Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 17/404,543 has a total of 20 claims pending in the application; there are 3 independent claims and 17 dependent claims, all of which are ready for examination by the examiner.
The specification has not been checked to the extent necessary to determine the presence of all possible minor errors.
In the response to this Office action, the Examiner respectfully requests that support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line numbers in the specification and/or drawing figure(s). This will assist the Examiner in prosecuting this application.
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
INFORMATION CONCERNING DRAWINGS 
The applicant’s drawings submitted are acceptable for examination purposes.
STATUS OF CLAIM FOR PRIORITY IN THE APPLICATION
The instant Application No. 17404543 filed 08/17/2021 Claims Priority from Provisional Application 63181783, filed 04/29/2021.
OBJECTIONS
The disclosure is objected to because of the following informalities: The limitations “he network can include…” (page 2, line 2) appears to be a typographical error and should be corrected to read “The network can include…”.  
Appropriate correction is required.

REJECTIONS BASED ON PRIOR ART
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 8-9 and 17 is/are rejected under 35 U.S.C. 102a(1)/(a)(2) as being anticipated by Diamant et al. (US 10,303,621).
As per claim 1. A method of secure decryption by virtualization and translation of physical encryption keys, the method comprising: generating, by a key security engine, at least one key address translation index; [Diamant teaches “MMU 112 comprises multiple registers, with each register configured with a translation between a virtual address (or range of virtual addresses) and a corresponding physical address” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text) where the physical address indicates the location of encryption key within NVM 140, note the MMU corresponds to the claimed security engine]
obtaining, from a key translation memory, at least one physical mapping address based on the key address translation index and at least one virtual key address; and [“Access to the encryption key 142 may include CPU core 102 issuing a read transaction for the encryption key. The read transaction instruction includes the virtual address of the encryption key. The read transaction, with the encryption key’s virtual address, is received by the MMU 112… For the virtual address-to-physical address (VA-to-PA) translation for the encryption key, the corresponding physical address may be a physical address of the NVM 140 at which the encryption key 142 is located.” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)]
retrieving, from a physical key memory, at least one physical encryption key stored at the physical memory address [Diamant teaches “The MMU receives the read request, accesses the register containing the virtual address from the read request, replaces the virtual address in the read request with the corresponding physical address, and forwards the modified read request to the NVM 140 for retrieval of the data at the specified physical address (the encryption key 142 in this case).” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)].  
As per claim 8. The method of claim 1, wherein the physical mapping address comprises a pointer to the physical memory address at the physical key memory [Diamant teaches "For the virtual address-to-physical address (VA-to-PA) translation for the encryption key, the corresponding physical address may be a physical address of the NVM 140 at which the encryption key 142 is located. The MMU receives the read request, accesses the register containing the virtual address from the read request, replaces the virtual address in the read request with the corresponding physical address, and forwards the modified read request to the NVM 140 for retrieval of the data at the specified physical address (the encryption key 142 in this case).” (col. 3, line 66-col. 4, line 18)].  

As per claim 9. A system of secure decryption by virtualization and translation of physical encryption keys, the system comprising: a key translation memory operable to store at least one physical mapping address corresponding to at least one virtual key address; a physical key memory operable to store at least one physical encryption key at a physical memory address thereof, and a key security engine operable generate at least one key address translation index, obtain, from the key translation memory, the physical mapping address based on the key address translation index and the virtual key address, and retrieve, from the physical key memory, the physical encryption key stored at the physical memory address [The rationale in the rejection of claim 1 is herein incorporated. Note Diamant teaches “The MMU 112 includes a register set 160 including registers 162, 164, 166, 168, and 170, and may contain additional registers as well. Each register 162-170 maps a virtual address (VA) to a corresponding physical address (PA).” (col. 4, lines 28-32; fig. 2 and related text) which correspond to the claimed key translation memory. NVM 140 storing encryption keys (figs. 1 and 2 and related text) which corresponds to the claimed physical key memory. “The MMU receives the read request, accesses the register containing the virtual address from the read request, replaces the virtual address in the read request with the corresponding physical address, and forwards the modified read request to the NVM 140 for retrieval of the data at the specified physical address (the encryption key 142 in this case).” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text) which corresponds to the claimed key security engine].  
As per claim 17. The system of claim 9, wherein the physical mapping address comprises a pointer to the physical memory address at the physical key memory [The rationale in the rejection of claim 8 is herein incorporated].  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 2-3, 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Diamant et al. (US 10,303,621) in view of Funk et al. (US 2009/0214040).
As per claim 2. The method of claim 1, further comprising: decrypting, with the physical encryption key, a frame corresponding to a partition register [Diamant teaches “The boot code 132, or other code that performs the decryption, accesses the encryption key from the NVM device 140 and performs a decryption process using the encryption key 142 to decrypt the encrypted software image 152.” (col. 3, lines 61-65)], but does not expressly disclose using the key to decrypt a frame corresponding to a partition register; however, regarding these limitations, Funk teaches [“the master encryption keys for the various partitions are stored in a master key table 408 within this reserved area of real addresses used by the non-dispatchable hypervisor. A master key for any partition is for that partition only, and is not shared with any other partition. In the preferred embodiment, each partition has a single master key, although it would alternatively be possible to provide multiple master keys for each partition, or to provide keys for some partitions and not others.” (par. 0072) where “responsive to obtaining the master key address, the master key is retrieved at the real address contained in the register and provided to the crypto-engine (step 605). This master key may be in L2 or L3 cache, or in main memory, but since L1 cache is addressed with effective addresses (and might therefore be accessed by a task executing within a partition), the key would not be in L1 cache. Dispatch of the encryption/decryption instruction further causes accessing the address of the input data to be encrypted/decrypted (and optional address of resultant encrypted/decrypted data) from the corresponding GP register(s) 312 (steps 606). Similarly to the master key address, the input and resultant data address might be sent to the crypto-engine as part of a secure data packet, or the crypto engine might retrieve them from registers. Responsive to accessing the input data address, the input data is provided to the crypto-engine (step 607). This data may be in the L1 D-cache, or in another cache or main memory. If it is in a lower level cache or main memory, the address must be translated using address translate unite 324 to obtain the data. When the crypto-engine has both the master key and the input data, it performs the data transformation to encrypt/decrypt the data according to the applicable encryption/decryption algorithm. (step 608). The crypto engine then stores the encrypted/decrypted data in an appropriate result location (e.g., at an address previously provided), and signals to the CPU core that the operation is complete (step 609).” (par. 0095)]. 
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify Diamant to include using the key to decrypt a frame corresponding to a partition register as taught by Funk since doing so would provide the benefits of facilitating protection of encryption keys (par. 0001) while providing partition isolation (par. 0015) and also providing an additional layer of protection (par. 0020).
Therefore, it would have been obvious to combine Diamant and Funk for the benefit of creating a storage system/method to obtain the invention as specified in claim 2.
As per claim 3. The method of claim 2, wherein the partition register includes the virtual key address [Regarding these limitations, Funk teaches “Master key address register 307 contains a real address in memory of a master key used for encrypting/decrypting data, as explained in greater detail herein. This is the master key corresponding to the partition to which the CPU core is currently allocated. In accordance with the preferred embodiment, each CPU core is allocated to one and only one logical partition at any instant in time, although this allocation may change from time to time.” (par. 0050)]; however, according to Diamant, keys are accessed by virtual address, which is converted to a physical address and the key is accessed at the location indicated by the physical address (col. 3, line 66-col. 4, line 18) rather than by using a pointer to the real address of the key as taught by Funk. It would have been obvious to one of ordinary skill in the art to have the partition register included in the virtual key address of Funk since doing so would provide the benefits of providing additional protection to the encryption keys.
As per 7. The method of claim 2, wherein the key translation memory includes a plurality of contiguous virtual key addresses including the virtual key address [Diamant teaches contiguous virtual addresses in MMU 112 listed in the VA address column, where according to Diamant, “Access to the encryption key 142 may include CPU core 102 issuing a read transaction for the encryption key. The read transaction instruction includes the virtual address of the encryption key. The read transaction, with the encryption key’s virtual address, is received by the MMU 112… For the virtual address-to-physical address (VA-to-PA) translation for the encryption key, the corresponding physical address may be a physical address of the NVM 140 at which the encryption key 142 is located.” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)]; however, Diamant does not expressly disclose the keys associated only with the partition register; however, regarding these limitations, Funk teaches [the master encryption keys for the various partitions are stored in a master key table 408 within this reserved area of real addresses used by the non-dispatchable hypervisor. A master key for any partition is for that partition only, and is not shared with any other partition. In the preferred embodiment, each partition has a single master key, although it would alternatively be possible to provide multiple master keys for each partition, or to provide keys for some partitions and not others.” (par. 0072)]. It would have been obvious to one of ordinary skill in the art to modify Diamant to have the key associated with the partition register as taught by Funk since doing so would provide the benefits of facilitating protection of encryption keys (par. 0001) while providing partition isolation (par. 0015) and also providing an additional layer of protection (par. 0020).
As per claim 16. The system of claim 9, but does not expressly disclose the key security engine further operable to: decrypt, with the physical encryption key, a frame corresponding to a partition register [The rationale in the rejection of claim 2 is herein incorporated].  
As per claim 18. The system of claim 9, wherein the key translation memory includes a plurality of contiguous virtual key addresses including the virtual key address and associated only with the partition register [The rationale in the rejection of claim 7 is herein incorporated].  

Claims 4, 10-11, 14-15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Diamant et al. (US 10,303,621) in view of Funk et al. (US 2009/0214040) and Danilak (US 2007/0180515). 
As per claim 4. The method of claim 2, further comprising: obtaining, from a secure register, at least one key index address map, wherein the key index address map corresponds to the partition register [“It then determines a master key address in real memory of the key corresponding to the selected partition, using any available mechanism for key table 408. This master key address is loaded into master key address register 307” (par. 0087), Funk explains “Although referred to as a "table", master key table may be organized according to any of various techniques for structuring data, now known or hereafter developed.” (par. 0072) but does not expressly define the table as being in a secure register]; however, regarding these limitations, Danilak teaches [“the data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data.” (par. 0009) “A unique key is generated for each partition and the keys are securely stored in the controller. In response to a request from a software program, data is encrypted in a hardware encryption/decryption engine coupled to the controller using one of the keys and the encrypted data is stored in the corresponding partition of the data storage device.” (par. 0012)]. 
Diamant, Funk and Danilak are analogous art because they are from the same field of endeavor of memory access, control and data protection.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify the combination of Diamant and Funk to explicitly have the table or key index address map stored in a secure register such as the secure register taught by Danilak since doing so would provide the benefits of increasing the security of the stored partition key address map information.
Therefore, it would have been obvious to combine Diamant and Funk with Danilak for the benefit of creating a storage system/method to obtain the invention as specified in claim 4. 
As per claim 10. The system of claim 9, further comprising: a secure register operable to store at least one key index address map [The rationale in the rejection of claim 4 is herein incorporated].  
As per claim 11. The system of claim 10, the key security engine further operable to: obtain, from the secure register, the key index address map [The rationale in the rejection of claim 4 is herein incorporated].  
As per claim 14. The system of claim 11, wherein the key index address map corresponds to a partition register [The rationale in the rejection of claim 4 is herein incorporated].  
As per claim 15. The system of claim 14, wherein the partition register includes the virtual key address [Regarding these limitations, Funk teaches “Master key address register 307 contains a real address in memory of a master key used for encrypting/decrypting data, as explained in greater detail herein. This is the master key corresponding to the partition to which the CPU core is currently allocated. In accordance with the preferred embodiment, each CPU core is allocated to one and only one logical partition at any instant in time, although this allocation may change from time to time.” (par. 0050)]; however, according to Diamant, keys are accessed by virtual address, which is converted to a physical address and the key is accessed at the location indicated by the physical address (col. 3, line 66-col. 4, line 18) rather than by using a pointer to the real address of the key as taught by Funk. It would have been obvious to one of ordinary skill in the art to have the partition register included in the virtual key address of Funk since doing so would provide the benefits of providing additional protection to the encryption keys.  
As per claim 19. A non-transitory computer-readable media storing computer-readable instructions, such that when executed, causes a processing circuit to:… generate, by a key security engine, at least one key address translation index; [Diamant teaches “MMU 112 comprises multiple registers, with each register configured with a translation between a virtual address (or range of virtual addresses) and a corresponding physical address” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)]
obtain, from a key translation memory, at least one physical mapping address based on the key address translation index and at least one virtual key address; [“Access to the encryption key 142 may include CPU core 102 issuing a read transaction for the encryption key. The read transaction instruction includes the virtual address of the encryption key. The read transaction, with the encryption key’s virtual address, is received by the MMU 112… For the virtual address-to-physical address (VA-to-PA) translation for the encryption key, the corresponding physical address may be a physical address of the NVM 140 at which the encryption key 142 is located.” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)]
retrieve, from a physical key memory, at least one physical encryption key stored at the physical memory address; and… [Diamant teaches “The MMU receives the read request, accesses the register containing the virtual address from the read request, replaces the virtual address in the read request with the corresponding physical address, and forwards the modified read request to the NVM 140 for retrieval of the data at the specified physical address (the encryption key 142 in this case).” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)].  
Diamant does not expressly disclose obtain, from a secure register, at least one key index address map, the key index address map corresponding to a partition register; however, regarding these limitations, Funk teaches [“It then determines a master key address in real memory of the key corresponding to the selected partition, using any available mechanism for key table 408. This master key address is loaded into master key address register 307” (par. 0087), Funk explains “Although referred to as a "table", master key table may be organized according to any of various techniques for structuring data, now known or hereafter developed.” (par. 0072) but does not expressly define the table as being in a secure register].  
Diamant does not expressly disclose …decrypt, with the physical encryption key, a frame corresponding to the partition register; however, Funk discloses [“responsive to obtaining the master key address, the master key is retrieved at the real address contained in the register and provided to the crypto-engine (step 605). This master key may be in L2 or L3 cache, or in main memory, but since L1 cache is addressed with effective addresses (and might therefore be accessed by a task executing within a partition), the key would not be in L1 cache. Dispatch of the encryption/decryption instruction further causes accessing the address of the input data to be encrypted/decrypted (and optional address of resultant encrypted/decrypted data) from the corresponding GP register(s) 312 (steps 606). Similarly to the master key address, the input and resultant data address might be sent to the crypto-engine as part of a secure data packet, or the crypto engine might retrieve them from registers. Responsive to accessing the input data address, the input data is provided to the crypto-engine (step 607). This data may be in the L1 D-cache, or in another cache or main memory. If it is in a lower level cache or main memory, the address must be translated using address translate unite 324 to obtain the data. When the crypto-engine has both the master key and the input data, it performs the data transformation to encrypt/decrypt the data according to the applicable encryption/decryption algorithm. (step 608). The crypto engine then stores the encrypted/decrypted data in an appropriate result location (e.g., at an address previously provided), and signals to the CPU core that the operation is complete (step 609).” (par. 0095)].
Diamant and Funk are analogous art because they are from the same field of endeavor of memory access, control and data protection.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify Diamant to include a key index address map corresponding to a partition register and decrypt, with the physical encryption key, a frame corresponding to the partition register; as taught by Funk since doing so would provide the benefits of facilitating protection of encryption keys (par. 0001) while providing partition isolation (par. 0015) and also providing an additional layer of protection (par. 0020).
The combination of Diamant and Funk does not expressly refer to the key table which stores the keys index address map or the real addresses of the keys as being in a secure register; however, regarding these limitations, Danilak teaches [“the data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data.” (par. 0009) “A unique key is generated for each partition and the keys are securely stored in the controller. In response to a request from a software program, data is encrypted in a hardware encryption/decryption engine coupled to the controller using one of the keys and the encrypted data is stored in the corresponding partition of the data storage device.” (par. 0012)]. 
Diamant, Funk and Danilak are analogous art because they are from the same field of endeavor of memory access, control and data protection.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify the combination of Diamant and Funk to explicitly have the table or key index address map stored in a secure register such as the secure register taught by Danilak since doing so would provide the benefits of increasing the security of the stored partition key address map information.
Therefore, it would have been obvious to combine Diamant and Funk with Danilak for the benefit of creating a storage system/method to obtain the invention as specified in claim 19.

Claims 5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Diamant et al. (US 10,303,621) in view of Funk et al. (US 2009/0214040) and Danilak (US 2007/0180515) as applied in the rejection of claims 4 and 11 above, and further in view of Ng et al. (US 2015/0309999).
As per claim 5. The method of claim 4, the obtaining the key index address map comprising: obtaining a start address associated with the key translation memory; and [Diamant teaches “The physical address 0xB000000 of register 166 may be the base address of the NVM 140 as indicated by arrow 139.” (col. 4, lines 38-40) where the NVM 140 is the physical memory in which the encryption key 142 is located.” (col. 3, line 66-col. 4, line 18; figs. 1-2 and related text)] obtaining a partition key count corresponding to a partition register [Funk teaches “In the preferred embodiment, each partition has a single master key, although it would alternatively be possible to provide multiple master keys for each partition,” (par. 0072)] but does not expressly refer to obtaining a partition key count; however, regarding these limitations, Ng  teaches [“Relational database management system 300 initializes counters (step 311). Relational database management system 300 creates and initializes a counter for the number of unique limit key values remaining, and a counter for the number of unique limit key values used in a partition.” (par. 0079)]. 
Diamant, Funk, Danilak and Ng are analogous art because they are from the same field of endeavor of memory access, control and data protection.
Before the effective filing date of the claimed inventions, it would have been obvious to a person of ordinary skill in the art to modify the combination of Diamant, Funk and Danilak to include obtaining a partition key count as taught by Ng since doing so would provide the benefits of being able to keep track of the number of unique keys assigned to each partition; thus improving efficiency of key management.
Therefore, it would have been obvious to combine Diamant and Funk with Danilak  and Ng for the benefit of creating a storage system/method to obtain the invention as specified in claim 5.
As per claim 12. The system of claim 11, the key security engine further operable to: obtain, from the secure register, a start address associated with the key translation memory; and obtain, from the secure register, a partition key count corresponding to a partition register [The rationale in the rejection of claim 5 is herein incorporated].  
RELEVANT ART CITED BY THE EXAMINER
The following prior art made of record and not relied upon is cited to establish the level of skill in the applicant’s art and those arts considered reasonably pertinent to applicant’s disclosure. See MPEP 707.05(c).	Ouziel et al. (US 2020/0201786) teaches “a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs.”  (Abstract).9
Armstrong et al. (US 2009/0037682) teaches “The access control includes: associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition's virtual address space being shared by multiple entities, the key preventing access by one of the multiple entities to that portion of the virtual address space, and allowing access by another of the entities to that portion of the virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity, wherein the locking prevents the one entity from modifying the key and thereby gaining access to the portion of the single logical partition's virtual address space with the associated memory protection key.” (Abstract). 
Caronni et al. (US 2003/0133574) teaches “Memory mapping table 222 contains a plurality of maps for use by MMU 212 in translating a virtual address into a physical address. Memory mapping table 222 also includes key tags associated with the maps. These key tags may be used as indices into secret key table 205 to retrieve a secret key that corresponds to encrypted instructions and/or data associated with the memory location referenced by the relevant map.” (par. 0027). 
Chappell et al. (US 2020/0004959) teaches “index/tag encryption (e.g., including hashing) is used. This achieves context isolation by obfuscating the indexing function, possibly in conjunction with the tagging scheme. A unique (e.g., cryptographically-significant) key is maintained per context in one embodiment. The active context's key is combined (such as index encryption via a logic operation) with the structure's conventional index value to compute the true index value.” (par. 0081).
Chhabra et al. (US 2019/0042402) teaches “an apparatus includes a page miss handler to receive a full address including a linear address portion having a linear address and a key identifier portion having a key identifier for a key. The page miss handler may insert an entry including this key identifier in a translation storage. The apparatus further may include a remapping table having a plurality of entries each to store information regarding a key identifier.” (Abstract).
Shanbhogue et al. (US 2020/0201787) teaches “a virtual machine may be assigned four keys, although the SoC may support a much larger number of keys. The four keys may be identified by four KeyIDs that are loaded into the KAT register when the virtual machine is activated.” (par. 0042; fig. 4 and related text).
Sell et al. (US 2015/0095661) teaches “A system address space for memory is divided into a plurality of aliased addressed spaces. Each of the aliased address spaces is associated with its own unique encryption key. The system address space is managed using the aliased address spaces to provide data isolation and privacy for different system processes. One or more aliased address spaces can be provided with additional data integrity capabilities. Data associated with an integrity-checked aliased address space is subjected to data integrity checking, using authentication-based techniques such as hashing, for example. Additionally, a set of contiguous addresses in the aliased address space is defined, while being mapped to a set of non-contiguous addresses in the corresponding physical address space for additional data security.” (Abstract).
Brelot et al. (US 2012/0246489) teaches “The write data corresponding to the write request and the write address which is the remapped physical address are input to the encryption circuitry 35 and the write data is encrypted using an encryption key that is generated from this physical address. This encryption key may be generated directly from the physical address or at least a portion of the physical address or it may be generated from a number of things such as the physical and architectural or virtual address or the physical address and the data itself. The encryption is generally a fairly simple encryption process such that it does not delay the storage of the data within the register bank.” (par. 0038).

CLOSING COMMENTS
    a.   STATUS OF CLAIMS IN THE APPLICATION
	a(1) CLAIMS REJECTED IN THE APPLICATION
Per the instant office action, claims 1-5, 7-12 and 14-19 have received a first action on the merits and are subject of a first action non-final.
a(2) ALLOWABLE SUBJECT MATTER
Per the instant office action, claims 6, 13 and 20 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
6. The method of claim 5, the generating the key address translation index comprising: generating an offset based on the start address; and generating a virtual address block based on the start address and the partition key count.  
13. The system of claim 12, the key security engine further operable to: generate an offset based on the start address; and generate a virtual address block based on the start address and the partition key count.  
20. The non-transitory computer-readable media of claim 19, such that when executed, the processing circuit further configured to: obtain, from the secure register, a start address associated with the key translation memory; obtain, from the secure register, a partition key count corresponding to a partition register; generate an offset based on the start address; and generate a virtual address block based on the start address and the partition key count.
    b.  DIRECTION OF FUTURE CORRESPONDENCES
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YAIMA RIGOL whose telephone number is (571)272-1232, and email address is yaima.rigol@uspto.gov .  The examiner can normally be reached on Monday-Friday 9:00AM-5:00PM.
If attempts to reach the above noted Examiner by telephone are unsuccessful, the Examiner’s supervisor, Mr. Sanjiv Shah, can be reached at the following telephone number: Area Code (571) 272-4098. 
The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).



October 26, 2022
/YAIMA RIGOL/
Primary Examiner, Art Unit 2135