DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on April 19, 2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-6, 10, 11, and 15-18 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Prohofsky (US 2020/0004451).
Regarding claim 1, Prohofsky teaches a storage device to restrict host access to data (Fig. 9, SSD 220), the storage device comprises:
a memory device to store data (Fig. 9, NAND flash 224); and
a controller (Fig. 9, controller 222 including container validation 226) to determine that a session protection feature is enabled on the storage device, initiate a session on the storage device, obtain a session timeout value and execute a session protection mechanism using the session timeout value, wherein the session protection mechanism restricts host access to data on the memory device (Fig. 7 shows that when deploying a container to a storage device, part of the process is to deploy the container, where the processor and storage authenticate the container; part of the authentication is to utilize a session key and a session period generated, see “Validation of the session key can take place in a number of ways. It is contemplated that part of the authentication process to initially unlock that portion of the NAND flash 224 assigned for use by the container will include the transfer of certain information, including the session key, container key and session duration. This will link access of the data blocks stored by the SSD to a particular container, as well as to a particular session (deployment) of the container,” [0077]; Fig. 8 shows that host access commands contain a session key and session duration, where Fig. 10 shows that upon reception of an access command, the session key is validated, leading to the ability to grant or deny access to the flash; the session duration is also described in [0033,0035,0063] as the time period/elapsed time interval during which the session key is valid, i.e. a timeout is defined based on the time interval).
Regarding claim 2, Prohofsky teaches the storage device of claim 1, and further teaches wherein the session timeout value is one of a predefined value stored on the storage device and a configurable value provided by a host (“predetermined elapsed time period during which the session key remains valid may also be assigned by the manager circuit at this time,” [0033]).
Regarding claim 3, Prohofsky teaches the storage device of claim 1, and further teaches wherein the controller initiates the session when the storage device is unlocked (“It is contemplated that part of the authentication process to initially unlock that portion of the NAND flash 224 assigned for use by the container will include the transfer of certain information, including the session key, container key and session duration. This will link access of the data blocks stored by the SSD to a particular container, as well as to a particular session (deployment) of the container,” [0077]).
Regarding claim 4, Prohofsky teaches the storage device of claim 1, and further teaches wherein in executing the session protection mechanism the controller sets a timer to an initial time, calculates a session time, compares the session time to the session timeout value, and locks the storage device when the session time exceeds the session timeout value (“It is contemplated that part of the authentication process to initially unlock that portion of the NAND flash 224 assigned for use by the container will include the transfer of certain information, including the session key, container key and session duration. This will link access of the data blocks stored by the SSD to a particular container, as well as to a particular session (deployment) of the container,” [0077] and “Finally, at some point the container session will time out, such as by the container program being expressly terminated, by an encountered idle time, or the expiration of the predetermined time interval for the execution of the container,” [0067] provide that upon initially deploying a container, the session is initialized with a key and a session duration, which necessarily requires the ability to determine whether a current elapsed time has resulted in expiration of the duration; in addition, as initializing a session requires unlocking part of the NAND flash assigned to the container, then a session timing out necessarily results in a locking of the device again for a future unlocking).
Regarding claim 5, Prohofsky teaches the storage device of claim 4, and further teaches wherein the controller calculates the session time to include an elapsed time between the initial time and a current time (“In some embodiments, the presentation of a correct session key from an authorized process will not result in servicing of the command unless the storage device controller 222 further determines that the session time period has not expired,” [0078] teaches the ability that a current time must be determined in order to determine whether the session time period has expired or not; necessarily, this requires tracking a time since the initialization of the container in order to determine whether an elapsed time matches the session time period or not).
Regarding claim 6, Prohofsky teaches the storage device of claim 4, and further teaches wherein the controller determines the session time prior to executing an incoming host command (“In some embodiments, the presentation of a correct session key from an authorized process will not result in servicing of the command unless the storage device controller 222 further determines that the session time period has not expired,” [0078] teaches that the determination of whether a current session time means the time period has expired or not occurs before servicing a command).
Regarding claim 10, Prohofsky teaches the storage device of claim 1, and further teaches wherein the controller compares the session timeout value to a session time one of prior to starting a host command and during an idle period (“In some embodiments, the presentation of a correct session key from an authorized process will not result in servicing of the command unless the storage device controller 222 further determines that the session time period has not expired,” [0078] teaches that a current comparison of the time period’s expiration and a current time occurs before servicing a host command).
Regarding claim 11, Prohofsky teaches the storage device of claim 1, and further teaches wherein in executing the session protection mechanism the controller completes pending hosts commands prior to locking the storage device (“In some embodiments, the presentation of a correct session key from an authorized process will not result in servicing of the command unless the storage device controller 222 further determines that the session time period has not expired,” [0078] teaches that host access commands are processed if the session key is correct and the session time period has not expired, i.e. the access commands are granted if session key and time period are not expired, and therefore must necessarily be completed before the session times out, locking the device).
The method of claim 15 recites steps that are recited as functional limitations within claim 4 (incorporating claim1), and as such can be rejected according to the same rationale of claim 4 (incorporating claim 1).
Regarding claim 16, Prohofsky teaches the method of claim 15, further comprising initiating the session when the storage device is unlocked (“It is contemplated that part of the authentication process to initially unlock that portion of the NAND flash 224 assigned for use by the container will include the transfer of certain information, including the session key, container key and session duration. This will link access of the data blocks stored by the SSD to a particular container, as well as to a particular session (deployment) of the container,” [0077]).
Regarding claim 17, Prohofsky teaches the method of claim 15, further comprising determining the session time prior to executing an incoming host command (“In some embodiments, the presentation of a correct session key from an authorized process will not result in servicing of the command unless the storage device controller 222 further determines that the session time period has not expired,” [0078] teaches that the determination of whether a current session time means the time period has expired or not occurs before servicing a command).
Regarding claim 18, Prohofsky teaches the method of claim 15, further comprising comparing the session timeout value to the session time one of prior to starting a host command and during an idle period and completing pending hosts commands prior to locking the storage device (“In some embodiments, the presentation of a correct session key from an authorized process will not result in servicing of the command unless the storage device controller 222 further determines that the session time period has not expired,” [0078] teaches that a current comparison of the time period’s expiration and a current time occurs before servicing a host command, and also teaches that host access commands are processed if the session key is correct and the session time period has not expired, i.e. the access commands are granted if session key and time period are not expired, and therefore must necessarily be completed before the session times out, locking the device).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky in view of Chen et al. (US 2017/0026353)
Prohofsky teaches the storage device of claim 4, but fails to teach wherein the controller stores the session time in a master index page.
Chen’s disclosure relates to session management for device access, and as such comprises analogous art.
As part of this disclosure, Chen provides for a secured password storage that can store timeout data on behalf of different applications, see [0024].
An obvious modification can be identified: incorporating a secured password storage that can store timeout data for sessions. Such a modification reads upon the limitation of the claim.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Chen’s secured password storage into Prohofsky’s container session system, as this provides for a means by which Prohofsky’s controller can more easily track and evaluate session key/session duration information for validity of an access command.
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Prohofsky in view of Obereiner et al. (US 2009/0249014).
Prohofsky teaches the storage device of claim 1, but fails to teach wherein the controller defines a number of allowable fail login attempts on the storage device and erases data stored on the memory device when failed login attempts exceed the number of allowable fail login attempts.
Obereiner’s disclosure relates to securely accessing regions of memory, and as such comprises analogous art.
As part of this disclosure, Obereiner provides that a user can be permitted a number of attempts to present a valid authentication, keeping track of a failure count of the number of failed attempts, and when this reaches a maximum number, then an erase/reset is performed, see [0042].
An obvious modification can be identified: incorporating Obereiner’s process of tracking failed attempts to access a memory, and once a threshold is reached, wiping the memory. Such a modification reads upon the limitation of the claim.
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate Obereiner’s disclosure of wiping a memory after a number of failed access attempts into Prohofsky’s system, as this ensures the security of the data on the device.
Allowable Subject Matter
Claims 8, 9, 12, and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 19 and 20 are allowed.
The following is a statement of reasons for the indication of allowance and allowable subject matter:
Claim 8 recites “wherein after a power reset, if the storage device is unlocked, the controller initializes the timer with a session time value stored in a master index page prior to the power reset”.
While discussing power resets is not novel, no reference was found that initializes the timer with a session time value prior to the power reset as claimed, and as such no reference was found to render the claim obvious. This leads to a determination of allowable subject matter.
Claim 9 is objected to for dependence on claim 8.
Claim 12 recites “wherein the controller stores the session timeout value in a session timeout parameter included in a data structure, wherein a size of the session timeout parameter is one of increased and decreased depending on requirements of the storage device”.
Regarding the storage of the timeout value in a data structure, this is taught by Chen, see the rejection to claim 7. However, Chen fails to teach, and no reference was found to teach, where the size of the timeout parameter is either increased or decreased based on requirements of the storage device. While there are references that discuss how the value of a session timeout parameter can be altered based on a storage device requirement/performance (see Matsuo et al. (US 2012/0151101), Sheller et al. (US 2014/0282893)), this is different than adjusting the size of the parameter itself. This leads to a determination of allowable subject matter.
Claim 13 is objected to for dependence on claim 12.
Claim 19 is a method claim that recites the majority of the same limitations as method claim 15, which is rejected as anticipated by Prohofsky. The limitations that are found to differ from claim 15 are where claim 19 recites:
calculating a session time and storing the session time in a master index page;
determining when a power reset has occurred and that the storage device is unlocked, initializing the timer with a session time value stored in a master index page prior to the power reset, and continuing to calculate the session time.
This subject matter includes what is considered allowable subject matter in claim 8, and as such, the reasons for indicating claim 8 as reciting allowable subject matter is applied here to why claim 19 is allowed.
Claim 20 is allowed for dependence on claim 19.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Matsuo and Sheller, as cited above,
Nunnelley (US 2006/0095782) provides timeout based authentication and granting/denying access to a storage device,
Bowman et al. (US 2015/0127952) discloses locking a device after a timeout,
Kukreja et al. (US 2021/0014221) discloses session management, including tracking session timeouts,
Muthiah (US 2021/0382649) discloses providing a time-out window for providing access for executing a command,
Arunkumar et al. (US 2022/0391117) discloses permission management of storage devices, including based on a time window of allowing access,
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AARON D HO whose telephone number is (469)295-9093. The examiner can normally be reached Mon-Fri 8:00-4:00 CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald Bragdon can be reached at (571)272-4204. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.D.H./Examiner, Art Unit 2139
/REGINALD G BRAGDON/Supervisory Patent Examiner, Art Unit 2139