DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Amendment
The amendment filed September 7, 2022 has been entered.  Claims 10 and 23 are cancelled, leaving claims 1-9, 11, 12 and 16-22 pending in this application. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 9, 11, 12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 9 recites “the result of the verifying of the first request”.  This is the first time it is recited in claim 9 and as such lacks antecedent basis.  For the purpose of examination, it is assumed this recites “a result”.
Claims 11 and 12 are rejected for dependence on claim 9. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-12, 16, and 18-23 are rejected under 35 U.S.C. 103 as being unpatentable over Sela et al. (US 2020/0014544, as presented in applicant’s IDS) in view of Overby (US 2015/0089218) and Yang et al. (“Authenticated Storage Using Small Trusted Hardware”). 
Regarding claim 1, Sela teaches a method of writing data to a protected region in response to a request from a host (Figs. 4 and 5 show different examples of a memory system showing authenticating access to a replay protected memory block (RPMB); the different embodiments are cited, as some of the following citations refer to the Fig. 4 embodiment, and some to the Fig. 5 embodiment, but a review of the specification shows that these are interchangeable with relation to the write process; Fig. 10B shows a process of a remote server in Fig. 5 writing to a RPMB, but this is understood to be the same process as the host writing to a RPBM in Fig. 4), the method comprising: 
Providing, to the host, a device write count (“The write count 416 in host 120 may reflect the number of times host 120 has written to RPMB 400 and may be obtained from write counter 406 in memory system 100 (e.g. a request for a write count may be sent and write count 416 may be received from memory system 100 prior to attempting to write to RPMB 400),” [0052]);
Receiving, from the host, a first write request including a first host message authentication code from the host, the first host message authentication code being based on a host write count, which is set to be the same as the device write count (Fig. 10B, step 1022, see also “A remote server calculates a [message authentication code] MAC (first MAC) from a write key 1020, e.g. from the write key and a write count (the write count may be obtained by requesting it from the memory system). The remote server sends a write request and the MAC to the memory system 1022,” [0069] and [0056] in the context of Figs. 5 and 10B; “When host 120 attempts to write to RPMB 400, authentication circuit 412 of host 120 generates a MAC from key 414 and a message, e.g. by applying a hash function such as SHA256 to key 414 and the message (including write data). A write count 416 may be included in the message and may be used to generate the MAC. The write count 416 in host 120 may reflect the number of times host 120 has written to RPMB 400 and may be obtained from write counter 406 in memory system 100 (e.g. a request for a write count may be sent and write count 416 may be received from memory system 100 prior to attempting to write to RPMB 400). Host 120 sends the MAC, write count, and message to memory system 100,” [0052] in the context of Fig. 4; this citation teaches the amended portion where the HMAC is based on a host write count set to the same as the device write count, as the host acquires write count from write counter 406 in the memory system); 
verifying the first write request based on the device write count and the host write count, the first random number, and the first host message authentication code (Fig. 10B, steps 1024, 1026, see also “An authentication circuit in the memory system calculates a MAC (second MAC) using the write key and compares this MAC with the MAC from the remote server 1024 (i.e. compares first MAC and second MAC). A determination is made as to whether these MACs are identical 1026,” [0069] and [0056] in the context of Figs. 5 and 10B; “In response, authentication circuit 402 generates a MAC from key 404 and the received message and compares this MAC with the MAC received from host 120 (i.e. with MAC generated by authentication circuit 412)… If write counts are not identical (e.g. in a replay attack) then authentication circuit 402 denies write access to host 120 to write in RPMB 400 and no new data is written in RPMB 400. A response may be sent to indicate that the write counts did not match,” [0052] in the context of Fig. 4, where the Fig. 4 discussion also includes that verification of the write request includes checking the MAC, which includes the write count, and the write counts; as the device write count has been obtained by the host, comparing the write count reads upon both the host and device write counts); and
updating the device write count based on a result of verifying the first write request, the updating of the device write count including incrementing the device write count when the verifying of the first write request succeeds (Fig. 10B, steps 1028, 1030, see also “If the MACs are identical, then the authentication circuit grants write access 1028 and the memory system stores data from the remote server in the RPMB 1030,” [0069] and [0056] in the context of Figs. 5 and 10B; “If keys 404 and 414 are identical and the message is unchanged then the corresponding MACs will be identical and authentication circuit 402 grants write access to host 120 to write data in RPMB 400. Controller 102 may proceed to execute the write command from host 120 and write data from host 120 in RPMB 400. Counter 406 is then incremented (i.e. counter 406 is a write counter that is incremented when a write occurs to RPMB 400),” [0052] in context of Fig. 4); and
providing the host with a first response including a result of the verifying of the first write request (in the context of Figs. 5 and 10B, a response is sent to the remote server either indicating completion of the write, authentication failed, or that the write counts did not match, see [0056] and Fig. 10B step 1034, [0069]; in the context of Fig. 4, a response is sent to host either indicating a completion of the write, authentication failed, or that the write counts did not match, see [0052]).
Sela fails to teach the method comprising:
generating a first device message authentication code based on the updated device write count and the first random number.
As a consequence of failure to teach the generation of the first device message authentication code, Sela fails to teach where the first response provided to the host includes the first device message authentication code.
In addition, while Sela does disclose the use of a random number/nonce in a verification process (see [0053,0057]), the nonce is only disclosed as being utilized for read requests and not write requests, so Sela fails to teach where the write request includes a first random number and the verification of the first write request is also based on the first random number.
Overby’s disclosure is related to providing access to secure storage and as such comprises analogous art in the same field of endeavor as the claimed invention. 
As part of this disclosure, Overby shows in Fig. 3C depicting a data buffer storing write related information before being sent to the storage (see Fig. 5, showing that information stored in the data buffer is transmitted to the storage), one of the variables stored is a nonce 318-2, described in [0062] as a cryptographically secure random number that the TEE adds.  Further, Overby provides that “The TEE 230 creates the authentication information 314-2 by executing a hash function, based upon the authentication key 234-1, across the bytes 32 through N of the data buffer 310-3,” [0062], teaching that authentication information is also based on the random number.
An obvious modification can be identified: incorporating a nonce as one of the values sent to a secure storage and utilized in calculating the authentication information.  Such a modification reads upon the limitation where the first write request includes a random number and verification is also based on the random number.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate a nonce as disclosed by Overby into Sela’s write process, as the nonce makes transmissions more secure, see Overby [0062].
The combination of Sela and Overby still fails to teach the generation of the first device message authentication code and where the first response includes the first device message authentication code.
Yang’s disclosure is related to providing hardware for authenticating data storage and as such comprises analogous art as directed to the same field of endeavor.
As part of this disclosure, Yang provides for where a response to a write request includes sending an HMAC, see Fig. 9, where the server ultimately sends an HMAC to the client.  This is also seen in Fig. 6, where a response to a write includes a HMAC for that particular write, and Table 2, where a response to a writeBlock() command from a client includes a HMAC(respW1) if the write succeeds and HMAC(respW2) if an invalid Vid is given.
An obvious modification can be identified: instead of just sending a response, as described in Sela, incorporating an HMAC based on the response.  Such a modification reads upon generating a first device message authentication code and where the first response includes the first device message authentication code.  In particular, Overby already provides for a modification where a nonce is incorporated into generating authentication information, reading upon the generation based on the random number, and Sela provides for situations where the write request fails – in such cases, the updated write count is necessarily the same as the previous write count, so generating an HMAC based on the response would read upon where the generation is based on the updated write count.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Yang’s HMAC for responses to write requests such as Sela’s write process, as providing a HMAC for the response allows a client to identify the correctness of the response sent from the server, see Section 3.2, Paragraph 2.
Regarding claim 2, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 1, and Sela further teaches wherein the updating of the device write count includes: 
maintaining the write count, when the verifying of the first write request fails (“If the MACs are not identical (e.g. where another entity other than host 120 attempts to write in RPMB 400) then authentication circuit 402 denies write access. No new data is written in RPMB 400 in this case. A response may be sent to indicate that authentication failed. If write counts are not identical (e.g. in a replay attack) then authentication circuit 402 denies write access to host 120 to write in RPMB 400 and no new data is written in RPMB 400. A response may be sent to indicate that the write counts did not match,” [0052] in the context of Fig. 4, see [0056] for a similar result in the context of Figs. 5 and 10B; the failure of verification means the write is denied, so no write is performed, so the write count is not incremented). 
Regarding claim 3, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 1, and Sela and Overby fail to teach the method further comprising: 
receiving a second write request including a second host message authentication code, a second host write count, and a second random number from the host; and 
verifying the second write request based on the updated write count, the second random number, and the second host message authentication code.
As part of Yang’s disclosure for managing secure writes and reads, in Fig. 6, Yang shows the ability to process multiple writes, where each write has a particular HMAC and response.  
An obvious combination can be identified: combining Yang’s disclosure of handling multiple writes with Sela’s write process.  Such a combination reads upon the limitation of the claim, as processing a second write would be functionally identical to processing the first write request.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to combine Yang’s disclosure of multiple write processes with Sela’s write process.  Both elements are known in the art, and as Yang shows that a system is capable of handling multiple writes sequentially, then one of ordinary skill in the art would find it predictable that Sela’s system is also able to handle a second write request. 
Regarding claim 4, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 3, further comprising: 
generating a second device message authentication code based on the updated device write count and the second random number; and 
providing the host with a second response including the second device message authentication code and a result of the verifying of the second write request, as follows.
As discussed in the claim 3 rationale, Yang provides for an obvious combination where Sela’s system can handle multiple write requests/a second write request.  Claim 3 related to the reception and verification of the write request, while claim 4 relates to generating the response code.  As seen in Yang Fig. 6, the HMAC for write 1 and write 2 are able to be processed, and as such the combination as identified in claim 3 reads upon the limitation of the claim.
Regarding claim 5, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 1, wherein the first response further includes the first random number (as discussed in the claim 1 rationale, Overby provides a disclosure showing that inclusion of a nonce into authentication information is useful for providing greater transmission security, even beyond the read request as Sela disclosed; as further discussed in the claim 1 rationale, Yang provides for a HMAC for a response to the host/client; between these two disclosures, an obvious modification was identified to generate a HMAC response including a nonce; as Overby and Sela both transmit the information that are utilized to calculate a verification MAC, then necessarily, a HMAC response as disclosed by Yang incorporating a nonce would also send over the nonce as part of the response, or else the HMAC can’t be verified).
Regarding claim 6, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 1, and Sela further teaches wherein the verifying of the first write request includes: 
generating a first host message verification code based on the device write count and the first random number (Fig. 10B, step 1024 authentication circuit calculates MAC, where claim 1 rationale provides Lee including the random number into the MAC calculation and [0052,0056] describe using the write count for the MAC); and 
comparing the first host message verification code with the first host message authentication code (Fig. 10B, step 1024 authentication circuit compares the generated MAC with the MAC received from remote server, see also [0052,0056]).
Regarding claim 7, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 6, and Sela further teaches wherein: 
the first write request includes a first host write count (“Host 120 sends the MAC, write count, and message to memory system 100,” [0052], see [0056] for Figs. 5 and 10B context; where the write count is acquired from the device and stored in the host, see [0052]), and 
the verifying of the first write request further includes comparing the device write count with the first host write count (“A write count 416 may be included in the message and may be used to generate the MAC… If write counts are not identical (e.g. in a replay attack) then authentication circuit 402 denies write access to host 120,” [0052], teaches that the MAC compared incorporates the write counts, so any comparison of the MAC’s necessarily incorporates a comparison of the write counts, but Sela’s system also provides for a direct write count comparison, where if the write counts don’t match, then the write may be denied, see “If write counts are not identical (e.g. in a replay attack) then authentication circuit 402 denies write access to host 120 to write in RPMB 400 and no new data is written in RPMB 400,” [0052]; see similar description in [0056] for Figs. 5 and 10B context.
Regarding claim 8, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 6, and the combination further teaches wherein: 
the generating of the first host message verification code is based on a key shared with the host in advance, the device write count, and the first random number (see claim 6 rationale regarding write count and random number; regarding the key, as seen in Sela Figs. 4 and 5 and disclosed in [0052,0056], a key is utilized in the calculation of the MAC for authenticating the write request; [0064,0065] disclose that the write keys may be written at a secure time during product configuration, manufacturing, testing, or initialization), and 
the generating of the first device message authentication code is based on the key, the updated write count, and the first random number (following the claim 1 rationale, an HMAC is calculated for a response as disclosed by Yang, where the incorporation into Sela and Overby utilized the write count and random number; while not previously cited, as part of incorporating an HMAC for the response into the combination, Yang discloses that HMAC keys can be used to authenticate response messages, see Section 3.3, Paragraph 2, teaching that the response would be generated using a key as well).
Regarding claim 9, Sela teaches a storage device configured to communicate with a host (Figs. 4 and 5, storage device 100,500, the storage device comprising: 
a memory including a protected region (Figs. 4 and 5, memory 104 containing RPMB 400); and 
a controller, wherein the controller is configured (Figs. 4 and 5, controllers 102 and 502) to:
provide, to the host, a device write count (“The write count 416 in host 120 may reflect the number of times host 120 has written to RPMB 400 and may be obtained from write counter 406 in memory system 100 (e.g. a request for a write count may be sent and write count 416 may be received from memory system 100 prior to attempting to write to RPMB 400),” [0052]);
receive, from the host, a first write request including a first host message authentication code and a first random number from the host, the first host message authentication code being based on a host write count, which is set to be the same as the device write count, and the first random number (this is identical to the limitation in claim 1 and rejected according to the same rationale), 
verify the first write request based on the device write count and the host write count, the first random number, and the first host message authentication code (this is identical to the limitation in claim 1 and rejected according to the same rationale), 
write data included in the first write request to the protected region when the verifying of the first write request succeeds (while no identical limitation exists in claim 1, in rejecting the “updating the write count” limitation in claim 1, citation is provided to Sela in [0052,0056] and Fig. 10B step 1030 that the write is performed if authentication is successful and the authentication circuit grants write access to the RPMB and sufficiently reads upon this limitation),
update the device write count based on a result of verifying the first write request, the updating of the device write count including incrementing the device write count when the verifying of the first write request succeeds (this is identical to the limitation in claim 1 and rejected according to the same rationale),
generate a first device message authentication code based on the updated write count and the first random number (this is identical to the limitation in claim 1 and rejected according to the same rationale), and
provide the host with a first response including the first device message authentication code and a result of the verifying of the first write request (this is identical to the limitation in claim 1 and rejected according to the same rationale).
Claims 11 and 12 are rejected according to the same rationale of claims 5 and 6.
Claims 16-22 are rejected under 35 U.S.C. 103 as being unpatentable over Sela in view of Overby, Yang, and Pearson et al. (US 2022/0164293).
Regarding claim 16, Sela teaches a method of writing data to a storage device including a protected region (Figs. 4 and 5 show different examples of a memory system showing authenticating access to a replay protected memory block (RPMB); the different embodiments are cited, as some of the following citations refer to the Fig. 4 embodiment, and some to the Fig. 5 embodiment, but a review of the specification shows that these are interchangeable with relation to the write process; Fig. 10B shows a process of a remote server in Fig. 5 writing to a RPMB, but this is understood to be the same process as the host writing to a RPBM in Fig. 4), the method comprising: 
Receiving, at a host, a device write count from the storage device, and setting a host write count to be the same as the device write count (“The write count 416 in host 120 may reflect the number of times host 120 has written to RPMB 400 and may be obtained from write counter 406 in memory system 100 (e.g. a request for a write count may be sent and write count 416 may be received from memory system 100 prior to attempting to write to RPMB 400),” [0052]);
Generating, by the host, a first host message authentication code based on the host write count (Fig. 10B, step 1020, see also “A remote server calculates a [message authentication code] MAC (first MAC) from a write key 1020, e.g. from the write key and a write count (the write count may be obtained by requesting it from the memory system),” [0069] and [0056] in the context of Figs. 5 and 10B; “When host 120 attempts to write to RPMB 400, authentication circuit 412 of host 120 generates a MAC from key 414 and a message, e.g. by applying a hash function such as SHA256 to key 414 and the message (including write data). A write count 416 may be included in the message and may be used to generate the MAC. The write count 416 in host 120 may reflect the number of times host 120 has written to RPMB 400 and may be obtained from write counter 406 in memory system 100 (e.g. a request for a write count may be sent and write count 416 may be received from memory system 100 prior to attempting to write to RPMB 400),” [0052] in the context of Fig. 4); 
Providing the storage device with a first write request, the first write request including the first host message authentication code (Fig. 10B, step 1022, see also [0056,0069] for context of Figs. 5 and 10B“Host 120 sends the MAC, write count, and message to memory system 100,” [0052] in the context of Fig. 4); and
Receiving, at the host, a first response from the storage device (in the context of Figs. 5 and 10B, a response is sent to the remote server either indicating completion of the write, authentication failed, or that the write counts did not match, see [0056] and Fig. 10B step 1034, [0069]; in the context of Fig. 4, a response is sent to host either indicating a completion of the write, authentication failed, or that the write counts did not match, see [0052]).
Sela fails to teach where the method comprises:
Verifying, at the host, the first response based on an increment value from the write count, the first random number, and the first device message authentication code; and 
Updating the host write count based on a result of the verifying of the first response, the updating of the host write count including incrementing the host write count to be the same as the increment value used in the verifying when the verifying of the first response succeeds.
Sela also fails to teach where the generation and provision of the write request and host message authentication code include a random number, as well as where the response received from the storage device includes a first device message authentication code.
Overby’s disclosure is related to providing access to secure storage and as such comprises analogous art in the same field of endeavor as the claimed invention. 
As part of this disclosure, Overby shows in Fig. 3C depicting a data buffer storing write related information before being sent to the storage (see Fig. 5, showing that information stored in the data buffer is transmitted to the storage), one of the variables stored is a nonce 318-2, described in [0062] as a cryptographically secure random number that the TEE adds.  Further, Overby provides that “The TEE 230 creates the authentication information 314-2 by executing a hash function, based upon the authentication key 234-1, across the bytes 32 through N of the data buffer 310-3,” [0062], teaching that authentication information is also based on the random number.
An obvious modification can be identified: incorporating a nonce as one of the values sent to a secure storage and utilized in calculating the authentication information.  Such a modification reads upon the limitation where the first write request includes a random number and the first host message authentication code is generated based on the random number.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate a nonce as disclosed by Overby into Sela’s write process, as the nonce makes transmissions more secure, see Overby [0062].
The combination of Sela and Overby still fails to teach the verifying/updating limitations as identified, as well as where the response includes a device message authentication code.
Yang’s disclosure is related to providing hardware for authenticating data storage and as such comprises analogous art as directed to the same field of endeavor.
As part of this disclosure, Yang provides for where a response to a write request includes sending an HMAC, see Fig. 9, where the server ultimately sends an HMAC to the client.  This is also seen in Fig. 6, where a response to a write includes a HMAC for that particular write, and Table 2, where a response to a writeBlock() command from a client includes a HMAC(respW1) if the write succeeds and Vid*, HMAC(respW2) if an invalid Vid is given. As stated in Section 3.2, Paragraph 2, the provision of the HMAC allows a client to identify the correctness of the response from the server. 
An obvious modification can be identified: instead of just sending a response, as described in Sela, incorporating an HMAC based on the response in order for the client to identify correctness, as well as a correct write count in the event of an incorrect write count provided in the write count. The incorporation of the HMAC into a response reads upon where the response includes a first device message authentication code, as well as the step of verifying the response, as the HMAC reads upon the first device message authentication code checked for correctness (as incorporated into Sela and Overby, Overby already provides for a modification where a nonce is incorporated into generating authentication information, and as such the first device message authentication code would include the nonce and so the verification of the HMAC would include the nonce, and Sela provides for situations where the write request fails – in such cases, the updated write count is necessarily the same as the previous write count, so generating an HMAC based on the response would read upon where the generation is based on the updated write count). 
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Yang’s HMAC for responses to write requests such as Sela’s write process, as providing a HMAC for the response allows a client to identify the correctness of the response sent from the server, see Section 3.2, Paragraph 2.
The combination of Sela, Overby, and Yang still fail to teach the amended updating limitation, as the updating now includes incrementing the host write count when the verifying succeeds. 
Examiner notes that the device write count is increased when the write request is verified (see the rationale of claims 1 and 2), but this is distinct from and occurs before verifying the response and as such does not read on the updating of the host write count claim limitation as recited. Sela, Overby, and Yang only provide for updating the write count on client/host side when a request to read the write count is issued, but these requests are not tied to verifying a response at all – generally, these requests to read the write count occur before the write is made.
As part of this disclosure, Pearson describes that known RPMB systems include a write-counter read request, where “The host can cache this initial write counter value in memory, and as long as the host detects that an authenticated write is successful as described above, the host software can increment the cached write counter value to keep the write counter value synchronized between the host and the RPMB controller,” [091].
An obvious modification can be identified: incorporating Pearson’s synchronization of the write counter value in the host, dependent on detecting a successful write.  As incorporated into the combination of Sela, Overby, and Yang, Yang in particular has been relied upon to provide an authentication of a response after a write request is attempted in a protected memory.  Incorporating Pearson’s disclosure would mean that, after Yang’s HMAC response is authenticated, in a successful write, the write counter maintained by the host can be incremented, and otherwise maintained if the response is not authenticated/the write is not successful, as these situations necessarily mean that the host is unable to detect a successful write as required by Pearson.  This modification therefore reads upon the limitation of the claim. 
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Pearson’s synchronization of write counters with Sela’s write process, as synchronizing the write counters to successful writes would reduce the amount of traffic between host and storage to read the write counter each time a write request is attempted.
Regarding claim 17, the combination of Sela, Overby, Yang, and Pearson teaches the method as claimed in claim 16, and further teaches wherein the updating of the write count includes: 
maintaining the host write count, when the verifying of the first response fails.
As noted in the claim 16 rationale, Pearson teaches incrementing the host side write counter when a successful write is detected.  Necessarily, this means that if a successful write is not detected, then the host write count is maintained. 
Regarding claim 18, the combination of Sela, Overby, Yang, and Pearson teaches the method as claimed in claim 16, and Sela and Overby fail to teach the method further comprising: 
generating a second random number; 
generating a second host message authentication code based on the updated host write count and the second random number; and 
providing the storage device with a second write request including the second host message authentication code and the second random number.
As part of Yang’s disclosure for managing secure writes and reads, in Fig. 6, Yang shows the ability to process multiple writes, where each write has a particular HMAC and response.  
An obvious combination can be identified: combining Yang’s disclosure of handling multiple writes with Sela’s write process.  Such a combination reads upon the limitation of the claim, as processing a second write would be functionally identical to processing the first write request.  While Yang doesn’t mention the generation of a second random number, as combined with Overby’s earlier disclosure, then a second write would necessarily feature a second random number for greater security.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to combine Yang’s disclosure of multiple write processes with Sela’s write process.  Both elements are known in the art, and as Yang shows that a system is capable of handling multiple writes sequentially, then one of ordinary skill in the art would find it predictable that Sela’s system is also able to handle a second write request. 
Regarding claim 19, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 18, further comprising: 
receiving a second response including a second device message authentication code from the storage device; and 
verifying the second response based on an increment value from the updated host write count, the second random number, and the second device message authentication code, as follows.
As discussed in the claim 18 rationale, Yang provides for an obvious combination where Sela’s system can handle multiple write requests/a second write request.  Claim 18 related to the generation and provision of the second request, where claim 19 relates to the reception of the second response and verification of the response.  As seen in Yang Fig. 6, the HMAC for write 1 and write 2 are able to be processed, including two separate responses, and as such the combination as identified in claim 18 reads upon the limitation of the claim.
Regarding claim 20, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 16, wherein the verifying of the first response includes: 
generating a first device message verification code based on the increment value from the host write count and the first random number; and 
comparing the first device message verification code with the first device message authentication code.
While none of the references explicitly teach this step, Yang has taught in the claim 16 rationale the inclusion of an HMAC for the response for verification, and Sela teaches providing an HMAC in a message is only sufficient when it can be authenticated.  In Sela’s write process, the host generates the MAC, and the memory generates a MAC to compare and authenticate the write request.  Given the combination of Sela, Overby, and Yang, where the memory sends a response back using a HMAC for checking correctness, then necessarily, the host/remote server would need to generate a HMAC for comparison in order to authenticate that the response is correct, reading upon this limitation of the claim.
Regarding claim 21, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 20, and the combination further teaches wherein the verifying of the first response further includes comparing the first random number with a third random number included in the first response (following the claim 16 and claim 20 rationales, then the combination of Sela, Overby, and Yang teaches providing a HMAC in response that includes a random number; as Overby’s random number is associated with a particular write request, then the same random number is used in the response; consequently, verifying the response necessarily includes comparing codes that are generated with the original random number as well as the same random number received in the response).
Regarding claim 22, the combination of Sela, Overby, and Yang teaches the method as claimed in claim 20, wherein: 
the generating of the first host message authentication code is based on a key shared with the storage device in advance, the host write count, and the first random number (the generation of the code based on write count and random number is addressed in the claim 16 rationale; regarding the key, as seen in Sela Figs. 4 and 5 and disclosed in [0052,0056], a key is utilized in the calculation of the MAC for generating the write request; [0064,0065] disclose that the write keys may be written at a secure time during product configuration, manufacturing, testing, or initialization), and 
the generating of the first device message verification code is based on the key, the increment value from the host write count, and the first random number (the general generation of the host message authentication code and generation based on the write count and random number is addressed in the claim 16/20 rationales; while not previously cited, as part of incorporating an HMAC for the response into the combination, Yang discloses that the HMAC keys can be used to authenticate response messages, see Section 3.3, Paragraph 2, teaching that the response is generated using a key, and necessarily a code generated to authenticate the response would need to use a key as well).

Response to Arguments
Applicant's arguments filed September 7, 2022 have been fully considered but they are not persuasive.
Applicant generally argues against the references in isolation instead of considering the references together as a combination. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The argument first focuses on Yang and Overby’s nonces and Yang’s location of the HMAC.  However, Yang’s nonce is noted but not relied upon for rejection of the claim limitations; Overby’s nonce is utilized in rejecting the claim.  The argument that Overby’s nonce is only used for entropy purpose and not any other purpose is unpersuasive – no purpose is recited in the claims.  The fact that applicant has recognized another advantage which would flow naturally from following the suggestion of the prior art cannot be the basis for patentability when the differences would otherwise be obvious.  See Ex parte Obiaya, 227 USPQ 58, 60 (Bd. Pat. App. & Inter. 1985).
In particular, applicant focuses on the reliance on Yang to teach the verification of the write request based on an HMAC and information about a write count.  However, the discussion includes consideration of how incorporating Yang’s disclosure into Sela and Overby’s disclosure would account for information about a write count.  As such, this argument is unpersuasive. 
Regarding the claim 16 specific argument about not teaching “verifying at the host, the first response based on an increment value from the host write count…”, applicant asserts that Yang and Pearson do not address the limitation.  However, Yang’s disclosure explicitly provides for an HMAC to the client for verification of the correctness of the server’s response.  In addition, the incrementing of the host write count is addressed in the inclusion of Pearson.  Applicant’s arguments do not provide detail beyond the broad assertion of patentability, leaving this argument unpersuasive. 
Applicant also argues that Sela and Overby’s teachings about verifying a write request are not disclosed to occur in the context of a verifying a response and as such the device message authentication code cannot be derived from Sela, Overby and Yang.  However, this is not persuasive.  The fact that Sela and Overby are silent on a response authentication is why Yang needs to be relied on in the first place.  Given the teaching that Yang provides of the need/obvious modification to provide an authentication code in a response, one of ordinary skill in the art could then turn to any of Sela, Overby, and Yang to see suggestions on what information to put into the authentication code.  Applicant’s arguments are not persuasive as to why one of ordinary skill in the art would not consider the combination of references collectively.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Shin et al. (US 2015/0350206) discloses request/response data structures that include write counters, nonces, results, and an HMAC.
Applicant's amendment necessitated the new grounds of rejection presented in this Office action.  The new rejection under 35 U.S.C. 112 is based solely on newly recited language.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AARON D HO whose telephone number is (469)295-9093. The examiner can normally be reached Mon-Thur 9:00-6:00 CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald Bragdon can be reached on (571)272-4204. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.D.H./Examiner, Art Unit 2139  

/REGINALD G BRAGDON/Supervisory Patent Examiner, Art Unit 2139