DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to a request for continued examination filed on September 15, 2022.
Claims 31, 38, 40, 42, 44, 46 and 47 have been amended.	Claims 31-50 are pending.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on August 16, 2022 has been entered.
 
Response to Arguments
Applicant’s arguments with respect to claims 31-50 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 

Specification
The disclosure is objected to because of the following informalities: 
In Par. [067], Par. [069], Par. [0100], the specification refers to an anti-replay mechanism/field as “anti-reply”. It is recommended by the Examiner to amend the term to read “anti-replay” instead.  
Appropriate correction is required.

Claim Objections
Claim 44 is objected to because of the following informalities: 
Claim 44 recites “further comprising including the anti-replay mechanism selectable by the value of one of the first group flags within at least one of the sub-fields of the second accessible data storage area”. As Claim 42 has been amended to include an anti-replay mechanism within the sub-fields of the second accessible storage area, it is recommended by the Examiner to amend the limitation to read “wherein the anti-replay mechanism is selectable by the value of one of the first group of flags” instead like in Claim 40. Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 31-37, 40-45, 47-50 are rejected under 35 U.S.C. 103 as being unpatentable over et al (U.S. Pub. No. 2015/0350206 A1) hereinafter referred to as “Shin”, and further in view of Lee et al. (U.S. Pub. No. 2016/0034683 A1) hereinafter referred to as “Lee”, and further in view of Samsonov et al. (U.S. Pub. No. 2016/0379015 A1) hereinafter referred to as “Samsonov”.
Regarding Claim 31:
	Shin discloses the following limitations:
	A memory device for ensuring a secure memory access, comprising: a first accessible data storage area configured to store data; a second accessible data storage area configured to store metadata (Par. [0005], a storage device (a first accessible data storage area configured to store data) including a register (a second accessible data storage area), the register including fields that store information for controlling write protection attributes (configured to store metadata))
	the second accessible data storage area being organized in groups of sub-fields including at least a first group of flags and at least another field of the same second accessible storage area selectable by the value of one of the first group of flags (Par. [0005], the register including fields that store information for controlling write protection attributes and a secure mode of the storage device (the second accessible data storage area being organized in groups of sub-fields) … wherein the register comprises a secure write protection (WP) configuration masking field (including at least a first group of flags) for controlling register fields of the register that are associated with write protection (and at least another field of the same second accessible storage area selectable by the value of one of the first group of flags))
	(taught by Lee below)

	Lee discloses the following limitations not taught by Shin:
	wherein one of the at least another field of the same second accessible storage area includes a message authentication code (MAC) whose usage is defined by the value of one of the first group of flags (Fig. 15, HMAC 3250 (wherein one of the at least another field of the same second accessible storage area includes a message authentication code (MAC)); Par. [0083], The removable UFS card 2200 that supports the authentication function may have an authentication existence field bDeviceLocked indicating whether or not to perform authentication (whose usage is defined by the value of one of the first group of flags)). Reference Lee teaches a storage device which stores a flag indicating the support of a security function (Par. [0017], The storage device also includes a second non-transitory computer readable medium configured to store a device descriptor. The device descriptor includes an indicator, and the indicator indicates whether the storage device supports a security function). As this field is described to indicate “whether or not to perform authentication” (Par. [0083]), this teaches defining the usage of the message authentication code, which Lee teaches as a form of authentication (Par. [0120], The Hash-based Message Authentication Code (HMAC) may be used to authenticate a request) and storing in the storage device (Par. [0152], As illustrated in FIG. 15, the memory controller 3200b may further include a direct memory access (DMA) 3240 for accessing a memory directly, an HMAC 3250 and an AES (Advanced Encryption Standard) 3260 for data security). 

	Samsonov discloses the following limitation not taught by Shin/Lee:
	and one of the at least another field of the same second accessible storage area includes an anti-replay mechanism which uses a unidirectional security association in order to establish a secure connection between two nodes in a network and packet sequence numbers to defeat replay attacks (Abstract, Par. [0017], Par. [0028], Par. [0031], Par. [0032]). Samsonov discloses an anti-replay mechanism in the form of a trusted counter for replay-protected storage. Samsonov discloses the counter being used in association with a message authentication code as part of a simple header for authentication with the storage device. In combination with the message authentication code taught by Shin/Lee, this teaches the claimed limitation of an anti-replay mechanism. Regarding the latter part of the claim limitation that the anti-replay mechanism “uses a unidirectional security association in order to establish a secure connection between two nodes in a network and packet sequence numbers to defeat replay attacks”, this part of the claim describes an anti-replay protocol of incrementing a counter as part of IPsec as described verbatim in NPL – “Anti-replay”. Therefore, as Samsonov is directed towards a similar security protocol for communicating over the internet (Par. [0001]) and an anti-replay mechanism of a counter, i.e. packet sequence numbers, this teaches the fully claimed limitation. Samsonov further teaches that using this anti-replay mechanism protects against malicious actors (Par. [0025]). 

	Reference Shin does not disclose a message authentication code whose usage is defined by the value of a flag nor a field of an anti-replay mechanism. Reference Lee however teaches storing a message authentication code with an authentication existence field which governs whether to perform authentication. Lee further teaches that using a message authentication code provides security (Par. [0152], As illustrated in FIG. 15, the memory controller 3200b may further include a direct memory access (DMA) 3240 for accessing a memory directly, an HMAC 3250 and an AES (Advanced Encryption Standard) 3260 for data security) and the authentication existence field allows determination of whether the storage device supports authentication (Par. [0017], the indicator indicates whether the storage device supports a security function). Additionally, reference Samsonov teaches using an anti-replay mechanism by storing a trusted counter in conjunction with a message authentication code for additional security (Abstract, Par. [0025]). 
	References Shin, Lee, and Samsonov are considered to be analogous art because they relate to secure storage of data in memory devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the metadata storage system of Shin with the message authentication code and authentication existence field of Lee in order to gain the benefit of additional security while indicating its support by the storage device. Additionally, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the storage system of Shin/Lee with the trusted counter of Samsonov to gain the benefit of additional security through protection against replay attacks.  

Regarding Claim 32:
	Shin/Lee/Samsonov discloses Claim 31.
	Shin further discloses the following limitation:
	wherein at least one of the first group of flags comprises a pointer or an enabling value to activate the at least another field (Par. [0007], the register (at least one of the first group of flags) may include a secure WP enable field configured to control a state of the secure mode of the storage device (comprises a pointer or an enabling value to activate the at least another field))

Regarding Claim 33:
	Shin/Lee/Samsonov discloses Claim 31.
	Shin further discloses the following limitation:
	wherein the first accessible data storage area comprises a host data portion containing data that a host device of the memory device needs to store (Par. [0137], flash memory 6230 (first accessible data storage area) may store data transferred from the host 6100 (comprises a host data portion containing data that a host device of the memory device needs to store))

Regarding Claim 34:
	Shin/Lee/Samsonov discloses Claim 31.
	Shin further discloses the following limitation:
	wherein the memory access of both memory portions is done by pages (Par. [0016], storage device may include at least one of a plurality of flash memory devices). It is well known in the art that the memory access of flash memory devices is inherently performed using pages, so Shin discloses the additional limitation.

Regarding Claim 35:
	Shin/Lee/Samsonov discloses Claim 31.
	Shin further discloses the following limitation:
	wherein one of the sub-fields of the second accessible data storage area comprises a cryptographic algorithm to verify either the data integrity or the authentication of a message (Par. [0011], storage system may be configured such that storage device (wherein one of the sub-fields of the second accessible data storage area) requires requests of the host to be authenticated using at least one of keyed-hash message authentication code (HMAC) (comprises a cryptographic algorithm to verify either the data integrity or the authentication of a message)). In Figure 3 of Shin, it is further illustrated that the Security Manager (WP Descriptor) 3234 is used to validate the HMAC as a part of the storage device. Therefore, the security manager described by Shin, which is found to comprise HMAC validation and is part of the second accessible data storage area, meets the additional limitation.

Regarding Claim 36:
	Shin/Lee/Samsonov discloses Claim 35.
	Shin further discloses the following limitation:
	wherein the cryptographic algorithm includes a digest or the message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key (Par. [0011], to be authenticated using at least one of keyed-hash message authentication code (HMAC))

Regarding Claim 37:
	Shin/Lee/Samsonov discloses Claim 36.
	Shin further discloses the following limitation:
	wherein a MAC algorithm includes at least a cryptographic primitive including a HASH function (Par. [0011], to be authenticated using at least one of keyed-hash message authentication code (HMAC))

Regarding Claim 40:
	Shin/Lee/Samsonov discloses Claim 31. 
	Samsonov further discloses the following limitation:
	wherein the anti-replay mechanism is selectable by the value of one of the first group of flags (Par. [0028], Par. [0031], Par. [0032], Par. [0044]). Shin discloses a storage of metadata which are selectable by values of flags as argued previously in Claim 31, and Lee was further combined with Shin to add an authentication existence field which enables the usage of, i.e. selects, a message authentication code for authentication. Samsonov teaches using a counter in conjunction with a message authentication code as part of authentication, as shown in the storage of a header in one embodiment of Samsonov. Therefore, the anti-replay mechanism is considered to be selectable by one of the flags, as the authentication existence field of Shin/Lee, which selects whether to perform authentication, also selects usage of the anti-replay mechanism when taken into combination with Samsonov. 

Regarding Claim 41:
	Shin/Lee/Samsonov discloses Claim 40.
	Samsonov further discloses the following limitation:
	wherein the selectable anti-replay mechanism includes at least one of the following functions: a monotonic counter or a Nonce or a Time Stamp (Abstract, Par. [0028]). Samsonov teaches the anti-replay mechanism being a counter that is incremented for each successful read/write, i.e. a monotonic counter.  

Regarding Claims 42-45:
	Claims 42-45 are drawn to the method of using corresponding to the memory device same as claimed in Claims 31, 33, 40, and 35 respectively. Therefore, method claims 42-45 correspond to apparatus claims 31, 33, 40, and 35, respectively, and are rejected for the same reasons of motivation/combination of references as used above. However, Claims 42-45 further recite a method (Shin, Par. [0002], a secure write protect performing method thereof).

Regarding Claims 47-49:
	Claims 47-49 are drawn to the electronic system corresponding to the memory device same as claimed in Claims 31, 32, and 35 respectively. Therefore, system claims 47-49 correspond to apparatus claims 31, 32, and 35, respectively, and are rejected for the same reasons of motivation/combination of references as used above. However, Claims 47-49 further recite a host device to which the memory device is coupled (Shin, Par. [0003], a storage system includes a host and a storage device. The host and the storage device are connected through a variety of standardized interfaces).

Regarding Claim 50:
	Shin/Lee/Samsonov discloses Claim 47.
	Shin further discloses the following limitation:
	wherein the host device is connected directly to the memory device or is coupled to the memory device through intermediary devices (Figure 14, Par. [0123], the SSD 4200 may exchange signals SGL with the host 4100 (is coupled to the memory device) through a signal connector 4211 (through intermediary devices))

	Claims 38-39, 46 are rejected under 35 U.S.C. 103 as being unpatentable over Shin/Lee/Samsonov as applied to claims 31 and 42 above, and further in view of You et al. (U.S. Pub. No. 2009/0052670 A1) hereinafter referred to as “You”.

Regarding Claim 38:
	Shin/Lee/Samsonov discloses Claim 31.
	Shin further discloses the following limitations:
	wherein the second accessible data storage area comprises a metadata portion including in separate fields: a group of flags (Par. [0069], the device register (second accessible data storage area) may be formed of six registers; Par. [0072], the EXT CSD register may be formed of 512 bytes and may define device properties and selected modes (comprises a metadata portion including in separate fields: a group of flags))
	(taught by You below)
	 (taught by Samsonov below)
	and a cryptographic algorithm (Par. [0011], to be authenticated using at least one of keyed-hash message authentication code (HMAC))

	Samsonov discloses the following limitation:
	the anti-replay mechanism (Abstract, Par. [0028], Par. [0031], Par. [0032]). This limitation was previously shown to be taught by Samsonov in the rejection of Claim 31. 

	You discloses the following limitations not taught by Shin/Lee:
	an ID field of a host device (Par. [0047], the storage ID file 240 includes a host ID). Shin discloses a storage of metadata but does not explicitly disclose the storage of metadata consisting of a host ID. You however discloses that in the context of digital rights management, “it is necessary to forbid playback of the content stored in the storage device when the storage device is connected to another set-top box” (Par. [0005]). Therefore, encryption where the key file (second storage area) contains a host ID is necessary to prevent this abuse. 

	The combination of Shin/Lee/Samsonov and You are considered to be analogous art because they both pertain to secure storage of data in memory devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the metadata storage system of Shin/Lee/Samsonov with the inclusion of the host ID of You in order to gain the benefit of increased security in light of being a system which adheres to digital rights management.

Regarding Claim 39:
	Shin/Lee/Samsonov/You discloses Claim 38.
	The combination of Shin and You further discloses the following limitation:
	wherein the ID field of a host device has been provided to identify the ID of a software application requesting an access to the metadata portion (Shin Par. [0080], according to at least one example embodiment of the inventive concepts, the secure WP configuration masking field may be accessed (requesting an access to the metadata portion) through other ways instead of, or in addition to, the HMAC authentication (the ID field of a host device has been provided to identify the ID of a software application)). Shin discloses that alternative authentication methods may be used to control access, but does not disclose that of using a host ID. You discloses that a host ID may be used to authenticate a device. You teaches that this ensures that content is properly played with the correct host device in the area of digital rights management. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Shin and You in regards to these aspects to arrive at the limitation of the claim, i.e. the host ID is used to authenticate access to the metadata.


Regarding Claims 46:
	Claim 46 is drawn to the method of using corresponding to the memory device same as claimed in Claim 38. Therefore, method claim 46 corresponds to apparatus claim 38, and is rejected for the same reasons of motivation/combination of references as used above. However, Claim 46 further recite a method (Shin, Par. [0002], a secure write protect performing method thereof).

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Sarangdhar et al. (U.S. Pub. No. 2013/0159727 A1) – Includes methods regarding protecting storage against replay attacks using a monotonic counter
Ambati et al. (U.S. Pub. No. 2016/0277358 A1) – Includes methods regarding IPsec anti-replay protection using a protection flag/indicator
Noehring et al. (U.S. Pub. No. 2002/0188839 A1) – Includes methods regarding enabling IPsec anti-replay protection using flags/fields in conjunction with fields for enabling IPsec authentication/encryption headers

Conclusion
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ETHAN V VO/Examiner, Art Unit 4122                                                                                                                                                                                                        /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431