DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1-20 are pending. Claims 1, 9-11 and 17-19 are currently amended.
Applicant’s amendments to the claims and specification will overcome each and every objection set forth in the Non-Final Office Action mailed 09/02/2021.

Allowable Subject Matter
Claims 1-20 are allowed.
Examiner’s Statement for Indication Allowable Subject Matter
The following is an examiner' s statement of reasons for allowance: After a fully conducted search and consideration, the prior art either taken alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art HOWE et al. (US Pub No. 2017/0372085) discloses first data encryption key is stored on a storage device.  The first data encryption key, a first key encryption key obtained from first information received from a host system, and second information that is received from a source other than the host system are used to generate a second data encryption key that can be used to encrypt and decrypt data stored on the storage device.  The second information may be sent from the source to the storage device only if a condition is satisfied. (HOWE, Abstract), Volvovski et al. (US Pub No. 2015/0355979) discloses dispersed storage network (DSN) storing a plurality of encoded data slices, where each storage unit stores a unique sub-set of encoded data slices.  The method continues with each storage unit dispersed storage error encoding at least a recovery threshold number of encoded data slices to produce a local set of encoded recovery data slices. With the data 354 divided into the plurality of data units, the key generator generates a plurality of encryption keys from a master key 356 associated with the data 354 and a data identifier (ID) 358 associated with the data 354. Having stored the plurality of encrypted data units, the outbound DST processing 80 encodes the master key 356 to produce a plurality of encoded master key units (e.g., a set of key slices 1-n).  As a specific example, the AONT module 352 of the segment security processing 144 performs an all-or-nothing transformation on the master key 356 to produce a secure master key (secured MKEY) 360.  For instance, the AONT module 352 encrypts the master key 356 utilizing another random key to produce a temporary encrypted key, performs a deterministic function on the temporary encrypted key to produce a digest, masks the other random key using the digest to produce a masked key (e.g., applies an exclusive OR function), and combines (e.g., appends, interleaves) the masked key with the temporary encrypted key to produce the secure master key 360.  Having produced the secure master key, the error encoding 1 dispersed storage error encodes the secure master key 360 to produce a plurality of encoded master key slices as the plurality of encoded master key units (e.g., key slices 1-n). (Volvovski, Abstract and page 21, paragraphs 0249 & 0251), Gazit et al. (US Pub No. 2017/0093563) discloses generating master and wrapper keys for connected devices in a key generation scheme.  For each of the devices, a wrapped master key comprising a master key for the device and a wrapper key is stored.  The Gazit, Abstract), Duane et al. (US Patent No. 8,751,827) discloses securely operating a computerized system includes forming a connection to a user-removable physical security device (PSD) which is uniquely paired with the computerized system and which stories cryptographically secured data required for performing a protected function on the computerized system.  The PSD may be realized as a USB or similar peripheral device containing security-related data and potentially security processing capability as well.  The protected function could be decrypting of encrypted data encryption keys used to encrypt/decrypt user data for example.  A user who has an established association with the PSD (e.g. by some preceding registration process) is authenticated, resulting in activation of the PSD on the computerized system.  Upon such activation of the PSD, the computerized system engages in a security operation using the cryptographically secured data from the PSD to enable the protected function to be performed under control of the user on the computerized system. (Duane, Abstract), Bunch et al. (US Pub No. 2019/0238323) discloses local key managers on computing nodes of distributed computing systems.  The local key managers may protect secrets (e.g. cryptographic keys) in the distributed system such that risk of compromise is reduced or eliminated.  The local key managers may utilize a master key to protect secrets.  The master key may be protected by generating multiple key shares using a key sharing technique (e.g., Shamir's secret sharing).  Ureche et al. (US Pub No. 2011/0302398) discloses online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key.  A key protector for the storage media is stored, the key protector including the encrypted master key.  The key protector can be subsequently accessed, and the online key obtained from the remote service.  The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted. (Ureche, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “generating, by the controller, a random wrapper key (RWK) based on the AKEK and an encrypted random wrapper key (ERWK) for the data storage system, wherein the ERWK is retrieved from a first key repository of the data storage system;  decrypting, by the controller, a master key for the data storage system using the RWK, wherein the master key is retrieved from a second key repository of the data processing system;  deriving, by the controller, a device access key (DAK) based on the master key;  and using, by the controller, the DAK to encrypt/decrypt data for a drive associated with the DAK” (as recited in claims 1, 11 and 19). Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 




/SHAQUEAL D WADE-WRIGHT/Examiner, Art Unit 2437