DETAILED ACTION
This is a non-final Office action in response to communications received on 9/29/2020.  A preliminary amendment cancelled claims 21-23 was received.  Claims 1-20 are pending and are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
The drawings filed 9/29/2020 are acknowledged.
Foreign Priority or Provisional
Foreign priority is acknowledged.  

Claim Objections
Claims 9-10 are objected to for the following informalities: the claims are directed to a different statutory class than the claim from which they depend (system vs. apparatus/device).  The Examiner recommends making claim 9 an independent claim and explicitly adding those limitations from claim 1 which claim 9 is also intended to have.  Appropriate correction is required.
Claim 14 is objected to for the following informalities: it is unclear how the “second data” can result from encryption when just prior to that it is introduced as “decrypt second data”?  Would the second data not be decrypted at that point or is there some additional missing step taking place between the second data being decrypted and then resulting from encryption?  Appropriate clarification/correction is required.
Claim 18 is objected to for the following informalities: the claim refers to “outside the memory controller” but no memory controller is disclosed in claim 18 or any of the claims upon which it depends.  Appropriate clarification/correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2007/0250718) in view of Yuen (US 2012/0297205).
	Regarding claim 1, Lee discloses the limitations substantially as follows:
A memory controller configured to control a non-volatile memory device, the memory controller comprising: 
first processing circuitry configured to, 
control an access right to a secure key based on a biometric authentication message and a unique value, the biometric authentication message and the unique value being received from an external device (paras. [0014], [0016], [0018]-[0019], [0023]: controlling access rights to an encrypted encryption key based on received biometric template data to be authenticated (i.e. biometric authentication message) and a unique media identifier (i.e. biometric and media identifier as unique values), where the biometric information is received from a user/host (i.e. external device)), and 
to encrypt data based on the secure key, the data being received from a host and being stored in a secure area of the non-volatile memory device, the processing circuitry further configured to decrypt encrypted data based on the secure key, the encrypted data being stored in the secure area of the non-volatile memory device (paras. [0017]-[0019], [0023]: encrypting data based on the encryption key, the data being received from a host and being stored in the non-volatile memory and decrypting encrypted content based on the encryption key, the encrypted data stored in the secure area of the non-volatile memory of the removable storage medium).
Lee does not explicitly disclose the limitations of claim 1 as follows:
the unique value being received from an external device
However, in the same field of endeavor, Yuen discloses the limitations of claim 1 as follows:
the unique value being received from an external device (paras. [0077]-[0078]: receiving user password, biometric patterns and computer signatures (i.e. unique values) from an external device)
Yuen is combinable with Lee because both are from the same field of endeavor of controlling access to encrypted data stored on a portable storage device.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Yuen’s method of receiving the unique identifiers from an external device with the system of Lee in order to save space and resources on the memory device by having the memory devices receive the identifiers externally rather than having to generate and store them itself.  

	 Regarding claim 2, Lee and Yuen teach the limitations of the claim 1.
Lee and Yuen disclose the limitations of claim 2 as follows:
The memory controller of claim 1, wherein the first processing circuitry is configured to generate, during user biometric information registration, an encrypted secure key by encrypting the secure key based on the unique value (Lee, paras. [0018]-[0019], [0023], [0031]-[0033]: generating, during processing of biometric templates encrypted keys by encrypting the keys using the unique media identifier) received from the external device (Yuen, paras. [0080]-[0082], [0135]-[0137], [0156]-[0157]: generating, while registering a consumer using a user password/fingerprint of the consumer/user (i.e. during biometric information registration), an encrypted cipher key based on the user password received from an external device), and   
to decrypt, during user authentication, the encrypted secure key by authenticating the access right to the secure key based on the unique value in response to the biometric authentication message indicating a biometric authentication success (Lee, paras. [0020], [0023]: decrypting the encrypted secure key by authenticating right to access the stored encrypted key based on the unique media identifier in response to successfully authenticating the biological template of the scanned biological feature (i.e. indicating biometric authentication success)).
The same motivation to combine utilized in claim 1 is equally applicable in the instant claim.

Regarding claim 3, Lee and Yuen teach the limitations of the claims 1 and 2.
Lee discloses the limitations of claim 3 as follows:
The memory controller of claim 2, further comprising: a secure key storing memory configured to store the encrypted secure key (paras. [0017]-[0019], [0023]: storage medium for storing the encrypted keys).

Regarding claim 4, Lee and Yuen teach the limitations of the claims 1-3.
Lee and Yuen disclose the limitations of claim 4 as follows:
The memory controller of claim 3, wherein the first processing circuitry is configured to store a plurality of encrypted secure keys in the secure key storing memory, and the biometric authentication message received from the external device (Lee, paras. [0017]-[0019], [0023]: storing multiple encrypted encryption/decryption keys in the storage medium and the biometric template data to be authenticated (i.e. biometric authentication message) received from the user/host (i.e. external device)) includes an index indicating one of the plurality of encrypted secure keys (Yuen, paras. [0082], [0094], [0135]-[0137]: the user password, such as a user fingerprint or handprint from external device serves as indices for stored cipher keys).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Yuen’s method of including an index for stored cipher keys with the system of Lee in order to expedite authorization and identification of requested secure keys by verifying that the index indicates the requested key.

Regarding claim 5, Lee and Yuen teach the limitations of the claims 1-3.
Lee discloses the limitations of claim 5 as follows:
The memory controller of claim 3, wherein the first processing circuitry is configured to store a plurality of encrypted secure keys in the secure key storing memory, and each of the plurality of encrypted secure keys is stored in the secure key storing memory together with an encoding value generated by encoding the unique value and a random value (paras. [0017]-[0019], [0023]: storing a plurality of encrypted keys in the storage medium, where each of the encryption keys are stored in the storage medium in combination with a combination key generating by encrypting the unique media identifier with a random value) (see also Yuen, paras. [0082], [0135]-[0137]: storing encrypted keys in memory together with encrypted values and random numbers), and 
the first processing circuitry is further configured to generate an authentication encoding value by encoding the unique value and the random value and to find an encrypted secure key corresponding to the unique value among the plurality of encrypted secure keys by comparing the authentication encoding value with the encoding value stored in the secure key storing memory, during the user authentication (paras. [0019]-[0020], [0023]: regenerating the combination key by encrypting together the media identifier and the random value to find the encrypted encryption key corresponding to the media identifier and comparing the combination key combined with the encryption key to the stored encryption key and combination key combination) (see also Yuen, paras. [0082, [0135]-[0137]: finding an encrypted cipher key by identifying the user password/computer signature combination corresponding to the cipher key and comparing the user password/computer signature to stored authentication values).

Regarding claim 6, Lee and Yuen teach the limitations of the claim 1.
Lee and Yuen disclose the limitations of claim 6 as follows:
The memory controller of claim 1, further comprising: 
a first interface configured to communicate with the external device and to receive the biometric authentication message (Lee, paras. [0014], [0016], [0018]-[0019], [0023]: communicating with a user/host device and receiving biometric template data from the user/host device) and the unique value from the external device (Yuen, paras. [0077]-[0078]: communicating and receiving the user password (i.e. unique value) from the external device).
The same motivation to combine utilized in claim 1 is equally applicable in the instant claim.

Regarding claim 7, Lee and Yuen teach the limitations of the claims 1 and 6.
Lee discloses the limitations of claim 7 as follows:
The memory controller of claim 6, further comprising: 
a second interface configured to communicate with the host, to receive the data and a command from the host, and to transmit decrypted data to the host (paras. [0031]-[0033]: storage device communicates with the host device to receive data and commands from host and transmits decrypted data to host).

Regarding claim 8, Lee and Yuen teach the limitations of the claim 1.
Yuen discloses the limitations of claim 8 as follows:
The memory controller of claim 1, wherein the unique value corresponds to at least one user's biometric information (Yuen, paras. [0077]-[0078], [0094], [0135]-[0137]: user password/unique value corresponds to user fingerprint or handprint).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Yuen’s method of having the unique value correspond to the user biometric information with the system of Lee in order to increase the security of the system by linking the biometric information received from the user with the unique value used to generate the secure key.

Regarding claim 9, Lee and Yuen teach the limitations of the claim 1.
Lee discloses the limitations of claim 9 as follows:
A data storage system comprising: 
the memory controller of claim 1; and 
second processing circuitry included in a biometric module, 
wherein the first processing circuitry included in the memory controller is further configured to receive the authentication message and the unique value (Lee, paras. [0017]-[0019], [0023]: receiving biometric template information and the unique media identifier), and 
the second processing circuitry is configured to generate a user's biometric information based on a sensing of the user's body and to store and manage the user's biometric information (Lee, paras. [0013], [0017], [0023], [0031]-[0033]: generating user biometric information based on scanning user biological pattern and storing and managing the user biometric information).

Regarding claim 10, Lee and Yuen teach the limitations of the claims 1 and 9.
Lee discloses the limitations of claim 10 as follows:
The data storage system of claim 9, wherein the biometric module includes: 
a fingerprint sensor, wherein the second processing circuitry is configured to convert fingerprint data into fingerprint information and to store and manage the fingerprint information, the fingerprint data being obtained from the fingerprint sensor (paras. [0013], [0015], [0022]-[0023]: converting fingerprint data into fingerprint biometric templates and storing and managing the fingerprint information, the fingerprint data being obtained from a fingerprint scanner/sensor).

Regarding claim 11, Lee and Yuen teach the limitations of the claim 1.
Yuen discloses the limitations of claim 11 as follows:
The memory controller of claim 1, wherein the first processing circuitry is further configured to receive a plurality of unique values, to generate a plurality of encrypted secure keys by encrypting the secure key based on the plurality of unique values and to store the plurality of encrypted secure keys (Yuen, paras. [0092]-[0097], [0106], [0135]-[0137], [0144]-[0146]: receiving a plurality of identifiers from the user and computer (i.e. unique values) and generating cipher keys from encrypting the identifiers from the user and computer signature and storing the plurality of encrypted cipher keys).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Yuen’s method of receiving multiple identifiers/unique values from the user and computer and generating the secure keys based on the identifiers from the user and the computer with the system of Lee in order to increase the security of the system by making it more difficult for an attacker to reverse engineer the secure keys by using more than one raw credential to generate the secure keys.

Regarding claim 12, Lee and Yuen teach the limitations of the claims 1 and 11.
Lee discloses the limitations of claim 12 as follows:
The memory controller of claim 11, wherein, in response to receiving a biometric authentication success message and a first unique value among the plurality of unique values (paras. [0017]-[0019], [0023]: wherein in response to successful authentication and receiving a unique media identifier), 
the first processing circuitry is further configured to restore the secure key by decrypting a first encrypted secure key among the plurality of encrypted secure keys based on the first unique value (paras. [0017]-[0020]: decrypting encrypted encryption key based on the unique media identifier and random numbers), and 
the first processing circuitry is further configured to at least one of 
(a) decrypt data based on the secure key, the data being read from at least one area to which biometric information represented by the first unique value has an access right, the at least one area being among a plurality of areas of the non-volatile memory device, or (b) encrypt data based on the secure key, the data being stored in the at least one area (paras. [0014], [0017]-[0020], [0023]: encrypting data based on the encryption key and storing the encrypted data in the storage medium securely in non-volatile memory of the storage device).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2007/0250718) in view of Yuen (US 2012/0297205), as applied to claim 1, further in view of Jevans (US 2007/0101434).
Regarding claim 13, Lee and Yuen teach the limitations of the claims 1 and 11.  
Lee discloses the limitations of claim 13 as follows:
The memory controller of claim 11, wherein the non-volatile memory device (paras. [0014], [0017]: non-volatile memory device)
Neither Lee or Yuen discloses the limitations of claim 13 as follows:
The device includes a first secure area and a second secure area, 
the first processing circuitry is configured to encrypt and decrypt data of the first secure area based on a first secure key, 
the first processing circuitry is configured to encrypt and decrypt data of the second secure area based on a second secure key, 
first fingerprint information represented by a first unique value enables access to the first secure key, and 
second fingerprint information represented by a second unique value enables access to the second secure key.
However, in the same field of endeavor, Jevans discloses the limitations of claim 13 as follows:
The device includes a first secure area and a second secure area (paras. [0049], [0051]: storage device includes different partitions of encrypted memory (i.e. first and second secure areas)), 
the first processing circuitry is configured to encrypt and decrypt data of the first secure area based on a first secure key (paras. [0047], [0049], [0051]: encrypting and decrypting data to a first encrypted partition based on the first authentication password), 
the first processing circuitry is configured to encrypt and decrypt data of the second secure area based on a second secure key (paras. [0047], [0049], [0051]: encrypting and decrypting data in a different/second secure partition/area based on a second different authentication password), 
first fingerprint information represented by a first unique value enables access to the first secure key (paras. [0030]-[0032], [0047]: first biometric fingerprint represented by a user code enables access to the first authentication password), and 
second fingerprint information represented by a second unique value enables access to the second secure key (paras. [0030]-[0032], [0047]: second fingerprint represented by a second user code enables access to a second authentication password).
Jevans is combinable with Lee and Yuen because all three are from the same field of endeavor of protecting encrypted data on storage devices.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Jevans’ method of using different fingerprints to access different secure areas of the storage device with the system of Lee and Yuen in order to enable multiple users to store protected data at the same time on the storage device with each different user area of the storage device protected by requiring biometric fingerprint input from each user to access their corresponding user area.

Claims 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Jevans (US 2007/0101434) in view of Yuen (US 2012/0297205).
Regarding claim 14, Jevans teaches the limitations substantially as follows:
A storage device comprising: 
a memory device including a first area and a second area (paras. [0049]: memory device including a first and second partition); and 
first processing circuitry configured to 
receive a first unique value and a biometric authentication result from a second processing circuitry, the first unique value corresponding to a user's biometric information (paras. [0030]-[0032], [0039], [0049]: receiving a first user code for a first partition and receive an indication that the user code was accepted (i.e. biometric authentication result received) from the secure storage device, the first user code corresponding to the user fingerprint, voice identifier or retina scan), and 
to decrypt second data based on the first unique value, the first data being stored in the first area and the second data resulting from encryption and being read from the first area (paras. [0047], [0049], [0051]: where data to be stored in the partition for the user submitting the user code is encrypted (i.e. encrypting first data based on the user code) and decrypting and reading data from the first partition (i.e. decrypting second data resulting from encryption and read from the first area) based on having authenticated the user code (i.e. based on first unique value).
Jevans does not explicitly disclose the remaining limitations of claim 14 as follows:
	a non-volatile memory device
	to encrypt first data based on the first unique value 
Yuen discloses the remaining limitations of claim 14 as follows:
a non-volatile memory device (para. [0125]: non-volatile memory)
	to encrypt first data based on the first unique value (paras. [0072], [0077]-[0078], [0094], [0135]-[0137]: encrypting data in the non-volatile storage (i.e. first data) based on the user password, which may be a fingerprint or handprint or retina pattern (i.e. first unique value))
Yuen is combinable with Jevans because both are from the same field of endeavor of protecting encrypted data stored on a storage device.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Yuen’s method of encrypting first data based on the unique value corresponding to a biometric input with the system of Jevans in order to ensure that the encrypted data can only be decrypted by a user with the correct biometric input.  

Regarding claim 15, Jevans and Yuen teach the limitations of the claim 14.
Jevans discloses the limitations of claim 15 as follows:
The storage device of claim 14, wherein the first processing circuitry is further configured to authenticate an authority over the first area based on the first unique value and to set the first area to an unlocked state enabling write and read in response to the authority being successfully authenticated (paras. [0047], [0049]: authenticating a user/authority to access to first partition/area based on the user code (i.e. first unique value) and unlocking the first partition by decrypting the data encrypted in the first partition in response to authenticating the first user).

Regarding claim 16, Jevans and Yuen teach the limitations of the claim 14.
Yuen discloses the limitations of claim 16 as follows:
The storage device of claim 14, wherein the first processing circuitry is further configured to generate a secure key by decrypting an encrypted secure key based on the first unique value and to encrypt the first data and decrypt the second data based on the secure key (paras. [0135]-[0137]: generating a secure cipher key by decrypting an encrypted cipher key using the user password UPi (i.e. based on the first unique value) and encrypting data (i.e. encrypting first data) and decrypting data (i.e. decrypting second data) based on the secure encryption key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Yuen’s method of generating a key by decrypting an encrypted secure key with the system of Jevans in order to increase the security of the system by encrypting and decrypting keys based on a value unique to the authorized user so that only the authorized user can decrypt and access the key.  

Regarding claim 17, Jevans and Yuen teach the limitations of the claims 14 and 16.
Jevans discloses the limitations of claim 17 as follows:
The storage device of claim 16, wherein the first processing circuitry is further configured to generate, before receiving the first unique value, the encrypted secure key by encrypting the secure key based on a second unique value received together with a biometric registration result from the second processing circuitry (paras. [0047], [0049], [0051]: wherein the authentication password is encrypted prior to receiving the user code (i.e. first unique value) by encrypting the authentication password according to a biometric input that has been accepted by the storage device (i.e. authentication password must first have been encrypted using registered/approved biometric input in order to be decrypted by it)); and 
the first unique value and the second unique value include a same value (paras. [0047], [0049], [0051]: where the biometric input used to decrypt and encrypt the authentication password is the same).

Regarding claim 18, Jevans and Yuen teach the limitations of the claims 14, 16 and 17.
Jevans discloses the limitations of claim 18 as follows:
The storage device of claim 17, wherein the first processing circuitry is further configured to transmit a biometric information registration trigger signal to a biometric module outside the memory controller in response to a command received from a host and to receive the biometric registration result and the second unique value after transmitting the biometric information registration trigger signal (paras. [0030]-[0032], [0038]: transmitting signals to obtain a biometric user code to a biometric sensor/module outside the memory of the storage device in response to receiving commands from a digital device/host and receiving the approval indication of the biometric input (i.e. biometric registration result) and the user code (i.e. second unique value) after transmitting the signals to obtain the biometric user code).

Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yuen (US 2012/0297205) in view of Braams (US 2011/0314304).
Regarding claim 19, Yuen teaches the limitations substantially as follows:
An operating method of a processing circuitry controlling a non-volatile memory device, the operating method comprising:
receiving a unique value and a biometric message, the unique value corresponding to user's biometric information (paras. [0077]-[0078], [0080]-[0081], [0094]: receiving a user password generated from biometric input (i.e. unique value corresponding to user’s biometric info) and an indication of whether the user password is successfully authenticated (i.e. biometric message); 
decrypting an encrypted secure key based on the unique value, the encrypted secure key being stored in the processing circuitry (paras. [0135]-[0137]: decrypting an encrypted cipher key using the user password, where the encrypted cipher key was stored in the non-volatile memory of the device); 
encrypting data based on a decrypted secure key, the data being received from a host (paras. [0125], [0135]-[0137]: encrypting data based on the decrypted cipher key, the data being received from the host); and 
transmitting encrypted data to the non-volatile memory device (paras. [0125], [0135]-[0137]: storing the encrypted data in the non-volatile memory of the storage device).
Yuen does not explicitly disclose the remaining limitations of claim 19 as follows:
receiving a unique value and a biometric authentication success message from an external device
However, in the same field of endeavor, Braams discloses the remaining limitations of claim 19 as follows:
receiving a unique value and a biometric authentication success message from an external device (para. [0029]: receiving a biometric id and outcome of biometric verification (i.e. biometric authentication success message) from a biometric verification component external to the secure key storage component)
Braams is combinable with Yuen because both are from the same field of endeavor of protecting encrypted data stored on a portable storage device.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate Braam’s method of receiving a biometric authentication message from an external device in order to save energy and resources in the memory device by avoiding performing the biometric authentication in the memory device.  

Regarding claim 20, Yuen and Braams teach the limitations of the claim 19.
Yuen and Braams discloses the limitations of claim 20 as follows:
The operating method of claim 19, further comprising: 
receiving the unique value and a biometric information registration message from the external device (Braams, para. [0029]: receiving a biometric id and outcome of biometric verification from a biometric verification component external to the secure key storage component); 
generating the encrypted secure key by encrypting a secure key based on the unique value (Yuen, paras. [0135]-[0137]: generating the encrypted cipher key by encrypting the secure key based on the user password); and 
storing the encrypted secure key in an internal storage (Yuen, paras. [0135]-[0137]: storing the encrypted cipher key in storage of the non-volatile memory device).
The same motivation to combine utilized in claim 19 is equally applicable in the instant claim.


Prior Art Not Considered But Relied Upon
Prior art considered but not relied upon includes:
1) Ramesh (US 2014/0075204) discloses non-volatile memory with secure and non-secure partitions and generating a key by receiving a user password, encrypting the user password with random salt to generate an encryption key.
Ziv (US 2009/0055655) discloses a portable storage device comprising a secure area which receives a password or biometric signature from an external host device, generates a randomized clear key from hashing the password or biometric signature, uses the key to encrypt and decrypt data stored in the storage device, and stores in non-volatile storage medium of the portable device a hash of a user password or biometric signature along with the encrypted key.  

Conclusion
For the above-stated reasons, claims 1-20 are rejected.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571) 272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438