Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

This action is in response to the communication filed on 1/29/21.
All objections and rejections not set forth below have been withdrawn.
Claims 1, and 3 - 20 are pending.

Claim Objections

Claims 7, 8, 14, and 15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Specification

The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: 
The specification fails to provide proper antecedent basis for the recitations of “…a processing device to: … authenticate the data …without allowing access, by the host computing system, to the secure protocol metadata…”.  Specifically, the applicant’s disclosure fails to describe how the claimed processing device is to perform the claimed feature of “without allowing access” to the metadata by the host system.  
  
Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, and 3 – 8 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  Applicant has not pointed out where the new (or amended) claim is supported, nor does there appear to be a written description of the claim limitations in the application as filed (see above objection to the specification).   

	

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, and 3, 4, 9 – 12, and 16 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over Digi-Key (Digi), “How to Secure IoT Device Communications with a Single Chip”, in view of Di Vito (Vito), “Protect TLS in IoT Devices with Secure Companion ICs”.  

	Regarding claim 1, Digi discloses: 
An apparatus comprising: a non-volatile memory (NVM) device (e.g. Digi, fig. 2 – the NVM device or “MAXQ1061”) coupled to a host computing system (e.g. Digi, pg. 1; fig. 3; IoT host device), the NVM device comprising a processing device (e.g. Digi, fig. 2; cryptographic controller) to: 
initiate a connection with a server via the host computing system that is communicatively coupled to the server (e.g. Digi, fig. 1; fig. 3 – the MAXQ1061 performs the TLS handshake protocol with the server via a host [i.e. MAXQ1061<->Host<->Server], including sending a client hello message, i.e.  “initiating a connection”); 
receive, in response to initiation of the connection with the server, a communication packet from the server via the host computing system (e.g. Digi, fig. 3; TLS communications between MAXQ1061<->Host<->Server), the communication packet comprising a request to initiate secure communications (e.g. Digi, fig. 1; fig. 3 – the MAXQ1061 performs the TLS protocol with the server – including receiving the server hello message or “request”); 
perform a secure handshake with the server, via communication through the host computing system, using a secure protocol (e.g. Digi, fig. 3; pg. 5 – tls handshake [i.e. “secure protocol”] with server via host); 
receive data, via the host computing system, from the server within a secure protocol packet (e.g. Digi, fig. 3; pg. 4,par. 2; pg. 5, par. 2 – herein, the data received from the host, via SPI interface); 
Digi discloses that the MAXQ1061 IC performs the TLS protocol, including the decryption of data during the secure data exchange or session.  However, Digi does not appear to explicitly teach that TLS further comprises the authentication of the data during secure data exchange.  
However, Vito also discloses an IOT device comprising the MAXQ1061 IC for implementing the TLS protocol, and furthermore discloses that the TLS protocol comprises authentication of the received data using the TLS keys (e.g. Vito, pg. 3, 
It would have been obvious to one of ordinary skill in the art to recognize that the MAXQ1061 IC of Digi should authenticate the received data, because one of ordinary skill in the art would have been motivated by the teachings that the TLS protocol comprises the authentication of received data (e.g. Vito, pg. 3, “Description of the TLS Protocol”, step 2; pg. 3, “Establishment (Handshake) Phase”, step 4 – TLS keys used to sign exchanged data; pg. 4, “Secure Communication Phase”, receiver verifies received packets).
Thus, the combination enables:
authenticate the data using at least a secure protocol metadata retrieved from the secure protocol packet without allowing access, by the host computing system, to the secure protocol metadata (e.g. Digi, pg. 1, par. 6 – security parameters, i.e. “metadata” for implementing TLS protocol; fig. 3 – secure data exchange; pg. 4, par. 2; pg. 5, par. 1 – MAXQ1061 processor handles the TLS protocol, and all data remains inside MAXQ1061 processor; e.g. Vito, pg. 3, “Description of the TLS Protocol”, step 2). 
and store the data in NVM storage elements of the NVM device (e.g. Digi, fig. 2 – NVM filesystem; pg. 4, par. 2 – secure storage is used to protect data in transit and at rest). 



Regarding claim 3, the combination enables:
wherein the processing device is to provide access, by the host computing system, to the data stored in the NVM storage elements (e.g. Digi, fig. 3; pg. 5, par. 2 – DMA controller provides data to host via SPI interface).

Regarding claim 4, the combination enables:
wherein the secure protocol comprises one of secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and wherein the secure handshake includes a series of sequencing operations that lead to a series of cryptographic operations (e.g. Digi, fig. 1 – TLS protocol handshake and secure data exchange). 

Regarding claims 9, 10, 12, and 16 – 19, they comprise essentially similar recitations, and they are rejected, at least, for the same reasons.  Furthermore, regarding:

Regarding claim 9, Digi discloses:
initiating, by a processing device of a non-volatile memory (NVM) device (e.g. Digi, fig. 2 – the NVM device or “MAXQ1061”), a connection to a server via a host computing system that is coupled to the NVM device (e.g. Digi, pg. 1; fig. 3; IoT host device) and communicatively coupled to the server (e.g. Digi, fig. 1; fig. 3 – the MAXQ1061 performs the TLS handshake protocol with the server via a host [i.e. MAXQ1061<->Host<->Server], including the client hello [i.e. “initiating a connection”]);
 receiving, by the processing device, in response to initiation of the connection with the server, a communication packet from the server via the host computing system, the communication packet comprising a request to initiate secure communications; 
performing, by the processing device, a secure handshake with the server, via communication through the host computing system, using a secure protocol (e.g. Digi, fig. 1; fig. 3 – the MAXQ1061 performs the TLS protocol with the server – including receiving the server hello message or “request”) that generates a session key of a pair of session keys, … (e.g. Digi, pg. 3, par. 4; pg. 4, par. 2, 3 – two master secrets [i.e. “a pair”] – used as session keys - are generated, one by the MAXQ1061 and the other by the server);
While, Digi suggests the secure storage of the session key (e.g. Digi, pg. 4, par. 2, 3 – secret data is securely stored and never leaves the MAXQ1061 chip), Digi does not appear to explicitly state that the “the session key being inaccessible to the host computing system”.  
However, Vito teaches that the MAXQ1061 IC securely stores the session keys internally and they cannot be extracted from the IC (e.g. Vito, pg. 5, col. 2, session keys do not leak from the IC). 
It would have been obvious to one of ordinary skill in the art to prevent the leakage of session keys as taught by Vito within Digi’s teachings of the MAXQ1061 IC, because one of ordinary skill in the art would have been motivated by the need to operate according to the specifications of the MAXQ1061 IC. 
Thus, the combination enables:
receiving, by the processing device, encrypted data, via the host computing system from the server within a secure protocol packet (e.g. Digi, fig. 3; pg. 4,par. 2; pg. 5, par. 2 – herein, encrypted data is received from the host, via SPI interface); 
decrypting, by the processing device using the session key, the encrypted data to generate plaintext data (e.g. Digi, pg. 5; fig. 3 – stream decryption); 
and storing, by the processing device, the plaintext data in NVM storage elements of the NVM device (e.g. Digi, fig. 2 – NVM filesystem; pg. 4, par. 2 – decrypted data is embodied by the MAXQ1061, wherein secure storage is used to protect data in transit and at rest). 

Regarding claim 10, the combination enables:
wherein performing the secure handshake comprises exchanging secure protocol data within serial peripheral interface (SPI) packets with the host computing system (e.g. Digi, pg. 5, par. 2). 

Regarding claim 12, the combination enables:
wherein the secure protocol comprises one of secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and wherein the secure handshake includes a series of sequencing operations that lead to a series of cryptographic operations (e.g. Digi, fig. 1 – TLS protocol handshake and secure data exchange). 
 
Regarding claims 16 – 19, they comprise essentially similar recitations, and they are rejected, at least, for the same reasons.  Furthermore, regarding:
Regarding claim 16, the combination enables:
A system comprising: a non-volatile memory (NVM) device to attempt to connect to a server via a host computing system; and the host computing system in networked communication with the server and with the NVM device (e.g. Digi, fig. 3 – MAXQ1061<->Host<->Server), the host computing system to: 
transmit a communication packet from the server to the NVM device, the communication packet comprising a request to initiate secure communications with the NVM device (e.g. Digi, fig. 1; fig. 3 – the MAXQ1061 performs the TLS protocol with the server – including receiving the server hello message or “request”); 
facilitate performance of a secure handshake between the NVM device and the server, the secure handshake using a secure protocol to initiate the secure communications in which the NVM device generates a first session key of a pair of session keys that is inaccessible to the host computing system due to being stored in a crypto buffer of the NVM device (e.g. Digi, fig. 3; pg. 5 – tls handshake [i.e. “secure protocol”] with server via host; Digi, pg. 3, par. 4; pg. 4, par. 2, 3 – two master secrets [i.e. “a pair”] – used as session keys - are generated, one by the MAXQ1061 and the other by the server; e.g. Vito, pg. 5, col. 2, session keys do not leak from the IC). 
receive, from the server, a transport control protocol (TCP) packet that comprises a secure protocol packet, wherein the secure protocol packet comprises encrypted data, which the server encrypted with a second session key of the pair of session keys (e.g. Digi, pg. 3, par. 4; pg. 4, par. 2, 3; fig. 3; fig. 5; pg. 7, par. 1 – TLS encrypted data encapsulated using the TCP/IP network stack); 
remove a TCP header of the TCP packet to expose the secure protocol packet (e.g. Digi, fig. 3 – decrypt data – the examiner notes that the TLS stack is built upon the TCP/IP network stack, thus requiring the removal of a TCP/IP header before TLS protocol decryption).  
generate a serial peripheral interface (SPI) packet via appending a SPI crypto-write command and a secure protocol operation identifier to the secure protocol packet, wherein the SPI crypto-write command is to cause the SPI packet to be written into the crypto buffer of the NVM device (e.g. Digi, pg. 5, par. 2; pg. 6 – SPI api commands);
and transmit the SPI packet to the NVM device (e.g. Digi, fig. 3 – encrypted data to the MAXQ1061). 

Regarding claim 17, the combination enables:
wherein the secure protocol comprises one of secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and wherein the secure handshake includes a series of sequencing operations that lead to a series of cryptographic operations (e.g. Digi, fig. 1 – TLS protocol handshake and secure data exchange). 

Regarding claim 18, the combination enables:
wherein the host computing system comprises a bridge driver, wherein to facilitate performance of the secure handshake, the bridge driver is to: convert TCP packets from the server to SPI packets that are transmitted to the NVM device; and convert SPI packets from the NVM device to TCP packets that are transmitted to the server (e.g. Digi, pg. 6; fig. 5 – SPI driver; pg. 7, par. 1 – TLS data transported via the TCP/IP network stack). 

Regarding claim 19, the combination enables:
wherein the host computing system comprises a bridge driver, wherein to generate the SPI packet, the bridge driver is to: partition the encrypted data to generate portions of the encrypted data; and generate SPI packets by appending the SPI crypto-write command and the secure protocol operation identifier to respective portions of the encrypted data (e.g. Digi, pg. 6; fig. 5 – SPI driver communicates the data communications via a plurality of formatted byte strings). 


Claims 5, 6, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Digi-Key (Digi), “How to Secure IoT Device Communications with a Single Chip”, in view of Di Vito (Vito), “Protect TLS in IoT Devices with Secure Companion ICs”, in view of Embedded Staff (Staff), "Physically securing critical data with non-imprinting memory and hardware AES".  

Regarding claim 5, the combination of Digi and Vito fails to explicitly state that the NVM device is a “flash memory device” comprising SRAM.  However, like Digi (e.g. fig. 1: SPI to AES engine), Staff discloses a MAXIM controller comprising an SPI to AES engine (e.g. Staff, fig. 1), and further teaches that the controller should interface the AES engine to a flash memory (e.g. Staff, fig. 1; pg. 2 – i.e. “a flash memory device”), comprise non-imprinting flash memory (e.g. Staff, pg. 3, “Encryption keys” – i.e. “a flash memory device”) wherein the memory is operated by a SRAM controller (e.g. Staff, pg. 6 – i.e. memory is SRAM).

Thus, the combination enables:
wherein the NVM device is a flash memory device (e.g. Staff, pg. 3, “Encryption keys” – i.e. “a flash memory device”; Staff, pg. 6 – i.e. memory is SRAM), which further comprises, coupled to the processing device: a memory controller having a serial peripheral interface (SPI) slave coupled to an SPI master of the host computing system (e.g. Digi, fig. 4; SPI slave), wherein the secure handshake is performed via transmission of data within SPI packets exchanged between the SPI slave and the SPI master (e.g. Digi, fig. 4: SPI slave to SPI; fig. 3 – controller to host); a cryptographic accelerator to perform cryptographic operations via execution of a cryptographic toolkit that is programmed into the cryptographic accelerator (e.g. Digi, fig. 2 – AES engine w/ Fast AES Command set – i.e. ‘toolkit’); and a static random access memory (SRAM) coupled to the memory controller, the SRAM inaccessible by the host computing system (e.g. Digi, fig. 2: AES engine; pg. 5, par. 2 – AES engine coupled to memory controller; Staff, fig. 1: AES engine to 1KB Flash SRAM; pg. 7- controller is SRAM memory controller). 

Regarding claim 6, the combination enables:
wherein the memory controller is further to: detect a crypto-write command within the secure protocol packet (e.g. Digi, pg. 5, par. 3; pg. 6); and store, responsive to the crypto-write command, the secure protocol packet into a crypto buffer of the SRAM (e.g. Staff, fig. 1 – data processed from the AES engine is buffered within non-imprinting SRAM). 

Regarding claims 13, it comprises essentially similar recitations, and they are rejected, at least, for the same reasons.	


Claims 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Digi-Key (Digi), “How to Secure IoT Device Communications with a Single Chip”, in view of Di Vito (Vito), “Protect TLS in IoT Devices with Secure Companion ICs”, in view of Jones et al. (Jones), "The Fundamentals of Secure Boot and Secure Download: How to Protect Firmware and Data Within Embedded Devices".  

Regarding claim 11, the combination of Digi and Jones fails to explicitly disclose that decrypted (i.e. “plaintext”) data from the server may be made accessible to the host.  However, Jones also discloses using the MAXQ1061 IC and discloses that it may 
It would have been obvious to one of ordinary skill in the art to apply the MAXQ1061 IC teachings of Jones within Digi’s teachings of the MAXQ1061 IC, because one of ordinary skill in the art would have been motivated by the need to operate according to the specifications of the MAXQ1061 IC. 
Thus, the combination enables:  
further comprising providing access, by the host computing system, to the plaintext data stored in the NVM storage elements (e.g. Jones, pg. 4 – secure firmware download; pg. 5 – if firmware verification is successful, then access to the firmware is granted).

Regarding claim 20, it is rejected, at least, for the same reasons as claim 11, and furthermore because the combination enables:
wherein: the NVM device is to: decrypt, using the first session key, the encrypted data to generate plaintext data; and store the plaintext data in NVM storage elements of the NVM device (e.g. Digi, fig. 3 – TLS data decryption); and the host computing system is further to execute instructions of code embodied in the plaintext data stored in the NVM storage elements (e.g. Jones, pg. 4 – secure firmware download; pg. 5 – if firmware verification is successful, then access to the firmware is granted).
.

Response to Arguments

Applicant’s arguments with respect to the pending claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965.  The examiner can normally be reached on 7:30 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495