DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on December 15, 2020, is accepted. 
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on December 15, 2020, are accepted. 

Specification
The specification, filed on December 15, 2020, is accepted. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. The claims recite preforming a data transfer operation between a host and a I/O device using a security key with a security engine. This judicial exception is not integrated into a practical application because the claim does not explicitly express that the data is being encrypted with the security key during the data transfer operation. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because they express how the security key is being stored and does not mention limitation about encrypting the data for secure transferring.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 2, 11, and 18 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated over US 8972733 B1 to Wu et al., (hereinafter, “Wu”).
As per claim 1, Wu teaches a method for managing security keys for an input/output (1/O) device, the method comprising: loading a first security key from a primary memory to a security engine; [Wu, col. 7 lines 22 – 33 discloses the key component 120 operative to retrieve a first symmetric encryption key 130 from a key store 375. While in some embodiments, the symmetric encryption key 130 may be generated by key component 120, in other embodiments the symmetric encryption key 130 may have been previously generated and stored in key store 375 for later retrieval. For instance, symmetric encryption key 130 may have been established during a previous communication between device 190 and application 110, symmetric encryption key 130 cached in key store 375 for use in encrypting the current communication.] performing a first data transfer operation between a host and the 1/O device using the first security key with the security engine; [Wu, col. 7 lines 38 – 52 discloses the application 110 may comprise the message component 150 operative to construct the message 145 comprising the data section 147, the data section 147 encrypted using the first symmetric encryption key 130. As device 190 already has knowledge of symmetric encryption key 130, this embodiment does not rely on a key section 149 for transmitting the symmetric encryption key 130, and as such does not rely on asymmetric encryption key 140. As symmetric encryption key 130 may have been previously established for use in a future communication, wherein the transmission of data 105 comprises that future communication, the encryption of data section 147 with symmetric encryption key 130 may comprise the first use of symmetric encryption key 130 by either application 110 or device 190 for encrypting communication between the two.], loading a second security key from a secondary memory to the security engine; [Wu, col. 7 lines 56 57  to col. 8 lines 1 – 8 discloses The network component 170 may be operative to receive a response 245 to the message, the response comprising the second symmetric encryption key 340. The second symmetric encryption key 340 may have been generated by device 190 for use in a future communication between application 110 and device 190. The second symmetric encryption key 130 may be generated by device 190 using any of the known techniques for generating an encryption key, such as may be appropriate for the particular encryption scheme used for communication between device 190 and application 110.] and performing a second data transfer operation between the host and the 1/O device using the second security key with the security engine. [Wu, col. 13 lines 53 – 63 discloses the reception component 770 may be operative to receive a second priming message from the client 710, the second priming message encrypted according to the second symmetric encryption key 340. Similarly, the reception component 770 may be operative to receive a second request message from the client 710, the second request message encrypted according to the second symmetric encryption key 340. The reception component 770 may be operative to respond to the second priming message and second request message with a second response encrypted using the second symmetric encryption key 340.]

As per claim 2, Wu teaches the method of claim 1, wherein loading the second security key from the secondary memory comprises: transferring the second security key to the primary memory; [Wu, col. 15 lines 54 – 64 discloses the application status component 920 may be operative to determine that the application 110 has entered an active-use state. In response to this determination, the key component 120 may be operative to determine that the first symmetric encryption key 130 has expired based on a validity period associated with the first symmetric encryption key 130. In response to this determination of the key component 120, the network component 170 may be operative to request the second symmetric encryption key 340 from the device 190 and to receive the second symmetric encryption key 340 from the device.] and loading the second security key from the primary memory to the security engine. [Wu, col. 15 lines 64 – 67 to col. 16 lines 1 – 6 discloses Once the second symmetric encryption key 340 is received by the network component 170, the key component 120 may be operative to store the second symmetric encryption key 340 in the key store 375. It will be appreciated, in general, that requesting an encryption key, such as the second symmetric encryption key 340, from device 190 may not correspond to requesting a specific encryption key, but instead merely requesting a new encryption key which may be generated on demand, this newly generated key comprising the requested-for second symmetric encryption key 340.]

As per claim 11, Wu teaches a controller for an input/output (1/O) device, the controller comprising: a data path configured to transfer data between a host and the 1/O device; a security engine configured to perform a security operation on data transferred through the data path; [Wu, col. 3 lines 6 – 21 discloses with the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) used as part of the Hypertext Transfer Protocol Secure (HTTPS) for transmitting secure Hypertext Markup Language (HTML) pages, a four-message handshake is performed: the client transmits to the server a "hello" message, the server responds with a certificate containing the server's public asymmetric encryption key, the client uses the public asymmetric encryption key to encrypt a secret symmetric encryption key and transmit it to the server, and the server responds by acknowledging the receipt of the symmetric encryption key. With that four-step process complete, a secure channel is created, a request for a web page may be transmitted from the client to the server, and the server may respond with the web page, the request and the responding web page encrypted using the established secret symmetric encryption key.] and a key loader configured to: load a first security key from a primary memory to the security engine for a first data transfer operation through the data path using the first security key with the security engine; [Wu, col. 7 lines 22 – 33 discloses the key component 120 operative to retrieve a first symmetric encryption key 130 from a key store 375. While in some embodiments, the symmetric encryption key 130 may be generated by key component 120, in other embodiments the symmetric encryption key 130 may have been previously generated and stored in key store 375 for later retrieval. For instance, symmetric encryption key 130 may have been established during a previous communication between device 190 and application 110, symmetric encryption key 130 cached in key store 375 for use in encrypting the current communication.] and load a second security key from a secondary memory to the security engine for a second data transfer operation through the data path using the second security key with the security engine. [Wu, col. 7 lines 56 57  to col. 8 lines 1 – 8 discloses the network component 170 may be operative to receive a response 245 to the message, the response comprising the second symmetric encryption key 340. The second symmetric encryption key 340 may have been generated by device 190 for use in a future communication between application 110 and device 190. The second symmetric encryption key 130 may be generated by device 190 using any of the known techniques for generating an encryption key, such as may be appropriate for the particular encryption scheme used for communication between device 190 and application 110.]

As per claim 18, Wu teaches the controller of claim 11, wherein the data path, security engine, key loader, and primary memory are fabricated on an integrated circuit, and the secondary memory is external to the integrated circuit. [Wu, col. 2 lines 30 – 41 discloses secure communication between two devices relies on one or more keys, typically one or more numbers, which are used as one or more variables in the mathematical transformations which are used to obscure the information being transferred between devices. In symmetric encryption schemes the same key is used to both encrypt and decrypt the communication. The key is a secret which will be shared between devices in order for them to communicate. Any party which knows the key will be able to decrypt the communication and able to encrypt counterfeit communication and as such letting the key become known by an untrusted party comprises the security of the communication. Col. 21 lines 58 – 67 to col. 22 lines 1 – 12 discloses The device 1220 may execute processing operations or logic for the encryption system 100 using a processing component 1230. The processing component 1230 may comprise various hardware elements, software elements, or a combination of both. Examples of hardware elements may include devices, logic devices, components, processors, microprocessors, circuits, processor circuits, circuit elements (e.g., transistors, resistors, capacitors, inductors, and so forth), integrated circuits, application specific integrated circuits (ASIC), programmable logic devices (PLD), digital signal processors (DSP), field programmable gate array (FPGA), memory units, logic gates, registers, semiconductor device, chips, microchips, chip sets, and so forth. Examples of software elements may include software components, programs, applications, computer programs, application programs, system programs, software development programs, machine programs, operating system software, middleware, firmware, software modules, routines, subroutines, functions, methods, procedures, software interfaces, application program interfaces (API), instruction sets, computing code, computer code, code segments, computer code segments, words, values, symbols, or any combination thereof.]

As per claim 19, Wu teaches a system comprising: a host; an input/output (1/O) device; a security engine coupled between the host and the 1/O device; a primary memory; a secondary memory; and a key loader [Wu, col. 4 lines 50 – 57 discloses In one embodiment, the encryption system 100 may comprise a computer-implemented encryption system 100 having a software application 110 comprising one or more components. Although the encryption system 100 shown in FIG. 1 has a limited number of elements in a certain topology, it may be appreciated that the encryption system 100 may include more or less elements in alternate topologies as desired for a given implementation.] configured to: store a first security key in the primary memory based on a policy; [Wu, col. 14 lines 66 – 67 to col. 15 lines 1 – 8 discloses The network component 150 may be operative to receive the first symmetric encryption key 130 from the device 190, wherein the first symmetric encryption key 130 may have been generated by the device 190 in response to its reception of the key request 905. In response to the network component 150 receiving the first symmetric encryption key 130, the key component 120 may be operative to store the first symmetric encryption key 130 in a key store 375 for use the next time the application 110 enters the active-use state.] store a second security key in the secondary memory based on the policy; [Wu, col. 16 lines 52 – 58 discloses the network component 170 may be operative to request the second symmetric encryption key 340 from the device 190 and to receive the second symmetric encryption key 340 from the device. Once the second symmetric encryption key 340 is received by the network component 170, the key component 120 may be operative to store the second symmetric encryption key 340 in the key store 375.] load the first security key from the primary memory to the security engine for a first data transfer operation between the host and the 1/O device using the first security key; [Wu, col. 7 lines 22 – 33 discloses the key component 120 operative to retrieve a first symmetric encryption key 130 from a key store 375. While in some embodiments, the symmetric encryption key 130 may be generated by key component 120, in other embodiments the symmetric encryption key 130 may have been previously generated and stored in key store 375 for later retrieval. For instance, symmetric encryption key 130 may have been established during a previous communication between device 190 and application 110, symmetric encryption key 130 cached in key store 375 for use in encrypting the current communication.] and load the second security key from the secondary memory to the security engine for a second data transfer operation between the host and the 1/O device using the second security key. [Wu, col. 7 lines 56 57  to col. 8 lines 1 – 8 discloses the network component 170 may be operative to receive a response 245 to the message, the response comprising the second symmetric encryption key 340. The second symmetric encryption key 340 may have been generated by device 190 for use in a future communication between application 110 and device 190. The second symmetric encryption key 130 may be generated by device 190 using any of the known techniques for generating an encryption key, such as may be appropriate for the particular encryption scheme used for communication between device 190 and application 110.]

As per claim 20, Wu teaches the system of claim 19, further comprising a second security engine coupled between the key loader and the secondary memory. [Wu, col. 4 lines 54 – 61 discloses the application 110 may comprise a key component 120 operative to generate and manage keys on behalf of the application 110. The key component 120 may be operative to generate a symmetric encryption key 130. The symmetric encryption key 130 may correspond to an encryption key for a particular encryption scheme, the symmetric encryption key 130 generated according to a predefined procedure for generating encryption keys for that particular encryption scheme. Col. 5 lines 7 – 15 discloses The application 110 may comprise a message component 150, the message component operative to construct a message 145, the constructed message 145 comprising a key section 149 and a data section 147, the key section 149 encrypted using an asymmetric encryption key 140 and comprising the symmetric encryption key 130, the data section encrypted using the symmetric encryption key 130 and comprising the data 105.]

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 – 6, 10, and 12 – 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 8972733 B1 to Wu et al., (hereinafter, “Wu”) in view of in view of US 9438421 B1 to Roth et al., (hereinafter, “Roth”).
Regarding claim 3, Wu teaches the method of claim 1, but Wu does not teach further comprising storing the first security key in the primary memory based on a frequency of use of the first security key.
However, Roth does teach further comprising [storing] selecting the first security key in the primary memory based on a frequency of use of the first security key. [Roth, col. 4 lines 9 – 21 discloses The particular key determined to perform the actual cryptographic operation for the logical key may be determined according to a variety of methods, including, but not limited to, a random or other stochastic selection scheme, round-robin selection scheme, weighted round-robin selection scheme, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection scheme based on the usage amount or rate of particular physical keys.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]
	Roth does not explicitly teach “storing the first security key based on frequency of use”, however it would have been obvious to one of ordinary skill in the art before the effective filling date to modify Wu in view of Roth to include "storing the first security key based on frequency of use" because, as seen above, Roth teaches selecting keys based on frequency of use and therefore storing the keys in that order yields the expected result of loading the most frequently used key in a faster manner.

Regarding claim 4, modified Wu teaches the method of claim 3, but Wu does not teach wherein the frequency of use of the first security key is determined by a pattern of transfers between the host and the 1/O device.
However, Roth does teach wherein the frequency of use of the first security key is determined by a pattern of transfers between the host and the 1/O device. [Roth, col. 6 lines 49 – 58 discloses A particular physical key of the logical key 104A may be selected according to various criteria, including, but not limited to, random selection or other stochastic selection, round-robin selection, weighted round-robin, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection based on the usage amount or rate of particular physical keys. Col. 7 lines 4 – 14 discloses it may be desirable to ensure that cryptographic keys are changed frequently by attaching a limit to the number of encryption operations may be performed with a given key. For example, if a key is limited for use in, at most, four billion cryptographic operations, then at 1,000 transactions per second, the key will expire in approximately 46 days. However, at a rate of 50,000 transactions per second or more, the key will expire in less than 23 hours and a key rotation process that runs once per day will not be triggered to run until many transactions after the key should have been rotated.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]

Regarding claim 5, Wu teaches the method of claim 1, but Wu does not teach further comprising storing the first security key in the primary memory based on a predicted use of the first security key.
However, Roth does teach further comprising [storing] selecting the first security key in the primary memory based on a predicted use of the first security key. [Roth, col. 4 lines 9 – 21 discloses The particular key determined to perform the actual cryptographic operation for the logical key may be determined according to a variety of methods, including, but not limited to, a random or other stochastic selection scheme, round-robin selection scheme, weighted round-robin selection scheme, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection scheme based on the usage amount or rate of particular physical keys.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]
	Roth does not explicitly teach “storing the first security key based on predicted use”, however it would have been obvious to one of ordinary skill in the art before the effective filling date to modify Wu in view of Roth to include "storing the first security key based on frequency of use" because, as seen above, Roth teaches selecting keys based on predicted use and therefore storing the keys in that order yields the expected result of loading the predicted key in a faster manner.

Regarding claim 6, modified Wu teaches the method of claim 3, but Wu does not teach wherein the predicted use of the first security key is based on a pattern of sequential accesses.
However, Roth does teach wherein the predicted use of the first security key is based on a pattern of sequential accesses. [Roth, col. 6 lines 49 – 58 discloses A particular physical key of the logical key 104A may be selected according to various criteria, including, but not limited to, random selection or other stochastic selection, round-robin selection, weighted round-robin, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection based on the usage amount or rate of particular physical keys. Col. 7 lines 4 – 14 discloses it may be desirable to ensure that cryptographic keys are changed frequently by attaching a limit to the number of encryption operations may be performed with a given key. For example, if a key is limited for use in, at most, four billion cryptographic operations, then at 1,000 transactions per second, the key will expire in approximately 46 days. However, at a rate of 50,000 transactions per second or more, the key will expire in less than 23 hours and a key rotation process that runs once per day will not be triggered to run until many transactions after the key should have been rotated.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]

Regarding claim 10, modified Wu teaches the method of claim 1, but Wu does not teach further comprising evicting the first security key from the primary memory based on a policy.
	However, Roth does teach further comprising evicting the first security key from the primary memory based on a policy. [Roth, col. 4 lines 46 – 66 discloses Deprovisioning a cryptographic key, in some embodiments, may involve disabling the physical key from being used for certain subsets of cryptographic operations, such as encryption operations, while still allowing the physical key to perform certain other subsets of cryptographic operations, such as decryption operations. In this manner, ciphertext encrypted with a particular physical key may still be decrypted even after the physical key has been deprovisioned and rotated. In some cases, deprovisioning the physical key may prevent its use for all cryptographic operations, and in some of these cases, deprovisioning the physical key may include removing the physical key from association with the logical key and, in some examples, deleting (e.g., by overwriting) the physical key from memory to render the physical key unrecoverable. In some embodiments, deprovisioning a physical key renders the physical key unusable for one type of cryptographic operation (e.g., encryption) but still usable for another type of cryptographic operation (e.g., decryption) so that, for instance, the physical key is usable to decrypt ciphertexts produced under the physical key, but unusable to produce additional ciphertexts.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]

Regarding claim 12, Wu teaches the controller of claim 11, but Wu does not teach wherein: the controller further comprises pattern logic configured to identify one or more patterns in data transfers between the host and the 1/O device; and the key loader is further configured to store the first security key in the primary memory based on the one or more patterns identified by the pattern logic.
However, Roth does teach wherein: the controller further comprises pattern logic configured to identify one or more patterns in data transfers between the host and the 1/O device; [Roth, col. 6 lines 49 – 58 discloses A particular physical key of the logical key 104A may be selected according to various criteria, including, but not limited to, random selection or other stochastic selection, round-robin selection, weighted round-robin, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection based on the usage amount or rate of particular physical keys. Col. 7 lines 4 – 14 discloses it may be desirable to ensure that cryptographic keys are changed frequently by attaching a limit to the number of encryption operations may be performed with a given key. For example, if a key is limited for use in, at most, four billion cryptographic operations, then at 1,000 transactions per second, the key will expire in approximately 46 days. However, at a rate of 50,000 transactions per second or more, the key will expire in less than 23 hours and a key rotation process that runs once per day will not be triggered to run until many transactions after the key should have been rotated.] and the key loader is further configured to [store] select the first security key in the primary memory based on the one or more patterns identified by the pattern logic. [Roth, col. 4 lines 9 – 21 discloses The particular key determined to perform the actual cryptographic operation for the logical key may be determined according to a variety of methods, including, but not limited to, a random or other stochastic selection scheme, round-robin selection scheme, weighted round-robin selection scheme, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection scheme based on the usage amount or rate of particular physical keys.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]
	Roth does not explicitly teach “storing the first security key based on one or more patterns”, however it would have been obvious to one of ordinary skill in the art before the effective filling date to modify Wu in view of Roth to include "storing the first security key based on one or more patterns" because, as seen above, Roth teaches selecting keys based on one or more patterns and therefore storing the keys in that order yields the expected result of loading the required key in a faster manner.
Regarding claim 13, modified Wu teaches the controller of claim 12, but Wu does not teach wherein the one or more patterns comprise a frequency of use.
However, Roth does teach wherein the one or more patterns comprise a frequency of use. [Roth, col. 6 lines 49 – 58 discloses A particular physical key of the logical key 104A may be selected according to various criteria, including, but not limited to, random selection or other stochastic selection, round-robin selection, weighted round-robin, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection based on the usage amount or rate of particular physical keys.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]

Regarding claim 14, modified Wu teaches the controller of claim 12, but Wu does not teach wherein the one or more patterns comprise a sequential access operation.
However, Roth does teach wherein the one or more patterns comprise a sequential access operation. [Roth, col. 6 lines 49 – 58 discloses A particular physical key of the logical key 104A may be selected according to various criteria, including, but not limited to, random selection or other stochastic selection, round-robin selection, weighted round-robin, an attribute of the request (e.g., selecting a key based on a hash value returned after applying a hash function to the request), a type of operation to be performed (e.g., an encryption operation versus a decryption operation), whichever physical key may be present within cache, or a selection based on the usage amount or rate of particular physical keys.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Roth’s system with Wu’s system, with a motivation that if requests to perform cryptographic operations using a logical key exceed a desired frequency, rather than throttling the requests, the multiple cryptographic keys may be used to fulfill the requests. In this manner, the requested rate of cryptographic operations may be maintained without compromising data security. [Roth, col. 2 lines 45 – 51]

Claims 7 – 9 and 15 – 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 8972733 B1 to Wu et al., (hereinafter, “Wu”) in view of in view of US 20210141943 A1 to Van Leeuwen et al., (hereinafter, “Van Leeuwen”).
Regarding claim 7, Wu teaches the method of claim 1, but Wu does not teach further comprising storing the first security key in the primary memory based on an address associated with the first security key.
	However, Van Leeuwen does teach comprising storing the first security key in the primary memory based on an address associated with the first security key. [Van Leeuwen, para. 42 discloses the memory device may be configured to store a first access key in nonvolatile memory elements of the memory device. In some embodiments, a customer may determine and store the first access key in the fuse array 180 (e.g., the user-defined access key). In some embodiments, a manufacturer of the memory device may store the first access key at a predetermined set of addresses of the fuse array 180, where the first access key is determined based on manufacturing information that identifies the memory device 100 (e.g., the FID-based access key). In some embodiments, the manufacturer of the memory device defines the first access key hidden from a third party (e.g., the secret access key) and stored at a set of nonvolatile memory elements of the memory device 100 (e.g., a set of fuses, a set of conductive layers). Such hidden access key may be available via one or more pins of the memory device, which are designated for otherwise receiving inputs only.] 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Van Leeuwen’s system with Wu’s system, with a motivation to identify the memory device based on metadata for manufacturing information about the memory device, nullifying the access command when the first access key is different from the second access key, and blocking the write command from reaching the fuse array when the first access key is different from the second access key. [Van Leeuwen, para. 116]

Regarding claim 8, modified Wu teaches the method of claim 7, but Wu does not teach further comprising locking the first security key in the primary memory.
However, Van Leeuwen does teach further comprising locking the first security key in the primary memory. [Van Leeuwen, para. 42 discloses In some embodiments, the manufacturer of the memory device defines the first access key hidden from a third party (e.g., the secret access key) and stored at a set of nonvolatile memory elements of the memory device 100 (e.g., a set of fuses, a set of conductive layers). Such hidden access key may be available via one or more pins of the memory device, which are designated for otherwise receiving inputs only.] 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Van Leeuwen’s system with Wu’s system, with a motivation to identify the memory device based on metadata for manufacturing information about the memory device, nullifying the access command when the first access key is different from the second access key, and blocking the write command from reaching the fuse array when the first access key is different from the second access key. [Van Leeuwen, para. 116]

Regarding claim 9, modified Wu teaches the method of claim 7, but Wu does not teach wherein the address is specified by the host.
However, Van Leeuwen does teach wherein the address is specified by the host. [Van Leeuwen, para. 42 discloses In some embodiments, a customer may determine and store the first access key in the fuse array 180 (e.g., the user-defined access key). In some embodiments, a manufacturer of the memory device may store the first access key at a predetermined set of addresses of the fuse array 180, where the first access key is determined based on manufacturing information that identifies the memory device 100 (e.g., the FID-based access key).] 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Van Leeuwen’s system with Wu’s system, with a motivation to identify the memory device based on metadata for manufacturing information about the memory device, nullifying the access command when the first access key is different from the second access key, and blocking the write command from reaching the fuse array when the first access key is different from the second access key. [Van Leeuwen, para. 116]

	Regarding claim 15, it recites features similar to features within claim 7, it is rejected in a similar manner.

Regarding claim 16, it recites features similar to features within claim 9, it is rejected in a similar manner.

Regarding claim 17, Wu teaches the controller of claim 11, but Wu does not teach further comprising a second security engine arranged to secure the second security key in the secondary memory.
However, Van Leeuwen does teach further comprising a second security engine arranged to secure the second security key in the secondary memory. [Van Leeuwen, para. 14 discloses The memory device may include a component (e.g., an authentication component) to permit or prohibit such accesses. For example, the memory device may receive an access command directed to the fuse array where the access command includes another access key (e.g., a second access key). The memory device (or the authentication component) may retrieve the user-defined access key from the fuse array upon receiving the access command to compare the user-defined access key with the second access key included in the access command. Para. 33 discloses circuitry configured to generate control signals in response to receiving an access command directed to the fuse array, where the access command includes a second access key.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date to combine Van Leeuwen’s system with Wu’s system, with a motivation to identify the memory device based on metadata for manufacturing information about the memory device, nullifying the access command when the first access key is different from the second access key, and blocking the write command from reaching the fuse array when the first access key is different from the second access key. [Van Leeuwen, para. 116]

Conclusion
Pertinent prior art made of record however not replied upon includes:
US 9075710 B2 to Talagala et al.
“Apparatuses, systems, and methods are disclosed for a key-value store. A method includes encoding a key of a key-value pair into a logical address of a sparse logical address space for a non-volatile medium. A method includes mapping a logical address to a physical location in the non-volatile medium. A method includes storing a value of a key-value pair at a physical location.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434