Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
Amendment filed on 10/09/2025 for patent application 18/201,020 has been acknowledged. Claims 1-20 are currently pending and have been considered below. Claims 1, 15, and 19 are independent claims. Claims 1, 9-10, 15, and 18-20 have been amended. No new claims have been added.
Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/06/2025 has been entered.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed on 7/3/2023. The application claims the foreign priority of Republic of Korea KR10-2022-0112743 filed on 9/6/2022.
Response to Arguments
Applicant’s other arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
The 35 USC 103 rejection is maintained and has been updated below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack).
Regarding Claim 1, Prohofsky discloses: An operation method of a solid state drive, which is communicating with a host accessed by a tenant, the operation method comprising (Prohofsky, ¶[0074], “FIG. 10 shows an access command processing sequence 230 carried out by the storage device controller 222 responsive to each host command issued by the host.” ¶[0075], “… where access is granted and the command (e.g., read, write, etc.) is scheduled for execution by the SSD 220.” ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.” ¶[0080], “Each SSD maintains a separate session log for those access commands processed during the associated session.”):
receiving, from the host, a plurality of read commands generated by the tenant (Prohofsky, ¶[0074], “FIG. 10 shows an access command processing sequence 230 carried out by the storage device controller 222 responsive to each host command issued by the host. Block 232 shows initial receipt of an access command from the host.” ¶[0075], “… where access is granted and the command (e.g., read, write, etc.) is scheduled for execution by the SSD 220.” Prohofsky, ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.”);
calculating a plurality of latencies of the plurality of read commands, respectively (Prohofsky, ¶[0067], “Such logging can occur at the data storage device level, at the host level, etc. The logging can include the read and write commands received, timing information associated with such commands, etc.” ¶[0080], “Each SSD maintains a separate session log for those access commands processed during the associated session.”);
Prohofsky does not explicitly teach the following limitations that Pohlack teaches:
calculating a uniformity of the plurality of latencies (Pohlack, col 14, line 36-67, “The recent misses statistic 415 may be maintained over a recent time interval or number of access attempts. The VMM 120 or memory usage monitor 124 may detect a cache miss based on the latency of a memory access. … This information may be aggregated by the VMM 120 or memory usage monitor 124, and stored in the page table 400 as part of the monitored statistics 450.”);
determining, based on that the uniformity is within a predetermined ratio range, that there is a side channel attack from the tenant (Pohlack, col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker.” Prohofsky teaches, ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.”); and
transmitting a notification of the side channel attack to the host (Pohlack, col 15, line 13-54, “the memory usage monitor 124 may take further actions against the attacker VM, which may include logging the behavior of the attacker VM, isolating the memory usage of the attacker VM, shutting down the attacker VM, and/or alerting the administrator.” Prohofsky teaches, in ¶[0074], “FIG. 10 shows an access command processing sequence 230 carried out by the storage device controller 222 responsive to each host command issued by the host. Block 232 shows initial receipt of an access command from the host.”).
Prohofsky in view of Pohlack is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky with Pohlack to
“calculating a uniformity of the plurality of latencies;
determining, based on that the uniformity is within a predetermined ratio range, that there is a side channel attack from the tenant;
transmitting a notification of the side channel attack to the host;”
because associated methods are disclosed for mitigating side-channel attacks (Pohlack, Abstract).
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack) and further in view of Dillon et al. (US Patent Application Publication No. US 2019/0158371 A1, hereinafter, Dillon).
Regarding Claim 2, Prohofsky in view of Pohlack teaches: The operation method of claim 1, wherein
Prohofsky in view of Pohlack does not explicitly teach the following limitations that Dillon teaches:
the calculating of the plurality of latencies is performed based on a condition in which a transmission queue of the host is filled with the plurality of read commands (Dillon, ¶[0215], “At decision 1630, it is determined if the queue is full (e.g., equal to “n”). If the queue is full, at operation 1640 the oldest entry in the queue (i.e., latency measurement and associated time) is removed. At operation 1650, the passed measured latency and associated time (e.g., tick value) is added as a new entry.” ¶[0216], “At operation 1710, inbound and/or outbound latency measurements may be periodically made. … the frequency with which these periodic latency measurements are made may be adjusted over time as the type of traffic and amount of traffic flowing over the network changes.”).
Prohofsky in view of Pohlack and further in view of Dillon is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack with Dillon wherein
“the calculating of the plurality of latencies is performed based on a condition in which a transmission queue of the host is filled with the plurality of read commands;”
because the technology described is directed to configuring the rate limiters of network devices based on latency measurements (Dillon, Abstract).
Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack) and further in view of Wozniak et al. (US Patent Application Publication No. US 2020/0326885 A1, hereinafter, Wozniak).
Regarding Claim 3, Prohofsky in view of Pohlack teaches: The operation method of claim 1, wherein
Prohofsky in view of Pohlack does not explicitly teach the following limitation that Wozniak teaches:
a first latency of the plurality of latencies, is a time interval between:
a first time point when receiving a first read command of the plurality of read commands; and
a second time point when sending a processing result of the first read command (Wozniak, ¶[0048], “A latency value for an access can be determined by the DST processing unit based on a time interval measured from the time that an access request was sent to the storage unit via the network until the time success of the access is confirmed, based on a response received from the storage unit via the network.”).
Prohofsky in view of Pohlack and further in view of Wozniak are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack with Wozniak to calculate a
“a first latency of the plurality of latencies, is a time interval between: a first time point when receiving a first read command of the plurality of read commands; and a second time point when sending a processing result of the first read command;”
because, the processing unit can determine most recent latencies and/or track latencies of some or all of the plurality of possible storage units over time (Wozniak, ¶[0048]).
Regarding Claim 4, Prohofsky in view of Pohlack and further in view of Wozniak teaches: The operation method of claim 1, wherein a first latency of the plurality of latencies, is a time interval between:
a third time point when processing a first read command of the plurality of read commands; and
a fourth time point when a processing of the first read command is completed (Wozniak, ¶[0048], “A latency value for an access can be determined by the DST processing unit based on a time interval measured from the time that an access request was sent to the storage unit via the network until the time success of the access is confirmed, based on a response received from the storage unit via the network.”).
Regarding Claim 5, Prohofsky in view of Pohlack and further in view of Wozniak teaches: The operation method of claim 1, wherein the plurality of read commands are successive each other (Wozniak, ¶[0048], “A latency value for an access can be determined by the DST processing unit based on a time interval measured from the time that an access request was sent to the storage unit via the network until the time success of the access is confirmed, based on a response received from the storage unit via the network.”).
Claims 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack) and further in view of Olarig et al. (US Patent Application Publication No. US 2018/0288090 A1, hereinafter, Olarig).
Regarding Claim 6, Prohofsky in view of Pohlack teaches: The operation method of claim 1, wherein
Prohofsky in view of Pohlack does not explicitly teach the following limitation that Olarig teaches:
the transmitting is performed based on a System Management Bus (SMBus), an Inter-Integrated Circuit (I2C) protocol, or an Improved Inter Integrated Circuit (13C) protocol (Olarig, ¶[0017], “The BMC also has access to and control of NVMe-oF devices through local system buses, such as the Peripheral Component Interconnect Express (PCIe) bus and the System Management Bus (SMBus)”).
Prohofsky in view of Pohlack and further in view of Olarig are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack with Olarig wherein
“the transmitting is performed based on a System Management Bus (SMBus), an Inter-Integrated Circuit (I2C) protocol, or an Improved Inter Integrated Circuit (13C) protocol”
because, a computer storage array that is well-known in the arts includes a computer motherboard 101, a local CPU 102, a BMC 103, a PCIe switch 104, a networking device 105, and a plurality of NVMe-oF devices 106, and in this case, the NVMe-oF devices 106 may be Ethernet-enabled SSDs (eSSDs) (Olarig, ¶[0021]).
Regarding Claim 7, Prohofsky in view of Pohlack and further in view of Olarig teaches: The operation method of claim 1, wherein the notification is configured to be provided to a Baseboard Management Controller (BMC) of the host (Olarig, ¶[0023], “The BMC 103 communicates with a management server 108 via an out-of-band connection separate from an in-band connection established via the Ethernet bus.”).
Regarding Claim 8, Prohofsky in view of Pohlack and further in view of Olarig teaches: The operation method of claim 1, wherein the notification has a form of a response of a Non-Volatile Memory Express-Management Interface (NVMe-MI) standard (Olarig, ¶[0035], “The BMC 103 sends a notification to a system administrator of the computer storage array to inform the system administrator that the NVMe-oF device is compromised.” ¶[0004], “NVMe-oF is a technology specification designed to enable NVMe message-based commands to transfer data between an initiator, such as a host computer, and an NVMe-oF device or system over a network”).
Regarding Claim 9, Prohofsky in view of Pohlack and further in view of Olarig teaches: The operation method of claim 1, wherein the side channel attack is an attack for an input/output (I/O) device which is connected to the solid state drive through an I/O switch (Olarig, ¶[0021], “FIG. 1 illustrates an example computer storage array that utilizes a BMC to detect and counter incoming DoS attacks on or outgoing DoS attacks from the NVMe-oF devices. … The computer storage array 100 includes a computer motherboard 101, a local CPU 102, a BMC 103, a PCIe switch 104, a networking device 105, and a plurality of NVMe-oF devices 106. In this case, the NVMe-oF devices 106 may be Ethernet-enabled SSDs (eSSDs).” Pohlack, col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker.”).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack) and further in view of Olarig et al. (US Patent Application Publication No. US 2018/0288090 A1, hereinafter, Olarig) and Child et al. (US Patent Application Publication No. US 2021/0216648 A1, hereinafter, Child).
Regarding Claim 10, Prohofsky in view of Pohlack and further in view of Olarig teaches: The operation method of claim 9, wherein:
the I/O switch and the solid state drive are connected by a first Peripheral Component Interconnect Express (PCle) link (Olarig, ¶[0017], “The BMC also has access to and control of NVMe-oF devices through local system buses, such as the Peripheral Component Interconnect Express (PCIe) bus and the System Management Bus (SMBus).” ¶[0021], “In this case, the NVMe-oF devices 106 may be Ethernet-enabled SSDs (eSSDs).”), and
Prohofsky in view of Pohlack and further in view of Olarig does not explicitly teach the following limitation that Child teaches:
the I/O switch and the I/O device are connected by a second PCle link (Child, ¶[0041], “In implementations, storage array controller 101 may include a switch 116 coupled to the processing device 104 via a data communications link 109. The switch 116 may be a computer hardware device that can create multiple endpoints out of a single endpoint, thereby enabling multiple devices to share a single endpoint. The switch 116 may, for example, be a PCIe switch that is coupled to a PCIe bus (e.g., data communications link 109) and presents multiple PCIe connection points to the midplane.”).
Prohofsky in view of Pohlack and further in view of Olarig and Child are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack and further in view of Olarig with Child to implement
“the I/O switch and the I/O device are connected by a second PCle link,”
because, in implementations, storage array controller 101 may include a switch 116 coupled to the processing device (Child, ¶[0041]).
Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack) and further in view of Collison et al. (US Patent Application Publication No. US 2014/0282849 A1, hereinafter, Collison).
Regarding Claim 11, Prohofsky in view of Pohlack teaches: The operation method of claim 1, further comprising
Prohofsky in view of Pohlack does not explicitly teach the following limitation that Collison teaches:
delaying a command latency of the tenant (Collison, ¶[0073], “Perturbing latency preferably includes delaying communication to simulate latency effects.” “Perturbing latency can add fixed time delays to communication, add time delays to satisfy latency ranges, conditionally add latency, or make any suitable change to latency of a communication.” Prohofsky, ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.”).
Prohofsky in view of Pohlack and further in view of Collison are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack with Collison to
“delaying a command latency of the tenant;”
because this implementation may be used to enable, supplement or facilitate, application performance management (Collison, ¶[0073]).
Regarding Claim 12, Prohofsky in view of Pohlack and further in view of Collison teaches: The operation method of claim 11, wherein the delaying comprises delaying the command latency based on a latency range of the tenant (Collison, ¶[0073], “Perturbing latency preferably includes delaying communication to simulate latency effects.” “Perturbing latency can add fixed time delays to communication, add time delays to satisfy latency ranges, conditionally add latency, or make any suitable change to latency of a communication.” Prohofsky, ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.”).
Claims 13-14 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Pohlack et al. (US Patent No. US 10,706,147 B1, hereinafter, Pohlack) and further in view of Xiao et al. (US Patent Application Publication No. US 2022/0224615 A1, hereinafter, Xiao).
Regarding Claim 13, Prohofsky in view of Pohlack teaches: The operation method of claim 1, further comprising
Prohofsky in view of Pohlack does not explicitly teach the following limitation that Xiao teaches:
adjusting a priority of the tenant (Xiao, ¶[0103], “and adjusting, according to the latency assurance policy, the basic resource used for the service.” ¶[0133], “the execution module adjusts, based on the latency information and the latency requirement, a resource used for the service of the user.” ¶[0138], “adjusting a priority of traffic used for the service of the user.” Xiao is not relied upon to teach “attacking tenant.” Pohlack teaches, col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker.”).
Prohofsky in view of Pohlack and further in view of Xiao are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack with Xiao to
“adjusting a priority of the tenant;”
because as cloud service technologies rapidly develop, more services can be implemented on a cloud platform, and many of these services have a high requirement on a latency, and an excessively long latency seriously affects quality of service (Xiao, ¶[0003]).
Regarding Claim 14, Prohofsky in view of Pohlack and further in view of Xiao teaches: The operation method of claim 13, wherein the adjusting comprises adjusting the priority based on a latency range of the tenant (Xiao, ¶[0103], “and adjusting, according to the latency assurance policy, the basic resource used for the service.” ¶[0133], “the execution module adjusts, based on the latency information and the latency requirement, a resource used for the service of the user.” ¶[0138], “adjusting a priority of traffic used for the service of the user.” Xiao is not relied upon to teach “attacking tenant.” Pohlack teaches, col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker.”).
Regarding Claim 19, Prohofsky discloses: A solid state drive included in a server, the solid state drive comprising (Prohofsky, ¶[0074], “FIG. 10 shows an access command processing sequence 230 carried out by the storage device controller 222 responsive to each host command issued by the host.” ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.” ¶[0080], “Each SSD maintains a separate session log for those access commands processed during the associated session.”):
wherein the solid state drive is implemented as one of: a digital circuit, a programmable or non-programmable logic device or array, or an Application Specific Integrated Circuit (ASIC) (Prohofsky, ¶[0072], “The SSD 220 includes a storage device controller circuit 222 and a NAND flash memory module 224.”).
Prohofsky does not explicitly teach the following limitation that Pohlack teaches:
an attack detector configured to determine an attacking tenant from among a plurality of tenants connected to a host based on a determination that there is a side channel attack from the host (Pohlack, col 14, line 36-67, “The VMM 120 or memory usage monitor 124 may detect a cache miss based on the latency of a memory access.” Col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker. … For example, as illustrated in FIG. 4A, the memory usage monitor 124 may recognize that VM 01 (according field 410) is an attacker VM…” Col 7, line 23-55, “The VMs 112 may be instantiated to provide a variety of services that allows clients to use computing resources in a service provider network. … The provided services may include services … such as … multi-tenant containers for hosting software tenants.”);
Prohofsky in view of Pohlack is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky with Pohlack to implement
“an attack detector configured to determine an attacking tenant from among a plurality of tenants connected to a host based on a determination that there is a side channel attack from the host”
because associated methods are disclosed for mitigating side-channel attacks (Pohlack, Abstract).
Prohofsky in view of Pohlack does not explicitly teach the following limitation that Xiao teaches:
a budget calculator configured to calculate a latency range of the attacking tenant based on a service policy of the host (Xiao, ¶[0103], “generating, based on the actual latency of the service of the user and the latency requirement parameter of the service, the latency assurance policy used to provide latency assurance for the service.” Xiao is not relied upon to teach “attacking tenant.” Pohlack teaches, col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker.”); and
a latency adjuster configured to adjust a latency for the attacking tenant based on the latency range (Xiao, ¶[0103], “and adjusting, according to the latency assurance policy, the basic resource used for the service.” ¶[0133], “the execution module adjusts, based on the latency information and the latency requirement, a resource used for the service of the user.” ¶[0138], “adjusting a priority of traffic used for the service of the user.” Xiao is not relied upon to teach “attacking tenant.” Pohlack teaches, col 15, line 13-54, “In some embodiments, the memory usage monitor 124 may analyze the memory usage pattern of the VMs and determine that a particular VM is an attacker VM engaging or attempting a side-channel attacker.”),
Prohofsky in view of Pohlack and further in view of Xiao are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Pohlack with Xiao to implement
“a budget calculator configured to calculate a latency range of the attacking tenant based on a service policy of the host;
a latency adjuster configured to adjust a latency for the attacking tenant based on the latency range;”
because as cloud service technologies rapidly develop, more services can be implemented on a cloud platform, and many of these services have a high requirement on a latency, and an excessively long latency seriously affects quality of service (Xiao, ¶[0003]).
Regarding Claim 20, Prohofsky in view of Pohlack and further in view of Xiao teaches: The solid state drive of claim 19, wherein:
the service policy of the host comprises at least one of a tenant priority, a bandwidth, or a timeout limit (Xiao, ¶[0101], “The latency assurance policy generated based on the latency requirement parameter is as follows. … a bandwidth limit for a port of the virtual machine 1 is C1 Mbps, and a bandwidth limit for a port of the virtual machine 2 is C2 Mbps.”), and
the latency range comprises at least one of a minimum latency or a maximum latency (Xiao, ¶[0101], “it is assumed that the latency requirement parameter includes … a latency upper limit that the service needs to meet is 1 ms.”).
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Kim et al. (US Patent Application Publication No. US 2022/0343031 A1, hereinafter, Kim) and further in view of Blaine et al. (US Patent Application Publication No. US 2015/0347327 A1, hereinafter, Blaine).
Regarding Claim 15, Prohofsky discloses: An operation method of a solid state drive, which is communicating with a host accessed by a tenant, the operation method comprising (Prohofsky, ¶[0074], “FIG. 10 shows an access command processing sequence 230 carried out by the storage device controller 222 responsive to each host command issued by the host.” ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.” ¶[0080], “Each SSD maintains a separate session log for those access commands processed during the associated session.”):
Prohofsky does not explicitly teach the following limitation that Kim teaches:
determining that a command, which is received from the host by In-Band (IB) communication, corresponds to a side channel attack (Kim, ¶[0026], “The input unit 101 may receive data, instructions/commands, or programs (which are referred to as apps, applications, or software) from a designer, user, or other external device (not shown), and may transmit the received data, instructions/commands or programs to at least one of the storage unit 105 and the processing unit 110.” Prohofsky also teaches the claimed limitation “a command, which is received from the host by In-Band (IB) communication”, in ¶[0074], “FIG. 10 shows an access command processing sequence 230 carried out by the storage device controller 222 responsive to each host command issued by the host.”);
transmitting at least one of a first notification indicating that the side channel attack has been detected and a second notification indicating that the command latency has been adjusted, to the host by Out-Of-Band (OOB) communication (Kim, ¶[0027], “a warning message corresponding thereto, thereby being notified to an administrator or user of the apparatus 100 for detecting the cache side-channel attack, and/or transmitting the detection result or the warning message to an external electronic device (e.g., a smart phone or a desktop computer).”).
Prohofsky in view of Kim is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky with Kim to
“determining that a command, which is received from the host by In-Band (IB) communication, corresponds to a side channel attack;
transmitting at least one of a first notification indicating that the side channel attack has been detected and a second notification indicating that the command latency has been adjusted, to the host by Out-Of-Band (OOB) communication;”
because disclosed is a method capable of quickly detecting the cache side-channel attack in real time with high accuracy associated methods are disclosed for mitigating side-channel attacks (Kim, Abstract).
Prohofsky in view of Kim does not explicitly teach the following limitation that Blaine teaches:
adjusting a command latency for the tenant (Blaine, ¶[0044], “In response to receiving the expedite command at the storage device, as shown at block 606, the storage device reduce the pendency period of the request by, for example, increasing the priority of the blocking I/O request, causing a deadline for the request to expire, or adjusting a latency expectation for the task.” Prohofsky, ¶[0056], “the developer may be operating on behalf of another party or entity referred to as a tenant. While not separately shown in the diagram, the tenant (if used) is the overall owner of the process, data, etc. being implemented by the developer.”); and
Prohofsky in view of Kim and further in view of Blaine is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Kim with Blaine to
“adjusting a command latency for the tenant;”
because the memory controller implementing the command queuing system provides a quality of service (QoS) feature to facilitate an estimated worst-case latency for I/O tasks (Blaine, ¶[0039]).
Claims 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Kim et al. (US Patent Application Publication No. US 2022/0343031 A1, hereinafter, Kim) and further in view of Blaine et al. (US Patent Application Publication No. US 2015/0347327 A1, hereinafter, Blaine) and Olarig et al. (US Patent Application Publication No. US 2018/0288090 A1, hereinafter, Olarig).
Regarding Claim 16, Prohofsky in view of Kim and further in view of Blaine teaches: The operation method of claim 15, wherein:
Prohofsky in view of Kim and further in view of Blaine does not explicitly teach the following limitation that Olarig teaches:
the IB communication is performed based on a PCIe link (Olarig, ¶[0017], “The BMC also has access to and control of NVMe-oF devices through local system buses, such as the Peripheral Component Interconnect Express (PCIe) bus and the System Management Bus (SMBus).”, and
the OOB communication is performed based on one of an SMBus, an Inter-Integrated Circuit (I2C) protocol, or an Improved Inter-Integrated Circuit (I3C) protocol (Olarig, ¶[0017], “The BMC also has access to and control of NVMe-oF devices through local system buses, such as the Peripheral Component Interconnect Express (PCIe) bus and the System Management Bus (SMBus).” ¶[0023], “The BMC 103 communicates with a management server 108 via an out-of-band connection separate from an in-band connection established via the Ethernet bus.”.
Prohofsky in view of Kim and further in view of Blaine and Olarig is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Kim and further in view of Blaine with Olarig wherein
“the IB communication is performed based on a PCIe link ;
the OOB communication is performed based on one of an SMBus, an Inter-Integrated Circuit (I2C) protocol, or an Improved Inter-Integrated Circuit (I3C) protocol;”
because, a computer storage array that is well-known in the arts includes a computer motherboard 101, a local CPU 102, a BMC 103, a PCIe switch 104, a networking device 105, and a plurality of NVMe-oF devices 106, and in this case, the NVMe-oF devices 106 may be Ethernet-enabled SSDs (eSSDs) (Olarig, ¶[0021]).
Regarding Claim 17, Prohofsky in view of Kim and further in view of Blaine and Olarig teaches: The operation method of claim 15, wherein the transmitting comprises transmitting at least one of the first notification and the second notification in form of response of an NVMe-MI standard (Olarig, ¶[0035], “The BMC 103 sends a notification to a system administrator of the computer storage array to inform the system administrator that the NVMe-oF device is compromised.” ¶[0004], “NVMe-oF is a technology specification designed to enable NVMe message-based commands to transfer data between an initiator, such as a host computer, and an NVMe-oF device or system over a network”).
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky (US Patent Application Publication No. US 2020/0004451 A1) in view of Kim et al. (US Patent Application Publication No. US 2022/0343031 A1, hereinafter, Kim) and further in view of Blaine et al. (US Patent Application Publication No. US 2015/0347327 A1, hereinafter, Blaine), Olarig et al. (US Patent Application Publication No. US 2018/0288090 A1, hereinafter, Olarig), and Kachare et al. (US Patent Application Publication No. US 2018/0284989 A1, hereinafter, Kachare).
Regarding Claim 18, Prohofsky in view of Kim and further in view of Blaine and Olarig teaches: The operation method of claim 17, further comprising
Prohofsky in view of Kim and further in view of Blaine and Olarig does not explicitly teach the following that Kachare teaches:
receiving a Non-Volatile Memory (NVM) sub-system health status poll command from a host device by the OOB communication, wherein the transmitting is performed in response to the NVM sub-system health status poll command (Kachare, ¶[0075], “[0075] According to one embodiment, the BMC can periodically monitor a health status of the active eSSD and the passive eSSDs. For example, the BMC uses the NVMe-MI protocol and specifically NVMe-MI “Health Status Poll” command for the health status monitoring. The BMC may use the PCIe interface or the SMBus interface for management purposes.”).
Prohofsky in view of Kim and further in view of Blaine, Olarig, and Kachare are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area.” Namely, they pertain to the field of “data security systems.” It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Prohofsky in view of Kim and further in view of Blaine and Olarig with Kachare to
“receiving a Non-Volatile Memory (NVM) sub-system health status poll command from a host device by OOB communication, wherein the transmitting is performed in response to the NVM sub-system health status poll command”;
Because, reliable access to user data is one of the most critical requirements of a data storage system (Kachare, ¶[0005]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDGAR W XIE whose telephone number is (703)756-4777. The examiner can normally be reached Monday - Friday, 8:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EDGAR W XIE/ Examiner, Art Unit 2433
/WASIKA NIPA/ Primary Examiner, Art Unit 2433