DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on August 26, 2020, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on August 26, 2020, are accepted.

Specification
The specification, filed on August 26, 2020, is accepted.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 5, 7– 13 and 15 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210075607 A1 to Li in view of US 20170337390 A1 to Hamilton et al., (hereinafter, “Hamilton”).
Regarding claim 1, Li teaches a storage device, comprising: a first nonvolatile memory to which data can be written a plurality of times, the first nonvolatile memory configured to store first encryption key generation information; [Li, para. 24 discloses the processor chip 110 can comprise a central processing unit (CPU) 111 (or a microprocessor), a volatile memory 112, a flash memory 113, and a one-time programmable (OTP) memory 114, a graphic processing unit (GPU) 120, a key management device 170 and an encryption/decryption device 180. For example, the flash memory 113 can be a NAND flash memory. Para. 38 discloses When the user executes a key delete operation, the key management device 170 possibly deletes the key stored in the flash memory or the OTP memory; however, the key stored in the flash memory or the OTP memory may be unable to be actually deleted because of the setting of the lock bit.] a second nonvolatile memory that includes storage elements for which electrical characteristics can be changed only once, the second nonvolatile memory configured to store second encryption key generation information; [Li, para. 24 discloses the processor chip 110 can comprise a central processing unit (CPU) 111 (or a microprocessor), a volatile memory 112, a flash memory 113, and a one-time programmable (OTP) memory 114, a graphic processing unit (GPU) 120, a key management device 170 and an encryption/decryption device 180. The OTP memory 114, for example, can be referred as a programmable read-only memory (PROM), which can use a nonvolatile memory having a lock-bit register, for example, the nonvolatile memory can be implemented by a flash memory, an erasable programmable read-only (EPROM) memory or an electrically erasable programmable read-only (EEPROM) memory. Para. 38 discloses When the user executes a key delete operation, the key management device 170 possibly deletes the key stored in the flash memory or the OTP memory; however, the key stored in the flash memory or the OTP memory may be unable to be actually deleted because of the setting of the lock bit.] and a controller configured to: attempt an erase of the first encryption key generation information in the first nonvolatile memory when a host requests an encryption erase, [Li, para. 51 discloses when the user determines that a specific key stored in the key management device 170 is already no longer used for the user, the user can send a single-key erase or delete command and the be-to-erased key number, to the key management device 170 via the processor chip 110. After the key management device 170 determines that the key erase command is a valid command sent by the processor chip 110, the key management device 170 deletes the to-be-erased key from the corresponding storage space of the key database, and reports successful delete message to the processor chip 110] and erase the second encryption key generation information in the second nonvolatile memory if the attempt to erase first encryption key generation information fails [Li, para. 53 discloses when the key management device 170 determines that the to-be-erased key contained in the erase command is stored in the OTP memory, the key management device 170 is unable to modify or delete the data stored in the OTP memory. At this time, the key management device 170 can set the revoke attribute field of the metadata related to the key number 01 in the key lookup table of the register 174, to indicate that the key corresponding to the key number 01 is already revoked persistently and unable to be read or used. In this embodiment, besides the single-key erase or delete command, the user can send an all-key erase command to the key management device 170 upon requirement, via the processor chip 110, to control the key management device 170 to delete all keys, and all storage spaces other than the OTP memory are released to the initial states. In a condition of using the all-key erase command, the processor chip 110 does not need to send the key number to be erased], but Li does not teach a controller configured to: generate an encryption key using the first encryption key generation information and the second encryption key generation information in combination, encrypt data to be written to the first nonvolatile memory using the generated encryption key, decrypt data read from the first nonvolatile memory using the generated encryption key.
However, Hamilton does teach a controller configured to: generate an encryption key using the first encryption key generation information and the second encryption key generation information in combination, [Hamilton, para. 48 discloses The hardware embedded cryptographic driver 405 may drive operations of the encryption key derivation circuit 425. The encryption key derivation circuit 425 may implement a first key derivation function, KDF_Key1 to generate the first encryption key 436 (e.g., TEE_App_Key1). The encryption key derivation circuit 425 may have as its input 499, from the hardware embedded cryptographic driver, the application key label secret 411, the seed key 412, and the application key context secret 415. The application key context secret 415 input 492 to the encryption key derivation circuit 425 includes the FR value 417. The FR value 417 for the first encryption key 436 may be a previously stored FR value. The encryption key derivation circuit 425 may generate the first encryption key 436 according to equation (1) below: TEE_App_Key1=KDF_Key1(seed_key,context_a(FR_key),label_a) (1) In equation (1), FR_key refers to the previously stored FR value.] encrypt data to be written to the first nonvolatile memory using the generated encryption key, [Hamilton, para. 49 discloses The processor 230 may encrypt information (e.g., data and/or data files) with the first encryption key 436 prior to storage in the memory 240. The user data may be associated with the respective application. For example, user data for a credit card application may include a password, account information, user identification information, user operating preferences, etc. The user data is intended to be erased from the computing device 11 during the factory reset process but, as discussed above, all or a portion of the user data may persist on the computing device 11 despite the factory reset process. In an implementation, the processor 230 may encrypt information associated via the TEE 235 prior to passing the data and/or data files from the TEE 235 to the REE 237 for storage.] decrypt data read from the first nonvolatile memory using the generated encryption key. [Hamilton, para. 50 discloses The processor 230 may decrypt the stored information with the same key (e.g., TEE_App_Key1) used for encryption. Therefore, a change to the first encryption key 436 may disable decryption of the stored information. Because the first encryption key 436 is based on the FR value 417, encryption of data with the first encryption key 436 may render this data non-decryptable, and therefore inaccessible, once the previously stored FR value changes to a new FR value during the factory reset process. The encryption key derivation circuit 425 may generate the first encryption key 436 based on the previously stored FR value.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hamilton’s system with Li’s system, with a motivation to erase information (e.g., during overwriting portion of the factory reset process) such as stored security keys from the computing device 11 may be interrupted and/or may be incomplete. Additionally, the computing device 11 may be the object of the replay attack. Thus encryption keys may persist unintentionally on the computing device 11. Disabling decryption according to the disclosure may provide the advantage of eliminating a reliance on erasure of security keys to provide data security. Therefore, disabling decryption without reliance on erasure of stored user data and/or stored security keys may provide improved privacy and security for the stored user data. [Hamilton, para. 64]

As per claim 2, modified Li teaches the storage device according to claim 1, wherein the controller is configured to erase the second encryption key generation information in the second nonvolatile memory by changing the electrical characteristics of any storage elements of the second nonvolatile memory that have not been previously changed. [Li, para. 53 discloses when the key management device 170 determines that the to-be-erased key contained in the erase command is stored in the OTP memory, the key management device 170 is unable to modify or delete the data stored in the OTP memory. At this time, the key management device 170 can set the revoke attribute field of the metadata related to the key number 01 in the key lookup table of the register 174, to indicate that the key corresponding to the key number 01 is already revoked persistently and unable to be read or used.]

Regarding claim 3, modified Li teaches the storage device according to claim 1, but modified Li does not teach wherein, if the attempt to erase the first encryption key generation information in the first nonvolatile memory is successful, the controller is configured to: generate third encryption key generation information, store the generated third encryption key generation information in the first nonvolatile memory, and generate another encryption key using the third encryption key generation information and the second encryption key generation information in combination.  
However, Hamilton does teach wherein, if the attempt to erase the first encryption key generation information in the first nonvolatile memory is successful, the controller is configured to: generate third encryption key generation information, store the generated third encryption key generation information in the first nonvolatile memory, and generate another encryption key using the third encryption key generation information and the second encryption key generation information in combination. [Hamilton, para. 7 discloses The processor-readable instructions may be further configured to cause the processor to generate the previously stored factory reset value and the new factory reset value by a trusted execution environment (TEE) of the processor and store the previously stored factory reset value and the new factory reset value, by the TEE, in a secure portion of the memory. The information associated with the application may include user information and OEM information and the processor-readable instructions may be further configured to cause the processor to generate a third encryption key based on key material that excludes the previously stored factory reset value, encrypt the OEM information using the third encryption key, encrypt the user information using the first encryption key, and subsequent to the factory reset of the computing device, decrypt the OEM information using the third encryption key, attempt to decrypt the user information using the second encryption key, and generate an indication of non-decryptable user information in response to the attempt to decrypt the user information using the second encryption key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hamilton’s system with Li’s system, with a motivation to erase information (e.g., during overwriting portion of the factory reset process) such as stored security keys from the computing device 11 may be interrupted and/or may be incomplete. Additionally, the computing device 11 may be the object of the replay attack. Thus encryption keys may persist unintentionally on the computing device 11. Disabling decryption according to the disclosure may provide the advantage of eliminating a reliance on erasure of security keys to provide data security. Therefore, disabling decryption without reliance on erasure of stored user data and/or stored security keys may provide improved privacy and security for the stored user data. [Hamilton, para. 64]
 
As per claim 4, modified Li teaches the storage device according to claim 1, wherein the controller is further configured to notify the host of a successful attempt to erase the first encryption key generation information, a failed attempt to erase the first encryption key generation information, an erasing of the second encryption key generation information, or a failed erasing of the second encryption key generation information.  [Li, para. 51 discloses when the user determines that a specific key stored in the key management device 170 is already no longer used for the user, the user can send a single-key erase or delete command and the be-to-erased key number, to the key management device 170 via the processor chip 110. After the key management device 170 determines that the key erase command is a valid command sent by the processor chip 110, the key management device 170 deletes the to-be-erased key from the corresponding storage space of the key database, and reports successful delete message to the processor chip 110. Para. 53 discloses when the key management device 170 determines that the to-be-erased key contained in the erase command is stored in the OTP memory, the key management device 170 is unable to modify or delete the data stored in the OTP memory. At this time, the key management device 170 can set the revoke attribute field of the metadata related to the key number 01 in the key lookup table of the register 174, to indicate that the key corresponding to the key number 01 is already revoked persistently and unable to be read or used. In this embodiment, besides the single-key erase or delete command, the user can send an all-key erase command to the key management device 170 upon requirement, via the processor chip 110, to control the key management device 170 to delete all keys, and all storage spaces other than the OTP memory are released to the initial states. In a condition of using the all-key erase command, the processor chip 110 does not need to send the key number to be erased]

As per claim 5, modified Li teaches the storage device according to claim 1, wherein first nonvolatile memory is NAND flash memory. [Li, para. 24 discloses the processor chip 110 can comprise a central processing unit (CPU) 111 (or a microprocessor), a volatile memory 112, a flash memory 113, and a one-time programmable (OTP) memory 114, a graphic processing unit (GPU) 120, a key management device 170 and an encryption/decryption device 180. For example, the flash memory 113 can be a NAND flash memory. Para. 38 discloses When the user executes a key delete operation, the key management device 170 possibly deletes the key stored in the flash memory or the OTP memory; however, the key stored in the flash memory or the OTP memory may be unable to be actually deleted because of the setting of the lock bit.]   

As per claim 7, modified Li teaches the storage device according to claim 1, wherein the second nonvolatile memory is a one-time programmable (OTP) memory. [Li, para. 24 discloses the processor chip 110 can comprise a central processing unit (CPU) 111 (or a microprocessor), a volatile memory 112, a flash memory 113, and a one-time programmable (OTP) memory 114, a graphic processing unit (GPU) 120, a key management device 170 and an encryption/decryption device 180. The OTP memory 114, for example, can be referred as a programmable read-only memory (PROM), which can use a nonvolatile memory having a lock-bit register, for example, the nonvolatile memory can be implemented by a flash memory, an erasable programmable read-only (EPROM) memory or an electrically erasable programmable read-only (EEPROM) memory.]

As per claim 8, modified Li teaches the storage device according to claim 1, wherein the controller is further configured to: erase the second encryption key generation information from the second nonvolatile without first attempting to erase the first encryption key generation information from the first nonvolatile memory if the host requests an erase of the second encryption key generation information. [Li, para. 53 discloses when the key management device 170 determines that the to-be-erased key contained in the erase command is stored in the OTP memory, the key management device 170 is unable to modify or delete the data stored in the OTP memory. At this time, the key management device 170 can set the revoke attribute field of the metadata related to the key number 01 in the key lookup table of the register 174, to indicate that the key corresponding to the key number 01 is already revoked persistently and unable to be read or used. In this embodiment, besides the single-key erase or delete command, the user can send an all-key erase command to the key management device 170 upon requirement, via the processor chip 110, to control the key management device 170 to delete all keys, and all storage spaces other than the OTP memory are released to the initial states. In a condition of using the all-key erase command, the processor chip 110 does not need to send the key number to be erased]

Regarding claim 9 – 13, they recite feature as similar to feature within claim 1 – 5, therefore, they are rejected in a similar manner.

Regarding claim 15 – 16, they recite feature as similar to feature within claim 7 – 8, therefore, they are rejected in a similar manner

Regarding claim 17 – 18, they recite feature as similar to feature within claim 1 – 2, therefore, they are rejected in a similar manner.

Regarding claim 19, it recites feature as similar to feature within claim 5, therefore, it is rejected in a similar manner

Claims 6, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210075607 A1 to Li in view of US 20170337390 A1 to Hamilton et al., (hereinafter, “Hamilton”) in further view of US 20190294826 A1 to Obara.
Regarding claim 6, modified Li teaches the storage device according to claim 1, but modified Li does not teach wherein the storage elements of the second nonvolatile memory are electronic fuses.  
	However, Obara does teach wherein the storage elements of the second nonvolatile memory are electronic fuses. [Obara, para. 39 discloses the second storage unit 25 is a nonvolatile memory that stores scramble key information (third key information) for encrypting the Key and the KEK. It is sufficient for the second storage unit 25 to have a small memory capacity capable of storing scramble key information, so that, for example, an eFuse is used for the second storage unit 25.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Obara’s system with modified Li’s system, with a motivation to supply the power supply voltage to the logic circuit used for the second storage unit 25 even when the power supply voltage to the ECU 3 is interrupted. The logic circuit may receive voltage supply from a dedicated battery. Since the security performance is weak when the second storage unit 25 is configured only with the eFuse, scramble key information may be generated by combining the value by the eFuse and the value by the logic circuit.. [Obara, 39]

Regarding claim 14 and 20, they recite feature as similar to feature within claim 6, therefore, it is rejected in a similar manner.

Conclusion
Pertinent prior art made of record however not relied upon includes:
US 20150365232 A1 to Yang et al. teaches:
“Methods, systems, and products for providing verification code recovery and remote authentication for a plurality of devices configured for electronic communication with a server. Specifically, in the methods, systems, and products, the user entrusts information about the user's verification code to the service provider, and only with cooperation between the user and the service provider can a lost verification code be recovered. The service provider can further authenticate the user before cooperating in the recovery process by way of a time-sensitive authentication sequence that involves the user device.”
US 20120093318A1 to Obukhov teaches:
“Techniques for encryption key destruction for secure data erasure via an external interface or physical key removal are described. Electrical destruction of key material retained in a memory of a storage device renders the device securely erased, even when the device is otherwise inoperable. The memory (e.g. non-volatile, such as flash) stores key material for encrypting/decrypting storage data for the device. An eraser provides power and commands to the memory, even when all or any portion of the device is inoperable. The commands (e.g. erase or write) enable zeroizing or destroying the key material, rendering data encrypted with the destroyed key material inaccessible, and therefore securely erased. Alternatively, the memory is a removable component (e.g. an external security device or smartcard) coupled to the device during storage operation. Removing and physically destroying the memory renders the device securely erased. The device and/or the memory are sealed to enable tamper detection.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434