DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 08/31/2020 and 12/22/2021 have been considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-8 rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
As per claims 1 and 8, the claims recite systems comprising components which may be interpreted simply as software, which does not fall under one of the four statutory categories.  The recitation of "a controller", “a node” and “a host” do not limit the claims to hardware, since controllers, nodes and hosts are not necessarily considered as hardware and may refer to software.  
Dependent claims 2-7 depend on independent claim 1 and they do not further limit the claim to statutory subject matter, therefore they are also rejected under 35 U.S.C. 101.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-3, 5 and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit et al. US2017/0329995 hereinafter referred to as Benoit, in view of McLean US2009/0075630, and England et al. US2003/0200440 hereinafter referred to as England.
As per claim 1, Benoit teaches a storage system comprising: a controller to which an authentication key is allocated; and a node (Benoit paragraph [0029], [0055], subsystem has a key to generate authentication tag. Subsystem communicates with nvm), 
wherein the controller is configured to generate encrypted data in which the data is encrypted using a data encryption key (Benoit paragraph [0029], [0055], [0094], subsystem encrypt data), 
generate an authentication code based on the data using the authentication key (Benoit paragraph [0029], [0055], [0094], subsystem generates authentication tag for the data), and 
transmit the encrypted data and the authentication code to the node (Benoit paragraph [0029], [0055], [0062], [0094], subsystem send write request which includes the encrypted data and authentication tag to nvm), 
the node is configured to receive the encrypted data and the authentication code that are transmitted from the controller (Benoit paragraph [0029], [0055], [0064], [0099], nvm receives write request with which includes the encrypted data and authentication tag), 
store the encrypted data and the authentication code (Benoit paragraph [0055], [0065], [0101], nvm stores the encrypted data with the authentication tag), and 
transmit the encrypted data and the authentication code that are stored to the controller (Benoit paragraph [0055], [0089], [0091], nvm transmits encrypted data and authentication tag to subsystem), and 
the controller is further configured to receive the encrypted data and the authentication code that are transmitted from the node (Benoit paragraph [0055], [0058], [0084],  [0091], subsystem receives encrypted data and authentication tag from nvm), and 

Benoit does not explicitly disclose perform operation based on a verification result of authentication code transmitted from node.  
Mclean teaches perform operation based on a verification result of authentication code transmitted from node (Mclean paragraph [0051], perform operation based on verification of the received mac of the data).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Benoit with the teachings of Mclean to include having a shared authentication key and verifying the mac of the data in order to double check the integrity of the data before decrypting and/or storing the data.
Benoit in view of Mclean does not explicitly disclose generate an authentication code based on encrypted data.
England teaches generate an authentication code based on encrypted data (England paragraph [0078], generate mac based on encrypted data).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Benoit in view of Mclean with the teachings of England to include generating a mac based on the encrypted data because the results would have been predictable and resulted in a mac generation and verification based on the encrypted data.

As per claim 2, Benoit in view of Mclean and England teaches the storage system according to claim 1, wherein the node is configured to store the encrypted data and the authentication code based on a verification result of the authentication code transmitted from the controller (Benoit paragraph [0065], [0100]-[0101], nvm stores the encrypted data and authentication tag based on verification of data from the subsystem; Mclean paragraph [0051], perform operation based on verification of the received mac of the data).  

As per claim 3, Benoit in view of Mclean and England teaches the storage system according to claim 1, wherein the node is configured to read the encrypted data and the authentication code that are stored, and transmit the encrypted data and the authentication code that are read to the controller (Benoit paragraph [0055], [0089], [0091], nvm reads and transmits encrypted data and authentication tag to subsystem).  

As per claim 5, Benoit in view of Mclean and England teaches the storage system according to claim 2, wherein the controller and the node are coupled to each other via a communication network (Benoit paragraph [0029], subsystem and nvm communicates with each other).  

As per claims 8-10, the claims claim a system and a method essentially corresponding to the system claims 1-2 above, and they are rejected, at least for the same reasons.

Claims 4 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit in view McLean and England, and further in view of Negishi et al. US2011/0305335 hereinafter referred to as Negishi.
As per claim 4, Benoit in view of Mclean and England teaches the storage system according to claim 1.
Benoit in view of Mclean and England does not explicitly disclose wherein controller is configured to generate authentication code based on data and a sequence number that is a serial number of transmission of the data.  
Negishi teaches wherein controller is configured to generate authentication code based on data and a sequence number that is a serial number of transmission of the data (Negishi paragraph [0189]-[0190], generate mac based on data and sequence number).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Benoit in view of Mclean and England with the teachings of Negishi to include generating a mac based on a sequence number in order to provide entropy for the mac generation/verification.
As per claim 7, Benoit in view of Mclean and England teaches the storage system according to claim 1, the controller is configured to receive the encrypted data, the authentication code (Benoit paragraph [0055], [0058], [0084],  [0091], subsystem receives encrypted data and authentication tag from nvm), and 
decrypt the encrypted data based on a verification result of the received authentication code (Benoit paragraph [0086], subsystem decrypts the encrypted data based on verification of data from the nvm; Mclean paragraph [0051], perform operation based on verification of the received mac of the data).  
Benoit in view of Mclean and England does not explicitly disclose wherein node is configured to generate authentication code based on data and a sequence number that is a serial number of transmission of the data using authentication key, and 
controller is configured to receive the sequence number from the node
Negishi teaches wherein node is configured to generate authentication code based on data and a sequence number that is a serial number of transmission of the data using authentication key (Negishi paragraph [0189]-[0190], [0195], generate mac based on data and sequence number), and 
controller is configured to receive the sequence number from the node (Negishi paragraph [0189]-[0190], receive sequence number)
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Benoit in view of Mclean and England with the teachings of Negishi to include generating a mac based on a sequence number in order to provide entropy for the mac generation/verification.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Benoit in view McLean and England, and further in view of Jacquin et al. US2017/0302454 hereinafter referred to as Jacquin.
As per claim 6, Benoit in view of Mclean and England teaches the storage system according to claim 5.

Jacquin teaches wherein a key management server for managing data encryption key and authentication key provides the keys to devices, via communication network (Jacquin paragraph [0031], [0047], [0048]-[0049], key management server provides key to devices).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Benoit in view of Mclean and England with the teachings of Jacquin to include a key management server generating and distributing keys in order to provide a central entity for key management for the system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.