Detailed Action
This office action is in response to applicant’s submission filed on December 9, 2025. Claim 1 was previously canceled. Claims 2-21 are pending and rejected.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This communication is in response to the amendment filed on December 9, 2025. The Examiner has acknowledged the amended claims 2, 3, 5, 10, 11, and 15-21. Claim 1 was previously canceled. Claims 2-21 are pending and are rejected.
Response to Arguments
Applicant’s Arguments (Remarks) filed December 9, 2025 have been fully considered, but are not persuasive. Note that this action is made FINAL. See MPEP § 706.07(a).
The applicant argues the prior arts in the Office Action fails to teach the amendments. Examiner respectfully disagrees. The prior art teaches that the host views the memory as a single addressable area and provides the revised data that replaces the prior versions while metadata tracks and invalidates the earlier copy, the storage operation is necessarily performed for a particular logical address. Accordingly, storing the revised data within a selected portion corresponds to writing data at memory cells associated with that address, satisfying the “corresponding to the address” claim limitation). The texts also explicitly disclose that the purge command identifies data to be removed by supplying logical addresses (LBAs) and because the LBAs define the logical storage locations of the data, the subsequent block-level erasures applied to blocks storing previous versions necessarily erase data corresponding to those addresses. See also 102 rejection below.
Therefore, Examiner notes that the claim limitations are still taught by Hars.
The amendments to claims 16-21 has resolved the claim objections.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 2-7, 9-13, 15-19, and 21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2012/0278529 A1 to Hars et al. (hereinafter, “Hars”).
Regarding claim 2, Hars discloses: A memory system, comprising:
one or more memory devices; and processing circuitry coupled with the one or more memory devices and configured to cause the memory system to (“The various approaches disclosed herein can be used in any number of different types of memory devices, such as solid-state non-volatile memory arrays including but not limited to flash memory, spin-torque transfer random access memory (STRAM), resistive random access memory (RRAM), and programmable logic cells (PLCs). The various approaches can also be adapted to other types of storage media such as but not limited to magnetic recording discs” [0032]):
receive a first command to overwrite an address storing data in a first portion of the memory system that is configured to store secure information; overwrite the data at one or more memory cells of the first portion corresponding to the address in accordance with the first command (Fig. 5 - item 134; “The sequence of steps in FIG. 5 includes a partitioning step 132. A memory such as the memory 104 may be partitioned (divided)) during this step into one or more standard user data portions and one or more confidential user data portions. As shown by step 134, the standard user data portions are used to store standard user data received from a host device, and the confidential user data portions are used to store confidential user data received from the host. This division is internal to the storage device and is transparent to the host device, so that the host continues to view the memory area as a single addressable area in which to store data (e.g., a single disk partition, volume, device, etc.)” [0047]; “…it will be appreciated that a later received copy of the confidential data, such as a revised version of the data, may be subsequently provided to the storage device 100...The new data may be written to the same erasure block” [0066] [Examiner notes that the first text gives context to the first portion configured to store secure information as the confidential partition is the secure portion which makes clear that this portion is dedicated to secure confidential user data. The second text is brought in to show the overwriting action as it is replacing old confidential data with new/revised confidential data in the same erasure block. Examiner also notes that the “later received copy... provided to the storage device” is where the first command is disclosed as it shows the host delivering instructions/data that cause the memory system to overwrite secure/confidential data already stored. Examiner also notes that because the reference teaches that the host views the memory as a single addressable area and provides the revised data that replaces the prior versions while metadata tracks and invalidates the earlier copy, the storage operation is necessarily performed for a particular logical address. Accordingly, storing the revised data within a selected portion corresponds to writing data at memory cells associated with that address, satisfying the “corresponding to the address” claim limitation]);
receive after receiving the first command, an indication of a second command to purge the first portion of the memory system; erase the overwritten data from one or more memory cells of the first portion corresponding to the address in accordance with the second command (Fig. 5 - item 136; “As shown by step 136, a purge command may be issued to the storage device 100 to purge a particular set of the confidential user data from the device so that all versions (which may include both revisions and identical copies) of the data are removed from the device while leaving other confidential data in the device. For example, the user of a host device coupled to the storage device may desire to purge a particular data file from the storage device. Alternatively, the user may desire to purge a particular range of data sectors from the memory regardless whether these data sectors make up one or host level files. It is contemplated that the purge command will identify the particular set of confidential data to be purged. This may be carried out by supplying one or more logical addresses (e.g., LBAs) associated with the selected confidential data to be purged” [0048]; Fig. 14 - item 180; Fig. 11; (Fig. 14 -item 188; “Alternatively or additionally, non-affected sets of confidential data may be relocated from the erasure block(s) that store the previous version(s) of the selected data, as shown by step 186. Thereafter, block level erasures may be applied to the erasure block(s) with the previous version(s) of the selected data, step 188. As desired, multiple erasures/writes may take place as set forth in FIGS. 12-13” [0082] [Examiner notes that these texts explicitly disclose that the purge command identifies data to be removed by supplying logical addresses (LBAs) and because the LBAs define the logical storage locations of the data, the subsequent block-level erasures applied to blocks storing previous versions necessarily erase data corresponding to those addresses]); and
transmit an indication that the second command is complete in response to the erasing (Fig. 14 - item 192; “Once the purge operation is completed, the storage device forwards a purge complete status to the initiating source device, step 192, and the process ends at step 194. The purge complete status may be sent by the device to the host after a first purge operation has been completed that removes access to the data, such as through the key destruction approach. The device may subsequently carry out further actions in the background to further secure the device, such as overwrites/erasures of the physical locations of the data” [0084]).
Claim 10 recites substantially the same limitation as claims 2 and 3, in the form of a host system for implementing the corresponding memory system, therefore it is rejected under the same rationale.
Claim 15 recites substantially the same limitation as claim 2, in the form of a non-transitory computer readable medium comprising computer readable program code for implementing the corresponding system, therefore it is rejected under the same rationale.
Regarding claims 3 and 16, Hars discloses: transfer, in accordance with the second command, second data from the first portion of the memory system to a second portion of the memory system configured to store secure information, the second data including the overwritten data from the one or more memory cells of the first portion and third data stored to the first portion of the memory system (Fig. 14 - item 186; “Alternatively or additionally, non-affected sets of confidential data may be relocated from the erasure block(s) that store the previous version(s) of the selected data, as shown by step 186. Thereafter, block level erasures may be applied to the erasure block(s) with the previous version(s) of the selected data, step 188. As desired, multiple erasures/writes may take place as set forth in FIGS. 12-13” [0082] [Examiner notes that the second data here is seen as the non-affected sets of confidential data]),
wherein erasing the overwritten data from the one or more memory cells of the first portion of the memory system is in response to transferring the second data (Fig. 14 - item 188; “Alternatively or additionally, non-affected sets of confidential data may be relocated from the erasure block(s) that store the previous version(s) of the selected data, as shown by step 186. Thereafter, block level erasures may be applied to the erasure block(s) with the previous version(s) of the selected data, step 188. As desired, multiple erasures/writes may take place as set forth in FIGS. 12-13” [0082] [Examiner notes that the block level erasures are applied to the erasure block(s) with the previous version(s) of the selected data showing that erasure happens after relocation, which is what the claim language emphasizes]).
Regarding claims 4 and 17, Hars discloses: determine that the third data is valid, wherein transferring the second data including the third data is in response to the third data being valid (“It will be appreciated that a later received copy of the confidential data, such as a revised version of the data, may be subsequently provided to the storage device 100. In such case, the processing of FIG. 9 may be carried out to encode and store this new version of data to a different location in the CD portion 140. The new data may be written to the same erasure block, or to a different erasure block, within the CD portion. New updated metadata may also be generated. Metadata management techniques may be utilized to flag the previous copy as old, or stale data” [0066]; “As desired, prior version purges can be scheduled and carried out via batch processing by the device at suitable times, such as off-hour times when the device is not experiencing full volume workloads. By careful selection of the locations to which new versions of various data sets are written to the CD portion, the wiping out of previous versions can be carried out concurrently and with minimal data relocation through the erasure of blocks containing older versions of the various data sets” [0071] [Examiner notes that while the metadata flags makes it implicitly clear that that flagged stale data is excluded from relocation as the act of generating flags and using them during transfer effectively enforces that only valid data is moved, the second text provides explicit support that the system transfers only the valid data and erases the stale/overwritten data afterward]).
Regarding claim 5, Hars discloses: initiate a garbage collection operation for the first portion of the memory system in response to transferring the second data, wherein erasing the overwritten data from the one or more memory cells of the first portion is performed as part of the garbage collection operation (“In other embodiments, a garbage collection operation may take place whereby the erasure block containing the most recent previous version of the confidential data is erased. This may include the need to relocate and copy over other stored data in that erasure block. Care should be taken to ensure that the new version of data being written by the operation of blocks 154, 156 and 158 is to a different erasure block” [0069]).
Regarding claims 6, 12, and 18, Hars discloses: identify that a register of the memory system stores a value that indicates the second command (“As shown by step 136, a purge command may be issued to the storage device 100 to purge a particular set of the confidential user data from the device so that all versions (which may include both revisions and identical copies) of the data are removed from the device while leaving other confidential data in the device. For example, the user of a host device coupled to the storage device may desire to purge a particular data file from the storage device. Alternatively, the user may desire to purge a particular range of data sectors from the memory regardless whether these data sectors make up one or host level files. It is contemplated that the purge command will identify the particular set of confidential data to be purged. This may be carried out by supplying one or more logical addresses (e.g., LBAs) associated with the selected confidential data to be purged” [0048]; “As desired, prior version purges can be scheduled and carried out via batch processing by the device at suitable times, such as off-hour times when the device is not experiencing full volume workloads. By careful selection of the locations to which new versions of various data sets are written to the CD portion, the wiping out of previous versions can be carried out concurrently and with minimal data relocation through the erasure of blocks containing older versions of the various data sets” [0071] [Examiner notes that internally, the device needs to store and detect this command (via a register). The text shows how the device relocates and erases data in response to that purge command which conceptually means that the memory system recognized the second command and acts on it. The device would typically use a type of registers to track that the command is active. In order for a system to received and act on the command, it must internally store that command so that controller knows what to do (storage here is a register). The scheduling implies that the system must track the command and it is required to remember the command so some internal storage (register) is required to remember that a purge is pending]).
Regarding claims 7 and 19, Hars discloses: receive the second command to purge an encryption key from the first portion of the memory system (Fig. 5 - item 136; “As shown by step 136, a purge command may be issued to the storage device 100 to purge a particular set of the confidential user data from the device so that all versions (which may include both revisions and identical copies) of the data are removed from the device while leaving other confidential data in the device. For example, the user of a host device coupled to the storage device may desire to purge a particular data file from the storage device. Alternatively, the user may desire to purge a particular range of data sectors from the memory regardless whether these data sectors make up one or host level files. It is contemplated that the purge command will identify the particular set of confidential data to be purged. This may be carried out by supplying one or more logical addresses (e.g., LBAs) associated with the selected confidential data to be purged” [0048]; Fig. 14 - item 180; Fig. 11; “FIG. 14 is an exemplary CONFIDENTIAL DATA PURGE routine 180 that may be carried out by the storage device 100 to purge the copies of a particular data set in accordance with the foregoing discussion. The routine 180 may be initiated responsive to a purge command as shown in FIG. 11” [0080]).
Regarding claims 9 and 21, Hars discloses: wherein the data comprises an encryption key configured to encrypt data stored to a second portion of the memory system that is configured to store information associated with a host system (“A data encryption operation is represented by encryption block 156. The encryption can include the application of a selected algorithm (cipher) which uses special information (key) to scramble the received data. The encryption step can take any number of forms, including multi-level encryption. Any suitable keys can be used, including internally and/or externally generated keys, band keys, etc. In some embodiments, the LBA value(s) associated with the data may be used in the encryption algorithm as a seed value or other input data. Once the data are encrypted, the encrypted data are written to the CD portion of the memory 140. The data may be stored as a single copy, or multiple duplicate copies may be stored in different locations within the CD portion(s) 140” [0064] [Examiner notes that this text directly supports the idea that data (the key) is used to encrypt other data. The CD portion acts as the second portion of the memory storing host-associated data. This text also supports the flexibility that the key can be stored in the first portion and used to encrypt data in the second portion]).
Regarding claim 11, Hars discloses: transmit, to the memory system, a third command to store the data at the one or more memory cells of the first portion corresponding to the address In yet another alternative embodiment, the various copies of selected data associated with a particular logical address are all encrypted with a particular encryption key that is stored internally by the device in a selected memory location. This key can be destroyed, such as by being overwritten or erased as discussed above, thereby eliminating the ability to recover the various copies of this particular data set from the memory. These various steps can be carried out individually or in combination to provide different levels of security” [0083]; “The sequence of steps in FIG. 5 includes a partitioning step 132. A memory such as the memory 104 may be partitioned (divided)) during this step into one or more standard user data portions and one or more confidential user data portions. As shown by step 134, the standard user data portions are used to store standard user data received from a host device, and the confidential user data portions are used to store confidential user data received from the host. This division is internal to the storage device and is transparent to the host device, so that the host continues to view the memory area as a single addressable area in which to store data (e.g., a single disk partition, volume, device, etc.)” [0047] [Examiner notes how the text implies that the system received an instruction to store the key and the “internal storage” shows that the system acts on a command (third command) to store the key. The text also specific a location inside the device (first portion) and that the first portion is the confidential portion suitable for storing a key while the second portion is for host data]).
Regarding claim 13, Hars discloses: transmit the second command to the memory system (“As shown by step 136, a purge command may be issued to the storage device 100 to purge a particular set of the confidential user data from the device so that all versions (which may include both revisions and identical copies) of the data are removed from the device while leaving other confidential data in the device” [0048]).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 8, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2012/0278529 A1to Hars et al. (hereinafter, “Hars”) in view of US 2019/0236031 A1 to Kim.
Regarding claims 8, 14, and 20, Hars discloses all limitations of claim 2/10/15.
Hars does not explicitly disclose: wherein the first portion of the memory system comprises a Replay Protected Memory Block (RPMB).
However, Kim discloses: wherein the first portion of the memory system comprises a Replay Protected Memory Block (RPMB) (“In accordance with an embodiment of the present disclosure, the memory device 100 may include a replay protected memory block (RPMB) 160” 0040]).
Thus, it would have been obvious before the effective filing date of the claimed invention
to a person having ordinary skill in the art to which the claimed invention pertains, to combine the
method of Hars with the added structure of Kim in order to protect against attempted unauthorized access such as replay attacks [Kim 0042].
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should
be directed to SARON MATTHEWOS WORKU whose telephone number is (703)756-1761. The
examiner can normally be reached Monday - Friday, 9:30am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a
USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use
the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on 571-270-5440. The fax phone number for the organization where this
application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To
file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit
https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and
https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional
questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like
assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA)
or 571-272-1000.
/SARON MATTHEWOS WORKU/Examiner, Art Unit 2408
/LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408