DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendments filed on July 7, 2022.
Claims 1, 13, 23 have been amended.
Claims 1-16, 22-25 are pending.

Response to Arguments
The rejections regarding 35 U.S.C. 102 and 103 have been withdrawn as the claims have been amended.
Applicant’s arguments with respect to claims 1-16, 22-25 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 10, 13-16, 23-25 are rejected under 35 U.S.C. 103 as being anticipated by Axnix et al. (U.S. Patent. No. 9,432,183 B1), hereinafter referred to as “Axnix”, and further in view of Dittrich (U.S. Pub. No. 2014/0201524 A1) hereinafter referred to as “Dittrich”.
Regarding Claim 1:
	Axnix discloses the following limitations:
	A computing apparatus, comprising: a memory; a memory encryption controller comprising circuitry to encrypt at least a region of the memory (Col. 1, lines 44-47, the computer systems each comprising one or more processing units and a memory (A computing apparatus, comprising: a memory) and at least one of the computer systems comprising at least one crypto unit (a memory encryption controller comprising circuitry to encrypt at least a region of the memory)). The system of Axnix teaches a computer system which contains a memory and a processor with a crypto unit, and this crypto unit is used to encrypt regions of memory (Abstract, the content of the memory is encrypted using a memory encryption key, the encrypting is by a crypto unit of the at least one of the processing units) and comprising circuitry as it is part of the system’s processors.
	and a network interface comprising circuitry to communicatively couple the computing apparatus to a remote host (Col. 3, lines 25-28, The computer systems 10, 12 further comprise at least one I/O adapter 24, 26 each to establish remote direct memory access 62 via memory addresses 30, 32 between the computer systems 10, 12 (and a network interface comprising circuitry to communicatively couple the computing apparatus to a remote host)). The system of Axnix couples two computing systems in order to perform remote direct memory access (RDMA) across a network using an I/O adapter which comprises circuitry (Fig. 2). 
	wherein the memory encryption controller circuitry is further to send an encrypted packet decryptable via an encryption key directly from the memory to the remote host via the network interface, bypassing a network protocol stack (Col. 10, lines 17-19, The hardware (HW) stores encrypted network traffic (wherein the memory encryption controller circuitry is further to send an encrypted packet decryptable via an encryption key) directly to the memory by using encrypted RDMA, as transmitted (directly from the memory to the remote host via the network interface, bypassing a network protocol stack)). The system of Axnix performs RDMA, which teaches sending data directly to the remote host while bypassing the network protocol stack according to the specification in Par. [0031], and this transmitted data is encrypted by the crypto unit, i.e. by the memory controller. 
	(taught by Dittrich below)

	Dittrich further discloses the following limitations not taught by Axnix:
	and further comprising instructions encoded within the memory to provide a multi-tenant environment (Par. [0044], System 100 may allow multiple users using various multi-tenant techniques). Dittrich teaches providing a multi-tenant environment for storing encrypted data in a data warehouse for cloud computing systems. 
	and to assign the encryption key exclusively to a tenant of the multi-tenant environment (Par. [0037], Par. [0044], Par. [0052], Par. [0036], private data store 108b is encrypted using the client specific private key). Dittrich further teaches that such multi-tenancy techniques assign a client specific encryption key for encrypting user data. In combination with the memory encryption of Axnix, this teaches the claimed limitation. 

	Axnix encrypts multiple memory regions for data transmission, but does not teach providing a multi-tenant environment. Dittrich however teaches that using multi-tenant techniques for storing encrypted data allows for multiple users of a system and additional user authentication for security (Par. [0039], Par. [0050], application server engine 120 authenticates the regular user by validating the credentials stored in public data store).
	Axnix and Dittrich are considered to be analogous art because they relate to storing/handling encrypted data. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix with the multi-tenant techniques of Dittrich in order to gain the benefit of operation of the system by multiple users along with user authentication.  

Regarding Claim 2:
	Axnix/Dittrich discloses Claim 1. 
	Axnix further discloses the following limitation:
	wherein the apparatus is further to receive an encrypted packet directly into the memory via the network interface, bypassing the network protocol stack (Col. 10, lines 17-19, The hardware (HW) stores encrypted network traffic directly to the memory by using encrypted RDMA, as transmitted). The system of Axnix teaches both transmitting and receiving encrypted data through RDMA using the same devices described, and this is done bypassing the network protocol stack as argued in Claim 1.

Regarding Claim 3:
	Axnix/Dittrich discloses Claim 1. 
	Axnix further discloses the following limitation:
	wherein the network interface is configured to put the encrypted packet directly to memory of the remote host via remote direct memory access (RDMA) (Col. 10, lines 17-19, The hardware (HW) stores encrypted network traffic directly to the memory by using encrypted RDMA, as transmitted). The storage in memory of Axnix is performed using RDMA. 

Regarding Claim 4:
	Axnix/Dittrich discloses Claim 1. 
	Axnix further discloses the following limitation:
	wherein the encryption key is a shared key between the apparatus and the remote host (Col. 7, lines 26-29, Next both OS negotiate their keys in step S202. Then the second OS (and the remote host) creates an empty memory area and puts the key to a segment table or a page table in step S204. Thus the key is set in FW/HW. Next in step S206, the memory area is made available to network communication by the second OS, whereas in step S208 the data are encrypted with the key by the first OS (wherein the encryption key is a shared key between the apparatus)). The system of Axnix teaches the two computer systems negotiating a key to store the data in the encrypted memory region, i.e. a shared key since the key is known to both the first and second system.  

Regarding Claim 5:
	Axnix/Dittrich discloses Claim 1. 
	Axnix further discloses the following limitation:
	wherein the apparatus is configured to perform a key exchange with the remote host to create a shared key (Col. 7, lines 26-29, Next both OS negotiate their keys (wherein the apparatus is configured to perform a key exchange with the remote host) in step S202. Then the second OS creates an empty memory area and puts the key to a segment table or a page table in step S204. Thus the key is set in FW/HW. Next in step S206, the memory area is made available to network communication by the second OS, whereas in step S208 the data are encrypted with the key (to create a shared key) by the first OS). Under the broadest reasonable interpretation, the key negotiation of Axnix teaches a key exchange, and this creates a shared key as this is shared between the first and second system of Axnix. 

Regarding Claim 6:
	Axnix/Dittrich discloses Claim 1. 
	Axnix further discloses the following limitation:
	wherein the memory encryption controller is configured to store the key (Col. 3, lines 29-32, The method comprises at least one computer system 10, 12 locally storing the respective network encryption keys 40 as memory encryption keys 42 (wherein the memory encryption controller is configured to store the key) for memory areas 65 used for the data exchange). Axnix teaches the storage of the key used for encryption. 

Regarding Claim 10:
	Axnix/Dittrich discloses Claim 1. 
	Axnix further discloses the following limitation:
	wherein the memory encryption controller is a hardware memory encryption controller (Abstract, crypto unit of the at least once of the processing units). The memory encryption of Axnix is performed by a processing unit with a crypto unit, i.e. hardware and thus a hardware memory encryption controller.

Regarding Claim 13:
	Axnix discloses the following limitations:
	A memory controller comprising: a first interface circuit to communicatively couple to and encrypt at least part of a memory according to an encryption key (Col. 1, lines 44-47, the computer systems each comprising one or more processing units and a memory and at least one of the computer systems comprising at least one crypto unit (A memory controller comprising: a first interface circuit to communicatively couple to and encrypt at least part of a memory); Abstract, the content of the memory is encrypted using a memory encryption key, the encrypting is by a crypto unit (encrypt at least part of a memory according to an encryption key)). This limitation was previously shown to be taught by Axnix in Claim 1 and the encryption is performed using a key. 
	a second interface circuit to communicatively couple to a network controller (Col. 3, lines 25-28, The computer systems 10, 12 further comprise at least one I/O adapter 24, 26 (to a network controller) each to establish remote direct memory access 62 (a second interface circuit to communicatively couple) via memory addresses 30, 32 between the computer systems 10, 12). Axnix teaches establishing RDMA with the network adapter, so the memory controller is considered to be communicatively coupled to a network controller under the broadest reasonable interpretation.
	and non-transitory instructions to encrypt a packet via a key (Col. 10, lines 17-19, The hardware (HW) stores encrypted network traffic (to send an encrypted packet directly from an encrypted portion of the memory to a remote host) directly to the memory by using encrypted RDMA, as transmitted (to the remote host via the network controller without an intermediate encryption)). The system of Axnix performs encrypted RDMA, which teaches sending data directly to the remote host without re-encryption, and this encrypted transmitted data is encrypted by the crypto unit, i.e. by the memory controller. These instructions are further considered to be non-transitory (Col. 11, lines 10-11, A computer readable storage medium, as used herein, is not to be construed as being transitory signals).

	Dittrich further discloses the following limitation not taught by Axnix:
	(encrypt a packet via a key) owned by a remote host in a multitenant environment (Par. [0037], Par. [0044], Par. [0052], Par. [0036], private data store 108b is encrypted using the client specific private key). Dittrich further teaches that such multi-tenancy techniques assign a client specific encryption key for encrypting user data. In combination with the memory encryption of Axnix, this teaches the claimed limitation. 

	Axnix encrypts multiple memory regions for data transmission, but does not teach providing a multi-tenant environment. Dittrich however teaches that using multi-tenant techniques for storing encrypted data allows for multiple users of a system and additional user authentication for security (Par. [0039], Par. [0050], application server engine 120 authenticates the regular user by validating the credentials stored in public data store).
	Axnix and Dittrich are considered to be analogous art because they relate to storing/handling encrypted data. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix with the multi-tenant techniques of Dittrich in order to gain the benefit of operation of the system by multiple users along with user authentication.  

Regarding Claim 14:
	Axnix/Dittrich discloses Claim 13. 
	Axnix further discloses the following limitation:
wherein the memory controller is further to receive an encrypted packet directly into the memory via the network controller without an intermediate encryption (Col. 10, lines 17-19, The hardware (HW) stores encrypted network traffic directly to the memory by using encrypted RDMA, as transmitted). The system of Axnix teaches both transmitting and receiving encrypted data through RDMA using the same devices described, and this is done without an intermediate encryption as argued in Claim 13.

Regarding Claim 15:
	Axnix/Dittrich discloses Claim 13. 
	Axnix further discloses the following limitation:
	wherein the memory controller is configured to instruct the network controller to put the encrypted packet directly to memory of the remote host via remote direct memory access (RDMA) (Col. 10, lines 17-19). This limitation was previous argued to be taught by Axnix in Claim 3.

Regarding Claim 16:
	Axnix/Dittrich discloses Claim 13. 
	Axnix further discloses the following limitation:
	wherein the encryption key is a shared key with the remote host (Col. 7, lines 26-29). This limitation was previous argued to be taught by Axnix in Claim 4.

Regarding Claim 23:
	Axnix discloses the following limitations:
	A method of providing encrypted communication, comprising: communicatively coupling to and encrypting at least part of a memory according to an encryption key (Col. 1, lines 44-47). This limitation was previous argued to be taught by Axnix in Claim 13.
	(taught by Dittrich below)
	communicatively coupling to a network controller (Col. 3, lines 25-28). This limitation was previous argued to be taught by Axnix in Claim 13.
	and sending an encrypted packet directly from an encrypted portion of the memory to a remote host via the network controller without an intermediate encryption (Col. 10, lines 17-19). This limitation was previous argued to be taught by Axnix in Claim 13.

	Dittrich further discloses the following limitation not taught by Axnix:
	(an encryption key) owned by a host within a multitenant environment (Par. [0037], Par. [0044], Par. [0052], Par. [0036], private data store 108b is encrypted using the client specific private key). Dittrich further teaches that such multi-tenancy techniques assign a client specific encryption key for encrypting user data. In combination with the memory encryption of Axnix, this teaches the claimed limitation. 

	Axnix encrypts multiple memory regions for data transmission, but does not teach providing a multi-tenant environment. Dittrich however teaches that using multi-tenant techniques for storing encrypted data allows for multiple users of a system and additional user authentication for security (Par. [0039], Par. [0050], application server engine 120 authenticates the regular user by validating the credentials stored in public data store).
	Axnix and Dittrich are considered to be analogous art because they relate to storing/handling encrypted data. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix with the multi-tenant techniques of Dittrich in order to gain the benefit of operation of the system by multiple users along with user authentication.  

Regarding Claim 24:
	Axnix/Dittrich discloses Claim 23. 
	Axnix further discloses the following limitation:
	further comprising receiving an encrypted packet directly into the memory via the network controller without an intermediate encryption (Col. 10, lines 17-19). This limitation was previous argued to be taught by Axnix in Claim 14.

Regarding Claim 25:
	Axnix/Dittrich discloses Claim 23. 
	Axnix further discloses the following limitation:
	further comprising instructing the network controller to put the encrypted packet directly to memory of the remote host via remote direct memory access (RDMA) (Col. 10, lines 17-19). This limitation was previous argued to be taught by Axnix in Claim 3.

Claims 7, 11, 12, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Axnix/Dittrich, and further in view of Kishinevsky et al. (U.S. Pub. No. 2016/0285892 A1), hereinafter referred to as “Kishinevsky”.
Regarding Claim 7:
	Axnix/Dittrich discloses Claim 1. 
	Kishinevsky discloses the following limitation not taught by Axnix/Dittrich:
	wherein the memory encryption controller is configured to provide the apparatus with a trusted execution environment (TEE) (Par. [0050], security processor 950 may be used in part to set up a TEE). References Axnix/Dittrich does not explicitly disclose a trusted execution environment. Reference Kishinevsky however teaches establishing a trusted execution environment for protecting a memory. Kishinevsky further teaches that such a system provides “strong security guarantees at minimal performance overheads” (Par. [0014]).

	Reference Axnix/Dittrich and Kishinevsky are considered to be analogous art because they both relate to the field of securing memory. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix/Dittrich with the trusted execution environment of Kishinevsky in order to gain the benefit of additional security. 

Regarding Claim 11:
	Axnix/Dittrich discloses Claim 1. 
 	Kishinevsky discloses the following limitation not taught by Axnix/Dittrich:
	wherein the memory encryption controller is a total memory encryption controller (Par. [0012], embodiments provide Total Memory Protection (TMP) techniques so that all information to be provided to a memory coupled to a main system processor such as a central processing unit (CPU), system-on-chip (SoC) or other multicore processor is protected by confidentiality, integrity checking and rollback protection mechanism). References Axnix/Dittrich does not explicitly disclose total memory encryption. Reference Kishinevsky however teaches a system for total memory protection, i.e. encryption (Abstract, a memory protection logic to encrypt data to be stored to a memory). Kishinevsky further teaches that such a system provides “strong security guarantees at minimal performance overheads” (Par. [0014]).

	Reference Axnix/Dittrich and Kishinevsky are considered to be analogous art because they both relate to the field of securing memory. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix/Dittrich with the total memory encryption of Kishinevsky in order to gain the benefit of additional security. 

Regarding Claim 12:
	Axnix/Dittrich discloses Claim 1. 
 	Axnix further discloses the following limitation:
	wherein the memory encryption controller is a multi-key (Col. 3, lines 29-32, The method comprises at least one computer system 10, 12 locally storing the respective network encryption keys 40 as memory encryption keys 42 for memory areas 65 used for the data exchange (wherein the memory encryption controller is a multi-key)). Axnix teaches using multiple keys to encrypt different areas of memory.

	Kishinevsky discloses the following limitation not taught by Axnix/Dittrich:
	total memory encryption controller (Par. [0012], embodiments provide Total Memory Protection (TMP) techniques so that all information to be provided to a memory coupled to a main system processor such as a central processing unit (CPU), system-on-chip (SoC) or other multicore processor is protected by confidentiality, integrity checking and rollback protection mechanism). References Axnix/Dittrich does not explicitly disclose total memory encryption, but does teach using multiple keys to encrypt memory. Reference Kishinevsky however teaches a system for total memory protection, i.e. encryption (Abstract, a memory protection logic to encrypt data to be stored to a memory). Kishinevsky further teaches that such a system provides “strong security guarantees at minimal performance overheads” (Par. [0014]).

	Reference Axnix/Dittrich and Kishinevsky are considered to be analogous art because they both relate to the field of securing memory. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix/Dittrich with the total memory encryption of Kishinevsky in order to gain the benefit of additional security through multi-key total memory encryption. 

Regarding Claim 22:
	Axnix/Dittrich discloses Claim 13. 
 	Kishinevsky discloses the following limitation not taught by Axnix/Dittrich:
	A system-on-a-chip (SoC) comprising the memory controller of claim 13 (Par. [0019], processor 100 is implemented as a multicore processor and may take the form of a system-on-chip (SoC) or other multicore processor). Reference Axnix/Dittrich does not disclose the computing system to be that of a system on a chip. Reference Kishinevsky however teaches that the processor responsible for encrypting memory, i.e. the memory controller, may take the form of a system-on-a-chip.

	Reference Axnix/Dittrich and Kishinevsky are considered to be analogous art because they both relate to the field of securing memory. Thus, all features were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the processor of Axnix/Dittrich with the system-on-a-chip of Kishinevsky in order to gain the predictable result of the applicant’s claimed invention. 

	Claims 8, 9 are rejected under 35 U.S.C. 103 as being unpatentable over Axnix/Dittrich, and further in view of Shimbo et al. (U.S. Patent No. 6,092,191), hereinafter referred to as “Shimbo”.
Regarding Claim 8:
	Axnix/Dittrich discloses Claim 1.
	Shimbo discloses the following limitation not taught by Axnix/Dittrich:
	wherein the memory encryption controller is configured to sign the encrypted packet (Col. 31, lines 17-20, the security gateway which encrypted the data rewrites a signature field in the data packet by its own signature information (such as a digital signature, for example)). Reference Axnix/Dittrich does not teach signing the encrypted packet. Reference Shimbo however teaches authenticating packets using a digital signature. Shimbo further teaches that this has the advantage of verifying the encryption status of a packet with additional security (Col. 31, lines 13-16, in order to maintain the safety of the data transfer, it is preferable to provide a measure against the alteration of the encryption bit in a course of data transfer).

	References Axnix/Dittrich and Shimbo are considered to be analogous art because they relate to encrypting packet transmissions. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the secure communication system of Axnix/Dittrich with the digital signature of Shimbo in order to gain the benefit of additional security by verifying the encryption status of the packet. 

Regarding Claim 9:
	Axnix/Dittrich discloses Claim 1.
	Shimbo discloses the following limitation not taught by Axnix/Dittrich:
	wherein the memory encryption controller is configured to instruct the network controller to send the encrypted packet using a plain-text transfer protocol (Col 28, lines 22-24, and the network interface 1605 are protocol modules (wherein the memory encryption controller is configured to instruct the network controller to send the encrypted packet) according to TCP/IP themselves (using a plain-text transfer protocol)). Reference Axnix/Dittrich does not specify a particular network protocol, and thus does not teach using a plain-text protocol. Reference Shimbo however teaches using TCP/IP as network protocols, which are plain-text by default.

	References Axnix/Dittrich and Shimbo are considered to be analogous art because they relate to encrypting packet transmissions. Thus, all features were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the network protocol of Axnix/Dittrich with the plain-text protocol used by Shimbo in order to gain the predictable result of the applicant’s claimed invention. 

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
Khosravi et al. (U.S. Pub. No. 2018/0095898 A1) – Includes methods related to multi-tenancy and total memory encryption which relate to the newly amended features  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431