DETAILED ACTION
1. 	This office action is response to an application No. 16/706,780 filed on 12/08/2019. Claims 1-21 are submitted for examination. Claim 1, 20 and 21 are independent. 

Notice of Pre-AIA  or AIA  Status

2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority

	3.	This application filed on 12/08/2019 doesn’t claim priority. Thus, the effective filling date for the subject matter defined in the pending claims of this application is December 8th, 2019.
Information Disclosure Statement
4.	The information disclosure statements (IDS) submitted on 09/08/2020, 09/08/2021, 11/02/2020, 09/28/2021, 11/01/2021 and 12/17/2021 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
5.	The drawings filed on December 8th, 2019 are accepted. 
Specification
6.	The specification filed on December 8th, 2019 is also accepted.

Claim Objections
7.	The claim recited as “the storage medium” on line 9 of claim 1, is objected to because of the following informalities:  It appears that this particular claim limitation is referring to the “a non-volatile storage medium” limitation that is recited on line 6/claim 1. This raises a question whether or not the two claim limitations are one and the same. The office recommends amending this particular claim limitation recited on line 9 as “the non-volatile storage medium” and the office interprets this limitation likewise. 
	Appropriate correction is required. 
8.	Dependent claims 2-19 likewise are objected to by virtue of their dependency on the above independent claim 1 since they carry the deficiencies of the parent independent claim 1.

Claim Rejections - 35 USC § 103
9.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
10.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

11.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation]
12.	Claims 1, 3-4, 8-16, 19-21 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Jorge Campello de Souza (herein after referred as Souza) (US Publication No. 2009/0138727 A1) (May, 2009) in view of Anton Franz Linecker (hereinafter referred as Linecker) (US Publication No. 2010/0122327 A1) (May 13, 2010) 


As per independent claim 1, Souza a data storage device [See paragraph 0010 and FIG. 1 includes a hard disk drive 101] comprising a data path [See at least paragraph 0010 this data storage device 101 provides a data communication path between itself and the host shown on figure 1, 102 so that it can stores user data 105 generated by host system 102, A user generates user data 105 through host operating system 102, or alternatively, another type of host system. Hard disk drive 101 stores data 105 on hard disk 104.] and an access controller [See at least paragraph 0010 and figure 1, “controller 106”, Controller 106 runs software code for controlling many of the functions of hard disk drive 101, including data security and access control functions, according to some embodiments of the present invention.] wherein: 
the data path comprises: a data port configured to transmit data between a host computer system and the data storage device [See paragraph 0010-0011 and figure 1, data storage device 101 provides a data communication path between itself and the host shown on figure 1, 102 so that it can stores user data 105 generated by host system 102, A user generates user data 105 through host operating system 102, or alternatively, another type of host system. Hard disk drive 101 stores data 105 on hard disk 104.See also paragraph 0011, If hard disk drive 101 and host operating system 102 are on separate computer machines, drive 101 and host 102 can communicate with each other over a network, e.g., a local area network or wide area network.], wherein the data storage device is configured to register with the host computer system as a block data storage device [See paragraph 0014 and 0015, how during enrollment, the host computer 102 register with storage device 101 by providing its public key PuB. “During an enrollment process, the host 102 sends its public key (PuB) to the drive 101 with a request for generating secure storage for its data…]; 
a non-volatile storage medium [See figure 1, 104, “non-volatile memory] configured to store encrypted user content data [See paragraph 0013, figure 1, 105 where encrypted user content is stored. “FIG. 1, data 105 is encrypted with a bulk encryption key Kb in order to protect data 105 from unauthorized access and also to associate data 105 with host 102.”]; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system [See paragraph 0013, The one or more keys are put under access control to prevent an unauthorized user from obtaining access to the key(s) and decrypting data 105. In the example of FIG. 1, data 105 is encrypted with a bulk encryption key Kb in order to protect data 105 from unauthorized access and also to associate data 105 with host 102. See also paragraph 0018-0019. Host 102 requests a challenge from hard disk drive 101 to initiate the authentication process. Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102. Host 102 then uses its private key PrB to decrypt the challenge C to recover the random number R. Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping Kb from WPuA(Kb) and In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R] ; and 
the access controller is configured to: 
generate a challenge for an authorized device [See at least paragraph 0017, FIG. 2 illustrates an example of a technique for securing data stored on a hard disk drive using challenge and response pairs, according to an embodiment of the present invention. According to the data security technique of FIG. 2, hard disk drive 101 uses public key PuB to generate a challenge and response pair]; 
send the challenge to the authorized device over a communication channel [See at least paragraph 0019, Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102 and see paragraph 0011, hard disk drive 101 and host operating system 102 are on separate computer machines, drive 101 and host 102 can communicate with each other over a network, e.g., a local area network or wide area network ]
 receive a response to the challenge from the authorized device over the communication channel; calculate the cryptographic key based at least partly on the response [paragraph 0020-0021, a secret S (e.g., a symmetric or asymmetric secret key) is called, then the hard disk drive pre-computes a challenge and response pair (C, R), for the host authority. The hard disk drive wraps the secret S (e.g., private key PrA) with the response R of the challenge. In other words, the hard disk drive computes WR(S), where the wrapping function both encrypts and provides integrity measurements. Alternatively, the hard disk drive can wrap the secret S with a number R′ that is a function of the response R, that is R′=f(R). The hard disk drive also stores WR(S) and C on the hard disk. During authentication, the host system returns the response R to the hard disk drive after receiving the challenge C from the hard disk drive. The hard disk drive then computes the number R′=f(R) using the function and the response R, and unwraps WR′(S) using number R′. See also paragraph 0022-0023, To recover S, the hard disk drive 101 needs random number R. The only way for hard disk drive 101 to get random number R is to recover it from the challenge number C. The only system capable of generating R from C is the host operating system 102…. The HDD then sends challenge number C to host 102. The host returns a random number in response to receiving C. Hard disk drive 101 can then recover secret S using the random number received from the host]; and 
provide the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium of the data storage device [See paragraph 0024, To secure all the data and resources that are associated with the host operating system 102, the encryption key Kb that secures the user data 105 is wrapped with the secret S. In this manner, data 105 can be recovered only after the authentication and see paragraph 0018, In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R.].


		Souza substantially discloses all the limitation recited in the claim but doesn’t explicitly disclose the following underlined claim limitation:
“send the challenge to the authorized device over a communication channel that is different from the data path”;
 	However Linecker, at least on paragraph 0015 teaches authenticating user through a different  communication channel that is different from a communication channel used for requesting and receiving a resource where such authentication can increase the convenience of using challenge/response authentication and this meets the above claim limitation.

Souza and Linecker are analogous arts and are in the same field of endeavor as they both pertain for secure authentication for accessing resource or data. 
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement in the system of Souza a mechanism to add a feature such as “send the challenge to the authorized device over a communication channel that is different from the data path” as taught by Linecker because this would increase the level of security in the authentication process and thereby preventing a security breach [See paragraph 0005, Linecker, increases a level of security in the authentication process.]

As per independent claim 20, independent claim 20 is rejected for the same reason as that of the above independent claim 1.

As per independent claim 21, independent claim 21 is rejected for the same reason as that of the above independent claim 1.

As per dependent claim 3, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system wherein the challenge is based on a public key of the data storage device [See paragraph 0015 and paragraph 0019, After Kb has been wrapped with PuA, Kb can only be recovered by unwrapping WPuA(Kb) with private key PrA. An example of an encryption technique that can be used for bulk encryption with embodiments of the present invention is 256-bit advanced encryption standard (AES). … Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102. Host 102 then uses its private key PrB to decrypt the challenge C to recover the random number R. Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping Kb from WPuA(Kb)].

As per dependent claim 4, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system wherein the public key of the data storage device is associated with a private key that is discarded after generating the public key [See at least paragraph 0017, Then, drive 101 erases random number R and the private key PrA from volatile memory 103. See also paragraph 0021, The hard disk drive wraps the secret S (e.g., private key PrA) with the response R of the challenge. In other words, the hard disk drive computes WR(S), where the wrapping function both encrypts and provides integrity measurements… The hard disk drive erases S from the volatile memory 103.]


As per dependent claim 8, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system wherein the access controller is further configured to: receive a certificate from the authorized device, the certificate comprising certificate data; query a data store for a device record using the certificate data; and generate the challenge based on the device record. [See at least paragraphs 0023-0024, The HDD then sends challenge number C to host 102. The host returns a random number in response to receiving C. Hard disk drive 101 can then recover secret S using the random number received from the host and authenticate itself to the host 102.
To secure all the data and resources that are associated with the host operating system 102, the encryption key Kb that secures the user data 105 is wrapped with the secret S. In this manner, data 105 can be recovered only after the authentication. No amount of tampering with hard disk drive 101 will reveal the secured information R, Kb, or S. Drive 101 and host 102 can also use digital certificates to provide an additional assurance that they are communicating with each other, as opposed to an unauthorized computer]


As per dependent claim 9, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
further comprising a data store configured to store entries associated with respective authorized devices, each entry comprising metadata associated with one of the respective authorized devices. [See paragraph 0014-0015 where the public key of the authorized devices that identifies the authorized devices that corresponds to the claim limitation of metadata associated with one of the respective authorized devices is stored in the data storage device 101. During an enrollment process, the host 102 sends its public key (PuB) to the drive 101 with a request for generating secure storage for its data. The drive 101 then generates a public and private key pair (PuA, PrA) to be used for authenticating with the host 102. The drive 101 also generates a bulk encryption key Kb that will be used to encrypt the data associated with host 102.Drive 101 wraps bulk encryption key Kb with the public key (PuA) of the authentication authority to calculate WPuA(Kb). Wrapping involves encryption with integrity measurements (e.g., using hash functions). After Kb has been wrapped with PuA, Kb can only be recovered by unwrapping WPuA(Kb) with private key PrA ].


As per dependent claim 10, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein the metadata is stored in the data store in encrypted form using a cryptographic key contained in a certificate issued by the data storage device and received from the authorized device. [See paragraph 0019, the public key of the authorized device that meets the claim limitation of a metadata/that identifies the authorized device is encrypted using a Random number issued by the data storage device to produce the challenge. This same Random number that meets the cryptographic key is received from the authorized device after the authorized device or host decrypt the challenge with its private own private key. “Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102. Host 102 then uses its private key PrB to decrypt the challenge C to recover the random number R. Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping Kb from WPuA(Kb).” And see paragraph 0024, Drive 101 and host 102 can also use digital certificates to provide an additional assurance that they are communicating with each other, as opposed to an unauthorized computer system that is intercepting their communications.]


As per dependent claim 11, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein the metadata comprises an identifier of one of the respective authorized devices. [See paragraph 0014-0015 where the public key of the authorized devices that identifies the authorized devices that corresponds to the claim limitation of metadata associated with one of the respective authorized devices is stored in the data storage device 101. During an enrollment process, the host 102 sends its public key (PuB) to the drive 101 with a request for generating secure storage for its data.]

As per dependent claim 12, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein each entry comprises a cryptographic key decryptable based on the response. [See paragraph 0021, The hard disk drive wraps the secret S (e.g., private key PrA) with the response R of the challenge. In other words, the hard disk drive computes WR(S), where the wrapping function both encrypts and provides integrity measurements….the host system returns the response R to the hard disk drive after receiving the challenge C from the hard disk drive. The hard disk drive then computes the number R′=f(R) using the function and the response R, and unwraps WR′(S) using number R′.]


As per dependent claim 13, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein the cryptographic key decryptable based on the response is identical for multiple authorized devices. [See paragraph 0021 where S the private key PrA of the storage device is the same for all authorized host devices. The hard disk drive wraps the secret S (e.g., private key PrA) with the response R of the challenge. In other words, the hard disk drive computes WR(S), where the wrapping function both encrypts and provides integrity measurements….the host system returns the response R to the hard disk drive after receiving the challenge C from the hard disk drive. The hard disk drive then computes the number R′=f(R) using the function and the response R, and unwraps WR′(S) using number R′.]


As per dependent claim 14, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein the cryptographic key decryptable based on the response enables decryption of the encrypted user content data. [See paragraphs 0023-0024, The host returns a random number in response to receiving C. Hard disk drive 101 can then recover secret S using the random number received from the host and authenticate itself to the host 102. To secure all the data and resources that are associated with the host operating system 102, the encryption key Kb that secures the user data 105 is wrapped with the secret S. In this manner, data 105 can be recovered only after the authentication. See paragraph 0018, In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105.]


As per dependent claim 15, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein decryption of the encrypted user content data comprises decryption of one or more further keys in a chain of keys to a user content encryption key configured to decrypt the encrypted user content data. [See paragraphs 0023-0024, The host returns a random number in response to receiving C. Hard disk drive 101 can then recover secret S using the random number received from the host and authenticate itself to the host 102. To secure all the data and resources that are associated with the host operating system 102, the encryption key Kb that secures the user data 105 is wrapped with the secret S. In this manner, data 105 can be recovered only after the authentication. See paragraph 0018, In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105.]


As per dependent claim 16, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein the records stored in the data store are indexed based on an identifier of the authorized device [See paragraph 0017, where the public key that is stored in the storage device that is stored or registered during enrollment process broadly meets the claim limitation “indexed” based on as an identifier of the host or authorized device and retrieved and used for the purpose of authentication to generate a challenge where the challenge is encrypted with this particular registered public key of the authorized device/host. See paragraph 0014-0015 where the public key of the authorized devices that identifies the authorized devices is stored in the data storage device 101. During an enrollment process, the host 102 sends its public key (PuB) to the drive 101 with a request for generating secure storage for its data. See paragraph 0017 FIG. 2 illustrates an example of a technique for securing data stored on a hard disk drive using challenge and response pairs, according to an embodiment of the present invention. According to the data security technique of FIG. 2, hard disk drive 101 uses public key PuB to generate a challenge and response pair. R is a random number (e.g., 256 bits) and C is a challenge number. The random number R is the correct response to the challenge C. For example, the challenge number C can be the random number R encrypted with the public key PuB of host 102, i.e., C=EPuB(R). It follows that the random number R equals the challenge number C decrypted with the private key PrB of host 102, i.e., R=DPrB(C).]

As per dependent claim 19, the combination of Souza and Linecker discloses the method/system as applied to claims above. Furthermore, Souza discloses the method/system 
wherein the data storage device is further configured to: responsive to being in a locked state, register with the host computer system as a mass data storage device without a storage medium present; and responsive to being in an unlocked state, register with the host computer system as a mass data storage device with a storage medium present.[See at least paragraph 0020, The technique of FIG. 2 securely hides the authentication information needed by the hard disk drive in order to perform authentication. Embodiments of the present invention can also apply to any device locking data/resources to a host authority. If a secret S (e.g., a symmetric or asymmetric secret key) is called, then the hard disk drive pre-computes a challenge and response pair (C, R), for the host authority.]


13.	Claims 2, 5-7 and 17-18 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Jorge Campello de Souza (herein after referred as Souza) (US Publication No. 2009/0138727 A1) (May, 2009) in view of Anton Franz Linecker (hereinafter referred as Linecker) (US Publication No. 2010/0122327 A1) (May 13, 2010) and further in view of ERIC Le Saint [hereinafter referred as Saint) (US Publication No. 2018/0167208 A1) (Jun 14, 2018)


As per independent claim 2, the combination of Souza and Linecker discloses a data storage device [See paragraph 0010 and FIG. 1 includes a hard disk drive 101] comprising a data path [See at least paragraph 0010 this data storage device 101 provides a data communication path between itself and the host shown on figure 1, 102 so that it can stores user data 105 generated by host system 102, A user generates user data 105 through host operating system 102, or alternatively, another type of host system. Hard disk drive 101 stores data 105 on hard disk 104.] and an access controller [See at least paragraph 0010 and figure 1, “controller 106”, Controller 106 runs software code for controlling many of the functions of hard disk drive 101, including data security and access control functions, according to some embodiments of the present invention.] wherein: 
the data path comprises: a data port configured to transmit data between a host computer system and the data storage device [See paragraph 0010-0011 and figure 1, data storage device 101 provides a data communication path between itself and the host shown on figure 1, 102 so that it can stores user data 105 generated by host system 102, A user generates user data 105 through host operating system 102, or alternatively, another type of host system. Hard disk drive 101 stores data 105 on hard disk 104.See also paragraph 0011, If hard disk drive 101 and host operating system 102 are on separate computer machines, drive 101 and host 102 can communicate with each other over a network, e.g., a local area network or wide area network.], wherein the data storage device is configured to register with the host computer system as a block data storage device [See paragraph 0014 and 0015, how during enrollment, the host computer 102 register with storage device 101 by providing its public key PuB. “During an enrollment process, the host 102 sends its public key (PuB) to the drive 101 with a request for generating secure storage for its data…]; 
a non-volatile storage medium [See figure 1, 104, “non-volatile memory] configured to store encrypted user content data [See paragraph 0013, figure 1, 105 where encrypted user content is stored. “FIG. 1, data 105 is encrypted with a bulk encryption key Kb in order to protect data 105 from unauthorized access and also to associate data 105 with host 102.”]; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system [See paragraph 0013, The one or more keys are put under access control to prevent an unauthorized user from obtaining access to the key(s) and decrypting data 105. In the example of FIG. 1, data 105 is encrypted with a bulk encryption key Kb in order to protect data 105 from unauthorized access and also to associate data 105 with host 102. See also paragraph 0018-0019. Host 102 requests a challenge from hard disk drive 101 to initiate the authentication process. Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102. Host 102 then uses its private key PrB to decrypt the challenge C to recover the random number R. Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping Kb from WPuA(Kb) and In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R] ; and 
the access controller is configured to: 
generate a challenge for an authorized device [See at least paragraph 0017, FIG. 2 illustrates an example of a technique for securing data stored on a hard disk drive using challenge and response pairs, according to an embodiment of the present invention. According to the data security technique of FIG. 2, hard disk drive 101 uses public key PuB to generate a challenge and response pair]; 
send the challenge to the authorized device over a communication channel [See at least paragraph 0019, Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102 and see paragraph 0011, hard disk drive 101 and host operating system 102 are on separate computer machines, drive 101 and host 102 can communicate with each other over a network, e.g., a local area network or wide area network ]
 receive a response to the challenge from the authorized device over the communication channel; calculate the cryptographic key based at least partly on the response [paragraph 0020-0021, a secret S (e.g., a symmetric or asymmetric secret key) is called, then the hard disk drive pre-computes a challenge and response pair (C, R), for the host authority. The hard disk drive wraps the secret S (e.g., private key PrA) with the response R of the challenge. In other words, the hard disk drive computes WR(S), where the wrapping function both encrypts and provides integrity measurements. Alternatively, the hard disk drive can wrap the secret S with a number R′ that is a function of the response R, that is R′=f(R). The hard disk drive also stores WR(S) and C on the hard disk. During authentication, the host system returns the response R to the hard disk drive after receiving the challenge C from the hard disk drive. The hard disk drive then computes the number R′=f(R) using the function and the response R, and unwraps WR′(S) using number R′. See also paragraph 0022-0023, To recover S, the hard disk drive 101 needs random number R. The only way for hard disk drive 101 to get random number R is to recover it from the challenge number C. The only system capable of generating R from C is the host operating system 102…. The HDD then sends challenge number C to host 102. The host returns a random number in response to receiving C. Hard disk drive 101 can then recover secret S using the random number received from the host]; and 
provide the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium of the data storage device [See paragraph 0024, To secure all the data and resources that are associated with the host operating system 102, the encryption key Kb that secures the user data 105 is wrapped with the secret S. In this manner, data 105 can be recovered only after the authentication and see paragraph 0018, In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R.].


The combination of Souza and Linecker substantially discloses all the limitation recited in the claim but doesn’t explicitly disclose the following claim limitation:
“wherein the challenge is based on elliptic curve cryptography”.

However Saint on paragraph abstract and 0025 discloses the following that meets the above claim limitation:

A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. A “blinded key,” such as a “blinded public key” may include a key that has been obfuscated or otherwise modified from its original value by combination with another data element, such as a cryptographic nonce. For example, in elliptic curve cryptography, a public key may be multiplied by the nonce to generate a “blinded public key.” Similarly, a private key may be multiplied by the nonce to generate a “blinded private key.” The nonce may have the same bit-length as the public key and the private key. 




Souza, Linecker and Saint are analogous arts and are in the same field of endeavor as they all pertain for secure authentication. 
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement in the system of Souza and Linecker a mechanism to add a feature such as “the challenge is based on elliptic curve cryptography” as taught by Saint because this would enable for confidentially and securely provisioning data to an authenticated user device. [See Saint at least the abstract.]


As per independent claim 5, the combination of Souza, Linecker and Saint discloses a  method/system as applied to claim above. Furthemore Saint discloses the method/system wherein the access controller is further configured to generate a blinding value for each challenge; and the challenge is based on the public key of the data storage device multiplied by the blinding value. [See at least paragraph 0054, the provisioning server 260 may generate a provisioning server blinding factor (e.g., a cryptographic nonce), and use the provisioning server public key and the provisioning server blinding factor to generate a blinded provisioning server public key. For example, the provisioning server 260 may generate the blinded provisioning server public key by performing a multiplication operation on the provisioning server public key and the provisioning server blinding factor]


As per independent claim 6, the combination of Souza, Linecker and Saint discloses a  method/system as applied to claim above. Furthemore Saint discloses the method/system wherein the access controller is further configured to: calculate an inverse of the blinding value; calculate the cryptographic key by multiplying the response with the inverse of the blinding value to determine an unlock secret; and use the unlock secret to derive the cryptographic key. [See paragraph 0054 and 0056, at least paragraph 0054, the provisioning server 260 may generate a provisioning server blinding factor (e.g., a cryptographic nonce), and use the provisioning server public key and the provisioning server blinding factor to generate a blinded provisioning server public key. For example, the provisioning server 260 may generate the blinded provisioning server public key by performing a multiplication operation on the provisioning server public key and the provisioning server blinding factor. The user device 220 may use the first session key to decrypt the encrypted provisioning server certificate to obtain the provisioning server certificate. In some embodiments, the user device 220 may also receive and decrypt the encrypted provisioning server blinding factor. The user device 220 may verify the provisioning server certificate 264 using the CA public key of the CA certificate 232. In some embodiments, the user device 220 may verify the blinded provisioning server public key using the provisioning server blinding factor and the provisioning server public key of the provisioning server certificate 264. In some embodiments, the user device 220 may also receive and decrypt the encrypted authentication cryptogram and may also validate the authentication cryptogram]


As per independent claim 7, the combination of Souza, Linecker and Saint discloses a  method/system as applied to claim above. Furthemore Saint discloses the method/system wherein the response is based on a private key stored in a secure hardware module in the authorized device. [See at least paragraph 0041-0042, The registration request may also include a challenge. The registration request may be passed from the authentication server 140 through the webserver to the user device 120. In response to receiving the registration request, the user device 120 may prompt the user 180 to authenticate themselves. The user device 120 may require authentication of the user 180 based on the authentication criteria of the registration request. At 102, the user 180 may input authentication information into the user device 120. For example, the user 180 may input authentication information including at least one of a user identifier, a password, passcode, a PIN, a fingerprint scan, a retinal scan, or other biometric data. In response to receiving the authentication information input by the user 180, the user device 120 may generate a user device authentication key pair (“UD Auth. Pub. & Priv. Key Pair”) 126. The user device authentication key pair 126 includes a user device authentication public key (“UD Auth. Pub. Key”) 128 and a user device authentication private key corresponding to the user device authentication public key. The user device authentication key pair 126 may be uniquely identified with the user 180 and the authentication information input by the user 180. The user device 120 may store the user device authentication key pair 126 (e.g., in a memory circuit)]

As per independent claim 17, the combination of Souza, Linecker and Saint discloses a  method/system as applied to claim above. Furthemore Saint discloses the method/system wherein the response is based on a pass phrase received by the authorized device. [See at least paragraph 0118, To authenticate, the user may input authentication information into the user device 720. For example, the user may input authentication information including at least one of a user identifier, a password, passcode, a PIN, a fingerprint scan, a retinal scan, or other biometric data. In response to authenticating the user, the user device 620 may generate a user device authentication key pair (UD Auth. Pub. & Priv. Key Pair”) 626 including a user device authentication public key 628 and a user device authentication private key corresponding to the user device authentication public key. The user device 720 may associate the input authentication information with the user device authentication key pair. The user device 620 may sign the user device authentication public key 628 using the user device attestation private key to obtain a signed user device authentication public key]


As per independent claim 18, the combination of Souza, Linecker and Saint discloses a  method/system as applied to claim above. Furthemore Saint discloses the method/system wherein a private key that is used to calculate the response is derived from the pass phrase [See at least paragraph 0118,…To authenticate, the user may input authentication information into the user device 720. For example, the user may input authentication information including at least one of a user identifier, a password, passcode, a PIN, a fingerprint scan, a retinal scan, or other biometric data. In response to authenticating the user, the user device 620 may generate a user device authentication key pair (UD Auth. Pub. & Priv. Key Pair”) 626 including a user device authentication public key 628 and a user device authentication private key corresponding to the user device authentication public key. The user device 720 may associate the input authentication information with the user device authentication key pair. The user device 620 may sign the user device authentication public key 628 using the user device attestation private key to obtain a signed user device authentication public key].


Conclusion
14.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A. 	US Publication No. 2016/0085959 A1 to Trika discloses a host system may include a provisioning module configured to generate a challenge-response verification key-pair and further to provide the key-pair to the storage device to enable the challenge-response verification. The system may also include a link error detection module to detect a link error between the host system and the storage device. The system may further include a challenge-response protocol module configured to initiate, in response to the link-error detection, a verification challenge from the storage system and to provide a response to the verification challenge based on the key-pair.

B.	 US Patent No. 7805611 B1 to Montemayor discloses a method and system is provided to secure a data transmission from a chip card to an off-card entity. A transport key is generated at the off-card entity. The transport key is transmitted in a secure manner from the off-card entity to the chip card. At the chip card, the transport key is used to encrypt data to be sent from the chip card to the off-card entity. The data having been encrypted at the chip card using the transport key is then transmitted from the chip card to the off-card entity. The off-card entity is capable of decrypting the data received from the chip card through use of the transport key previously generated at the off-card entity.
C. 	US Publication 2004/0101141 A1 to Alve discloses, a system and method for the secure installation of a cryptographic system on distributed devices. The system employs a secure device with a device ID, secure processing environment, and a cryptographic key. The secure device communicates with a cryptographic system provider. The cryptographic system provider employs a shared secret between itself and the secure device to ensure the secure transmission and installation of the cryptographic system.
D. 	US Publication 20160140334 A1 to Forehand discloses, apparatus and method for controlling access to protected functionality of a data storage device. In some embodiments, a plurality of identification (ID) values associated with a data storage device are combined to form a combined ID value. The combined ID value is cryptographically processed using a secret symmetric encryption key in combination with a hash function or a key derivation function to generate a unique device credential for the data storage device. The unique device credential is used as an input to a selected cryptographic function to control access to a protected function of the data storage device.

E.	See the other cited references. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498