DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings were received on May 29, 2020.  These drawings are acceptable.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Leslie Dalglish on November 18, 2021.
The application has been amended as follows: 
As per Abstract
A write request causes controller circuitry to write an encrypted data line and First Tier metadata portion including MAC data and a first portion of ECC data to a first memory circuitry portion and a second portion of ECC data to a sequestered, second memory circuitry portion.  A read request causes the controller circuitry to read the encrypted data line and the First Tier metadata portion from the first memory circuitry portion. Using the first portion of the ECC data 

As per Claim 1
A data storage system, comprising:
memory circuitry;
controller circuitry to, for [[each]] a respective line of data of a plurality of lines of data stored in memory circuitry:
generate metadata that includes: 
first data representative of a cryptographic message authentication code associated with the respective line of data; and
second data representative of an error correction code associated with the respective line of data, the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data; and
apportion the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data in the memory circuitry and a Second Tier metadata portion stored in a sequestered, second memory circuitry portion remote from the respective line of data; 
wherein the First Tier metadata portion includes at least the error detection data portion and the first data representative of the message authentication code 
wherein the Second Tier metadata portion includes at least a portion of the error correction data portion associated with the respective line of data.


As per Claim 2
The data storage system of claim 1, the controller circuitry to further:
responsive to receipt of a read operation generated by an application executed by processor circuitry:
retrieve and a requested line of data corresponding to the respective line of data from the first memory circuitry portion; 
determine whether an error exists in the requested line of data using the error detection data portion included in the First Tier metadata portion and associated with the requested line of data; and
decrypt the requested line of data responsive to a determination that the requested line of data contains no errors.

As per Claim 3
The data storage system of claim 2, the controller circuitry to further:
verify the requested line of data using the first data representative of the message authentication code 
responsive to a successful verification of the requested line of data, forward the requested line of data to the processor circuitry.

As per Claim 9
A data storage method, comprising:
generating, by controller circuitry, metadata for [[each]] a respective line of data [[one]] of a plurality of lines of data stored in memory circuitry, the metadata including: 
first data representative of a cryptographic message authentication code (MAC) associated with the respective line of data; and
second data representative of an error correction code (ECC) associated with the respective line of data, the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data; and
apportioning, by the controller circuitry, the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data and a Second Tier metadata portion stored in a sequestered, second memory circuitry portion remote from the respective line of data; 
wherein the First Tier metadata portion includes at least the error detection data portion and the first data representative of the message authentication code 
wherein the Second Tier metadata portion includes at least a portion of the error correction data portion of the metadata associated with the respective line of data.

As per Claim 10
The data storage method of claim 9, further comprising:
responsive to receipt of a read operation generated by an application executed by processor circuitry:
retrieving, by the controller circuitry, and a requested line of data corresponding to the respective line of data from the first memory circuitry portion; 
determining, by the controller circuitry, whether an error exists in the requested line of data using the error detection data portion included in the First Tier metadata portion and associated with the requested line of data; and


As per Claim 11
The data storage method of claim 10, further comprising:
verifying, by the controller circuitry, the requested line of data using the first data representative of the message authentication code 
responsive to a successful verification of the requested line of data, transferring the requested line of data to the processor circuitry.

As per Claim 14
A non-transitory storage device that includes instructions, that when executed by controller circuitry, cause the controller circuitry to:
generate metadata for [[each]] a respective line of data [[one]] of a plurality of lines of data stored in memory circuitry, the metadata including: 
first data representative of a cryptographic message authentication code (MAC) associated with the respective line of data; and
second data representative of an error correction code (ECC) associated with the respective line of data, the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data; and
apportion the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data and a Second Tier metadata portion stored in a sequestered, second memory circuitry portion remote from the respective line of data; 
the first data representative of the message authentication code 
wherein the Second Tier metadata portion includes at least a portion of the error correction data portion of the metadata associated with the respective line of data.

As per Claim 15
The non-transitory storage device of claim 14 wherein the instructions, when executed by the controller circuitry, cause the controller circuitry to further:
responsive to receipt of a read operation generated by an application executed by processor circuitry:
retrieve and a requested line of data corresponding to the respective line of data from the first memory circuitry portion; 
determine whether an error exists in the requested line of data using the error detection data portion included in the First Tier metadata portion and associated with the requested line of data; and
decrypt the requested line of data responsive to a determination that the requested line of data contains no errors.

As per Claim 16
The non-transitory storage device of claim 15 wherein the instructions, when executed by the controller circuitry, cause the controller circuitry to further:
verify the requested line of data using the first data representative of the message authentication code 


As per Claim 18
The non-transitory storage device of claim [[14]] 15 wherein the instructions, when executed by the controller circuitry, cause the controller circuitry to further:
retrieve the Second Tier metadata portion from the sequestered, second memory portion responsive to a determination that the requested line of data contains an error; and
correct the error in the requested line of data using the error correction data portion included in the Second Tier metadata [[II]] portion.

As per Claim 19
A data storage system, comprising:
means for generating metadata for [[each]] a respective line of data [[one]] of a plurality of lines of data stored in memory circuitry, the metadata including: 
first data representative of a cryptographic message authentication code (MAC) associated with the respective line of data; and
second data representative of an error correction code (ECC) associated with the respective line of data, the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data; and
means for apportioning the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data and a Second Tier metadata portion stored in a sequestered, second memory circuitry portion remote from the respective line of data; 
the first data representative of the message authentication code 
wherein the Second Tier metadata portion includes at least a portion of the error correction data portion of the metadata associated with the respective line of data.

As per Claim 20
The data storage system of claim 19, further comprising:
means for retrieving and a requested line of data corresponding to the respective line of data from the first memory circuitry portion responsive to receipt of a read operation generated by an application executed by processor circuitry; 
means for determining whether an error exists in the requested line of data using the error detection data portion included in the First Tier metadata [[I]] portion and associated with the requested line of data; and
means for decrypting the requested line of data responsive to a determination that the requested line of data contains no errors.

As per Claim 21
The data storage system of claim 20, further comprising:
means for verifying the requested line of data using the first data representative of the message authentication code 
means for transferring the requested line of data to the processor circuitry responsive to a successful verification of the requested line of data.

As per Claim 23
The data storage system of claim [[19]] 20, further comprising:
means for retrieving the Second Tier metadata portion from the sequestered, second memory circuitry portion responsive to a determination that the requested line of data contains an error; and
means for correcting the error in the requested line of data using the error correction data portion included in the Second Tier metadata portion.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:

(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Allowable Subject Matter
Claims 1-23 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Regarding claim 1, Chhabra et al. (U.S. Patent Application Publication No. 2017/0091119 A1) discloses: A data storage system (device 100), comprising: 
memory circuitry (memory 104); 
controller circuitry (memory controller 110) to, for a respective line of data of a plurality of lines of data stored in memory circuitry (encrypted data line 124A-124D): generate metadata that includes: first data representative of a cryptographic message authentication code associated with the respective line of data 
(Paragraph [0023]: “In one example, a server, processing device and/or processor includes a processing core and a memory controller, operatively coupled to the processing core, to access data in the off-chip memory. A memory encryption engine (MEE) may be operatively coupled to the memory controller and the off-chip memory . . . The MEE may further compute an eMAC using the modified version line and detect an attempt to modify one of the non-MEE metadata bits by using the eMAC within a MEE tree walk to authenticate access to the plurality of data lines. The generation of the eMAC may take place by the MEE adding the non-MEE metadata bits to version values of a version line to generate the modified version line and executing an eMAC generation algorithm over the modified version line.”
Paragraph [0038]: “FIG. 3 illustrates a block diagram of a memory encryption engine (MEE) tree walk associated with reading data. Given an example where the device 100 utilizes SGX, MEE logic 114 may include at least two cryptographic protection mechanisms: encryption to defend against passive attacks and integrity/replay protection to defend against active attacks. Memory encryption is designed to defend against a class of hardware attacks where an attacker attempts to silently observe data lines as they move in and out of processor 102. To defend against these attacks, MEE logic 114 may employ encryption to protect 
Paragraph [0039]: “Integrity and replay protection may involve defending against active attacks to data lines in memory 104. An active attack may involve changing data stored in memory 104 to elicit activity in the device 100 that would otherwise not have happened. A counter tree organization as illustrated in FIG. 3 may be employed to protect the integrity and ensure replay protection of encrypted data lines 124A . . . D in memory 104. An example counter tree may include VER and MAC data line 128, metadata nodes L0 labeled 304, L1 labeled 312 and L2 labeled 318, and top-level (e.g., L3) counters 324. Note that the term node may be ascribed to individual pieces or segments of metadata, such as MAC and VER values, embedded MAC (eMAC) values, or a group or a line of such values. Accordingly, different metadata values may be variably referred to as nodes herein in order to describe the tree walk authentication, as will be discussed. The MAC 302 may be associated with the encrypted data line 124D. When the encrypted data line 124D is written back to memory 104, MAC 302 may be updated to reflect a measurement of the contents of the encrypted data line 124D currently being stored in memory. When the encrypted data line 124D is later read from memory, the MEE logic 114 may verify that the contents of the encrypted data line 124D have not been edited since last loaded based on MAC 302. Authentication utilizing the MAC 302 protects against modification attacks on the encrypted data line 124D while in memory 104, and thus, helps to ensure data integrity.”
The Examiner finds the memory controller directing the memory encryption engine (MEE) to generate message authentication code (eMAC) on each data line 124A-124D by adding metadata bits to version values to generate the modified version line for cryptographic protection as disclosed in Chhabra teaches the claimed “controller circuitry to, for a respective ; and 
. . . the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data (Paragraph [0037]; “Similarly, poison is used on server platforms for error containment. A data line failing error code correction (ECC) due to an error or attack is propagated back to the core 106A with the poison bit set to indicate that the data returning is corrupted so appropriate action can be taken to prevent the core 106A from consuming corrupted data.”
The Examiner finds the poison bit set to indicate that the data returning is corrupted for failing error code correction (ECC) so appropriate action can be taken to prevent the core 106A from consuming corrupted data as disclosed in Chhabra teaches the claimed “the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data.”); and 
apportion the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data in the memory circuitry and a Second Tier metadata portion stored in [the first memory portion] (Paragraph [0030]: “FIG. 1 shows only four encrypted data lines 124A . . . D corresponding to VER and MAC data in a single data line 128”.
The Examiner finds the MAC and added metadata bits to VER data line 128 as illustrated in Figure 1 of Chhabra teaches the claimed “apportion the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data in the memory circuitry and a Second Tier metadata portion stored in [the first memory portion]”.).
first data representative of a cryptographic message authentication code associated with the respective line of data; and second data representative of an error correction code associated with the respective line of data, the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data (Paragraph [0038]: An advantage of the memory arrangement shown in FIG. 5 is that the data and the associated MAC and ECC may be retrieved in a single read access for line 502.”
The Examiner finds the MAC and ECC located in data line 502 as illustrated in Figure 5 of Saileshwar teaches the claimed “first data representative of a cryptographic message authentication code associated with the respective line of data; and second data representative of an error correction code associated with the respective line of data, the error correction code including at least an error detection data portion associated with the respective line of data and an error correction data portion associated with the respective line of data”.).
However, the Examiner finds Chhabra and Saileshwar do not teach or suggest the claimed “data representative of an error correction code associated with the respective line of data, the error correction code including at least error detection data associated with the respective line of data and error correction data associated with the respective line of data; and apportion the metadata into a First Tier metadata portion stored in a first memory circuitry portion proximate the respective line of data in the memory circuitry and a Second Tier metadata portion stored in a sequestered, second memory circuitry portion remote from the respective line of data; wherein the First Tier metadata portion includes at least the error detection data portion and the message authentication code portion associated with the respective line of data; and wherein the Second Tier metadata portion includes at least a portion of the error correction data portion associated with the respective line of data.” A search of the 
Independent claims 9, 14 and 19 recite similar limitations as independent claim 1 and therefore, the Examiner finds claims 9, 14 and 19 are allowable for the same reasons as set forth above in claim 1.
	Claims 2-8, 10-13, 15-18 and 20-23 are also allowable due to their dependency on an allowable base claim.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Prior Art
	The prior art of record, considered pertinent to the applicant’s disclosure, is listed in the attached PTO-892 form.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KYLE VALLECILLO whose telephone number is (571)272-7716. The examiner can normally be reached 8:30 A.M. - 4:30 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KYLE VALLECILLO/Primary Examiner, Art Unit 2112