DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 05/24/2022 has been received and considered.
Claims 1-13 are pending.
This action is Final.
Response to Arguments
2.	Applicant's arguments filed 05/24/2022 have been fully considered but they are not persuasive. 
Applicant argues that regarding independent claim 1, Kim in view of Kelner fails to teach “write the encrypted data to the nonvolatile memory together with the first address”
	With respect to this argument, as disclosed below, Kim in paragraph [0054] discloses processing a write command including write data and a corresponding address. In paragraph [0064]-[0065], the encryption module generates an initial key value by combining a physical page address and UID information. The initial key value (encrypted data) is generated as bit map information that is used in differentiating physical page addresses. In paragraph [0191]-[0195], data is encrypted and written to the physical storage region using a private key generated from the initial key value which includes physical unique identification (PUID) information. Therefore, the encrypted data written to the flash memory device includes the first address because the initial key value is generated in combining the physical page address and the UID information. 
Applicant further argues that regarding independent claim 1, Kim in view of Kelner fails to teach “receiving from a host a read request that designates a physical address”
With respect to this argument, as disclosed below, Kim in paragraph [0054] a read command is processed using a logical address from the host converted into a physical page address. In paragraph [0219]-[0220], data is read from the physical page address and decrypted using the private key.
Applicant further argues that regarding independent claim 1, Kim in view of Kelner fails to teach “read both the encrypted data and the first address from the nonvolatile memory”
With respect to this argument, as disclosed below, Kim in paragraph [0108]-[0109] discloses generating an initial key value using physical unique identification (PUID) information read from the memory device which includes physical page address information. In paragraph [0219]-[0220], data is read from the physical page address and decrypted using the private key. Furthermore, Kelner in paragraph [0049] discloses retrieving zero data from the unmapped area of the non-volatile memory and decrypt the zero data with a decryption key, and/or direct the zero data along the protected data path identified by a DPP key (first address), found in the memory and transmit the zero data out to the host.
Therefore, Kim in view of Kelner teaches the claimed limitations of amended claim 1 and thereby the dependent claims. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



3.	Claims 1-13 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2014/0032935 A1 to Kim, (hereinafter, “Kim”) in view of US Pub. No. US 2017/0090815 A1 to Kelner, (hereinafter, “Kelner”).

As per claims 1 and 9, Kim teaches a memory system connectable to a host, comprising: 
a controller electrically connected to the nonvolatile memory (Kim, para. [0048] “The memory controller 100 includes a processor 110, an encryption module 120, a random access memory (RAM) 130, a host interface 140, a memory interface 150, and a bus 160.” And para.[0049] “The memory controller 100 controls the memory system 1000A in order to execute (or perform) selected erase, write, and/or read operation(s) with respect to the memory device 200 and in response to command(s) received from a host.” And para. [0084] “The control circuit 30 generates various voltages required to perform a program, read, and/or erase operation(s) and controls all operations of the flash memory chip 201-1.”) and configured to: 
in response to receiving from the host a write request that designates a first address for identifying data to be written (Kim, para. [0095] “A logical address in which the user data is to be stored is allocated to the file system layer 102 in response to the command transferred from the application layer 101. The file system layer 102 includes a file allocation table (FAT) file system, an NTFS, or the like.” And para. [0096] “On the FTL 103, an operation of converting the logical address transferred from the file system layer 102 into a PPA for performing a read/write operation from/in the flash memory chip is performed. On the FTL 103, the logical address may be converted into the PPA using mapping information included in meta data. The address converting operation on the FTL 103 may be performed by the processor 110 of the memory controller 100.” And para. [0097] “On the flash memory layer 104, control signals for storing or reading data in or from the flash memory chip are generated by accessing the PPA that is converted from the logical address.” And para. [0190] “A private key may be generated from the initial key value using the hash function operational unit 122-1 and the pseudo random number generator 122-2 that are described with reference to FIG. 10.”),
encrypt the data with the first address and a first encryption key, and write the encrypted data to the nonvolatile memory together with the first address (Kim, para. [0054] “The processor 110 provides a read command and corresponding address to the memory device 200 during a read operation, and the processor 110 provides a write command, write data, and corresponding address to the memory device 200 during a write operation.” And para. [0064] “The encryption module 120 may generate an initial key value by combining information related to at least one PPA of the memory device 200 in which data is to be stored and the UID information of the memory device 200.” And para. [0065] “For example, the encryption module 120 may generate an initial key value as bit map information that is used in differentiating PPAs in which data is to be stored and PPAs in which data is not to be stored from among PPAs included in a memory chip in which data is to be stored in the memory device 200.” And para.[0191] “Then, the encryption processing unit 123 encrypts data to be stored in the physical storage area 200A of the memory system using the private key that is generated from the initial key value. Encrypted data is written into the physical storage region 200A of the memory system.” And para. [0193] “First, the memory controller 100 generates a private key using physical unique identification (PUID) information of a memory device 200 or 200' in which data is to be stored (S110).” And para. [0194] “Next, the memory controller 100 encrypts data to be stored in the memory device 200 or 200' using the private key (S120). For example, an encryption algorithm, such as an AES algorithm, may be used in performing encryption.” And para. [0195] “Next, the memory controller 100 controls the memory system 1000A or 1000B to write encrypted data in a PPA of the memory device 200 or 200' (S130). Here, the PPA where the write operation is performed corresponds to a PPA that is converted from a logical address where the write operation is required to be performed using an FTL.”); and 
in response to receiving from the host a read request that designates a physical address indicative of a physical storage location of the nonvolatile memory in which the encrypted data is stored, read both the encrypted data and the first address from the nonvolatile memory, on the basis of the physical address, and decrypt the read encrypted data with the first encryption key and the read first address (Kim, para. [0216] “If the read operation is generated (S410=YES), the memory controller 100 converts a logical address LBA where the read operation is required to be performed into a PPA. As described above, the logical address LBA may be converted into the PPA using an FTL (S420).” And para. [0219] “Then, the memory controller 100 reads data from the PPA of the memory device 200 or 200' as converted (S450).” And para. [0220] “Next, the memory controller 100 decrypts the data that is read from the memory device 200 or 200' using the private key (S460).”).
Kim teaches all the limitations of claims 1 and 9 above, however fails to explicitly teach but Kelner teaches:
a nonvolatile memory including a plurality of blocks (Kelner, para. [0044] “The non-volatile flash memory array 142 in the non-volatile memory 104 may be arranged in blocks of memory cells. A block of memory cells is the unit of erase, i.e., the smallest number of memory cells that are physically erasable together. For increased parallelism, however, the blocks may be operated in larger metablock units. One block from each of at least two planes of memory cells may be logically linked together to form a metablock. Referring to FIG. 4, a conceptual illustration of a representative flash memory cell array is shown. Four planes or sub-arrays 400, 402, 404 and 406 of memory cells may be on a single integrated memory cell chip, on two chips (two of the planes on each chip) or on four separate chips. The specific arrangement is not important to the discussion below and other numbers of planes may exist in a system. The planes are individually divided into blocks of memory cells shown in FIG. 4 by rectangles, such as blocks 408, 410, 412 and 414, located in respective planes 400, 402, 404 and 406. There may be dozens or hundreds of blocks in each plane.”);
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kelner’s blocks in a non-volatile memory system into Kim’s memory system and encryption method, with a motivation to protect the data path used for information stored in the non-volatile memory (Kelner, para. [0034]). 

As per claims 2 and 10, the combination of Kim and Kelner teach the memory system of Claim 1 and the memory system of Claim 9, respectively, wherein each of the write request and the read request further designates an identifier indicative of one of a plurality of regions obtained by logically dividing the nonvolatile memory (Kelner, para. [0044] “The non-volatile flash memory array 142 in the non-volatile memory 104 may be arranged in blocks of memory cells. A block of memory cells is the unit of erase, i.e., the smallest number of memory cells that are physically erasable together. For increased parallelism, however, the blocks may be operated in larger metablock units. One block from each of at least two planes of memory cells may be logically linked together to form a metablock. Referring to FIG. 4, a conceptual illustration of a representative flash memory cell array is shown. Four planes or sub-arrays 400, 402, 404 and 406 of memory cells may be on a single integrated memory cell chip, on two chips (two of the planes on each chip) or on four separate chips. The specific arrangement is not important to the discussion below and other numbers of planes may exist in a system. The planes are individually divided into blocks of memory cells shown in FIG. 4 by rectangles, such as blocks 408, 410, 412 and 414, located in respective planes 400, 402, 404 and 406. There may be dozens or hundreds of blocks in each plane.”), and the controller is configured to: 
manage correspondence between a plurality of encryption keys and the plurality of regions (Kelner, para. [0034] “Referring again to modules of the controller 102, a buffer manager/bus controller 114 manages buffers in random access memory (RAM) 116 and controls the internal bus arbitration of controller 102. A read only memory (ROM) 118 stores system boot code. Although illustrated in FIG. 2A as located separately from the controller 102, in other embodiments one or both of the RAM 116 and ROM 118 may be located within the controller 102. In yet other embodiments, portions of RAM 116 and ROM 118 may be located both within the controller 102 and outside the controller. Further, in some implementations, the controller 102, RAM 116, and ROM 118 may be located on separate semiconductor die. In one embodiment, the memory system 100 may be a protected memory having either all data encrypted using one or more encryption keys, or may be a protected data path device where data stored in the non-volatile memory includes storing the data together with its respective LBA information in the non-volatile memory to permit data path protection (DPP) for that data. The encryption key information may be kept in a key table 117 in the RAM 116 and may be indexed by LBA or LBA range such that different keys are associated with different LBA ranges. The DMA module 113 may retrieve the necessary keys for use in encrypting or protecting the data path used for information stored in the non-volatile memory 104.”); 
when receiving the write request, select an encryption key associated with a region indicated by the identifier designated by the write request, as the first encryption key (Kim, para. [0191] “Then, the encryption processing unit 123 encrypts data to be stored in the physical storage area 200A of the memory system using the private key that is generated from the initial key value. Encrypted data is written into the physical storage region 200A of the memory system.” And para. [0193] “First, the memory controller 100 generates a private key using physical unique identification (PUID) information of a memory device 200 or 200' in which data is to be stored (S110).” And para. [0194] “Next, the memory controller 100 encrypts data to be stored in the memory device 200 or 200' using the private key (S120). For example, an encryption algorithm, such as an AES algorithm, may be used in performing encryption.” And para. [0195] “Next, the memory controller 100 controls the memory system 1000A or 1000B to write encrypted data in a PPA of the memory device 200 or 200' (S130). Here, the PPA where the write operation is performed corresponds to a PPA that is converted from a logical address where the write operation is required to be performed using an FTL.”); and 
when receiving the read request, select an encryption key associated with the region indicated by the identifier designated by the road request, as the first encryption key (Kim, para. [0216] “If the read operation is generated (S410=YES), the memory controller 100 converts a logical address LBA where the read operation is required to be performed into a PPA. As described above, the logical address LBA may be converted into the PPA using an FTL (S420).” And para. [0219] “Then, the memory controller 100 reads data from the PPA of the memory device 200 or 200' as converted (S450).” And para. [0220] “Next, the memory controller 100 decrypts the data that is read from the memory device 200 or 200' using the private key (S460).”).

As per claims 3 and 11, the combination of Kim and Kelner teach the memory system of Claim 1 and the memory system of Claim 9, respectively, wherein the write request further designates a block address of one block in which the encrypted data is to be written (Kelner, para. [0045] “The individual blocks are in turn divided for operational purposes into pages of memory cells, as illustrated in FIG. 4…As used herein, a logical block is a virtual unit of address space defined to have the same size as a physical block. Each logical block may include a range of logical block addresses (LBAs) that are associated with data received from a host. The LBAs are then mapped to one or more physical blocks in the non-volatile memory system 100 where the data is physically stored.” And Kim, para. [0050] “The memory controller 100 controls the memory device 200 to encrypt data using information related to a physical page address (PPA) of the memory device 200 and to write the resulting encrypted data to the physical page address (PPA) corresponding to a logical address at which data is to be stored.”), and 
the physical address designated by the read request includes the block address of the one block and an in-block physical address indicative of a location in the one block where the encrypted data is stored (Kelner, para. [0046] “The example of FIG. 6 assumes a non-volatile memory system 100 having encryption and/or data path protection mechanisms that require retrieval of data from the non-volatile memory and does not permit bypassing retrieval from the non-volatile memory 104. When a read command is received at the non-volatile memory system 100 (at 602), the controller 102 may determine if the logical address that is included in the read command has valid data associated with it in the non-volatile memory (at 604). In one implementation, this determination is made by the controller reading a logical-to-physical mapping table 115, such as group address table (GAT), that is stored in the non-volatile memory 104 and/or copied into RAM 116 or other volatile memory in the memory system 100. If the mapping table 115 includes a physical address that is associated with the requested logical address, then the controller 102 may retrieve the data from the designated physical address and process the data through the decryption or protected data path 306 used by the memory system (at 604, 606).”), and the controller is configured to: 
manage correspondence between a plurality of encryption keys and the plurality of regions obtained by logically dividing the nonvolatile memory (Kelner, para. [0034] “Referring again to modules of the controller 102, a buffer manager/bus controller 114 manages buffers in random access memory (RAM) 116 and controls the internal bus arbitration of controller 102. A read only memory (ROM) 118 stores system boot code. Although illustrated in FIG. 2A as located separately from the controller 102, in other embodiments one or both of the RAM 116 and ROM 118 may be located within the controller 102. In yet other embodiments, portions of RAM 116 and ROM 118 may be located both within the controller 102 and outside the controller. Further, in some implementations, the controller 102, RAM 116, and ROM 118 may be located on separate semiconductor die. In one embodiment, the memory system 100 may be a protected memory having either all data encrypted using one or more encryption keys, or may be a protected data path device where data stored in the non-volatile memory includes storing the data together with its respective LBA information in the non-volatile memory to permit data path protection (DPP) for that data. The encryption key information may be kept in a key table 117 in the RAM 116 and may be indexed by LBA or LBA range such that different keys are associated with different LBA ranges. The DMA module 113 may retrieve the necessary keys for use in encrypting or protecting the data path used for information stored in the non-volatile memory 104.”);
when receiving the write request, select an encryption key associated with a region to which the one block belongs, as the first encryption key, on the basis of the block address designated by the write request (Kim para. [0050] “The memory controller 100 controls the memory device 200 to encrypt data using information related to a physical page address (PPA) of the memory device 200 and to write the resulting encrypted data to the physical page address (PPA) corresponding to a logical address at which data is to be stored.” And para. [0063] “The encryption module 120 may generate an initial key value using at least a portion of at least one PPA of the memory device 200 in which data is to be stored, and may generate a private key having an initially set size based on the initial key value, and may encrypt the data using the generated private key.”); and 
when receiving the read request, select an encryption key associated with the region to which the one block belongs, as the first encryption key, on the basis of the block address in the physical address designated by the read request (Kim, para. [0216] “If the read operation is generated (S410=YES), the memory controller 100 converts a logical address LBA where the read operation is required to be performed into a PPA. As described above, the logical address LBA may be converted into the PPA using an FTL (S420).” And para. [0219] “Then, the memory controller 100 reads data from the PPA of the memory device 200 or 200' as converted (S450).” And para. [0220] “Next, the memory controller 100 decrypts the data that is read from the memory device 200 or 200' using the private key (S460).”).

As per claims 4 and 12, the combination of Kim and Kelner teach the memory system of Claim 1 and the memory system of Claim 9, respectively, wherein the write request further designates a block address of one block in which the encrypted data is to be written (Kelner, para. [0045] “The individual blocks are in turn divided for operational purposes into pages of memory cells, as illustrated in FIG. 4…As used herein, a logical block is a virtual unit of address space defined to have the same size as a physical block. Each logical block may include a range of logical block addresses (LBAs) that are associated with data received from a host. The LBAs are then mapped to one or more physical blocks in the non-volatile memory system 100 where the data is physically stored.” And Kim, para. [0050] “The memory controller 100 controls the memory device 200 to encrypt data using information related to a physical page address (PPA) of the memory device 200 and to write the resulting encrypted data to the physical page address (PPA) corresponding to a logical address at which data is to be stored.”), and the physical address designated by the read request includes the block address of the one block and an in-block physical address indicative of a location in the one block where the encrypted data is stored (Kelner, para. [0046] “The example of FIG. 6 assumes a non-volatile memory system 100 having encryption and/or data path protection mechanisms that require retrieval of data from the non-volatile memory and does not permit bypassing retrieval from the non-volatile memory 104. When a read command is received at the non-volatile memory system 100 (at 602), the controller 102 may determine if the logical address that is included in the read command has valid data associated with it in the non-volatile memory (at 604). In one implementation, this determination is made by the controller reading a logical-to-physical mapping table 115, such as group address table (GAT), that is stored in the non-volatile memory 104 and/or copied into RAM 116 or other volatile memory in the memory system 100. If the mapping table 115 includes a physical address that is associated with the requested logical address, then the controller 102 may retrieve the data from the designated physical address and process the data through the decryption or protected data path 306 used by the memory system (at 604, 606).”), and the controller is configured to: 
manage correspondence between the plurality of blocks and a plurality of encryption keys (Kelner, para. [0034] “Referring again to modules of the controller 102, a buffer manager/bus controller 114 manages buffers in random access memory (RAM) 116 and controls the internal bus arbitration of controller 102. A read only memory (ROM) 118 stores system boot code. Although illustrated in FIG. 2A as located separately from the controller 102, in other embodiments one or both of the RAM 116 and ROM 118 may be located within the controller 102. In yet other embodiments, portions of RAM 116 and ROM 118 may be located both within the controller 102 and outside the controller. Further, in some implementations, the controller 102, RAM 116, and ROM 118 may be located on separate semiconductor die. In one embodiment, the memory system 100 may be a protected memory having either all data encrypted using one or more encryption keys, or may be a protected data path device where data stored in the non-volatile memory includes storing the data together with its respective LBA information in the non-volatile memory to permit data path protection (DPP) for that data. The encryption key information may be kept in a key table 117 in the RAM 116 and may be indexed by LBA or LBA range such that different keys are associated with different LBA ranges. The DMA module 113 may retrieve the necessary keys for use in encrypting or protecting the data path used for information stored in the non-volatile memory 104.”);
when receiving the write request, select an encryption key associated with a region to which the block belongs, as the first encryption key, on the basis of the block address designated by the write request (Kim para. [0050] “The memory controller 100 controls the memory device 200 to encrypt data using information related to a physical page address (PPA) of the memory device 200 and to write the resulting encrypted data to the physical page address (PPA) corresponding to a logical address at which data is to be stored.” And para. [0063] “The encryption module 120 may generate an initial key value using at least a portion of at least one PPA of the memory device 200 in which data is to be stored, and may generate a private key having an initially set size based on the initial key value, and may encrypt the data using the generated private key.”); and 
when receiving the read request, select an encryption key associated with the region to which the one block belongs, as the first encryption key, on the basis of the block address in the physical address designated by the read request (Kim, para. [0216] “If the read operation is generated (S410=YES), the memory controller 100 converts a logical address LBA where the read operation is required to be performed into a PPA. As described above, the logical address LBA may be converted into the PPA using an FTL (S420).” And para. [0219] “Then, the memory controller 100 reads data from the PPA of the memory device 200 or 200' as converted (S450).” And para. [0220] “Next, the memory controller 100 decrypts the data that is read from the memory device 200 or 200' using the private key (S460).”).
As per claim 5, the combination of Kim and Kelner teach the memory system of Claim 1, wherein the controller is configured to write the first address in plain text to the nonvolatile memory (Kelner, para. [0048] “the zero indicator may trigger the zero read module 112 to look for the physical location of the previously generated zero data entry in the zero entry table 119. The previously generated zero data entry may then be read from the unmapped area 157 in the non-volatile memory array 142 of the non-volatile memory 104 at the physical address of the zero data identified in the zero entry table 119 (at 610). The retrieved zero entry may then be decrypted and/or routed along the predetermined protected data path and returned to the host (at 614). Alternatively, if no zero entry blocks exist, in this embodiment if no zero data indicator is found in the mapping entry of the logical-to-physical mapping table 115, then the zero read module generates a zero data entry and stores the newly generated zero data entry in the unmapped region of the non-volatile memory array 142 in the non-volatile memory 104 (at 608, 612). The zero read module 112 then reads the zero data back from the non-volatile memory array 142 and returns the data to the host through the read path and/or decryption operation (at 610, 614).” And para. [0051] “The mapping table 115 may include a table of LBAs and any associated physical block address or zero data indicator 704 for those LBAs that are mapped to a physical block address or that include previously generated zero data in the unmapped area 157 of the non-volatile memory array 142. Other data structure configurations and additional data types are contemplated for the mapping table 115 in alternative embodiments. As noted above, the zero data indicator 704 may be the same flag or bit for those LBAs 702 that have previously generated zero data in the unmapped area 157 of the non-volatile memory array 142. The presence of the zero data indicator 704 may trigger the controller 102 to automatically parse the zero entry table to find a physical address in the unmapped area 157 containing a previously generated zero data entry for the host-requested LBA.”).

As per claim 6, the combination of Kim and Kelner teach the memory system of Claim 1, wherein the controller is configured to encrypt the first address with a specific encryption key which is different from the first encryption key and which is used commonly for encryption and decryption of all addresses for identifying data to be written, and write the encrypted first address to the nonvolatile memory (Kim, para. [0067] “the encryption module 120 may generate an initial key value by combining information regarding a PPA to be stored in each of a plurality of channels and a plurality of ways in the form of stripes when the memory device 200 includes a plurality of flash memory devices in which the plurality of channels and the plurality of ways are arranged.” And para. [0068] “the encryption module 120 may generate a private key from the initial key value using a hash function, or, the encryption module 120 may generate a private key from the initial key value using a hash function and pseudo random number generator.” and para. [0191] “Then, the encryption processing unit 123 encrypts data to be stored in the physical storage area 200A of the memory system using the private key that is generated from the initial key value. Encrypted data is written into the physical storage region 200A of the memory system.” And para. [0195] “Next, the memory controller 100 controls the memory system 1000A or 1000B to write encrypted data in a PPA of the memory device 200 or 200' (S130). Here, the PPA where the write operation is performed corresponds to a PPA that is converted from a logical address where the write operation is required to be performed using an FTL.”).

As per claim 7, the combination of Kim and Kelner teach the memory system of Claim 1, wherein the controller is configured no: 
manage a table for managing correspondence between the plurality of blocks and a plurality of encryption keys (Kelner, para. [0034] “Referring again to modules of the controller 102, a buffer manager/bus controller 114 manages buffers in random access memory (RAM) 116 and controls the internal bus arbitration of controller 102. A read only memory (ROM) 118 stores system boot code. Although illustrated in FIG. 2A as located separately from the controller 102, in other embodiments one or both of the RAM 116 and ROM 118 may be located within the controller 102. In yet other embodiments, portions of RAM 116 and ROM 118 may be located both within the controller 102 and outside the controller. Further, in some implementations, the controller 102, RAM 116, and ROM 118 may be located on separate semiconductor die. In one embodiment, the memory system 100 may be a protected memory having either all data encrypted using one or more encryption keys, or may be a protected data path device where data stored in the non-volatile memory includes storing the data together with its respective LBA information in the non-volatile memory to permit data path protection (DPP) for that data. The encryption key information may be kept in a key table 117 in the RAM 116 and may be indexed by LBA or LBA range such that different keys are associated with different LBA ranges. The DMA module 113 may retrieve the necessary keys for use in encrypting or protecting the data path used for information stored in the non-volatile memory 104.”); and 
when copying the encrypted data from one block in which the encrypted data has been written to a copy destination block in the nonvolatile memory, copy both the encrypted data and the first address from the one block to the copy destination block, without decrypting or re-encrypting the encrypted data (Kelner, para. [0049] “The storing of zero data may include, if the non-volatile memory system 100 is an encrypted system, retrieving any encryption key from a key table 117 and then storing the data into the unmapped area 157. If the encryption keys vary based on the LBA or LBA range, then the appropriate key may be selected from the key table 117 by the zero read module 112 based on the received LBA. Similarly, if there is no encryption, but there is data path protection, then the zero read module 112 may retrieve the zero data that has been stored with its respective LBA information so that the existing NVM memory system retrieves the zero data in the expected data path protection format (i.e. the data stored with its LBA data in an entry formatted according the format expected by the NVM system 100). In any case, the resulting zero data generated by the zero read module (encrypted without data path protection, data path protected only, or processed with a combined encryption and data path protection) is subsequently stored in block(s) in the unmapped area 157 of the non-volatile memory 104. The controller 102, using the zero read module 112 may then retrieve the zero data from the unmapped area 157 and decrypt the zero data with a decryption key, and/or direct the zero data along the protected data path 306 identified by a DPP key, found in the and transmit the zero data out to the host.”); and 
update the table to associate an encryption key associated with the one block, with the copy destination block (Kelner, para. [0050] “where there is no zero data entry already in the unmapped area 157 of the non-volatile memory array 142, the zero data generated by the zero read module 112 may be deleted after being read back from the non-volatile memory, or it may be permitted to persist and the zero entry table 119 updated with the physical address in the unmapped area containing the zero data.” And para. [0051] “ The mapping table 115 may include a table of LBAs and any associated physical block address or zero data indicator 704 for those LBAs that are mapped to a physical block address or that include previously generated zero data in the unmapped area 157 of the non-volatile memory array 142. Other data structure configurations and additional data types are contemplated for the mapping table 115 in alternative embodiments. As noted above, the zero data indicator 704 may be the same flag or bit for those LBAs 702 that have previously generated zero data in the unmapped area 157 of the non-volatile memory array 142. The presence of the zero data indicator 704 may trigger the controller 102 to automatically parse the zero entry table to find a physical address in the unmapped area 157 containing a previously generated zero data entry for the host-requested LBA.” And para. [0052] “Examples of the key table 117 and zero entry table 119 that may be stored in volatile memory 116 are illustrated in FIGS. 8 and 9, respectively. The key table 117 may include a list of any LBA ranges 702 that are to be encrypted, and the associated encryption key 804 for that LBA range. The zero entry table 119 may include any LBA 902 having zero data in the unmapped area 157 of the non-volatile memory array 142 and the physical address 904 in the unmapped area 157 of the non-volatile memory array 142 in which the previously generated zero data for that LBA 902 may be found.”).

As per claim 8, the combination of Kim and Kelner teach the memory system of Claim 1, wherein the controller is configured to: 
manage a table for managing correspondence between a plurality of encryption keys and a plurality of regions obtained by logically dividing the nonvolatile memory (Kelner, para. [0034] “Referring again to modules of the controller 102, a buffer manager/bus controller 114 manages buffers in random access memory (RAM) 116 and controls the internal bus arbitration of controller 102. A read only memory (ROM) 118 stores system boot code. Although illustrated in FIG. 2A as located separately from the controller 102, in other embodiments one or both of the RAM 116 and ROM 118 may be located within the controller 102. In yet other embodiments, portions of RAM 116 and ROM 118 may be located both within the controller 102 and outside the controller. Further, in some implementations, the controller 102, RAM 116, and ROM 118 may be located on separate semiconductor die. In one embodiment, the memory system 100 may be a protected memory having either all data encrypted using one or more encryption keys, or may be a protected data path device where data stored in the non-volatile memory includes storing the data together with its respective LBA information in the non-volatile memory to permit data path protection (DPP) for that data. The encryption key information may be kept in a key table 117 in the RAM 116 and may be indexed by LBA or LBA range such that different keys are associated with different LBA ranges. The DMA module 113 may retrieve the necessary keys for use in encrypting or protecting the data path used for information stored in the non-volatile memory 104.”); and 
when copying the encrypted data to a copy destination block in the nonvolatile memory belonging to a same region as a region to which one block in which the encrypted data has been written belongs, copy both the encrypted data and the first address from the one block to the copy destination block, without decrypting or re-encrypting the encrypted data (Kelner, para. [0049] “The storing of zero data may include, if the non-volatile memory system 100 is an encrypted system, retrieving any encryption key from a key table 117 and then storing the data into the unmapped area 157. If the encryption keys vary based on the LBA or LBA range, then the appropriate key may be selected from the key table 117 by the zero read module 112 based on the received LBA. Similarly, if there is no encryption, but there is data path protection, then the zero read module 112 may retrieve the zero data that has been stored with its respective LBA information so that the existing NVM memory system retrieves the zero data in the expected data path protection format (i.e. the data stored with its LBA data in an entry formatted according the format expected by the NVM system 100). In any case, the resulting zero data generated by the zero read module (encrypted without data path protection, data path protected only, or processed with a combined encryption and data path protection) is subsequently stored in block(s) in the unmapped area 157 of the non-volatile memory 104. The controller 102, using the zero read module 112 may then retrieve the zero data from the unmapped area 157 and decrypt the zero data with a decryption key, and/or direct the zero data along the protected data path 306 identified by a DPP key, found in the and transmit the zero data out to the host.”).

As per claim 13, Kim teaches a method of controlling a nonvolatile memory including a plurality of blocks, the method comprising: 
in response to receiving from a host a write request that designates a first address for identifying data to be written (Kim, para. [0095] “A logical address in which the user data is to be stored is allocated to the file system layer 102 in response to the command transferred from the application layer 101. The file system layer 102 includes a file allocation table (FAT) file system, an NTFS, or the like.” And para. [0096] “On the FTL 103, an operation of converting the logical address transferred from the file system layer 102 into a PPA for performing a read/write operation from/in the flash memory chip is performed. On the FTL 103, the logical address may be converted into the PPA using mapping information included in meta data. The address converting operation on the FTL 103 may be performed by the processor 110 of the memory controller 100.” And para. [0097] “On the flash memory layer 104, control signals for storing or reading data in or from the flash memory chip are generated by accessing the PPA that is converted from the logical address.” And para. [0190] “A private key may be generated from the initial key value using the hash function operational unit 122-1 and the pseudo random number generator 122-2 that are described with reference to FIG. 10.”), executing an operation of encrypting the data with the first address and a first encryption key and an operation of writing the encrypted data to the nonvolatile memory together with the first address (Kim, para. [0191] “Then, the encryption processing unit 123 encrypts data to be stored in the physical storage area 200A of the memory system using the private key that is generated from the initial key value. Encrypted data is written into the physical storage region 200A of the memory system.” And para. [0193] “First, the memory controller 100 generates a private key using physical unique identification (PUID) information of a memory device 200 or 200' in which data is to be stored (S110).” And para. [0194] “Next, the memory controller 100 encrypts data to be stored in the memory device 200 or 200' using the private key (S120). For example, an encryption algorithm, such as an AES algorithm, may be used in performing encryption.” And para. [0195] “Next, the memory controller 100 controls the memory system 1000A or 1000B to write encrypted data in a PPA of the memory device 200 or 200' (S130). Here, the PPA where the write operation is performed corresponds to a PPA that is converted from a logical address where the write operation is required to be performed using an FTL.”); and 
in response to receiving from the host a read request that designates a physical address indicative of a physical storage location of the nonvolatile memory in which the encrypted data is stored, executing an operation of reading both the encrypted data and the first address from the nonvolatile memory, on the basis of the physical address, and an operation of decrypting the read encrypted data with the first encryption key and the read first address (Kim, para. [0216] “If the read operation is generated (S410=YES), the memory controller 100 converts a logical address LBA where the read operation is required to be performed into a PPA. As described above, the logical address LBA may be converted into the PPA using an FTL (S420).” And para. [0219] “Then, the memory controller 100 reads data from the PPA of the memory device 200 or 200' as converted (S450).” And para. [0220] “Next, the memory controller 100 decrypts the data that is read from the memory device 200 or 200' using the private key (S460).”).
Kim teaches all the limitations of claim 13 above, however fails to explicitly teach but Kelner teaches:
a nonvolatile memory including a plurality of blocks (Kelner, para. [0044] “The non-volatile flash memory array 142 in the non-volatile memory 104 may be arranged in blocks of memory cells. A block of memory cells is the unit of erase, i.e., the smallest number of memory cells that are physically erasable together. For increased parallelism, however, the blocks may be operated in larger metablock units. One block from each of at least two planes of memory cells may be logically linked together to form a metablock. Referring to FIG. 4, a conceptual illustration of a representative flash memory cell array is shown. Four planes or sub-arrays 400, 402, 404 and 406 of memory cells may be on a single integrated memory cell chip, on two chips (two of the planes on each chip) or on four separate chips. The specific arrangement is not important to the discussion below and other numbers of planes may exist in a system. The planes are individually divided into blocks of memory cells shown in FIG. 4 by rectangles, such as blocks 408, 410, 412 and 414, located in respective planes 400, 402, 404 and 406. There may be dozens or hundreds of blocks in each plane.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kelner’s blocks in a non-volatile memory system into Kim’s memory system and encryption method, with a motivation to protect the data path used for information stored in the non-volatile memory (Kelner, para. [0034]). 

Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20180011802 A1 – Selective memory encryption. 
US 20140281587 A1 – Securing non-volatile storage. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437                                                                                                                                                                                                        
/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437