CTNF 19/029,433 CTNF 86415 DETAILED ACTION This Office Action corresponds to the filing of application on 01/17/2025 in which Claims 21-40 are presented for examination on the merits Notice of Pre-AIA or AIA Status The present application is being examined under the first inventor to file provisions of the AIA. Information Disclosure Statement The information disclosure statement (IDS) submitted on 01/17/2025 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached Drawings The drawings filed on 01/17/2025 are accepted by the examiner. Priority The application is filed on 01/17/2025 and claims priority of 04/27/2015 of CON application 4/696,581. Non-Statutory Double Patenting 08-33 AIA 1. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg , 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman , 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi , 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum , 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel , 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington , 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement, and there is no statutory double patenting rejection applied to other claim/claims of the set. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers , refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 2. Claims 21-40 of instant application are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US 12,321,443 B2, over claims 1-20 of US 11,263,306 B2, over claims 1-20 of Patent No. US 10,078,749 B2, over claims 1-20 of Patent No. US 9,747,435 B2, over claims 1-20 of Patent No. US 10,713,351 B2. Although the conflicting claims are not identical, they are not patentably distinct from each other because both applications recite similar an interface control circuit that is configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. Claim Comparison Table Instant Application: 19/029,433 Patent US 12,321,443 B2 21. A system on a chip (SoC), comprising: one or more processors; and secure processor circuitry that includes an internal processor, memory, and a plurality of cryptographic accelerator circuits isolated from the one or more processors, wherein the secure processor circuitry is configured to: receive, from a source external to the secure processor circuitry, a request to provide one of a plurality of secure services implemented by the secure processor circuitry using the cryptographic accelerator circuits; in response to receiving the request: perform a key wrapping operation that includes one of the plurality of cryptographic accelerator circuits wrapping a cryptographic key and corresponding usage information using a wrapping key included in the internal memory; andprovide the wrapped cryptographic key and corresponding usage information to a destination external to the secure processor circuitry. An apparatus comprising: an interface control circuit configured to receive a message including a particular cryptographic keyword and a policy value, wherein the policy value includes one or more data bits indicative of a set of policies that define allowable usage of the particular cryptographic keyword; and a security circuit configured to: use a hash algorithm to generate a hash value of the message; compare the hash value to an authentication value included in the message; based on a determination that the message is valid, extract the particular cryptographic keyword and the policy value from the message; determine that a particular policy of the set of policies indicates that the particular cryptographic keyword is restricted to decryption usage; and decrypt encrypted data using the particular cryptographic keyword. 22. (New) The SoC of claim 21, wherein the secure processor circuitry is configured to: derive the wrapping key using a hardware key that is unique to the SoC. 3. The apparatus of claim 1, wherein the security circuit is further configured to: determine that a different policy of the set of policies indicates that the particular cryptographic keyword is restricted to use with a particular decryption algorithm; and use the particular decryption algorithm to decrypt the encrypted data. 23. (New) The SoC of claim 21, wherein the secure processor circuitry includes programable fuses configured to store key material accessible to one or more of the plurality of cryptographic accelerator circuits. 4. The apparatus of claim 1, wherein the security circuit is further configured to: determine that the message includes a different cryptographic keyword; and determine that the policy value includes a different policy for use of the different cryptographic keyword. 24. (New) The SoC of claim 21, wherein the usage information includes an integrity value to check an integrity of the wrapped cryptographic key. 7. The apparatus of claim 4, wherein the security circuit is further configured to determine that the different policy of the set of policies indicates that the different cryptographic keyword is restricted to use in hashing functions. 25. (New) The SoC of claim 21, wherein the secure processor circuitry is configured to: receive a wrapped cryptographic key and corresponding usage information; unwrap the received wrapped cryptographic key using a wrapping key included in the internal memory; and authenticate the received wrapped key using the received corresponding usage information. 6. The apparatus of claim 4, wherein the security circuit is further configured to: determine that the different policy of the set of policies indicates that the different cryptographic keyword is restricted to encryption usage; and encrypt unencrypted data using the different cryptographic keyword. Claims 26-40 Claims 5, 7-20 Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 3. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA 4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-23-aia AIA 5. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 07-20-02-aia AIA 6. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA 7. Claim s 21-40 are rejected under 35 U.S.C. 103 as being unpatentable over Polzin et al. (US 20140086406 A1, hereinafter, Polzin) in view of Kaplan et al. (US 6704871 B1 hereinafter, Kaplan) . Regarding claim 21 , Polzin discloses a system on a chip (SoC), comprising: one or more processors; and secure processor circuitry that includes an internal processor, memory, and a plurality of cryptographic accelerator circuits isolated from the one or more processors (Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC)), wherein the secure processor circuitry is configured to: receive, from a source external to the secure processor circuitry, a request to provide one of a plurality of secure services implemented by the secure processor circuitry using the cryptographic accelerator circuits (Para 0007:software executing on the SOC may request a key, and the SOC may provide a "wrapped" key to the requesting software. The wrapped key is encrypted using a wrapping key, which is transmitted in hardware to the cryptographic hardware in the SOC); in response to receiving the request: perform a key wrapping operation that includes one of the plurality of cryptographic accelerator circuits wrapping a cryptographic key (Para 0032, 0099: transmit a request for a secure service to the security circuit, which may perform the secure service and return a result to the requestor…. secure keys is generated, and wrapped using a wrapping key so that the secure key itself is not exposed to software) and corresponding usage information using a wrapping key included in the internal memory (Para 0104, 0115: the wrapping key is required by the SOC in order to unwrap secure keys from wrapped keys. While the receiving logic could capture the wrapping key in a register to ensure availability, the receiving logic itself be powered down when not in use. To ensure availability of the wrapping key, the encryption circuit includes an "always on" section 186. The "always on" section 186 is powered independent of the rest of the SEP 16, and is powered on at any time that the SOC 10 is powered on…clock gating and/or power gating corresponds to idle timer expiration); and provide the wrapped cryptographic key and corresponding usage information to a destination external to the secure processor circuitry (Para 0035: Claim 1, 10: security circuit generates the first key, and wherein the security circuit generates a second key from the first key and a first local key, and wherein the security circuit delivers the first key via hardware transmission to a first circuit external to the security circuit; Para 0063: data is transmitted by the SEP 16 on the fabric 27 wherein security peripheral 36A may by an encryption circuit configured to encrypt the write data as it is provided by the processor to be transmitted on the fabric 27). Polzin does not explicitly states but Kaplan from the same or similar fields of endeavor teaches wrapping corresponding usage information using a wrapping key included in the internal memory (Kaplan, Col. 185, lines 37-41: wrapped/secret key that is encrypted, via a KEK, to protect the key from being seen by an untrusted party. Same as a Black key or a Covered key; Col. 130, lines 52-67, Col. 87, lines 52-61: the application must also provide a key usage definition. This is passed in via the argument, use, and is provided…wherein the CryptC incorporates a Secure key management System into both its hardware and CGX firmware wherein key management implementations includes key handling and usage information). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed wherein wrapping corresponding usage information using a wrapping key included in the internal memory as taught by Kaplan in the teachings of Polzin for the advantage of providing security blocks implement the security features of the cryptographic co-processor as well as protection schemes. (Kaplan, Col. 4 lines 50-57). Regarding claim 22 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the secure processor circuitry is configured to: derive the wrapping key using a hardware key that is unique to the SoC (Polzin, Claim 22, Para 0069: security circuit is configured to transmit the third local key in hardware to cryptographic peripherals external to the security circuit; Kaplan Col. 100, lines 25-30: CryptIC provides support for eight kinds of symmetric keys: LSV, hardware only, protection, generated, loaded, imported, negotiated, transformed, and derived. The master key is the unique LSV laser programmed into each CryptIC device). Regarding claim 23 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the secure processor circuitry includes programable fuses configured to store key material accessible to one or more of the plurality of cryptographic accelerator circuits (Polzin, Claims 14: a plurality of fuses storing an instance-specific value, wherein the first encryption unit is configured to generate the first local key responsive to the instance-specific value and an instance-invariant seed). Regarding claim 24 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the usage information includes an integrity value to check an integrity of the wrapped cryptographic key (Polzin Para 0033, 0072: protecting private data includes ensuring the integrity and confidentiality of the data, and the availability of the data to authorized access. Preventing unauthorized use may include, e.g., ensuring that a permitted use is paid for (e.g. network access by a portable device) and may also include ensuring that nefarious acts are prevented.. the authentication circuit 36C implements secure hash algorithms (SHA) such as SHA-1 or SHA-2, or any other authentication algorithms) Regarding claim 25 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the secure processor circuitry is configured to: receive a wrapped cryptographic key and corresponding usage information (Kaplan, Col. 185, lines 37-41: wrapped/secret key that is encrypted, via a KEK, to protect the key from being seen by an untrusted party. Same as a Black key or a Covered key; Col. 130, lines 52-67, Col. 87, lines 52-61: : the application must also provide a key usage definition. This is passed in via the argument, use, and is provided… wherein the CryptC incorporates a Secure key management System into both its hardware and CGX firmware wherein key management implementations includes key handling and usage information); unwrap the received wrapped cryptographic key using a wrapping key included in the internal memory (Polzin Para 0099: deliver the wrapped key to an SOC cryptographic peripheral, which may unwrap the secure key using the wrapping key delivered by the encryption circuit 36B over the Key_Out wires. The secure key may then be used for the cryptographic operations within the SOC cryptographic peripheral.); and authenticate the received wrapped key using the received corresponding usage information (Polzin Para 0032, 0036: secure services includes secure key generation, where the keys is by components external to the security circuit for various security functions such as encryption or authentication implementing various authentication algorithms,. The result of secure key generation is the key, or a wrapped key ). Regarding claim 26 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the usage information includes a size associated with the wrapped cryptographic key (Polzin Para 0095: memory controller 22 (and more particularly the control circuit 130) may be configured to manage access to the trust zones responsive to the data written in the configuration registers 38. The data may describe the size and location of the trust zones (e.g. using a base address and size, or limit, or a base address and ending address). Regarding claim 27 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the usage information includes an algorithm associated with the wrapped cryptographic key (Polzin Para 0036: he security peripherals may include authentication hardware implementing various authentication algorithms, encryption hardware configured to perform encryption, secure interface controllers configured to communicate over a secure interface to an external (to the SOC 10) device). Regarding claim 28 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the usage information includes an expiration information associated with the wrapped cryptographic key (Polzin Para 0104, 0115: the wrapping key is required by the SOC in order to unwrap secure keys from wrapped keys. While the receiving logic could capture the wrapping key in a register to ensure availability, the receiving logic itself be powered down when not in use. To ensure availability of the wrapping key, the encryption circuit includes an "always on" section 186. The "always on" section 186 is powered independent of the rest of the SEP 16, and is powered on at any time that the SOC 10 is powered on…clock gating and/or power gating corresponds to idle timer expiration). Regarding claim 29 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the plurality of cryptographic accelerator circuits include a cryptographic accelerator circuit configured to perform public key cryptographic operations for the secure processor circuitry (Kaplan, abstract: encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator). Regarding claim 30 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the plurality of cryptographic accelerator circuits include a cryptographic accelerator circuit configured to implement a random number generation for the secure processor circuitry (Polzin Para 0060: The filter 62 is configured to tightly control access to the SEP 16 to increase the isolation of the SEP 16 from the rest of the SOC 10, and thus the overall security of the SOC 10 wherein filter 62 supplies any data as nonce data i.e. random data from a random number generator) Regarding claim 31 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein the secure processor circuitry includes: a read-only memory (ROM) having boot code stored therein that is executable by the internal processor to boot the secure processor circuitry (Polzin Para 0068: he secure ROM 34 may include the boot code for the SEP 16. Additionally, in some embodiments, the secure ROM 34 may include other software executed by the SEP processor 32 during use (e.g. the code to process inbox messages and generate outbox messages, code to interface to the security peripherals 36A-36E, etc.). Regarding claim 32 , the combination of Polzin and Kaplan discloses the SoC of claim 21, wherein one or more of the plurality of cryptographic accelerator circuits are configured to perform a cryptographic operation responsive to a request issued by the internal processor (Kaplan, Fig. 5 : IDMA access to internal dsp data memory or program memory; Col. 6, lines 39-45: The protected kernel RAM 32 provides a secure storage area on the cryptographic co-processor for sensitive data such as keys or intermediate calculations during public key operations. The kernel mode control circuit 24 controls access by only allowing the internal secure kernel mode access to this RAM.). Regarding claim 33 ; Claim 33 is similar in scope to claim 21, and is therefore rejected under similar rationale. Regarding claim 34 ; Claim 34 is similar in scope to claim 25, and is therefore rejected under similar rationale. Regarding claim 35 ; Claim 35 is similar in scope to claim 22, and is therefore rejected under similar rationale. Regarding claim 36 ; Claim 36 is similar in scope to claim 23, and is therefore rejected under similar rationale. Regarding claim 37 , the combination of Polzin and Kaplan discloses the device of claim 33, wherein the secure processor circuitry is configured to: communicate the wrapping key via a secure bus associated with the secure processor circuitry (Polzin, Claim 22, Para 0044, 0069: security circuit is configured to transmit the third local key in hardware to cryptographic peripherals external to the security circuit; The communication fabric 27 is interconnect and protocol for communicating among the components of the SOC 10. The communication fabric 27 may be bus-based, including shared bus configurations, cross bar configurations, and hierarchical buses with bridges). Regarding claim 38 ; Claim 38 is similar in scope to claim 21, and is therefore rejected under similar rationale. Regarding claim 39 ; Claim 39 is similar in scope to claim 24, and is therefore rejected under similar rationale. Regarding claim 40 ; Claim 40 is similar in scope to claim s 24-28, and is therefore rejected under similar rationale . Conclusion 07-96 AIA 8. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hussain et al. (US 7376125 B1) discloses a method for providing IP services. A packet is received at a line interface/network module and forwarded to a virtual routing engine The virtual routing engine determines if the packet requires processing by a virtual services engine. If the packet requires processing by the virtual services engine, the packet is routed to the virtual services engine for processing. Ober et al. (US 6708273 B1) discloses A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA interface . 9. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638. The examiner can normally be reached on Monday thru Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498 Application/Control Number: 19/029,433 Page 2 Art Unit: 2498 Application/Control Number: 19/029,433 Page 3 Art Unit: 2498 Application/Control Number: 19/029,433 Page 4 Art Unit: 2498 Application/Control Number: 19/029,433 Page 5 Art Unit: 2498 Application/Control Number: 19/029,433 Page 6 Art Unit: 2498 Application/Control Number: 19/029,433 Page 7 Art Unit: 2498 Application/Control Number: 19/029,433 Page 8 Art Unit: 2498 Application/Control Number: 19/029,433 Page 9 Art Unit: 2498 Application/Control Number: 19/029,433 Page 10 Art Unit: 2498 Application/Control Number: 19/029,433 Page 11 Art Unit: 2498 Application/Control Number: 19/029,433 Page 12 Art Unit: 2498 Application/Control Number: 19/029,433 Page 13 Art Unit: 2498 Application/Control Number: 19/029,433 Page 14 Art Unit: 2498 Application/Control Number: 19/029,433 Page 15 Art Unit: 2498 Application/Control Number: 19/029,433 Page 16 Art Unit: 2498 Application/Control Number: 19/029,433 Page 17 Art Unit: 2498 Application/Control Number: 19/029,433 Page 18 Art Unit: 2498 Application/Control Number: 19/029,433 Page 19 Art Unit: 2498 Application/Control Number: 19/029,433 Page 20 Art Unit: 2498