DETAILED ACTION
This is a non-final Office action in response to communications received on 12/26/2020.  Claims 1-20 are pending and are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
The drawings filed 12/26/2020 are acknowledged.
Foreign Priority or Provisional
No foreign or provisional priority is acknowledged.  

Claim Objections
Claims 1, 10 and 19 are objected to the following informalities: the following is informal claim language that should be replaced/removed: “operand’s usage”.  Appropriate correction is required.
Claims 11-18 are objected to for the following informalities: the claims refer to the “method of claim 10” when claim 10 is an apparatus claim.  Did Applicant intend for claim 10 to be a method claim or are claims 11-18 mistaken?  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 10-18 are rejected under 35 U.S.C. 101 as not falling within one of the four statutory categories of invention because the claimed invention is directed to software per se.  
Under 35 U.S.C. 101, a claimed invention must fall within one of the four eligible categories of invention (i.e. process, machine, manufacture, or composition of matter) and must not be directed to subject matter encompassing a judicially recognized exception as interpreted by the courts.  MPEP § 2106.  The four eligible categories of invention include: (1) process which is an act, or a series of acts or steps, (2) machine which is an concrete thing, consisting of parts, or of certain devices and combination of devices, (3) manufacture which is an article produced from raw or prepared materials by giving to these materials new forms, qualities, properties, or combinations, whether by hand labor or by machinery, and (4) composition of matter which is all compositions of two or more substances and all composite articles, whether they be the results of chemical union, or of mechanical mixture, or whether they be gases, fluids, powders or solids. MPEP 2106(I).
Claim 10 is directed to an apparatus.  Although the claim mentions execution circuitry, it does not disclose that the apparatus actually comprises the execution circuitry.  In addition, it is  unclear if claim 10 was meant to be a method claim since the claims which depend upon claim 10 refer to it as a method claim.  The specification does not limit “apparatus” to hardware.  Consequently, the elements of claim 10 are interpreted as coding/or software and fail to recite any physical device or machine, therefore claim 10 fails to recite any physical device or machine.  
Dependent claims 10-18 fail to remedy the deficiencies of claim 10 and therefore are similarly rejected.  
Claims 19-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 19 recites a “machine-readable medium”.  Although Applicant’s Specification discloses that machine-readable storage media may include non-transitory media, the Specification does not explicitly limit machine-readable medium to non-transitory.  Pending claims are interpreted as broadly as their claims reasonably allow.  See In re Zletz, 893 F.2d 319 (Fed. Cir. 1989).  The broadest reasonable interpretation of a claim drawn to a recording medium (also called machine readable media and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of recording medium, particularly when the specification is silent (See MPEP 2111.01).  When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. §1 01 as covering non-statutory subject matter.  See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter) and Interim Examination Instructions for Evaluating Subject Matter Eligibility under 35 U.S.C. § 101, Aug. 24, 2009; p. 2.
A claim drawn to such a recording medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation "non-transitory" to the claim. Cf Animals - Patentability, 1077 Off. Gaz. Pat. Office 24 (April 21, 1987).  Claim 20 inherits the deficiencies of claim 19 and is therefore similarly rejected as covering non-statutory subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gopal (US 2017/0093567) in view of Brandt (US 2017/0063547).
	Regarding claim 1, Gopal discloses the limitations substantially as follows:
An apparatus comprising: 
decoder circuitry to decode a single instruction to generate a decoded instruction (see paras. [0030], [0055], Figs. 1, 2: instruction decoder for decoding instructions), the decoded instruction including 1) one or more fields to identify a first destination operand, 2) one or more fields to identify a second destination operand (see paras. [0025], [0030], [0032], [0052]: instructions include fields with source destination operands), the second destination operand is to either store an output data structure having decrypted data after execution of the instruction, or a location to store an data structure having decrypted data after execution of the instruction (paras. [0025], [0068], [0071]-[0072]: destination operands store handle (i.e. output data structure having decrypted data after the instruction is executed), 3) one or more fields to identify a source operand, an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process (paras. [0024]-[0025], [0030], [0068], [0071]-[0072]: fields identify a source operand, a handle (i.e. input data structure) is used to decrypt information), and 4) one more fields for an opcode, the opcode to indicate that execution circuitry is to at least encrypt secret information from the input data structure with a physical unclonable function (PUF) generated encryption key, bind the wrapped secret information to a target, update the input data structure (paras. [0030], [0032], [0044], [0045], [0050], [0062], [0065]: one or more fields for an opcode indicating to encrypt the data in the handle (i.e. encrypting the secret information from the input data structure) with a processor key (PK) generated from a PUF array (i.e. PUF generated encryption key) making the encrypted data unique to the processor and the processor key (i.e. binding the wrapped secret information to the processor/target and generating new/updated handle (i.e. new input data structure)), generate a MAC over the updated data structure, store the MAC in the input data structure to generate a wrapped output data structure, store the wrapped output data structure having the encrypted secret information and an indication of the target according to the second destination operand's usage for the instruction (paras. [0028], [0037], [0045]: generating a MAC or authentication tag for the new/updated handle and storing/including the MAC or authentication tag in the handle (i.e. generating a wrapped output data structure), storing the handle comprising encrypted data and the MAC or authentication tag (i.e. wrapped output data structure with encrypted secret information) which is uniquely tied to the processor key of the processor (i.e. indicating the target) according to the handle stored in the destination operand for the instruction); and 
execution circuitry to execute the decoded instruction according to the opcode (see paras. [0030], [0050], [0055], Figs. 1, 2: executing instructions according to the opcode).
Gopal does not explicitly teach the remaining limitations of claim 1 as follows:
wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process
Sinha does not explicitly disclose the limitations of claim 1 as follows:
wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process (paras. [0022]-[0023], [0030], [0035]-[0036], [0060]: identifying a source operand (i.e. second source operand) for storing a location of an key source register/local key register value to hold a key for encrypting and decrypting (i.e. to be used in a decryption process)
Brandt is combinable with Gopal because both are from the same field of endeavor of issuing digital certificates and performing attestation.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Brandt’s method of identifying source operands for storing and moving a key with the system of Gopal in order to enable the key to be stored and accessed separately from a second guest key and moved from one register to another “without the content of either register being accessible to software” (Brandt, para. [0032]).  

	Regarding claims 2 and 11, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Gopal discloses the limitations of claims 2 and 11 as follows:
wherein the output data structure is to include an identifier of a target (paras. [0016], [0024]-[0025]: the handle (i.e. output data structure) identifies the processor by being processor-specific and comprises the unique input key (i.e. includes identifiers of target processor).

	Regarding claims 3 and 12, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Gopal discloses the limitations of claims 3 and 12 as follows:
wherein the target is one of a platform and processor configuration, or an encryption engine (paras. [0016], [0024]-[0025]: target is processor which performs encryption).

	Regarding claims 4, 13 and 20, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10 and the machine-readable medium of claim 19.
Gopal discloses the limitations of claims 4, 13 and 20 as follows:
wherein the operands are registers (paras. [0024]-[0025], [0048]-[0050]: source and destination registers are implicit operands).

	Regarding claims 5 and 14, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Gopal discloses the limitations of claims 5 and 14 as follows:
wherein the output data structure includes a field for a seed for generating an initialization vector to be used for authenticated decryption (paras. [0027]-[0028], [0052], [0069]: where the handle comprises a seed from the initialization vector which is used for authenticating the handle and decrypting the information).

	Regarding claims 6 and 15, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Gopal discloses the limitations of claims 6 and 15 as follows:
wherein the input data structure is to include a field to identify a challenge used by the PUF to generate the key (paras. [0025], [0028], [0037]: where the handle comprises MAC, authentication tag (i.e. challenges) used by the PUF/PK to generate the handle).

	Regarding claims 7 and 16, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Gopal discloses the limitations of claims 7 and 16 as follows:
wherein one of the first destination operand is to store an operational status indicating one of success, failure, or entropy error (paras. [0069]: status is one of success if handle is authenticated, failure if handle is not authenticated or error).

	Regarding claims 8 and 17, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Brandt and Gopal disclose the limitations of claims 8 and 17 as follows:
wherein the execution circuitry is to clear a zero flag (ZF) when the secret information is encrypted successfully (Gopal, paras. [0069]-[0072]: clearing the registers when the operation comprising encryption and decryption of the data is successfully completed and not clearing otherwise), and the execution circuitry is to set the ZF to one otherwise(Brandt, paras. [0013], [0052]: clearing the zero logical value/flag or setting the logical value/flag to one otherwise).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Brandt’s method of clearing the zero value when the registers are cleared and setting the logical value to one when the registers are not cleared with the system of Brandt in order to enable the system to easily determine the outcome of the operation by checking to see whether the zero flag is set to 0 or 1.

	Regarding claims 9 and 18, Gopal and Brandt disclose the limitations of the apparatus of claim 1 and the apparatus of claim 10.
Gopal discloses the limitations of claims 9 and 18 as follows:
wherein the instruction is associated with a most-privileged protection level (paras. [0033], [0036], [0046]: access to the PK for decoding instructions is associated with a cryptographic security engine or only other privileged hardware agents/entities).

	Regarding claim 10, Gopal discloses the limitations substantially as follows:
An apparatus comprising: 
decoding a single instruction to generate a decoded instruction (see paras. [0030], [0055], Figs. 1, 2: instruction decoder for decoding instructions), the decoded instruction including 1) one or more fields to identify a first destination operand, 2) one or more fields to identify a second destination operand(see paras. [0025], [0030], [0032], [0052]: instructions include fields with source destination operands), the second destination operand is to either store an output data structure having decrypted data after execution of the instruction, or a location to store an data structure having decrypted data after execution of the instruction (paras. [0025], [0068], [0071]-[0072]: destination operands store handle (i.e. output data structure having decrypted data after the instruction is executed), 3) one or more fields to identify a source operand, an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process (paras. [0024]-[0025], [0030], [0068], [0071]-[0072]: fields identify a source operand, a handle (i.e. input data structure) is used to decrypt information), and 4) one more fields for an opcode, the opcode to indicate that execution circuitry is to at least encrypt secret information from the input data structure with a physical unclonable function (PUF) generated encryption key, bind the wrapped secret information to a target, update the input data structure (paras. [0030], [0032], [0044], [0045], [0050], [0062], [0065]: one or more fields for an opcode indicating to encrypt the data in the handle (i.e. encrypting the secret information from the input data structure) with a processor key (PK) generated from a PUF array (i.e. PUF generated encryption key) making the encrypted data unique to the processor and the processor key (i.e. binding the wrapped secret information to the processor/target and generating new/updated handle (i.e. new input data structure)), generate a MAC over the updated data structure, store the MAC in the input data structure to generate a wrapped output data structure, store the wrapped output data structure having the encrypted secret information and an indication of the target according to the second destination operand's usage for the instruction (paras. [0028], [0037], [0045]: generating a MAC or authentication tag for the new/updated handle and storing/including the MAC or authentication tag in the handle (i.e. generating a wrapped output data structure), storing the handle comprising encrypted data and the MAC or authentication tag (i.e. wrapped output data structure with encrypted secret information) which is uniquely tied to the processor key of the processor (i.e. indicating the target) according to the handle stored in the destination operand for the instruction); and 
executing the decoded instruction according to the opcode (see paras. [0030], [0050], [0055], Figs. 1, 2: executing instructions according to the opcode.
Gopal does not explicitly teach the remaining limitations of claim 10 as follows:
wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process
Sinha does not explicitly disclose the limitations of claim 10 as follows:
wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process (paras. [0022]-[0023], [0030], [0035]-[0036], [0060]: identifying a source operand (i.e. second source operand) for storing a location of an key source register/local key register value to hold a key for encrypting and decrypting (i.e. to be used in a decryption process)
Brandt is combinable with Gopal because both are from the same field of endeavor of issuing digital certificates and performing attestation.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Brandt’s method of identifying source operands for storing and moving a key with the system of Gopal in order to enable the key to be stored and accessed separately from a second guest key and moved from one register to another “without the content of either register being accessible to software” (Brandt, para. [0032]).  

	Regarding claim 19, Gopal discloses the limitations substantially as follows:
A machine-readable medium storing an instance of a single instruction that, when processed by one or more processors, is cause the one or more processors to: 
decode the instance of the single instruction to generate a decoded instruction (see paras. [0030], [0055], Figs. 1, 2: instruction decoder for decoding instructions), the decoded instruction including 1) one or more fields to identify a first destination operand, 2) one or more fields to identify a second destination operand(see paras. [0025], [0030], [0032], [0052]: instructions include fields with source destination operands), the second destination operand is to either store an output data structure having decrypted data after execution of the instruction, or a location to store an data structure having decrypted data after execution of the instruction (paras. [0025], [0068], [0071]-[0072]: destination operands store handle (i.e. output data structure having decrypted data after the instruction is executed), 3) one or more fields to identify a source operand, input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process (paras. [0024]-[0025], [0030], [0068], [0071]-[0072]: fields identify a source operand, a handle (i.e. input data structure) is used to decrypt information), and 4) one more fields for an opcode, the opcode to indicate that execution circuitry is to at least encrypt secret information from the input data structure with a physical unclonable function (PUF) generated encryption key, bind the wrapped secret information to a target, update the input data structure (paras. [0030], [0032], [0044], [0045], [0050], [0062], [0065]: one or more fields for an opcode indicating to encrypt the data in the handle (i.e. encrypting the secret information from the input data structure) with a processor key (PK) generated from a PUF array (i.e. PUF generated encryption key) making the encrypted data unique to the processor and the processor key (i.e. binding the wrapped secret information to the processor/target and generating new/updated handle (i.e. new input data structure)), generate a MAC over the updated data structure, store the MAC in the input data structure to generate a wrapped output data structure, store the wrapped output data structure having the encrypted secret information and an indication of the target according to the second destination operand's usage for the instruction(paras. [0028], [0037], [0045]: generating a MAC or authentication tag for the new/updated handle and storing/including the MAC or authentication tag in the handle (i.e. generating a wrapped output data structure), storing the handle comprising encrypted data and the MAC or authentication tag (i.e. wrapped output data structure with encrypted secret information) which is uniquely tied to the processor key of the processor (i.e. indicating the target) according to the handle stored in the destination operand for the instruction); and 
execute the decoded instruction according to the opcode (see paras. [0030], [0050], [0055], Figs. 1, 2: executing instructions according to the opcode).
Gopal does not explicitly teach the remaining limitations of claim 19 as follows:
wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process
Sinha does not explicitly disclose the limitations of claim 19 as follows:
wherein the source operand is to either store an input data structure to be used in an decryption process or a location of an input data structure to be used in an decryption process (paras. [0022]-[0023], [0030], [0035]-[0036], [0060]: identifying a source operand (i.e. second source operand) for storing a location of an key source register/local key register value to hold a key for encrypting and decrypting (i.e. to be used in a decryption process)
Brandt is combinable with Gopal because both are from the same field of endeavor of issuing digital certificates and performing attestation.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Brandt’s method of identifying source operands for storing and moving a key with the system of Gopal in order to enable the key to be stored and accessed separately from a second guest key and moved from one register to another “without the content of either register being accessible to software” (Brandt, para. [0032]).  


Prior Art Not Considered But Relied Upon
Prior art considered but not relied upon includes:
	1) Ghosh (US 2018/026813) discloses a method for thwarting an adversary from performing frequency analysis to decipher instructions by including a unique combination of opcode and operands.

Conclusion
For the above-stated reasons, claims 1-20 are rejected.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571) 272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438