DETAILED ACTION
This Office Action is in response to application 17/157,560 filed on January 25, 2021.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending and herein considered. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/25/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Kanno U.S. Pub. Number 2019/0361605.
Regarding claim 1; Kanno discloses a device comprising:
a communications circuit configured to communicate with a storage device controller and a host device (para. [0032], fig. 1 and fig. 2, host (server) 2 and the flash storage devices 3 are interconnected via an interface 50; para. [0037] The host (server) 2 has a storage management function of managing plural flash storage devices 3 constituting a flash array);
a processing device (fig. 2, controller) configured to:
receive a request from the storage device controller through the communications circuit, the request requesting first data be written to a memory address of the host device (para. [0045] in data read processing, the host 2 sends a read request designating a physical address indicative of a physical storage location in a block of the NAND flash memory where the data to be read is stored, to the flash storage device 3); The Examiner interpret that in response to the read request, data is written to the host.
identify a key associated with the write request based on the memory address (para. [0049] the read processing for reading the encrypted data, the encrypted data is read from this block, and the read encrypted data is decrypted with the encryption key (first encryption key) and the physical address included in the read request);
generate second data based on the key, the second data being the first data in a decrypted format (para. [0047] an operation of decrypting the encrypted data when the encrypted data is to be read from the NAND flash memory); and
initiate transfer, through the communications circuit, of the second data to the host device (para. [0047] flash storage device 3 is configured to execute an encryption/decryption operation…an operation of decrypting the encrypted data when the encrypted data is to be read from the NAND flash memory; para. [0062] fig, 2, host interface 11 is a host interface circuit configured to execute communication with the host 2).

Regarding claim 2; Kanno discloses the device of claim 1, wherein the processing device is further configured to:
receive a read command from the host device through the communications circuit, the read command identifying a memory range and the key tag (para. [0070] each LBA range starts with LBA0. In a case where the plural regions are implemented by plural namespaces, each read/write request may include or may not include the namespace ID as the region ID. If each read/write request includes the namespace ID, the controller 4 can select an encryption key associated with the region (namespace) indicated by the namespace ID designated by the read/write request received from the host 2, as the encryption key to be used for the data encryption (or decryption).
store an association between the memory range and the key tag in a memory device (para. [0070] plural regions may be implemented by plural namespaces…individual namespaces are identified by identifiers of the namespaces (namespace IDs: NSIDs). LBA ranges (LBA0 to LBAn-1) are allocated to each region. The size of the LBA range (that is, the number of LBAs) is variable for each region);
identify the key tag in response to the memory address corresponding to the memory address range based on the association (para. [0070] the controller 4 can select an encryption key associated with the region (namespace) indicated by the namespace ID …the controller 4 can select the encryption key associated with the region (namespace) to which the block having the designated block address belong); and
identify the key based on the key tag (para. [0114] a certain region ID (ID#x) is supplied from the write operation control unit 21 to the encryption key storage region 80, the encryption key management table 33A of the encryption key storage region 80 outputs an encryption key (KEY#x) corresponding to the region ID (ID#x)).

Regarding claim 3; Kanno discloses the device of claim 2, wherein the processing device is further configured to initiate transfer of the read command to the storage device controller (para. [0062] host interface 11 receives various requests (commands) from the host 2. The requests (commands) include a write request (write command), a read request (read command), a copy request (copy command), and other various requests (commands). 

Regarding claim 4; Kanno discloses the device of claim 2, wherein the processing device is further configured to identify an input/output (I/O) submission queue based on communications between the host device and the storage device controller (para. [0126] the block address included in the write command is indicative of block BLK#0. The write operation control unit 21 writes the encrypted data in a page unit, in order of page 0, page 1, page 2, . . . page n, to the block BLK#0). 

Regarding claim 5; Kanno discloses the device of claim 1, wherein the processing device is further configured to:
receive a second request from the storage device controller through the communications circuit, the second request requesting third data be read from a second memory address of the host device (para. [0208] receives a read request to designate the first physical address from the host 2; para. [0209] the decrypted data is re-encrypted with a second encryption key selected from plural encryption keys … the re-encrypted data is written to the second physical storage location in the copy destination block);
identify a second key tag associated with the second request based on the second memory address (para. [0209] using a write request to designate a physical address indicative of a physical storage location to which data is to be written and a read request to designate a physical address indicative of a physical storage location where data to be read is stored)
store an association between the second key tag and a read tag of the second request (para. [0209] physical address included in the read request to read the data stored in the copy destination physical storage location becomes the same as the physical address (i.e., copy destination physical address) used to re-encrypt the data);
initiate transmission of the second request to the host device (para. [0062] fig, 2, host interface 11 is a host interface circuit configured to execute communication with the host 2).
receive a message from the host device, the message including the read tag and the third data (para. [0066] write command may further designate a region ID. More specifically, the controller 4 can manage plural regions obtained by logically dividing the NAND flash memory 5. Each of the regions may include several blocks. The region ID is an identifier which designates any region of the plural regions);
identify the second key tag based on the association between the second key tag and the read tag (para. [0066] one region may be allocated to each end user (tenant… each end user (tenant) may include a region ID indicative of a region used by the end user (tenant); para. [0119] encryption key management table 33A of the encryption key storage region 80 outputs the encryption key (KEY#x) corresponding to the region ID (ID#x));
identify a second key based on the second key tag (para. [0209] encrypted data is decrypted with the first encryption key and the copy source physical block (first physical address). In addition, the decrypted data is re-encrypted with a second encryption key selected from plural encryption keys); and
encrypt the third data based on the second key (para. [0209] encrypted data is decrypted with the first encryption key… the decrypted data is re-encrypted with a second encryption key selected from plural encryption keys)

Regarding claim 6; Kanno discloses the device of claim 1, wherein the processing device comprises one or more a field programmable gate array blocks, and wherein the communications circuit includes:
a first communications interface configured to communicate with the storage device controller (para. [0062] host interface 11 is a host interface circuit configured to execute communication with the host 2); and
a second communications interface configured to communicate with the host device (para. [0080] NAND interface 13 is a memory control circuit configured to control the NAND flash memory 5 under the control of the CPU 12);

Regarding claim 7; Kanno discloses the device of claim 1, further comprising a memory storing instructions, wherein the processing device corresponds to a central processor unit configured to execute the instructions (para. [0080] NAND interface 13 is a memory control circuit configured to control the NAND flash memory 5 under the control of the CPU 12).

Regarding claim 8; Kanno discloses the device of claim 1, further comprising a memory device storing a lookup table associating key tags to address ranges and storing a key table associating key tags to keys, wherein the processing device is configured to:
identify a key tag based on the memory address using the lookup table (para. [0088] lookup table (LUT) 2B manages mapping between each of tags (for example, logical addresses such as LBA) for identifying individual data and each of physical addresses indicative of individual physical storage locations in the flash storage device 3 (i.e., NAND flash memory 5); and
identify the key based on the key tag using the key table (para. [0088] lookup table (LUT) 2B manages mapping between each of tags (for example, logical addresses such as LBA) for identifying individual data).

Regarding claims 9-12 and 14; claims 9-12 and 14 are directed to a method which have similar scope as claims 1-4 and 5, respectively. Therefore, claims 9-12 and 14 remain un-patentable for the same reason.

Regarding claim 13; Kanno discloses the method of claim 12, further comprising setting a filter to identify I/O commands originating from the submission queue (para. [0127] write command designating the physical address (BLK#0, offset +4) and the length (=4) has been received from the host 2 in a state in which 16KB encrypted data have already been written to page 0 of block BLK#0. In this case, the write operation control unit 21 writes 16KB write data encrypted by the encryption circuit 15A to page 1 of block BLK#0).

Regarding claims 15-20; claims 15-20 are directed to a computer readable storage device which have similar scope as claims 9-14, respectively. Therefore, claims 15-20 remain un-patentable for the same reason.

Examiner’s remarks to overcome the rejection above
The Examiner encourage to contact the examiner to discuss any further question before responding to this Office Action to expedite prosecution.
Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2017/0220494 to Shacham-Shacham teaches the processor needs to write data from the memory to the storage device, the processor instructs the host controller to read unencrypted data from the memory via the memory controller. The host controller then configures a cryptographic engine to encrypt the unencrypted data into an encrypted data and write the encrypted data to the storage device. 
U.S. Pat. Number 8,165,301 to Bruce-Bruce teaches providing secured IO device and storage controller handshake protocol; IO device controlled cipher settings, and secured data storage and access in memory. An IO device requesting data transfer with encryption and/or decryption, requests session keys from the processor. The processor generates a fresh public-private key pair for the session. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708. The examiner can normally be reached M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/VU V TRAN/Primary Examiner, Art Unit 2491