DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                                Double Patenting
2. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AlA.  A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-l.jsp.

3. Claims 1, 4, 8, 9 and 16 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4, 8, 9, and 16 of copending Application No. 16/708,085. Although the claims at issue are not identical, they are not patentably distinct from each other because both these inventions are directed towards the self-encryption drive opens a communication session between the SED and a key management server; the SED receives a media encryption key (MEK) from the key management server, and storing the MEK in the volatile memory of the SED, and crypto-erasing the MEK from the memory. Therefore, this is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim Rejections - 35 USC § 112
4. The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.




6. Claim 7 recites the limitation: " determine whether a difference between the timestamp associated with the MEK and another timestamp is less than a certain duration and wherein the instructions to store the MEK only in the volatile memory of the SED comprises instructions to store the MEK if the difference is less than the certain duration”.
It is not clear what is meant by “another timestamp”. And how the difference is calculated. Similar problems are found in claims 15 and 20.

Appropriate correction is required.

                                                      Claim Objections
7.    Claims 8 is objected to because of the following informalities:
For claim 8, the claim recite “method, further comprising accessing a block chain which stores an indication of whether the SED is decommissioned and wherein storing the MEK on the SED only in the volatile memory of the SED comprises storing the MEK only in the volatile memory of the SED if the indication indicates that the SED is not decommissioned”; The underlined claimed limitation is repeated twice. Examiner believes that this is a typo error.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
8. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


9. Claims 1-6, 8-14 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Chen (US Pub.No.2017/0085374) in view of Offenberg (US Pub.No.2016/0013945) and further in view of Natanzon (US Pat.No.8, 370,648).

10. Regarding claims 1, 9 and 16 Chen teaches a method, a non-transitory computer-readable medium and a self-encryption drive (SED) arranged for storing a media encryption key (MEK) in a self-encryption drive (SED) and crypto-erasing the self-encryption drive (SED) by deleting all instances of the media encryption key (MEK) stored by the self-encryption drive (SED), wherein the self- encryption drive (SED) comprises a non-volatile storage media [element.116 in fig.1B], the method comprising: 
sending an identifier of the self-encryption drive (SED) to a key management server over a communication session between the self-encryption drive (SED) and the key management server; wherein the identifier uniquely identifies a data structure in a database associated with the key management server, wherein the data structure comprises the media encryption key (MEK) (Para:0030 and Para:0032 teaches after receiving the key request, key management server 108 can automatically generate a data encryption key for self-encrypting drive 106 based on the unique identifier and send the authentication key to the service controller. The service controller can consequently transmit the data encryption key to a self-encrypting drive 106 for data encryption);
 erasing the media encryption key stored in the memory of the self-encryption drive SED to crypto-erase the SED (Para: 0036 teaches erasing the data encryption key can render all 

Chen teaches all the above claimed limitations but does not expressly teach the data structure comprises a timestamp and the data structure being wrapped with a shared session key associated with the communication session; unwrapping the data structure with the shared session key;

Offenberg teaches the data structure comprises a timestamp (Fig.1A, Para: 0017, Para: 0031-0032 and Para: 0045 teaches the data structure includes timestamp); and the receiving data structure is being wrapped with a shared session key associated with the communication session; unwrapping the data structure with the shared session key (Para: 0024-0027 Para: 0034-0036 teaches the data structure being wrapped [encrypted] and unwrapped [decrypted] with private-public key pair); 

Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to include the data structure comprises a timestamp and the data structure being wrapped with a shared session key associated with the communication session; and unwrapping the data structure with the shared session key as taught by Offenberg so it would not be possible to take access to the encrypted data stored in the memory of the storage device.

Both Chen and Offenberg teaches all the above claimed limitations but does not expressly teach a volatile memory and storing the media encryption key on the volatile memory and erasing the media encryption key stored in the volatile memory of the self-encryption drive.



Therefore it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to include the data structure comprises a timestamp and the data structure being wrapped with a shared session key associated with the communication session; and unwrapping the data structure with the shared session key as taught by Natanzon such that the storage system will cache keys in cache, so it will not have to access the key server on every IO, but periodically (Col.3, lines.24-31).

11.  Regarding claims 2,10 and 18 Offenberg teaches the method and the non-transitory computer-readable medium and the SED, wherein unwrapping the data structure with the shared session key comprises verifying in the data structure a digital signature signed with a key management server signing key (Para:0026 and Para:0034-0036 teaches verification using signature).

12. Regarding claims 3 ,11 Chen teaches the method and the non-transitory computer-readable medium, further comprising unwrapping the MEK stored in the data structure with a unique data secret (UDS) associated with the SED (para: 0059-0062 teaches the MEK [data or media encryption key] stored in the data structure is unwrapped with a unique data secret) .

13. Regarding claims 4, 12 Chen in view of Offenberg teaches the method and the non-transitory computer-readable medium, wherein the stored MEK in the volatile memory of the SED is wrapped with a wrapping key based on a password of a user of the SED and unwrapped 

14. Regarding claims 5, 13 Offenberg teaches the method and the non-transitory computer-readable medium, wherein unwrapping the data structure with the shared session key comprises determining, by the SED, the shared session key based on a key management server public key received from the key management server, an SED private key, and a random salt (Para: 0026-0027 Para: 0034-0036 teaches the data storage device DSD 200 will use the private key of an asymmetric private-public key pair. The public key can be used to verify that the attestation was signed by the corresponding private key, and accordingly to verify that the sanitization operation was actually performed by the target device. Other signing methods will also be possible, such as hashing the attestation with a device's serial number or other ID, or with another secret key corresponding to the DSD).

15. Regarding claims 6,14  and 19 Offenberg teaches the method, the non-transitory computer-readable medium and the SED, wherein the timestamp corresponds to a time when the key management server sends the data structure to the SED (Para: 0025, Para: 0031-0032 and Para: 0045 teaches the data structure includes timestamp).

16. Regarding claim 8 Chen in view of Offenberg and in view of Natanzon teaches the method, further comprising accessing a block chain which stores an indication of whether the SED is decommissioned and wherein storing the MEK on the SED only in the volatile memory of the SED comprises storing the MEK only in the volatile memory of the SED if the indication indicates that the SED is not decommissioned (Chen: Para: 0036 teaches erasing the data 
Natanzon: Fig.6, elelemt.540 and Col.3, lines.24-31 teaches deletion of information from volatile memory upon no power is an inherent property of a volatile memory).

17. Regarding claim 17 Chen teaches the SED, wherein the identifier is a physical security identification pin (PSID) associated with the SED (Para: 0030 and Para: 0034 teaches ID associated with the SED).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 





/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431