Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed action 
Claims 1-20 are pending and are being considered.
Claims 1, 9, 13, 19 and 20 have been amended.
Claims 8 have been cancelled.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/02/2022 and 05/19/2022 was filed after the mailing date of the application no. 16739015 on 01/09/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Examiner's Amendments
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner's amendment was given in a telephone interview from Devin S. Morgan Reg. No. 45562 on 05/19/2022.

AMEND THE CLAIMS AS FOLLOWS:

1.       (currently amended)  A data storage device comprising:
a data path comprising:
a data port configured to transmit data between a host computer system and the data storage device; 
a non-volatile storage medium configured to store encrypted user content data; and
a cryptography engine connected between the data port and the non-volatile storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the non-volatile storage medium in response to a data request from the host computer system; and
an access controller configured to:
store, on a non-volatile data store of the data storage device and before receiving a registration request, authorization data associated with a manager device and comprising a manager key in encrypted form;
during a registration process to register a user device with the data storage device:
receive, from the user device, the [[a]] registration request to register the user device;
generate, responsive to the registration request, a remote registration challenge for the [[a]] manager device, wherein: 
the host computer system is a first device;
the user device is a second device; 
the manager device is a third device; and 
the manager device is located remotely from the data storage device;
send, to the user device, the remote registration challenge for the manager device, wherein the user device is configured to communicate the remote registration challenge to the manager device;
receive, from the user device, a remote registration response calculated by the manager device to approve the registration request, wherein the user device is further configured to receive the remote registration response from the manager device;
decrypt the manager key based at least partly on the remote registration response;
calculate the cryptographic key based at least partly on the remote registration response calculated by the manager device and the manager key; and
create and store, on [[a]] the non-volatile data store 
during an unlock process for the registered user device:
receive, from the registered user device, an unlock request;
determine, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; and
provide, responsive to the unlock request, the cryptographic key to the cryptography engine to decrypt the encrypted user content for access by the host computer system.
8.	(Cancelled)
9.	 (Currently Amended) The data storage device of claim 1 [[8]], wherein: the manager key is encrypted based on a discarded ephemeral private key; the remote registration challenge is based on an ephemeral public key that corresponds to the discarded ephemeral private key; and the access controller decrypts the manager key based on an ephemeral unlock secret generated from the discarded ephemeral private key and an unlocking public key.

13. 	(Currently Amended) The data storage device of claim 11, wherein: the generation of the remote registration challenge is enabled by providing access, in response to receiving the registration request, to an ephemeral public key; and the ephemeral public key is associated with a discarded ephemeral private key used to encrypt [[a]] the manager key.

19.	 (Currently Amended) A method for approving access to a data storage device, the method comprising: 
storing, on a non-volatile data store of the data storage device and before receiving a registration request, authorization data associated with a manager device and comprising a manager key in encrypted form;
during a registration process to register a user device with the data storage device: 
receiving, from the user device, [[a]] the registration request to register the user device; 
generating a remote registration challenge for [[a]] the manager device, wherein the manager device is located remotely from the data storage device; 
sending, to the user device, the remote registration challenge for the manager device, wherein the user device is configured to communicate the remote registration challenge to the manager device; 
receiving, from the user device, a remote registration response calculated by the manager device to approve the registration request, wherein the user device is further configured to receive the remote registration response from the manager device;
decrypt the manager key based at least partly on the remote registration response;
 calculating a cryptographic key, usable to decrypt user content data stored on the data storage device, based at least partly on the remote registration response calculated by the manager device and the manager key; 
and Page 8 of 17 Application No. 16/739,015Atty. Dkt. No. WDA-4673-UScreating and storing, on the [[a]] non-volatile data store [[in]] of the data storage device, an encrypted authorization data entry associated with the user device, the encrypted authorization data entry indicating the cryptographic key;
 and during an unlock process using the registered user device:
 receiving, from the registered user device, an unlock request; 
determining, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; 
and using, responsive to the unlock request and a data request from a host computer system, the cryptographic key to decrypt encrypted user content from a non-volatile storage medium of the data storage device for access by the host computer system, wherein: 
the host computer system is a first device; 
the user device is a second device; 
and the manager device is a third device.  

20. 	(Currently Amended) A data storage device comprising: 
means for storing, on a non-volatile data store of the data storage device and before receiving a registration request, authorization data associated with a manager device and comprising a manager key in encrypted form;

means for receiving, during a registration process and from a user device, [[a]] the registration request to register the user device with the data storage device; 
means for generating, during the registration process, a remote registration challenge for [[a]] the manager device, wherein the manager device is located remotely from the data storage device; 
Page 9 of 17means for sending, during the registration process and to the user device, the remote registration challenge for the manager device, wherein the user device is configured to communicate the remote registration challenge to the manager device;
 means for receiving, during the registration process and from the user device, a remote registration response calculated by the manager device to approve the registration request, wherein the user device is further configured to receive the remote registration response from the manager device; 
means for decrypting, during the registration process, the manager key based at least partly on the remote registration response;
means for calculating, during the registration process, a cryptographic key, usable to decrypt user content data stored on the data storage device, based at least partly on the remote registration response calculated by the manager device and the manager key;
 means for creating and storing, during the registration process and on [[a]] the non-volatile data store [[in]] of the data storage device, an encrypted authorization data entry associated with the user device, the encrypted authorization data entry indicating the cryptographic key, to register the user device with the data storage device;
 means for receiving, during an unlock process and from the registered user device, an unlock request; means for determining, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; 
and means for using, responsive to the unlock request and a data request from a host computer system, the cryptographic key to decrypt encrypted user content from a non-volatile storage medium of the data storage device for access by the host computer system, wherein: Page 10 of 17 
Application No. 16/739,015Atty. Dkt. No. WDA-4673-USthe host computer system is a first device;
 the user device is a second device; and the manager device is a third device.
the host computer system is a first device; 
the user device is a second device; 
and the manager device is a third device.  

Response to arguments
Applicants arguments filled on 04/01/2022 have been fully considered and are persuasive.
Allowable Subject matter
Claims 1-7 and 9-20 are allowed.
Examiner’s Statement of Reason for Allowance
According to 37 C.F.R. 1.104(e), it is the examiner's discretion to evaluate at the time of allowance whether the record of the prosecution as a whole does not make clear his or her reasons for allowing a claim or claims and set forth such a reasoning. At this time, the examiner believes that the claims allowed above require a separate reasoning to make the record clearer. The applicant or patent owner may file a statement commenting on the reasons for allowance within such time as may be specified by the examiner.
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
The present invention is directed towards a data storage device that enables registration of a user device while a registered manager device is in a remote location by receiving, from a user device, a request to register the user device; generate a challenge for a manager device, wherein the manager device is located remotely from the data storage device; send, to the user device, the challenge for the manager device; receive, from the user device, a response calculated by the manager device to approve the request to register; calculate the cryptographic key based at least partly on the response calculated by the manager device; and create and store, on the non-volatile data store, authorization data associated with the user device, wherein the authorization data indicates the cryptographic key, to register the user device with the data storage device.
Claim 1, 19 and 20 identifies a unique and distinct feature of “….during a registration process to register a user device with the data storage device…. receive, from the user device, a remote registration response calculated by the manager device to approve the registration request….decrypt the manager key based at least partly on the remote registration response; calculate the cryptographic key based at least partly on the remote registration response calculated by the manager device and the manager key…and during an unlock process for the registered user device…. determine, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; and provide, responsive to the unlock request, the cryptographic key to the cryptography engine to decrypt the encrypted user content for access by the host computer system” including other limitations in the claims.
The closest prior art BASKARAN et al (US 20180062863) is directed towards a method of facilitating authentication. The method includes receiving a request corresponding to a transaction over a first communication channel. Further, the method includes transmitting a challenge to a user device associated with the request over a second communication channel disparate from the first communication channel. Additionally, the method includes receiving a response from the user device comprising an encrypted version of the challenge. The encrypted version is obtained by encrypting the challenge based on a public key. The public key is obtained by decrypting an entity secret stored in the user device based on a passcode provided by the user of the user device. Further, the method includes decrypting the response based on a private key corresponding to the public key to obtain a result.
BASKARAN teaches an access controller for receiving registration request, generating a challenge for the manager device based on the registration request and calculate cryptographic key based on the response calculated by the manager device, BASKARAN fails to explicitly teach during a registration process to register a user device with the data storage device…. receive, from the user device, a remote registration response calculated by the manager device to approve the registration request….decrypt the manager key based at least partly on the remote registration response; calculate the cryptographic key based at least partly on the remote registration response calculated by the manager device and the manager key…and during an unlock process for the registered user device…. determine, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; and provide, responsive to the unlock request, the cryptographic key to the cryptography engine to decrypt the encrypted user content for access by the host computer system.
The closest prior art Bolotin et al (US 20190007203) is directed towards a data security system including: a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem. The self-encrypting device provides host-independent (e.g., autonomous) user-authentication because the self-encrypting device does not use the resources from the host to authenticate the user, instead, the self-encrypt and device utilizes its own resources to authenticate a user. Further, the user authentication by the self-encrypting device is independent, not only from the host, but also from the operating system (OS) executing in the host because the OS resources are not used for the user authentication. The resources used by the self-encrypting device for authenticating the user include a radiofrequency transceiver to receive the user-authentication information.
Bolotin teaches cryptographic engine connected between storage medium and data port to decrypt the encrypted data using cryptographic key and providing data cryptographic key to the cryptographic engine for performing decryption responsive to an unlock request. However just like BASKARAN, Bolotin also fails to teach during a registration process to register a user device with the data storage device…. receive, from the user device, a remote registration response calculated by the manager device to approve the registration request….decrypt the manager key based at least partly on the remote registration response; calculate the cryptographic key based at least partly on the remote registration response calculated by the manager device and the manager key…and during an unlock process for the registered user device…. determine, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; and provide, responsive to the unlock request, the cryptographic key to the cryptography engine to decrypt the encrypted user content for access by the host computer system.
The closest prior art Le Saint et al (US 20180167208) is directed towards methods for securely authenticating a user device. A user device may be authenticated by an authentication server. The user device may have previously registered a user device authentication public key of the user device with the authentication server. To authenticate the user device, the authentication server may send an authentication challenge to the user device. The authentication server may encrypt the authentication challenge prior to sending it to the user device. The user device may decrypt the authentication challenge to obtain the authentication challenge.
Le Saint teaches communicating challenge to the manager device and approving the registration request by the manager device Just like BASKARAN and Bolotin, Le Saint also fails to teach during a registration process to register a user device with the data storage device…. receive, from the user device, a remote registration response calculated by the manager device to approve the registration request….decrypt the manager key based at least partly on the remote registration response; calculate the cryptographic key based at least partly on the remote registration response calculated by the manager device and the manager key…and during an unlock process for the registered user device…. determine, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; and provide, responsive to the unlock request, the cryptographic key to the cryptography engine to decrypt the encrypted user content for access by the host computer system.

Therefore, the prior art of record does not teach or suggest individually or in combination the particular limitation listed below as recited in the claims.
“….during a registration process to register a user device with the data storage device…. receive, from the user device, a remote registration response calculated by the manager device to approve the registration request….decrypt the manager key based at least partly on the remote registration response; calculate the cryptographic key based at least partly on the remote registration response calculated by the manager device and the manager key…and during an unlock process for the registered user device…. determine, responsive to the unlock request and based on the encrypted authorization data entry associated with the registered user device, the cryptographic key; and provide, responsive to the unlock request, the cryptographic key to the cryptography engine to decrypt the encrypted user content for access by the host computer system”
None of the prior art of record, either taken individually or in any combination, would have anticipated or made obvious the invention of the instant application at or before the time it was filled.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        

/MOEEN KHAN/               Examiner, Art Unit 2436