second value to generate decrypted data; and send the decrypted data to a requestor, wherein the decrypted data represents the second data (para. 0062 of Van discloses the second device may be further configured to: encrypt, with a second key of the plurality of keys, a second address for a second read operation to obtain a second encrypted address, for example).  

As per claim 5, as applied above, Van as modified Narayanasamy discloses wherein: the interface is a first memory channel; the second memory device is installed in a first memory channel slot corresponding to the first memory channel after the first memory device is removed from the first memory channel slot (para. 0089 of Van discloses (e.g., encryption of the plaintext address followed by decryption of the data block corresponding to the address), for example); the second memory device was installed in a second memory channel slot prior to being installed in the first memory channel slot; and the second memory device stores previously written data (para. 0062 Van discloses a second key of the plurality of keys, a second address for a second read operation to obtain a second encrypted address, the second address specifying a second block of data, and para. 0088 of Van discloses the secret key, KEY, and plaintext address, PA, are written to MMIO registers, for example). 

As per claim 6, as applied above, Van as modified Narayanasamy discloses wherein the control unit is further configured to: store the first device-specific ID in a first metadata register corresponding to the first memory channel (para. 0083 of Van, for example); and overwrite, in the first metadata register, the first device-specific ID with the second device-specific ID after the second memory device is installed in the first memory channel slot (fig. 5 of Van illustrated the capability of the CPU 504 to accesses the private SRAM 512 without going through bridge 518, thus allowing local register and RAM accesses to occur simultaneously with DMA access to shared SRAM 526 and furthermore fig. 1 show  external memory device 160 may have various form factors. For example, external memory device 160 may be a 3 to 9-pin device that may be configured to fit into a pre-defined (e.g., card) slot or that may be affixed to the underlying PCB board (or equivalent structure), for example).  

As per claim 7, as applied above, Van as modified Narayanasamy discloses wherein the control unit is further configured to: encrypt, with the first encryption key, an output of a first XOR operation between the first data and the first value to generate intermediate encrypted data (fig. 7of Van encryption blocks 733-a, i.e. encryption function (e.g., XOR)); and perform a second XOR operation between the intermediate encrypted data  (fig. 7of Van encryption blocks 733-b, i.e. encryption function (e.g., XOR)) and the first value to generate the first encrypted data (fig. 7 of Van and furthermore para. 0032 of Van discloses When external memory device 160 responds with the encrypted copy of the block of data stored at the requested address in encrypted image 175, external memory controller 130 decrypts the encrypted copy of the block of data based on the encrypted address, e.g., by using a weak (but fast) encryption function, such as XOR (exclusive OR), on the encrypted address and the encrypted copy of the block of data, for example).  

As per claim 8, Van discloses a method comprising: receiving, by a control unit, first data to be stored at a first address in a first memory device (fig. 1 depicted Peripheral interconnect 516 may provide the primary data and control interface between CPU subsystem 502 and its peripherals and memory, and programmable core 524, for example); generating a first value based on a first device-specific identifier ID (fig. 1 depicted CPU 102 may be operable to generate secret key 171 and to persistently store it in internal memory 126, for example), and the first address; encrypting the first data with a first encryption key (para. 0019 discloses a first encryption algorithm, for example) and the first value to generate first encrypted data (fig. 1 depicted CPU 102 may be operable to generate secret key 171 and to persistently store it in internal memory 126, for example), and storing the first encrypted data at the first address in the first memory device(fig. 1 depicted CPU 102 may be operable to generate secret key 171 and to persistently store it in internal memory 126, for example). 

Van failed to explicitly disclose generating a first value based on a first device-specific ID encrypting the first data with a first encryption key and the first value to generate first encrypted data.

However, Narayanasamy discloses generating a first value based on a first device-specific ID encrypting the first data with a first encryption key and the first value to generate first encrypted data (figs. 1 and 3 depicted Secure processor 105 is connected to enhanced memory unit 115 by means of a communications bus 110. Communications bus 110 is a serialized communications bus with a packetized interface and Encryption logic 310 encrypts the contents of a packet prior to transmitting the packet to enhanced memory unit 115, for example). 

Van and Narayanasamy are analogous art because they both are directed to a secure processor in communication with memory that has compute capabilities and one of ordinary skill in the art would have had a reasonable expectation of success to modify Van with the specified features of Narayanasamy because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Narayanasamy with the teaching of Van in order to the use of a secure processor in communication with memory that has compute capabilities [Narayanasamy: para. 0002]. 

As per claim 9, as applied above, Van as modified Narayanasamy discloses encrypting, with a second encryption key (para. 0019 of Van discloses a second encryption algorithm that is used in decrypting the encrypted copy of the block of data, for example), a combination of the first device-specific ID and the first address to generate the first value, wherein the first address is a memory channel offset address (para. 0030, 0044, 0047 of Van, for example).

As per claim 10, as applied above, Van as modified Narayanasamy discloses wherein the first device-specific ID is appended to the first address (para. 0062 of Van discloses a first address for a first read operation to obtain a first encrypted address, for example) and encrypted with the second encryption key to generate the first value (para. 0019 of Van discloses encrypting the address for the read operation is based on a first encryption algorithm that takes more clock cycles than a second encryption algorithm that is used in decrypting the encrypted copy of the block of data, for example).  

As per claim 11, as applied above, Van as modified Narayanasamy discloses retrieving, via an interface, a second device-specific identifier (ID) from a second memory device different from the first memory device; receiving a request to retrieve second data at a second address from the second memory device (para. 0062 of Van discloses a second address for a second read operation to obtain a second encrypted address, for example) generating a second value based on the second address and the second device- specific ID; decrypting second encrypted data, retrieved from the second address, with the first encryption key and the second value to generate decrypted data; and sending the decrypted data to a requestor, wherein the decrypted data represents the second data (para. 0062 of Van discloses the second device may be further configured to: encrypt, with a second key of the plurality of keys, a second address for a second read operation to obtain a second encrypted address, for example).    

As per claim 12, as applied above, Van as modified Narayanasamy discloses wherein: the interface is a first memory channel; and the second memory device is installed in a first memory channel slot corresponding to the first memory channel after the first memory device is removed from the first memory channel slot (para. 0089 of Van discloses (e.g., encryption of the plaintext address followed by decryption of the data block corresponding to the address), for example). 

As per claim 13, as applied above, Van as modified Narayanasamy discloses detecting the first memory device installed in a second memory channel slot after the first memory device is removed from the first memory channel slot (para. 0072 discloses hardware address detection and the ability to handle a complete transaction without CPU core intervention, for example); receiving a request to retrieve the first data at the first address from the first memory device in the second memory channel slot; retrieving the first device-specific ID from the first memory device in the second memory channel slot ((fig. 1 of Van depicted external memory controller 130 may be configured to receive or retrieve secret key 171 from internal memory 126, to use encryption/decryption block 173, for example); generating the first value based on the first device-specific ID and the first address; decrypting the first encrypted data, retrieved from the first address, with the first encryption key and the first value to generate the first data; and sending the first data to the requestor (para. 0019 of Van discloses the controller decrypting the encrypted copy of the block of data based on the encrypted address, to obtain the block of data, for example). 

As per claim 14, as applied above, Van as modified Narayanasamy discloses encrypting, with the first encryption key, an output of a first XOR (fig. 7 of Van encryption blocks 733-a, i.e. encryption function (e.g., XOR)) operaton between the first data and the first value to generate intermediate encrypted data; and performing a second XOR operation between the intermediate encrypted data and the first value to generate the first encrypted data (fig. 7 of Van encryption blocks 733-b, i.e. encryption function (e.g., XOR)).  

As per claim 15, Van discloses a system comprising: a processor (fig. 1, microcontroller 100); and a memory controller configured to (fig. 1 depicted CPU 102 is coupled over internal bus 122 to internal memory 126 and to external memory controller 130, for example): receive first data to be stored by the processor at a first address in a first memory device (fig. 1 , element 152, microcontroller 100 and external memory device 160 are coupled over a serial interface 152, furthermore see fig. 2 depicted operation on an internal bus that couples the CPU to an external memory controller, for example see operation 202- operation 214); generate a first value based on a first device-specific identifier ID and the first address (para. 0062 discloses a first address for a first read operation to obtain a first encrypted address, for example); encrypt the first data with a first encryption key and the first value to generate first encrypted data (para. 0019 discloses first encryption algorithm, for example); and store the first encrypted data at the first address in the first memory device (fig. 1 depicted external memory controller 130 may be configured to receive or retrieve secret key 171 from internal memory 126, to use encryption/decryption block 173 … encrypt image 175 with key 171, and to store the encrypted image 175 in external memory device 160, for example). 


Van failed to explicitly disclose generate a first value based on a first device-specific ID and the first address; encrypt the first data with a first encryption key and the first value to generate first encrypted data.

However, Narayanasamy disclose generate a first value based on a first device-specific ID and the first address; encrypt the first data with a first encryption key and the first value to generate first encrypted data (para. 0017 discloses the request packet transmitted by the secure processor is a read request packet. The read request packet includes an encrypted address and the encrypted address defines a location in the storage layer. In addition, the circuits in the logic layer are configured to decrypt the encrypted address included in the read request packet into a read address, retrieve data stored in the storage layer at the read address, and encrypt the retrieved data. The response packet includes the encrypted retrieved data, for example). 
Van and Narayanasamy are analogous art because they both are directed to a secure processor in communication with memory that has compute capabilities and one of ordinary skill in the art would have had a reasonable expectation of success to modify Van with the specified features of Narayanasamy because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Narayanasamy with the teaching of Van in order to the use of a secure processor in communication with memory that has compute capabilities [Narayanasamy: para. 0002]. 

As per claim 16, as applied above, Van as modified Narayanasamy discloses wherein the memory controller is configured to encrypt, with a second encryption key (para. 0019 of Van discloses a second encryption algorithm that is used in decrypting the encrypted copy of the block of data, for example), a combination of the first device-specific ID and the first address to generate the first value, wherein the first address is a memory channel offset address (para. 0030, 0044, 0047 of Van, for example).

As per claim 17, as applied above, Van as modified Narayanasamy discloses wherein the first device-specific ID is appended to the first address (para. 0062 of Van discloses a first address for a first read operation to obtain a first encrypted address, for example) and encrypted with the second encryption key to generate the first value (para. 0019 of Van discloses encrypting the address for the read operation is based on a first encryption algorithm that takes more clock cycles than a second encryption algorithm that is used in decrypting the encrypted copy of the block of data, for example), and wherein the first device-specific ID is created from a plurality of metadata values retrieved from the first memory device (para. 0048,0103 of Van, for example).

As per claim 18, as applied above, Van as modified Narayanasamy discloses wherein the memory controller is further configured to: retrieve a second device-specific identifier (ID) from a second memory device different from the first memory device  (fig. 1 of Van depicted external memory controller 130 may be configured to receive or retrieve secret key 171 from internal memory 126, to use encryption/decryption block 173); receive a request to retrieve second data at a second address from the second memory device; generate a second value based on the second address and the second device-specific ID, wherein the second device-specific ID is different from the first device-specific ID; decrypt second encrypted data, retrieved from the second address, with the first encryption key and the second value to generate decrypted data; and send the decrypted data to a requestor, wherein the decrypted data represents the second data (para. 0062 of Van discloses the second device may be further configured to: encrypt, with a second key of the plurality of keys, a second address for a second read operation to obtain a second encrypted address, for example).  

As per claim 19, as applied above, Van as modified Narayanasamy discloses wherein: the second memory device is installed in a first memory channel slot after the first memory device is removed from the first memory channel slot (para. 0089 of Van discloses (e.g., encryption of the plaintext address followed by decryption of the data block corresponding to the address), for example); the second memory device was installed in a second memory channel slot prior to being installed in the first memory channel slot; and the second memory device stores previously written data (para. 0062 Van discloses a second key of the plurality of keys, a second address for a second read operation to obtain a second encrypted address, the second address specifying a second block of data, and para. 0088 of Van discloses the secret key, KEY, and plaintext address, PA, are written to MMIO registers, for example).

As per claim 20, as applied above, Van as modified Narayanasamy discloses wherein the memory controller is further configured to: store the first device-specific ID in a first metadata register corresponding to the first memory channel; and overwrite, in the first metadata register, the first device-specific ID with the second device-specific ID after the second memory device is installed in the first memory slot  (fig. 5 of Van illustrated the capability of the CPU 504 to accesses the private SRAM 512 without going through bridge 518, thus allowing local register and RAM accesses to occur simultaneously with DMA access to shared SRAM 526 for example). 
 
Pertinent Arts 
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 Durham et al. (Pub. No.: US 20200125501 A1) provide a method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits derived, at least in part, from the encoded pointer. 

Ono et al. (US Patent No: US 6,868,404 B1) provide a digital data recording device, digital data memory device, and digital data utilizing device that prevent unauthorized acts such as backup copying restrictive information and later replacing the restrictive information with the backup copy, digital data recording and utilizing methods for delivering the above effect, and computer-readable storage mediums storing programs for implementing the above methods.
Conclusion

8.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
August 17, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434