DETAILED ACTION
This Non Final Office Action is in response to Application filed on 09/10/2020.
Claims 1-19 filed on 09/10/2020 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 09/10/2020are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/10/2020 and 04/20/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 09/10/2020 and 04/20/2022 are attached to the instant Office action. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 10 and 17 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of co-pending Application No. 17/003,783, hereinafter 783, in view of Luc (US 20200099511 A1), hereinafter Luc, and Adams et. al. (US 9191200 B1), hereinafter Adams. This is a provisional nonstatutory double patenting rejection.
Instant Application 16/016,732
Co-pending Application 17/003,783
1. A memory system comprising: 
a first nonvolatile memory including a first memory element; 
5a second nonvolatile memory including a second memory element in which data is able to be written only once, the second memory element storing first key information; and 
a controller configured to: 
10receive second key information stored in an information processing apparatus; generate a first key using the first key information and the second key information; and generate a second key using at least the first 15key, wherein the controller is configured to: encrypt data, which is to be written into the first nonvolatile memory, with the second key; and decrypt data, which is read from the first 20nonvolatile memory, with the second key.
1. A storage device, comprising: 
a first nonvolatile memory to which data can be written a plurality of times, the first nonvolatile memory configured to store first encryption key generation information; 
a second nonvolatile memory that includes storage elements for which electrical characteristics can be changed only once, the second nonvolatile memory configured to store second encryption key generation information; and a controller configured to: generate an encryption key using the first encryption key generation information and the second encryption key generation information in combination, encrypt data to be written to the first nonvolatile memory using the generated encryption key, decrypt data read from the first nonvolatile memory using the generated encryption key, attempt an erase of the first encryption key generation information in the first nonvolatile memory when a host requests an encryption erase, and erase the second encryption key generation information in the second nonvolatile memory if the attempt to erase first encryption key generation information fails.
10. An information processing apparatus communicable with a host and a memory system, the information processing apparatus comprising: a nonvolatile memory including a memory element in which data is able to be written multiple times and 20storing first key information for generating a first key to be used in the memory system; and a processor configured to transmit the first key information to the memory system, wherein the processor is configured to erase the first key 25information stored in the nonvolatile memory in accordance with a request by the host.
1. A storage device, comprising: 
a first nonvolatile memory to which data can be written a plurality of times, the first nonvolatile memory configured to store first encryption key generation information; 
a second nonvolatile memory that includes storage elements for which electrical characteristics can be changed only once, the second nonvolatile memory configured to store second encryption key generation information; and a controller configured to: generate an encryption key using the first encryption key generation information and the second encryption key generation information in combination, encrypt data to be written to the first nonvolatile memory using the generated encryption key, decrypt data read from the first nonvolatile memory using the generated encryption key, attempt an erase of the first encryption key generation information in the first nonvolatile memory when a host requests an encryption erase, and erase the second encryption key generation information in the second nonvolatile memory if the attempt to erase first encryption key generation information fails.
17. An information processing system comprising: a memory system; and an information processing apparatus configured to: read first key information stored in a first nonvolatile memory that includes a first memory element 10in which data is able to be written multiple times; and transmit the first key information to the memory system, wherein the memory system is configured to: receive the first key information from the 15information processing apparatus; read second key information stored in a second nonvolatile memory that includes a second memory element in which data is able to be written only once; generate a first key using the first key 20information and the second key information; generate a second key using at least the first key; and encrypt data, which is to be written into a third nonvolatile memory that includes a third memory 25element, with the second key, and decrypt data, which is read from the third nonvolatile memory, with the second key.
1. A storage device, comprising: 
a first nonvolatile memory to which data can be written a plurality of times, the first nonvolatile memory configured to store first encryption key generation information; 
a second nonvolatile memory that includes storage elements for which electrical characteristics can be changed only once, the second nonvolatile memory configured to store second encryption key generation information; and a controller configured to: generate an encryption key using the first encryption key generation information and the second encryption key generation information in combination, encrypt data to be written to the first nonvolatile memory using the generated encryption key, decrypt data read from the first nonvolatile memory using the generated encryption key, attempt an erase of the first encryption key generation information in the first nonvolatile memory when a host requests an encryption erase, and erase the second encryption key generation information in the second nonvolatile memory if the attempt to erase first encryption key generation information fails.


Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1, 10 and 17 of the co-pending application by 783 contains every element of claims 1, 10 and 17 of the instant application except for the bolded limitations as seen in the above table.  However, 
With respect to claim 1, Luc discloses receive second key information stored in an information processing apparatus. Please see rationale in claim 1 below. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 783 to incorporate the teaching of Luc to utilize the above feature, with the motivation of ensure generation of a sect after a validation process being performed by a validator, as recognized by (Luc [0072] and throughout).
	783 in view of Luc do not disclose the below limitation.
Adams discloses generate a second key using at least the first 15key, second key encrypting and decrypting the data. Please see rationale in claim 1 below. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 783 in view of Luc to incorporate the teaching of Adams to utilize the above feature, with the motivation of ensuring secured communication and ensuring desired recipients properly decrypt encrypted messages, as recognized by (Adams Abstract, Col. 1 line 19-36 and throughout).
	With respect to claim 10, Luc discloses a first key to be used in the memory system. Please see rationale in claim 10 below. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 783 to incorporate the teaching of Luc to utilize the above feature, with the motivation of storing encrypted data in a blockchain store, as recognized by (Luc Abstract and throughout).
783 in view of Luc do not disclose the below limitation.
Adams discloses transmit the first key information to the memory system. Please see rationale in claim 10 below. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 783 in view of Luc to incorporate the teaching of Adams to utilize the above feature, with the motivation of ensuring secured communication and ensuring desired recipients properly decrypt encrypted messages, as recognized by (Adams Abstract, Col. 1 line 19-36 and throughout).
With respect to claim 17, Luc discloses transmit the first key information to the memory system and the memory system is configured to: receive the first key information from the 15information processing apparatus and further discloses the third memory element for data. Please see rationale in claim 17 below. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 783 to incorporate the teaching of Luc to utilize the above feature, with the motivation of ensure generation of a sect after a validation process being performed by a validator, as recognized by (Luc [0072] and throughout).
783 in view of Luc do not disclose the below limitation.
Adams discloses generate a second key using at least the first key. Please see rationale in claim 1 below. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 783 in view of Luc to incorporate the teaching of Adams to utilize the above feature, with the motivation of ensuring secured communication and ensuring desired recipients properly decrypt encrypted messages, as recognized by (Adams Abstract, Col. 1 line 19-36 and throughout).




Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 18 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 18 recites “when erasure of key 35information is requested by the host”.  it is unclear from the claim as drafted, which key information is referred to. For examination purpose, the above key information is interpreted as described in the below rationale in claim 18.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)    the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)    the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)    the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s): “an information processing apparatus configured to…” in claims 17-19.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Structures and functions of the aforementioned limitation is disclosed in the following Figures and paragraphs of the specification:
Figure 1 (7) and [0037-0038, 0055, 0063, 0066-0069, 0072] recite an information processing apparatus, including a memory, and further recite the function of the apparatus.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 5, 7 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Adams et. al. (US 9191200 B1), hereinafter Adams, and Cope et. al. (US 20150293857 A1), hereinafter Cope.
	
Regarding claim 1, Luc teaches a memory system (Luc discloses the system illustrated in Figure 1, Abstract “A method is implemented in a networked computer system that is connected to document issuers and validators and interacts with a blockchain.”) comprising: 
a first nonvolatile memory including a first memory element (Luc Figure 3 ST4 “Doc. Specif. Data Stor. (EncData, TemplateID), Figure 4 S2-12 “Write EncData and TemplateID in BKC, “Doc. Specif. Data Stor.”, further disclosed in [0098]); 
5a second nonvolatile memory including a second memory element in which data is able to be written [only once], the second memory element storing first key information (Luc Figure 3 [0085] “the key PK is stored in a software key vault”, PK corresponds to first key information); and 
a controller (P2 and P3 in Figure 3) configured to: 
10receive second key information stored in an information processing apparatus (Luc [0072] “As shown in FIG. 3, the system DCS comprises a process P1 for validation and registration of issuers. The process P1 is executed by the validator.”, [0073] “…an authorization MK_EN for the generation of a secret master key MK for the issuer is given by the validator at the end of the validation and registration process P1. This master key MK is generated and is stored in a key vault, as shown in FIG. 3. The master key MK is a permanent secret key attached to the issuer account. This master key MK is used to encrypt/decrypt document data for the publication of the certified documents. In particular embodiments, the key vault of the master key MK will be implemented in the above-mentioned hardware security module HSM (see FIG. 1).”, MK_EN corresponds to second key information, validator performing process P1 in Figures 1 VAS [0053] and Figure 3 corresponds to information processing apparatus); 
generate a first key using the first key information and the second key information (Luc Figure 3 illustrates generating KAES, first key, from PK and MK_EN through MK, Figure 4 S2-4, [0091] “In step S2-4, an encryption key KAES is calculated with a key derivation function a from the keys MK, PK and IK. The encryption key KAES is intended to be used for the encryption of the document specific data CredData.”); and 
wherein the controller is configured to: encrypt data, which is to be written into the first nonvolatile memory, with the [second] key (Luc Figure 4 S2-6 and S2-12, [0094, 0098]); and 
decrypt data, which is read from the first 20nonvolatile memory, with the [second] key (Luc Figure 5 and [0102] “the certified document reading process P3 is implemented by the certified document reading web application REA. The process P3 is designed to display a certified document which is accessible through the web address «URL=https//Reader/IdData∥IK» as input. For that, the process P3 must retrieve the document specific data CredData from the encrypted data EncData registered in the blockchain BKC and the files HTML_Template and Template_Def using the identifier TemplateID registered in the blockchain BKC. Proofs of issuer and/or validator authenticity will also have to be retrieved from the validator storage ST0 and the issuer storage ST1 (FIG. 6) in the blockchain BKC.”, the process is illustrated in Figure 5 and [0103-0116]).  

Luc discloses the aforementioned limitations, where a derived key, first key, is used for encrypting and writing/storing data in a memory, and decrypting and reading data from memory, however, Luc does not disclose the below limitation, where key performing the encryption and decryption is a second key derived from the first key.
Adams discloses generate a second key using at least the first 15key, second key encrypting and decrypting the data (Adams discloses the first key, corresponding to the second key, is generated by unwrapping the first key using the KEK, corresponding to the first key, where the KEK is generated by combining a number of retrieved key slices information, Col. 6 line 18-23 “the wrapped keys (e.g., wK1) can be stored within the key loading device 106 along with one or more portions of the split key portions of the KEK (e.g., s1KEK). Other portions of the split key portions of the KEK (e.g., s2KEK, s3KEK) can be distributed outside the key loading device”, Co. 7 line 14-20 “After the key loading device 106 has all three portions (e.g., s1KEK, s2KEK, and s3KEK) of the split key encryption key, the key encryption key (KEK) can be reconstituted. The KEK can be at the third security level (e.g., classified), and thus at a higher security level than the first security level. After reconstituting the KEK, the KEK can be used to unwrap the wrapped keys (e.g., wK1) to obtain the keys (e.g., K1).”, where the a second and third portion of the KEK portions are received from outside devices as disclosed in Col. 6 line 11-31, where the unwrapped key is used for encrypting data and decrypting data at terminal 104 as disclosed in Col. 7 line 32-43).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc to incorporate the teaching of Adams to utilize the above feature, with the motivation of ensuring secured communication and ensuring desired recipients properly decrypt encrypted messages, as recognized by (Adams Abstract, Col. 1 line 19-36 and throughout).
Luc in view of Adams disclose the aforementioned limitations, where Luc discloses permanently erasing the persistence key, indicating that the  persistence key is only written once, however, Luc in view of Adams do not explicitly disclose the below limitations.
Cope discloses a second nonvolatile memory including a second memory element in which data is able to be written [only once], the second memory element storing first key information (Cope [0001] “…a portion of an encryption key may be stored in a first storage medium, and one or more bits of the encryption key may be stored in a one-time writable storage location. Data received at the data storage device may be encrypted using the encryption key, and may be stored in a storage medium. In the event that it is no longer desired to allow users to access the encrypted data stored in the storage medium, the one or more bits of the encryption key stored in a one-time writable storage location may be modified. Such modification thereby prevents decryption of the encrypted data and effectively precludes access to the encrypted data.”, [0011] “In the event that access to the stored data is to be prevented, the one or more bits of the encryption key stored in the one-time writable storage location may be modified. For example, the eFuses containing the remainder of the encryption key may be blown, thereby rendering the portion of the encryption key stored in the one-time writable memory unreadable. Thus, decryption of the encrypted data is prevented and the data stored in the data storage medium rendered unreadable.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Adams to incorporate the teaching of Cope to utilize the above feature, with the motivation of improving storage of encryption key, as recognized by (Cope Abstract [0011] and throughout).

Regarding claim 5, Luc in view of Adams and Cope teaches the memory system of claim 1, wherein the controller includes an encryption circuit, and the controller is configured to: set the [second] key in the encryption circuit; 20use the encryption circuit to encrypt data, which is to be written into the first nonvolatile memory, with the [second] key; and use the encryption circuit to decrypt data, which is read from the first nonvolatile memory, with the 25[second] key (Luc Figure 3 ST4 “Doc. Specif. Data Stor. (EncData, TemplateID), Figure 4 S2-12 “Write EncData and TemplateID in BKC, “Doc. Specif. Data Stor.”, further disclosed in [0094, 0098], where data is encrypted and written into a specific data store corresponding to a third memory element, Luc further illustrates in Figure 5 and [0102] “the certified document reading process P3 is implemented by the certified document reading web application REA. The process P3 is designed to display a certified document which is accessible through the web address «URL=https//Reader/IdData∥IK» as input. For that, the process P3 must retrieve the document specific data CredData from the encrypted data EncData registered in the blockchain BKC and the files HTML_Template and Template_Def using the identifier TemplateID registered in the blockchain BKC. Proofs of issuer and/or validator authenticity will also have to be retrieved from the validator storage ST0 and the issuer storage ST1 (FIG. 6) in the blockchain BKC.”, the process is illustrated in Figure 5 and [0103-0116]).
  Luc does not disclose the below limitations.
Adams disclose generate the second key using the first key as described in claim 1. Rationale and motivation in claim 1 apply.

Regarding claim 7, Luc in view of Adams and Cope teaches the memory system of claim 1, wherein the controller is further configured to erase the 35first key information stored in the second nonvolatile- 55 - memory in accordance with a request by a host that is different from the information processing apparatus (Luc Figure 3 and [0087] “The persistence key PK may be erased by the issuer upon a request from a document legitimate holder, claiming his “right to be forgotten”, and/or by the document legitimate holder to whom an erasing authorization code, for example a unique code, has been assigned by the system DCS. Deletion of the persistence key PK makes it impossible for the process P3 to read the published certified document…”, erased by the issuer upon a request from a document legitimate holder, which is different from the validator corresponding to the information processing apparatus).

Regarding claim 9, Luc in view of Adams and Cope teaches the memory system of claim 1, further comprising the information processing apparatus (Luc Figures 1 and 3 comprising the validator VAS as part of the memory system).  
Claims 2 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Adams et. al. (US 9191200 B1), hereinafter Adams, Cope et. al. (US 20150293857 A1), hereinafter Cope, and Christensen et. al. (US 20200119917 A1), hereinafter Christensen.

Regarding claim 2, Luc in view of Adams and Cope teaches the memory system of claim 1, wherein the controller is further configured to: 
Luc does not disclose the  below limitations.
Adams disclose generate the second key using the first key as described in claim 1. Rationale and motivation in claim 1 apply.
Luc discloses receiving the second key information, and generating the first key using the first key information and the second key information as disclosed in claim 1, however, Luc in view of Adams and Cope do not disclose the second key information is encrypted with a common key and subsequently decrypted.
Christensen discloses receive the second key information, which is encrypted with a common key, from the information 25processing apparatus; decrypt the encrypted second key information with the common key; generate the first key using the first key information and the decrypted second key information (Christensen Figure 6 and [0098-0103] where the encryption key parts are encrypted with a symmetric/common key, transmitted to part holders, where the key parts are decrypted using he symmetric/common key, where the key parts comprising 1st, 2nd, 3rd, etc. key parts that are required in reconstructing encryption key). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc to incorporate the teaching of Christensen to utilize the above feature, with the motivation of securely communicate and store data in a trusted network without using a central server, as recognized by (Christensen Abstract [0004] and throughout).

Regarding claim 4, Luc in view of Adams and Cope teaches the memory system of claim 1, wherein the controller is further configured to: 
Luc in view of Adams and Cope discloses receiving the second key information and further discloses generating a second key as disclosed in claim 1, however, Luc in view of Adams and Cope do not disclose the third key information is encrypted with a common key and subsequently decrypted.
Christensen discloses 10receive a third key, which is encrypted with a common key, from the information processing apparatus; decrypt the encrypted third key with the common key; and generate the second key using the decrypted third 15key (Christensen Figure 6 and [0098-0103] where the encryption key parts are encrypted with a symmetric/common key, transmitted to part holders, where the key parts are decrypted using he symmetric/common key, where the key parts comprising 1st, 2nd, 3rd, etc. key parts that are required in reconstructing encryption key).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Adams and Cope to incorporate the teaching of Christensen to utilize the above feature, with the motivation of securely communicate and store data in a trusted network without using a central server, as recognized by (Christensen Abstract [0004] and throughout).
  
Claims 3 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Adams et. al. (US 9191200 B1), hereinafter Adams, Cope et. al. (US 20150293857 A1), hereinafter Cope, and Le (US 20210111875 A1), hereinafter Le.

Regarding claim 3, Luc in view of Adams and Cope teaches the memory system of claim 1, wherein the controller is further configured to: 
Luc discloses receiving the second key information as disclosed in claim 1, however, Luc in view of Adams and Cope do not disclose the second key information is encrypted with a public key and subsequently decrypted.
Le discloses receive the second key information, which is 35encrypted with a public key, from the information- 54 - processing apparatus; decrypt the encrypted second key information with a private key corresponding to the public key; generate the first key using the first key 5information and the decrypted second key information (Le discloses [0083] “At step 7, each of the M−1 servers Sk 613 sends its local re-encrypted share, eDekk 617B, to the requesting server Si 610. Server Si 610 may then receive the M−1 encrypted shares eDekk 617 from the M−1 servers. According to embodiments, M number of DEK shares may be required to derive the complete data encryption key (DEK), which may include the M−1 data encryption key shares received from the M−1 servers 613 and the local share, DEKi, of server Si 610.”, [0084] “At step 8, the requesting server Si 610 receives M data encryption key shares and decrypts the M shares using its local private key”, [0085] “At step 9, the requesting server Si 610 may generate the DEK using the M DEK shares.”, where a received encrypted share corresponding to a second key information, where the received share and the local share at the server generate the key DEK, first key).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Adams and Cope to incorporate the teaching of Le to utilize the above feature, with the motivation of establishing secure communication in a trusted network without using a central server, as recognized by (Le Abstract and throughout).

Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Adams et. al. (US 9191200 B1), hereinafter Adams, Cope et. al. (US 20150293857 A1), hereinafter Cope, and Yokoi et. al. (US 20190095651 A1), hereinafter Yokoi.

Regarding claim 6, Luc in view of Adams and Cope teaches the memory system of claim 5, wherein the controller is further configured to: 
Luc does not disclose that the below limitation.
Adams disclose generate the second key using the first key as described in claim 1. Rationale and motivation in claim 1 apply.
Luc in view of Adams and Cope do not disclose  the below limitation.
Yokoi discloses invalidate the second key that is set in the encryption circuit in accordance with a request by the 30information processing apparatus; and notify the information processing apparatus that the second key is invalidated (Yokoi [0147] “The key management program 221 refers to the key management table 223 and identifies all the devices that hold the key to be erased. The key management program 221 issues an erasing request specifying the encryption key to each of the identified devices (S71). Each device that has received the erasing request of the encryption key discards the held encryption key, and erases the information of the instructed encryption key from the entry in the held key management information. The device that has erased the encryption key returns an erasing completion notification to the key management program 221.”, [0148] “When receiving the erasing completion notice of the encryption key from all the devices to which erasing of the encryption key has been requested, the key management program 221 erases the information of the encryption key from the key management table 223. As a result, erasing of all the data encrypted with the erased encryption key including backup and difference files is completed (S72). The key management program 221 notifies data erasing completion by erasing of the encryption key to the request source.”, where the key management program 221 is a program in a management device illustrated in Figure 3, corresponding to the information processing apparatus).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Adams and Cope to incorporate the teaching of Yokoi to utilize the above feature, with the motivation of Erasing all encrypted data, as recognized by (Yokoi Abstract [0147-0148] and throat).
  
Claims 8 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Adams et. al. (US 9191200 B1), hereinafter Adams, Cope et. al. (US 20150293857 A1), hereinafter Cope, and Offenberg et. al. (US 9716594 B2), hereinafter Offenberg.

Regarding claim 8, Luc in view of Adams and Cope teaches the memory system of claim 7, wherein the controller is further configured to: 
Luc discloses the erasure of the first key information as described in claim 1, however, Luc in view of Adams and Cope do not disclose below limitations where the erasure is logged as described below.
Offenberg discloses  5generate a digital signature for log data of processing of erasing the first key information, by using a private key; and transmit an electronic certificate and the digital signature to the host (Offenberg Col. 4 line 58-65 “the DSD 200 may sign the attestation using a key specific to the DSD. For example, the DSD 200 may use the private key of an asymmetric private-public key pair. The public key can be used to verify that the attestation was signed by the corresponding private key, and accordingly to verify that the sanitization operation was actually performed by the target device.”, Col. 5 line 9-118 “Once the attestation has been compiled and signed by the DSD 200, the DSD may return the signed attestation to the host 202 along with or as a response indicating that the data sanitization operation has completed. In some embodiments, the DSD 200 may store the attestation locally, either signed or unsigned, and return the attestation when requested by a host 202. In addition to the other information in the attestation, the DSD 200 may generate additional information regarding the sanitization operation or to provide proof of completion.”, Figure 4 illustrates the above process, Col. 6 line 66-67 and Col. 7 line 1-2 discloses certificate may also include the form illustrated in Figure 4 (402)), 
the electronic certificate 10including the log data, identification information of the memory system, and information about a date and time when the first key information is erased (Offenberg Col. 5 line 16-32 discloses producing key fingerprints as part of the attestation, Figure 4 illustrates information about the device identification, time of sanitization and memories sanitized, Col. 6 line 66-67 and Col. 7 line 1-2 discloses certificate may also include the form illustrated in Figure 4 (402)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Adams and Cope to incorporate the teaching of Offenberg to utilize the above feature, with the motivation of attesting the sanitization operation, as recognized by (Offenberg Abstract and throughout).  
Claims 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Cope et. al. (US 20150293857 A1), hereinafter Cope, and Adams et. al. (US 9191200 B1), hereinafter Adams.

Regarding claim 1510, Luc teaches an information processing apparatus communicable with a host and a memory system (Luc discloses the system illustrated in Figure 1, Abstract “A method is implemented in a networked computer system that is connected to document issuers and validators and interacts with a blockchain.”, where the apparatus associated with cloud service in Figure 3 corresponds to the information processing apparatus, host correspond so the issuer and legitimate holder, memory system corresponds to the BKC and its associated storages e.g. ST4), 
the information processing apparatus comprising: 
a nonvolatile memory including a memory element in which data is able to be written [multiple times] and 20storing first key information for generating a first key to be used in the memory system (Luc discloses the a memory vault that stores key PK, first key information, in a key vault, [0085] “the key PK is stored in a software key vault. In yet another particular implementation, the keys MK and PK are both stored in the hardware security module HSM.”, [0086] “Preferably, the keys MK, PK and IK will be generated by a high-performance random number generator, for example, a high-performance random number generator included in the hardware security module HSM if applicable.”, Figure 3 illustrates generating KAES, first key, from PK and MK_EN through MK, Figure 4 S2-4, [0091] “In step S2-4, an encryption key KAES is calculated with a key derivation function a from the keys MK, PK and IK. The encryption key KAES is intended to be used for the encryption of the document specific data CredData.”, where the KAES is used to encrypt the document stored in ST4 as disclosed in [0098] and Figure 4 S2-12); and 
wherein the processor is configured to erase the first key 25information stored in the nonvolatile memory in accordance with a request by the host (Luc Figure 3 and [0087] “The persistence key PK may be erased by the issuer upon a request from a document legitimate holder, claiming his “right to be forgotten”, and/or by the document legitimate holder to whom an erasing authorization code, for example a unique code, has been assigned by the system DCS. Deletion of the persistence key PK makes it impossible for the process P3 to read the published certified document…”, erased by the issuer upon a request from a document legitimate holder).
Luc discloses the aforementioned limitations, where Luc discloses the persistence key for generating a key KAES used in the memory system to encrypt the document data, however, Luc does not disclose the below limitation.
Cope discloses a nonvolatile memory including a memory element in which data is able to be written multiple times ([0027] “At block 605, the device may determine an encryption key for use in encrypting data stored to a data storage medium. Such an encryption key may be determined, for example, by generating a random number. In some examples, logic within the storage controller may generate a random number by sampling a group of ring oscillators and providing the sample to conditioning hardware (specified by NIST 800-90) to further randomize the output of the ring oscillators. The output of the conditioning hardware is a data key. This data key may then be encrypted by a zeroizable root key for storage on the storage medium, and used as the encryption key. At block 610, the device may store a first portion of the encryption key to a re-writable storage location. For example, the first portion may be stored in a controller memory or in a memory location in a storage medium of the storage apparatus. At block 615, the device may store at least one bit of the encryption key in a one-time writable storage location. For example, as discussed above, the one-time writable storage location may be one or more bits of an eFuse array.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc to incorporate the teaching of Cope to utilize the above feature, with the motivation of utilizing new keys used for storage of new data, as recognized by (Cope [0029] and throughout).
Luc in view of Cope discloses the aforementioned limitations, where Cope  discloses storing the key portions in a memory storage, where the stored key portions partake in encrypting and decrypting of data, however, Cope does not explicitly disclose transmitting to the key portion to a memory system.
Adams discloses a processor configured to transmit the first key information to the memory system (Adams discloses the first key, corresponding to the second key, is generated by unwrapping the first key using the KEK, corresponding to the first key, where the KEK is generated by combining a number of retrieved key slices information, Col. 6 line 18-23 “the wrapped keys (e.g., wK1) can be stored within the key loading device 106 along with one or more portions of the split key portions of the KEK (e.g., s1KEK). Other portions of the split key portions of the KEK (e.g., s2KEK, s3KEK) can be distributed outside the key loading device”, Co. 7 line 14-20 “After the key loading device 106 has all three portions (e.g., s1KEK, s2KEK, and s3KEK) of the split key encryption key, the key encryption key (KEK) can be reconstituted. The KEK can be at the third security level (e.g., classified), and thus at a higher security level than the first security level. After reconstituting the KEK, the KEK can be used to unwrap the wrapped keys (e.g., wK1) to obtain the keys (e.g., K1).”, where the a second and third portion of the KEK portions are received from outside devices as disclosed in Col. 6 line 11-31, where the unwrapped key is used for encrypting data and decrypting data at terminal 104 as disclosed in Col. 7 line 32-43).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope to incorporate the teaching of Adams to utilize the above feature, with the motivation of ensuring secured communication and ensuring desired recipients properly decrypt encrypted messages, as recognized by (Adams Abstract, Col. 1 line 19-36 and throughout).

Regarding claim 517, Luc teaches an information processing system (Luc discloses the system illustrated in Figure 1, Abstract “A method is implemented in a networked computer system that is connected to document issuers and validators and interacts with a blockchain.”) comprising: 
a memory system (Luc Figure 3 discloses the system including the BKC and the cloud service performing P2 and P3, which includes memory storages, software and hardware available as disclosed in [0057-0058]); and 
an information processing apparatus (Luc [0072] “As shown in FIG. 3, the system DCS comprises a process P1 for validation and registration of issuers. The process P1 is executed by the validator.”, validator performing process P1 in Figures 1 VAS [0053] and Figure 3 corresponds to information processing apparatus) configured to: 
transmit the first key information to the memory system (Luc [0073] “…an authorization MK_EN for the generation of a secret master key MK for the issuer is given by the validator at the end of the validation and registration process P1.”, where the MK_EN corresponds to first key information), 
wherein the memory system is configured to: 
receive the first key information from the 15information processing apparatus (Luc [0072] “As shown in FIG. 3, the system DCS comprises a process P1 for validation and registration of issuers. The process P1 is executed by the validator.”, [0073] “…an authorization MK_EN for the generation of a secret master key MK for the issuer is given by the validator at the end of the validation and registration process P1. This master key MK is generated and is stored in a key vault, as shown in FIG. 3. The master key MK is a permanent secret key attached to the issuer account. This master key MK is used to encrypt/decrypt document data for the publication of the certified documents. In particular embodiments, the key vault of the master key MK will be implemented in the above-mentioned hardware security module HSM (see FIG. 1).”, MK_EN corresponds to first key information, i.e. validator performing process P1 in Figures 1 VAS [0053] and Figure 3 corresponds to information processing apparatus, where MK_EN information is received from the validator to the cloud service server as disclosed in [0058]); 
read second key information stored in a second nonvolatile memory that includes a second memory element in which data is able to be written [only once] (Luc Figure 3 [0085] “the key PK is stored in a software key vault”, PK corresponds to second key information, where PK is written into a vault, and being subsequently read for performing a key KAES derivation as disclosed in [0091] “In step S2-4, an encryption key KAES is calculated with a key derivation function a from the keys MK, PK and IK.”); 
generate a first key using the first key 20information and the second key information (Luc Figure 3 illustrates generating KAES, first key, from PK and MK_EN through MK, Figure 4 S2-4, [0091] “In step S2-4, an encryption key KAES is calculated with a key derivation function a from the keys MK, PK and IK. The encryption key KAES is intended to be used for the encryption of the document specific data CredData.”); and 
encrypt data, which is to be written into a third nonvolatile memory that includes a third memory 25element, with the [second] key (Luc Figure 3 ST4 “Doc. Specif. Data Stor. (EncData, TemplateID), Figure 4 S2-12 “Write EncData and TemplateID in BKC, “Doc. Specif. Data Stor.”, further disclosed in [0094, 0098], where data is encrypted and written into a specific data store corresponding to a third memory element), and 
decrypt data, which is read from the third nonvolatile memory, with the [second] key (Luc Figure 5 and [0102] “the certified document reading process P3 is implemented by the certified document reading web application REA. The process P3 is designed to display a certified document which is accessible through the web address «URL=https//Reader/IdData∥IK» as input. For that, the process P3 must retrieve the document specific data CredData from the encrypted data EncData registered in the blockchain BKC and the files HTML_Template and Template_Def using the identifier TemplateID registered in the blockchain BKC. Proofs of issuer and/or validator authenticity will also have to be retrieved from the validator storage ST0 and the issuer storage ST1 (FIG. 6) in the blockchain BKC.”, the process is illustrated in Figure 5 and [0103-0116]).
Luc does not disclose the below limitations.
Cope discloses read first key information stored in a first nonvolatile memory that includes a first memory element 10in which data is able to be written multiple times, read second key information stored in a second nonvolatile memory that includes a second memory element in which data is able to be written only once (Cope [0001] “…a portion of an encryption key may be stored in a first storage medium, and one or more bits of the encryption key may be stored in a one-time writable storage location. Data received at the data storage device may be encrypted using the encryption key, and may be stored in a storage medium. In the event that it is no longer desired to allow users to access the encrypted data stored in the storage medium, the one or more bits of the encryption key stored in a one-time writable storage location may be modified. Such modification thereby prevents decryption of the encrypted data and effectively precludes access to the encrypted data.”, [0011] “In the event that access to the stored data is to be prevented, the one or more bits of the encryption key stored in the one-time writable storage location may be modified. For example, the eFuses containing the remainder of the encryption key may be blown, thereby rendering the portion of the encryption key stored in the one-time writable memory unreadable. Thus, decryption of the encrypted data is prevented and the data stored in the data storage medium rendered unreadable.”, [0023] “The hidden root key, as mentioned above, may be partially stored in a re-writable storage location, with one or more bits be stored in a one-time writable storage location such as an eFuse, for example. Such a configuration for the encryption key 310 may be desirable because certain security standards, including the current version of the FIPS 140 standards”, where the encryption key including both key portions is utilized to encrypt and decrypt data).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc to incorporate the teaching of Cope to utilize the above feature, with the motivation of improving storage of encryption key, as also desirable by certain security standards, as recognized by (Cope Abstract [0011, 0023] and throughout).
Luc in view of Cope do not disclose the below limitation.
Adams discloses generate a second key using at least the first 15key, second key encrypting and decrypting the data (Adams discloses the first key, corresponding to the second key, is generated by unwrapping the first key using the KEK, corresponding to the first key, where the KEK is generated by combining a number of retrieved key slices information, Col. 6 line 18-23 “the wrapped keys (e.g., wK1) can be stored within the key loading device 106 along with one or more portions of the split key portions of the KEK (e.g., s1KEK). Other portions of the split key portions of the KEK (e.g., s2KEK, s3KEK) can be distributed outside the key loading device”, Co. 7 line 14-20 “After the key loading device 106 has all three portions (e.g., s1KEK, s2KEK, and s3KEK) of the split key encryption key, the key encryption key (KEK) can be reconstituted. The KEK can be at the third security level (e.g., classified), and thus at a higher security level than the first security level. After reconstituting the KEK, the KEK can be used to unwrap the wrapped keys (e.g., wK1) to obtain the keys (e.g., K1).”, where the a second and third portion of the KEK portions are received from outside devices as disclosed in Col. 6 line 11-31, where the unwrapped key is used for encrypting data and decrypting data at terminal 104 as disclosed in Col. 7 line 32-43).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc to incorporate the teaching of Adams to utilize the above feature, with the motivation of ensuring secured communication and ensuring desired recipients properly decrypt encrypted messages, as recognized by (Adams Abstract, Col. 1 line 19-36 and throughout).

Claims 11 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Cope et. al. (US 20150293857 A1), hereinafter Cope, Adams et. al. (US 9191200 B1), hereinafter Adams, and Christensen et. al. (US 20200119917 A1), hereinafter Christensen.

Regarding claim 11, Luc in view of Cope and Adams teaches the information processing apparatus of claim 10, wherein the processor is further configured to: 
Luc in view of Cope and Adams do not disclose the below limitations.
Christensen discloses 30encrypt the first key information with a common key; and transmit the encrypted first key information to the memory system (Christensen Figure 6 and [0098-0103] where the encryption key parts are encrypted with a symmetric/common key, transmitted to part holders, where the key parts are decrypted using the symmetric/common key, where the key parts comprising 1st, 2nd, 3rd, etc. key parts that are required in reconstructing encryption key). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope and Adams to incorporate the teaching of Christensen to utilize the above feature, with the motivation of securely communicate and store data in a trusted network without using a central server, as recognized by (Christensen Abstract [0004] and throughout).

Claims 12 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Cope et. al. (US 20150293857 A1), hereinafter Cope, Adams et. al. (US 9191200 B1), hereinafter Adams, and Le (US 20210111875 A1), hereinafter Le.

Regarding claim 12, Luc in view of Cope and Adams teaches the information processing apparatus of 35claim 10, wherein- 56 - the processor is further configured to: 
Luc in view of Cope and Adams do not disclose the below limitations.
Le discloses encrypt the first key information with a public key; and transmit the encrypted first key information to 5the memory system (Le discloses [0083] “At step 7, each of the M−1 servers Sk 613 sends its local re-encrypted share, eDekk 617B, to the requesting server Si 610. Server Si 610 may then receive the M−1 encrypted shares eDekk 617 from the M−1 servers. According to embodiments, M number of DEK shares may be required to derive the complete data encryption key (DEK), which may include the M−1 data encryption key shares received from the M−1 servers 613 and the local share, DEKi, of server Si 610.”, [0084] “At step 8, the requesting server Si 610 receives M data encryption key shares and decrypts the M shares using its local private key”, [0085] “At step 9, the requesting server Si 610 may generate the DEK using the M DEK shares.”, where a received encrypted share corresponding to a second key information, where the received share and the local share at the server generate the key DEK, first key).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope and Adams teaches to incorporate the teaching of Le to utilize the above feature, with the motivation of establishing secure communication in a trusted network without using a central server, as recognized by (Le Abstract and throughout).

Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Cope et. al. (US 20150293857 A1), hereinafter Cope, Adams et. al. (US 9191200 B1), hereinafter Adams, and Machani et. al. (US 9954680 B1), hereinafter Machani.

Regarding claim 13, Luc in view of Cope and Adams teaches the information processing apparatus of claim 10, 
Luc in view of Cope and Adams do not explicitly disclose the below limitation.
Machani discloses wherein the processor is further configured to: encrypt the first key with a common key; and 10transmit the encrypted first key to the memory system (Machani discloses reconstructing a key from key shares/information, encrypting the reconstructed key, using a public key, i.e. public/common to devices, and transmit the encrypted reconstructed key to a managed device, Col. 11 line 65-67, Col. 12 line 1-11 “At step 506, in response to receipt of the request to reconstruct the master encryption key from the remote management server, the key splitting server decrypts the remote management server key share managed device key share contained in the request to reconstruct the master encryption key, and the key splitting server key share stored on the key splitting server. The key splitting server then uses the decrypted key shares to generate a reconstructed master encryption key. At step 508, the key splitting server encrypts the reconstructed master encryption key, and sends the encrypted reconstructed master encryption key from the key splitting server to the managed device that issued the request for the master encryption key.”, Col. 8 line 53-62 “Prior to sending Reconstructed Master Encryption Key 212 to Managed Device 24, Key Splitting Server 10 may encrypt Reconstructed Master Encryption Key 212 using the public key of the managed device that requested the master encryption key, e.g. with the public key of Managed Device 24. For example, Key Splitting Server 10 may encrypt Reconstructed Master Encryption Key 212 using a public key of Managed Device 24 that is contained in the list of managed devices received by Key Splitting Server 10 from Remote Management Server 14.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope and Adams to incorporate the teaching of Machani to utilize the above feature, with the motivation of improve security by utilizing different devices holding different parts of a key, as recognized by (Machani Abstract, Col. 12 line 12-22 and throughout).
 
Claims 14 is rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Cope et. al. (US 20150293857 A1), hereinafter Cope, Adams et. al. (US 9191200 B1), hereinafter Adams, and Ingalls (US 20130212367 A1), hereinafter Ingalls.
Regarding claim 14, Luc in view of Cope and Adams teaches the information processing apparatus of claim 10, 
Luc discloses erasing a persistence key, however, Luc in view of Cope and Adams does not disclose the below limitation where erasure is performed by overwriting random number.
Ingalls discloses wherein the processor is configured to write a random 15number in a memory area in the nonvolatile memory in which the first key information is stored to erase the first key information (Ingalls [0042] “a security key can be divided into sections (e.g., split), and each of the sections can be stored in a separate portion (e.g., sector) of memory. Thus, if an erase or overwrite operation fails on one portion of memory, the other portions of the security key can be erased and/or overwritten on the other portions of memory. For example, if a memory sector failure prevents one portion of memory that stores a piece of the security key from being erased or overwritten, other memory sectors can still be erased and/or overwritten to prevent all portions of the security key from being exposed to an unauthorized entity.”, where overwriting the portion can be by means of random values as disclosed in [0039, 0041).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope and Adams to incorporate the teaching of Ingalls to utilizes the above feature, with the motivation of deleting secure data from memory, as recognized by (Ingalls [0042]).

  Claims 15 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Cope et. al. (US 20150293857 A1), hereinafter Cope, Adams et. al. (US 9191200 B1), hereinafter Adams, and Yokoi et. al. (US 20190095651 A1), hereinafter Yokoi.

Regarding claim 15, Luc in view of Cope and Adams teaches the information processing apparatus of claim 10, wherein 20the processor is further configured to: 
Luc in view of Cope and Adams does not disclose that the below limitation.
Yokoi discloses request the memory system to invalidate a second key that is set in an encryption circuit in accordance with a request by the host; and erase the first key information stored in the 25nonvolatile memory when the memory system notifies that the second key is invalidated (Yokoi [0147] “The key management program 221 refers to the key management table 223 and identifies all the devices that hold the key to be erased. The key management program 221 issues an erasing request specifying the encryption key to each of the identified devices (S71). Each device that has received the erasing request of the encryption key discards the held encryption key, and erases the information of the instructed encryption key from the entry in the held key management information. The device that has erased the encryption key returns an erasing completion notification to the key management program 221.”, [0148] “When receiving the erasing completion notice of the encryption key from all the devices to which erasing of the encryption key has been requested, the key management program 221 erases the information of the encryption key from the key management table 223. As a result, erasing of all the data encrypted with the erased encryption key including backup and difference files is completed (S72). The key management program 221 notifies data erasing completion by erasing of the encryption key to the request source.”, where the key management program 221 is a program in a management device illustrated in Figure 3, corresponding to the information processing apparatus).    
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope and Adams to incorporate the teaching of Yokoi to utilize the above feature, with the motivation of Erasing all encrypted data, as recognized by (Yokoi Abstract [0147-0148] and throughout).

Regarding claim 18, Luc in view of Cope and Adams teaches the information processing system of claim 17, 
Luc in view of Cope and Adams does not disclose the below limitations.
Yokoi discloses wherein 30the information processing system is communicable with a host, and the information processing apparatus is further configured to erase the first key information stored in the first nonvolatile memory when erasure of key 35information is requested by the host (Yokoi [0146] “ The key management program 221 erases the encryption key in response to a user instruction from an input device to erase the data.”, [0147] “The key management program 221 refers to the key management table 223 and identifies all the devices that hold the key to be erased. The key management program 221 issues an erasing request specifying the encryption key to each of the identified devices (S71). Each device that has received the erasing request of the encryption key discards the held encryption key, and erases the information of the instructed encryption key from the entry in the held key management information. The device that has erased the encryption key returns an erasing completion notification to the key management program 221.”, [0148] “When receiving the erasing completion notice of the encryption key from all the devices to which erasing of the encryption key has been requested, the key management program 221 erases the information of the encryption key from the key management table 223. As a result, erasing of all the data encrypted with the erased encryption key including backup and difference files is completed (S72). The key management program 221 notifies data erasing completion by erasing of the encryption key to the request source.”, where the key management program 221 of the management device, illustrated in Figure 3, communicate with a user input device, host, and I response to instructions received from the user device, the erase the key management program 221 erase the information of the encryption key from the key management table stored in the management deice as illustrated in Figure 3).    
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Cope and Adams to incorporate the teaching of Yokoi to utilize the above feature, with the motivation of Erasing all encrypted data, as recognized by (Yokoi Abstract [0147-0148] and throughout).

Claims 16 and 19  are rejected under 35 U.S.C. 103 as being unpatentable over Luc (US 20200099511 A1), hereinafter Luc, in view of Adams et. al. (US 9191200 B1), hereinafter Adams, Cope et. al. (US 20150293857 A1), hereinafter Cope, and Offenberg et. al. (US 9716594 B2), hereinafter Offenberg.

Regarding claim 16, Luc in view of Cope and Adams teaches the information processing apparatus of claim 10, 
Luc discloses the erasure of the first key information as described in claim 1, however, Luc in view of Cope and Adams do not disclose below limitations where the erasure is logged as described below.
Offenberg discloses wherein the processor is further configured to: 30generate a digital signature for log data of processing of erasing the first key information, by using a private key; and transmit an electronic certificate and the digital signature to the host (Offenberg Col. 4 line 58-65 “the DSD 200 may sign the attestation using a key specific to the DSD. For example, the DSD 200 may use the private key of an asymmetric private-public key pair. The public key can be used to verify that the attestation was signed by the corresponding private key, and accordingly to verify that the sanitization operation was actually performed by the target device.”, Col. 5 line 9-118 “Once the attestation has been compiled and signed by the DSD 200, the DSD may return the signed attestation to the host 202 along with or as a response indicating that the data sanitization operation has completed. In some embodiments, the DSD 200 may store the attestation locally, either signed or unsigned, and return the attestation when requested by a host 202. In addition to the other information in the attestation, the DSD 200 may generate additional information regarding the sanitization operation or to provide proof of completion.”, Figure 4 illustrates the above process, Col. 6 line 66-67 and Col. 7 line 1-2 discloses certificate may also include the form illustrated in Figure 4 (402)), 
the electronic certificate 35including the log data, identification information of- 57 - the information processing apparatus, identification information of the memory system, and information about a date and time when the first key information is erased (Offenberg Col. 5 line 16-32 discloses producing key fingerprints as part of the attestation, Figure 4 illustrates information about the device identification, time of sanitization and memories sanitized, Col. 6 line 66-67 and Col. 7 line 1-2 discloses certificate may also include the form illustrated in Figure 4 (402)).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Luc in view of Adams and Cope to incorporate the teaching of Offenberg to utilize the above feature, with the motivation of attesting the sanitization operation, as recognized by (Offenberg Abstract and throughout).

Claim 19 contains similar limitations to claim 16, therefore, claim 19 is rejected with the same rationale and motivation as claim 16.
 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Leggette (US 20170250809 A1) discloses cryptographic key storage in a dispersed storage network, secure erasure of a key slice (e.g., in response to a delete request, expiration of a key, following migration of key data, etc.) may comprise overwriting the relevant portion of the key region with zeros or ones, a fixed pattern of bits, a randomized pattern of bits, or combinations thereof in a multi-pass approach. 
McMullen (US 20150370725 A1) discloses encrypted purging of data from content node storage
  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497