Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 6-20 are rejected under 35 U.S.C. 103 as being unpatentable overMartel et al. (Hereinafter referred to as Martel, US. Pat. No.: 10691837) in view of Park et al.  (Hereinafter referred to as Park, US. Pub. No.: 20120210115).

As per claim 1:
Martel discloses a storage device, comprising: 
a basic memory to store a message received from an external device (Figure 9E: NVM 105, Memory 150 through Shared Buffer 908; column 19: lines 16-25: non-volatile memory and a non-volatile memory controller (NVM 105, NVM controller 230), a secure enclave processor (SEP 260), and secure memory);
a security memory to store a key for authenticating the message (Figure 9E: Secure Memory 410; column 19: lines 20-50: secure memory; Figure 5C: Secure memory 410);
a controller to output a control signal (Figure 9E: NVM Controller 230; column 19: lines 33-40: NVM controller 230 can communicate with the SEP 260 via a secure connection 802); and 


Martel does not explicitly disclose the key to be stored and to be obtained is an authentication key. Park, in analogous art however, discloses the key to be stored and to be obtained is an authentication key (0021: generated by encrypting an original message using a public authentication key and private authentication key; 0023: a unique key storing unit storing a unique key for authenticating the message authentication code; 0107: storing authentication key). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitation key disclosed by Martel to include an authentication key. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a secure boot method and system to authenticate a boot image using a unique key that is unique for each system, and thus perform a secure boot operation using the authenticated boot image as suggested by Park (00006; 0028).

As per claim 2:
Martel discloses wherein the security engine is to block transferring the authentication key from the security memory to the controller (Column 11: lines55-58; 

As per claim 3:
Martel discloses wherein the basic memory and the security memory are a nonvolatile memory (Figure 9E: NVM 105, Memory 150; Column 11: lines55-58; the secure memory 410 is an encrypted portion of system memory that is accessible only to the SEP 260).

As per claim 6:
Martel discloses wherein the basic memory and the security memory operate independently from each other (column 14: lines 45-50: all system authentication attempts for a data processing system are routed through a secure enclave processor; column 15: lines 10-20: system authentication verifier resides in secure memory accessible only to the SEP).

As per claim 7:
Park discloses wherein the security memory and the basic memory are included in a same memory device, and the security memory corresponds to a one-time programmable (OTP) area of the same memory device (0059: the unique key storing unit may be implemented by a one-time programmable (OTP) memory; 0063; 0082-0083: OTP memory).

As per claim 8:


As per claim 9:
Martel discloses wherein the authentication key is stored only in the security memory among the basic memory and the security memory (column 11: lines 55-65: a portion of the secure memory 410 can reside within a SOC that houses the SEP; column 15: lines 40-50: SOC for storing unique keys).

As per claim 10:
Martel discloses an electronic device, comprising:
a basic memory to store a message and a sent from an external device (Figure 9E: NVM 105, Memory 150 through Shared Buffer 908; column 19: lines 16-25: non-volatile memory and a non-volatile memory controller (NVM 105, NVM controller 230), a secure enclave processor (SEP 260), and secure memory; column 20: lines 20-31: HMAC key derivation);
a security memory to store a key for authenticating the message (Figure 9E: Secure Memory 410; column 19: lines 20-50: secure memory; Figure 5C: Secure memory 410);
a controller to output a control signal (Figure 9E: NVM Controller 230; column 19: lines 33-40: NVM controller 230 can communicate with the SEP 260 via a secure connection 802); and


Martel does not explicitly disclose the key to be stored and to be obtained is an authentication key, to send and generate a first and a second message authentication code. Park, in analogous art however, discloses the key to be stored and to be obtained is an authentication key, to send and generate a first and a second message authentication code (0021: generated by encrypting an original message using a public authentication key and private authentication key; 0023: a unique key storing unit storing a unique key for authenticating the message authentication code; 0107: storing authentication key; 0067-0069: generate first and second message authentication code). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitation disclosed by Martel to include an authentication key, to send and generate a first and a second message authentication code. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a secure boot method and system to authenticate a boot image using a unique key that is unique for each system, and thus perform a secure boot operation using the authenticated boot image as suggested by Park (00006; 0028).

As per claim 11: 
Martel discloses wherein the authentication key is blocked by a protocol from being output to the controller, the protocol being defined for communication between the controller and the security engine (Figure 9E: Secure communication 802, established by encrypted connection protocol between NVM controller 230 and Security engine SEP 260).

As per claim 12:
Martel discloses wherein information for predicting the authentication key is prevented from being output from the security engine to the controller (Figure 9E: Secure communication 802, established by encrypted connection protocol between NVM controller 230 and Security engine SEP 260).

As per claim 13:
Park discloses wherein the controller is to authenticate the message when the first message authentication code is matched with the second message authentication code (0074 executing MAC algorithm to match; 0076: MAC verification).

As per claim 14:
Park discloses wherein the controller is to generate a signal for performing an operation indicated by the message when the message is authenticated (0074; 0076: generating MAC verification).

As per claim 15:
Park discloses wherein the controller stops an operation indicated by the message when the message is not authenticated (0075-0076: when MAC verification fails, terminate operation).

Asper claim 16:
Park discloses wherein the basic memory is to store information of a cryptographic function, and wherein the cryptographic function generates the second message authentication code based on the authentication key and the message (0016: generate message authentication code using unique key and message; 0018; 0074).

As per claim 17:
Martel discloses a storage device comprising:
a basic memory to store a message (Figure 9E: NVM 105, Memory 150 through Shared Buffer 908; column 19: lines 16-25: non-volatile memory and a non-volatile memory controller (NVM 105, NVM controller 230), a secure enclave processor (SEP 260), and secure memory; column 20: lines 20-31: HMAC key derivation);
a security memory to store an authentication key for protecting the message (Figure 9E: Secure Memory 410; column 19: lines 20-50: secure memory; Figure 5C: Secure memory 410);
a controller to output a control signal (Figure 9E: NVM Controller 230; column 19: lines 33-40: NVM controller 230 can communicate with the SEP 260 via a secure connection 802); and


Martel does not explicitly disclose the key to be stored and to be obtained is an authentication key, to generate a message authentication code based on the authentication key. Park, in analogous art however, discloses the key to be stored and to be obtained is an authentication key, to generate a message authentication code based on the authentication key (0021: generated by encrypting an original message using a public authentication key and private authentication key; 0023: a unique key storing unit storing a unique key for authenticating the message authentication code; 0107: storing authentication key; 0067-0069: generate first and second message authentication code). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitation disclosed by Martel to include an authentication key, and to generate a message authentication code based on the authentication key. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a secure boot method and system to authenticate a boot image using a unique key that is unique for each system, and thus perform a secure boot operation using the authenticated boot image as suggested by Park (00006; 0028).


As per claim 18:
Martel discloses wherein the security engine is to block the authentication key from being output from the security memory to the controller (Column 11: lines55-58; the secure memory 410 is an encrypted portion of system memory that is accessible only to the SEP 260).

As per claim 19:
Park discloses wherein the security engine is to block the authentication key from being output from the security engine to the controller (0059: the unique key storing unit may be implemented by a one-time programmable (OTP) memory; 0063; 0082-0083: OTP memory to store unique key or authentication key).

As per claim 20:
Martel discloses wherein the authentication key is stored only in the security memory among the basic memory and the security memory (column 11: lines 55-65: a portion of the secure memory 410 can reside within a SOC that houses the SEP; column 15: lines 40-50: SOC for storing unique keys).

Allowable Subject Matter
Claims 4 and 5 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
In Claim 4: wherein the security engine is to calculate a message authentication code based on the message and the authentication key and to output a comparison result obtained by comparing the calculated message authentication code with a message authentication code sent from the external device, and wherein the controller is to determine whether the message is authenticated, based on the comparison result.
In claim 5: wherein the security engine is to calculate a message authentication code based on the message and the authentication key, and wherein the controller is to determine whether the message is authenticated, based on a comparison result obtained by comparing the calculated message authentication code with a message authentication code sent from the external device.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784.  The examiner can normally be reached on 9:30am to 6:30pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/TECHANE GERGISO/Primary Examiner, Art Unit 2494