Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 9/24/2021. Claims 1-20 are pending. Claims 1, 12, and 20 is/are independent.

Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 9/24/2021 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.	
		
Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1-2, 5-6, 11, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler et al. U.S. Patent No. 7194623 (hereinafter “Proudler”) in view of Graham et al. U.S. Patent No. 8868907 (hereinafter “Graham”)
As per claim 1, Proudler discloses 
A system comprising: 
a memory component storing data; and 
a memory sub-system controller, operatively coupled with the memory component, to perform operations comprising: 
(memory sub-system controller = smart card reader 120 = smart card reader port 120.
memory component storing data = smart card internal memory storing image data 23:64-24:4
system= host computer 100
).
Proudler 10:23-34 (43) The other main components of the host computer 1001 attached to the PCI bus 225 include: …smartcard reader 120; and a trusted device 260. 
Proudler 16:49-51 (87) The user's smart card 122 is a token device, separate from the computing entity, which interacts with the computing entity via the smart card reader port 120.
Proudler 23:50-54 The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory.
Proudler 23:64-24:4 (124) If the nonce returned from the trusted component is identical to that as originally sent by the smart card and the comparison of the two R1 nonce's in 805 is successful, in step 807, the smart card then proceeds to retrieve a stored image data from its internal memory, append the nonce R2, sign the concatenation, encrypt the stored image data and send the encrypted image data and the signature to the trusted component via smart card reader 120. 


generating challenge data in response to the request, the challenge data comprising a cryptographic nonce; 
providing, to the host system, the challenge data; 
receiving, from the host system, authentication data comprising a digital signature and enablement data including at least the challenge data, the digital signature being generated by cryptographically signing the enablement data using a private key; 

validating the digital signature based on the challenge data and using a public key corresponding to the private key; and 
(challenge data = stored nonce R1; Proudler 23:23-54
authentication data comprising a digital signature = “signature on the received message returned from the trusted component”; Proudler 23:23-54
enablement data including at least the challenge data = the nonce (nonce R1)  contained in the received message; Proudler 23:23-54
Proudler 15:64-16:20 also describes an embodiment involving a user, who may be using a smart card (15:19), verifying a nonce received from a challenge (that includes the nonce) sent to a host platform, and also describes using a private/public key pair for the nonce signature validation at 16:16 and 16:13. 
).	
	Proudler 23:23-54 (123) Referring to FIG. 8 … a user of the computer entity enters his or her smart card 122 into smart card reader port 120. A pre-stored algorithm on the smart card generates a nonce R1, and downloads the nonce R1 to the trusted component through the smart card reader 120, smart card interface 255 and via data bus 225 to the trusted component 260. The nonce R1 typically comprises a random burst of bits generated by the smart card 122. Smart card 122 stores the nonce R1 temporarily on an internal memory of the smart card in order to compare the stored nonce R1 with a response message to be received from the trusted component. In step 802, the trusted component receives the nonce R1, generates a second nonce R2, concatenates R1 with R2, and proceeds to sign the concatenation R1.parallel.R2 using cryptographic functions 703. … Trusted component 260 then resends the signed nonces back to the smart card in step 803. The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory.
Proudler 16:9-14 In step 2530, the trusted device 260 receives the challenge and creates an appropriate response. This may be a digest of the measured integrity metric and the nonce, and optionally its ID label. Then, in step 2535, the trusted device 260 signs the digest, using its private key, and returns the signed digest, accompanied by the certificate CertDP, to the user.
Proudler 16:15-27 In step 2540, the user receives the challenge response and verifies the certificate using the well known public key of the TP. The user then, in step 2550, extracts the trusted device's 260 public key from the certificate and uses it to decrypt the signed digest from the challenge response. Then, in step 2560, the user verifies the nonce inside the challenge response. Next, in step 2570, the user compares the computed integrity metric, which it extracts from the challenge response, with the proper platform integrity metric, which it extracts from the certificate. If any of the foregoing verification steps fails, in steps 2545, 2555, 2565 or 2575, the whole process ends in step 2580 with no further communications taking place.
Proudler 16:28-30 Assuming all is well, in steps 2585 and 2590, the user and the trusted platform use other protocols to set up secure communications for other data,
providing access to at least a portion of the data stored by the memory component based at least in part on validating the digital signature.  
(
Proudler 16:28-30 states “Assuming all is well, in steps 2585 and 2590, the user and the trusted platform use other protocols to set up secure communications for other data,” One of the “other protocols” includes providing access to data as a result of verifying a nonce and is described in 24:3-5.
)
	Proudler 23:50-54 The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory. 
	Proudler 23:64-24:4 (124) If the nonce returned from the trusted component is identical to that as originally sent by the smart card and the comparison of the two R1 nonce's in 805 is successful, in step 807, the smart card then proceeds to retrieve a stored image data from its internal memory, append the nonce R2, sign the concatenation, encrypt the stored image data and send the encrypted image data and the signature to the trusted component via smart card reader 120. 

However, Proudler does not expressly disclose 
receiving, from a host system, a request to initiate an authentication session with a memory sub-system; 
generating challenge data in response to the request, the challenge data comprising a cryptographic nonce;
Graham discloses 
receiving a request for authentication to obtain data stored in memory and generating and sending a challenge in response 
Graham 14:17-33 The message (1) initially arrives through a hardware network interface… the SCADA protocol thread forwards the parsed message (2) to a security enforcement point thread (e.g., FIG. 5, element 170) in a security enforcement address space 344. Continuing with the example, the parsed message (2) is to change analog output 1 to 85. The security enforcement point thread first verifies this is valid and legal operation.
Graham 14:36-40 (59) If the request is valid and legal, then the security enforcement point thread responds with a challenge message (3). The challenge message (3) is an authentication request, and the challenge message (3) includes a random nonce value generated by the security enforcement point thread. 
Graham 12:37-47 (49) … A thread in the protected operations address space 142 operates the IO controller 158, collects values of connected analog and digital inputs, and updates their values in an IO database 164, a shared memory section within the protected operations address space 142. … An IO database interface thread 168, listens for IPC communications only from a field device security enforcement point thread 170. 
Graham 12:47-50 IPC communications from the field device security enforcement point thread 170 are either requests for values stored in the IO database 164, or requests to change values stored in the IO database 164. The IO database interface thread 168 fulfills these requests. 


It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Proudler with the technique for generating a challenge in response to a request of Graham to include 
receiving, from a host system, a request to initiate an authentication session with a memory sub-system; 
generating challenge data in response to the request, the challenge data comprising a cryptographic nonce;
One of ordinary skill in the art would have made this modification to improve the ability of the system memory, such as the smart card internal memory, to authenticate that a request received to access any portion of the internal memory of the smart card is secure. The system of the primary reference can be modified so that the smartcard reader can authenticate a request from the computer system to access the internal memory of the smartcard.

	

As per claim 2, the rejection of claim 1 is incorporated herein. 
However, Proudler does not expressly disclose 
the request comprises a request to access the portion of the data stored in the memory component. 
Graham discloses the request comprises a request to access the portion of the data stored in the memory component.  


Graham 12:37-47 (49) … A thread in the protected operations address space 142 operates the IO controller 158, collects values of connected analog and digital inputs, and updates their values in an IO database 164, a shared memory section within the protected operations address space 142. … An IO database interface thread 168, listens for IPC communications only from a field device security enforcement point thread 170. 
Graham 12:47-50 IPC communications from the field device security enforcement point thread 170 are either requests for values stored in the IO database 164, or requests to change values stored in the IO database 164. The IO database interface thread 168 fulfills these requests. 
Graham 13:4-6 (52) The field device security enforcement point thread 170 accepts requests for IO data reads and writes on behalf of the IO database interface thread 168. 
Graham 14:4-7 (56) FIG. 7 is a call flow diagram of exemplary communication between a Master Terminal Unit (MTU) 390 and the elements of a typical Security Hardened Field Device (SHFD) 340 as described above. 
Graham 14:11-12 (57) The MTU 390 (at the request of a human operator) initiates a control message (1), for example: WRITE ANALOG OUTPUT 185.
Graham 14:63-57 (63) If the requestor has permission, then the security enforcement point thread sends an appropriate operation message (7) to the IO database interface thread


It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Proudler with the technique for receiving a request to retrieve or write to a database stored in memory of Graham to include 
the request comprises a request to access the portion of the data stored in the memory component.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to provide access to data stored in memory to requesting parties. The system of the primary reference can be modified to provide access to data stored in a database stored in internal memory of a smart card.

As per claim 5, the rejection of claim 1 is incorporated herein. 
The combined teaching of Proudler and Graham discloses wherein: the operations further comprise verifying the enablement data; and the providing access to at least the portion of the data is further based on verifying the enablement data.  
( enablement data = the nonce (nonce R1)  contained in the received message; 
)
Proudler 23:50-54 The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory.
Proudler 23:64-24:4 (124) If the nonce returned from the trusted component is identical to that as originally sent by the smart card and the comparison of the two R1 nonce's in 805 is successful, in step 807, the smart card then proceeds to retrieve a stored image data from its internal memory, append the nonce R2, sign the concatenation, encrypt the stored image data and send the encrypted image data and the signature to the trusted component via smart card reader 120. 


As per claim 6, the rejection of claim 5 is incorporated herein. 
The combined teaching of Proudler and Graham discloses 
wherein the verifying of the enablement data comprises: verifying a length of the cryptographic nonce included in the enablement data; and verifying the challenge data included in the enablement data.  
( enablement data = the nonce (nonce R1)  contained in the received message; 
challenge data is the nonce R1 being returned
if the returned nonce is identical to the sent nonce, then their length have been determined to be exactly the same)
Proudler 23:50-54 The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory.
Proudler 23:64-24:4 (124) If the nonce returned from the trusted component is identical to that as originally sent by the smart card and the comparison of the two R1 nonce's in 805 is successful, in step 807, the smart card then proceeds to retrieve a stored image data from its internal memory, append the nonce R2, sign the concatenation, encrypt the stored image data and send the encrypted image data and the signature to the trusted component via smart card reader 120. 

As per claim 11, the rejection of claim 1 is incorporated herein. 
Proudler discloses 
a physical host interface capable of receiving requests from the host computer
(See Proudler figure 2, the arrow from smartcard reader 120 to I/0 255 indicates some physical hardware interface disclosing physical host interface for receiving communications from the host system, computer platform 100
physical host interface can be disclosed by hardware implementation represented by the arrow extending from smartcard reader 120
Proudler 10:51 indicates the computer entity can have physical architecture
)
Proudler 23:50-54 The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory.
Proudler 10:1-2 (41) FIG. 2 shows a hardware 
architecture of the host computer of FIG. 1.
However, Proudler does not expressly disclose 
a physical host interface to receive the request from the host system.    
Graham discloses a physical host interface to receive the request from the host system.    
Graham 14:17-33 The message (1) initially arrives through a hardware network interface… the SCADA protocol thread forwards the parsed message (2) to a security enforcement point thread (e.g., FIG. 5, element 170) in a security enforcement address space 344. Continuing with the example, the parsed message (2) is to change analog output 1 to 85. The security enforcement point thread first verifies this is valid and legal operation.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Proudler with the technique for receiving a message through a hardware network interface of Graham to include 
a physical host interface to receive the request from the host system.    
One of ordinary skill in the art would have made this modification to improve the ability of memory, such as the smart card internal memory, to authenticate that a request received to access a portion of the internal memory of the smart card is secure. The system of the primary reference can be modified so that the smartcard reader can receive and authenticate a request from the computer system to access the internal memory of the smartcard.


As per claim 20, the claim(s) is/are directed to a non-transitory computer-readable storage medium with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 20 also recites A non-transitory computer-readable storage medium comprising instructions that, when executed by a memory sub-system controller, configure the memory sub- system controller to perform operations comprising: 
Proudler discloses A non-transitory computer-readable storage medium comprising instructions that, when executed by a memory sub-system controller, configure the memory sub- system controller to perform operations comprising: 
(non-transitory computer-readable storage medium = smart card
instructions = software application or algorithm stored on the smartcard
memory sub-system controller = smart card reader 120 = smart card reader port 120.
)
Proudler 16:49-51 (87) The user's smart card 122 is a token device, separate from the computing entity, which interacts with the computing entity via the smart card reader port 120.
Proudler 15:6-22 (76) FIG. 16 illustrates the flow of actions by a TP, the trusted device 260 incorporated into a platform, and a user (of a remote platform) who wants to verify the integrity of the trusted platform. It will be appreciated that substantially the same steps as are depicted in FIG. 16 are involved when the user is a local user. In either case, the user would typically rely on some form of software application to enact the verification. … for a high level of integrity, the software application would reside on a smart card of the user, who would insert the smart card into an appropriate reader for the purposes of verification. The present preferred embodiments employ such an arrangement.
Proudler 23:29-33 (123)  … A pre-stored algorithm on the smart card generates a nonce R1, and downloads the nonce R1 to the trusted component through the smart card reader 120, smart card interface 255 and via data bus 225 to the trusted component 260.


Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Hauck et al. U.S. Patent No. 8095799 (hereinafter “Hauck”).
As per claim 3, the rejection of claim 1 is incorporated herein. 
	Proudler discloses
 	wherein the generating of the challenge data comprises: generating a random number corresponding to the cryptographic nonce; and 
	23:23-35 (123) Referring to FIG. 8 … a user of the computer entity enters his or her smart card 122 into smart card reader port 120. A pre-stored algorithm on the smart card generates a nonce R1, …. The nonce R1 typically comprises a random burst of bits generated by the smart card 122. 

However, the combination of Proudler and Graham does not expressly disclose 
combining the random number with device-specific information that describes the system.  
Hauck discloses an installation challenge may include unique identifiers for a device (e.g. a device ID) and a nonce generated by the device
Hauck 11:18-21 (48) FIG. 7 … At block 707, the processing logic of process 700 may send an installation challenge to the recovery host. An installation challenge may include unique identifiers for a device (e.g. a device ID), a nonce generated by the device, a current boot ticket in the device, and/or version numbers of one or more boot components (e.g. an LLB, and iBoot or an iBSS component currently loaded in the device). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for sending a challenge that includes a unique device identifier of Hauck to include 
combining the random number with device-specific information that describes the system.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to send a challenge that includes device specific information, so that the receiving party can verify the device specific information to confirm the originating party and at the same time replay attacks may be prevented. Since the information is specific to the device the receiving party may be able to verify the received challenge using the device ID.

Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Paya et al. U.S. Publication 20120297187 (hereinafter “Paya”).
As per claim 4, the rejection of claim 1 is incorporated herein. 
	However, the combination of Proudler and Graham does not expressly disclose 
wherein the enablement data received from the host system is a combination of the challenge data and a password.  
Paya discloses returning a password with a challenge response
Paya [0073] In step 708, the client computer receives one or more responses from the mobile communications device. The received responses are responsive to the request for the mobile communications device to perform one or more security operations…. If the request was for a password and a challenge response, the response would include both. If the request was for the signing and/or encryption of a message, then the response would include the signed and/or encrypted message. A response to a request for signing a message may include only the user's signature or the signature attached to any other data… If the request is for generating a pseudorandom value then the response is a pseudorandom value. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for returning a password with a challenge response of Paya to include 
wherein the enablement data received from the host system is a combination of the challenge data and a password.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform a more secure challenge response by requiring the party responding to the challenge to include a password. The system of the primary reference can be modified so that the host computer returns a password with the nonce and digital signature.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Law et al. U.S. Publication 20070130462 (hereinafter “Law”).
As per claim 7, the rejection of claim 5 is incorporated herein. 
	However, the combination of Proudler and Graham does not expressly disclose 
the enablement data further comprises a password; and the verifying of the enablement data comprises verifying the password.  
Law discloses verifying a password received as part of a challenge response process
[0073] For the challenge-response mode, the authentication initiation 452 does not include a password 456 from the recipient 320. The secured authentication and key system 330 transmits 454 back to recipient 320 an authentication request that includes a "challenge" code, e.g., a random number from the secured authentication and key system 330 used for enhanced security. In response to the request and the challenge code, the recipient 320 uses its token to generate a one-time password or digital signature.
[0074] The recipient 320 transmits 456 a response to the secured authentication and key system 330 that includes this generated one-time password or digital signature. The secured authentication and key system 330 uses the received one-time password or digital signature to verify the recipient 320. If appropriately verified, the secured authentication and key system 330 verifies the document hash and document name based on the key reference that it received from the recipient 320 with the corresponding items that was previously stored in the database.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for verifying a password received as part of a challenge response process of Law to include 
the enablement data further comprises a password; and the verifying of the enablement data comprises verifying the password.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to authenticate the user. The system of the primary reference can be modified to have the host computer generate a password and send the password with the response to the challenge to the card reader.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Vanzini et al. U.S. Patent No. 7036738 (hereinafter “Vanzini”).
As per claim 8, the rejection of claim 1 is incorporated herein. 
	However, the combination of Proudler and Graham does not expressly disclose 
wherein the private key is stored by a smart card that is communicatively coupled to the memory sub-system controller.  
Vanzini discloses storing a private key of a public/private key pair on a smart card communicatively coupled to a controller
(see Vanzini figure 4 depicting a private key 108, and a controller 68
).
Vanzini 5:3-14 (22) With continuing reference to FIG. 4, the profile assembly 54 comprises the smart card reader 60 and smart card 62. The smart card reader 60 has connector 64, card interface 66, controller 68, and flash memory 70. A multi-bit bus (not shown) connects the components. The flash memory 70 is partitioned into a public area 84 and a private area 86. A public key 90 is stored in the public area 84 of the flash memory 70 and can be exported from the smart card reader 60. The public key 90 is from a public/private key pair assigned to the profile carrier, with the corresponding private key being kept on the smart card. A user profile 92 and data files 94 are stored in the private area 86 of flash memory 70.
Vanzini 7:9-14 (37) …… controller 68 on the smart card reader 60 to enable access to the user profile and data files in the private area 86 of the flash memory 70 (step 174). At this point, the computer is permitted to read the user profile and data files from the flash memory 70 and normal logon processes are continued using the profile data from the flash memory (step 176).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for storing a private key in a smart card of Vanzini to include 
wherein the private key is stored by a smart card that is communicatively coupled to the memory sub-system controller.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store the private key in the smart card, so that the private key becomes portable since the user may bring the smart card to different computers. The system of the primary reference can be modified to store the private key in the smart card.

Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Wiseman et al. U.S. Patent No. 10057223 (hereinafter “Wiseman”).
As per claim 9, the rejection of claim 1 is incorporated herein. 
	However, the combination of Proudler and Graham does not expressly disclose 
wherein the private key is stored by a trusted platform module (TPM) of the host system.  
Wiseman discloses storing a private key in a trusted platform module of a client computer 
(see Wiseman figure 4 depicting a private key 108, and a controller 68
).
Wiseman 1:54-57 (8) …. An AIK is an asymmetric key pair (i.e., public key and private key) whose private key is contained within a trusted platform module (TPM) included in the client device. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for storing a private key in a trusted platform module of Wiseman to include 
wherein the private key is stored by a trusted platform module (TPM) of the host system.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store the private key in a trusted platform module, so that the private key is securely stored in the trusted platform module, which is more secure than storing the private key in ordinary storage outside the trusted platform module. The system of the primary reference can be modified to store the private key in a trusted platform module.

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Pendakur et al. U.S. Patent No. 8625788 (hereinafter “Pendakur”).
As per claim 10, the rejection of claim 1 is incorporated herein. 
	However, the combination of Proudler and Graham does not expressly disclose 
wherein the private key is stored by a hardware security module (HSM) of an enterprise server.  
Pendakur discloses storing a private key in a hardware security module of a server 
Pendakur 5:25-34 (20) The key server has the highest network and access protection to ensure only authorized parties are able to reach it and the keys managed by the key server are isolated and firewalled from attackers from outside network entities. … In an embodiment, this private key and all operations done with this private key are protected using a hardware security module (HSM) (not shown in FIG. 2) on the server.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for storing a private key in a hardware security module of Pendakur to include 
wherein the private key is stored by a hardware security module (HSM) of an enterprise server.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store the private key in a hardware security module of a server, so that the private key is securely stored in the hardware security module. Storing the private key in a hardware security module is more secure than storing in ordinary storage. The system of the primary reference can be modified to store the private key in a hardware security module of an enterprise server.

Claims 12-13 and 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, further in view of Rivest et al. U.S. Patent No. 6269163 (hereinafter “Rivest”).
As per claim 12, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.   
	However, the combination of Proudler and Graham does not expressly disclose
generating, by at least one hardware processor, challenge data in response to the request, the challenge data comprising a cryptographic nonce; providing, to the host system, the challenge data;
validating, by the at least one hardware processor, the digital signature based on the challenge data and using a public key corresponding to the private key;
Rivest discloses that a card reader includes a hardware processor
6:60-7:12 (23) The term "processor" as used herein should be understood to include a microprocessor, central processing unit (CPU), microcontroller or other processing unit of a computer, set-top box, smart card, card reader, wireless terminal, personal digital assistant or other communication device, an application-specific integrated circuit (ASIC), field-programmable gate array (FPGA) device or other type of hardware configured to provide one or more of the computations described in conjunction with FIGS. 1 through 4, or any other type of device capable of implementing at least a portion of an encryption or decryption operation in accordance with the invention using hardware, software, or combinations thereof. The term "memory" should be understood to include an electronic random access memory (RAM) or other type of memory external to the above-defined processor, such as memory 132 or 142 of FIG. 6, or a memory which is internal to the processor, such as a processor memory which includes the registers A, B, C and D in FIG. 6.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for including a hardware processor within the card reader of Rivest to include 
generating, by at least one hardware processor, challenge data in response to the request, the challenge data comprising a cryptographic nonce; providing, to the host system, the challenge data;
validating, by the at least one hardware processor, the digital signature based on the challenge data and using a public key corresponding to the private key;
One of ordinary skill in the art would have made this modification to improve the ability of the smartcard reader to perform additional capabilities using the hardware processor. The system of the primary reference can be modified to include a processor in the smartcard reader.

As per claim 13, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detaile5d with respect to claim 2.  The hardware processor inherited from independent claim 12 is disclosed in the Rivest reference as argued with respect to claim 12.
As per claim 16, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.  The hardware processor inherited from independent claim 12 is disclosed in the Rivest reference as argued with respect to claim 12.
As per claim 17, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  The hardware processor inherited from independent claim 12 is disclosed in the Rivest reference as argued with respect to claim 12.

As per claim 18, the rejection of claim 17 is incorporated herein. 
Proudler discloses 
a physical host interface capable of receiving requests from the host computer
(See Proudler figure 2, the arrow from smartcard reader 120 to I/0 255 indicates some physical hardware interface disclosing physical host interface for receiving communications from the host system, computer platform 100
physical host interface can be disclosed by hardware implementation represented by the arrow extending from smartcard reader 120
Proudler 10:51 indicates the computer entity can have physical architecture
)
Proudler 23:50-54 The smart card checks the signature on the received message returned from the trusted component in step 804 and compares the nonce contained in the received message with the originally sent nonce R1, a copy of which has been stored in its internal memory.
Proudler 10:1-2 (41) FIG. 2 shows a hardware architecture of the host computer of FIG. 1.
However, Proudler does not expressly disclose 
the request is received via a physical host interface of the memory sub- system 
Graham discloses the request is received via a physical host interface of the memory sub- system 
Graham 14:17-33 The message (1) initially arrives through a hardware network interface… the SCADA protocol thread forwards the parsed message (2) to a security enforcement point thread (e.g., FIG. 5, element 170) in a security enforcement address space 344. Continuing with the example, the parsed message (2) is to change analog output 1 to 85. The security enforcement point thread first verifies this is valid and legal operation.
Graham 12:37-47 (49) … A thread in the protected operations address space 142 operates the IO controller 158, collects values of connected analog and digital inputs, and updates their values in an IO database 164, a shared memory section within the protected operations address space 142. … An IO database interface thread 168, listens for IPC communications only from a field device security enforcement point thread 170. 
Graham 12:47-50 IPC communications from the field device security enforcement point thread 170 are either requests for values stored in the IO database 164, or requests to change values stored in the IO database 164. The IO database interface thread 168 fulfills these requests. 
Graham 13:4-6 (52) The field device security enforcement point thread 170 accepts requests for IO data reads and writes on behalf of the IO database interface thread 168. 
Graham 14:4-7 (56) FIG. 7 is a call flow diagram of exemplary communication between a Master Terminal Unit (MTU) 390 and the elements of a typical Security Hardened Field Device (SHFD) 340 as described above. 
Graham 14:11-12 (57) The MTU 390 (at the request of a human operator) initiates a control message (1), for example: WRITE ANALOG OUTPUT 185.
Graham 14:63-57 (63) If the requestor has permission, then the security enforcement point thread sends an appropriate operation message (7) to the IO database interface thread


It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Proudler with the technique for receiving a message through a hardware network interface of Graham to include 
the request is received via a physical host interface of the memory sub- system 
One of ordinary skill in the art would have made this modification to improve the ability of memory, such as the smart card internal memory, to authenticate that a request received to access a portion of the internal memory of the smart card is secure. The system of the primary reference can be modified so that the smartcard reader can receive and authenticate a request from the computer system to access the internal memory of the smartcard.

However, the combination of Proudler and Graham does not expressly disclose wherein: the at least one hardware processor corresponds to a controller of a memory sub-system
Rivest discloses that a card reader includes hardware processor
6:60-7:12 (23) The term "processor" as used herein should be understood to include a microprocessor, central processing unit (CPU), microcontroller or other processing unit of a computer, set-top box, smart card, card reader, wireless terminal, personal digital assistant or other communication device, an application-specific integrated circuit (ASIC), field-programmable gate array (FPGA) device or other type of hardware configured to provide one or more of the computations described in conjunction with FIGS. 1 through 4, or any other type of device capable of implementing at least a portion of an encryption or decryption operation in accordance with the invention using hardware, software, or combinations thereof. The term "memory" should be understood to include an electronic random access memory (RAM) or other type of memory external to the above-defined processor, such as memory 132 or 142 of FIG. 6, or a memory which is internal to the processor, such as a processor memory which includes the registers A, B, C and D in FIG. 6.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler and Graham with the technique for including a hardware processor within the card reader of Rivest to include 
wherein: the at least one hardware processor corresponds to a controller of a memory sub-system
One of ordinary skill in the art would have made this modification to improve the ability of the smartcard reader to perform additional capabilities using the hardware processor. The system of the primary reference can be modified to include a hardware processor in the smartcard reader.

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, in view of Rivest, further in view of Hauck.
As per claim 14, the rejection of claim 12 is incorporated herein. 
	Proudler discloses
 	wherein the generating of the challenge data comprises: generating a random number; and 
	Proudler 23:23-35 (123) Referring to FIG. 8 … a user of the computer entity enters his or her smart card 122 into smart card reader port 120. A pre-stored algorithm on the smart card generates a nonce R1, …. The nonce R1 typically comprises a random burst of bits generated by the smart card 122. 

	However, the combination of Proudler, Graham, and Rivest does not expressly disclose 
combining the random number with device-specific information describing the memory sub-system.  
Hauck discloses an installation challenge may include unique identifiers for a device (e.g. a device ID) and a nonce generated by the device
Hauck 11:18-21 (48) FIG. 7 … At block 707, the processing logic of process 700 may send an installation challenge to the recovery host. An installation challenge may include unique identifiers for a device (e.g. a device ID), a nonce generated by the device, a current boot ticket in the device, and/or version numbers of one or more boot components (e.g. an LLB, and iBoot or an iBSS component currently loaded in the device). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler, Graham, and Rivest with the technique for sending a challenge that includes a unique device identifier of Hauck to include 
combining the random number with device-specific information describing the memory sub-system.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to send a challenge that includes device specific information, so that the receiving party can verify the device specific information to confirm the originating party and at the same time replay attacks may be prevented. Since the information is specific to the device the receiving party may be able to verify the received challenge using the device ID.

Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, in view of Rivest, further in view of Paya.
As per claim 15, the rejection of claim 12 is incorporated herein. 
	However, combination of Proudler, Graham, and Rivest does not expressly disclose 
wherein the enablement data is generated by the host system by combining the challenge data with a password.  
Paya discloses returning a password with a challenge response 
Paya [0073] In step 708, the client computer receives one or more responses from the mobile communications device. The received responses are responsive to the request for the mobile communications device to perform one or more security operations…. If the request was for a password and a challenge response, the response would include both. If the request was for the signing and/or encryption of a message, then the response would include the signed and/or encrypted message. A response to a request for signing a message may include only the user's signature or the signature attached to any other data… If the request is for generating a pseudorandom value then the response is a pseudorandom value. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler, Graham, and Rivest with the technique for returning a password with a challenge response of Paya to include 
wherein the enablement data is generated by the host system by combining the challenge data with a password.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to include a password as part of an authentication process, to improve the authentication process. Adding the password adds another factor in the authentication process, thereby reducing the probability that a malicious 3rd party can gain unauthorized access. The system of the primary reference can be modified to include a password with a response to a challenge, and the Proudler challenge response discloses including the nonce received from the card reader as part of the challenge.

Claim 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proudler in view of Graham, in view of Rivest, further in view of Vanzini.
As per claim 19, the rejection of claim 12 is incorporated herein. 
	However, the combination of Proudler, Graham, and Rivest does not expressly disclose 
wherein the private key is stored by one of: a smart card, a trusted platform module (TPM) of the host system, or a hardware security module (HSM) of an enterprise server.  
Vanzini discloses storing a private key of a public/private key pair on a smart card communicatively coupled to a controller
(see Vanzini figure 4 depicting a private key 108, and a controller 68
).
Vanzini 5:3-14 (22) With continuing reference to FIG. 4, the profile assembly 54 comprises the smart card reader 60 and smart card 62. The smart card reader 60 has connector 64, card interface 66, controller 68, and flash memory 70. A multi-bit bus (not shown) connects the components. The flash memory 70 is partitioned into a public area 84 and a private area 86. A public key 90 is stored in the public area 84 of the flash memory 70 and can be exported from the smart card reader 60. The public key 90 is from a public/private key pair assigned to the profile carrier, with the corresponding private key being kept on the smart card. A user profile 92 and data files 94 are stored in the private area 86 of flash memory 70.
Vanzini 7:9-14 (37) …… controller 68 on the smart card reader 60 to enable access to the user profile and data files in the private area 86 of the flash memory 70 (step 174). At this point, the computer is permitted to read the user profile and data files from the flash memory 70 and normal logon processes are continued using the profile data from the flash memory (step 176).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Proudler, Graham, and Rivest with the technique for storing a private key in a smart card of Vanzini to include 
wherein the private key is stored by one of: a smart card, a trusted platform module (TPM) of the host system, or a hardware security module (HSM) of an enterprise server.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store the private key in the smart card, so that the private key becomes portable since the user may bring the smart card to different computers. The system of the primary reference can be modified to store the private key in the smart card.




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Emphasis is additional throughout.