DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 02/13/2020. Claims 1-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/790,243.
                                                   Allowable Subject Matter 
Claims 3-4, and 6-9 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 5, and 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over WO2012/167583A1 issued to James Hughes and in view of US Patent No. (US2019/0156069) issued to HEO.
Regarding claim 1, Hughes discloses, a method of operating a memory system, the method comprising: writing, by a host device, first security data and a first timestamp to a first memory area which is an external memory area [¶95, VBS-initiator operations 475 may begin with the VBS-initiator performing a check to determine if multiple storage nodes in the high reliability storage system are available for use (block 480). If multiple storage nodes in the high reliability storage system are available for use, then the VBS-initiator may perform a check to determine if checkpoint timestamps of the various storage nodes match, which may include the checkpoint timestamp of a formerly failed storage node (block 482). If the checkpoint timestamp of the various storage nodes match (block 484), then the VBS-initiator may allow access attempts to information in the high reliability storage system], and [¶98, VBS-target operations 500 may begin with the VBS-target receiving an access attempt from a VBS-initiator of the computer (block 505). As discussed previously, there may be two different types 
 updating, by the host device, a second timestamp based on the first timestamp, the second timestamp corresponding to the first timestamp and being stored in a second memory area distinguished, from the first memory area [¶65, Part of the interrogation process may include synchronizing the storage nodes associated with the VBS-targets. For example, if the timestamps of the checkpoints of the storage nodes do not match, the VBS-client may have the VBS-targets perform a synchronization operation so that the timestamps match. By synchronizing the VBS-targets, it may be ensured that the storage nodes at all at the same state before operation commences], and [see claim 11, wherein synchronizing the storage system comprises: comparing a first timestamp of the first storage node with a second timestamp of the second storage node; and updating an older storage node with an older timestamp with contents of a newer storage node with a newer timestamp], and  [¶96,  However, if the checkpoint timestamps of the various storage nodes do not match (block 484), then the VBS-initiator may synchronize the various storage nodes (block 486) before allowing access attempts to information in the high reliability storage system. According to an example embodiment, the VBS-initiator may synchronize the various storage nodes with unsuccessful and/or un-acknowledged access attempts that have occurred since a common checkpoint timestamp for 
 receiving, by the host device, a first notification signal representing a result of the updating [¶100] If the access attempt is a write access attempt, then the VBS-target may update its block list with information associated with the write access attempt, including which blocks are affected by the write access attempt, amount of information being written, time of the write access attempt, and so on (block 511). The VBS-target may also write the information to be written to its storage device (block 513),  After updating its block list and writing the information to the storage device, the VBS-target may send a message to either a next VBS-target in the sequential loop in the high reliability storage system, wherein the message comprises the write access attempt, or send an acknowledgement to the VBS-initiator that indicates that the access attempt successfully completed (block 515)], and[ ¶¶101, 108-110].
completing a writing operation for the first security data when it is determined, by the host device, based on the first notification signal that the second timestamp is successfully updated [¶¶66, Once the high reliability storage system is initiated, the VBS-client may access information stored on the high reliability storage system (block 310). According to an example embodiment, the VBS-client may typically access information stored on the high reliability storage system with either a write access attempt wherein information provided with the write access attempt may be written to one or more blocks in the high reliability storage system or a read access attempt wherein information stored in one or more blocks in the high reliability storage system may be read and provided to the VBS-client], and [¶67, According to an example embodiment, the VBS-client may access information by sending an access attempt 
Hughes does not explicitly disclose, however, HEO discloses writing, by a host device, first security data and a first timestamp for preventing a replay attack to a first memory area which is an external memory area [ [0041, FIG. 2 is a block diagram illustrating a detailed configuration of an encryptor of FIG. 1. FIG. 2 will be described with reference to FIG. 1. To defend against a replay attack of an attacker, an encryptor 130 may periodically update a timestamp stored in a memory device 160 of FIG. 1. For this purpose, the encryptor 130 may include a timer 131 and a counter 132. The encryptor 130 may also include an 131 may calculate an update period of a timestamp. The timestamp may be concatenated with security data and may be encrypted. When a time elapses by the update period, the timer 131 is configured to request the counter 132 and the encryption/decryption unit 133 to update the timestamp. In detail, the timer 131 may generate an update signal for updating the timestamp], and [¶¶34-35, 37-38], and [see FIG8 and corresponding text for more detail].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hughes with the teaching of HEO in order for a SoC to defend against a repay attack of an attacker by an encryptor which periodically update a timestamp stored in a memory device [ ¶¶38, 41].
Regarding claim 2, Hughes discloses setting, by the host device, the first timestamp based on the second timestamp stored in the second memory area when the memory system is powered on [¶65, Part of the interrogation process may include synchronizing the storage nodes associated with the VBS-targets. For example, if the timestamps of the checkpoints of the storage nodes do not match, the VBS-client may have the VBS-targets perform a synchronization operation so that the timestamps match. By synchronizing the VBS-targets, it may be ensured that the storage nodes at all at the same state before operation commences], and [see claim 11, wherein synchronizing the storage system comprises: comparing a first timestamp of the first storage node with a second timestamp of the second storage node; and updating an older storage node with an older timestamp with contents of a newer storage node with a newer timestamp], 
Regarding claim 5, Hughes discloses wherein the writing operation for the first security data is performed only after the setting of the first timestamp is successfully completed [¶¶67-68, According to an example embodiment, the VBS-client may access information by sending an access attempt (e.g., either a write access attempt or a read access attempt) to a primary storage node in the high reliability storage system. If the access attempt is a read access attempt, then the primary storage node may respond to the read access attempt by sending information corresponding to the read access attempt directly to the VBS-client. However, if the access attempt is a write access attempt, the primary storage node may forward the write access attempt to other storage nodes arranged in a sequential loop in the high reliability storage system instead of responding to the VBS-client directly. The storage nodes (including the primary storage node) may write information associated with the write access attempt to their respective storage devices and update their own modified block list with information about the write access attempt. A final storage node (for example, a secondary storage node in a two-storage node system) in the high reliability storage system may, in addition to writing the information associated with the write access attempt and updating its own 
Regarding claim 10, Hughes discloses, further comprising: determining that the writing operation for the first security data is failed when it is determined, by the host device, based on the first notification signal that the second timestamp is not successfully updated [¶96, However, if the checkpoint timestamps of the various storage nodes do not match (block 484), then the VBS-initiator may synchronize the various storage nodes (block 486) before allowing access attempts to information in the high reliability storage system. According to an example embodiment, the VBS-initiator may synchronize the various storage nodes with unsuccessful and/or un-acknowledged access attempts that have occurred since a common checkpoint timestamp for the various storage nodes. If there is no common checkpoint timestamp between the various storage nodes, the various storage nodes may need to be synchronized in their entirety with storage nodes that were not faulty].
Regarding claim 11, Hughes discloses, wherein the first timestamp is changed and updated in the second memory area whenever the first security data is written to the first memory area [¶65, part of the interrogation process may include synchronizing the storage nodes associated with the VBS-targets. For example, if the timestamps of the checkpoints of the storage nodes do not match, the VBS-client may have the VBS-targets perform a synchronization operation so that the timestamps match. By synchronizing the VBS-targets, it may be ensured that the storage nodes at all at the same state before operation commences], and [see claim 11, 
Regarding claim 12, Hughes discloses, further comprising: changing, by the host device, the first security data and the first timestamp; re-writing, by the host device, the changed first security data and the changed first timestamp to the first memory area; re-updating, by the host device, the second timestamp based on the changed first timestamp; receiving, by the host device, a second notification signal representing a result of re-updating the second timestamp; and completing a re-writing operation for the changed first security data when it is determined, by the host device, based on the second notification signal that the second timestamp is successfully re-updated [¶65, part of the interrogation process may include synchronizing the storage nodes associated with the VBS-targets. For example, if the timestamps of the checkpoints of the storage nodes do not match, the VBS-client may have the VBS-targets perform a synchronization operation so that the timestamps match. By synchronizing the VBS-targets, it may be ensured that the storage nodes at all at the same state before operation commences], and [see claim 11, wherein synchronizing the storage system comprises: comparing a first timestamp of the first storage node with a second timestamp of the second storage node; and updating an older storage node with an older timestamp with contents of a newer storage node with a newer timestamp], and [¶98,VBS-target operations 500 may begin with the VBS-target receiving an access attempt from a VBS-initiator of the computer (block 505). As discussed previously, there may be two different types of access attempts, namely, a read access attempt and a write access attempt. The VBS-target may respond differently depending on the type of the access attempt], and [¶100,  If the access attempt is a write access attempt, then the VBS-target may update its block list with information associated with the write access attempt, including which blocks are affected by the write access attempt, amount of information being written, time of the write access attempt, and so on (block 511). The VBS-target may also write the information to be written to its storage device (block 513). After updating its block list and writing the information to the storage device, the VBS-target may send a message to either a next VBS-target in the sequential loop in the high reliability storage system, wherein the message comprises the write access attempt, or send an acknowledgement to the VBS-initiator that indicates that the access attempt successfully completed (block 515)], and[ ¶¶101, 108-110].
Regarding claim 13, Hughes discloses, wherein: the first memory area is included in a nonvolatile memory device disposed outside the host device, and the second memory area is included in a secure nonvolatile memory device formed separately from the nonvolatile memory device [¶39,  Storage device 115 may be realized as a solid state memory 120 (such as flash memory, solid state hard drive, etc.), a magnetic media 125 (such as magnetic disk drive, magnetic tape, or so on), and/or optical media that is directly coupled to computer 110, or remote storage 130 coupled to computer 110 through a network interface 135 and an access network 140. Storage device 115 may also be realized as combinations of the above], and [¶43] High reliability storage system 210 may include one or more storage devices, such as solid state memory, magnetic media devices (e.g., disk drives, magnetic tape), optical devices, and so forth, which may be local to computer 205, coupled to computer 205 through an access network, or a combination thereof].
Regarding claim 14, Hughes discloses wherein the first memory area and the second memory area are included in a nonvolatile memory device disposed outside the host device[¶39,  Storage device 115 may be realized as a solid state memory 120 (such as flash memory, solid state hard drive, etc.), a magnetic media 125 (such as magnetic disk drive, magnetic tape, or so on), and/or optical media that is directly coupled to computer 110, or remote storage 130 coupled to computer 110 through a network interface 135 and an access network 140. Storage device 115 may also be realized as combinations of the above].
Regarding claim 15, the claim is rejected and interpreted for the same rational set forth in claim 1.
Regarding claim 16, Hughes discloses, further comprising: a secure element integrated in the host device, wherein the first security data and the first timestamp are processed by the secure element[¶39,  Storage device 115 may be realized as a solid state memory 120 (such as flash memory, solid state hard drive, etc.), a magnetic media 125 (such as magnetic disk drive, magnetic tape, or so on), and/or optical media that is directly coupled to computer 110, or remote storage 130 coupled to computer 110 through a network interface 135 and an access network 140. Storage device 115 may also be realized as combinations of the above], and [¶41,  Figure 2a illustrates a high level view of a computing system 200. Computing system 200 includes a computer 205 and a high reliability storage system 210 coupled to computer 205. While it is understood that computing systems may employ multiple computers capable of accessing multiple storage systems, only one computer and one high reliability storage system are illustrated for simplicity], and [¶44,  Computer 205 may communicate with high reliability storage system 210 by issuing requests (e.g., a read request and/or a write request) to high reliability storage system 210 and receiving responses from high reliability storage system 210. The responses may be in the form of information requested in a read access attempt and/or an acknowledgement to a write access attempt. Furthermore, requests may include state information, control commands].
Regarding claim 17, Hughes does not explicitly disclose, however, Heo discloses The memory system of claim 16, wherein the secure element and the secure nonvolatile memory device communicate with each other using a secure protocol[¶3,  An application processor (AP) may be implemented as an SoC. The SoC may be one chip into which various (multiple different) systems are integrated, such as on a single integrated substrate. Since the various systems are integrated into the SoC, a capacity of an internal memory (e.g., a static random-access memory (SRAM)) of the SoC may be limited. Due to the limited capacity of the internal memory, the SoC may communicate with an external memory device], and [¶4,  When 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hughes with the teaching of HEO in order for a SoC to defend against a repay attack of an attacker by an encryptor which periodically update a timestamp stored in a memory device [ ¶¶38, 41].
Regarding claim 18, Hughes discloses, wherein the host device and the secure nonvolatile memory device are formed in a single semiconductor package[¶¶43-44, High reliability storage system 210 may include one or more storage devices, such as solid state memory, magnetic media devices (e.g., disk drives, magnetic tape), optical devices, and so forth, which may be local to computer 205, coupled to computer 205 through an access network, or a combination thereof. Computer 205 may communicate with high reliability storage system 210 by issuing requests (e.g., a read request and/or a write request) to high reliability storage system 210 and receiving responses from high reliability storage system 210. The responses may be in the form of information requested in a read access attempt and/or an acknowledgement to a write access attempt. Furthermore, requests may include state information, control commands
Regarding claim 19, Hughes discloses, wherein the host device and the secure nonvolatile memory device are formed in separated semiconductor packages[¶¶43-
Regarding claim 20, the claim is rejected and interpreted for the same rational set forth in claim 1.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Belady (US4040034A] [ (8) These and other objects are achieved by the present invention which provides a data security system employing an automatic time-stamping mechanism for stamping a time code in a storage element associated with each data storage section of a memory, such that each read or write of data updates the appropriate time stamp. A first instruction provides the fetch of time code with regard to the memory, and a second instruction provides the fetch with regard to information contained in the data channel corresponding to the auxiliary storage devices. For every storage section of a memory, there is a time stamp storage element associated with it. Similarly, there is a time stamp storage element associated with every data channel. Whenever a memory storage section is read from or written into is accessed, the time stamp in the form of a unique binary number from a continuously running clock, indicating the time of day and date, is inserted into the time stamp storage element associated with that memory storage section. Examination of the contents of each time stamp storage element enables determination of whether there has been access. A full memory address register is used to access data in the memory while only special high order bits of the memory address register are used to access the time stamp storage element associated with the memory storage section. In this fashion, the system provides 

DE102013114953A1[ Embedded Security Module (ESM) architectures require non-volatile memory to guard against tampering and obstruction, for example by storing keys for encryption and authentication, certificates, signatures, code (secure operating system and security applications), etc. External storage can not meet the above requirements, especially regarding replay attacks and individual chip encryption. Therefore, certifiable high-end security products typically implement technologies with embedded NVM (non-volatile memory), such as non-volatile memory. Embedding these embedded NVM technologies causes major changes to the underlying logic process and is therefore quite expensive… The security information stored by the nonvolatile memory may include keys for encrypting the data and the code accessed by the security processor, keys for authenticating access to the embedded security module, certificates, signatures, boot code, and / or timestamps for counteracting replay attacks on external memories used to store the data and code accessed by the security processor. 

Cueron (US8468365) (IDS) [A method and apparatus for protecting against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a "time stamp" indicator. An incrementing mechanism using the "time stamp" indicator generates a tweak which separates different contexts over different times such that the effect of "Type 2 replay attacks" is mitigated].

Ludwig (US2013/0054917A1) [ [0056] In a fourth alternative embodiment, source process 202 may store a timestamp into shared memory section 208 and target process 206 may detect an attack including, but not limited to a replay attack, based on the stored timestamp. FIG. 8 is a flowchart illustrating an exemplary process performed by source process 202 during act 306 (FIG. 3) in the fourth alternative embodiment. The process may begin with source process 202 performing any actions for preparing data for writing (act 802). Act 802 may include data generation or formatting in some embodiments. Source process 202 may include a current timestamp with the data to be written to shared memory section 208 (act 804). Source process 202 may then write the data and the timestamp to shared memory section 208 (act 806)].

Benoit(US9621549B2)(IDS)[ (2) The present invention relates generally to determining whether data stored in an external nonvolatile memory is valid in order to prevent an attack such as a rollback attack.7) An aspect of the present invention may reside in an integrated circuit, comprising: a processor configured to: retrieve the first data-validity information, associated with first data stored in an external nonvolatile memory, from a secure remote server over a secure communication channel, wherein the secure processor uses mutual authentication with the secure remote server to secure the secure communication channel; retrieve the first data from the external nonvolatile memory; obtain second data-validity information associated with the first data; compare the first data-validity information with the second data-validity information to generate a 

XIA(US2010/0138917) [0023] In order to measure rate-based statistics for a plurality of packets that are sent from the same IP address, the time stamp of the last (most recent) packet received from that IP address and statistics (e.g., BPS, PPS and/or SR) associated with that time stamp and IP address are stored in the memory 140, in one embodiment. The update block 110 updates the time stamps and the statistics stored in the memory 140 in the manner described below. In one embodiment, the refresh block 120 periodically refreshes the statistics and updates the time stamps stored in the memory 140--more specifically, as described in further detail below, the refresh block automatically updates time stamps and refreshes statistics when a specified time period expires. The update block 110 and the refresh block 120 refresh statistics by setting their respective values to a specified initializing value. When updating the time stamps, the update block 110 and the refresh block 120 set selected time stamps to the current system time 132.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496