DETAILED ACTION
Claims 1-20 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 5, 8, 13 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. While the prior art teaches setting up secure communications between a central server and hosts/components, a further challenge response is initiated by the central server after one has already been initiated by the host and the subsystem.

Examiner Note
The instant specification describes the various “system” to be either housed in a chassis or include a chassis which indicates that they are hardware. See [0030]-[0031] of instant application. Furthermore, the processing system and NVMe subsystems are described to include processors and memories. See id.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 6, 7, 9, 10-12, 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Neve et al. (CN-103946806-A) [hereinafter “Neve”] in view of Baldini et al. (EP-2911335-A1) [hereinafter “Baldini”].

As per claim 1, Neve teaches a Non-Volatile Memory express (NVMe) over Fabrics (NVMe-oF) authentication system, comprising: a Non-Volatile Memory express (NVMe) host device ([0010], host coupled to SSD memory); an NVMe subsystem that is coupled to the NVMe host device ([0010], SSD coupled to the host device via a memory controller) and that is configured to: transmit a first challenge to the NVMe host device ([0009], authenticating a host using a challenge response protocol); receive, in response to the first challenge, a first challenge reply from the NVME host device ([0009], response is part of the protocol) that includes a first response using a first instance of a first secret that is stored in the NVMe host device ([0068] and [0071], challenge response protocol involves the encryption of a random number); and verify the first response using a second instance of the first secret ([0071]-[0072], verification involves decryption/encryption of random number using either public/private key or symmetric keys).
Neve does not explicitly teach generate a first authentication verification request communication that includes a first response that was provided in the first challenge reply by the component using a first instance of a first secret that is stored in the component; and transmit the first authentication verification request communication; and an authentication verification entity that is coupled to the subsystem, wherein the authentication verification entity is configured to: receive the first authentication verification request communication from the subsystem; verify the first response using a second instance of the first secret that is stored in the authentication verification entity; and transmit, in response to verifying the first response, a first authentication verification response communication to the subsystem. Baldini teaches generate a first authentication verification request communication that includes a first response that was provided in the first challenge reply by the component using a first instance of a first secret that is stored in the component (Examiner Note: PUF result is verifiable like random number in Neve) ([0039], SDR reader sends challenge to the PUF and then takes the responses and sends them to the central server for authentication); and transmit the first authentication verification request communication ([0039], sending response to central server for authentication); and an authentication verification entity that is coupled to the subsystem, wherein the authentication verification entity is configured to: receive the first authentication verification request communication from the subsystem ([0039], central server receives the challenge responses and verifies with copies of PUF); verify the first response using a second instance of the first secret that is stored in the authentication verification entity ([0039], verifying with copies of PUF); and transmit, in response to verifying the first response, a first authentication verification response communication to the subsystem ([0017], after authentication by central server, there will be notification of evaluation provided).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Neve with the teachings of Baldini, a first authentication verification request communication that includes a first response that was provided in the first challenge reply by the component using a first instance of a first secret that is stored in the component; and transmit the first authentication verification request communication; and an authentication verification entity that is coupled to the subsystem, wherein the authentication verification entity is configured to: receive the first authentication verification request communication from the subsystem; verify the first response using a second instance of the first secret that is stored in the authentication verification entity; and transmit, in response to verifying the first response, a first authentication verification response communication to the subsystem, to centralize the authentication process and the key and secret material which makes updating and securing them easier.

As per claim 2, the combination of Neve and Baldini teaches the system of claim 1, wherein the NVMe host device is configured to: transmit a second challenge to the NVMe subsystem (Neve; [0068], challenge sent to SSD from host using challenge response protocol for mutual authentication); receive, in response to the second challenge, a second challenge reply from the NVME subsystem (Neve; [0068], response is a part of the protocol); generate a second authentication verification request communication that includes a second response that was provided in the second challenge reply by the NVMe subsystem using a first instance of a second secret that is stored in the NVMe subsystem (Baldini; [0039], SDR reader sends challenge to the PUF and then takes the responses and sends them to the central server for authentication); and transmit the second authentication verification request communication (Baldini; [0039], sending response to central server for authentication), and wherein the authentication verification entity is coupled to the NVMe host device and is configured to: receive the second authentication verification request communication from the NVMe host device (Baldini; [0039], central server receives the challenge responses and verifies with copies of PUF); verify the second response using a second instance of the second secret that is stored in the authentication verification entity (Baldini; [0039], verifying with copies of PUF); and transmit, in response to verifying the second response, a second authentication verification response communication to the NVMe host device (Baldini; [0017], after authentication by central server, there will be notification of evaluation provided).

As per claim 3, the combination of Neve and Baldini teaches the system of claim 1, wherein the NVMe subsystem is configured to: receive the first authentication verification response communication from the authentication verification entity (Baldini; [0017], after authentication by central server, there will be notification of evaluation provided); and enable, in response to receiving the first authentication verification response communication, storage operations by the NVMe host device via a communication channel with the NVMe host device (Neve; [0010], after pairing allowing use of SSD for storage).

As per claim 4, the combination of Neve and Baldini teaches the system of claim 1, wherein the NVMe subsystem is configured, prior to transmitting the first authentication verification request communication, to: authenticate, using an authentication verification entity identifier and an authentication verification entity public key, the authentication verification entity (Baldini; [0041], setting up a secure channel between component and central server using public/private key and certificates, i.e. identifier); and establish, in response to authenticating the authentication verification entity, a secure communication channel with the authentication verification entity (Baldini; [0041], secure channel established based on SSL and PKI standard).

As per claim 6, the combination of Neve and Baldini teaches the system of claim 1, wherein the NVMe subsystem is configured, prior to transmitting the first authentication verification request communication, to: perform mutual authentication operations, using an authentication verification entity/NVMe subsystem shared secret, with the authentication verification entity (Baldini; [0041], SSL secure channel involves a shared secret between two entities, i.e. central server and hardware component/host); and establish, in response to performing mutual authentication operations with the authentication verification entity, a secure communication channel with the authentication verification entity (Baldini; [0041], secure channel established based on SSL and PKI standard).

As per claim 7, the combination of Neve and Baldini teaches the system of claim 1, wherein the NVMe host device is configured to: authenticate, using an authentication verification entity identifier and an authentication verification entity public key, the authentication verification entity (Baldini; [0041], setting up a secure channel between component and central server using public/private key and certificates, i.e. identifier); and establish, in response to authenticating the authentication verification entity, a secure communication channel with the authentication verification entity (Baldini; [0041], secure channel established based on SSL and PKI standard).

As per claim 9, the combination of Neve and Baldini teaches the system of claim 1, wherein the NVMe host device is configured to: perform mutual authentication operations, using an authentication verification entity/NVMe host device shared secret, with the authentication verification entity (Baldini; [0041], SSL secure channel involves a shared secret between two entities, i.e. central server and hardware component/host); and establish, in response to performing mutual authentication operations with the authentication verification entity, a secure communication channel with the authentication verification entity (Baldini; [0041], secure channel established based on SSL and PKI standard).

As per claim 10, the substance of the claimed invention is identical to that of claim 1. Accordingly, this claim is rejected under the same rationale.

As per claim 11, the substance of the claimed invention is identical to that of claim 2. Accordingly, this claim is rejected under the same rationale.

As per claim 12, the substance of the claimed invention is identical to that of claim 4. Accordingly, this claim is rejected under the same rationale.

As per claim 14, the substance of the claimed invention is identical to that of claim 6. Accordingly, this claim is rejected under the same rationale.

As per claim 15, the substance of the claimed invention is identical to that of claim 1. Accordingly, this claim is rejected under the same rationale.

As per claim 16, the substance of the claimed invention is identical to that of claim 2. Accordingly, this claim is rejected under the same rationale.

As per claim 17, the combination of Neve and Baldini teaches the method of claim 16, wherein the first authentication verification response communication (Baldini; [0017], after authentication by central server, there will be notification of evaluation provided) and the second authentication verification response communication indicate to the NVMe subsystem and the NVMe host device to continue communications (Neve; [0010], after pairing allowing use of SSD for storage communications).

As per claim 18, the substance of the claimed invention is identical to that of claim 4. Accordingly, this claim is rejected under the same rationale.

As per claim 20, the substance of the claimed invention is identical to that of claim 6. Accordingly, this claim is rejected under the same rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Suresh et al. (US PGPUB No. 2020/0403813), Schoinianakis et al. (WO-2020078591-A1), Razi et al. (WO-2018183926-A1), Khatib Zadeh et al. (US PGPUB No. 2019/0042480), Grady et al. (US PGPUB No. 2007/0086724), Kang et al. (CN-103597496-A), Lerner (WO-2014201059-A1), Jean-Luc Claude et al. (GB-2588647-A), Kumar et al. ("PHAP: Password based Hardware Authentication using PUFs," 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops, 2012, pp. 24-31, doi: 10.1109/MICROW.2012.14), IEEE ("IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices," in IEEE Std 1667-2018 (Revision of IEEE Std 1667-2015) , vol., no., pp.1-226, 2 Oct. 2018, doi: 10.1109/IEEESTD.2018.8479380) and Desuert et al. ("PUF-Based Protocol for Securing Constrained Devices," 2021 17th International Conference on Intelligent Environments (IE), 2021, pp. 1-8, doi: 10.1109/IE51775.2021.9486492) all describe the use of challenge-response protocols to authenticate various hardware components on a host including NVM and SSD memory.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        June 1, 2022