DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1-2, 6, 10-11 and 19-20 have been amended and claims 4, 9, 13, 18 and 25 have been cancelled. Claims 1-3, 5-8, 10-12, 14-17 and 19-24 are currently pending.

Response to Arguments
Applicant’s arguments with respect to claim 1 have been considered but are moot in view of new grounds of rejections. Applicant’s other arguments are based on Applicant's arguments against claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 5, 10-12, 14, 16 and 19-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Offenberg et al., US-20160013945-A1 (hereinafter “Offenberg ‘945”) in view of Mylly, US-20160062917-A1 (hereinafter “Mylly ‘917”) and Udagawa et al., US-20150358321-A1 (hereinafter “Udagawa ‘321”) and Le Gargean et al., US-20190392153-A1 (hereinafter “Le Gargean ‘153”).
Per claim 1 (independent):
Offenberg ‘945 discloses: A storage device controller, comprising: ([0001], “an apparatus may comprise a controller configured to receive a data sanitization command from a host, perform a data sanitization operation to securely erase data from a memory” [Emphasis added.]; [0014], “The system 100 may include a host 102 and a data storage device (DSD) 104” [Emphasis added.]); 
storage device controller circuitry to: receive an erase verify command and ([0015], “The DSD 104 may include a memory 106 and a data sanitization module (DSM) 108 … The DSD 104 may receive a data sanitization request from the host device 102, and use the DSM 108 to securely erase data from the memory 106 based on the data sanitization request.” [Emphasis added.]); 
and transmit an ([0030], “The DSD, for example using a data sanitization module (DSM), may perform the data sanitization operation, as well as gather and compile information relating to the sanitization operation into a data package such as data sanitization form 402. Data included in the attestation may be used to verify that the sanitization was performed … ” [Emphasis added.]; [0027], “Once the attestation has been compiled and signed by the DSD 200, the DSD may return the signed attestation to the host 202 along with or as a response indicating that the data sanitization operation has completed.” [Emphasis added.] where the data storage device (storage device controller) returns 
erase verification circuitry to: retrieve a secure erase log entry from access-limited memory locations in a non-volatile memory ([0015], ll. 2-5, “The memory 106 may comprise magnetic storage media such as disc drives, nonvolatile solid state memories such as Flash memory, other types of memory, or a combination thereof.” [Emphasis added.]; [0017], “The DSM 108 may also generate or gather information related to data sanitization operations, and compile the information into a digital device data sanitization attestation (DDDSA), sometimes called a data sanitization form, attestation, or attestation form.” [Emphasis added.]; FIG. 2, [0018], “an example data storage device (DSD) 200”; [0019], “Commands arriving over the interface 204 may automatically be received in the CQ 213 or may be stored there by controller 206, interface 204, or another component” [Emphasis added.] where the DSM (data sanitization module) compile the information related to data sanitization operations into the data sanitization form (erase log entry) which includes the verification of erasure in nonvolatile solid state memories (a non-volatile memory). Furthermore, the data storage device (DSD) 200 in FIG.2 shows that a data sanitization command is received at the interface 204 and directed to the controller 206 so the memory would be limitedly accessed from a host.); 
([0017], “The DSM 108 may further sign the attestation using an authentication key specific to the DSD 104, such as a private key of an asymmetric key pair.”; [0035], “Digital certificates are often electronic documents containing a device's public key, and digitally signed using the private key of a trusted certificate authority (CA)” [Emphasis added.]; FIG. 4, [0036], ll. 1-4, “The DSD may package a copy of its digital certificate 408 along with the signed data sanitization form 406, as shown at 412 … the sanitization form 406 may be included into a certificate, or some other combination. The DSD may store the data sanitization form 406, and provide the form 406, the digital certificate 408, or both to the host 410 on request” [Emphasis added.] where the DSM (data sanitization module) sends the data sanitization form 402 (erase log entry) digitally signed by a device’s private key to the host device as in FIG. 4. Note that the data sanitization form 402 includes evidence of performance of a secure erasure command, including memory sanitized, claim that data was sanitized successfully, etc.).
Offenberg ‘945 does not disclose but Mylly ‘917 discloses: a nonce value from a host device, which is to be combined with the secure erase log entry ([0013], “The embodiments of the invention discussed below describe settings, commands, command signals … related to a signed access for allowing data to be written to ( e.g., a write access), read from ( e.g., a read access) or erased from ( e.g., an erase access) protected areas of the storage module (e.g., a region, logical unit, or a portion of memory in the storage module).” [Emphasis added.]; FIG. 2, [0016], “storage module 120 includes storage controller 200 for communicating data between mass storage 202 and host 100” [Emphasis added.]; [0029], “a command signal may comprise … a request from the host 100 to … erase data from mass storage 202. For example, the host 100 may send a boot request (e.g., a boot command or signal), e.g., upon powering on, to the storage controller 200 requesting that the storage controller 200 send boot data stored in a boot partition … The storage controller 200 may use a signature mechanism (e.g., a secret key, a nonce, a random number, message authentication code, etc.) to sign the boot data and … send the signed boot data to the host 100. The host can then authenticate or verify the signed boot data” [Emphasis added.]; [0038],”the request may include … a nonce which may be used as a parameter to sign the data … the storage module 120 may use a nonce provided by the host 100 to sign the data (e.g., boot data) read from the region or portion of the mass storage” [Emphasis added.] where the host 100 sends a request, which includes a nonce, to the storage module 120 for erasing data from protected 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 with the transmission of a nonce from a host to a storage device for authenticating the data erasure associated with boot data as taught by Mylly ‘917 because the host can trust that the storage controller has provided authentic boot data that has not been compromised by a hacker or by malware in a secure way by using the signature mechanism such as a nonce [0029].
Offenberg ‘945 in view of Mylly ‘917 does not disclose but Udagawa ‘321 discloses: encrypt the erase verification message using an encryption key to provide the encrypted erase verification message (FIG. 4, [0035], “The encryption operation unit 206 also obtains the digital signature to be added to the erasure log when generating the erasure certificate data in the erasure certificate generating unit 211 by encrypting the entire erasure log using the secret key stored in the secret key storage unit 208” [Emphasis added.]; FIG. 5, [0048], “The data transmitting unit 202 of the storage device 2 sends the generated erasure log to the host server 1 as the erasure certificate data (B510).” [Emphasis added.]; [0049], “The CPU 11 of the host server 1 controls the communication unit 16 to send the erasure certificate data sent from the storage device 2 to the client terminal 4 (B511).” [Emphasis added.] where the erasure certificate data encrypted with the secret key is sent from the storage device to the client terminal (host device) via the host server.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 with the provision of the erasure certificate data in an encrypted format as taught by Udagawa ‘321 because it would ensure that the erasure certificate data is securely transmitted to the host device.
the evidence including at least a portion of pre­erase user content data and post-erase user content data, the pre-erase user content data including user content data stored in locations of the non-volatile memory before performance of the secure erase command, the post-erase user content data including user content data stored in the locations of the non-volatile memory after performance of the secure erase command (FIG. 4, [0113], “at stage 102, the data eraser apparatus 20 writes a known data pattern or sequence across a plurality of known memory locations, such as known physical memory addresses, of the data storage apparatus 10” [Emphasis added.]; [0117], “The plurality of known memory locations may constitute a predetermined proportion or amount of the total data storage capacity of the data storage apparatus” [Emphasis added.]; [0121], “At stage 104, the data eraser apparatus 20 sends a command … to cause the data storage apparatus 10 to perform a data erasure procedure defined by the firmware 14 of the data storage apparatus 10” [Emphasis added.]; [0122], “the data erasure procedure at stage 104 comprises deleting, replacing or overwriting a key … If the deletion, replacement or overwriting of the key is successful then data that is subsequently read from the drive may be decrypted but the decrypted data will not reflect the original, stored, meaningful data” [Emphasis added.]; [0123], “At stage 106, after completion of the data erasure procedure, the data eraser apparatus 20 reads the data stored at the known memory addresses as part of a verification procedure to determine whether the erasure procedure (in this case the deletion, replacement or overwriting of the key for example) has been performed correctly.” [Emphasis added.] where the data erasure apparatus 20 writes a known data pattern across a plurality of known memory locations (user content data) of the data storage apparatus 10 before sending a command to perform a data erasure procedure, which comprises deleting a key. After completion of the data erasure procedure, it is determined whether the erasure procedure has been performed correctly by comparing the data of the known data pattern (pre-erase user content data) read prior to the data erasure procedure with the 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 with the writing of a known data pattern across a plurality of known memory locations for verifying whether an erasure procedure has been performed correctly by comparing the known data pattern with the read data stored at the known memory addresses after the erasure procedure as taught by Le Gargean ‘153 because it would be easier to meet the verification requirements dictated by an erasure standard when using such internal erasure procedures [0006].

Per claim 2 (dependent on claim 1):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Offenberg ‘945 discloses: The storage device controller of claim 1, wherein the storage device controller circuitry to: receive the secure erase command from the host device; erase host – accessible memory locations in the non - volatile memory ([0015], “The DSD 104 may receive a data sanitization request from the host device 102, and use the DSM 108 to securely erase data from the memory 106 based on the data sanitization request.” [Emphasis added.]); generate the secure erase log entry; and store the secure erase log entry in the access – limited memory locations in the non – volatile memory ([0030], “The DSD, for example using a data sanitization module (DSM), may perform the data sanitization operation, as well as gather and compile information relating to the sanitization operation into a data package such as data sanitization form 402. Data included in the attestation may be used to verify that the sanitization was performed …” [Emphasis added.]; [0027], “In some embodiments, the DSD 200 may store the attestation locally …” [Emphasis added.] where the generated attestation also called as the data sanitization form (the secure erase log entry) is stored locally in the memory.).

Per claim 3 (dependent on claim 1):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Offenberg ‘945 discloses: the storage device controller of claim 1, wherein the secure erase log
entry includes metadata, wherein the meta data includes one or more of a timestamp, a size of memory locations the erased, or a number of secure erase operations performed (FIG.4, [0031], “The data included in the data sanitization form may include data provided by a host device as well as data from the device performing the data sanitization operation … The host may provide a time stamp or similar identifier of when the request was submitted. The host may specify the interface or method of data sanitization to be employed, such as crypto erase, block erasure, or other methods.” [Emphasis added.]; FIG. 7, [0044], “Method 700 may include sending a data sanitization request to a data storage device, at 702. The method 700 may involve providing additional data to the data storage device … Examples of additional data may include the method of data sanitization requested, a time of the sanitization request …” [Emphasis added.] where the data sanitization form includes additional data (metadata) such as the time stamp, block erasure, or a time of the sanitization request.).

Per claim 5 (dependent on claim 1):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Offenberg ‘945 discloses: The storage device controller of claim 1, wherein the private signing key and the erase verification circuitry are stored in the access - limited memory locations in the non - volatile memory ([0015], “The memory 106 may comprise magnetic storage media such as disc drives, nonvolatile solid state memories such as Flash memory, other types of memory, or a combination thereof. The data sanitization module 108 may comprise a circuit configured to perform data sanitization operations on the memory 106 … The DSD 104 may receive a data sanitization request from the host device 102, and use the DSM 108 to securely erase data from the memory 106 based on the data sanitization request.” [Emphasis added.]; [0035], “Digital certificates are often electronic documents containing a device's public key, and digitally signed using the private key of a trusted certificate authority (CA)” [Emphasis added.]; [0036], “The DSD may package a copy of its digital certificate 408 along with the signed data sanitization form 406, as shown at 412, or they may be stored and transferred individually” [Emphasis added.]).

Per claim 10 (independent):
Offenberg ‘945 discloses: A system , comprising : a display ; and a storage device , including: processor circuitry ;storage device buffer circuitry ; non - volatile memory having host - accessible memory locations and access - limited memory locations ; and a storage device controller communicatively coupled to the non - volatile memory , the storage device controller including ([0001], “an apparatus may comprise a controller configured to receive a data sanitization command from a host, perform a data sanitization operation to securely erase data from a memory” [Emphasis added.]; [0015], “The memory 106 may comprise magnetic storage media such as disc drives, nonvolatile solid state memories such as Flash memory, other types of memory, or a combination thereof. The data sanitization module 108 may comprise a circuit configured to perform data sanitization operations on the memory 106 …” [Emphasis added.]).
The remaining limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 11 (dependent on claim 10):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 12 (dependent on claim 10):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Per claim 14 (dependent on claim 10):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Per claim 16 (dependent on claim 10):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
Offenberg ‘945 discloses: The system of claim 10 , wherein the non – volatile memory is solid – state memory , hard disk media , or a combination of solid - state memory and hard disk media 

Per claim 19 (independent):
Offenberg ‘945 discloses A computer readable storage device having stored thereon instructions that when executed by one or more processors result in operations, comprising ([0053], “the methods described herein may be imple-mented as a computer readable storage medium or device, such as hardware components storing instructions that when executed cause a processor to perform the methods.” [Emphasis added.]); wherein the access - limited memory locations are accessible by a storage device controller and are inaccessible by the host device ([0001], “an apparatus may comprise a controller configured to receive a data sanitization command from a host, perform a data sanitization operation to securely erase data from a memory” [Emphasis added.]; [0023], “a host 202 may be required to provide authentication information to establish a right to invoke a data sanitization command” [Emphasis added.] where the memory is only accessible through the controller (the storage device controller) as well as the provision of the authentication information for the data sanitization command.).
The remaining limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 20 (dependent on claim 19):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.


Per claim 21 (dependent on claim 19):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Claims 6 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153  as applied to claims 1 and 10 above, and further in view of SCHUH et al., US-20130124932-A1 (hereinafter “SCHUH ‘932").
Per claim 6 (dependent on claim 1):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 does not disclose but SCHUH ‘932 discloses the storage device controller of claim 1, wherein the erase verification circuitry comprises firmware of the storage device controller stored during a manufacture of the storage device controller ([0060], ”providing a cryptographic key to a business to enable the business to decrypt firmware as one or more images from an encrypted firmware repository, the images being executable by processing elements of a storage device controller included in the storage device, the images enabling execution of the commands …” [Emphasis added.]; [0171], “any one or more of the operations comprise specifying any one or more of writing, erasing, and verifying of the storage media. “ [Emphasis added.]; [0270], “In some embodiments, downloading firmware includes performing a secure erase of the SSD, for example, as a final operation before release of the SSD to a customer” [Emphasis added.] where the firmware which includes performing a secure erase (the erase verification logic) has been downloaded into the SDD (the storage device controller) before it is released to the customer (during a manufacture).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 with the erase verification circuitry installation as a firmware during the manufacture as taught by SCHUH ‘932 because it would be easy to reset a state of the SSD to a clean factory shipping state by using the build-in secure erase function [0269].

Per claim 15 (dependent on claim 10):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Claims 7 and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153  as applied to claims 1 and 19 above, and further in view of Spiers et al., US-20120265976-A1 (hereinafter “Spiers ‘976").
Per claim 7 (dependent on claim 1):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Offenberg ‘945 discloses: The storage device controller of claim 1, wherein the erase verification message includes the nonce as storage device controller ([0017], “The DSM 108 may further sign the attestation using an authentication key specific to the DSD 104, such as a private key of an asymmetric key pair.”; [0035], “Digital certificates are often electronic documents containing a device's public key, and digitally signed using the private key of a trusted certificate authority (CA)” [Emphasis added.]; FIG. 4, [0036], ll. 1-4, “The DSD may package a copy of its digital certificate 408 along with the signed data sanitization form 406, as shown at 412 … they may be sent as two individual files, either in a single transmission or multiple transmissions, or the sanitization form 406 may be included into a certificate, or some other combination. The DSD may store the data sanitization form 406, and provide the form 406, the digital certificate 408, or both to the host 410 on request” [Emphasis added.] where the DSM (data sanitization module, i.e., storage device controller) digitally signed the data sanitization form (erase log entry) combined with the digital certificate (nonce value) and provide the host device with them (erase verification message) as FIG. 4.).
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 does not disclose but Spiers ‘976 discloses: the nonce is used as evidence of an absence of replay attack compromise of the storage device controller ([0085], ll. 10-17, “The authentication code U may serve as a nonce for associating a request to create a Measured VM with a request that the Measured VM later sends to the tenant's Secure/Trusted boot server 330 to download the bootloader. A nonce may be an arbitrary number (for example, used only once to prevent replay attacks) that may be used by the TPM 344 to generate a TPM quote.” [Emphasis added.]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 with the nonce for the prevention of replay attack as taught by Spiers ‘976 because it would increase the security against the replay attack to use a set of additional information for the 

Per claim 24 (dependent on claim 19):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 7 and the claim(s) is/are rejected for the reasons detailed with respect to claim 7.

Claims 8 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153  as applied to claims 1 and 10 above, and further in view of Walker et al., US-20160364787-A1 (hereinafter “Walker ‘787").
Per claim 8 (dependent on claim 1):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 does not disclose but Walker ‘787 discloses: The storage device controller of claim 1, wherein the erase verification circuitry secures the secure erase log entry by encrypting and signing the secure erase log using a direct anonymous attestation technique cryptographic technique ([0013], “Embodiments may address privacy concerns in part by basing the identity on a secure identifier such as an Intel® enhanced privacy identifier (EPID) and may use a method for returning the device to manufacturer defaults, thereby erasing previous owner state and may recycle device identifiers” [Emphasis added.]; [0018], “The device D has its own manufacturer-endorsed key to prove it is not a rogue device or software, where this key may be a direct anonymous attestation (DAA) key or EPID.” [Emphasis added.]; FIG. 1B, [0022], “for a connection between the buyer device and the new device (block 110 )” [Emphasis added.]; )[0023], “At diamond 125, it is determined next whether a group identifier (received from the new device in the buyer device) identifies a valid direct anonymous attestation (DAA) verification key of a DAA group” [Emphasis added]; [0024], “Responsive to such request, the new device may perform various operations, including generating a signed hash of the existing ownership title record of the new device (referred to in this embodiment as an "old title") (block 140). If it is determined that the signed hash is verified (diamond 145) … At block 160, the signed encrypted new owner record may be sent to the new device. As will be described herein, the new device may verify this new title and cause its title to be updated with this new owner record” [Emphasis added.] where a new record (secure erase log) signed and encrypted by a new owner is sent to a new device from a buyer device after a valid direct anonymous attestation (DAA) verification key of a DAA group is identified. Thus, after a previous owner state is erased, the title of the new device is updated with the new owner record.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 with the direct anonymous attestation verification key for returning the device to manufacturer defaults as taught by Walker ‘787 because it would return the device to manufacturer defaults by erasing previous owner state and recycling device identifiers based on a secure identifier such as the DAA without privacy concerns [0013].

Per claim 17 (dependent on claim 10):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
.

Claims 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 as applied to claim 19 above, and further in view of LIN, US-20180349293-A1 (hereinafter “LIN ‘293”) and Bugbee, US-20080304669-A1 (hereinafter “Bugbee ‘669”).
Per claim 22 (dependent on claim 19):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 does not disclose but LIN ‘293 discloses: The computer readable storage device of claim 19, wherein the operations include: read the private signing key from a plurality of fuses for the storage device controller, wherein the private signing key includes (FIG. 1, [0016], “The data storage device 100 comprises a controller 110 and a flash memory 120. The controller 110 includes an instruction processor 111, an encryptor 112, a flash memory controller 113, a static memory 114 and electronic fuses 115.” [Emphasis added.]; [0017], “The instruction processor 111 is provided for the communication between the data storage device 100 and a host 130, which operates a connection bus as a communication interface for transmission of instructions and user data” [Emphasis added.]; FIG. 2, [0024], “In step S204, a preset value of the key is burned into the electronic fuses. The preset value of the key may be entered to the data storage device 100 during the manufacturing process or the first initialization process of the data storage device 100.” [Emphasis added.]; [0026], “In step S208, it is determined whether to delete the user data. If yes, step S210 is performed. Otherwise, the flow ends. The host 120 may output a secure erase instruction or a sanitizing instruction to the data storage device 100 to completely or partially delete user data from the data storage device 100” [Emphasis added.]; FIG. 3, [0027], “FIG. 3 illustrates an example showing how the preset key is changed to really avoid the deleted user data from data leakage … The new key is used by the encryptor 112 in the subsequent user data encryption and decryption. When the user wants to delete user data again, the similar modification is repeated on the key again” [Emphasis added.] where the preset value of the key burned into the electronic fuses is read to encrypt the user data and changes repeatedly when the user makes a secure erase instruction to user data again in the data storage device.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 with the encryption key read from the electronic fuses as taught by LIN ‘293 because the deleted user data is fully prevented from leaking from the data storage device due to the change of the key stored in the electronic fuses for the encryptor [Abstract].
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 and LIN ‘293 does not disclose but Bugbee ‘669 discloses: cryptographic keys include a private signing key and a public encryption key ([0016], “The digital encryption certificate may include a public encryption key of an encryption key pair generated by the potential recipient 102 device … Potential recipient 102 device may sign the generated digital encryption certificate 108 with a private signing key of a previously generated signing key pair,” [Emphasis added.]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 and LIN ‘293 with the private signing key  and public encryption key as taught by Bugbee ‘669 because security concerns are raised when the public key pairs are used since a sender has no way of knowing whether a public key belongs to the person it purports to belong to so the usage of the private signing key along with the public encryption key would enhance the protection of the data .

Claims 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 as applied to claim 19 above, and further in view of Bugbee ‘669.
Per claim 23 (dependent on claim 19):
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.
Offenberg ‘945 discloses: The computer readable storage device of claim 19, wherein secure the secure erase log entry includes: copy the secure erase log entry to storage device buffer circuitry ; and apply the private signing key to the secure erase log entry ([0034], “A DSD may digitally sign the attestation form using an authentication key specific to the DSD at 404, to produce a signed data sanitization form 406. For example, the DSD may use the device's private key of a public-private key pair of a public-key cryptosystem, also called asymmetric cryptography … Examples of public key cryptography systems include RSA and elliptic curve cryptography (ECC).” [Emphasis added.]; FIG. 4, [0036], “The DSD may package a copy of its digital certificate 408 along with the signed data sanitization form 406, as shown at 412 … they may be sent as two individual files, either in a single transmission or multiple transmissions, or the sanitization form 406 may be included into a certificate, or some other combination. The DSD may store the data sanitization form 406” [Emphasis added.]).
Offenberg ‘945 in view of Mylly ‘917 and Udagawa ‘321 and Le Gargean ‘153 does not disclose but Bugbee ‘669 discloses: apply the one or more cryptographic keys to the secure erase log entry to encrypt ([0017], “potential sender 112 devices may then encrypt digital messages to the potential using the public encryption key of the certificate 108, and may send the encrypted messages to the potential recipient 102, which may then receive and decrypt the messages using the private encryption key of the potential recipi-ent 102.” [Emphasis added.]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332.  The examiner can normally be reached on Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491