DETAILED ACTION
This action is in response to the amendment filed on May 13, 2022. Claims 1-20 are pending. Claims 1-2, 5, 7, 12-14, 16-18, and 20 are amended. Of such, claims 1-11 represent a system, claims 12-16 represent a device, and claims 17-20 represent a method directed to a host sending write requests to a storage device.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see pages 10-14 filed on May 13, 2022, with respect to the rejection(s) of claim(s) 1-20  in view of Shin have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Shin et al. (US Publication 2015/0350206) in view of Lee et al. (US Patent 9258111)
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shin et al. (US Publication 2015/0350206), hereinafter referred to as Shin, in view of Lee et al. (US Patent 9258111), hereinafter referred to as Lee.
	Regarding Claim 1, Shin discloses:
A computing system (In ¶ 58 Shin discloses “FIG. 2, a storage system 2000 may include a host 2100 and a storage device 2200”), comprising: a host configured to generate a host authentication code (In ¶ 20 Shin discloses “The host may be configured to generate the authentication code using a shared private key copies of which are stored at both the host and the storage device.”); and a storage device configured to receive a first request among a series of requests, regarding security write and write data from the host (In ¶ 17 Shin discloses “the storage device being configured to receive a WP change request” and in ¶ 13 discloses “The host may be configured such that the request of the host to set or clear the secure WP is provided using a data frame that includes a request/response type field, a write counter field, a nonce field, a block counter field, a data field, an address field, a result field, and an HMAC field.”), receive a second request among the series of requests and the host authentication code from the host, and perform a program operation on the write data based on a result of comparing the host authentication code with the device authentication code in response to the second request (In ¶ 21 Shin discloses “The storage device may be configured such that performing the authentication process includes, generating a validation code using the shared private key, performing a comparison operation based on the validation code and the authentication code, and determining whether the WP change request is valid based on a result of the comparison operation.”)..
	However, Shin does not explicitly disclose the limitation of generating the host authentication code while the generation of the device authentication code. 
	Lee discloses:
generate a device authentication code based on the write data in response to the first request while the host authentication code is generated (In ¶ 73, Lee discloses “The secure logic 140a generates authentication information 141 of a memory device based on data obtained by encrypting the MUK 112.” and in ¶ 83, Lee further discloses “The host device 300 which authenticates the storage memory device 1000 may further include an authentication processing unit 320. The authentication processing unit 320 generates authentication information of the host device 300 based on the MUK 112 obtained by the MUK obtaining unit 314, receives authentication information 141 of the storage memory device 1000 from the memory device 100 included in the storage memory device 1000 via the interface unit 310,”)
	One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shin’s approach by utilizing Lee’s approach of generating authentication information as the motivation would be to significantly reduce the probability of the secure information between the host and the memory device to be leaked (See Lee ¶ 76).
Regarding Claim 2, the combination of Shin and Lee disclose the limitations with respect to claim 1.
	However, Shin does not explicitly disclose the limitation of generating the host authentication code while providing write data to the storage device. 
	Lee discloses:
The computing system of claim 1, wherein the host generates the host authentication code while providing the write data to the storage device (In ¶58, Lee discloses “When the host device 300 inputs a request related to the secure data 111 to an I/O logic 150, the I/O logic 150 may send the request to the secure logic 140. Here, the request related to the secure data 111 may be a request for the initiation of an authentication procedure using the secure data 111 or a request for output of the secure data 111.”)
	One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shin’s approach by utilizing Lee’s approach of generating authentication information as the motivation would be to significantly reduce the probability of the secure information between the host and the memory device to be leaked (See Lee ¶ 76).
Regarding Claim 3, the combination of Shin and Lee disclose the limitations with respect to claim 1.
	However, Shin does not explicitly disclose the limitation of generating the host authentication code while the generation of the device authentication code.
	Lee discloses:
The computing system of claim 1, wherein the host authentication code is generated in parallel with generation of the device authentication code by the storage device  (In ¶ 73, Lee discloses “The secure logic 140a generates authentication information 141 of a memory device based on data obtained by encrypting the MUK 112.” and in ¶ 83, Lee further discloses “The host device 300 which authenticates the storage memory device 1000 may further include an authentication processing unit 320. The authentication processing unit 320 generates authentication information of the host device 300 based on the MUK 112 obtained by the MUK obtaining unit 314, receives authentication information 141 of the storage memory device 1000 from the memory device 100 included in the storage memory device 1000 via the interface unit 310,”).
	One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shin’s approach by utilizing Lee’s approach of generating authentication information as the motivation would be to significantly reduce the probability of the secure information between the host and the memory device to be leaked (See Lee ¶ 76).
Regarding Claim 4, the combination of Shin and Lee disclose:
The computing system of claim 1, wherein the storage device comprises: a memory device including a write protection area (In ¶ 9 Shin discloses “The register may include a secure WP configuration masking field for controlling register fields associated with the WP, and register fields associated with the write protection may be controlled by the secure WP configuration masking field.”); and 37a memory controller configured to control the security write (In ¶ 55 Shin discloses “The device controller 1230 may control an overall operation of the nonvolatile memory 1210 including a write operation, a read operation, an erase operation, etc. The device controller 1230 may exchange data with the nonvolatile memory 1210 or the buffer memory 1240 through an address or data bus.”).
	Regarding Claim 5, the combination of Shin and Lee disclose:
	The computing system of claim 4, wherein the memory controller comprises: a data verification component configured to generate authentication information which indicates integrity of the write data based on the result of comparing the host authentication code and the device authentication code (In ¶ 110 Shin discloses “the security manager 3234 may determine whether the request regarding the secure mode is valid, based on a comparison result of step S140. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are equal to each other, the security manager 3234 may determine the request regarding the secure mode as being valid.”); and an authenticated write controller configured to control the program operation based on the authentication information in response to the second request (In ¶ 62 Shin discloses “the command manager 2232 may send a ready-to-transfer complete signal to the host 2100.”).
Regarding Claim 6, the combination of Shin and Lee disclose:
The computing system of claim 5, wherein the authenticated write controller provides a first response, which indicates whether the first request has been received, to the host in response to the first request, and provides a second response, which indicates whether the second request has been received, to the host in response to the second request (In ¶ 64 Shin discloses “If a data transfer operation for a command and a program operation are completed, then the storage device 2200 may send a response signal to the host 2100 through an interface and may inform the host 2100 of command completion.”).
Regarding Claim 7, the combination of Shin and Lee disclose:
The computing system of claim 5, wherein the authenticated write controller provides a third response, which includes a result of the program operation, to the host in response to the third request received from the host (In ¶ 64 Shin discloses “If a data transfer operation for a command and a program operation are completed, then the storage device 2200 may send a response signal to the host 2100 through an interface and may inform the host 2100 of command completion.”).
Regarding Claim 8, the combination of Shin and Lee disclose:
The computing system of claim 7, wherein the result of the program operation includes information indicating whether the write data has integrity and information indicating whether the program operation has passed or failed (In ¶ 100 Shin discloses “the security manager 3234 may determine whether the request regarding the secure mode is valid, based on a comparison result of step S140. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are equal to each other, the security manager 3234 may determine the request regarding the secure mode as being valid. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are not equal to each other, the security manager 3234 may reject the request regarding the secure mode.”).
Regarding Claim 9, the combination of Shin and Lee disclose:
The computing system of claim 5, wherein the authenticated write controller controls the memory device to store the write data in the write protection area during the program operation (In ¶ 136 Shin discloses “The host 6100 may write data at the memory card 6200 and may read data from the memory card 6200. The host controller 6110 may provide the memory card 6200 with a command (e.g., a write command), a clock signal CLK generated from a clock generator (not shown) in the host 6100, and data through the host connection unit 6120.”).
Regarding Claim 10, the combination of Shin and Lee disclose:
The computing system of claim 5, wherein the data verification component comprises: an authentication code generator configured to generate the device authentication code based on a key shared between the host and the storage device and the received write data (In ¶ 98 Shin discloses “a security manager 3234 of the storage device 3200 may calculate a HMAC using a shared private key.”); and an authentication code comparator configured to generate the authentication information based on whether the host authentication code is the same as the device authentication code (In ¶ 100 Shin discloses “In step S150, the security manager 3234 may determine whether the request regarding the secure mode is valid, based on a comparison result of step S140. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are equal to each other, the security manager 3234 may determine the request regarding the secure mode as being valid.”).
Regarding Claim 11, the combination of Shin and Lee disclose:
The computing system of claim 1, wherein the device authentication code and the host authentication code are generated based on a message authentication code (MAC) algorithm (In ¶ 22 Shin discloses “The host may be configured such that the authentication code is a keyed-hash message authentication code (HMAC), and the storage device is configured such that the validation code is a HMAC.”).
Regarding Claim 12, Shin discloses
A host, comprising: a host memory configured to store write data(In ¶ 135 Shin discloses “The host 6100 may contain a host controller 6110 and a host connection unit 6120. The memory card 6200 may include a card connection unit 6210, a card controller 6220, and a flash memory 6230”); and 5Atty Docket No.: Po200238HD App. No.: 16/943,653 a host processor configured to provide a first request among a series of requests regarding security write and write data to a storage device (In ¶ 13 Shin discloses “The host may be configured such that the request of the host to set or clear the secure WP is provided using a data frame that includes a request/response type field, a write counter field, a nonce field, a block counter field, a data field, an address field, a result field, and an HMAC field.”), and provide a second request among the series of requests with the host authentication code to the storage device (In ¶ 20 Shin discloses “The host may be configured to generate the authentication code using a shared private key copies of which are stored at both the host and the storage device.”)..	
However, Shin does not explicitly disclose the limitation of generating the host authentication code while providing write data to the storage device. 
	Lee discloses:
generate a host authentication code while providing the write data to the storage device (In ¶ 73, Lee discloses “The secure logic 140a generates authentication information 141 of a memory device based on data obtained by encrypting the MUK 112.” and in ¶ 83, Lee further discloses “The host device 300 which authenticates the storage memory device 1000 may further include an authentication processing unit 320. The authentication processing unit 320 generates authentication information of the host device 300 based on the MUK 112 obtained by the MUK obtaining unit 314, receives authentication information 141 of the storage memory device 1000 from the memory device 100 included in the storage memory device 1000 via the interface unit 310,”).
	One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shin’s approach by utilizing Lee’s approach of generating authentication information as the motivation would be to significantly reduce the probability of the secure information between the host and the memory device to be leaked (See Lee ¶ 76).
Regarding Claim 13, the combination of Shin and Lee disclose:
The host of claim 12, wherein the host processor provides a third request among the series of requests, and the third request requests a result of a program operation on the write data to the storage device (In ¶ 91 Shin discloses “FIG. 7 is a table schematically illustrating a data frame including information regarding requests and responses for setting and clearing secure WP. Referring to FIG. 7, a data frame including information regarding requests and responses may include fields for Stuff, Key/MAC, Data, Nonce (e.g., a cryptographic nonce), Write Counter (W.C.), Address, Block Count, Result, and Request/Response Type”).
Regarding Claim 14, the combination of Shin and Lee disclose:
The host of claim 13, wherein the result of the program operation includes information indicating whether the program operation has passed or failed and authentication information indicating integrity of the write data, and wherein the authentication information is generated based on a result of comparing a device authentication code, which is generated by the storage device based on the write data, with the host authentication code (In ¶ 100 Shin discloses “the security manager 3234 may determine whether the request regarding the secure mode is valid, based on a comparison result of step S140. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are equal to each other, the security manager 3234 may determine the request regarding the secure mode as being valid.”).
Regarding Claim 15, the combination of Shin and Lee disclose:
The host of claim 12, wherein the host processor generates the host authentication code based on a key shared between the storage device and the host and the write data (In ¶ 20 Shin discloses “The host may be configured to generate the authentication code using a shared private key copies of which are stored at both the host and the storage device.”).
Regarding Claim 16, the combination of Shin and Lee disclose:
The host of claim 12, wherein the host processor receives a first response indicating whether the first request has been received from the storage device, provides the second request to the storage device in response to the first response, receives a second response indicating whether the second request has been received from the storage device, and provides a third request among a series of requests to the storage device in response to the second response (In ¶ 94 Shin discloses “An authenticated register write response may be provided from the storage device 3200 to the host 3100” and in ¶ 91 further discloses “Referring to FIG. 7, a data frame including information regarding requests and responses may include fields for Stuff, Key/MAC, Data, Nonce (e.g., a cryptographic nonce), Write Counter (W.C.), Address, Block Count, Result, and Request/Response Type.”). 
Regarding Claim 17, Shin discloses:
A method of operating a host, the method comprising: providing a first request among a series of requests regarding security write and write data to a storage device (In ¶ 13 Shin discloses “The host may be configured such that the request of the host to set or clear the secure WP is provided using a data frame that includes a request/response type field, a write counter field, a nonce field, a block counter field, a data field, an address field, a result field, and an HMAC field”); and providing a second request among the series of requests and the host authentication code to the storage device after the host authentication code is generated (In ¶ 20 Shin discloses “[0020] The host may be configured to generate the authentication code using a shared private key copies of which are stored at both the host and the storage device”).
	However, Shin does not explicitly disclose the limitation of generating the host authentication code while providing write data to the storage device. 
	Lee discloses:
generating a host authentication code after the first request is provided to the storage device (In ¶58, Lee discloses “When the host device 300 inputs a request related to the secure data 111 to an I/O logic 150, the I/O logic 150 may send the request to the secure logic 140. Here, the request related to the secure data 111 may be a request for the initiation of an authentication procedure using the secure data 111 or a request for output of the secure data 111.”)
; wherein the host authentication code is generated while the write data is provided to the storage device (In ¶ 73, Lee discloses “The secure logic 140a generates authentication information 141 of a memory device based on data obtained by encrypting the MUK 112.” and in ¶ 83, Lee further discloses “The host device 300 which authenticates the storage memory device 1000 may further include an authentication processing unit 320. The authentication processing unit 320 generates authentication information of the host device 300 based on the MUK 112 obtained by the MUK obtaining unit 314, receives authentication information 141 of the storage memory device 1000 from the memory device 100 included in the storage memory device 1000 via the interface unit 310,”)..
	One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Shin’s approach by utilizing Lee’s approach of generating authentication information as the motivation would be to significantly reduce the probability of the secure information between the host and the memory device to be leaked (See Lee ¶ 76).
	Regarding Claim 18, the combination of Shin and Lee disclose:
The method of claim 17, further comprising: receiving a first response, which indicates whether the first request has been received, from the storage device (In ¶ 64, Shin discloses “If a data transfer operation for a command and a program operation are completed, then the storage device 2200 may send a response signal to the host 2100 through an interface and may inform the host 2100 of command completion.”); 7Atty Docket No.: Po200238HD App. No.: 16/943,653 receiving a second response, which indicates whether the second request has been received, from the storage device (In ¶ 91 Shin discloses “Referring to FIG. 7, a data frame including information regarding requests and responses may include fields for Stuff, Key/MAC, Data, Nonce (e.g., a cryptographic nonce), Write Counter (W.C.), Address, Block Count, Result, and Request/Response Type.”); providing a third request to the storage device; and receiving a third response, which includes a result of a program operation on the write data, from the storage device (In ¶ 64 Shin discloses “If a data transfer operation for a command and a program operation are completed, then the storage device 2200 may send a response signal to the host 2100 through an interface and may inform the host 2100 of command completion.”).
Regarding Claim 19, the combination of Shin and Lee disclose:
The method of claim 18, wherein the host authentication code is generated based on a key shared between the storage device and the host, and the write data (In ¶ 20 Shin discloses “The host may be configured to generate the authentication code using a shared private key copies of which are stored at both the host and the storage device.”).
Regarding Claim 20, the combination of Shin and Lee disclose:
The method of claim 18, wherein the result of the program operation includes information indicating whether the program operation has passed or failed and authentication information indicating integrity of the write data, and wherein the authentication information is generated based on a result of comparing a device authentication code, which is generated by the storage device based on the write data, with the host authentication code (In ¶ 100 Shin discloses “the security manager 3234 may determine whether the request regarding the secure mode is valid, based on a comparison result of step S140. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are equal to each other, the security manager 3234 may determine the request regarding the secure mode as being valid. When the HMAC provided from the host 3100 and the HMAC computed by the storage device 3200 are not equal to each other, the security manager 3234 may reject the request regarding the secure mode.”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ito , US Publication Number 2011/0246707, discloses unlocking and locking a memory device to allow transmission. 
Kanbe, US Publication Number 2020/0244458, discloses a memory system that can communicate with a plurality of hosts.  
Carlson et al, US Publication Number 2021/0026542, discloses a memory device authenticated utilizing authentication codes.
Hausauer et al, US Publication Number  2019/0102568, discloses a method for authenticating to a memory region for a transaction. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/               Examiner, Art Unit 2492                                                                                                                                                                                         

/SALEH NAJJAR/               Supervisory Patent Examiner, Art Unit 2492