DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1, 3-4, 6-7 and 9 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Von Der Lippe et al., US-20180278415-A1 (hereinafter “Von ‘415”).
Per claim 1 (independent):
Von ‘415 discloses: A method, comprising:  receiving, by a hardware component, a command from a firmware component, the command to generate a first cryptographic key for encrypting or decrypting user data stored on a memory device; generating, by the hardware component, the first cryptographic key based at least in part on the command (FIG. 1, FIG. 2, [0002], “The control unit is set the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key or to decrypt digital data stored on the hard disk in encrypted form using the data encryption key”; [0005], “Digital data may be … particularly program data, log data, user data” where a command to initialize and operate the apparatus 10, for example, an ATM, is sent to the control unit 12, detecting the peripheral devices  associated with firmware connected to the control unit 12, in which the control unit 10 (hardware component) may generate a data encryption key DEK for encrypting or decrypting digital data (user data).);
encrypting, by the hardware component, the first cryptographic key using a second cryptographic key and an initialization vector (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk” where the data encryption key DEK (first cryptographic key) is encrypted by using a key encryption key, KEY_1 (second cryptographic key) based on the identification information (initialization vector) read from the peripheral devices, W_1, in order to store an encrypted data encryption key VDEK_1);
communicating the encrypted first cryptographic key to a nonvolatile memory device for storage, the nonvolatile memory device separate from the hardware component (FIG. 1, FIG. 2, [0002], “to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data the hard disk” where the encrypted data encryption key VDEK_1 (encrypted first cryptographic key) is to be stored in a memory area of the hard disk 14 (nonvolatile memory device). Note that the control unit 12 is separate from the hard disk 14 in FIG. 1.).

Per claim 3 (dependent on claim 1):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 discloses: The method of claim 1, further comprising: storing the first cryptographic key in a first volatile memory device of the hardware component, wherein the first cryptographic key comprises an encryption key for encrypting the user data (FIG. 1, [0002], “The control unit is … to generate a data encryption key DEK … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key” where the control unit 12 (hardware component) is to generate a data encryption key DEK (first cryptographic key; encryption key) by which digital data on the hard disk 14 may be encrypted or decrypted. Note that the control unit may be any type of digital computing device including a CPU and RAM (See para 0024-0025).).

Per claim 4 (dependent on claim 3):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 discloses: The method of claim 1, further comprising: storing a third cryptographic key in a second volatile memory device of the hardware component, wherein the third cryptographic key comprises a decryption key for decrypting the user data (FIG. 1, FIG. 3, [0002], “The control unit is … to generate a data encryption key DEK … to encrypt digital data to be stored on the hard disk in decrypt digital data stored on the hard disk in encrypted form using the data encryption key” where the control unit 12 (hardware component) including a CPU and RAM is to generate a data encryption key DEK (third cryptographic key; decryption key) by which digital data on the hard disk 14 may be decrypted. Furthermore, a plurality of DEKs may be generated and stored by the control unit (See FIG. 3). Note that symmetric encryption would use the same key to encrypt and decrypt.).

Per claim 6 (dependent on claim 1):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 discloses: The method of claim 1, further comprising: receiving, from a host device, an access command associated with the user data stored on the memory device; and encrypting or decrypting the user data using the first cryptographic key and the initialization vector based at least in part on the receiving the access command (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key or to decrypt digital data stored on the hard disk in encrypted form using the data encryption key”; [0005], “Digital data may be … particularly program data, log data, user data” where a command to initialize and operate the apparatus 10, for example, an ATM, is sent to the control unit 12, detecting the peripheral devices  associated with firmware connected to the control unit 12, in which the control unit 12 may generate a data encryption key DEK for encrypting or decrypting 

Per claim 7 (dependent on claim 1):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 discloses: The method of claim 1, further comprising: receiving, by the hardware component, the encrypted first cryptographic key from the nonvolatile memory device; and decrypting, by the hardware component, the encrypted first cryptographic key using the second cryptographic key and the initialization vector (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key or to decrypt digital data stored on the hard disk in encrypted form using the data encryption key”; [0005], “Digital data may be … particularly program data, log data, user data” where the control unit 12 may decrypt an encrypted data encryption key VDEK_1 (encrypted first cryptographic key) stored on the hard disk (nonvolatile memory device) by using a key encryption key, KEY_1 (second cryptographic key) based on the identification information (initialization vector) read from peripheral devices.).

Per claim 9 (dependent on claim 1):

Von ‘415 discloses: The method of claim 1, further comprising: receiving, by the hardware component, a second command to generate an updated first cryptographic key for encrypting or decrypting the user data stored on the memory device (FIG. 4, “the re-init of the DEK … In step S73, it is checked whether the threshold of available devices has been reached and re-init is necessary” where it is determined whether the re-init request of the DEK (data encryption key; first cryptographic key) is necessary or not, depending on the threshold of available devices.); 
generating, by the hardware component, the updated first cryptographic key based at least in part on the issuing the second command; and encrypting, by the hardware component, the updated first cryptographic key using the second cryptographic key and the initialization vector (FIG. 4, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1”; [0120], “In case that the re-in it is necessary in step 73 in new DEK is calculated with new KEK” where in step 74 of FIG. 4, a new DEK (updated first cryptographic key) is generated with new KEK (second cryptographic key), which means that the control unit may repeat the calculation of the key encryption key KEK (See para 0002 for details) based on identification information (initialization vector) in order to encrypt the new data encryption key DEK, that is, encrypting the updated first cryptographic key).).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claim(s) 2 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415 in view of Itagaki et al., US-20080065906-A1 (hereinafter “Itagaki ‘906”).
Per claim 2 (dependent on claim 1):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 does not disclose but Itagaki ‘906 discloses: The method of claim 1, further comprising: generating, by the hardware component, error correction information for the encrypted first cryptographic key; and communicating the error correction information to the nonvolatile memory device for storage based at least in part on communicating the encrypted first cryptographic key to the nonvolatile memory device for storage (FIG. 1, FIG. 2, [0016], “The removable storage media 4 may include a cartridge memory 14 comprising a non-volatile memory to store encryption keys and other information and a storage media 16 comprising any type of suitable media on which data may be stored and which may serve as removable media … electronic media (such as PROM, EEPROM, flash PROM, MRAM, CompactFlash™, Smartmedia™, Memory Stick™, etc.)”; [0020], “An encryption key file may comprise an externally encrypted data key … The encryption key file copies 58a, 58b, 58c may be formatted with error correction codes 59a, 59b, 59c”; [0022], “The copies 58a, 58b, 58c of the encryption key file comprise one or a series of encrypted data keys, each key encrypted using one or more key encryption keys (KEKs)” where the error correction codes 59a, 59b, 59c associated with the encryption key file copies 58a, 58b, 58c (encrypted first cryptographic key) including a series of encrypted data keys are stored in the removable storage media 4 (nonvolatile memory device) including the cartridge memory 14 and the storage media 16. Note that the error correction codes are in a specific 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Von ‘415 with the encryption key file copies formatted with error correction codes in the removable storage media as taught by Itagaki ‘906 because it would ensure a retrieval of encryption key files by improving validation operations based on error correction codes [0007].

Per claim 8 (dependent on claim 7):
Von ‘415 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
Von ‘415 does not disclose but Itagaki ‘906 discloses: The method of claim 7, further comprising: receiving, by the hardware component, error correction information associated with the encrypted first cryptographic key from the nonvolatile memory device (FIG. 2, [0025], “To obtain the unencrypted encryption key, i.e., data key, the storage drive 2 may provide a copy 58a, 58b, 58c of the encryption key file to the key manager 24. The key manager 24 may then access the KEK for the provided encrypted data key from the key storage 26 to use to decrypt the encrypted data key file and then send the decrypted data key to the storage drive 2 or other component requesting an unencrypted data key.” where the copy 58a, 58b, 58c of the encryption key file (encrypted first cryptographic key) read from the storage media 16 (nonvolatile memory device) is sent via the storage drive 2 for the key manger 24 to decrypt the encrypted data key file.); 
performing, by the hardware component, an error correction operation on the encrypted first cryptographic key based at least in part on the retrieving the error correction information,  wherein decrypting the encrypted first cryptographic key is based at least in part on the performing the error correction operation ([0030], “A validation operation is performed (at block 122) on the accessed copy 58a, 58b or 58c of the encryption key file using the error correction code (ECC) 59a, 59b, 59c stored with the copy … If the valid encryption key file is an encrypted encryption key file … obtain the unencrypted encryption from the key manager 24 to store in the cartridge memory 14” where a validation operation (error correction operation) is performed on the accessed copy 58a, 58b or 58c of the encryption key file (encrypted first cryptographic key) by using the error correction code 59a, 59b, 59c. If the encrypted encryption file is valid, the unencrypted encryption (data key) would be obtained, that is, the decryption of the encrypted first cryptographic key.)

Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415 in view of CHEN et al., US-20170250801-A1 (hereinafter “CHEN ‘801”).
Per claim 5 (dependent on claim 3):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 discloses: The method of claim 3, further comprising: receiving, by the hardware component, the encrypted first cryptographic key from the nonvolatile memory device (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk” where the control unit 12 (hardware component) may receive an encrypted data encryption key VDEK_1 (encrypted first cryptographic key) stored on the hard disk (nonvolatile memory device).)
performing an error correction operation on the first cryptographic key stored in the first volatile memory device based at least in part on retrieving the encrypted first cryptographic key (FIG. 1, 2, [0021], “utilizing ECC for secure secret sharing … compute an encrypted object with a key … computes an encrypted key with random values … splits an object, the encrypted key, random values, and their ECC into a number of fragments … stores a number of fragments on a number of storage servers.”; [0038], “the encrypted object ECC computing engine (214-5) calculates, based on the second ECC scheme, the object ECC for the encrypted object with the key, the object ECC enabling the encrypted object to be reconstructed from a threshold number of the storage servers.” where an encrypted key (encrypted first cryptographic key) is obtained (retrieved) from the number of storage servers 212 including the distributed fragments of the encrypted key by the utilizing system 210 (volatile memory device) in which the encrypted object ECC computing engine (214-5) calculates, based on the second ECC scheme (error correction operation) associated with the encrypted object and the key (first cryptographic key), the object ECC for the encrypted object with the key (first cryptographic key), that is, decoding data, which enables the reconstruction of the fragments.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Von ‘415 with the distribution of encrypted key and related ECC into a number of storage servers by utilizing error correction schemes associated with a (encryption) key as well as an object (data) as taught by CHEN ‘801 because it would store the number of key fragments and decrypt the number of key fragments in a timely manner to reduce delays between a number of storage servers [0011-0013].

Claim(s) 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415 in view of LEE, US-20150261972-A1 (hereinafter “LEE ‘972”).
Per claim 12 (dependent on claim 1):
Von ‘415 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Von ‘415 does not disclose but LEE ‘972 discloses: The method of claim 1, further comprising: generating, by the hardware component, a third cryptographic key associated with the first cryptographic key, wherein one of the first cryptographic key or the third cryptographic key is for encrypting the user data and the other of the first cryptographic key or the third cryptographic key is for decrypting the user data ([0105], “the device 1000 may obtain an encryption key for folder encryption, separately obtain a decryption key for folder decryption”; [0127], “using the asymmetric-key algorithm, the server 2000 may match a separate decryption key with the encryption key and store the decryption key and the encryption key” where the server 2000 (hardware component) may generate a separate decryption key (third cryptographic key) matched (associated) with an encryption key (first cryptographic key) and send the decryption key for decoding an encoded folder.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Von ‘415 with the separate keys for encryption and decryption process as taught by LEE ‘972 because asymmetric cryptography offers better security since it uses two different keys.

Claim(s) 13 and 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415 in view of Zayas, US-20100008510-A1 (hereinafter “Zayas ‘510”).
Per claim 13 (independent):
Von ‘415 discloses: A system, comprising: a volatile memory device configured to store the first cryptographic key (FIG. 1, [0002], “The control unit is … to generate a data encryption key DEK … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key” 
an encryption engine configured to encrypt the first cryptographic key using a second cryptographic key and an initialization vector; and a buffer configured to store the encrypted first cryptographic key during a communication of the encrypted first cryptographic key associated with the system and a firmware component (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk” where the data encryption key DEK (first cryptographic key) is encrypted by using a key encryption key, KEY_1 (second cryptographic key) based on the identification information (initialization vector) read from the peripheral devices (firmware component), W_1 via the control unit (system). As a result of this, the encrypted data encryption key VDEK_1 is stored on the hard disk.)
Von ‘415 does not disclose but Zayas ‘510 discloses: a random information generator configured to generate a first cryptographic key for encrypting or decrypting user data stored on a memory device (FIG. 4, [0027], “securely downloading a firmware image to an information storage device”; [0037], “In step 406 … the storage device … issues a "permission slip." … an encryption key … a single-use encryption key based on a random number generated by the storage device, and is thus valid for a single firmware download” where an encryption key (first cryptographic key) is generated based on a random number for encrypting/decrypting a firmware download (user data) implemented by the storage device (memory device).).


Per claim 16 (dependent on 13):
Von ‘415 in view of Zayas ‘510 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
Von ‘415 discloses: The system of claim 13, further comprising a decryption engine configured to: receive the encrypted first cryptographic key from the buffer; and decrypt the encrypted first cryptographic key using the second cryptographic key and the initialization vector (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key or to decrypt digital data stored on the hard disk in encrypted form using the data encryption key”; [0005], “Digital data may be … particularly program data, log data, user data” where an encrypted data encryption key VDEK_1 (encrypted first cryptographic key) stored on the hard disk is to be received at the control unit and the VDEK_1 is to be decrypted to obtain a data encryption key DEK (first cryptographic key) by using a key encryption key, KEY_1 (second cryptographic key) based on the identification information (initialization vector).).

Per claim 17 (dependent on 13):
Von ‘415 in view of Zayas ‘510 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
Von ‘415 discloses: The system of claim 13, further comprising a set of registers configured to: store the second cryptographic key, wherein the set of registers receives the second cryptographic key from the firmware component (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk” where the control unit (set of registers) may generate (and store) a key encryption key, KEY_1 (second cryptographic key) based on the identification information read from the peripheral devices, W_1. Note that the control unit may be any type of digital computing device including a CPU and RAM (See para 0024-0025).).

Claim(s) 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415 in view of Zayas ‘510 as applied to claim 13 above, and further in view of Itagaki ‘906.
Per claim 14 (dependent on 13):
Von ‘415 in view of Zayas ‘510 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
Von ‘415 in view of Zayas ‘510 does not disclose but Itagaki ‘906 discloses: The system of claim 13, further comprising an error correction code (ECC) encoder configured to: generate error correction information for performing an error correction operation on the encrypted first cryptographic key; and store the encrypted first cryptographic key and the error correction information at the buffer (FIG. The removable storage media 4 may include a cartridge memory 14 comprising a non-volatile memory to store encryption keys and other information and a storage media 16 comprising any type of suitable media on which data may be stored and which may serve as removable media … electronic media (such as PROM, EEPROM, flash PROM, MRAM, CompactFlash™, Smartmedia™, Memory Stick™, etc.)”; [0020], “An encryption key file may comprise an externally encrypted data key … The encryption key file copies 58a, 58b, 58c may be formatted with error correction codes 59a, 59b, 59c”; [0022], “The copies 58a, 58b, 58c of the encryption key file comprise one or a series of encrypted data keys, each key encrypted using one or more key encryption keys (KEKs)” where the error correction codes 59a, 59b, 59c associated with the encryption key file copies 58a, 58b, 58c (encrypted first cryptographic key) including a series of encrypted data keys are stored in the removable storage media 4 including the cartridge memory 14 and the storage media 16. Note that the error correction codes are in a specific order according to the structure of access storage media 16 (See FIG.2).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Von ‘415 in view of Zayas ‘510 with the encryption key file copies formatted with error correction codes in the removable storage media as taught by Itagaki ‘906 because it would ensure a retrieval of encryption key files by improving validation operations based on error correction codes [0007].

Per claim 15 (dependent on 13):
Von ‘415 in view of Zayas ‘510 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference.
Von ‘415 in view of Zayas ‘510 does not disclose but Itagaki ‘906 discloses: The system of claim 13, further comprising an error correction code (ECC) decoder configured to: receive error correction information and the encrypted first cryptographic key from the buffer; and perform an error correction operation on the encrypted first cryptographic key using the error correction information (FIG. 1, FIG. 2, [0030], “A validation operation is performed (at block 122) on the accessed copy 58a, 58b or 58c of the encryption key file using the error correction code (ECC) 59a, 59b, 59c stored with the copy … If the valid encryption key file is an encrypted encryption key file … obtain the unencrypted encryption from the key manager 24 to store in the cartridge memory 14” where a validation operation (error correction operation) is performed on the accessed copy 58a, 58b or 58c of the encryption key file (encrypted first cryptographic key) read from the storage media 16 by using the error correction code 59a, 59b, 59c. associated with the encryption key files (See FIG.2 for details).).

Claim(s) 18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415 in view of Agarwal et al., US-20190173674-A1 (hereinafter “Agarwal ‘674”).
Per claim 18 (independent):
Von ‘415 discloses: A method, comprising: wherein the encrypted first cryptographic key is for encrypting or decrypting user data stored on a memory device; decrypting, by the hardware component, the encrypted first cryptographic key using the second cryptographic key and an initialization vector; and storing the first cryptographic key in a volatile memory device on the hardware component based at least in part on decrypting the encrypted first cryptographic key (FIG. 1, FIG. 2, [0002], “The control unit is set up to detect the peripheral device connected to the control unit, to generate a data encryption key DEK, to read an identification information from the peripheral device, W _1 … generate a key encryption key, KEK_1, on the basis of the read identification information, to store an encrypted data encryption key VDEK_1, which can be generated by encrypting the data encryption key DEK using the key encryption key KEK_1, in a memory area of the hard disk … to encrypt digital data to be stored on the hard disk in encrypted form using the data encryption key or to decrypt digital data stored on the hard disk in encrypted form using the data encryption key”; [0005], Digital data may be … particularly program data, log data, user data” where an encrypted data encryption key VDEK_1 (encrypted first cryptographic key) read from the hard disk (memory device) is to be decrypted by using a key encryption key, KEY_1 (second cryptographic key) based on the identification information (initialization vector) read from peripheral devices. Note that the control unit (digital computing device) including RAM (volatile memory device) is responsible for decrypting the encrypted data encryption key (encrypted first cryptographic key).);
Von ‘415 does not disclose but Agarwal ‘674 discloses: receiving, by a hardware component from a nonvolatile memory device, an encrypted first cryptographic key and a second cryptographic key (FIG. 1, [0050], “The persistent data store 114 may store … a new KEK 138 (KEK 1) … encrypting and decrypting DEKs used by tenant request processing module 120 to service DEK requests from the tenants 112.”; [0051], “The persistent data store 114 further maintains tenant DEKs 140 that have been encoded ( e.g., via the KEK rotator 126 and KEK encrypter 124) using the new KEK 138” where the tenant request processing module 120 may receive the new KEK 138 (second cryptographic key) and the tenant DEKs 140 (encrypted first cryptographic key) from the persistent data store 114 (nonvolatile memory device).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Von ‘415 with the store of key encryption keys (KEK) and data encryption keys (DEK) in a same storage device for facilitating changing an encryption key in a multi-tenant environment as taught by Agarwal ‘674 because it would provide additional encryption keys to decrypt and access tenant data without requiring downtime or interruption of running services [0008].

Per claim 20 (dependent on 18):

The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Von ‘415  in view of Agarwal ‘674 as applied to claim 18 above, and further in view of Itagaki ‘906.
Per claim 19 (dependent on 18):
Von ‘415 in view of Agarwal ‘674 discloses the elements detailed in the rejection of claim 18 above, incorporated herein by reference.
Von ‘415  in view of Agarwal ‘674 does not disclose but Itagaki ‘906 discloses: The method of claim 18, further comprising: receiving, by the hardware component from the nonvolatile memory device, error correction information associated with the encrypted first cryptographic key; and performing, by the hardware component, an error correction operation on the encrypted first cryptographic key using the error correction information (FIG. 2, [0025], “To obtain the unencrypted encryption key, i.e., data key, the storage drive 2 may provide a copy 58a, 58b, 58c of the encryption key file to the key manager 24. The key manager 24 may then access the KEK for the provided encrypted data key from the key storage 26 to use to decrypt the encrypted data key file”; [0030], “A validation operation is performed (at block 122) on the accessed copy 58a, 58b or 58c of the encryption key file using the error correction code (ECC) 59a, 59b, 59c stored with the copy … If the valid encryption key file is an encrypted encryption key file … obtain the unencrypted encryption from the key manager 24 to store in the cartridge memory 14”  where the copy 58a, 58b, 58c of the encryption key file (encrypted first cryptographic key) read from the storage media 16 (nonvolatile memory device) is sent via the storage drive 2 for the key manger 24 to decrypt the encrypted data key file. Then, a validation .

Allowable Subject Matter
Claim(s) 10-11 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claim 10, Von ‘415 does not disclose “a quantity of errors within the encrypted first cryptographic key satisfies a threshold of errors” in the recited context. Von ‘415 teaches that an encrypted data encryption key (encrypted first cryptographic key) is generated from a data encryption key DEK with a key encryption key (second cryptographic key) in an encoding process, where the data encryption key DEK is to be used for encrypting/decrypting digital data, however, there are no teachings associated with the measure of errors of encrypted encryption keys.
Thus, the claims contain the following underlined features which, when combined with other features of the claim, prior art of record failed to anticipate or render obvious at the time of instant invention was filed:
Per claim 10:
The method of claim 9, further comprising: 
detecting, by the hardware component, that a quantity of errors within the encrypted first cryptographic key satisfies a threshold of errors, wherein the issuing the second command is based at least in part on detecting that the quantity of errors within the encrypted first cryptographic key satisfies the threshold of errors.

claim 11, Von ‘415 does not disclose the underlined limitations because of the same reasons explained in regard to claim 10.
Thus, the claims contain the following underlined features which, when combined with other features of the claim, prior art of record failed to anticipate or render obvious at the time of instant invention was filed:
Per claim 11:
The method of claim 9, wherein generating the updated first cryptographic key further comprises: 
generating a first set of random data; determining that the first set of random data and the first cryptographic key comprise a same set of data; generating a second set of random data based at least in part on the determining that the first set of random data and the first cryptographic key comprise the same set of data; and
determining that the second set of random data and the first cryptographic key comprise a different set of data, wherein the updated first cryptographic key comprises the second set of random data based at least in part on the determining that the second set of random data and the first cryptographic key comprise the different set of data.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332.  The examiner can normally be reached on Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491