DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 – 2, 4 – 10, 15 – 17, and 19 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sela et al. US Patent No. 10725687 (herein after referred to as Sela '687) in view of Sela et al. US Patent Application Publication No. 2020/0014544 (herein after referred to as Sela ‘544).
Regarding claim 1, Sela ‘687 describes a method of operating a storage device to set a secure mode of a plurality of commands, the method comprising: receiving a secure request indicating a protection of a first command and a protection of a second command, from a host device configured to communicate with the storage device, the first command and the second command being different in kind; setting secure modes of the first command and the second command, based on the secure request (For example, as described, the controller 104 may receive an address range and a set command from the host 106.  The address range may correspond to a subset of the memory blocks 302-1 to 302-N of the partition or the entire partition.  The set command may include instructions to set the memory blocks corresponding to the address range to a protected state (e.g., set the access characteristics of the memory blocks to access characteristics represented by the protected state) indicated by the set command (Sela ‘687, column 15, lines 17 – 25)).  While Sela ‘687 clearly discloses a protected state in which no entity can perform standard read operations and standard write operations on memory blocks set to said protected state, it does not explicitly describe receiving a first request indicating a request to execute the first command, from the host device; outputting a first response indicating a failure of the first command to the host device, based on the first request; receiving a second request indicating a request to execute the second command, from the host device; and outputting a second response indicating a failure of the second command to the host device, based on the second request.
Sela ‘544 describes an apparatus including a replay protected memory block formed in a plurality of non-volatile memory cells.  Specifically, it is disclosed that when a host 120 attempts to write to RPMB 400, authentication circuit 412 of host 120 generates a MAC from key 414 and a message.  A write count 416 may be included in the message and may be used to generate the MAC.  Host 120 sends the MAC, write count, and message to memory system 100.  In response, authentication circuit 402 generates a MAC from key 404 and the received message and compares this MAC with the MAC received from host 120.  If the MACs are not identical (e.g., where another entity other than host 120 attempts to write in RPMB 400) then authentication circuit 402 denies write access.  No new data is written in RPMB 400 in this case.  A response may be sent to indicate that authentication failed.  If write counts are not identical (e.g. in a reply attack) then authentication circuit 402 denies write access to host 120 in write in RPMB 400 and no new data is written in RPMB 400.  A response may be sent to indicate that the write counts did not match (Sela ‘544, page 5, paragraph [0052]).  
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Sela ‘544 teachings in the Sela ‘687 system. Skilled artisan would have been motivated to incorporate the method of indicating an access failure as taught by Sela ‘544 in the Sela ‘687 system for effectively communicating failed operations.  In addition, both of the references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as non-volatile memory using replay protected memory blocks.  This close relation between both of the references highly suggests an expectation of success.
Regarding claim 2, Sela ‘687 in view of Sela ‘544 describe the method of claim 1 (see above), wherein the secure request is based on a request message of a replay protect memory block (RPMB) message of a universal flash storage (UFS) standard, and the secure request supports a secure command protect configuration block (SCPCB) (Typically, an RPMB partition is a partition used in various non-volatile memory systems, such as, embedded multi-media controller (eMMC) systems, universal flash storage (UFS) systems, non-volatile memory express (NVMe) systems, or other suitable memory systems.  An RPMB partition allows an entity to read from and/or write to the RPMB partition in a secure manner.  For example, the read access and write access of an RPMB partition are replay protected such that only an authorized entity can write to the RPMB partition (Sela ‘687, column 3, lines 29 – 38)).
Regarding claim 4, Sela ‘687 in view of Sela ‘544 describe the method of claim 1 (see above), wherein the secure request further indicates a protection of the first command in a first logical block address (LBA) and a non-protection of the first command in a second LBA different from the first LBA, and wherein the first request further indicates a request to execute the first command in the first LBA (Accordingly, no entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the third alternative protected state (Sela ‘687, column 15, lines 5 – 12).  Setting a range to a particular protected state suggests that anything outside the range may be in a different state which would be handled differently according to the specific different state).
Regarding claim 5, Sela ‘687 in view of Sela ‘544 describe the method of claim 4 (see above), further comprising: receiving a third request indicating a request to execute the first command in the second LBA, from the host device; and executing the first command in the second LBA, based on the third request (The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Regarding claim 6, Sela ‘687 in view of Sela ‘544 describe the method of claim 4 (see above), wherein the secure request further indicates a non- protection of the second command in the first LBA and a protection of the second command in the second LBA, wherein the second request further indicates a request to execute the second command in the second LBA, and wherein the method further comprises: receiving a fourth request indicating a request to execute the second command in the first LBA, from the host device; and executing the second command in the first LBA, based on the fourth request (The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Regarding claim 7, Sela ‘687 in view of Sela ‘544 describe the method of claim 1 (see above), wherein the secure request further indicates a protection of the first command and a protection of the second command in a plurality of LBAs included in a first logical unit (LU), wherein the first request further indicates a request to execute the first command in at least part of the plurality of LBAs, and wherein the second request further indicates a request to execute the second command in at least part of the plurality of LBAs (The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Regarding claim 8, Sela ‘687 in view of Sela ‘544 describe the method of claim 1 (see above), wherein the secure request further indicates a protection of the first command in a plurality of first LBAs included in a first LU and a plurality of second LBAs included in a second LU and a protection of the second command in the plurality of first LBAs included in the first LU and the plurality of second LBAs included in the second LU, wherein the first LU and the second LU are included in the same memory type, wherein the first request further indicates a request to execute the first command in at least part of the plurality of first LBAs and the plurality of second LBAs, and wherein the second request further indicates a request to execute the second command in at least part of the plurality of first LBAs and the plurality of second LBAs (Still referring to FIG. 1A, the storage system 102 includes the non-volatile memory (NVM) block 110 which may include several memory die 110-1 – 110-N… (Sela ‘687, column 6, lines 4 – 13).  The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Regarding claim 9, Sela ‘687 in view of Sela ‘544 describe the method of claim 1 (see above), wherein a data field of the secure request includes a secure command protect configuration block, and a request message type field of the secure request indicates a secure command protect configuration block write request (The controller 104 is configured to dynamically set access characteristics of a partition or of a portion of a partition defined by an address range (e.g., a range of memory locations within the partition).  The access characteristics may include a standard read characteristic, a standard write characteristic, an RPMB read characteristic, an RPMB write characteristic, other suitable access characteristics, or a combination thereof.  In some embodiments, the controller 104 receives an address range and a set command from an entity attempting to set the access characteristics of a portion of a partition of the storage system 102 corresponding to the address range (Sela ‘687, column 11, lines 31 – 44)).
Regarding claim 10, Sela ‘687 in view of Sela ‘544 describe the method of claim 9 (see above), wherein the secure command protect configuration block includes: an index indicating a range in which the secure modes of the first command and the second command are to be set; and a secure command protect entry indicating whether to protect the first command and whether to protect the second command (The controller 104 is configured to dynamically set access characteristics of a partition or of a portion of a partition defined by an address range (e.g., a range of memory locations within the partition).  The access characteristics may include a standard read characteristic, a standard write characteristic, an RPMB read characteristic, an RPMB write characteristic, other suitable access characteristics, or a combination thereof.  In some embodiments, the controller 104 receives an address range and a set command from an entity attempting to set the access characteristics of a portion of a partition of the storage system 102 corresponding to the address range (Sela ‘687, column 11, lines 31 – 44)).
Regarding claim 15, Sela ‘687 describes a method of operating a storage device to set a secure mode in a plurality of logical units (LUs), the method comprising: receiving a secure request indicating a protection of a first command in a first LU and a second LU of the plurality of LUs, from a host device configured to communicate with the storage device; setting a secure mode of the first command in the first LU and the second LU, based on the secure request (For example, as described, the controller 104 may receive an address range and a set command from the host 106.  The address range may correspond to a subset of the memory blocks 302-1 to 302-N of the partition or the entire partition.  The set command may include instructions to set the memory blocks corresponding to the address range to a protected state (e.g., set the access characteristics of the memory blocks to access characteristics represented by the protected state) indicated by the set command (Sela ‘687, column 15, lines 17 – 25)).  While Sela ‘687 clearly discloses a protected state in which no entity can perform standard read operations and standard write operations on memory blocks set to said protected state, it does not explicitly describe receiving a first request indicating a request to execute the first command in the first LU, from the host device; outputting a first response indicating a failure of the first command in the first LU to the host device, based on the first request; receiving a second request indicating a request to execute the first command in the second LU, from the host device; and outputting a second response indicating a failure of the first command in the second LU to the host device, based on the second request.
Sela ‘544 describes an apparatus including a replay protected memory block formed in a plurality of non-volatile memory cells.  Specifically, it is disclosed that when a host 120 attempts to write to RPMB 400, authentication circuit 412 of host 120 generates a MAC from key 414 and a message.  A write count 416 may be included in the message and may be used to generate the MAC.  Host 120 sends the MAC, write count, and message to memory system 100.  In response, authentication circuit 402 generates a MAC from key 404 and the received message and compares this MAC with the MAC received from host 120.  If the MACs are not identical (e.g., where another entity other than host 120 attempts to write in RPMB 400) then authentication circuit 402 denies write access.  No new data is written in RPMB 400 in this case.  A response may be sent to indicate that authentication failed.  If write counts are not identical (e.g. in a reply attack) then authentication circuit 402 denies write access to host 120 in write in RPMB 400 and no new data is written in RPMB 400.  A response may be sent to indicate that the write counts did not match (Sela ‘544, page 5, paragraph [0052]).  
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Sela ‘544 teachings in the Sela ‘687 system. Skilled artisan would have been motivated to incorporate the method of indicating an access failure as taught by Sela ‘544 in the Sela ‘687 system for effectively communicating failed operations.  In addition, both of the references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as non-volatile memory using replay protected memory blocks.  This close relation between both of the references highly suggests an expectation of success.
Regarding claim 16, Sela ‘687 in view of Sela ‘544 describe the method of claim 15 (see above), further comprising: receiving a third request indicating a request to execute the first command in a third LU of the plurality of LUs, from the host device; and executing the first command in the third LU, based on the third request, and wherein the first LU and the second LU are included in a first memory type, and the third LU is included in a second memory type (The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Regarding claim 17, Sela ‘687 in view of Sela ‘544 describe the method of claim 15 (see above), wherein the secure request further indicates a protection of a second command in the first LU and the second LU, and wherein the setting the secure mode includes: setting the secure mode of the first command and a secure mode of the second command in the first LU and the second LU, based on the secure request (The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Regarding claim 19, Sela ‘687 describes a method of operating a storage system, which includes a host device and a storage device configured to communicate with the host device, to set a secure mode of a plurality of commands, the method comprising: generating, by the host device, a secure request indicating a protection of a first command in a first logical block address (LBA) and a protection of a second command in a second LBA, the first command and the second command being different in kind; setting, by the storage device, a secure mode based on the secure request (For example, as described, the controller 104 may receive an address range and a set command from the host 106.  The address range may correspond to a subset of the memory blocks 302-1 to 302-N of the partition or the entire partition.  The set command may include instructions to set the memory blocks corresponding to the address range to a protected state (e.g., set the access characteristics of the memory blocks to access characteristics represented by the protected state) indicated by the set command (Sela ‘687, column 15, lines 17 – 25)).  While Sela ‘687 clearly discloses a protected state in which no entity can perform standard read operations and standard write operations on memory blocks set to said protected state, it does not explicitly describe generating, by the host device, a first request indicating a request to execute the first command in the first LBA; generating, by the storage device, a first response indicating a failure of the first command, based on the first request; generating, by the host device, a second request indicating a request to execute the second command in the second LBA; and generating, by the storage device, a second response indicating a failure of the second command, based on the second request.
Sela ‘544 describes an apparatus including a replay protected memory block formed in a plurality of non-volatile memory cells.  Specifically, it is disclosed that when a host 120 attempts to write to RPMB 400, authentication circuit 412 of host 120 generates a MAC from key 414 and a message.  A write count 416 may be included in the message and may be used to generate the MAC.  Host 120 sends the MAC, write count, and message to memory system 100.  In response, authentication circuit 402 generates a MAC from key 404 and the received message and compares this MAC with the MAC received from host 120.  If the MACs are not identical (e.g., where another entity other than host 120 attempts to write in RPMB 400) then authentication circuit 402 denies write access.  No new data is written in RPMB 400 in this case.  A response may be sent to indicate that authentication failed.  If write counts are not identical (e.g. in a reply attack) then authentication circuit 402 denies write access to host 120 in write in RPMB 400 and no new data is written in RPMB 400.  A response may be sent to indicate that the write counts did not match (Sela ‘544, page 5, paragraph [0052]).  
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Sela ‘544 teachings in the Sela ‘687 system. Skilled artisan would have been motivated to incorporate the method of indicating an access failure as taught by Sela ‘544 in the Sela ‘687 system for effectively communicating failed operations.  In addition, both of the references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as non-volatile memory using replay protected memory blocks.  This close relation between both of the references highly suggests an expectation of success.
Regarding claim 20, Sela ‘687 in view of Sela ‘544 describe the method of claim 19 (see above), further comprising: generating, by the host device, a third request indicating a request to execute the first command in the second LBA; executing, by the storage device, the first command in the second LBA, based on the third request; generating, by the host device, a fourth request indicating a request to execute the second command in the first LBA; and executing, by the storage device, the second command in the first LBA, based on the fourth request (The first alternative protected state (e.g., state number 1’) includes an open access standard read characteristic (e.g. indicated in the standard read column 404’) and an open access standard write characteristic (e.g., indicated in the standard write column 406’).  Accordingly, any entity can perform standard read operations and standard write operations on memory blocks (e.g., of the address range) set to the first alternative protected state (Sela ‘687, column 14, lines 55 – 63)).
Claims 3 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sela ‘687 in view of Sela ‘544, further in view of Baryudin et al. US Patent Application Publication No. 2014/0130188 (herein after referred to as Baryudin).
Regarding claim 3, Sela ‘687 in view of Sela ‘544 describe the method of claim 1 (see above), wherein the first command is one of a read command, a write command, and a purge command, and wherein the second command is another one of the read command, the write command, and the purge command (…standard read, write, and erase operations are not valid on an RPMB partition since it may violate its security scheme (Sela ‘687, column 3, line 67 – column 4, line 2).  If a command is not valid it is reasonable to presume that repeated issuances of such commands would be treated in the same way given the same circumstances).  Sela ‘687 and Sela ‘544 do not explicitly describe an unmap command as among the commands that are not valid to use on an RPMB partition.
Baryudin describes a hi-jack protected, secure storage device requiring proof that the user has actual physical access to the device before protected commands are executed.  Specifically, Baryudin discloses that the protected commands include, “Change Existing Credentials,” “Format Drive,” “Erase Specified Portions of Drive,” “Sanitize and Trim,” any combination thereof, and the like (Baryudin, page 3, paragraph [0025]).  Baryudin also more specifically mentions “a solid-state drive TRIM command” as among the protected storage commands (Baryudin, page 4, paragraph [0039]).  
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Baryudin teachings in the Sela ‘687 in view of Sela ‘544 system. Skilled artisan would have been motivated to include a TRIM command among the protected commands as taught by Baryudin in the Sela ‘687 in view of Sela ‘544 system for effectively protecting designated protected areas from tampering.  In addition, both of the references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as protected areas of non-volatile memory.  This close relation between both of the references highly suggests an expectation of success.
Regarding claim 18, Sela ‘687 in view of Sela ‘544 describe the method of claim 17 (see above), wherein the first command is one of a read command, a write command, and a purge command, and wherein the second command is another one of the read command, the write command, and the purge command (…standard read, write, and erase operations are not valid on an RPMB partition since it may violate its security scheme (Sela ‘687, column 3, line 67 – column 4, line 2).  If a command is not valid it is reasonable to presume that repeated issuances of such commands would be treated in the same way given the same circumstances).  Sela ‘687 and Sela ‘544 do not explicitly describe an unmap command as among the commands that are not valid to use on an RPMB partition.
Baryudin describes a hi-jack protected, secure storage device requiring proof that the user has actual physical access to the device before protected commands are executed.  Specifically, Baryudin discloses that the protected commands include, “Change Existing Credentials,” “Format Drive,” “Erase Specified Portions of Drive,” “Sanitize and Trim,” any combination thereof, and the like (Baryudin, page 3, paragraph [0025]).  Baryudin also more specifically mentions “a solid-state drive TRIM command” as among the protected storage commands (Baryudin, page 4, paragraph [0039]).  
Therefore, it would have been obvious to a person of ordinary skill in the computer art before the effective filing date of the claimed invention to incorporate the Baryudin teachings in the Sela ‘687 in view of Sela ‘544 system. Skilled artisan would have been motivated to include a TRIM command among the protected commands as taught by Baryudin in the Sela ‘687 in view of Sela ‘544 system for effectively protecting designated protected areas from tampering.  In addition, both of the references teach features that are directed to analogous art and they are directed to the same field of endeavor, such as protected areas of non-volatile memory.  This close relation between both of the references highly suggests an expectation of success.
	Allowable Subject Matter
Claims 11 – 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  Claim 11 describes, “The method of claim 10, wherein the index includes one of: a first index code value indicating an LBA protection operation; a second index code value indicating an LU protection operation; and a third index code value indicating a memory type protection operation.”  Claim 12 describes, “The method of claim 10, wherein the secure command protect entry includes: a command protect flag indicating whether to protect the first command and whether to protect the second command; and a command protect type that defines a type of controlling the command protect flag.”  Sela ‘687, Sela ‘544, nor Baryudin teach or suggest all of the limitations presented in the identified claims.  Lee et al. US Patent Application Publication No. 2019/0266096 describes that a controller may include a write control unit configured to allocate a buffer memory for temporarily storing data to be written in different manners depending on the kind of data to be written to the storage unit based on a write related command provided from a host device but it does not teach or suggest all of the limitations disclosed in the identified claims.  Claims 13 and 14 depend from Claim 12.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RALPH A VERDERAMO III whose telephone number is (571)270-1174. The examiner can normally be reached Monday through Friday 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RALPH A VERDERAMO III/Examiner, Art Unit 2136                                                                                                                                                                                                        




rv
November 19, 2022

/EDWARD J DUDEK  JR/Primary Examiner, Art Unit 2136