DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 29 is objected to because of the following informalities:  the claim does not end with a period.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 24-31 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 24 and 28 recites in part the limitation "a basic header segment included in every information unit transferred between the host and the memory controller" on line 7 of claim 24 and on line 14 of claim 28.  There is insufficient antecedent basis for this limitation in the claim.
Neither claim 24, nor claim 28, recites a memory controller, therefore it is unclear what is the memory controller of the claims. For the purposes of examination, the memory controller of claim 24 will be interpreted as the data storage device and the memory controller of claim 28 will be interpreted as the processor.

As dependent claims 25-27 and 29-31 are directly or indirectly dependent upon either claim 24 or 28 above, claims 25-27 and 29-31 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.




Claim(s) 1-2, 4-6, 8-10, 13-14, 16-19, 21, 23-25, and 28-31 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Samsonov et al (US 2016/0379015 A1) hereinafter referred to as Samsonov.

	Regarding claim 1, Samsonov teaches A data storage device comprising:
a replay protected memory block configured to be accessed by a security protocol (Samsonov Fig. 2 trusted storage environment 208; [0027] "The client code set 202 may use the client secret symmetric key 212 to create a hash message authentication code signature to associate with any read or write request sent to the trusted storage environment 208"; Examiner's note: the system of Samsonov utilizes various authentication measures (security protocol) to protect the trusted storage environment 208 (memory device including a protected memory block)); and
a memory controller configured to receive a command information unit associated with the security protocol including a host side replay protected memory block (RPMB) message from a host, to write data in the replay protected memory block according to an authentication operation using the host side RPMB message (Samsonov [0018] "a trusted platform module (TPM) 160"; [0022] "The trusted platform module 160 may be configured to act as a trusted client environment for maintaining a trusted counter and a secret key"; [0017] "The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set associated with the hash message authentication code signature to an agnostic data storage. The virtual replay protected storage system may send a read request for the data set with the hash message authentication code signature from the agnostic data storage. The virtual replay protected storage system may verify the hash message authentication code signature to determine whether the data set has been corrupted"), 
wherein the command information unit comprises:
a basic header segment included in every information unit transferred between the host and the memory controller (Samsonov Fig. 5; [0034] "The agnostic data storage may associate a primary header instance 502 and a successor header instance 504 with a data set 506"); and
an extra header segment including the host side RPMB message (Samsonov Fig. 5; [0034] "The agnostic data storage may associate a primary header instance 502 and a successor header instance 504 with a data set 506").

Independent claims 13 and 28 have substantially the same scope and limitations as claim 1 as they are respectively the corresponding Device and Apparatus claims. Therefore, claims 13 and 28 are rejected under 35 U.S.C. 102(a)(1) for at least the same reasons as above.

	Regarding claim 2, Samsonov teaches The data storage device of claim 1, wherein the command information unit further includes a transaction specific field for identifying a type of information unit (Samsonov Fig. 5 HMAC 520).

Dependent claims 14 and 25 have substantially the same scope and limitations as claim 2 as they are respectively the corresponding Device and Host claims. Therefore, claims 14 and 25 are rejected under 35 U.S.C. 102(a)(1) for at least the same reasons as above.

Regarding claim 4, Samsonov teaches The data storage device of claim 1, wherein the replay protected memory block comprises: an authentication key storage area configured to store an authentication key used for the authentication operation (Samsonov Fig. 2 Storage key 214); a write counter configured to store a write count value obtained by counting the number of times a write operation of the replay protected memory block is performed (Samsonov Fig. 2 Counter 216; [0028] "The trusted storage environment 208 may have a persistent trusted counter 216 that is incremented upon each successful write to prevent use of a replay attack"); a result register configured to store a result of an operation performed on the replay protected memory block (Samsonov [0043] "The client code set may verify the hash message authentication code signature to determine whether the data set has been corrupted (Block 712). If the verification indicates the data has been corrupted (Block 714), the client code set may mark the data set as corrupt (Block 716). If the verification indicates the data has not been corrupted (Block 714), the client code set may mark the data set as usable (Block 718)"); and a replay protection memory block data area configured to store a write data received from the host (Samsonov [0047] "The agnostic data storage may store a data set sent in the write request from the client code set (Block 1106)"; [0017] "The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set").

Dependent claim 30 has substantially the same scope and limitations as claim 4 as it is the corresponding Apparatus claim. Therefore, claim 30 is rejected under 35 U.S.C. 102(a)(1) for at least the same reasons as above.

Regarding claim 5, Samsonov teaches The data storage device of claim 4, wherein the memory controller comprises: an authentication manager configured to perform the authentication operation and output a result of the authentication operation (Samsonov [0028] "Both the client code set 202 and the data storage 206 may detect and reject any data which is a replay of previously exchanged data"); and an access controller configured to control the replay protected memory block based on the result of the authentication operation (Samsonov [0028] "Both the client code set 202 and the data storage 206 may detect and reject any data which is a replay of previously exchanged data"), wherein the host side RPMB message includes a host message authentication code and host metadata (Samsonov Fig. 5 HMAC 520; [0036] "The primary header instance 502 may store the hash message authentication code signature 520. The primary header instance 502 may store a spare sector list 522, of fixed or variable length, describing the physical addresses of the spare sectors 510. The primary header instance 502 may store a 32-bit cyclic redundancy check (CRC) digest 524 for the data set 506. A 32-bit cyclic redundancy check digest 524 is a value based on a common error-detecting code that indicates whether the data set 506 has been changed").

Dependent claim 31 has substantially the same scope and limitations as claim 5 as it is the corresponding Apparatus claim. Therefore, claim 31 is rejected under 35 U.S.C. 102(a)(1) for at least the same reasons as above.

Regarding claim 6, Samsonov teaches The data storage device of claim 5, wherein the authentication manager comprises: a device message authentication code calculator configured to generate a device message authentication code using the host metadata and the authentication key (Samsonov [0027] "To prevent such an attack, the trusted client environment 204 may protect a client secret symmetric key 212. The client code set 202 may use the client secret symmetric key 212 to create a hash message authentication code signature to associate with any read or write request sent to the trusted storage environment 208"; [0035] "The primary header instance 502 may contain a sector hash message authentication code (HMAC) signature 512 for each individual data sector 508. The primary header instance 502 may introduce a level of indirection between a logical sector number and a physical sector address. The data structure for the sector hash message authentication code signature 512 may be addressed based on the logical sector number and the physical sector address";); and a message authentication code comparator configured to generate the result of the authentication operation indicating whether the host message authentication code matches the device message authentication code (Samsonov [0028] "Both the client code set 202 and the data storage 206 may detect and reject any data which is a replay of previously exchanged data").

Regarding claim 8, Samsonov teaches The data storage device of claim 1, wherein the command information unit further includes a transaction specific field for identifying a type of information unit (Samsonov [0043] "If the verification indicates the data has been corrupted (Block 714), the client code set may mark the data set as corrupt (Block 716). If the verification indicates the data has not been corrupted (Block 714), the client code set may mark the data set as usable (Block 718)"; [0047] "The agnostic data storage may store a data set sent in the write request from the client code set (Block 1106)";).

Regarding claim 9, Samsonov teaches The data storage device of claim 8, wherein the access controller controls the nonvolatile memory device to increase a current write count value stored in the write counter, store the increased write count value in the write counter (Samsonov Fig. 2 Counter 216; [0028] "The trusted storage environment 208 may have a persistent trusted counter 216 that is incremented upon each successful write to prevent use of a replay attack"), and store, in the result register, a result code indicating that a write operation for the replay protected memory block is successful (Samsonov [0020] "The memory 130 is further configured to associate a successor header instance with the data set having a successor hash message authentication code signature based on an incremented trusted counter value"; Examiner's note: the successor header instance can be considered the result register, which stores a hash (result code) on a successful write).

Regarding claim 10, Samsonov teaches The storage device of claim 9, wherein the access controller generates a response information unit including a device side RPMB message (Samsonov Fig. 5; [0043] "The client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature from the agnostic data storage (Block 708)"; Examiner's note: while most of the examples given are of client generated headers (host), here Samsonov is teaching that the data storage device can also generate the same headers).

Regarding claim 16, Samsonov teaches The data storage device of claim 13, wherein the host side RPMB message includes an address for identifying data to be read in the replay protected memory block (Samsonov [0035] "The primary header instance 502 may contain a sector hash message authentication code (HMAC) signature 512 for each individual data sector 508. The primary header instance 502 may introduce a level of indirection between a logical sector number and a physical sector address. The data structure for the sector hash message authentication code signature 512 may be addressed based on the logical sector number and the physical sector address";).

Regarding claim 17, Samsonov teaches The data storage device of claim 13, wherein the replay protected memory block comprises: an authentication key storage area configured to store an authentication key used for generating a device message authentication code (Samsonov Fig. 2 Storage key 214); and a replay protection memory block data area for storing data (Samsonov [0047] "The agnostic data storage may store a data set sent in the write request from the client code set (Block 1106)"; [0017] "The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set").

Regarding claim 18, Samsonov teaches The data storage device of claim 15, wherein the memory controller comprises: an authentication manager configured to generate the device message authentication code to be used to authenticate for a read data from the replay protection memory block by the host (Samsonov [0028] "Both the client code set 202 and the data storage 206 may detect and reject any data which is a replay of previously exchanged data"); and an access controller configured to generate a response information unit as a response to the command information and to provide the response information unit to the host after the read data is transmitted to the host (Samsonov [0043] "The client code set may verify the hash message authentication code signature to determine whether the data set has been corrupted (Block 712). If the verification indicates the data has been corrupted (Block 714), the client code set may mark the data set as corrupt (Block 716). If the verification indicates the data has not been corrupted (Block 714), the client code set may mark the data set as usable (Block 718)").

Regarding claim 19, Samsonov teaches The data storage device of claim 16, wherein the access controller comprises: a device metadata generator configured to generate device metadata including at least a portion of data included in the host side RPMB message (Samsonov Fig. 5; [0043] "The client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature from the agnostic data storage (Block 708)"; Examiner's note: while most of the examples given are of client generated headers (host), here Samsonov is teaching that the data storage device can also generate the same headers); and a device protocol component generator configured to generate a device side RPMB message including the device metadata and the device message authentication code (Samsonov Fig. 5; [0043] "The client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature from the agnostic data storage (Block 708)"; Examiner's note: while most of the examples given are of client generated headers (host), here Samsonov is teaching that the data storage device can also generate the same headers).

Regarding claim 23, Samsonov teaches The data storage device of claim 17, wherein the at least a portion of data included in the host side RPMB message is the address for identifying data to be read in the replay protected memory block included in the host side RPMB message (Samsonov [0035] "The primary header instance 502 may contain a sector hash message authentication code (HMAC) signature 512 for each individual data sector 508. The primary header instance 502 may introduce a level of indirection between a logical sector number and a physical sector address. The data structure for the sector hash message authentication code signature 512 may be addressed based on the logical sector number and the physical sector address";).

Regarding claim 24, Samsonov teaches A host device, comprising:
a host message authentication code calculator configured to calculate a host message authentication code using host metadata (Samsonov [0035] "The primary header instance 502 may contain a sector hash message authentication code (HMAC) signature 512 for each individual data sector 508. The primary header instance 502 may introduce a level of indirection between a logical sector number and a physical sector address. The data structure for the sector hash message authentication code signature 512 may be addressed based on the logical sector number and the physical sector address";; Examiner's note: the system of Samsonov teaches a message from the host containing certain data, including authentication code derived from host metadata, therefore Samsonov is also teaching a host capable of those features));
a host command generator configured to generate a
command information unit instructing a data storage device that  is controlled by the host device and includes a replay protected memory block to access the replay protected memory block and to provide the data storage device with the command information unit  (Samsonov [0027] "To prevent such an attack, the trusted client environment 204 may protect a client secret symmetric key 212. The client code set 202 may use the client secret symmetric key 212 to create a hash message authentication code signature to associate with any read or write request sent to the trusted storage environment 208";), 
wherein the command information unit includes:
a basic header segment included in every information unit transferred between the host and the memory controller (Samsonov Fig. 5; [0034] "The agnostic data storage may associate a primary header instance 502 and a successor header instance 504 with a data set 506"); and
an extra header segment including the host message authentication code and host meta data  (Samsonov Fig. 5; [0034] "The agnostic data storage may associate a primary header instance 502 and a successor header instance 504 with a data set 506").

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 3, 15, 22, 26, 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Samsonov in view of Powell III (US 10491569 B1) hereinafter referred to as Powell.

	Regarding claim 3, Samsonov teaches The data storage device of claim 1, however Samsonov does not explicitly teach wherein the basic header segment includes a total extra header segment length field with non-zero value.
Powell teaches wherein the basic header segment includes a total extra header segment length field with non-zero value (Powell Col. 8 Lines 64-67 and Col. 9 Lines 1-8, "For example, internal data packet 430 may include header fields for start of message (SOM) 432, length 434, security domain (SD) tag 436, open network destination MAC 438, internal (Int) initialization vector 440 (or nonce), internal (Int) hash-keyed message authentication code (HMAC) 442, end of message (EOM) 444, and interframe gap (IFG) 446. Note that the example frame for internal data packet 430 assumes both internal authentication (Int HMAC 442) and internal encryption (Int Vector 440) are being used. In some embodiments, the frame for internal data packet 430 may also include a replay protection tag and/or a quality of service value for internal traffic management").
As Samsonov and Powell are both in a similar field of endeavor of secure memory control, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the Primary header of Samsonov with the Length fields of Powell. One of ordinary skill in the art would have been motivated to make this modification because including the length of the header message as part of the header is a well-known and routine method of improving the processing speed of the header and basic verification that the message was received whole. If the receiving device knows how many bits are expected in each part of the message, the device can more quickly parse the message into its constituent parts. Further, this also allows the receiving device to verify that no bits where lost in the transmission. As this is a well-known and routine action, a person of ordinary skill in the art would have a reasonable chance of success to include a length field in the header for the various portions of the header.

Dependent claims 15, 26, and 29 have substantially the same scope and limitations as claim 3 as they are respectively the corresponding Device, Host, and Apparatus claims. Therefore, claims 15, 26, and 29 are rejected under 35 U.S.C. 103 for at least the same reasons as above.

Regarding claim 22, Samsonov teaches The data storage device of claim 17, however Samsonov does not explicitly teach wherein the at least a portion of data included in the host side RPMB message is a nonce included in the host side RPMB message.
Powell teaches wherein the at least a portion of data included in the host side RPMB message is a nonce included in the host side RPMB message (Powell Col. 8 Lines 64-67 and Col. 9 Lines 1-8, "For example, internal data packet 430 may include header fields for start of message (SOM) 432, length 434, security domain (SD) tag 436, open network destination MAC 438, internal (Int) initialization vector 440 (or nonce), internal (Int) hash-keyed message authentication code (HMAC) 442, end of message (EOM) 444, and interframe gap (IFG) 446. Note that the example frame for internal data packet 430 assumes both internal authentication (Int HMAC 442) and internal encryption (Int Vector 440) are being used. In some embodiments, the frame for internal data packet 430 may also include a replay protection tag and/or a quality of service value for internal traffic management").
As Samsonov and Powell are both in a similar field of endeavor of secure memory control, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the Primary header of Samsonov with the Nonce field of Powell. One of ordinary skill in the art would have been motivated to make this modification because including a nonce in the header message as part of the header is a well-known and routine method of improving security and basic verification that the message was received whole. As this is a well-known and routine action, a person of ordinary skill in the art would have a reasonable chance of success to include a nonce in the header.

Claim(s) 7 and 20 is/are rejected under 35 U.S.C. 103 as being obvious over Samsonov.

	Regarding claim 7, Samsonov teaches The data storage device of claim 6, however Samsonov does not explicitly teach wherein the device message authentication code calculator generates the device message authentication code using a secure hash algorithm-256 (SHA-256) for the host metadata and the authentication key.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to implement the hashing of Samsonov utilizing a SHA-256 algorithm. A hash message authentication code (HMAC) is well known in the art, and can be implemented by any form of SHA algorithm, therefore there is a limited number of options available to a person of ordinary skill for implementation of the HMAC, and SHA-256 would be obvious to try. As a HMAC can be implemented utilizing any SHA algorithm, a person of ordinary skill in the art would have a reasonable chance of success implementing SHA-256 as the HMAC algorithm for Samsonov.

Dependent claim 20 has substantially the same scope and limitations as claim 7 as it is the corresponding Device claim. Therefore, claim 20 is rejected under 35 U.S.C. 103 for at least the same reasons as above.

Allowable Subject Matter
Claims 11, 12, 21, and 27 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance: While Samsonov teaches that either the client or the storage device can generate the various headers, Samsonov does not teach that when the storage device generates header data, it is then placed the secondary header. Powell does not cure this deficiency, and this feature does not appear to be taught by any other art before the effective filing date of the invention.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN B FULFORD whose telephone number is (571)272-7229. The examiner can normally be reached M-Th 9am-3pm EST.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/D.B.F./Examiner, Art Unit 2132                                                                                                                                                                                                        
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132