DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 6/14/2021. Preliminary Amendment filed on 6/14/2021 has been entered. Claims 16-35 are pending.

Priority
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/14/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities:
Specification recites ‘“Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication”, available from https://doi.org/10.6028/NIST.SP.800-38B’ (p. 10, line 10-12) However, the embedded hyperlinks and/or other forms of browser-executable code are impermissible and that references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See 37 CFR 1.57(e)  and MPEP § 608.01(p), paragraph I.
Appropriate correction is required.

Claim Objections
Claims 17, 21, 25-26, 29 and 31-35 are objected to because of the following informalities: 
In claim 17 and 31, “includes at least one the following operations:” is recited, which should be “includes at least one of the following operations:”
Claim 21 recites “wherein one or more operations performed using said cryptographic key fail if a current state of the cryptographic processing system does not correspond to said predefined state.” Claim 25 recites “wherein one or more operations performed on the cryptographic key or one or more operations performed using said cryptographic key are suspended or aborted if said operations are not permitted according to the configurable properties assigned to the cryptographic key.” Claim 26 recites “wherein the cryptographic key is flushed if one or more operations are performed on the cryptographic key or one or more operations are performed using the cryptographic key which are not permitted according to the configurable properties assigned to the cryptographic key.” Examiner suggests applicant to revisit the "if" statement (contingent limitations) used in the claims. According to MPEP 2111.04(II), the broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. Similar change to claim 35 is recommended for consistency.
Claim 29 recites “when executed by a cryptographic processing system”, which should be referred to using a definite article.
Independent claim 30 recites “A cryptographic processing system, comprising:…” while dependent claims 31-35 recite “The system of claim 30/33/34…” It is suggested to change the dependent claims to “The cryptographic processing system of claim 30/33/34…” for consistency and clarity.
Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) are: 
“a key generation unit configured to generate at least one cryptographic key”, and “the key generation unit further being configured to assign one or more configurable properties to said cryptographic key” in claim 30.

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 30-35 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. Claims 31-35 are rejected as well because they depend on claims 30.
Claim limitation “a key generation unit configured to generate at least one cryptographic key”, and “the key generation unit further being configured to assign one or more configurable properties to said cryptographic key”, invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. FIG. 3-7 show an illustrative embodiment of a key derivation operation, a derived key generation, a key wrapping operation, a key unwrapping operation, a key processing; but they are not clearly linked to structure, material, or acts perform the entire claimed function for “a key generation unit configured to generate at least one cryptographic key”, as well as “the key generation unit further being configured to assign one or more configurable properties to said cryptographic key”. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 16-24 and 29-35 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dekker (US 20170118018 A1).

Regarding claim 16, Dekker teaches a method for setting permissions for cryptographic keys in a cryptographic processing system, comprising:
generating at least one cryptographic key to be protected; ([0015] According to a first aspect of the present invention, there is provided a chip for performing cryptographic operations. The chip comprises a key storage module, a rule storage module, an interface module and a cryptographic module. The key storage module is configured to store one or more cryptographic keys.) Here cryptographic keys are stored, and hence they are generated. Detailed arrangements are shown in [0032].
assigning one or more configurable properties to said cryptographic key; ([0030] FIG. 3 shows a chip 300 for performing cryptographic operations in accordance with one embodiment of the invention. The chip comprises an interface module 310, a key storage module 320, a rule storage module 330 and a cryptographic module 340. The key storage module 320 is configured to store one or more cryptographic keys K1, K2, . . . Kn. The rule storage module 330 is configured to store one or more rules R1, R2, . . . Rn. The labels R1, R2, . . . Rn in FIG. 3 may be considered to be “rule identifiers” (or “rule tags”) used to identify each rule. Each rule Ri comprises respective rule data that identifies a respective predetermined cryptographic operation XRi associated with the rule and further identifies at least one key KRi of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation XRi. The interface module 310 is configured to receive a rule execution request 350 which includes a rule identifier Rj to identify a specific rule of the one or more rules to be executed. The cryptographic module 340 is configured to execute the specific rule Rj so as to perform the respective predetermined cryptographic operation XRj in response to the rule execution request 350. The chip is configured such that the cryptographic keys K and the cryptographic module 340 may only be used by executing rules from the one or more rules R in response to associated rule execution requests 350 received by the interface module 310.)
wherein the configurable properties define at least one of a permission of performing a first set of predefined operations on the cryptographic key and a permission of using the cryptographic key for performing a second set of predefined operations. ([0015] The rule storage module is configured is to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation. The interface module is configured to receive a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed. The cryptographic module is configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request. The chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests received by the interface module.) Detailed arrangements are shown in [0031].

Regarding claim 17, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker further teaches wherein the first set of predefined operations includes at least one the following operations:
reading the cryptographic key by a processing unit;
exporting the cryptographic key to an external device;
wrapping the cryptographic key;
unwrapping the cryptographic key.
([0031] The interface module 310 effectively controls operations involving the key storage module 320, the rule storage module 330 and the cryptographic module 340. Importantly, the interface module 310 provides indirect access to the key storage module 320, the rule storage module 330 and the cryptographic module 340 on the basis of rule execution requests 350 received by the interface module 310. In other words, the interface module 310 blocks direct external access (e.g. by a main CPU or GPP) to the key storage module 320, the rule storage module 330 and the cryptographic module 340. The cryptographic module 340 is not directly coupled to a general purpose bus (not shown) of the chip 300, but may only be accessed via the interface module 310. In one embodiment, neither keys K in the key storage module 320 nor rules R in the rule storage module 330 are directly accessible through physical memory-addresses. Instead, the rules are addressed by the rule identifiers Ri, and the keys are addressed by key identifiers (or “key tags”) Ki. Notably, since the key identifiers are used to identify the various keys, each key identifier is unique. Similarly, each rule identifier is unique. Since a rule execution request 350 includes a rule identifier to identify the rule to be executed, and since each rule is associated with both a respective predetermined cryptographic operation and at least one respective key, this places limitations on how the cryptographic module may be used, i.e. the chip 300 enforces regular (i.e. normal, expected, allowed, rule-based) usage of the cryptographic module 340. The architecture of the chip 300 defines specific ways in which the cryptographic module 340 is allowed to be used. Each rule defines a prescribed or allowed operation of the cryptographic module 340 and cryptographic keys. In other words, there are “positive constraints” stating what is allowed: the cryptographic module 340 may only be used as specified in the rules R stored in the rule storage module 300. This is in contrast to alternative implementations which might define ways in which the chip 300 or cryptographic module 340 is not allowed to be used (i.e. the use of “negative constraints” stating what is not allowed). The use of positive constraints makes the chip 300 much harder to attack since negative constraints may have unforeseen loopholes, whereas positive constraints explicitly define exactly what is allowed.)

Regarding claim 18, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker further teaches wherein the second set of predefined operations includes at least one of the following operations:
using the cryptographic key to generate another cryptographic key;
using the cryptographic key to wrap another cryptographic key;
using the cryptographic key to perform a predefined cryptographic function, wherein the cryptographic function includes encrypting and/or decrypting data with said cryptographic key.
([0033] The cryptographic module 340 is operatively coupled to the interface module 310 so as to be able to respond as necessary to rule execution requests 350 received by the interface module 310. The cryptographic module 340 is also operatively coupled to the key storage module 320 and the rule storage module 330 so as enable the cryptographic module 340 to select the appropriate cryptographic operation(s) X and the appropriate cryptographic key(s) K for use. Such operative couplings may be direct or indirect. The cryptographic module 340 is capable of performing at least one cryptographic operation X. A cryptographic operation generally involves transforming input data into output data by means of the cryptographic operation and a key. The cryptographic operation may involve one or more of encryption, decryption, cryptographic hashing, digital signature generation, digital signature verification, Message Authentication Code (MAC) generation, MAC verification, etc., where such cryptographic operations are well known to those skilled in the art. For example, the cryptographic module 340 may encrypt or decrypt the input data using one or more of the stored cryptographic keys K, thereby providing encrypted or decrypted output data. In one embodiment, the cryptographic module 340 is capable of performing a number of different cryptographic operations X. Alternatively, the cryptographic module 340 may only be capable of performing a single cryptographic operation X.)

Regarding claim 19, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker further teaches wherein the configurable properties are assigned to the cryptographic key when said cryptographic key is derived from a root key, and wherein said configurable properties are used to adjust derivation data used for deriving the cryptographic key from the root key. ([0039] In one embodiment, the chip 300 is configured to load a new key Knew into the first key storage submodule 321 by executing a key-derivation rule RKD of the one or more rules R. The key-derivation rule RKD is arranged to provide the new key Knew as output data from the respective predetermined cryptographic operation XRKD. Furthermore, the key-derivation rule RKD is arranged to store the output data (i.e. the new key Knew) in the first key storage module 321. The rule data for the key-derivation rule RKD should also provide a respective key identifier Knew for the new key.) In addition, detailed arrangements regarding key-derivation are shown in [0040].

Regarding claim 20, Dekker teaches all the features with respect to claim 19, as outlined above. Dekker further teaches wherein the cryptographic key is associated with at least one predefined state of the cryptographic processing system when said cryptographic key is derived from the root key. ([0003] the CSLK is supplied to the chip set 100 in encrypted form, and may only be decrypted using the CSUK of the chip set 100. The CSLK is used to securely load a CW into the chip set 100, as depicted in FIG. 1. In particular, the CW is supplied to the chip set 100 in encrypted form, and may only be decrypted using the CSLK of the chip set 100. Subsequently, the CW may be used to decrypt encrypted content supplied to the chip set 100.) Here “predefined state” is whether the key can be used for decrypting certain encrypted content.

Regarding claim 21, Dekker teaches all the features with respect to claim 20, as outlined above. Dekker further teaches wherein one or more operations performed using said cryptographic key fail if a current state of the cryptographic processing system does not correspond to said predefined state. ([0003] the CSLK is supplied to the chip set 100 in encrypted form, and may only be decrypted using the CSUK of the chip set 100. The CSLK is used to securely load a CW into the chip set 100, as depicted in FIG. 1. In particular, the CW is supplied to the chip set 100 in encrypted form, and may only be decrypted using the CSLK of the chip set 100. Subsequently, the CW may be used to decrypt encrypted content supplied to the chip set 100.) Here “predefined state” is whether the key can be used for decrypting certain encrypted content. Decryption fails if there is a mismatch.

Regarding claim 22, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker further teaches wherein the configurable properties are accessible to a secure processing unit of the cryptographic system. ([0031] The interface module 310 effectively controls operations involving the key storage module 320, the rule storage module 330 and the cryptographic module 340. Importantly, the interface module 310 provides indirect access to the key storage module 320, the rule storage module 330 and the cryptographic module 340 on the basis of rule execution requests 350 received by the interface module 310. In other words, the interface module 310 blocks direct external access (e.g. by a main CPU or GPP) to the key storage module 320, the rule storage module 330 and the cryptographic module 340. The cryptographic module 340 is not directly coupled to a general purpose bus (not shown) of the chip 300, but may only be accessed via the interface module 310. In one embodiment, neither keys K in the key storage module 320 nor rules R in the rule storage module 330 are directly accessible through physical memory-addresses. Instead, the rules are addressed by the rule identifiers Ri, and the keys are addressed by key identifiers (or “key tags”) Ki.) Detailed arrangements are shown in [0031-0032].

Regarding claim 23, Dekker teaches all the features with respect to claim 22, as outlined above. Dekker further teaches wherein the configurable properties are only readable by said secure processing unit. ([0031] The interface module 310 effectively controls operations involving the key storage module 320, the rule storage module 330 and the cryptographic module 340. Importantly, the interface module 310 provides indirect access to the key storage module 320, the rule storage module 330 and the cryptographic module 340 on the basis of rule execution requests 350 received by the interface module 310. In other words, the interface module 310 blocks direct external access (e.g. by a main CPU or GPP) to the key storage module 320, the rule storage module 330 and the cryptographic module 340. The cryptographic module 340 is not directly coupled to a general purpose bus (not shown) of the chip 300, but may only be accessed via the interface module 310. In one embodiment, neither keys K in the key storage module 320 nor rules R in the rule storage module 330 are directly accessible through physical memory-addresses. Instead, the rules are addressed by the rule identifiers Ri, and the keys are addressed by key identifiers (or “key tags”) Ki.) Detailed arrangements are shown in [0031-0032].

Regarding claim 24, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker further teaches wherein at least some of the configurable properties are mutually exclusive. ([0031] The architecture of the chip 300 defines specific ways in which the cryptographic module 340 is allowed to be used. Each rule defines a prescribed or allowed operation of the cryptographic module 340 and cryptographic keys. In other words, there are “positive constraints” stating what is allowed: the cryptographic module 340 may only be used as specified in the rules R stored in the rule storage module 300. This is in contrast to alternative implementations which might define ways in which the chip 300 or cryptographic module 340 is not allowed to be used (i.e. the use of “negative constraints” stating what is not allowed). The use of positive constraints makes the chip 300 much harder to attack since negative constraints may have unforeseen loopholes, whereas positive constraints explicitly define exactly what is allowed.) These “positive constraints” stating what is allowed may be mutually exclusive if it is desired.

Regarding claims 29-35, the scope of the claims are similar to that of claims 16-21, respectively. Accordingly, the claims are rejected using a similar rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 25-28 are rejected under 35 U.S.C. 103 as being unpatentable over Dekker (US 20170118018 A1) in view of Coric (US 20140211942 A1).

Regarding claim 25, Dekker teaches all the features with respect to claim 16, as outlined above. But Dekker does not teach wherein one or more operations performed on the cryptographic key or one or more operations performed using said cryptographic key are suspended or aborted if said operations are not permitted according to the configurable properties assigned to the cryptographic key. This aspect of the claim is identified as a difference.
However, Coric in an analogous art explicitly teaches 
wherein one or more operations performed on the cryptographic key or one or more operations performed using said cryptographic key are suspended or aborted if said operations are not permitted according to the configurable properties assigned to the cryptographic key. ([0047] In an embodiment, DK command 96 causes the derived key to be placed back into the original memory and/or register location from which the original key was retrieved, overwriting (replacing) the original key with the derived key. More specifically, referring to FIG. 3, DK command 96 retrieves a key from a memory location, processes the key to obtain a derived key, and places the derived key in one of registers 77 in CCB 85.) Here Coric discloses that cryptographic key could be suspended or aborted.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “performing cryptographic operations” concept of Dekker, and the “cryptographic key derivation” approach of Coric. One of ordinary skill in the art would have been motivated to perform such a modification to achieve data security and engage in secure operations. Data security and secure operations may be achieved in part by performing a variety of cryptographic operations on data objects. Data security and secure operations may be achieved in part by performing a variety of cryptographic operations on data objects. In addition, capability of overwriting/replacing original key with derived key and encrypting original “plaintext” keys into cipherkeys improves data security as well (Coric [0002, 0047, 0040]).

Regarding claim 26, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker in view of Coric further teaches wherein the cryptographic key is flushed if one or more operations are performed on the cryptographic key or one or more operations are performed using the cryptographic key which are not permitted according to the configurable properties assigned to the cryptographic key. ([Coric 0047] In an embodiment, DK command 96 causes the derived key to be placed back into the original memory and/or register location from which the original key was retrieved, overwriting (replacing) the original key with the derived key. More specifically, referring to FIG. 3, DK command 96 retrieves a key from a memory location, processes the key to obtain a derived key, and places the derived key in one of registers 77 in CCB 85.) Here Coric discloses that cryptographic key could be flushed.

Regarding claim 27, Dekker teaches all the features with respect to claim 16, as outlined above. Dekker in view of Coric further teaches wherein the cryptographic key is wrapped before said cryptographic key is transmitted to a non-secure component, in particular to a non-volatile memory, of the cryptographic processing system. ([Coric 0040] cryptographic processing module 30 also includes additional secure key processing circuitry to encrypt the original “plaintext” keys into cipherkeys prior to transmitting the keys to the unsecured remote storage location, and to decrypt the cipherkeys back into plaintext keys when the keys are brought back into cryptographic processing module 30 from an unsecured remote storage location for use in cryptographic processing module 30.)

Regarding claim 28, Dekker in view of Coric teaches all the features with respect to claim 27, as outlined above. The combination further teaches wherein the cryptographic key is unwrapped when said cryptographic key is retrieved from the non-secure component of the cryptographic processing system. ([Coric 0040] cryptographic processing module 30 also includes additional secure key processing circuitry to encrypt the original “plaintext” keys into cipherkeys prior to transmitting the keys to the unsecured remote storage location, and to decrypt the cipherkeys back into plaintext keys when the keys are brought back into cryptographic processing module 30 from an unsecured remote storage location for use in cryptographic processing module 30.)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 9647993 B2, "Multi-repository key storage and selection", by Gaspar Cuevas, teaches performing a cryptographic operation, comprising a client system and a server system; said server comprising a multi-repository manager, repositories of cryptographic keys, a processor and a memory; and said client comprising a processor and a memory; wherein said two memories store computer executable instructions that, when executed, cause the client and the server to perform a method comprising: the client sending a request of the cryptographic operation to the server; the multi-repository manager obtaining a set of references to cryptographic keys allowed to the request from the repositories of cryptographic keys; the multi-repository manager establishing a cryptographic key referenced in said set of references as the cryptographic key to be used; the multi-repository manager requesting performance of the cryptographic operation to the repository wherein the cryptographic key to be used is stored; the multi-repository manager obtaining the result of the cryptographic operation from the repository that has performed the cryptographic operation; and the server sending the result of the cryptographic operation to the client.
US 9058297 B2, "Device with privileged memory and applications thereof", by Ducharme, teaches a device including a key store memory, a rule set memory, a plurality of cryptographic clients, and a key store arbitration module. The key store memory stores a plurality of cryptographic keys and the rule set memory stores a set of rules for accessing the cryptographic keys. A cryptographic client is operable to issue a request to access a cryptographic key(s) and, when access to the cryptographic key is granted, execute a cryptographic function regarding at least a portion of the cryptographic key to produce a cryptographic result. The key store arbitration module is operable to determine whether the request to access the cryptographic key is valid; when the request is valid, interpret the request to produce an interpreted request; access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and grant access to the cryptographic key in accordance with the rule.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638.  The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HAN YANG/Examiner, Art Unit 2493