DETAILED ACTION
This communication responsive to the Application No. 17/129,410 filed on December 21,
2020. Claims 1-20 are pending and are directed towards system, method and computer product for SECURITY CAPSULE FOR ENABLING RESTRICTED FEATURES OF A MEMORY DEVICE.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
The claim does not fall within at least one of the four categories of patent eligible subject matter because the recited “computer-readable storage medium” fails to exclude non-transitory embodiments. 
The broadest reasonable interpretation of a “computer-readable storage medium” typically covers both forms of non-transitory media and transitory propagating signals per se in view of the ordinary and customary meaning of computer-readable media, noting that the present specification does not explicitly define the term “computer-readable storage medium” but only provides non-limiting examples of computer readable storage medium (see Spec para [0087][0088] and [0093]). A signal does not constitute statutory subject matter, because it is neither a process, a machine, an article of manufacture, nor a composition of matter, and therefore does not fall within any of the statutory classes of invention. See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007), and MPEP § 2106.03(1). See also “Subject Matter Eligibility of Computer Readable Media”, 1351 Off. Gaz. Pat. Office. When a claim encompasses both statutory and non-statutory subject matter, the claim as a whole is considered to be directed to non-statutory subject matter. See MPEP § 2106(11). 
Examiner Note; Applicant can amend to narrow the claim to cover only statutory embodiments by adding the limitation “non-transitory” to the claim (i.e. A non-transitory computer-readable storage medium …”), such an amendment would not raise the issue of new matter, even when the specification is silent, unless the specification does not support a non-transitory embodiment because a signal per se is the only viable embodiment.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.


Claims 2 and 12 rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  The step of “validating the security capsule prior to transitioning the memory device to the authenticated state, the validating of the security capsule including verifying the security capsule is validly signed” is recited in independent claims 1 and 11 and fails to further limit the subject matter of the independent claims.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-6, 9-16, and 19-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Duval US 2020/0042465 A1 (hereinafter “Duval”).

As per claims 1, 11 and 20, Duval teaches a system comprising: 
a memory device (Main Memory. Duval, Fig. 9 element 904); and 
a processing device coupled to the memory device (Processor. Duval, Fig. 9 element 902), the processing device configured to perform operations comprising: 
initializing the memory device in an unauthenticated state in which the memory device is unable to execute one or more restricted commands (If the cryptographic digest is not equivalent to the digital signature included with the command message, then the digital signature is not verified and the memory system does not execute the command [which implies that the memory device is initially in unauthenticated state]. Duval, para [0026]); 
accessing a security capsule that is digitally signed using a private key (the programming appliance uses the pre-generated digital signatures from the command file to send command messages to the memory system…A pre-generated digital signature is generated by an HSM or other suitable generator device. The pre-generated digital signature corresponds to a particular memory system, a signed command, and a selected value of the memory system counter. Duval, para [0030]-[0031] and Fig. 3); and 
transitioning the memory device to an authenticated state based on verifying, using a public key corresponding to the private key, that the security capsule is validly signed, the memory device being able to execute the one or more restricted commands while in the authenticated state (The digital signature accompanying a signed command can be created (and verified) using multiple input data elements including a cryptographic key and a memory system counter value. […]. In an asymmetric key arrangement, the signing device utilizes a private key that may not be known to the memory system. The memory system utilizes a public key corresponding to the signing device's private key. Duval, para [0023])( when the host controller 160 receives a command message from the programming appliance 120, as described herein, the host controller 160 sends the command message to the memory controller 115 of the appropriate memory system 110A. The memory controller 115 can verify a digital signature included with the command message and, if the digital signature is verified, execute the command [which implies transitioning of the memory device to an authenticated state]. Duval, para [0044]).

As per claims 2 and 12, Duval teaches the system and the method of claims 1 and 11, wherein the operations further comprise:
validating the security capsule prior to transitioning the memory device to the authenticated state, the validating of the security capsule including verifying the security capsule is validly signed (The digital signature accompanying a signed command can be created (and verified) using multiple input data elements including a cryptographic key and a memory system counter value. […]. In an asymmetric key arrangement, the signing device utilizes a private key that may not be known to the memory system. The memory system utilizes a public key corresponding to the signing device's private key. Duval, para [0023])( when the host controller 160 receives a command message from the programming appliance 120, as described herein, the host controller 160 sends the command message to the memory controller 115 of the appropriate memory system 110A. The memory controller 115 can verify a digital signature included with the command message and, if the digital signature is verified, execute the command. Duval, para [0044])..

As per claims 3 and 13, Duval teaches the system and the method of claims 2 and 12, wherein: 
the security capsule comprises a manufacturing identifier (the command file includes, for each memory system (UID0, UID1, UIDN), digital signatures generated for a first signed command (CMD0) for a number of different memory device counter values (MTC0-MTCN). Duval, para [0065] See Table 1); and 
the validating of the security capsule further comprises verifying the manufacturing identifier corresponds to the memory device (a command file, such as the command files 126, 226, include multiple pre-generated digital signatures that can be referenced by memory system, signed command, and/or memory system counter values. TABLE 1 below shows one arrangement of an example command file including pre-generated digital signatures for various memory systems described by unique identifiers (UIDs): UID0, UID1, UIDN. Duval, para [0064]). 

As per claims 4 and 14, Duval teaches the system and the method of claims 2 and 12, wherein: 
the security capsule comprises a first counter value (a command file, such as the command files 126, 226, include multiple pre-generated digital signatures that can be referenced by memory system, signed command, and/or memory system counter values. TABLE 1. Duval, para [0064]).; 
the memory device maintains a second counter value (the programming appliance queries the memory system for its current memory system counter value. Duval, para [0079]); and 
the validating of the security capsule further comprises determining the second counter value is less than or equal to the first counter value prior to transitioning to the authenticated state (The digital signature accompanying a signed command can be created (and verified) using multiple input data elements including a cryptographic key and a memory system counter value. Duval, para [0023]-[0024]) (The programming appliance receives the counter value message 607 and determines, at operation 608, if the current memory system counter value is equivalent to the memory system counter value that is associated with the pre-generated digital signature […] If the current memory system counter value matches the memory system counter value that is associated with the pre-generated digital signature, the programming appliance sends a command message 609 to the memory system. Duval, para [0080]- [0081] Figs. 6-7).

As per claims 5 and 15, Duval teaches the system and the method of claims 4 and 14, wherein operations further comprise: 
updating the second counter value based on the first counter value (the programming appliance is configured to increment the memory system counter until its current value is equal to the memory system counter value associated with a pre-generated digital signature. Duval, para [0037]).

As per claims 6 and 16, Duval teaches the system of claims 4 and 14, wherein the validating of the security capsule further comprises authenticating a security credential provided in conjunction with the security capsule (a command file, such as the command files 126, 226, include multiple pre-generated digital signatures that can be referenced by memory system, signed command, and/or memory system counter values. TABLE 1 below shows one arrangement of an example command file including pre-generated digital signatures for various memory systems described by unique identifiers [security credential] (UIDs): UID0, UID1, UIDN. Duval, para [0064]) (The programming device can (via the appropriate host device) execute the sequence of signed commands at a memory system (UID0) by sending a command message including the pre-generated digital signature associated with (UID0, CMD0, MTC0) to the memory system (UID0). Duval, para [0067]).

As per claim 9, Duval teaches the system of claim 1, wherein the operations further comprise:
reverting the memory device to the unauthenticated state in response to a power cycle event (prevent the memory system from executing a command unless the command is accompanied by a valid digital signature. The memory system verifies the command by checking the validity of the digital signature. Memory system commands that are verified with a digital signature are referred to herein as signed commands [since each command should be verified before execution, that implies the memory device revert to the unauthenticated state after executing each command, which obviously include a power cycle event]. Duval, para [0022]).

As per claim 10, Duval teaches the system of claim 1, wherein the operations further comprise:
reverting the memory device to the unauthenticated state in response to an authentication termination command (If the current memory system counter value does not match the memory system counter value that is associated with the pre-generated digital signature, the programming appliance enters error processing at operation 610. Accordingly, the process flow enters error processing at operation 612. Error processing can include, for example, ending the process flow. Duval, para [0080]).

As per claim 19, Duval teaches the method of claim 11, further comprising: reverting the memory device to the unauthenticated state in response to a power cycle event or an authentication termination command (If the current memory system counter value does not match the memory system counter value that is associated with the pre-generated digital signature, the programming appliance enters error processing at operation 610. Accordingly, the process flow enters error processing at operation 612. Error processing can include, for example, ending the process flow. Duval, para [0080]). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 7-8 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Duval in view of Sutton et al. US 2020/0143040 A1 (hereinafter “Sutton”)

As per claims 7 and 17, Duval teaches the system and the method of claims 1 and 11, wherein: 
the security capsule specifies a list of command types (the command file can include command sequence data describing command sequences supported by the command file. Duval, para [0069] Tables 1-2) (The sequences of pre-generated digital signatures in TABLE 3 corresponds to a sequence of signed commands (CMD0, CMD1 . . ., CMDN). Duval, para [0070]); and 
the operations further comprise: 
receiving a command while the memory device is in the authenticated state (If the current memory system counter value matches the memory system counter value that is associated with the pre-generated digital signature, the programming appliance sends a command message 609 to the memory system. Duval, para [0081]); and
Duval does not explicitly teach determining whether the command is a prohibited command type based on the list of command types.
However, Sutton teaches determining whether the command is a prohibited command type based on the list of command types (if the received command was encrypted with a different key than that used to decrypt the received command or was not encrypted at all despite being a command of the restricted command set, an invalid result will be detected and the decryption will fail (block 320, FIG. 7) the integrity test. Similarly, if a processing error occurred in either the encryption of the command by the host or the decryption of the received command by the storage controller, the decryption will fail (block 320, FIG. 7) the integrity test [which represent a prohibited command that will not be executed]. Sutton, para [0081]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Duval in view of Sutton. One would be motivated to do so, to prevent executing prohibited commands. (Sutton, para [0082]).

As per claims 8 and 18, Duval and Sutton teach the system and the method of claims 7 and 17. Duval does not explicitly teach wherein the operations further comprise: aborting the command based on determining the command is a prohibited command type.
However, Sutton teaches aborting the command based on determining the command is a prohibited command type (In response to a failure to pass the integrity test, the restricted command set decryption logic 130 rejects (block 324, FIG. 7) the received command and does not execute it. In this manner, the restricted command set decryption logic 130 selectively blocks execution of the decrypted command if the decrypted command fails the integrity pass/fail test. Sutton, para [0082]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Duval in view of Sutton. One would be motivated to do so, to prevent executing prohibited commands. (Sutton, para [0082]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
A. Rubinstein et al. US 2009/0083834 A1 directed to accessory authentication for electronic devices. 
B. Strong et al. US 2017/0026183 A1 directed to solid state storage device with command and control access. 
C. Cocotis et al. US 2016/0269367 A1 directed to controlling encrypted data stored on a remote storage device. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


Respectfully Submitted




/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492