DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
2. Acknowledgment is made of applicant's claim for foreign priority based on an application filed in Japan on 09/14/2023. It is noted, however, that applicant has not filed a certified copy of the JP 2023-149091 application as required by 37 CFR 1.55.
Information Disclosure Statement
3. The information disclosure statement(s) (IDS) submitted on 08/01/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is being considered by the examiner.
Claim Objections
4. Claims 7 and 15 are objected to because of the following informalities:
In Claim 7, the limitation “wherein the controller is configured to periodically verify safety of the request source” (emphasis added) should read as “wherein the controller is configured to periodically verify the safety of the request source”(emphasis added).
Claim 15 suffers similar deficiencies and appropriate correction is required.
Claim Rejections - 35 USC § 103
5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the
prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
6. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
7. Claims 1-3, 8-9, 10-11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hara ( US 2020/0293676 A1, hereinafter Hara) in view of DESANTI et al. (US 2022/0050933 Al, hereinafter Desanti).
Regarding Claim 1,
Hara discloses a memory system comprising (Hara: [Abstract] a memory system is connectable to a host including a first volatile memory and includes a non-volatile memory and a controller, ¶¶ [0025-0026], Fig. 1--3):
a nonvolatile memory (Hara: [Abstract] a memory system is connectable to a host including a first volatile memory and includes a non-volatile memory and a controller, Fig. 1—5, ¶ [0026]); and
a controller configured to (Hara: [Abstract] a memory system is connectable to a host including…, a controller, ¶¶ [0026, 0049]) verify safety of a request source requesting to write data to or read data from the nonvolatile memory using a challenge-response type attestation (Hara: ¶ [0056] controller 4 may include a host interface 11, ¶ [0057] host interface 11 includes an interface processing unit 111, a parity generator 112, a parity checker 113…, interface processing unit 111 receives various commands, such as various control commands and I/O commands, from the host 2. The control command may include a command (for example, a Set Features command) requesting to enable/disable the HMB function. The I/O command may include a write command, a read command, ¶¶[0069-0070]).
Hara does not explicitly disclose:
a controller configured to verify safety of a request source requesting to write data to or read data from the nonvolatile memory using a challenge-response type attestation.
However, Desanti from the same field of endeavor as the claimed invention discloses an NVMe-oF authentication system includes an authentication verification entity coupled to an NVMe subsystem that is coupled to an NVMe host device (Desanti: [Abstract]), block 608 where an NVMe subsystem transmits a first challenge to an NVMe host device…, the controller engine 304a in the NVMe subsystem 202a/300 may transmit a challenge to the NVMe host device 206/400 (Desanti: ¶ [0062], ¶ [0065]), block 610 where the NVMe host device transmits a first challenge reply and a second challenge to the NVMe subsystem. With reference to FIG. 8, in an embodiment of block 610 and in response to receiving the challenge connnunication, host engine 404 in the NVMe host device 206/400 may perform challenge reply operations 806 that include transmitting a challenge reply connnunication to the NVMe subsystem 202a/300 (Desanti: ¶ [0067], also see ¶¶[0072, 0075, 0079, 0084, 0087]), in the event of an authentication success (i.e., AuthStatus indicates that the NVMe subsystem is authentic), the method 600 then proceeds to block 622 where the NVMe host device transmits a second authentication success communication to the NVMe subsystem (Desanti: ¶ [0091]), and the authentication of the NVMe host device 206/400 and the
NVMe subsystem 202a/300 discussed above may complete the security operations that allow the NVMe host device 206/400 and the NVMe subsystem 202a/300 to securely interact ( e.g., the NVMe subsystem 202a/300 may allow the NVMe host device 206/400 to perform storage operations that result in the storage and/or retrieval of data with the NVM subsystem 202a/300) (Desanti: ¶ [0093], Also see Fig. 6).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Desanti in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so to ensure that only the verified hosts can perform read and write operations to the memory even if the higher software layers are compromised and provide faster I/O transaction once verified.
Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of Hara and Desanti discloses all the limitations of Claim 1. Hara further discloses wherein the controller is further configured to verify the safety of the request source based on a standard I/O transaction from the request source (Hara: ¶ [0056] controller 4 may include a host interface 11, ¶ [0057] host interface 11 includes an interface processing unit 111, a parity generator 112, a parity checker 113…, interface processing unit 111 receives various commands, such as various control commands and I/O commands, from the host 2. The control command may include a command (for example, a Set Features command) requesting to enable/disable the HMB function. The I/O command may include a write command, a read command).
Hara does not explicitly disclose wherein the controller is further configured to verify the safety of the request source based on a standard I/O transaction from the request source.
Desanti further discloses block 608 where an NVMe subsystem transmits a first challenge to an NVMe host device…, the controller engine 304a in the NVMe subsystem 202a/300 may transmit a challenge to the NVMe host device 206/400 (Desanti: ¶ [0062], ¶ [0065]), in the event of an authentication success (i.e., AuthStatus indicates that the NVMe subsystem is authentic), the method 600 then proceeds to block 622 where the NVMe host device transmits a second authentication success communication to the NVMe subsystem (Desanti: ¶ [0091]), the authentication of the NVMe host device 206/400 and the NVMe subsystem 202a/300 discussed above may complete the security operations that allow the NVMe host device 206/400 and the NVMe subsystem 202a/300 to securely interact ( e.g., the NVMe subsystem 202a/300 may allow the NVMe host device 206/400 to perform storage operations that result in the storage and/or retrieval of data with the NVM subsystem 202a/300) (Desanti: ¶ [0093]), and the NVMe host device 206/ 400 may then perform connection operations 904 and the NVMe subsystem 202a/300 may perform connection
response operations 906 in order to set up NVMe queues, associate the NVMe host device 206/400 with the NVMe subsystem 202a/300, and/or provide other connection results that would be apparent to one of skill in the art in possession of the present disclosure. The NVMe subsystem
202a/300 and the NVMe host device 206/400 may then perform authentication transaction operations 908 (Desanti: ¶ [0095], also see Fig. 9).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Desanti in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so to ensure that only the verified hosts can perform read and write operations to the memory even if the higher software layers are compromised and provide faster I/O transaction once verified.
Regarding Claim 3,
Claim 3 is dependent on Claim 1, and the combination of Hara and Desanti discloses all the limitations of Claim 1. Hara does not explicitly disclose wherein the controller is further configured to determine whether or not to reject a request from the request source based on at least one of the following: i) whether or not a target of the request from the request source is data that requires protection, ii) whether or not a secure path has been established with the request source, and iii) whether or not safety of the request source is verified.
Desanti further discloses block 608 where an NVMe subsystem transmits a first challenge to an NVMe host device…, the controller engine 304a in the NVMe subsystem 202a/300 may transmit a challenge to the NVMe host device 206/400 (Desanti: ¶ [0062], ¶ [0065]), in the event of an authentication success (i.e., AuthStatus indicates that the NVMe subsystem is authentic), the method 600 then proceeds to block 622 where the NVMe host device transmits a second authentication success communication to the NVMe subsystem (Desanti: ¶ [0091]), the authentication of the NVMe host device 206/400 and the NVMe subsystem 202a/300 discussed above may complete the security operations that allow the NVMe host device 206/400 and the NVMe subsystem 202a/300 to securely interact ( e.g., the NVMe subsystem 202a/300 may allow the NVMe host device 206/400 to perform storage operations that result in the storage and/or retrieval of data with the NVM subsystem 202a/300) (i.e. implies that the safety of the host needs to be verified before read and write operations) (Desanti: ¶ [0093], ¶ [0095]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Desanti in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so to ensure that only the verified hosts can perform read and write operations to the memory even if the higher software layers are compromised and provide faster I/O transaction once verified.
Regarding Claim 8,
Claim 8 is dependent on Claim 1, and the combination of Hara and Desanti discloses all the limitations of Claim 1. Hara Further discloses wherein the nonvolatile memory includes a NAND type flash memory (Hara: ¶ [0029] memory system is a semiconductor storage device configured to write data in a non-volatile memory such as a NAND flash memory 5 and read data from the non-volatile memory and is also simply referred to as a storage device, Figs. 1-5- NAND Flash Memory, ¶ [0036]).
Regarding Claim 9,
Hara discloses a method for verifying safety of a request source configured to request processing to a memory system having a nonvolatile memory (Hara: [Abstract] a memory system is connectable to a host including a first volatile memory and includes a non-volatile memory and a controller, ¶¶ [0025-0026, 0054]), and Desanti further discloses a method for verifying safety of a request source configured to request processing to a memory system (Desanti: ¶ [0032] method 600 for performing NVMe-oF authentication, See also Fig. 6). The combination of Hara and Desanti discloses all the limitations of Claim 9 as discussed in Claim 1. Therefore, Claim 9 is rejected using the same rationales as discussed in Claim 1.
Regarding Claims 10, 11 and 16,
Claims 10, 11 and 16 are dependent on Claim 9, and the combination of Hara and Desanti discloses all the limitations of Claim 9. The combination of Hara and Desanti discloses all the limitations of Claims 10, 11 and 16 as discussed in Claims 2, 3 and 8. Therefore, Claims 10, 11 and 16 are rejected using the same rationales as discussed in Claims 2, 3 and 8.
8. Claims 4, 6, 7, 12, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hara ( US 2020/0293676 A1, hereinafter Hara) in view of DESANTI et al. (US 2022/0050933 Al, hereinafter Desanti) and further in view of Ishihara et al. (US 2022/0283742 A1, hereinafter Ishihara).
Regarding Claim 4,
Claim 4 is dependent on Claim 3, and the combination of Hara and Desanti discloses all the limitations of Claim 3. Hara and Desanti do not explicitly disclose wherein, in a case where it is determined that the request from the request source should be rejected, the controller is further configured to notify the request source of the rejection of the request.
However, Ishihara from the same field of endeavor as the claimed invention discloses that the authorization information indicates whether or not to permit an execution of an I/O command. The apparatus verifies whether the received authorization information is not tampered with, and whether the received authorization information is issued from a known authorization server (Ishihara: [Abstract]), operation sequence starts when the host I/F 106 receives an I/O command issued by the host computer (step S201). The authorization information extracting unit 110 of the information storage apparatus 100 verifies whether the authorization information is assigned to the I/O command received through host I/F 106 (steps S202 and S203). This authorization information indicates whether or not to permit the execution of the corresponding I/O command (Ishihara: ¶ [0046]), as a result of verifying the authorization information, when it is found that the authorization information is invalid (No in step S206), an error is determined, and the processing ends without executing the I/O command (steps S211 and S212) (Ishihara: ¶ [0050], also see ¶¶ [0051, 0053]), and in each case (S203-NO, S206-NO, and S208-NO) where an error occurs, the type of error to be returned to the host computer may depend on implementation. For example, notification may be sent as an error indicating an invalid I/O command, or notification may be sent as a simple command error (Ishihara: ¶ [0090]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ishihara in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so as the notification serves as an indicator for the host device that the verification failed, and therefore, the device can resend the request, improving the system’s reliability and recoverability.
Regarding Claim 6,
Claim 6 is dependent on Claim 1, and the combination of Hara and Desanti discloses all the limitations of Claim 1. Hara and Desanti do not explicitly disclose wherein, in a case where the safety of the request source is not verified, the controller is further configured to determine to reject the request from the request source even if a target of the request from the request source is data that does not require protection.
Ishihara further discloses that the authorization information indicates whether or not to permit an execution of an I/O command. The apparatus verifies whether the received authorization information is not tampered with, and whether the received authorization information is issued from a known authorization server (Ishihara: [Abstract]), the authorization information extracting unit 110 of the information storage apparatus 100 verifies whether the authorization information is assigned to the I/O command received through host I/F 106 (steps S202 and S203). This authorization information indicates whether or not to permit the execution of the corresponding I/O command (Ishihara: ¶ [0046]), as a result of verifying the authorization information, when it is found that the authorization information is invalid (No in step S206), an error is determined, (Ishihara: ¶ [0050], also see ¶¶ [0051, 0053]), and when the execution of the I/O command is not permitted (No in step S925), the authorization result applying unit 812 notifies the nonvolatile memory control unit 810 that the execution of the control command notified from the nonvolatile memory control unit 810 is not permitted (S929). Then, the authorization result applying unit 812 discards the control command notified from the nonvolatile memory control unit 810 so that the control command is not executed for the nonvolatile memories 804A to D (step S930) (i.e. implies that requests for all data types are rejected) (Ishihara: ¶ [0126]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ishihara in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so as the notification serves as an indicator for the host device that the verification failed therefore, the device can resend the request improving the system reliability and recoverability.
Regarding Claim 7,
Claim 7 is dependent on Claim 1, and the combination of Hara and Desanti discloses all the limitations of Claim 1. Hara and Desanti do not explicitly disclose wherein the controller is configured to periodically verify safety of the request source.
Ishihara further discloses that the authorization information indicates whether or not to permit an execution of an I/O command. The apparatus verifies whether the received authorization information is not tampered with, and whether the received authorization information is issued from a known authorization server (Ishihara: [Abstract]), and the authorization information verifying unit 111 confirms the information included in the authorization information. The target information includes an authorization result (the propriety of execution of the corresponding I/O command), an authorization time, the valid period of the authorization information (here, a period is specified, but an authorization deadline based on date and time may be specified), the referable deadline (in the case of reading)/the storage deadline (in the case of writing) of the information to be authorized, and the like (the referable period/storage period of the information may not be optional). The result of the authorization is information indicating permission/non-permission…, The valid period of the authorization information is information indicating a time when the authorization information including this information is determined to be valid, and the corresponding I/O command group does not need to be authorized again within a specified period (i.e. implies periodic verification of sources based on a validity period of auth data) (Ishihara: ¶ [0081], ¶¶ [0083, 0087, 0221]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ishihara in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so to ensure that the host information are not expired and bring the trust information to latest state in order to improve the security of the system (See Ishihara: ¶ [0221]).
Regarding Claim 12,
Claim 12 is dependent on Claim 11, and the combination of Hara and Desanti discloses all the limitations of Claim 11. The combination of Hara, Desanti and Ishihara discloses all the limitations of Claim 12 as discussed in Claim 4. Therefore, Claim 12 is rejected using the same rationales as discussed in Claim 4.
Regarding Claim 14,
Claim 14 is dependent on Claim 9, and the combination of Hara and Desanti discloses all the limitations of Claim 9. The combination of Hara, Desanti and Ishihara discloses all the limitations of Claim 14 as discussed in Claim 6. Therefore, Claim 14 is rejected using the same rationales as discussed in Claim 6.
Regarding Claim 15,
Claim 15 is dependent on Claim 9, and the combination of Hara and Desanti discloses all the limitations of Claim 9. The combination of Hara, Desanti and Ishihara discloses all the limitations of Claim 15 as discussed in Claim 7. Therefore, Claim 15 is rejected using the same rationales as discussed in Claim 7.
9. Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hara ( US 2020/0293676 A1, hereinafter Hara) in view of DESANTI et al. (US 2022/0050933 Al, hereinafter Desanti) and further in view of BENISTY (US 2023/0094111 A1, hereinafter Benisty).
Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of Hara and Desanti discloses all the limitations of Claim 1. Hara further discloses wherein the controller is further configured to: communicate with the request source using a protocol compliant with an NVM ExpressTM (NVMeTM) standard (Hara: ¶ [0057] The interface processing unit 111 performs processing in accordance with a protocol defined by an interface for connecting the SSD 3 and the host 2 (for example, the protocol of NVMe ). The interface processing unit 111 receives various commands, such as various control commands and I/O commands, from the host 2); and
establish a secure path with the request source by a memory mapped I/O (MMIO) using a controller memory buffer (CMB)/persistent memory region (PMR) function supported by the NVMeTM standard (Hara: ¶ [0057] The interface processing unit 111 performs processing in accordance with a protocol defined by an interface for connecting the SSD 3 and the host 2 (for example, the protocol of NVMe). The interface processing unit 111 receives various commands, such as various control commands and I/O commands, from the host 2..., The I/O command may include a write command, a read command, and the like. Each command is also referred to as an instruction, ¶ [0032] As an interface for interconnecting the host 2 and the SSD 3, for example, NVM Express (NVMe) (registered trademark) or Universal Flash Storage (UFS) may be used, ¶ [0065] encoder/decoder 15 encrypts and decrypts user data. For example, the encoder/decoder 15 may encrypt user data to be written to the NAND flash memory 5 via the NAND interface 13 and decode user data to be read from the NAND flash memory 5 via the NAND interface 13).
Hara and Desanti do not explicitly disclose establish a secure path with the request source by a memory mapped I/O (MMIO) using a controller memory buffer (CMB)/persistent memory region (PMR) function supported by the NVMeTM standard.
However, Benisty from the same field of endeavor as the claimed invention discloses that disclosure generally relate to an NVMe storage device having a controller memory manager and a method of accessing an NVMe storage device having a controller memory manager (Benisty: [Abstract]), controller buffer manager 120 may include an adaptive storage management module 124 to determine where to store the classified host write transactions within CMB/PMR 250, 260…, store the host write transaction may be based on the available resources in the various storage types along with the type of the NVMe structure classification (Benisty: ¶ [0038], ¶¶ [0026, 0028, 0045]), and a host write PCIe transaction from host 150 directed to CMB 250 or PMR 260 is received by controller buffer manager 120 of storage device 102. The host write PCIe transaction may be associated with a read command or a write command (Benisty: ¶ [0040]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Benisty in the teachings of Hara. A person having ordinary skill in the art would have been motivated to do so as to prevent host side tampering and provides protection against replay attacks.
Regarding Claim 13,
Claim 13 is dependent on Claim 9, and the combination of Hara and Desanti discloses all the limitations of Claim 9. The combination of Hara, Desanti and Benisty discloses all the limitations of Claim 13 as discussed in Claim 5. Therefore, Claim 13 is rejected using the same rationales as discussed in Claim 5.
Conclusion
10. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US-20080137865-A1
US-20070226412-A1
US-20120260345-A1
US-20170323121-A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507. The examiner can normally be reached on MON-FRI 8AM-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W. KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494