Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1 – 12 are presently pending in the application and have been examined below, of which claims 1, 11, and 12 are presented in independent form.

Drawings
	The drawings were received on 09/17/2019. These drawings are accepted.

Information Disclosure Statement
The information disclosure statement (IDS) dated 09/17/2019 has been received and considered.

Claim Objections
Claims 2 to 10 objected to because of the following inconsistencies. Claims 2 – 10 are dependent on claim 1. Claim 1 is directed to a device. Therefore claims 2 – 10 should be linked back to the device but not to the semiconductor device.  
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 12 is  rejected under 35 U.S.C. 112 (b) or 35 U.S.C. 112 (pre-AIA ) second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 12 is a hybrid claim which as a single claim claims both an apparatus and a method steps using the apparatus that is indefinite under 35 U.S.C. 112 (b) (MPEP 2173.05(p)).


Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that
form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a
patent issued under section 151, or in an application for patent published or deemed
published under section 122(b), in which the patent or application, as the case may be, names
another inventor and was effectively filed before the effective filing date of the claimed
invention

Claims 1 – 12 are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Matsumoto (US 2019/0088350) (hereafter Matsumoto).

Regarding claim 1 Matsumoto teaches: A device comprising: a controller including redundant processors; a memory that stores target data;  5a secure memory that stores a key used for encryption or decryption (Matsumoto in Para [0028] discloses “the main controller 120 includes a main CPU 101, a memory control unit 102, a flash memory 103, a DRAM 104, a LAN-IF control unit 105, and a Reader-IF unit 108”); a cryptographic unit that performs a cryptographic process (Examiner note: a cryptographic unit is met by the bridge control unit 112; SATA stands for Serial Advanced Technology Attachment) (Matsumoto in Para [0032] discloses “The SATA bridge control unit 112 has additional functions for RAID control, data encryption, and the like.”); a secure processor that instructs the cryptographic process to the cryptographic unit in response to a request from the 10controller (Matsumoto in Para [0032] discloses “the SATA host control unit 111 and the SATA bridge control unit 112 are installed in the main controller 120 while serving respectively as independent ASICs (Application Specific Integrated Circuits” Matsumoto in Para [0088] discloses “the HCPU 301 sends, to the SATA bridge control unit 112, the Request-CHA-C3 command 508 and the SendRES-C3 command 509”); a first bus coupled to the controller, the memory, the cryptographic unit, and the secure processor; and a second bus coupled to the secure memory, the cryptographic unit, and the secure processor (Examiner note: first bus is met by the B bus 17; second bus is met by both buses, the B-Host1-IF 207 and the B-Host2-IF 208) (Matsumoto in Para [0048] discloses “The B bus 317 includes a bus controller, and is expressed as a collection of a control bus, a data bus, and a local bus between arbitrary blocks, for descriptive purposes” Matsumoto in Para [0048] discloses “the SATA-IP (Host) 202 of the SATA host control unit 111 and the SATA-IP (Device) 203 of the SATA bridge control unit 112 are connected to each other via the H-Host-IF 206. Furthermore, the SATA-IPs (Hostl/2) 204 and 205 are respectively connected to the HDD/SSD 113 and the HDD/SSD 114 via the B-Host1-IF 207 and the B-Host2-IF 208.”) 15wherein the controller communicates with the memory via a predetermined error detection mechanism, the cryptographic unit includes a plurality of cryptographic processors independently performing the cryptographic process on the target data using the key based on the instructions (Examiner note: error detection mechanism is met by the self-test using an EDC (error-detecting code)) (Matsumoto in Para [0055] discloses “Secret information stored in the secret information area 403 is verified as to whether or not there is a failure, in an internal self-test conducted during a normal operation using an EDC (error-detecting code).”).  and 20wherein each of the plurality of cryptographic processors includes a data transfer unit that performs a data transfer with the memory via the error detection mechanism (Matsumoto in Para [0044] discloses “The DMAC (Direct Memory Access Controller) 307 performs, upon the start-up, data transfer between predetermined memories, in which beginning addresses and sizes of a transfer source and a transfer destination are set in a predetermined resistor by the HCPU 301” Matsumoto in Para [0077] discloses “In step S711, the HCPU 301 executes error processing.”).

Regarding claim 2 Matsumoto teaches: The semiconductor device according to claim 1, wherein the cryptographic unit further includes a failure detection circuit that compares the processing results of the plurality of 5cryptographic processors to detect a failure of any of the cryptographic processors (Examiner note: failure detection circuit is met by the BCPU 310 unit included into the bridge control unit 112) (Matsumoto in Para [0055] discloses “Secret information stored in the secret information area 403 is verified as to whether or not there is a failure, in an internal self-test conducted during a normal operation using an EDC (error-detecting code).” Matsumoto in Para [0046] discloses “The SATA bridge control unit 112 includes, in addition to the configurations shown in FIG. 2, a BCPU 310” Matsumoto in Para [0084] discloses “Moreover, in step S811, the BCPU 310 determines whether or not the failure was caused by a (condition) self-test error.”).

Regarding claim 3 Matsumoto teaches: The semiconductor device according to claim 2, wherein a first cryptographic processor of the plurality of cryptographic 10processors stores the processing result of the first cryptographic processor in the memory using the data transfer unit, and the other cryptographic processors discard the processing results of the other cryptographic processors (Examiner note: as noted above, a cryptographic unit is met by the bridge control unit 112; SATA stands for Serial Advanced Technology Attachment) (Matsumoto in Para [0032] discloses “The SATA bridge control unit 112 has additional functions for RAID control, data encryption, and the like.” Matsumoto in Para [0124] discloses “The computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions” Matsumoto in Para [0043] discloses “The SRAM 304 is used as a work area for the HCPU 301, a storage area for various types of control tables and parameters, a data buffer, and the like.” Matsumoto in Para [0101] discloses “the HCPU 301 issues an Erase-Secret-Info command 513 in FIG. 5B, so that the authentication ID and the secret information stored in the secret information area 403 installed in the SATA bridge control unit (sub ASIC) 112 are discarded.”).

Regarding claim 4 Matsumoto teaches: The semiconductor device according to claim 1, wherein the secure processor stores setting information relating to the cryptographic process set in the cryptographic unit by the instruction to the memory (Matsumoto in Para [0042] discloses “The memory control unit 302 performs input/output control with respect to the flash memory 303 and the SRAM (Static Random Access Memory) 304.” Matsumoto in Para [0043] discloses “The SRAM 304 is used as a work area for the HCPU 301, a storage area for various types of control tables and parameters, a data buffer, and the like.”), and the control unit detects a failure of the secure processor based on request information used for 20the request to the secure processor and the setting information stored in the memory.


(Examiner note: as noted above, the failure detection circuit is met by the BCPU 310 unit included into the bridge control unit 112) (Matsumoto in Para [0097] discloses “In step S1007, the BCPU 310 executes error processing. Here, specifically, an error factor is set and the state transitions to the error state.”)

Regarding claim 5 Matsumoto teaches: The semiconductor device according to claim 4, wherein the secure processor sets an address, which is an access destination in the memory included in the request information, in the cryptographic unit as the setting information, and the 5data transfer unit accesses the address in the memory (Matsumoto in Para [0044] discloses “The DMAC (Direct Memory Access Controller) 307 performs, upon the start-up, data transfer between predetermined memories, in which beginning addresses and sizes of a transfer source and a transfer destination are set in a predetermined resistor by the HCPU 301”).

Regarding claim 6 Matsumoto teaches: The semiconductor device according to claim 1, wherein each of the plurality of cryptographic processors performs, as the cryptographic processing, encryption for the target data and 10generation of a message authenticating code using the key based on the instruction when the target data is data to be transmitted to another semiconductor device (Matsumoto in Para [0054] discloses “The genuineness of a program stored in the program area 401 is verified by calculating the hash value of the program, and decrypting an appended digital signature, which is encrypted using a secret key of the vendor, using a public key of the verifier.”).

Regarding claim 7 Matsumoto teaches: The semiconductor device according to claim 1, wherein 15each of the plurality of cryptographic processors decrypts the target data and generates a first message authenticating code as the cryptographic processing based on the instruction when the target data is received data from another semiconductor device (Matsumoto in Para [0066] discloses “At this time of the state 7, data can be written into and read out from the HDD (or SSD), data to be stored in the HDD (or SSD) is encrypted, and data to be read out is decrypted. Furthermore, only the person authorized to reach the state 7 transitions to a state 11: Secret Information Output state 610 via the state 6: Authentication state 608, so that it is possible to output the secret information area 403.” Matsumoto in Para [0090] discloses “the HCPU 301 calculates the hash value of the secret information acquired from the SATA bridge control unit 112, and compares the acquired message authentication code with a decrypted value, to check the genuineness.” )

Regarding claim 8 Matsumoto teaches: The semiconductor device according to claim 7, wherein the received data includes encrypted data using the key and a generated second message authentication code in the other semiconductor device (Matsumoto in Para [0055] discloses “the hash value of the secret information is calculated, and the genuineness is verified with a message authentication code encoded using a common key of the vendor”), 5wherein at least a first cryptographic processor of the plurality of cryptographic processors stores the decrypted data and the first message authentication code in the memory using the data transferring unit, and (Matsumoto in Para [0066] discloses “At this time of the state 7, data can be written into and read out from the HDD (or SSD), data to be stored in the HDD (or SSD) is encrypted, and data to be read out is decrypted.” Matsumoto in Para [0044] discloses “The DMAC (Direct Memory Access Controller) 307 performs, upon the start-up, data transfer between predetermined memories, in which beginning addresses and sizes of a transfer source and a transfer destination are set in a predetermined resistor by the HCPU 301” Matsumoto in Para [0077] discloses “In step S711, the HCPU 301 executes error processing.”) wherein the control unit compares the first message 10authentication code and the second message authentication code stored in the memory to detect a failure of the first cryptographic processor (Matsumoto in Para [0090] discloses “the HCPU 301 calculates the hash value of the secret information acquired from the SATA bridge control unit 112, and compares the acquired message authentication code with a decrypted value, to check the genuineness.”).

Regarding claim 9 Matsumoto teaches: The semiconductor device according to claim 7, 15wherein the received data includes encrypted data using the key and a generated second message authentication code in the other semiconductor device (Matsumoto in Para [0055] discloses “the hash value of the secret information is calculated, and the genuineness is verified with a message authentication code encoded using a common key of the vendor.”), and wherein at least a first cryptographic processor of the plurality of cryptographic processors further comprises a 20comparator that compares the second message authentication code obtained from the memory using the data transfer unit with the first message authentication code (Examiner note: role of comparator is met by the bridge control unit 112 comprising the HCPU 301) (Matsumoto in Para [0090] discloses “the HCPU 301 calculates the hash value of the secret information acquired from the SATA bridge control unit 112, and compares the acquired message authentication code with a decrypted value, to check the genuineness.” Matsumoto in Para [0118] discloses “the HCPU 301 can compare the read value with a magic number stored in advance in, for example, the flash memory (eMMC) 103”).

Regarding claim 10 Matsumoto teaches: The semiconductor device according to claim 9, wherein the first cryptographic processor stores the decrypted data and the comparison result by the comparator in the memory using the data transferring unit, (Matsumoto in Para [0054] discloses “The genuineness of a program stored in the program area 401 is verified by calculating the hash value of the program, and decrypting an appended digital signature, which is encrypted using a secret key of the vendor, using a public key of the verifier.” Matsumoto in Para [0090] discloses “the HCPU 301 calculates the hash value of the secret information acquired from the SATA bridge control unit 112, and compares the acquired message authentication code with a decrypted value, to check the genuineness.”) and the control unit discards the 5decrypted data when the comparison result stored in the memory indicates a mismatch (Matsumoto in Para [0118] discloses “the HCPU 301 can compare the read value with a magic number stored in advance in, for example, the flash memory (eMMC) 103” Matsumoto in Para [0101] discloses “the HCPU 301 issues an Erase-Secret-Info command 513 in FIG. 5B, so that the authentication ID and the secret information stored in the secret information area 403 installed in the SATA bridge control unit (sub ASIC) 112 are discarded.”).

Regarding claim 11 Matsumoto teaches: A semiconductor device comprising: a control unit that includes redundant processors;  10a memory that stores target data; a secure memory that stores a key used for encryption or decryption (Matsumoto in Para [0028] discloses “the main controller 120 includes a main CPU 101, a memory control unit 102, a flash memory 103, a DRAM 104, a LAN-IF control unit 105, and a Reader-IF unit 108”); an cryptographic unit that performs cryptographic processing  (Examiner note: a cryptographic unit is met by the bridge control unit 112; SATA stands for Serial Advanced Technology Attachment) (Matsumoto in Para [0032] discloses “The SATA bridge control unit 112 has additional functions for RAID control, data encryption, and the like.”); 15a secure processor that instructs cryptographic processing to the cryptographic unit in response to a request from the control unit (Matsumoto in Para [0032] discloses “the SATA host control unit 111 and the SATA bridge control unit 112 are installed in the main controller 120 while serving respectively as independent ASICs (Application Specific Integrated Circuits” Matsumoto in Para [0088] discloses “the HCPU 301 sends, to the SATA bridge control unit 112, the Request-CHA-C3 command 508 and the SendRES-C3 command 509”); a first bus coupled to the control unit, the memory, the cryptographic unit, and the secure processor; and  20a second bus coupled to the secure memory, the cryptographic unit, and the secure processor, (Examiner note: first bus is met by the B bus 17; second bus is met by both buses, the B-Host1-IF 207 and the B-Host2-IF 208) (Matsumoto in Para [0048] discloses “The B bus 317 includes a bus controller, and is expressed as a collection of a control bus, a data bus, and a local bus between arbitrary blocks, for descriptive purposes” Matsumoto in Para [0048] discloses “the SATA-IP (Host) 202 of the SATA host control unit 111 and the SATA-IP (Device) 203 of the SATA bridge control unit 112 are connected to each other via the H-Host-IF 206. Furthermore, the SATA-IPs (Hostl/2) 204 and 205 are respectively connected to the HDD/SSD 113 and the HDD/SSD 114 via the B-Host1-IF 207 and the B-Host2-IF 208.”), 51wherein the control unit performs communication with the memory via a predetermined error detection mechanism, wherein the encryption unit includes a plurality of cryptographic processors for independently performing the 5cryptographic processing on the target data using the key based on the instruction (Examiner note: as noted above, error detection mechanism is met by the self-test using an EDC (error-detecting code)) (Matsumoto in Para [0055] discloses “Secret information stored in the secret information area 403 is verified as to whether or not there is a failure, in an internal self-test conducted during a normal operation using an EDC (error-detecting code).”), wherein the secure processor stores information set in the cryptographic unit based on the instruction to the memory, and wherein the control unit detects a failure of the secure 10processor based on request information used for the request to the secure processor and the setting information stored in the memory (Matsumoto in Para [0044] discloses “The DMAC (Direct Memory Access Controller) 307 performs, upon the start-up, data transfer between predetermined memories, in which beginning addresses and sizes of a transfer source and a transfer destination are set in a predetermined resistor by the HCPU 301” Matsumoto in Para [0077] discloses “In step S711, the HCPU 301 executes error processing.”).

Regarding claim 12 Matsumoto teaches: A method for controlling a semiconductor device, 15the semiconductor comprising: a memory that stores target data; a control unit that includes redundant processors and performs communication with the memory via a predetermined error detection mechanism;  20a secure memory that stores a key used for encryption or decryption processing;  (Matsumoto in Para [0028] discloses “the main controller 120 includes a main CPU 101, a memory control unit 102, a flash memory 103, a DRAM 104, a LAN-IF control unit 105, and a Reader-IF unit 108”); 52a cryptographic unit that includes a plurality of cryptographic processors that (Examiner note: a cryptographic unit is met by the bridge control unit 112; SATA stands for Serial Advanced Technology Attachment) (Matsumoto in Para [0032] discloses “The SATA bridge control unit 112 has additional functions for RAID control, data encryption, and the like.”); a secure processor; (Matsumoto in Para [0032] discloses “the SATA host control unit 111 and the SATA bridge control unit 112 are installed in the main controller 120 while serving respectively as independent ASICs (Application Specific Integrated Circuits” Matsumoto in Para [0088] discloses “the HCPU 301 sends, to the SATA bridge control unit 112, the Request-CHA-C3 command 508 and the SendRES-C3 command 509”); 5a first bus coupled to the control unit, the memory, the encryption unit, and the secure processor; and a second bus coupled to the secure memory, the cryptographic unit, and the secure processor (Examiner note: first bus is met by the B bus 17; second bus is met by both buses, the B-Host1-IF 207 and the B-Host2-IF 208) (Matsumoto in Para [0048] discloses “The B bus 317 includes a bus controller, and is expressed as a collection of a control bus, a data bus, and a local bus between arbitrary blocks, for descriptive purposes” Matsumoto in Para [0048] discloses “the SATA-IP (Host) 202 of the SATA host control unit 111 and the SATA-IP (Device) 203 of the SATA bridge control unit 112 are connected to each other via the H-Host-IF 206. Furthermore, the SATA-IPs (Hostl/2) 204 and 205 are respectively connected to the HDD/SSD 113 and the HDD/SSD 114 via the B-Host1-IF 207 and the B-Host2-IF 208.”), the method comprising:  10instructing, by the secure processor, an instruction for the cryptographic processing to the cryptographic unit in response to a request from the control unit; (Matsumoto in Para [0068] discloses “PIPS authentication (Federal Information Processing Standardization: a cryptographic module test) is acquired as security authentication”), the target data from the memory via an error detection mechanism 15based on the instruction; performing, by each of the cryptographic processors, the cryptographic processing for the target data using the key (Matsumoto in Para [0050] discloses “the built-in flash memory 312 is divided into areas based on characteristics of information to be stored in the corresponding areas, for example, the nature and importance level of information, and an encryption and authentication method that realizes the appropriate security level is applied to each area (for each characteristic of the information to be stored).”); and storing, by one of the cryptographic processors, a result of the cryptographic processing in the memory via the error 20detecting mechanism (Examiner note: as noted above, the error detection mechanism is met by the self-test using an EDC (error-detecting code)) (Matsumoto in Para [0055] discloses “Secret information stored in the secret information area 403 is verified as to whether or not there is a failure, in an internal self-test conducted during a normal operation using an EDC (error-detecting code).” Matsumoto in Para [0051] discloses “The program area 402 is a storage area for programs other than the boot program, and has stored programs with a set of security-related functions such as self-test (self-diagnosis) and authentication”).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VLADIMIR I GAVRILENKO/Examiner, Art Unit 2431     

/TRANG T DOAN/Primary Examiner, Art Unit 2431