DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to RCE filed on 07/02/2021. Claims 3, 6, 15, and 19 were canceled before. Claims 1-2, 4-5, 7-14, 16-18, and 20-24 have been examined and are pending in this application.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/02/2021 has been entered.
Response to Arguments
Applicant’s arguments, filed 06/16/2021, with respect to claims 1-2, 4-5, 7-14, 16-18, and 20-24 have been considered but are mostly moot in view of the current rejection.
Two new references (Merry et al. US 8,127,048 (“Merry”) and Buck et al. US 2014/0007177 (“Buck”)) are cited in this Office Action in view of the amendments. 
Independent claim 1 has now been rejected as being unpatentable over Obereiner in view of Merry.
Independent claim 14 has now been rejected as being unpatentable over Obereiner in view of Buck. 

Dependent claim 10 has now being rejected as being unpatentable over Obereiner in view of Merry and in further view of Buck.
Applicant argues regarding dependent claim 11, pages 13-14 of the remarks, “[the] fact that Obereiner requests an authentication credential for a wipe erase does not disclose or suggest the express recitation that the ‘password request signal’ of claim 11 is performed ‘responsive to receiving the data operation command for the security region and not receiving the input password.’ The full recitations of Claim 11 (including the ‘responsive to’ recitation) have not been given weight by the rejection.”
The Examiner respectfully disagrees. A “wipe erase” is a data operation command. When a wipe erase command is received for a memory region or a segment, confidential data stored therein is rapidly erased such that such secured data may not be recoverable. In Obereiner, para 0008, if a user initiates a wipe erase for a memory region or a segment, the intent of the user is to perform data operation to erase the secured data stored therein. The user can be requested to input an authentication credential a predetermined number of times before the wipe erase is actually carried out, para 0008 of Obereiner. While the access management component 116 of Obereiner requests authentication information for a predetermined number of times as described in para 0008, the data operation, i.e., the wipe erase, is withheld for a period of time until the proper authentication information is provided by the user.
Dependent claim 16 has now been rejected as being unpatentable over Obereiner in view of Buck and in further view of Merry.

 In Obereiner, the authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, and/or memory region size, can be stored as a security record in a authentication memory location in the authentication memory region 114 in a highly secure area of the memory array 104, para 0030 and FIG. 1 of Obereiner. A programming circuit includes one or more x-decoder (row decoder) components 308 and one or more y-decoder (column decoder) components 310 that can cooperate with an I/O component 306, para 0057 and FIG. 3 of Obereiner. Since start and end address are provided to the one or more y-decoders (column decoders), the security information comprises a start column address and an end column address of the security region
Dependent claim 22 has now been rejected as being unpatentable over Obereiner in view of Merry.
In view of the foregoing remarks, independent claims 1, 14, and 18 are not in a condition for allowance. Claims depending therefrom, either directly or indirectly, are also not in a condition for allowance.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-2, 4-5, 7-9, 11-13, 18, and 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Obereiner et al. US 2009/0249014 (“Obereiner”) in view of Merry et al. US 8,127,048 (“Merry”).
As per independent claim 1, Obereiner teaches A memory device (A memory component 102 can include a memory array 104 that can receive and store data, para 0025 and FIG. 1) comprising:
a memory cell array comprising a security region that is configured to store security data (Memory array 104 can comprise a plurality of memory regions 106, 108, 110, 112 comprised of a subset of memory cells where secured data can be stored, paras 0026-0027 and FIG. 1);
a security management circuit (An access management component 116, para 0026 and FIG. 1) configured to store a guard key (Authentication data can be stored in a password memory region 114, which can be a highly secure region in the memory array 104 that is accessible only by authorized components such as the access management component 116, para 0026 and FIG. 1) and, responsive to receiving a data operation command for the security region (A user can desire to perform a read, write, and/or erase associated with a memory region, e.g., region 106, para 0035 and FIG. 1), limit a data operation for the security region by comparing the guard key with an input password that is received by the memory device (The access management component 116 can receive the authentication information and can access the authentication memory location associated with the memory region (e.g., region 106) selected by the user. The access management component 116 can compare the received authentication information (e.g., authentication credential(s), such 
wherein, in a memory region allocation phase, the security management circuit is configured to allocate the security region (The access management component 116 can contain an authentication credential set component 202 that can facilitate setting an authentication credential associated with a memory region in the memory array. The authentication credential set component 202 can work in conjunction with a compare component 204 to facilitate setting or changing a new authentication credential for a memory region (e.g., memory region 106, as illustrated in FIG. 1), para 0050), obtain a physical address corresponding to the security region (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, and/or memory region size, can be stored as a security record in an authentication memory location in the authentication memory region 114 in a highly secure area of the memory array 104, para 0030 and FIG. 1), store region information about the security region based on the obtained physical address (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, and/or memory region size, can be stored as a security record in a authentication 
Obereiner discloses all of the claimed limitations from above, but does not explicitly teach “and provide the obtained physical address external to the memory device”.
However, in an analogous art in the same field of endeavor, Merry teaches and provide the obtained physical address external to the memory device (A set of zone definitions and zone parameters can be stored on a part of an NVM array 116, col 4 lines 41-42 and FIG. 1. A controller 114 has access to the zone definitions and zone parameters, col 4 lines 52-53 and FIG. 1. The controller 114 provides the zone definitions and the zone parameters to a host system 110, col 4 lines 63-64 and FIG. 1. Zone definitions and zone parameters define access control and/or security control features for each zone, col 4 lines 35-37. FIG. 4 illustrates an exemplary data structure for zone definitions using physical block addresses (PBAs), col 3 lines 32-33 and FIG. 4. As illustrated in FIG. 4, each zone definition includes a beginning PBA and an ending PBA).
Given the teaching of Merry, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Obereiner with “and provide the obtained physical address external to the memory device”. The motivation would be that it is advantageous to develop a technique and system for segmenting a storage subsystem into multiple segments (or zones) such that a separate set of security or access parameters can be 
As per dependent claim 2, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein, in a guard key injection phase and/or a guard key update phase, the security management circuit is configured to receive the guard key from outside the memory device and to store the guard key (The access management component 116 can facilitate setting authentication data in the memory component 102. Authentication credential (e.g., a password, PIN, biometric identification information etc.) provided by a user can be stored as a security record in the authentication memory region 114, para 0030 and FIG. 1).
As per dependent claim 4, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein the region information comprises a start address corresponding to the security region and a size of the security region (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, and/or memory region size, can be stored as a security record in a authentication memory location in the authentication memory region 114 in a highly secure area of the memory array 104, para 0030 and FIG. 1).
As per dependent claim 5, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein the region information comprises a start address and an end address, which correspond to the security region (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, 
As per dependent claim 7, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein, responsive to the input password being consistent with the guard key, the security management circuit is configured to control the memory device such that the memory device performs the data operation (If the received authentication credential matches the stored authentication credential, access is authorized, para 0035).
As per dependent claim 8, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein, responsive to the input password being inconsistent with the guard key, the security management circuit is configured to control the memory device such that the memory device does not perform the data operation (If the received authentication credential does not match the stored authentication credential, access is denied, para 0036).
As per dependent claim 9, Obereiner in combination with Merry discloses the device of claim 8. Obereiner teaches wherein, responsive to the input password being inconsistent with the guard key, the security management circuit is configured to control a column decoder and/or a row decoder of the memory device by exporting a control signal to the column decoder and/or row decoder such that data is not written to the memory cell array and/or is not read from the memory cell array (The programming circuitry can be represented in part by and can include one or more x-decoder components 308 and one or more y-decoder 
As per dependent claim 11, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein, responsive to receiving the data operation command for the security region and not receiving the input password, the security management circuit is configured to withhold the data operation for the security region and to output a password request signal external to the memory device (If a wipe erase of a memory region is initiated, a user can be requested to input an authentication credential a predetermined number of times, and the access management component can receive such authentication information, para 0008).
As per dependent claim 12, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein the security management circuit (An access management component 116, para 0026 and FIG. 1) comprises:
a first memory configured to store region information about the security region (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end 
a second memory configured to store the guard key (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, and/or memory region size, can be stored as a security record in a authentication memory location in the authentication memory region 114 in a highly secure area of the memory array 104, para 0030 and FIG. 1);
an address comparison circuit configured to receive the region information from the first memory and generate a region comparison result by comparing the region information with an address input from external to the memory device (An x-decoder component 308 and a y-decoder component 310 can each receive address bus information, which can be provided as part of a command, and such information can be utilized to facilitate determining the desired memory cell(s) in the memory component 102, para 0056 and FIG. 3);
a password comparison circuit configured to receive the guard key from the second memory and generate a password comparison result by determining if the input password is consistent with the guard key (A compare component associated with the access management component can compare respective sets of authentication information with each other to determine whether the respective sets of authentication information match each other, para 0086);
a security control circuit configured to limit the data operation for the security region and/or output an alert signal external to the memory device, based on the region comparison result received from the address comparison circuit and the password comparison result received from the password comparison circuit (The access management component 116 can receive the authentication information and can access the authentication memory location associated with the memory region (e.g., region 106) selected by the user. The access management component 116 can compare the received authentication information (e.g., authentication credential(s)) to the authentication credential stored in the associated security record stored in the authentication memory location to determine whether the stored authentication credential matches each received authentication credential(s). If the authentication credential matches the stored authentication credential, access is authorized. If the received authentication credential does not match the stored authentication credential, access is denied, paras 0035-0036 and FIG. 1).
As per dependent claim 13, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein the memory device has a structure in which at least one core die is stacked on a buffer die (Memory cells are stacked on top of each other in a multi-die package, para 0057),
the security management circuit is implemented in the buffer die (A buffer component 320 can be formed on the substrate 302. The buffer component 320 can facilitate storage of data, for example, to temporarily store data, being written to and/or read from the memory array 104, para 0061).
A memory device (A memory component 102 can include a memory array 104 that can receive and store data, para 0025 and FIG. 1) comprising:
a memory cell array comprising a security region, in which security data is stored (Memory array 104 can comprise a plurality of memory regions 106, 108, 110, 112 comprised of a subset of memory cells where secured data can be stored, paras 0026-0027 and FIG. 1);
a security management circuit (An access management component 116, para 0026 and FIG. 1) configured to store a guard key (Authentication data can be stored in a password memory region 114, which can be a highly secure region in the memory array 104 that is accessible only by authorized components such as the access management component 116, para 0026 and FIG. 1), receive an input password (A user can desire to perform a read, write, and/or erase associated with a memory region (e.g., 106) associated with the user. The access management component 116 can enable access to the memory region (e.g., 106) if the user presents to the access management component 116 via the user interface a valid password, para 0035), and control the memory device such that, responsive to receiving a data operation command for the security region from an external host, the memory device is configured to perform a data operation on the security region responsive to the input password being consistent with the guard key (The user can desire to perform a read, write, and/or erase associated with a memory region, e.g., region 106, para 0035 and FIG. 1. The access management component 116 can receive the authentication information and can access the authentication memory location 
wherein the security management circuit is further configured to: in a data operation phase, determine that the data operation command for the security region is a command corresponding to the security region by comparing the region information with an address received together with the data operation command (A programming circuitry can be represented in part by and can include one or more x-decoder components 308 and one or more y-decoder components 310 that can cooperate with the I/O component 306 for selectively connecting a source (not shown), gate (not shown), and/or drain (not shown) of selected addressed memory cells to predetermined voltages or impedances to effect designated operations (e.g., writing, reading, verifying, erasing) on the respective memory cells, and deriving necessary voltages to effect such operations. For example, an x-decoder component 308 and a y-decoder component 310 can each receive address bus information, which can be provided as part of a command, and such information can be utilized to facilitate 
Although Obereiner teaches setting security memory regions, Obereiner does not explicitly teach “in a memory region allocation phase, receive a write command and a physical address of the security region that is input to the memory device from the external host and store region information about the security region based on the received physical address of the security region”.
However, in an analogous art in the same field of endeavor, Merry teaches in a memory region allocation phase (A host driver 113 is configured to send define zones command along with zone definitions and zone parameters, col 5 lines 54-56 and FIG. 1), receive a write command and a physical address of the security region that is input to the memory device from the external host (The host driver 113 is configured to send define zones command along with zone definitions and zone parameters, col 5 lines 54-56 and FIG. 1. Zone definitions and zone parameters define access control and/or security control features for each zone, col 4 lines 35-37. FIG. 4 illustrates an exemplary data structure 400 for zone definitions or PBAs associated with the define zones command, col 6 lines 22-24and FIG. 4) and store region information about the security region based on the received physical address of the security region (The set of zone definitions and zone parameters can be stored on a part of NVM array 116, col 4 lines 4142 and FIG. 1. Zone definitions and zone parameters define access control and/or security control features for each zone, col 4 lines 35-37).
Given the teaching of Merry, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the security region that is input to the memory device from the external host and store region information about the security region based on the received physical address of the security region”. The motivation would be that it is advantageous to develop a technique and system for segmenting a storage subsystem into multiple segments (or zones) such that a separate set of security or access parameters can be associated with each zone and each zone can implement different vendor-specific commands, col 1 lines 48-52 of Merry.
As per dependent claim 21, Obereiner in combination with Merry discloses the device of claim 1. Obereiner teaches wherein the region information about the security region comprises a start column address and an end column address of the security region (The authentication credential and other authentication information and/or associated memory region information, such as the memory start address, memory end address, and/or memory region size, can be stored as a security record in a authentication memory location in the authentication memory region 114 in a highly secure area of the memory array 104, para 0030 and FIG. 1. A programming circuit includes one or more x-decoder (row decoder) components 308 and one or more y-decoder (column decoder) components 310 that can cooperate with an I/O component 306, para 0057 and FIG. 3. Since start and end address are provided to the one or more y-decoders (column decoders), the security information comprises a start column address and an end column address of the security region).
wherein the security management circuit is further configured to provide the obtained physical address to a memory controller and/or host device coupled to the memory device (A set of zone definitions and zone parameters can be stored on a part of an NVM array 116, col 4 lines 41-42 and FIG. 1. A controller 114 has access to the zone definitions and zone parameters, col 4 lines 52-53 and FIG. 1. The controller 114 provides the zone definitions and the zone parameters to a host system 110, col 4 lines 63-64 and FIG. 1. Zone definitions and zone parameters define access control and/or security control features for each zone, col 4 lines 35-37. FIG. 4 illustrates an exemplary data structure for zone definitions using physical block addresses (PBAs), col 3 lines 32-33 and FIG. 4. As illustrated in FIG. 4, each zone definition includes a beginning PBA and an ending PBA).
The same motivation that was utilized for combining Obereiner as set forth in claim 1 is equally applicable to claim 22.
As per dependent claim 23, this claim is rejected based on arguments provided above for similar rejected dependent claim 11.
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Obereiner in view of Buck et al. US 2014/0007177 (“Buck”).
As per independent claim 1, Obereiner teaches A method of processing security data of a memory device (Methods are presented that can facilitate securing respective regions of a memory device to facilitate securing such memory regions from unauthorized access, para 0024), the method comprising:
receiving an input password (A user can desire to perform a read, write, and/or erase associated with a memory region (e.g., 106) associated with the user. The access management component 116 can enable access to the memory region (e.g., 106) if the user presents to the access management component 116 via the user interface a valid password, para 0035);
comparing the received input password with a guard key stored in the memory device (The access management component 116 can receive the authentication information and can access the authentication memory location associated with the memory region (e.g., region 106) selected by the user. The access management component 116 can compare the received authentication information (e.g., authentication credential(s), such as passwords, see para 0067) to the authentication credential stored in the associated security record stored in the authentication memory location to determine whether the stored authentication credential matches each received authentication credential(s), para 0035); 
receiving security data, a data operation command for the security data, and an address corresponding to a security region of a memory cell array (An x-decoder component 308 and a y-decoder component 310 can each receive address bus information, which can be provided as part of a command, and such information can be utilized to facilitate determining the desired memory cell(s) in the memory component 102 for access, para 0057 and FIG. 3);
responsive to the guard key being consistent with the received input password, performing a data operation on the security data based on the data operation command and the address (If each received authentication credential(s) 
responsive to the guard key being inconsistent with the received input password, limiting the data operation for the security data by exporting a control signal to a column decoder and/or a row decoder of the memory device such that the security data is not written to the memory cell array and/or is not read from the memory cell array (If the access management component 116 determines that a received authentication credential does not match the stored authentication credential, the access management component 116 can deny access and/or permit the user to attempt to gain access, para 0036. The programming circuitry can be represented in part by and can include one or more x-decoder components 308 and one or more y-decoder components 310 that can cooperate with the I/O component 306 for selectively connecting a source (not shown), gate (not shown), and/or drain (not shown) of selected addressed memory cells to predetermined voltages or impedances to effect designated operations (e.g., writing, reading, verifying, erasing) on the respective memory cells, and deriving necessary voltages to effect such operations, para 0057 and FIG. 3. Access to the memory region(s) can be disabled. As a result, the user and other entities are not able to access such memory region until a proper authentication credential is presented, para 0111 and FIG. 9).
Obereiner discloses all of the claimed limitations from above, but does not explicitly teach “wherein the guard key is updated and stored in the memory device at a first regular interval”.
wherein the guard key is updated and stored in the memory device at a first regular interval (A content expiration check corresponds to a date and/or time until which a personalized content (such as network password) of a memory cardholder, stored at a reserved memory segment is valid. The content expiration check is performed via network authentication with a specified time period. The network password associated with the memory card user must be updated within the specified time period (e.g., 60 days), in case the authentication policy allows the content expiration check, para 0063. A card manager 118 writes the network password into a memory segment 308, para 0043).
Given the teaching of Buck, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Obereiner with “wherein the guard key is updated and stored in the memory device at a first regular interval”. The motivation would be that that method provides efficient and secure card-based authentication solution, para 0002 of Buck. 
Claims 16-17 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Obereiner in view of Buck and in further view of Merry.
As per dependent claim 16, Obereiner in combination with Buck discloses the method of claim 14. Obereiner and Buck may not explicitly disclose, but in an analogous art in the same field of endeavor, Merry teaches further comprising: receiving a write command in a memory region allocation phase from an external host; receiving a physical address of the security region from the external host; generating region  storing the generated region information in a first memory in the memory device (A host driver 113 is configured to send define zones command along with zone definitions and zone parameters, col 5 lines 54-56 and FIG. 1. The host driver 113 is configured to send define zones command along with zone definitions and zone parameters, col 5 lines 54-56 and FIG. 1. Zone definitions and zone parameters define access control and/or security control features for each zone, col 4 lines 35-37. FIG. 4 illustrates an exemplary data structure 400 for zone definitions or PBAs associated with the define zones command, col 6 lines 22-24and FIG. 4. The set of zone definitions and zone parameters can be stored on a part of an NVM array 116, col 4 lines 41-42 and FIG. 1).
As per dependent claim 17, this claim is rejected based on arguments provided above for similar rejected dependent claims 4 or 5.
As per dependent claim 24, this claim is rejected based on arguments provided above for similar rejected independent claim 1.
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Obereiner in view of Merry and in further view of Buck.
As per dependent claim 10, Obereiner in combination with Merry discloses the device of claim 1. Obereiner and Merry may not explicitly disclose, but in an analogous art in the same field of endeavor, Buck teaches wherein, responsive to the input password being inconsistent with the guard key, the security management circuit is configured to transmit an alert signal to outside of the memory device (When the authentication is not successful at step 622, a report representative of an 
Given the teaching of Buck, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Obereiner with “wherein, responsive to the input password being inconsistent with the guard key, the security management circuit is configured to transmit an alert signal to outside of the memory device”. The motivation would be that that method provides efficient and secure card-based authentication solution, para 0002 of Buck.
As per dependent claim 20, this claim is rejected based on arguments provided above for similar rejected dependent claim 10.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUBAIR AHMED whose telephone number is (571)272-1655.  The examiner can normally be reached on 7:30AM - 5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, DAVID X YI can be reached on (571) 270-7519.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/ZUBAIR AHMED/Examiner, Art Unit 2132                                                                                                                                                                                                        
/DANIEL D TSUI/Primary Examiner, Art Unit 2132