DETAILED ACTION

Response to Arguments
Applicant's arguments ("REMARKS") filed August 10, 2022 have been fully considered, and they are partially persuasive. However, upon further consideration, a new ground of rejection has been issued.
Claims 1-19 were amended. New claim 20 was added. Claims 1, 10, and 18 are independent. Claims 1-20 are currently pending. 

Re: Objection to Claims
The objections to claims 2, 8, and 18 have been withdrawn in view of the amendments indicated on p. 12 of the REMARKS.

Re: Claim Interpretation Under 35 U.S.C. § 112(f)
The claim interpretations of claim 19 under 35 U.S.C. § 112(f) have been withdrawn in view of the amendments to the claim.

Re: Claim Rejections under 35 U.S.C. § 112(b) 
The rejections to claims 1-17 under 35 U.S.C. § 112(b) have been withdrawn in view of the amendments to the claims indicated on p. 12 of the REMARKS.

Re: Rejections Under 35 U.S.C. § 102/103
Applicant’s arguments, on pp. 12-15 of the REMARKS, in response to the rejection of the claims under 35 U.S.C. §102/103 with respect to Cheng, US 11,263,153 B1 (hereinafter, “Cheng ‘153”) and Sakata et al., US 2021/0073404 A1 (hereinafter, “Sakata ‘404”) have been fully considered and are partially persuasive. Specifically, Applicant argues that:
Cheng ‘153 fails to disclose having distinct data paths through two symmetric cryptographic engines that enable parallel encryption/decryption of user data to/from the storage medium and device management data to/from a host memory buffer; and
Cheng ‘153 fails to disclose the use of direct memory access protocols for accessing the host memory, in particular, “… uses direct memory access to write encrypted device management data to the host memory; and … uses direct memory access to read encrypted device management data from the host memory”, as amended in claim 1.

In response to Argument A:
The Examiner respectfully disagrees with arguments presented in argument A.
Cheng ‘153 discloses a plurality of distinct data paths (encoding/decoding paths [Cheng ‘153, Col. 7 lines 25-60]) that pass through symmetric cryptographic engines (encoding/decoding paths pass through a plurality of ENDIC circuits 14C, where each ENDIC circuit 14C may be configured to perform a specific cryptographic function such as encryption/decryption [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44, Col. 17 line 61-Col. 18 line 2; Fig. 9]). The cryptographic engines are able to perform cryptographic functions in parallel (ENDIC circuits 14C are configured to perform parallel processing, where ENDIC circuits 14C is able to perform any of encryption and decryption [Cheng ‘153, Col. 3 lines 37-42, Col. 8 lines 1-8]). 
Furthermore, Cheng ‘153 discloses using the cryptographic engines to facilitate transfer of encrypted/decrypted user data to/from a storage medium (encoding/decoding paths for the host device 10 to obtain data, such as decrypted data, from NV memory 120; and encoding/decoding paths for sending data, such as encrypted data, from the host device 10 to NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44, Col. 17 line 61-Col. 18 line 2; Fig. 9]).
While the disclosed data protection method in Cheng ‘153, mentioned above, is described with respect to general user data, where the data protection method involves using a plurality of encoding/decoding paths through ENDIC circuits 14C to facilitate the transfer of encrypted/decrypted data to/from a host device 10 and NV memory 120, Cheng ‘153 also discloses that the data protection method “described in one or more of the embodiments described above” may additionally be applied to obtaining/retrieving internal management information to/from the storage space of the host device 50. Thus, Cheng ‘153 discloses using the cryptographic engines to transfer encrypted/decrypted device management data to/from a host memory buffer (encoding/decoding paths for transferring internal information to/from the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]). See Claim Rejections – 35 USC § 103 below for further details.

In response to Argument B:
Argument B, in response to the rejection of the claims under 35 U.S.C. §102 with respect to Cheng ‘153 and Sakata ‘404 have been fully considered and are persuasive. However, a new ground of rejection has been asserted in view of Kondo et al., US 2015/0074329 A1. See Claim Rejections – 35 USC § 103 below for further details.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Such claim limitation(s) is/are: 
“data storage device comprising: … a first means for passing …” in claim 18.  
“data storage device comprising: … a second means for passing …” in claim 18.  
“data storage device comprising: … a third means for passing …” in claim 18.  
“data storage device comprising: … a fourth means for passing …” in claim 18.  
	Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-8 and 10-19 are rejected under 35 U.S.C. 103 as being unpatentable over Cheng, US 11,263,153 B1 (hereinafter, “Cheng ‘153”) in view of Kondo et al., US 2015/0074329 A1 (hereinafter, “Kondo ‘329”).

As per claim 1: Cheng ‘153 discloses: 
A data storage device (memory device 100, [Cheng ‘153, Col. 5 lines 24-64; Fig. 1]) comprising: 
a first cryptography engine (a first encoder-decoder (ENDEC) circuit 14C within the ENDEC pool 14 of the AES engine 11, where the AES engine may be implemented as the full-duplex-data-transmission-applicable (FDDTA) type AES processing circuit 115A, [Cheng ‘153, Col. 7 lines 31-60; Fig. 2]) configured to apply a first cryptographic function to data (a first ENDEC circuit 14C may apply an encryption or decryption function to the incoming data, [Cheng ‘153, Col. 6 lines 30-43, Col. 8 lines 57-64; Fig. 2]); 
a second cryptography engine (a second ENDEC circuit 14C within the ENDEC pool 14 of the AES engine 11, [Cheng ‘153, Col. 7 lines 31-60; Fig. 2]) configured to apply a second cryptographic function to data (a second ENDEC circuit 14C may apply an encryption or decryption function to the incoming data, [Cheng ‘153, Col. 6 lines 30-43, Col. 8 lines 57-64; Fig. 2]), wherein the first cryptographic function is inverse, and symmetric, to the second cryptographic function (the cryptographic functions performed by the ENDEC circuits 14C are inverse and symmetric because any ENDEC circuit 14C is able to be used for either encryption functions or the inverse decryption functions. For example, a first data may be encrypted using a first ENDEC circuit 14C and decrypted using a second ENDEC circuit 14C, while a second data may be encrypted using the second ENDEC circuit 14C and decrypted using the first ENDEC circuit 14C, [Cheng ‘153, Col. 7 line 31-Col. 8 line 37, Col. 8 line 57-Col.9 line 28; Fig. 2, Fig. 3]); 
a processor configured to control the data storage device (memory controller 110 containing a microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43; Fig. 1]); 
a storage medium (non-volatile (NV) memory 120 [Cheng ‘153, Col. 5 line 50-64; Fig. 1]); 
a first path configured to pass user data from the storage medium to a host device (a first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44]), 
wherein the first path passes through the second cryptography engine to apply the second cryptographic function to the user data sent to the host device (the first encoding/decoding path for the host device 10 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function, such as a decryption function, to the data obtained by the host device 10 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 lines 45-52; Fig. 1, Fig. 2, Fig. 16]); 
a second path configured to pass user data from the host device to the storage medium device (a second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 line 61-Col. 18 line 2]), 
wherein the second path passes through the first cryptography engine to apply the first cryptographic function to the user data sent to the storage medium (the second encoding/decoding path for the host device 10 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function, such as an encryption function, to the data sent to the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 line 64-Col. 18 line 9; Fig. 1, Fig. 2, Fig. 16]); 
a third path configured to pass device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the processor (memory controller 110 containing microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43, Col. 18 lines 37-53; Fig. 1]) to a host memory of the host device (memory space of the host device 50; a third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), 
wherein the third path: (the third encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) passes through the second cryptography engine to apply the second cryptographic function to the device management data sent to the host memory (the third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function to the data sent to the memory space of the host device [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2]); and 

a fourth path configured to pass device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the host memory (memory space of the host device 50 [Cheng ‘153, Col. 18 lines 37-53]) to the processor (memory controller 110 containing microprocessor 112; a fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 when needed [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), 
wherein the fourth path: (the fourth encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) passes through the first cryptography engine to apply the first cryptographic function to the device management data received at the processor (the fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function to the data sent to the memory controller 110 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2])


As stated above, Cheng ‘153 does not explicitly disclose: “… passes through the … cryptography engine to apply the second cryptographic function to the device management data sent to the host memory; and uses direct memory access to write encrypted device management data to the host memory; and … passes through the … cryptography engine to apply the first cryptographic function to the device management data received at the … ; and uses direct memory access to read encrypted device management data from the host memory.”
Kondo ‘329, however, discloses:
… passes through the … cryptography engine to apply the second cryptographic function to the device management data sent to the host memory (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is encrypted by the protection circuit 230 and sent to the host device 1 [Kondo ‘329, ¶¶56-58; Fig. 2]); and 
uses direct memory access to write encrypted device management data to the host memory (direct memory access (DMA) is used to write encrypted data to the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1]); and 
… passes through the … cryptography engine to apply the first cryptographic function to the device management data received at the … (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is decrypted by the protection circuit 230 and sent to device controller 200 [Kondo ‘329, ¶¶56-58; Fig. 1, Fig. 2); and 
uses direct memory access to read encrypted device management data from the host memory (direct memory access (DMA) is used to read encrypted data from the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1]). 

Cheng ‘153 and Kondo ‘329 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 and Kondo ‘329 before them, to modify the method in Cheng ‘153 to include the teachings of Kondo ‘329, namely to implement the sending/retrieving of encrypted internal information to/from from the memory space of the host device 50, as disclosed in Cheng ‘153, using DMA, as disclosed in Kondo ‘329, where the DMA is used to read/write encrypted internal information to/from the memory space of the host device 50. The motivation for doing so would be to ensure efficient data exchange between the main memory 100 of the host 1 and the memory system 2 (see Kondo ‘329, ¶¶50-51). 

As per claim 2: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Cheng ‘153 discloses: 
a bus (transmission interface circuit 118 [Cheng ‘153, Col. 6 lines 3-43; Fig. 1]) configured to enable communication between the host device and the data storage device (the transmission interface circuit 118 performs communications between the host device 50 and the memory device 100 [Cheng ‘153, Col. 6 lines 3-43; Fig. 1]), wherein: 
the bus comprises: 
a write channel (the transmission interface circuit 118 operating in the write-related data transmission direction [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-20, Col. 15 lines 51-57, Col. 18 lines 10-22; Fig. 14]) configured to write data from the data storage device to the host device (transmitting/writing data from the memory device 100 to the host device 50 [Cheng ‘153, Col. 6 line 65-Col. 7 line 5, Col. 17 line 61-Col. 18 line 22]), 
wherein the write channel is selectively operable (the transmission interface circuit 118, where the transmission interface circuit 118 is operating in the write-related data transmission direction, can be selectively controlled by the arbitrator 14A, also referred to as direction selector 21, to operate in particular transmission directions or to operate on particular data [Cheng ‘153, Col. 3 lines 40-60, Col. 9 lines 10-28, Col. 13 line 55-Col. 14 line 17, Col. 15 lines 51-57; Fig. 14]) to form part of the first path or the third path (the transmission interface circuit 118 operating in the write-related data transmission direction can be selectively controlled by the arbitrator 14A, also referred to as direction selector 21, to facilitate in the first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 or the third encoding/decoding path for the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 3 lines 40-60, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 lines 45-52, Col. 18 lines 37-53; Fig. 1, Fig. 2, Fig. 16]); and 
a read channel (the transmission interface circuit 118 operating in the read-related data transmission direction [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-20, Col. 15 lines 51-57, Col. 18 lines 10-22; Fig. 14]) configured to read data from the host device to the data storage device (transmitting/reading data from the host device 50 to the memory device 100 [Cheng ‘153, Col. 6 line 65-Col. 7 line 5, Col. 17 lines 36-52]), 
wherein the read channel is selectively operable (the transmission interface circuit 118, where the transmission interface circuit 118 is operating in the read-related data transmission direction, can be selectively controlled by the arbitrator 14A, also referred to as direction selector 21, to operate in particular transmission directions or to operate on particular data [Cheng ‘153, Col. 3 lines 40-60, Col. 9 lines 10-28, Col. 13 line 55-Col. 14 line 17, Col. 15 lines 51-57; Fig. 14]) to form part of the second path or the fourth path (the transmission interface circuit 118 operating in the write-related data transmission direction can be selectively controlled by the arbitrator 14A, also referred to as direction selector 21, to facilitate in the second encoding/decoding path for sending data from the host device 10 to the NV memory 120 or the fourth encoding/decoding path for the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 3 lines 40-60, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 line 64-Col. 18 line 9, Col. 18 lines 37-53; Fig. 1, Fig. 2, Fig. 16]); and
the write channel and the read channel are configurable to operate simultaneously (the transmission interface circuit 118 is configured to operate such that the read-related data transmission direction and the write-related data transmission direction can be performed at the same time (i.e., full duplex data transmission) [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-43, Col. 18 lines 10-22]).

As per claim 3: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Furthermore, Cheng ‘153 discloses:
	wherein the data storage device (memory device 100, [Cheng ‘153, Col. 5 lines 24-64; Fig. 1]) is selectively configurable by the processor (memory controller 110 containing a microprocessor 112, where the memory controller 110 controls and configures the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43; Fig. 1]) to operate in: 
a first mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) to simultaneously pass user data in the first path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 17 lines 36-52; Fig. 16]) and pass device management data in the fourth path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the fourth encoding/decoding path to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 16]); or 
a second mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) to simultaneously pass device management data in the third path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the third encoding/decoding path for the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 16]) and pass user data in the second path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 17 line 61-Col. 18 line 9; Fig. 16]).

As per claim 4: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Furthermore, Cheng ‘153 discloses:
	wherein the data storage device (memory device 100, [Cheng ‘153, Col. 5 lines 24-64; Fig. 1]) is selectively configurable by the processor (memory controller 110 containing a microprocessor 112, where the memory controller 110 controls and configures the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43; Fig. 1]) to operate in: 
a third mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) to simultaneously pass user data in the first path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 17 lines 36-52; Fig. 16]) and user data in the second path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 17 line 61-Col. 18 line 9; Fig. 16]); or
a fourth mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) to simultaneously pass device management data in the third path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the third encoding/decoding path for the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 16]) and device management data in the fourth path (a set of parallel operations or PHASE selected and performed by the memory device 100 including the fourth encoding/decoding path to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 6 lines 10-20, Col. 7 lines 34-49, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 16]).

As per claim 5: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the first cryptographic function is a decryption function and the second cryptographic function is an encryption function (the first and second cryptographic functions are performed by respective ENDEC circuits 14C, where ENDEC circuits 14C can be dynamically configured by the arbitrator 14A to perform both decryption functions and encryption functions; thus, one ENDEC circuit 14C can perform the first cryptographic function configured to be decryption function, while another ENDEC circuit 14C can perform the second cryptographic function configured to be an encryption function [Cheng ‘153, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64; Fig. 2, Fig. 3]).

As per claim 6: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the first cryptographic function is an encryption function and the second cryptographic function is a decryption function (the first and second cryptographic functions are performed by respective ENDEC circuits 14C, where ENDEC circuits 14C can be dynamically configured by the arbitrator 14A to perform both decryption functions and encryption functions; thus, one ENDEC circuit 14C can perform the first cryptographic function configured to be an encryption function, while another ENDEC circuit 14C can perform the second cryptographic function configured to be a decryption function [Cheng ‘153, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64; Fig. 2, Fig. 3]).

As per claim 7: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the first cryptography engine and the second cryptography engine are XTS engines (ENDEC circuits 14C uses XTS processing [Cheng ‘153, Col. 9 line 63-Col. 10 line 47; Fig. 4, Fig. 5]).

As per claim 8: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 1, as stated above, from which claim 8 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the storage medium is solid-state storage (memory device 100 containing the non-volatile (NV) memory 120 may be a solid state drive (SSD) [Cheng ‘153, Col. 5 lines 1-4, Col. 5 lines 46-55; Fig. 1]).

As per claim 10: Cheng ‘153 discloses: 
A method for encrypting and decrypting data for a data storage device (a method for encrypting and decrypting data for memory device 100, [Cheng ‘153, Col. 4 line 63-Col. 5 line 64; Fig. 1]) having 
a storage medium (non-volatile (NV) memory 120 [Cheng ‘153, Col. 5 line 50-64; Fig. 1]), 
a first cryptography engine, a second cryptography engine (a first and second encoder-decoder (ENDEC) circuits 14C within the ENDEC pool 14 of the AES engine 11, where the AES engine may be implemented as the full-duplex-data-transmission-applicable (FDDTA) type AES processing circuit 115A, [Cheng ‘153, Col. 7 lines 31-60; Fig. 2]), and 
a processor to control the data storage device (memory controller 110 containing a microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43; Fig. 1]), 
wherein in a first mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) the method comprises: 
writing user data from the storage medium to a host device on a first path (a first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44]), 
wherein writing on the first path includes applying a second cryptographic function to the user data by the second cryptography engine (the first encoding/decoding path for the host device 10 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function, such as a decryption function, to the data obtained by the host device 10 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 lines 45-52; Fig. 1, Fig. 2, Fig. 16]); and 
reading device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from a host memory of the host device (memory space of the host device 50 [Cheng ‘153, Col. 18 lines 37-53]) to the processor on a fourth path (memory controller 110 containing microprocessor 112; a fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 when needed [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), wherein: 
reading on the fourth path (the fourth encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) includes applying a first cryptographic function to the device management data by the first cryptography engine (the fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function to the data sent to the memory controller 110 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2]);
reading on the fourth path (the fourth encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) 
the first cryptographic function is inverse, and symmetric, to the second cryptographic function (the cryptographic functions performed by the ENDEC circuits 14C are inverse and symmetric because any ENDEC circuit 14C is able to be used for either encryption functions or the inverse decryption functions. For example, a first data may be encrypted using a first ENDEC circuit 14C and decrypted using a second ENDEC circuit 14C, while a second data may be encrypted using the second ENDEC circuit 14C and decrypted using the first ENDEC circuit 14C, [Cheng ‘153, Col. 7 line 31-Col. 8 line 37, Col. 8 line 57-Col.9 line 28; Fig. 2, Fig. 3]).

As stated above, Cheng ‘153 does not explicitly disclose: “… applying a first cryptographic function to the device management data by the … cryptography engine; … uses direct memory access to read the encrypted device management data from the host memory; …”.
Kondo ‘329, however, discloses:
… applying a first cryptographic function to the device management data by the … cryptography engine (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is decrypted by the protection circuit 230 and sent to device controller 200 [Kondo ‘329, ¶¶56-58; Fig. 1, Fig. 2); 
… uses direct memory access to read the encrypted device management data from the host memory; … (direct memory access (DMA) is used to read encrypted data from the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1])

Cheng ‘153 and Kondo ‘329 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 and Kondo ‘329 before them, to modify the method in Cheng ‘153 to include the teachings of Kondo ‘329. 

As per claim 11: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 10, as stated above, from which claim 11 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein in a second mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) the method comprises: 
writing device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the processor (memory controller 110 containing microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43, Col. 18 lines 37-53; Fig. 1]) to the host memory on a third path (memory space of the host device 50; a third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), 
wherein writing on the third path (the third encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) includes: 
applying a second cryptographic function to the device management data by the second cryptography engine (the third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function to the data sent to the memory space of the host device [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2]); and 

reading user data from the host device to the storage medium on a second path (a second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 line 61-Col. 18 line 2]), 
wherein reading on the second path includes applying a first cryptographic function to the user data by the first cryptography engine (the second encoding/decoding path for the host device 10 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function, such as an encryption function, to the data sent to the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 line 64-Col. 18 line 9; Fig. 1, Fig. 2, Fig. 16]).

As stated above, Cheng ‘153 does not explicitly disclose: “… applying a second cryptographic function to the device management data by the … cryptography engine; … uses direct memory access to write the encrypted device management data to the host memory; …”.
Kondo ‘329, however, discloses:
… applying a second cryptographic function to the device management data by the … cryptography engine (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is encrypted by the protection circuit 230 and sent to the host device 1 [Kondo ‘329, ¶¶56-58; Fig. 2]); 
… uses direct memory access to write the encrypted device management data to the host memory; … (direct memory access (DMA) is used to write encrypted data to the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1])

Cheng ‘153 and Kondo ‘329 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 and Kondo ‘329 before them, to modify the method in Cheng ‘153 to include the teachings of Kondo ‘329. 

As per claim 12: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claims 10 and 11, as stated above, all from which claim 12 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein: in the first mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]), 
the first path (a first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44]) and the fourth path (a fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 when needed [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]) are configured as separate paths (a plurality of encoding/decoding paths, where each path is an independent and separate path [Cheng ‘153, Col. 7 line 31-Col. 8 line 37, Col. 8 lines 57-64; Fig. 2]) to enable simultaneous writing of user data and reading of device management data (independent and separate of encoding/decoding paths enable simultaneous/parallel transmission of data in both read-related and write-related transmission directions (i.e., full duplex data transmission), such as the writing of data and reading of internal information [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-20, Col. 6 lines 30-43, Col. 18 lines 37-53; Fig. 2]); and 
in the second mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]), 
the second path (a second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 line 61-Col. 18 line 2]) and the third path (a third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]) are configured as separate paths (a plurality of encoding/decoding paths, where each path is an independent and separate path [Cheng ‘153, Col. 7 line 31-Col. 8 line 37, Col. 8 lines 57-64; Fig. 2]) to enable simultaneous writing of device management data and reading of user data (independent and separate of encoding/decoding paths enable simultaneous/parallel transmission of data in both read-related and write-related transmission directions (i.e., full duplex data transmission), such as the writing of internal information and reading of data [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-20, Col. 6 lines 30-43, Col. 18 lines 37-53; Fig. 2]).
As per claim 13: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claims 10 and 11, as stated above, all from which claim 13 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein: writing user data (encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44]) in the first mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) and 
writing device management data (encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]) in the second mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) include 
communicating to the host device (the transmission interface circuit 118 performs communications between the host device 50 and the memory device 100 [Cheng ‘153, Col. 6 lines 3-43; Fig. 1]) via a write channel of a bus (the transmission interface circuit 118 operating in the write-related data transmission direction [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-20, Col. 15 lines 51-57, Col. 18 lines 10-22; Fig. 14]) between the host device and the data storage device (transmitting/writing data from the memory device 100 to the host device 50 [Cheng ‘153, Col. 6 line 65-Col. 7 line 5, Col. 17 line 61-Col. 18 line 22]); and 
reading of device management data (encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 when needed [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]) in the first mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) and 
reading of user data (encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]) in the second mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) include 
communicating to the host device (the transmission interface circuit 118 performs communications between the host device 50 and the memory device 100 [Cheng ‘153, Col. 6 lines 3-43; Fig. 1]) via a read channel of the bus (the transmission interface circuit 118 operating in the read-related data transmission direction [Cheng ‘153, Col. 5 lines 14-23, Col. 6 lines 3-20, Col. 15 lines 51-57, Col. 18 lines 10-22; Fig. 14]).

As per claim 14: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 10, as stated above, from which claim 14 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein in a third mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) the method comprises: 
writing user data from the storage medium to the host device on a first path (a first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44]), 
wherein writing on the first path includes applying a second cryptographic function to the user data by the second cryptography engine (the first encoding/decoding path for the host device 10 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function, such as a decryption function, to the data obtained by the host device 10 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 lines 45-52; Fig. 1, Fig. 2, Fig. 16]); and 
reading user data from the host device to the storage medium on a second path (a second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 line 61-Col. 18 line 2]), 
wherein reading on the second path includes applying a first cryptographic function to the user data by the first cryptography engine (the second encoding/decoding path for the host device 10 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function, such as an encryption function, to the data sent to the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 line 64-Col. 18 line 9; Fig. 1, Fig. 2, Fig. 16]).

As per claim 15: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 10, as stated above, from which claim 15 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein in a fourth mode (under the broadest reasonable interpretation, a “mode” can be interpreted as a set of parallel operations or a PHASE to be performed by the memory device 100 that can be dynamically selected by the memory controller 110 using the arbitrator 14A [Cheng ‘153, Col. 3 lines 33- 60, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64, Col. 17 lines 12-29]) the method comprises: 
writing device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the processor (memory controller 110 containing microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43, Col. 18 lines 37-53; Fig. 1]) to the host memory on a third path (memory space of the host device 50; a third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), 
wherein writing on the third path (the third encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) includes applying a second cryptographic function to the device management data by the second cryptography engine (the third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function to the data sent to the memory space of the host device [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2]); and 

reading device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the host memory of the host device (memory space of the host device 50 [Cheng ‘153, Col. 18 lines 37-53]) to the processor on the fourth path (memory controller 110 containing microprocessor 112; a fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 when needed [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), 
wherein reading on the fourth path (the fourth encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) includes: 
applying the first cryptographic function to the device management data by the first cryptography engine (the fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function to the data sent to the memory controller 110 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2])


As stated above, Cheng ‘153 does not explicitly disclose: “… applying a second cryptographic function to the device management data by the … cryptography engine; and using direct memory access to write encrypted device management data to the host memory; and … applying the first cryptographic function to the device management data by the … cryptography engine; and using direct memory access to read encrypted device management data from the host memory.”
Kondo ‘329, however, discloses:
… applying a second cryptographic function to the device management data by the … cryptography engine (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is encrypted by the protection circuit 230 and sent to the host device 1 [Kondo ‘329, ¶¶56-58; Fig. 2]); and 
using direct memory access to write encrypted device management data to the host memory (direct memory access (DMA) is used to write encrypted data to the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1]); and 
… applying the first cryptographic function to the device management data by the … cryptography engine (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is decrypted by the protection circuit 230 and sent to device controller 200 [Kondo ‘329, ¶¶56-58; Fig. 1, Fig. 2); and 
using direct memory access to read encrypted device management data from the host memory (direct memory access (DMA) is used to read encrypted data from the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1]). 

Cheng ‘153 and Kondo ‘329 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 and Kondo ‘329 before them, to modify the method in Cheng ‘153 to include the teachings of Kondo ‘329.

As per claim 16: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 10, as stated above, from which claim 16 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the first cryptographic function is a decryption function and the second cryptographic function is an encryption function (the first and second cryptographic functions are performed by respective ENDEC circuits 14C, where ENDEC circuits 14C can be dynamically configured by the arbitrator 14A to perform both decryption functions and encryption functions; thus, one ENDEC circuit 14C can perform the first cryptographic function configured to be decryption function, while another ENDEC circuit 14C can perform the second cryptographic function configured to be an encryption function [Cheng ‘153, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64; Fig. 2, Fig. 3]).

As per claim 17: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 10, as stated above, from which claim 17 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the first cryptographic function is an encryption function and the second cryptographic function is a decryption function (the first and second cryptographic functions are performed by respective ENDEC circuits 14C, where ENDEC circuits 14C can be dynamically configured by the arbitrator 14A to perform both decryption functions and encryption functions; thus, one ENDEC circuit 14C can perform the first cryptographic function configured to be an encryption function, while another ENDEC circuit 14C can perform the second cryptographic function configured to be a decryption function [Cheng ‘153, Col. 7 line 61-Col. 8 line 37, Col. 8 lines 57-64; Fig. 2, Fig. 3]).

As per claim 18: Cheng ‘153 discloses: 
A data storage device (memory device 100, [Cheng ‘153, Col. 5 lines 24-64; Fig. 1]) comprising: 
a first cryptography engine (a first encoder-decoder (ENDEC) circuit 14C within the ENDEC pool 14 of the AES engine 11, where the AES engine may be implemented as the full-duplex-data-transmission-applicable (FDDTA) type AES processing circuit 115A, [Cheng ‘153, Col. 7 lines 31-60; Fig. 2]) configured to apply a first cryptographic function to data (a first ENDEC circuit 14C may apply an encryption or decryption function to the incoming data, [Cheng ‘153, Col. 6 lines 30-43, Col. 8 lines 57-64; Fig. 2]); 
a second cryptography engine (a second ENDEC circuit 14C within the ENDEC pool 14 of the AES engine 11, [Cheng ‘153, Col. 7 lines 31-60; Fig. 2]) configured to apply a second cryptographic function to data (a second ENDEC circuit 14C may apply an encryption or decryption function to the incoming data, [Cheng ‘153, Col. 6 lines 30-43, Col. 8 lines 57-64; Fig. 2]), 
wherein the first cryptographic function is inverse, and symmetric, to the second cryptographic function (the cryptographic functions performed by the ENDEC circuits 14C are inverse and symmetric because any ENDEC circuit 14C is able to be used for either encryption functions or the inverse decryption functions. For example, a first data may be encrypted using a first ENDEC circuit 14C and decrypted using a second ENDEC circuit 14C, while a second data may be encrypted using the second ENDEC circuit 14C and decrypted using the first ENDEC circuit 14C, [Cheng ‘153, Col. 7 line 31-Col. 8 line 37, Col. 8 line 57-Col.9 line 28; Fig. 2, Fig. 3]); 
a processor (memory controller 110 containing a microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43; Fig. 1]); 
a storage medium (non-volatile (NV) memory 120 [Cheng ‘153, Col. 5 line 50-64; Fig. 1]); 
a first means for passing user data from the storage medium to a host device (a first encoding/decoding path for the host device 10 to obtain data from the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 lines 36-44]), 
wherein the first means is configured to pass the user data through the second cryptography engine to apply the second cryptographic function to the user data sent to the host device (the first encoding/decoding path for the host device 10 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function, such as a decryption function, to the data obtained by the host device 10 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 lines 45-52; Fig. 1, Fig. 2, Fig. 16]); 
a second means for passing user data from the host device to the storage medium (a second encoding/decoding path for sending data from the host device 10 to the NV memory 120 [Cheng ‘153, Col. 7 lines 34-49, Col. 17 line 61-Col. 18 line 2]), 
wherein the second means is configured to pass the user data through the first cryptography engine to apply the first cryptographic function to the user data sent to the storage medium (the second encoding/decoding path for the host device 10 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function, such as an encryption function, to the data sent to the NV memory 120 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 17 line 64-Col. 18 line 9; Fig. 1, Fig. 2, Fig. 16]); 
a third means for passing device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the processor (memory controller 110 containing microprocessor 112, where the memory controller 110 controls the memory device 100 [Cheng ‘153, Col.5 line 65-Col. 6 line 43, Col. 18 lines 37-53; Fig. 1]) to a host memory of the host device (memory space of the host device 50; a third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), wherein the third means (the third encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) is configured to: 
pass the device management data through the second cryptography engine to apply the second cryptographic function to the device management data sent to the host memory (the third encoding/decoding path for sending internal information from the memory controller 110 to the memory space of the host device 50 passes through the second ENDEC circuit 14C within the ENDEC pool 14, where the second ENDEC circuit 14C applies a cryptographic function to the data sent to the memory space of the host device [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2]); and 

a fourth means for passing device management data (internal information for the management of the memory device 100 [Cheng ‘153, Col. 18 lines 37-53]) from the host memory (memory space of the host device 50 [Cheng ‘153, Col. 18 lines 37-53]) to the processor (memory controller 110 containing microprocessor 112; a fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 when needed [Cheng ‘153, Col. 7 lines 34-49, Col. 18 lines 37-53]), wherein the fourth means (the fourth encoding/decoding path comprises applying the AES processing using ENDEC circuits 14C to the exchange/access of the internal information between the memory controller 110 and the memory space of the host device 50 [Cheng ‘153, Col. 18 lines 49-53]) is configured to: 
pass the device management data through the first cryptography engine to apply the first cryptographic function to the device management data received at the processor (the fourth encoding/decoding path for obtaining or retrieving of the internal information by the memory controller 110 from the memory space of the host device 50 passes through the first ENDEC circuit 14C within the ENDEC pool 14, where the first ENDEC circuit 14C applies a cryptographic function to the data sent to the memory controller 110 [Cheng ‘153, Col. 6 lines 10-20, Col. 8 lines 57-64, Col. 18 lines 37-53; Fig. 1, Fig. 2])


As stated above, Cheng ‘153 does not explicitly disclose: “… pass the device management data through the … cryptography engine to apply the second cryptographic function to the device management data sent to the host memory; and use direct memory access to write encrypted device management data to the host memory; and … pass the device management data through the …  cryptography engine to apply the first cryptographic function to the device management data received at the … ; and use direct memory access to read encrypted device management data from the host memory.”
Kondo ‘329, however, discloses:
… pass the device management data through the … cryptography engine to apply the second cryptographic function to the device management data sent to the host memory (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is encrypted by the protection circuit 230 and sent to the host device 1 [Kondo ‘329, ¶¶56-58; Fig. 2]); and 
use direct memory access to write encrypted device management data to the host memory (direct memory access (DMA) is used to write encrypted data to the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1]); and 
… pass the device management data through the …  cryptography engine to apply the first cryptographic function to the device management data received at the …  (data passes through the protection circuit 230, where the data may be management information of the memory system 2, and where the management information is decrypted by the protection circuit 230 and sent to device controller 200 [Kondo ‘329, ¶¶56-58; Fig. 1, Fig. 2); and 
use direct memory access to read encrypted device management data from the host memory (direct memory access (DMA) is used to read encrypted data from the main memory 100 of the host device 1, where the encrypted data may be encrypted management information of the memory system 2 [Kondo ‘329, ¶¶50-51, 56-58; Fig. 1]). 

Cheng ‘153 and Kondo ‘329 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 and Kondo ‘329 before them, to modify the method in Cheng ‘153 to include the teachings of Kondo ‘329.

As per claim 19: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claim 10, as stated above, from which claim 19 is dependent upon. Furthermore, Cheng ‘153 discloses:
wherein the first cryptography engine and the second cryptography engine are XTS cryptography engines (ENDEC circuits 14C uses XTS processing [Cheng ‘153, Col. 9 line 63-Col. 10 line 47; Fig. 4, Fig. 5]).


Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cheng ‘153, in view of Kondo ‘329, and further in view of Sakata et al., US 2021/0073404 A1 (hereinafter, “Sakata ‘404”).

As per claim 9: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claims 1 and 2, as stated above, all from which claim 9 is dependent upon. Cheng ‘153 in view of Kondo ‘329 does not explicitly disclose the limitations of claim 9. Sakata ‘404, however, discloses:
wherein the bus is a Peripheral Component Interconnect Express (PCIe) standard bus (the interface connecting the host 2 and the SSD 3 may be implemented as a PCIe bus [Sakata ‘404, ¶43; Fig. 1]).

Cheng ‘153 (modified by Kondo ‘329) and Sakata ‘404 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 (modified by Kondo ‘329) and Sakata ‘404 before them, to modify the method in Cheng ‘153 (modified by Kondo ‘329) to include the teachings of Sakata ‘404, namely to implement the transmission interface circuit 118 that connects the host device 50 with the memory device 100, as disclosed in Cheng ‘153, as a PCIe bus, as disclosed in Sakata ‘404. The motivation for doing so would be to take advantage of a widely-used high-speed bus standard, such as the PCIe bus, for optimum connection between the host and the SSD (see Sakata ‘404, ¶¶42-44). 

As per claim 20: Cheng ‘153 in view of Kondo ‘329 discloses all limitations of claims 10-11 and 13, as stated above, all from which claim 20 is dependent upon. Cheng ‘153 in view of Kondo ‘329 does not explicitly disclose the limitations of claim 20. Sakata ‘404, however, discloses:
wherein the bus is a Peripheral Component Interconnect Express (PCIe) standard bus (the interface connecting the host 2 and the SSD 3 may be implemented as a PCIe bus [Sakata ‘404, ¶43; Fig. 1]).

	Cheng ‘153 (modified by Kondo ‘329) and Sakata ‘404 are analogous art because they are from the same field of endeavor, namely that of memory device control with the aid of a host device and cryptographic engines. For the reasons stated in claim 9, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Cheng ‘153 (modified by Kondo ‘329) and Sakata ‘404 before them, to modify the method in Cheng ‘153 (modified by Kondo ‘329) to include the teachings of Sakata ‘404.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Raam, US 2014/0040639 A1: An encrypted transport SSD controller has an interface for receiving commands, storage addresses, and exchanging data with a host for storage of the data in a compressed (and optionally encrypted) form in Non-Volatile Memory.
Kanno, US 2019/0362081 A1: a memory system receiving from a host a write request, the controller encrypts the data and writes the encrypted data to the memory together with an address. The controller reads both the encrypted data and the address and decrypts the encrypted data. 
Li, US 2020/0402426 A1: encrypting and decrypting data using a writing circuit to write a flag in memory indicating whether data has been encrypted. The controller reads the data and programs the data into a flash device.
Kim, US 2020/0201711 A1: a host controller encrypting data which is received from a host; a buffer storing the encrypted data which is output from the host controller; and a memory controller outputting error-checked data as a second data when no error is found.
Werner et al., US 2015/0067349 A1: storage device to encrypt and decrypt data during write and read operations. The host device is coupled to the storage device. The host device may be configured to execute the write and read operations by concentrating a number of bands into smaller number of bands.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/THEODORE C PARSONS/Primary Examiner, Art Unit 2494