DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 8/31/2022.
Claims 3, 5, 8, 11-12 and 15 have been canceled.
Claims 1, 9 and 17 have been amended.
Claims 1-2, 4, 6-7, 9-10, 13-14 and 16-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments (i.e., “a branch prediction circuit comprising a return address stack, the branch prediction circuit being configured to store in the return address stack a target address in the set of instructions where a subroutine call was made”) with respect to independent claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 6-7, 9-10, 13-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over GROCUTT et al. (US 20190166158) (hereinafter GROCUTT) in view of Brandt et al. (US 20200133679) (hereinafter Brandt).	Extrinsic evidence Jeffrey Hoffstein et al. (NPL U: “An Introduction to Mathematical Cryptography”, pages 467-468, dated 2008, downloaded on 2/17/2022 from the Internet URL https://books.google.com/books?id=z2SBIhmqMBMC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false, hereinafter Hoffstein) is used to support the rejection of claims 1-2, 4, 6-14 and 16-20.
Regarding claim 1, GROCUTT discloses an apparatus comprising: a context-specific encryption key circuit configured to generate a key value (GROCUTT: see figure 5 
    PNG
    media_image1.png
    530
    836
    media_image1.png
    Greyscale
. //examiner remark: a key is generated as shown in figure 5), that is specific to a context of a set of instructions (GROCUTT: paragraphs 0021 and 0104, “by generating the key for the encoding operation (and reverse encoding operation if necessary) based on one or more identifiers 80-85, 88 associated with the current execution environment, and optionally based on further parameters such as random numbers of software-defined values, two different execution environments with different privilege levels are unlikely to have the same key and so it is hard for the attacker to train the branch predictor in one execution environment to trick an execution environment with greater data access privilege into branching to malicious code which may lead to exposure of secure data”); the context-specific encryption key circuit comprising: a random number generator circuit configured to generate a random number (GROCUTT: paragraph 0102, “a random value 86, which may a true random number or pseudo random number. The (pseudo) random number may be derived from at least one of: a per-logical processor (pseudo) random number 89 which is different for each logical processor; a per-physical processor (pseudo) random number 90 which is different for each physical processor core; and a system (pseudo) random number”); an identifier associated with the set of instructions (GROCUTT: paragraph 0104, “by generating the key for the encoding operation (and reverse encoding operation if necessary) based on one or more identifiers 80-85, 88 associated with the current execution environment, and optionally based on further parameters such as random numbers of software-defined values, two different execution environments with different privilege levels are unlikely to have the same key and so it is hard for the attacker to train the branch predictor in one execution environment to trick an execution environment with greater data access privilege into branching to malicious code which may lead to exposure of secure data”); and an entropy spreading circuit configured to combine the random number with the identifier to create the key value and to perform multiple iterations of combining to create the key value in which each iteration includes an output of a prior iteration as an input to a current iteration (GROCUTT: see figure 5; and paragraphs 0104-0105, “the key could be based on a one-way transformation applied to at least one key input parameter, where the at least one key input parameter includes at least one value associated with the current execution environment (e.g. the ASID, VMID, or exception level discussed above), but could also include other inputs such as a random number of software-writable value. By using a one-way transformation to generate the key” [Examiner notes: GROCUTT teaches the hashing technique/algorithm (i.e., one-way transformation) but has no details how it works.  However, a person having ordinary skill in the art can select one of hashing techniques to implement the teaching of GROCUTT, such as SHA-1.  SHA-1 is a well-known hashing technique/algorithm or a common knowledge in the art that uses loops and iterations for each round, see Hoffstein reference as an extrinsic evidence for the teaching of performing multiple iterations of combining to create the key value in which each iteration includes an output of a prior iteration as an input to a current iteration; a branch prediction circuit (GROCUTT: paragraphs 0034, 0043, 0106 and 0125, “the branch prediction circuitry may receive a query value comprising an indication of an instruction address of an instruction for which a branch prediction is to be made and perform a search using the query value. The search may for example identify whether the branch prediction circuitry stores any branch prediction state entry that is relevant to one or more instructions corresponding to the instruction address is specified by the query value”); a target address memory configured to store an encrypted version of the target address, wherein the target address is encrypted using, at least in part, the key value (GROCUTT: paragraphs 0045, 0058, 0060, 0067-0069, 0092, 0104 and 0125-0128, “the branch prediction circuitry may comprise a branch target prediction structure comprising a plurality of branch target entries, each branch target entry specifying at least a branch target address. The coding circuitry may comprise encryption circuitry to encrypt at least part of a new branch target entry to be written to the branch target prediction structure, using an encryption key associated with the current execution environment.”); and an instruction fetch circuit configured to decrypt the target address using, at least in part, the key value, and retrieve the target address (GROCUTT: see figure 12 
    PNG
    media_image2.png
    358
    691
    media_image2.png
    Greyscale
; and paragraphs 0068, 0070, 0074, 0125-0129, 0133 and 0141 “the tag information could be encrypted, in addition to (or instead of) encrypting the branch information which is indicative of the branch target address”, 0077 and 0125, “decryption circuitry 176 for decrypting branch information read from the branch target prediction structure, based on the encryption key associated with the current execution context. Key generating circuitry 179 (e.g. a linear feedback shift register or other random number generator) may generate keys from time to time for each context. Branch target prediction circuitry 178 (which may corresponding to the branch prediction control logic 150 of FIG. 8 as well as any cache access circuitry associated with the branch target prediction structure 142, 146 for generating target tag values and looking up the branch target entries to identify branch information for a given instruction fetch address) may generate a target tag from the instruction fetch address (e.g. using the region table 148), and control the branch target prediction structure to output the encrypted branch information if there is a hit in the branch target prediction structure”.//examiner remark, branch info comprises a branch target address).  GROCUTT further teaches the instruction fetch circuit being further configured to encrypt the target address such that a second program is unable to read a correct decrypted version of the target address (GROCUTT: paragraphs 0067, 0069, 0083 and 0131, “it is surprising encryption would be useful in a branch predictor, but by encrypting the branch information using an execution environment-specific key this makes attacks of the type discussed above much harder as it is more difficult for the attacker to control the location to which another execution environment branches when they do not know the keys associated with each execution environment”).
GROCUTT does not explicitly disclose the following limitation which is disclosed by Brandt, a branch prediction circuit comprising a return address stack, the branch prediction circuit being configured to store in the return address stack a target address in the set of instructions where a subroutine call was made (Brandt: paragraphs 0049 and 0066-0069, “the branch address calculator 442 maintains the return stack buffer 444 utilized as a branch prediction mechanism for determining the target address of return instructions, e.g., where the return stack buffer operates by monitoring all “call subroutine” and “return from subroutine” branch instructions. In one embodiment, when the branch address calculator detects a “call subroutine” branch instruction, the branch address calculator pushes the address of the next instruction onto the return stack buffer, e.g., with a top of stack pointer marking the top of the return stack buffer. By pushing the address immediately following each “call subroutine” instruction onto the return stack buffer, the return stack buffer contains a stack of return addresses in this embodiment. When the branch address calculator later detects a “return from subroutine” branch instruction, the branch address calculator pops the top return address off of the return stack buffer, e.g., to verify the return address predicted by the branch predictor 42”).  
GROCUTT and Brandt are analogous art because they are from the same field of endeavor, branch prediction.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of GROCUTT and Brandt before him or her, to modify the system of GROCUTT to include a branch prediction circuit being configured to store in a return address stack a target address in a set of instructions where a subroutine call was made of Brandt.  The suggestion/motivation for doing so would have been to prevent an attacker from controlling a victim's indirect branch predictions (e.g., by invalidating the indirect branch predictors at appropriate times) (Brandt: paragraph 0102).
Regarding claim 2, GROCUTT as modified further discloses wherein the target address memory includes a branch target buffer (GROCUTT: see figure 8, item 142 //examiner remark: BTB 142 is a branch target buffer 
    PNG
    media_image3.png
    553
    707
    media_image3.png
    Greyscale
; and paragraphs 0024 and 0107, “another example of a branch predictor 4, which includes a branch direction predictor (BDP) 140 for predicting whether branch instructions are taken or not taken, a branch target buffer (BTB) 142 for predicting the target address to which a branch instruction will redirect program execution in the event that it is taken, and a fetch queue 144 for queuing the fetch addresses identifying blocks of program instructions to be fetched from the cache 8 (note that in some cases the fetch queue could be regarded as part of the fetch stage 6 instead of part of the branch predictor 4, but the functionality would be the same).”).
Regarding claim 4, GROCUTT as modified further discloses wherein the identifier includes value selected from a set including: a process identifier, a virtual machine identifier, a privilege level, kernel identifier, and a security state value (GROCUTT: paragraphs 0048-0056, “the key may be based on any combination of one or more of the following: [0049] exception level (distinguishing between different modes of operation, for example user mode, kernel mode, hypervisor mode); [0050] privilege level (distinguishing between different execution permissions); [0051] ASID (address space ID--distinguishing different application-level execution contexts); [0052] VMID (virtual machine ID--distinguishing different operating-system or virtual-machine level execution contexts or applications with the same ASID running under control of different operating systems or virtual machines); [0053] NS (non-secure/secure state, indicating a current security state of the apparatus); [0054] physical processor core number (distinguishing processes executing on different processor cores provided in hardware); [0055] logical core number (distinguishing execution environments executed with different logical partitions of a shared processor core provided in hardware); and [0056] one or more software writeable registers”).
Regarding claim 6, GROCUTT as modified further discloses wherein the target address prediction circuit is configured to: encrypt the target address using, at least in part, a stream cipher and the key value, and store the encrypted version of the target address within the target address memory (GROCUTT: see figure 12
    PNG
    media_image2.png
    358
    691
    media_image2.png
    Greyscale
; and paragraph 0125, “The branch target prediction structure 142, 146 is provided with encryption circuitry 174 for encrypting branch information to be written to the branch target prediction structure, based on an encryption key associated with a current execution context, and decryption circuitry 176 for decrypting branch information read from the branch target prediction structure, based on the encryption key associated with the current execution context.”).
Regarding claim 7, GROCUTT as modified further discloses wherein the target address is encrypted such that, if an incorrect key value is employed in an attempt to decrypt the encrypted target address, a false target address is recovered (GROCUTT: paragraphs 0064, 0066, 0069, 0119 and 0134, “if one execution environment allocates the branch information it will be encrypted using a key associated with that environment, and then if there happens to be a false positive hit when another execution environment reuses the same tag information of that entry, the branch information would be decrypted using a key associated with the other execution environment, so would not indicate the same branch target address as the one originally provided by the execution environment which allocated the entry”…“This can lead to false positive hits in the branch target prediction structure, so that an incorrect branch target address may sometimes be returned and hence a branch misprediction may cause the wrong instructions to be executed following the branch”).
Regarding claim 9, claim 9 discloses a system claim that is substantially equivalent to the apparatus of claim 1.  Therefore, the arguments set forth above with respect to claim 1 is equally applicable to claim 9 and rejected for the same reasons.
Regarding claim 10, GROCUTT as modified further discloses wherein instruction fetch circuit is configured to prevent the second program from correctly reading the target address if the second program attempts to exploit a Spectre-class speculative execution flaw (GROCUTT: paragraphs 0066, 0069 and 0106, “As normally one would think of a branch predictor as a purely performance-enhancing measure which does not affect data security or integrity, it is surprising encryption would be useful in a branch predictor, but by encrypting the branch information using an execution environment-specific key this makes attacks of the type discussed above much harder as it is more difficult for the attacker to control the location to which another execution environment branches when they do not know the keys associated with each execution environment.”… “If an attacker attempts to use the branch predictor to pose an attack as discussed above, there may be more frequent branch mispredictions. Therefore, the rate of instruction fetch and decode faults could be used as an indicator that may provide a hint that an attack is being mounted. The monitor circuitry 95 could trigger an error response (such as raising an interrupt or exception), if an increase in the number of rate of instruction fetch or decode faults in a given time period by a certain threshold is detected ”).
Regarding claim 13, this claim recites the context-specific encryption key circuit to perform the steps as recited by the apparatus of claim 3 and has limitations that are similar to claim 3, thus is rejected with the same rationale applied against claim 3.
Regarding claim 14, this claim recites the context-specific encryption key circuit to perform the steps as recited by the apparatus of claim 4 and has limitations that are similar to claim 4, thus is rejected with the same rationale applied against claim 4.
Regarding claim 16, this claim recites the context-specific encryption key circuit to perform the steps as recited by the apparatus of claim 6 and has limitations that are similar to claim 6, thus is rejected with the same rationale applied against claim 6.
Regarding claim 17, claim 17 discloses a method claim that is substantially equivalent to the apparatus of claim 1 and the system of claim 9.  Therefore, the arguments set forth above with respect to claims 1 and 9 are equally applicable to claim 17 and rejected for the same reasons.
Regarding claim 18, GROCUTT as modified further discloses comprising: reading the instruction address within a target address memory, wherein reading comprises decrypting the encrypted version of the instruction address using, at least in part, the context-specific encryption key value (GROCUTT: paragraphs 0077 and 0125, “decryption circuitry 176 for decrypting branch information read from the branch target prediction structure, based on the encryption key associated with the current execution context. Key generating circuitry 179 (e.g. a linear feedback shift register or other random number generator) may generate keys from time to time for each context. Branch target prediction circuitry 178 (which may corresponding to the branch prediction control logic 150 of FIG. 8 as well as any cache access circuitry associated with the branch target prediction structure 142, 146 for generating target tag values and looking up the branch target entries to identify branch information for a given instruction fetch address) may generate a target tag from the instruction fetch address (e.g. using the region table 148), and control the branch target prediction structure to output the encrypted branch information if there is a hit in the branch target prediction structure”).
Regarding claim 19, GROCUTT as modified further discloses wherein the second stream of instructions is configured to exploit a Spectre-class speculative execution flaw (GROCUTT: paragraphs 0066, 0069 and 0106, “As normally one would think of a branch predictor as a purely performance-enhancing measure which does not affect data security or integrity, it is surprising encryption would be useful in a branch predictor, but by encrypting the branch information using an execution environment-specific key this makes attacks of the type discussed above much harder as it is more difficult for the attacker to control the location to which another execution environment branches when they do not know the keys associated with each execution environment.”… “If an attacker attempts to use the branch predictor to pose an attack as discussed above, there may be more frequent branch mispredictions. Therefore, the rate of instruction fetch and decode faults could be used as an indicator that may provide a hint that an attack is being mounted. The monitor circuitry 95 could trigger an error response (such as raising an interrupt or exception), if an increase in the number of rate of instruction fetch or decode faults in a given time period by a certain threshold is detected ”).
Regarding claim 20, GROCUTT as modified further discloses wherein generating a context-specific encryption key value includes utilizing and identifier associated with the first stream of instructions, wherein the identifier includes value selected from a set including: a process identifier, a virtual machine identifier, a privilege level, kernel identifier, and a security state value (GROCUTT: paragraphs 0048-0056, “the key may be based on any combination of one or more of the following: [0049] exception level (distinguishing between different modes of operation, for example user mode, kernel mode, hypervisor mode); [0050] privilege level (distinguishing between different execution permissions); [0051] ASID (address space ID--distinguishing different application-level execution contexts); [0052] VMID (virtual machine ID--distinguishing different operating-system or virtual-machine level execution contexts or applications with the same ASID running under control of different operating systems or virtual machines); [0053] NS (non-secure/secure state, indicating a current security state of the apparatus); [0054] physical processor core number (distinguishing processes executing on different processor cores provided in hardware); [0055] logical core number (distinguishing execution environments executed with different logical partitions of a shared processor core provided in hardware); and [0056] one or more software writeable registers”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed here and on the PTO-982.
Gellerich (US 11099851) 
SUkhomlonov (US 10929535) 
Adams (US 9129062)
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/TRANG T DOAN/Primary Examiner, Art Unit 2431