Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and email address in next communication, which will be very helpful to advance the prosecution.
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Generally the text that are italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text is neither italicized nor bolded are by the examiner.

Response to Amendment
This office action is response to the amendment filed on 12/13/2021 to the application 16/809,545 filed on 03/04/2020. Claims 1-18 and 20-21 are pending in this communication.  THOMSON; James Richard et al., US 2017/0171220 A1 has been used to address the newly added issues. Accordingly, this action has been made final.

Response to Arguments
Applicant's arguments filed 12/13/2021 have been fully considered.
Applicant’s Argument:
Applicant requests reconsideration and allowance of all pending claims in light of the arguments in page 6 amendments.
Examiner’s response:
These arguments have been respectfully considered and the following rejection addresses them. THOMSON discloses amended limitation in claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 & 7-10 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SHI; Mingjiang et al., Pat. No.: US 9,143,504 B1 in view of BILODI; Prakash et al., Pub. No.: US 2011/0038479 A1 and further in view of THOMSON; James Richard et al., Pub. No.: US 2017/0171220 A1.

Regarding Claim 1, SHI discloses a system, comprising:
…
a first physical connection {Fig. 3 element 140 – ‘In-Band Communication Connection’} between the host {Fig. 3 element 102 ‘Host’} and the storage device {Fig. 3 element 104 – ‘Data Storage System’}, wherein the first physical connection is configured to transfer one or more input/output requests (I/Os) {col. 2 lines 19-24, “The first secure communication connection may be an in band communication connection of a data path for transmitting I/O requests from the host to the data storage system and for providing requested host data that is stored on the data storage system to the host”}; and
a second physical connection between the host and the storage device {Fig. 3 element 150 – ‘Out of Band communication Connection’}, wherein:
the encryption unit is configured to encrypt an authentication signal {col. 17, “The host agent may encrypt information sent to the data storage system using the data storage system's public key”};
the host is configured to transmit the authentication signal using the second physical connection {Fig. 4 & col. 17 lines 28-33, “information provided from the host agent to the data storage system in step 420 over the out of band channel in response to the request from the data storage system may be encrypted such as, for example, through use of public-private keys or other suitable encryption technique”};
the storage device is configured to receive the authentication signal using the second physical connection {col. 2 lines 24-27, “The second communication connection may be an out of band communication connection of a management path used for management requests between the host and the data storage system”};
the decryption unit is configured to decrypt the authentication signal {col. 17 lines 40-42, “ The data storage system may then decrypt the received encrypted information using its private key (not shared with anyone else)”}; and
SHI, however, does not explicitly disclose
a host  including an encryption  unit; a storage device including a decryption unit;
…
the storage device is configured to process the one or more I/Os using the first physical connection based on the authentication signal received using the second physical connection.
In an analogous reference BILODI discloses
a host  including an encryption  unit; a storage device including a decryption unit {[0067], “instead of encryption and decryption occurring at intervening switches, the encryption and decryption may be performed at the storage devices of the SAN 100 that serve as targets, or at the hosts that serve as initiators of SAN requests”};
In an analogous reference THOMSON discloses
the storage device is configured to process the one or more I/Os using the first physical connection based on the authentication signal received using the second physical connection {ABS. “a network … device is provided for applying communications security services to data passing by means of the device from a first network to a second network, the device having a first network interface for linking to the first network, a second network interface for linking to the second network, and a unidirectional link between the first and second network interfaces within the device incorporating a first hardware logic module, configured to apply one or more predetermined data security functions to message data received via the first network interface, and a second hardware logic module, arranged to apply a predetermined scheme for authentication of the source of messages passing through the device”) (also see claim 22}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify SHI’s technique of ‘out-of-band authentication and encryption system to transfer data to a storage device’ for ‘physically placing encryption device in a transmitting host and physically placing decryption device in a storage device’, as taught by BILODI, and ‘capability to use two separate physical connection to receive authentication in one interface and payload data exchange over a different physical interface’, as taught by THOMSON in order to securely transfer data to a storage device. The motivation is to prevent intrusion of only one communication channel and getting control of both payload data and security metadata. When part of instruction parameters are exchanged over out-of-band communication channel it is difficult for an intruder to successfully hack both in-band and out-of-band communication channel and be successful in data intrusion.


Regarding Claim 7, SHI as modified by BILODI & THOMSON discloses all the features of claim 1. The combination further discloses
wherein the second physical connection includes at least one of a) a fiber optic medium or b) a wire {SHI: col. 5 lines 26-29, “the communication medium 2 may be a LAN connection and the communication medium 18 may be an iSCSI or Fibre Channel connection”}.

Regarding Claim 8, SHI as modified by BILODI & THOMSON discloses all the features of claim 1. The combination further discloses
wherein the first physical connection includes at least one of a wire, a fiber optic medium, a bus, or a fabric {SHI: col. 5 lines 21-24, “Each of the communication mediums 18 and 2 may be a network connection, bus, and/or other type of data link, such as a hardwire or other connections known in the art. For example, the communication medium 18 may be the … network or other wireless or other hardwired connection(s) by which the host systems 14a-14n may access and communicate with the data storage systems 12”}.

Regarding Claim 9, SHI as modified by BILODI & THOMSON discloses all the features of claim 1. The combination further discloses wherein: 
the first physical connection supports a first protocol having a first performance characteristic {SHI: col. 5 lines 21-24, “Each of the communication mediums 18 and 2 may be a network connection, bus, and/or other type of data link, such as a hardwire or other connections known in the art. For example, the communication medium 18 may be the … network or other wireless or other hardwired connection(s) by which the host systems 14a-14n may access and communicate with the data storage systems 12”. Examiner’s note: the first physical connection such as hardwired connections could be connected via 10/100 or higher Gbps Ethernet transceiver, which has a certain performance range};
the second physical connection supports a second protocol having a second performance characteristic {SHI: col. 5 lines 26-29, “the communication medium 2 may be a LAN connection and the communication medium 18 may be an iSCSI or Fibre Channel connection”. Examiner’s note: the second physical connection such as hardwired connections could be connected via 1 Gbps iSCSI vs. 4 Gbps Fibre Channel, which has a certain performance range}; and
the first performance characteristic of the first protocol is at least one of a) higher bandwidth orb) higher throughput than the second performance characteristic of the second protocol {SHI: col. 5 lines 21-24, 26-29. Examiner’s note: as explained above 10/100 Gbps Ethernet connection has substantially higher bandwidth/throughput compared with 1 Gbps iSCSI vs. 4 Gbps Fibre Channel}.

Regarding Claim 10, SHI as modified by BILODI & THOMSON discloses all the features of claims 9 & 1. The combination further discloses
wherein the first physical connection is associated with a main data path {SHI: Fig. 3 element 140 – ‘In-Band Communication Connection’. Examiner’s note: ‘In-Band communication connection’ such as switched intranet is used for main data exchange in the network}, and the second physical connection is associated with a sideband signal channel {SHI: Fig. 3 element 150 – ‘Out of Band communication Connection’. Examiner’s note: ‘Out of Band communication Connection’ such as link 2 in Fig. 1 as cited above is considered sideband for management system 6}.

 Claims 11-15 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SHI; Mingjiang et al., Pat. No.: US 9,143,504 B1 in view of BILODI; Prakash et al., Pub. No.: US 2011/0038479 A1 and THOMSON; James Richard et al., Pub. No.: US 2017/0171220 A1 and further in view of AHN; Jung-Chak et al., Pat. No.: US 8,970,768 B2.

Regarding Claim 11, SHI and BILODY & THOMSON combination further discloses 
the … [storage device] includes the decryption unit {BILODI: [0067], “instead of encryption and decryption occurring at intervening switches, the encryption and decryption may be performed at the storage devices of the SAN 100 that serve as targets, or at the hosts that serve as initiators of SAN requests”}; and
… storage controller {SHI: col. 7 lines 57-65, “each row of disks may be connected to a disk adapter ("DA") or director responsible for the backend management of operations to and from a portion of the disks 24. In the system 20a, a single DA, such as 23a, may be responsible for the management of a row of disks, such as row 24a. In a data storage system such as by EMC Corporation, a backend DA may also be referred to as a disk controller. The DA may performed operations such as reading data from, and writing data to, the physical devices which are serviced by the DA”} …
The combination, however, does not disclose wherein:
the storage device further includes a solid state drive (SSD) controller;
…
the … [semiconductor device] includes a back side illumination (BSI) complementary metal-oxide-semiconductor (CMOS) image sensor.
In a relevant technology reference AHN discloses
the storage device further includes a solid state drive (SSD) … [controller] {col. 15 lines 51-52, “The storage device 1030 may be a solid state drive”};
…
the … [semiconductor device] includes a back side illumination (BSI) {col. 4 lines 15-20, “As illustrated in FIG. 1, the light may illuminate through the back side BACK of the semiconductor substrate 110 after passing through the micro lenses 150 and the color filters 140. Thus, an image sensor having the unit pixel array 100 of FIG. 1 can be defined as a back side illumination (BSI) image sensor”} complementary metal-oxide-semiconductor (CMOS) image sensor {col. 4 lines 27-34, “Here, the interlayer insulating layer 120 may include gate terminals of transistors (not illustrated) composing the signal generating circuit, and multi-layer conductive lines. In a CMOS image sensor, for example, the interlayer insulating layer 120 may include gates of transfer transistors, gates of reset transistors, gates of source follower transistors, gates of select transistors, and gates of bias transistors”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify SHI’s technique (as modified by BILODI & THOMSON) of ‘out-of-band authentication and encryption system to transfer data to a storage device for physically placing encryption device in a transmitting host and physically placing decryption device in a storage device’ for incorporating technology of CMOS image sensor’s back-side illumination technique in a solid-state drive (SSD)’ by AHN. The motivation is - SSDs deliver faster load times for games, applications, and movies. Because of the technology they use, SSDs are lighter and better able to withstand movement. In addition, solid state drives use less energy, allowing computers to run cooler.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 12, SHI as modified by BILODI & THOMSON and AHN discloses all the features of claims 11 & 1. The combination further discloses 
… authentication signal {SHI: col. 17, “The host agent may encrypt information sent to the data storage system using the data storage system's public key”} …
wherein the BSI CMOS image sensor is configured to detect a state of the … [signal] {AHN: col. 1 lines 19-24, “An image sensor is a device that transforms incident light to an electric signal. A charge coupled device (CCD) image sensor and a complementary metal oxide semiconductor (CMOS) image sensor are widely used. Generally, incident light reaches a target unit pixel after passing through a micro lens and a color filter in the image sensor”. Examiner’s note: sensing electric signal and light transformations are state change}.

Regarding Claim 13, SHI as modified by BILODI & THOMSON and AHN discloses all the features of claims 11 & 1. The combination further discloses wherein:
the SSD controller includes a substrate {AHN: col. 4 lines 15-20, “As illustrated in FIG. 1, the light may illuminate through the back side BACK of the semiconductor substrate 110 after passing through the micro lenses 150 and the color filters 140. Thus, an image sensor having the unit pixel array 100 of FIG. 1 can be defined as a back side illumination (BSI) image sensor”}; and
the BSI CMOS image sensor includes a light receiving part that is disposed on a back side of the substrate{AHN: col. 5 lines 32-44, “The anti-reflective layer 160 may prevent incident light entering through the micro lenses 150 and the color filters 140 from reflecting on the back side BACK of the semiconductor substrate 110. The anti-reflective layer 160 may also prevent incident light that is refracted by the refractive bodies 130 from reflecting on the back side BACK of the semiconductor substrate 110. Thus, incident light may efficiently penetrate the anti-reflective layer 160 such that sensing efficiency (e.g., light-receiving efficiency and photo sensitivity) may be improved. In an exemplary embodiment, the anti-reflective layer 160 may be formed by alternately laminating materials having different refractive indices”}.

Regarding Claim 14, SHI as modified by BILODI & THOMSON and AHN discloses all the features of claims 13, 11 & 1. The combination further discloses
wherein the light receiving part comprises a pixel {col. 15 line 66 – col. 16 line 2, “a unit pixel array of an image sensor according to some example embodiments has a plurality of light path converters such as refractive bodies or reflective bodies to improve sensing efficiency”}.

Regarding Claim 15, SHI as modified by BILODI & THOMSON and AHN discloses all the features of claims 13, 11 & 1. The combination further discloses
wherein the light receiving part includes a micro-lens {col. 16 lines 2-6, “Accordingly, incident light or light being diffracted by micro lenses may be captured by only target unit pixels (i.e., not by peripheral unit pixels) such that an undesirable optical crosstalk may be efficiently prevented”}.

Claims 16 & 17 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SHI; Mingjiang et al., Pat. No.: US 9,143,504 B1 in view of BILODI; Prakash et al., Pub. No.: US 2011/0038479 A1, and THOMSON; James Richard et al., Pub. No.: US 2017/0171220 A1 and further in view of SHINSATO; Mecen, Pub. No.: US 2013/0050955 A1.

Regarding Claim 16, SHI as modified by BILODI & THOMSON discloses all the features of claim 1. The combination further discloses
… decryption unit {BILODI: [0067], “instead of encryption and decryption occurring at intervening switches, the encryption and decryption may be performed at the storage devices of the SAN 100 that serve as targets, or at the hosts that serve as initiators of SAN requests”} …
However, the combination does not explicitly disclose wherein:
the storage device further includes one or more storage enclosures; the one or more storage enclosures includes one or more SSD controllers; and the … [semiconductor device] is associated with the one or more SSD controllers of the one or more storage enclosures.
 In a relevant reference SHINSATO discloses
the storage device further includes one or more storage enclosures; the one or more storage enclosures includes one or more SSD controllers; and the … [semiconductor device] is associated with the one or more SSD controllers of the one or more storage enclosures {[0004], “Storage systems, especially larger storage systems, often utilize enclosures that mount in racks/cabinets where each enclosure provides power, cooling, and various other common resources for a plurality of storage devices (e.g., rotating magnetic or optical disk drives as well as solid-state drives). In large storage systems, there may be several such enclosures in a tall rack and potentially several such racks”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify SHI’s technique (as modified by BILODI) of ‘out-of-band authentication and encryption system to transfer data to a storage device for motivation is for improved access to storage devices from the sides of sleds mounted in storage enclosures and to optimize SSD footprints to be scaled in enclosures and racks to save electric power consumption of the manufacturing plan or manufacture storage device.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 17, SHI as modified by BILODI & THOMSON discloses all the features of claim 1. The combination further discloses
… decryption unit {BILODI: [0067], “instead of encryption and decryption occurring at intervening switches, the encryption and decryption may be performed at the storage devices of the SAN 100 that serve as targets, or at the hosts that serve as initiators of SAN requests”} …
However, the combination does not explicitly disclose wherein: 
the storage device further includes one or more storage racks; the one or more storage racks includes one or more storage enclosures; the one or more storage enclosures includes one or more SSD controllers; and the … [semiconductor device] is associated with the one or more SSD controllers of the one or more storage enclosures of the one or more storage racks.
In a relevant reference SHINSATO discloses
the storage device further includes one or more storage racks; the one or more storage racks includes one or more storage enclosures; the one or more storage enclosures includes one or more SSD controllers; and the … [semiconductor device] is associated with the one or more SSD controllers of the one or more storage enclosures of the one or more storage racks {[0004], “Storage systems, especially larger storage systems, often utilize enclosures that mount in racks/cabinets where each enclosure provides power, cooling, and various other common resources for a plurality of storage devices (e.g., rotating magnetic or optical disk drives as well as solid-state drives). In large storage systems, there may be several such enclosures in a tall rack and potentially several such racks”}.

Allowable subject matter
Claim 2 will be allowable if written in independent form with base system claim 1. Claims 3-6 & 21 are also objected, however, the applicant has option to write only claims 2 in independent form in base claim 1 and write claims 3-6 & 21  as dependent claims of claim 1 with proper antecedent basis; (OR the applicant can simply cancel dependent claims 3-6 & 21). Also it is required to restore “continuous authentication” in the preamble as before, the reason is the phrase “continuous authentication” properly described as claimed in claim 2, which is objected as allowable subject 
Reasons of allowance: what is missing from the prior arts is: An out-of-band authentication and encryption system to transfer data to a storage device, monitoring periodically incremented integer value in requesting authentication signal and ceasing processing of input output responses in the storage device if the integer value is not received within a set threshold value.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491