DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 09/13/2022 for application number 16/824,242 has been entered. 

In the application,
Claims 1, 12, 19 and 22 are independent. 
Claims 1, 8, 12, 19 and 22 has been amended. 
Claims 1-24 are pending, being considered and rejected. 

Response to Arguments/Remarks
Applicant’s arguments/remarks, filed on 09/13/2022, have been fully considered and are rendered moot in view of new grounds of rejections outlined below, which were necessitated by the applicant’s amendment. The argument does not apply to the current art(s) being used. 

Claim Objections
Claim(s) 9, are objected to because of the following informalities:  
Claim 9 (Line 1), the claim recites “The method of claim 1 wherein…”, which should read as “The method of claim 1, wherein”.
Claim 21 (Line 1), the claim recites “The system of claim 19 wherein …”, which should read as “The system of claim 19, wherein…”.
Claim 23 (Line 1), the claim recites “The non-transitory computer-readable medium of claim 22 wherein …”, which should read as “The non-transitory computer-readable medium of claim 22, wherein …”.
Claim 24 (Line 1), the claim recites “The non-transitory computer-readable medium of claim 22 wherein …”, which should read as “The non-transitory computer-readable medium of claim 22, wherein …”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding independent claim 1, the claim recites limitation “decrypting code stored in a non-rewriteable, non-volatile memory;” in line 2 of the claim. The claim is indefinite because it is unclear whether the limitation “decrypting code” refers to a decrypted code that is already stored in a non-rewriteable, non-volatile memory or it refers to decrypting [a] code that is stored in a non-rewriteable, non-volatile memory. The claim is indefinite when the boundaries of the protected subject matter are not clearly delineated and the scope is unclear. The claim could be interpreted in such a way that it is not clear which is covered hence indefinite, because there is more than one reasonable interpretation of what intended embodiments are included in the claim. 
Claim 1 further recites “booting an electronic device using the decrypted code” in line 3 of the claim, which has not been defined previously. There is insufficient antecedent basis for “the decrypted code”, as outlined above since the claim does not recite a decrypted code or a code being decrypted necessarily. Therefore, the examiner suggests to clarify with correct antecedent basis.
Claim 1 further recites “applying a function to a portion of the decrypted code used to boot the electronic device, generating an ephemeral cryptographic key;” in lines 4-5 of the claim. The limitation is indefinite because it is unclear whether an ephemeral cryptographic key is generated in response to a function being applied to a portion of the decrypted code or it is being generated independently by using another process. The claim could be interpreted in such a way that it is not clear which is covered hence indefinite, because there is more than one reasonable interpretation of what intended embodiments are included in the claim. 
Regrading claim 3, the claim recites “wherein the non-volatile memory is a ROM- type memory” in lines 1-2 of the claim. The phrase “ROM- type memory” is indefinite because the addition of the word "type" to an otherwise definite expression (e.g., ROM) extends the scope of the expression so as to render it indefinite. Ex parte Copenhaver, 109 USPQ 118 (Bd. Pat. App. & Inter. 1955). Therefore, the phrase "ROM- type memory" is indefinite because it is unclear what "type" is intended to convey.
Regarding claim 5, the claim recites “a boot process” in line 2 of the claim. The term “a boot process” renders the claim indefinite, since it is unclear whether the “booting” process used to boot an electronic device (as recited in claim 1) is same as the “boot process” used to generate the ephemeral cryptographic key (as recited in claim 5). Therefore, clarification is required.
Regarding claim 6, the claim recites a relative term “a critical data process” which renders the claim indefinite. The term “a critical” is not clearly defined by the claim and the specification does not provide a standard for ascertaining the requisite degree for the term. 
Regarding claim 10, the claim recites “erasing the ephemeral cryptographic key” in lines 1-2 of the claim. The claim limitation is indefinite because it does not previously define whether the generated ephemeral cryptographic key is being (or has been) stored. Therefore, it is unclear how the ephemeral cryptographic key can be erased without being stored. Clarification is required. 
Regrading independent claims 12, 19 and 22, the claims are rejected for the same reasons as mentioned above for the independent claim 1.
Dependent claims 2-11, 13-18, 20-21 and 23-24 are likewise rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph as being indefinite since they depend on and/or carries the deficiencies of the parent claims.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over GOTO SEIJI (EP 2482222 B1), hereinafter (GOTO), in view of Fiske; Michael Stephen (US 2015/0067786 A1), hereinafter (Fiske).

Regarding claim 1, GOTO teaches a method, comprising (GOTO, PDF Page 6 (2nd Last Paragraph), discloses a method): decrypting code stored in a non-rewritable, non-volatile memory (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to decrypt an encrypted instruction code, stored in an encrypted instruction code area of a read only memory (ROM), by using a specific key in a core of the processor to generate a decrypted instruction code; and as disclosed in PDF Page 4 (2nd and 6th Paragraph), wherein the encrypted ROM code area, stores the encrypted instruction codes in a non-rewritable format (In other words, ROM is an example of non-volatile memory which stores the encrypted instruction codes in a non-rewritable format)); booting an electronic device using the decrypted code (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to perform booting of the core in the processor using the decrypted instruction code); GOTO, PDF Page 18 (2nd Last Paragraph), discloses to generate an authentication key (i.e., an ephemeral cryptographic key)); and performing one or more cryptographic operations on data using the generated ephemeral cryptographic key (GOTO, PDF Page 2 (11th Paragraph), discloses to select a key to be used for encryption/decryption (i.e., one or more cryptographic operations) of the data, and/or see also PDF Page 18 (2nd Last Paragraph), discloses to decrypt an electronic signature (i.e., performing one or more cryptographic operations on data) corresponding to authentication information added to an instruction code of a first program on a secondary memory, by using the authentication key (i.e., an ephemeral cryptographic key)).
GOTO, as disclosed above, teaches to generate an ephemeral cryptographic key, wherein GOTO fails to explicitly disclose but Fiske teaches applying a function to a portion of the decrypted code used to boot the electronic device, generating an ephemeral cryptographic key (Fiske, Para. [0129], discloses a secure memory system 104 (including a non-volatile memory and a volatile memory) that may store a method of generating encryption/decryption code, and as disclosed in Para. [0170 and 0178], wherein the non-volatile memory (of the secure memory system 104) enables the device to permanently store information (i.e., decrypted code/instructions) for generating a new cryptography key (i.e., an ephemeral cryptographic key) by applying a function, and as disclosed in GOTO, PDF Page 18 (2nd Last Paragraph), wherein booting of the core in the processor is performed by using the decrypted instruction code); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘GOTO’, with a motivation to generate an ephemeral cryptographic key by applying a function to a portion of the decrypted code, as taught by Fiske, in order to authenticate and protect communication from malware and further thwarts hackers from sending read and/or write commands (or any other commands) to secure memory; Fiske, Abstract and Para. [0130].

Regarding claim 2, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO further teaches comprising temporarily storing the ephemeral cryptographic key in a register (GOTO, PDF Page 13 (Last Paragraph), discloses an authentication key register 119 where an authentication key (i.e., the ephemeral cryptographic key) is stored).  

Regarding claim 3, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO as modified by Fiske further teaches the non-volatile memory is a ROM-type memory (GOTO, PDF Page 4 (2nd Paragraph), discloses a ROM, which is an example of non-volatile memory, as disclosed in Fiske, Para. [0170]).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘GOTO’, with a motivation wherein the non-volatile memory is a ROM-type memory, as taught by Fiske, in order to generate cryptographic keys (encryption or decryption) by using the information stored in the non-volatile memory; Fiske, Para. [0170].

Regarding claim 4, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO fails to teach but Fiske further teaches the function is a non- reversible function (Fiske, Para. [0126], discloses one way hash functions. A one-way hash function .PHI. is a function that can be easily computed, but that its inverse .PHI..sup.-1 is extremely difficult to compute. (herein the hash function is an example of a non-reversible functions, as disclosed in lines 15-17 (on page 7) of the immediate disclosure)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘GOTO’, with a motivation wherein the function is a non- reversible function, as taught by Fiske, in order to generate a new cryptographic key by applying function on the information stored in the non-volatile memory; Fiske, Para. [0170 and 0178].

Regarding claim 9, GOTO as modified by Fiske teaches the method of claim 1 wherein GOTO as modified by Fiske further teaches the non-volatile memory is a read-only-memory (GOTO, PDF Page 4 (2nd Paragraph), discloses a ROM, which is an example of non-volatile memory, as disclosed in Fiske, Para. [0170]).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘GOTO’, with a motivation wherein the non-volatile memory is a read-only-memory, as taught by Fiske, in order to generate cryptographic keys (encryption or decryption) by using the information stored in the non-volatile memory; Fiske, Para. [0170].

Claims 5-7 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over GOTO SEIJI (EP 2482222 B1), hereinafter (GOTO), in view of Fiske; Michael Stephen (US 2015/0067786 A1), hereinafter (Fiske), and further in view of Khosravi; Hormuzd et al. (US 2019/0147192 A1; Filed on Dec. 20, 2018), hereinafter (Khosravi).

Regarding claim 5, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO as modified by Fiske fails to explicitly disclose but Khosravi teaches comprising generating the ephemeral cryptographic key in a boot process (Khosravi, Para. [0025 and 0048], discloses that the encryption key (also referred to as an ephemeral key) may be a 128-bit key generated at a boot time).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Khosravi’ into the teachings of ‘GOTO’ as modified by ‘Fiske’, with a motivation wherein the ephemeral cryptographic key is generated in a boot process, as taught by Khosravi, in order to encrypt data by using the encryption key generated in the boot process, so the data can be protected from access by unauthorized persons and malicious software; Khosravi, Para. [0024-0025].

Regarding claim 6, GOTO as modified by Fiske teaches the method of claim 1, wherein Khosravi further teaches comprising generating the ephemeral cryptographic key in response to initiation of a critical data process (Khosravi, Para. [0048], discloses that TD 124A, 124N may be created and launched by TDRM 122. TDRM 122 may create TD 124A, for example, by executing a specific instruction (e.g., TDCREATE). TDRM 122 may select a 4 KB aligned region of physical memory 114 (corresponding to one memory page) and provide the address of the memory page as a parameter to the instruction to create TD 124A. The instruction executed by TDRM 122 may further cause processor 112 to generate a one-time cryptographic key (also referred to as an ephemeral key), and/or see also Para. [0049], discloses that, in various embodiments, encryption engine 172 may be utilized in the TD architecture described herein to support one or more encryption keys (e.g., ephemeral keys) generated for each TD 124A, 124N to help achieve cryptographic isolation between different tenant workloads).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Khosravi’ into the teachings of ‘GOTO’ as modified by ‘Fiske’, with a motivation to generate the ephemeral cryptographic key in response to initiation of a critical data process, as taught by Khosravi, in order to encrypt data by using the generated encryption key, so it can be protected from access by unauthorized persons and malicious software; Khosravi, Para. [0024-0025].

Regarding claim 7, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO as modified by Fiske fails to teach but Khosravi teaches comprising performing a cryptographic operation on data of the non-volatile memory using the ephemeral cryptographic key (Khosravi, Para. [0025], discloses that the encryption key may be a 128-bit key generated at a boot time and used to encrypt data. In particular, when the processor makes a write request to memory (hereinafter ROM, as disclosed in Para. [0045]), the data may be encrypted by a memory encryption engine before being sent to memory, where it is stored in an encrypted form. When the data is read from memory, the data is sent to the processor in the encrypted form and is decrypted by the encryption key when it is received by the processor).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Khosravi’ into the teachings of ‘GOTO’ as modified by ‘Fiske’, with a motivation to perform a cryptographic operation on data of the non-volatile memory using the ephemeral cryptographic key, as taught by Khosravi, in order to protect data from access by unauthorized persons and malicious software by encrypting the data by using the encryption key generated in the boot process; Khosravi, Para. [0024-0025].

Regarding claim 11, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO further teaches comprising performing an authentication process based on results of the one or more cryptographic operations (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to authenticate the instruction code of the first program when a decryption result (i.e., results of the one or more cryptographic operations) of the electronic signature matches a result of an operation performed on the instruction code of the first program).  

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over GOTO SEIJI (EP 2482222 B1), hereinafter (GOTO), in view of Fiske; Michael Stephen (US 2015/0067786 A1), hereinafter (Fiske), and further in view of Asano, Kazuya (WO 2018/042766 A1), hereinafter (Asano).

Regarding claim 8, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO as modified by Fiske fails to explicitly disclose but Asano teaches comprising transferring the decrypted code into a volatile memory before applying the function (Asano, PDF Page 3 (9th Paragraph), discloses that the secure communication circuit 12c decrypts the encrypted boot code 20b and stores the boot code 20c obtained by decryption (i.e., by decrypting the encrypted boot code 20b) in the storage circuit 12b, and as disclosed in PDF Page 2 (2nd Last Paragraph), wherein the storage circuit 12b may be, for example, a volatile semiconductor memory such as a RAM).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Asano’ into the teachings of ‘GOTO’ as modified by ‘Fiske’, with a motivation to transfer the decrypted code into a volatile memory before applying the function, as taught by Asano, in order to strengthen the security of information equipment in which a storage device stores encrypted data and instruction codes, and a processor decrypts the encrypted instruction codes and executes instructions; Asano, PDF Page 2 (1st Paragraph).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over GOTO SEIJI (EP 2482222 B1), hereinafter (GOTO), in view of Fiske; Michael Stephen (US 2015/0067786 A1), hereinafter (Fiske), and further in view of Adler; Mitchell D. et al. (US 20170359717 A1), hereinafter (Adler).

Regarding claim 10, GOTO as modified by Fiske teaches the method of claim 1, wherein GOTO as modified by Fiske fails to disclose but Adler teaches comprising erasing the ephemeral cryptographic key (Adler, Para. [0002], discloses that ephemeral key(s) are removed after each session).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Adler’ into the teachings of ‘GOTO’ as modified by ‘Fiske’, with a motivation to erase the ephemeral cryptographic key, as taught by Adler, after each session so even if an attacker gets access to a particular key, encrypted data from previous sessions is still secured, and further provides backward security; Adler, Para. [0002].

Claims 12-24 are rejected under 35 U.S.C. 103 as being unpatentable over Khosravi; Hormuzd et al. (US 2019/0147192 A1), hereinafter (Khosravi), in view of GOTO SEIJI (EP 2482222 B1), hereinafter (GOTO), and further in view of Fiske; Michael Stephen (US 2015/0067786 A1), hereinafter (Fiske).

Regarding claim 12, Khosravi teaches an electronic device, comprising: processing circuitry (Khosravi, Fig. 1A, depicts a processor 112); one or more memories including a non-rewriteable, a non-volatile memory (Khosravi, Fig. 1A, depicts a memory 114, and as disclosed in Para. [0045], wherein the memory 114 may include read-only memory (“ROM”, hereinafter non-volatile memory)); 
ephemeral cryptographic key generation circuitry, which, in operation (Khosravi, Fig. 1A, depicts TDRM 122, or see also Fig. 3, depicts a system agent 304), Khosrvai, Para. [0045 & 0058], discloses a memory 114, which may include read-only memory (“ROM”, hereinafter non-volatile memory), to store program binaries (or instructions) and/or other data, and as disclosed in Para. [0048], that the instruction(s) selected and/or executed by TDRM 122 may further cause processor 112 to generate a one-time cryptographic key (also referred to as an ephemeral key), and as further disclosed in Para. [0025], wherein the encryption key may be a 128-bit key generated at a boot time); and
cryptographic circuitry coupled between the processing circuitry and the one or more memories (Khosravi, Fig. 1A and Para. [0041], discloses that the TDRM 122 may act as a host and have control of the processor 112 and other platform hardware memory 114 (TDRM is coupled between a processor 112 and a memory 114, as shown in Fig. 1A), or see also Fig. 3, that depicts a system agent 304 coupled between processor 302 and memory 330), wherein the cryptographic circuitry, in operation, performs one or more cryptographic operations on data using the generated ephemeral cryptographic key (Khosravi, Para. [0025], discloses that the encryption key may be a 128-bit key generated at a boot time and used to encrypt data sent to external memory buses. In particular, when the processor makes a write request to memory, the data may be encrypted by a memory encryption engine before being sent to memory, where it is stored in an encrypted form. When the data is read from memory, the data is sent to the processor in the encrypted form and is decrypted by the encryption key when it is received by the processor, or see also Fig. 3 and Para. [0090], wherein the memory protection controller 306 (within system agent 304) may be configurable or programmable, and may include support for multiple encryption keys. Accordingly, memory protection controller 306 may be configured or programmed (e.g., by software) to encrypt different regions or pages of memory 310 using different encryption keys and/or algorithms. In this manner, memory encryption can be provided and configured separately for different users, tenants, customers, applications, and/or workloads).  
Khosravi fails to teach but GOTO teaches wherein the processing circuitry, in operation, performs a boot operation using executable boot code stored in the non-rewriteable, non-volatile memory (GOTO, PDF Page 18 (2nd Last Paragraph), discloses a processor to execute a process comprising: decrypting an encrypted instruction code, stored in an encrypted instruction code area of a read only memory (ROM), by using a specific key in a core of the processor to generate a decrypted instruction code; and as disclosed in PDF Page 4 (2nd and 6th Paragraph), wherein the encrypted ROM code area, stores the encrypted instruction codes in a non-rewritable format (In other words, ROM is an example of non-volatile memory which stores the encrypted instruction codes in a non-rewritable format); performing booting of the core in the processor using the decrypted instruction code); the one or more cryptographic operations including decrypting the executable boot code (GOTO, PDF Page 2 (11th Paragraph), discloses to select a key to be used for encryption/decryption of the data and execution codes, and/or see also GOTO, PDF Page 18 (2nd Last Paragraph), discloses to decrypt an encrypted instruction code).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘GOTO’ into the teachings of ‘Khosravi’, with a motivation to perform a boot operation using executable boot code stored in the non-rewriteable, non-volatile memory, as taught by GOTO, in order to assure the security of information processing systems and further preventing the operations of malicious execution codes; GOTO, PDF Page 1 (Abstract).
Khosravi as modified by GOTO fails to explicitly disclose but Fiske teaches applies a function to code stored in the non-rewriteable, non-volatile memory, generating an ephemeral cryptographic key, wherein the code is a portion of the executable boot code used to perform the boot operation (Fiske, Para. [0129], discloses a secure memory system 104 (including a non-volatile memory and a volatile memory) that may store a method of generating encryption/decryption code, and as disclosed in Para. [0170 and 0178], wherein the non-volatile memory (of the secure memory system 104) enables the device to permanently store information (i.e., decrypted code/instructions) for generating a new cryptography key (i.e., an ephemeral cryptographic key) by applying a function, and as disclosed in GOTO, PDF Page 18 (2nd Last Paragraph), wherein booting of the core in the processor is performed by using the decrypted instruction code); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘Khosravi’ as modified by ‘GOTO’, with a motivation to generate an ephemeral cryptographic key by applying a function to a portion of the decrypted code, as taught by Fiske, in order to authenticate and protect communication from malware e.g., by preventing processor from communicating to secure memory area during the secure area's execution of critical operations such as setup, generation of keys, etc.; Fiske, Abstract and Para. [0137].

Regarding claims 13, Khosravi as modified by GOTO in view of Fiske teaches the device of claim 12, wherein Khosravi further teaches comprising a register, which, in operation, temporarily stores the generated ephemeral cryptographic key (Khosravi, Para. [0048 and 0067], discloses that the one-time cryptographic key may be assigned to an available HKID stored in KOT 140 (key ownership table). KOT 140 may be a data structure, invisible to software operating on processor 112, for managing an inventory of HKIDs within the TD architecture, and as disclosed in Para. [0051], once all cache entries of cache 134 have been flushed, TDRM 122 may mark the HKID assigned to the one-time cryptographic key as available for assignment to other one-time cryptographic keys associated with other TDs (e.g., TD 124N), or see also Fig. 3 and Para. [0095], disclose a key table 307 in which each entry 307A-D may include a key or domain ID, a protection mode, and an associated encryption key (e.g., a one-time cryptographic key)).  

Regarding claims 14, Khosravi as modified by GOTO in view of Fiske teaches the device of claim 12, wherein Khosravi as modified by GOTO in view of Fiske the non-volatile memory is a ROM- type memory (Khosrvai, Para. [0045 & 0058], discloses a memory 114, which may include read-only memory (“ROM”, hereinafter non-volatile memory), to store program binaries (or instructions), and/or as disclosed in GOTO, PDF Page 4 (2nd Paragraph), discloses a ROM, which is an example of non-volatile memory, as disclosed in Fiske, Para. [0170]).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘Khosravi’ as modified by‘GOTO’, with a motivation wherein the non-volatile memory is a ROM-type memory, as taught by Fiske, in order to generate cryptographic keys (encryption or decryption) by using the information stored in the non-volatile memory; Fiske, Para. [0170].

Regarding claim 15, Khosravi as modified by GOTO in view of Fiske teaches the device of claim 12, wherein Khosravi as modified by GOTO fails to teach but Fiske further teaches the function is a non-reversible function (Fiske, Para. [0126], discloses one way hash functions. A one-way hash function .PHI. is a function that can be easily computed, but that its inverse .PHI..sup.-1 is extremely difficult to compute. (herein the hash function is an example of a non-reversible functions, as disclosed in lines 15-17 (on page 7) of the immediate disclosure)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘Khosravi’ as modified by‘GOTO’, with a motivation wherein the function is a non- reversible function, as taught by Fiske, in order to generate a new cryptographic key by applying function on the information stored in the non-volatile memory; Fiske, Para. [0170 and 0178].

Regarding claim 16, Khosravi as modified by GOTO in view of Fiske teaches the device of claim 12, wherein Khosravi further teaches, in operation, the ephemeral cryptographic key generating circuitry generates a plurality of ephemeral cryptographic keys, each generated ephemeral cryptographic key corresponding to a different portion of memory (Khosravi, Fig. 3 and Para. [0090], wherein the memory protection controller 306 (within system agent 304) may be configurable or programmable, and may include support for multiple encryption keys. Accordingly, memory protection controller 306 may be configured or programmed (e.g., by software) to encrypt different regions or pages of memory 310 using different encryption keys and/or algorithms. In this manner, memory encryption can be provided and configured separately for different users, tenants, customers, applications, and/or workloads).  

Regarding claims 17, Khosravi as modified by GOTO in view of Fiske teaches the device of claim 12 wherein Khosravi further teaches, in operation, the ephemeral cryptographic key generating circuitry generates the ephemeral cryptographic key in response to a boot process (Khosravi, Para. [0025], discloses that the encryption key (i.e., ephemeral key) may be a 128-bit key generated at a boot time).  

Regarding claims 18, Khosravi as modified by GOTO in view of Fiske teaches the device of claim 12 wherein Khosravi further teaches, in operation, the ephemeral cryptographic key generating circuitry generates the ephemeral cryptographic key in response to initiation of a critical data process (Khosravi, Para. [0048], discloses that TD 124A, 124N may be created and launched by TDRM 122. TDRM 122 may create TD 124A, for example, by executing a specific instruction (e.g., TDCREATE). TDRM 122 may select a 4 KB aligned region of physical memory 114 (corresponding to one memory page) and provide the address of the memory page as a parameter to the instruction to create TD 124A. The instruction executed by TDRM 122 may further cause processor 112 to generate a one-time cryptographic key (also referred to as an ephemeral key), and/or see also Para. [0049], discloses that, in various embodiments, encryption engine 172 may be utilized in the TD architecture described herein to support one or more encryption keys (e.g., ephemeral keys) generated for each TD 124A, 124N to help achieve cryptographic isolation between different tenant workloads).

Regarding claim 19, Khosravi teaches a system, comprising: one or more memories including a Khosravi, Fig. 1A, depicts a memory 114, and as disclosed in Para. [0045], wherein the memory 114 may include read-only memory (“ROM”, hereinafter non-volatile memory)); and processing circuitry coupled to the one or more memories (Khosravi, Fig. 1A, depicts a processor 112 coupled to a memory 114, or see also Fig. 3, wherein a processor 302 is coupled to a memory 330),  generating an ephemeral cryptographic key (Khosrvai, Para. [0045 & 0058], discloses a memory 114, which may include read-only memory (“ROM”, hereinafter non-volatile memory), to store program binaries (or instructions) and/or other data, and as disclosed in Para. [0048], that the instruction(s) selected and/or executed by TDRM 122 may further cause processor 112 to generate a one-time cryptographic key (also referred to as an ephemeral key), and as further disclosed in Para. [0025], wherein the encryption key may be a 128-bit key generated at a boot time); and performs one or more cryptographic operations on data using the generated ephemeral cryptographic key (Khosravi, Para. [0025], discloses that the encryption key may be a 128-bit key generated at a boot time and used to encrypt data sent to external memory buses. In particular, when the processor makes a write request to memory, the data may be encrypted by a memory encryption engine before being sent to memory, where it is stored in an encrypted form. When the data is read from memory, the data is sent to the processor in the encrypted form and is decrypted by the encryption key when it is received by the processor).  
Khosravi fails to explicitly disclose but GOTO teaches wherein the processing circuitry, in operation, decrypts boot code stored in a non-rewritable, non-volatile memory (GOTO, PDF Page 18 (2nd Last Paragraph), discloses a processor to execute a process comprising: decrypting an encrypted instruction code, stored in an encrypted instruction code area of a read only memory (ROM), by using a specific key in a core of the processor to generate a decrypted instruction code; and as disclosed in PDF Page 4 (2nd and 6th Paragraph), wherein the encrypted ROM code area, stores the encrypted instruction codes in a non-rewritable format (In other words, ROM is an example of non-volatile memory which stores the encrypted instruction codes in a non-rewritable format)); executes a boot operation using the decrypted boot code (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to perform booting of the core in the processor using the decrypted instruction code, and as disclosed in PDF Page 8 (8th Paragraph), wherein the core continues operations); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘GOTO’ into the teachings of ‘Khosravi’, with a motivation to decrypting boot code stored in a non-rewritable, non-volatile memory; and execute a boot operation using the decrypted boot code, as taught by GOTO, in order to prevent operation of malicious execution codes and further assures the security of information processing systems; GOTO, PDF Page 1 (Abstract).
Khosravi as modified by GOTO fails to explicitly disclose but Fiske teaches to applies a function to a portion of the decrypted boot code used to execute the boot operation, generating an ephemeral cryptographic key (Fiske, Para. [0129], discloses a secure memory system 104 (including a non-volatile memory and a volatile memory) that may store a method of generating encryption/decryption code, and as disclosed in Para. [0170 and 0178], wherein the non-volatile memory (of the secure memory system 104) enables the device to permanently store information (i.e., decrypted code/instructions) for generating a new cryptography key (i.e., an ephemeral cryptographic key) by applying a function, and as disclosed in GOTO, PDF Page 18 (2nd Last Paragraph), wherein booting of the core in the processor is performed by using the decrypted instruction code); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘Khosravi’ as modified by ‘GOTO’, with a motivation to generate an ephemeral cryptographic key by applying a function to a portion of the decrypted code, as taught by Fiske, in order to authenticate and protect communication from malware e.g., by preventing processor from communicating to secure memory area during the secure area's execution of critical operations such as setup, generation of keys, etc.; Fiske, Abstract and Para. [0137].

Regarding claim 20, Khosravi as modified by GOTO in view of Fiske teaches the system of claim 19, Wherein Khosravi fails to explicitly disclose but GOTO further comprising functional circuitry coupled to the processing circuitry, wherein the functional circuitry, in operation (Goto, Figs. 26-27, illustrates a configuration example of the encryption circuit and decryption circuit (i.e., functional circuitry) having a data passing over function), performs one or more operations based on a result of the one or more cryptographic operations (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to authenticate the instruction code of the first program (i.e., performs one or more operations) when a decryption result (i.e., results of the one or more cryptographic operations) of the electronic signature matches a result of an operation performed on the instruction code of the first program).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘GOTO’ into the teachings of ‘Khosravi’, with a motivation to perform one or more operations based on a result of the one or more cryptographic operations, as taught by GOTO, in order to assures the security of information processing systems and further prevent operations of malicious execution codes; GOTO, PDF Page 1 (Abstract).

Regarding claim 21, Khosravi as modified by GOTO in view of Fiske teaches the system of claim 19 wherein Khosravi further teaches the boot code is a system boot code (Khosravi, Para. [0198], discloses a boot ROM 1735 to hold boot codes for execution by cores 1706-1707).  

Regarding claim 22, Khosravi teaches a non-transitory computer-readable medium having contents which configure a computing device to perform a method, the method comprising (Khosravi, Para. [0243 or 0248], discloses a non-transitory medium to store code/information adapted to be executed by the micro-controller. Furthermore, in another embodiment, use of a module refers to the non-transitory medium including the code, which is specifically adapted to be executed by the microcontroller to perform predetermined operations): generating an ephemeral cryptographic key (Khosrvai, Para. [0045 & 0058], discloses a memory 114, which may include read-only memory (“ROM”, hereinafter non-volatile memory), to store program binaries (or instructions) and/or other data, and as disclosed in Para. [0048], that the instruction(s) selected and/or executed by TDRM 122 may further cause processor 112 to generate a one-time cryptographic key (also referred to as an ephemeral key), and as further disclosed in Para. [0025], wherein the encryption key may be a 128-bit key generated at a boot time); and performing one or more cryptographic operations on data using the generated ephemeral cryptographic key (Khosravi, Para. [0025], discloses that the encryption key may be a 128-bit key generated at a boot time and used to encrypt data sent to external memory buses. In particular, when the processor makes a write request to memory, the data may be encrypted by a memory encryption engine before being sent to memory, where it is stored in an encrypted form. When the data is read from memory, the data is sent to the processor in the encrypted form and is decrypted by the encryption key when it is received by the processor).  
Khosravi fails to explicitly disclose but GOTO teaches decrypting boot code stored in a non-rewritable, non-volatile memory (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to decrypt an encrypted instruction code, stored in an encrypted instruction code area of a read only memory (ROM), by using a specific key in a core of the processor to generate a decrypted instruction code; and as disclosed in PDF Page 4 (2nd and 6th Paragraph), wherein the encrypted ROM code area, stores the encrypted instruction codes in a non-rewritable format (In other words, ROM is an example of non-volatile memory which stores the encrypted instruction codes in a non-rewritable format)); executing a boot operation using the decrypted boot code (GOTO, PDF Page 18 (2nd Last Paragraph), discloses to perform booting of the core in the processor using the decrypted instruction code, and as disclosed in PDF Page 8 (8th Paragraph), wherein the core continues operations); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘GOTO’ into the teachings of ‘Khosravi’, with a motivation to decrypting boot code stored in a non-rewritable, non-volatile memory; and execute a boot operation using the decrypted boot code, as taught by GOTO, in order to prevent operation of malicious execution codes and further assures the security of information processing systems; GOTO, PDF Page 1 (Abstract).
Khosravi as modified by GOTO fails to explicitly disclose but Fiske teaches applying a function to a portion of the decrypted boot code used to execute the boot operation, generating an ephemeral cryptographic key (Fiske, Para. [0129], discloses a secure memory system 104 (including a non-volatile memory and a volatile memory) that may store a method of generating encryption/decryption code, and as disclosed in Para. [0170 and 0178], wherein the non-volatile memory (of the secure memory system 104) enables the device to permanently store information (i.e., decrypted code/instructions) for generating a new cryptography key (i.e., an ephemeral cryptographic key) by applying a function, and as disclosed in GOTO, PDF Page 18 (2nd Last Paragraph), wherein booting of the core in the processor is performed by using the decrypted instruction code); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘Khosravi’ as modified by ‘GOTO’, with a motivation to generate an ephemeral cryptographic key by applying a function to a portion of the decrypted code, as taught by Fiske, in order to authenticate and protect communication from malware e.g., by preventing processor from communicating to secure memory area during the secure area's execution of critical operations such as setup, generation of keys, etc.; Fiske, Abstract and Para. [0137].

Regarding claim 23, Khosravi as modified by GOTO in view of Fiske teaches the non-transitory computer-readable medium of claim 22 wherein Khosravi further teaches the contents comprise instructions stored in the non-transitory computer-readable medium (Khosravi, Para. [0243 or 0248-0249], discloses a non-transitory medium to store code/information (i.e., instructions) adapted to be executed by the micro-controller).  

Regarding claim 24, Khosravi as modified by GOTO in view of Fiske teaches the non-transitory computer-readable medium of claim 22 wherein Khosravi as modified by GOTO fails to teach but Fiske further teaches the function is a non-reversible function (Fiske, Para. [0126], discloses one way hash functions. A one-way hash function .PHI. is a function that can be easily computed, but that its inverse .PHI..sup.-1 is extremely difficult to compute. (herein the hash function is an example of a non-reversible functions, as disclosed in lines 15-17 (on page 7) of the immediate disclosure)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Fiske’ into the teachings of ‘Khosravi’ as modified by ‘GOTO’, with a motivation wherein the function is a non- reversible function, as taught by Fiske, in order to generate a new cryptographic key by applying function on the information stored in the non-volatile memory; Fiske, Para. [0170 and 0178].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496