Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This is a reply to the application filed on 10/15/2020, in which, claim(s) 1-20 are pending. Claim(s) 1, 8 and 17 are independent. 

Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 05/12/2022 The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The submitted drawings, filed 10/15/2020, are acceptable for the examination purpose.

Claim Objections
Claims below objected to because of the following informalities:
Claim 1, line 8, the claim cited “drive entropy source this is embedded”, it should be read as  “drive entropy source that is embedded”.
   In claim 10, line 2, the acronym “OS” does not have a recognized meaning and should be defined. Examiner suggests replacing OS with “operating system (OS)” or appropriate correction is required in response to this office action.
In claim 11, line 2, the acronym “OS” does not have a recognized meaning and should be defined. Examiner suggests replacing OS with “operating system (OS)” or appropriate correction is required in response to this office action
Claim 17, line 4, the claim cited “receivean application”, it should be read as “receive an application”.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that
form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale,
or otherwise available to the public before the effective filing date of the claimed invention.



Claims (1-11, 14, and 16-19) is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by ALENDAL, et al., ("got HW crypto? On the (in)security of a Self-Encrypting Drive series", 28th-September-2015, pp 1-36).

Referring to claim 1, ALENDAL teaches a system for enhancing security of device-internal encryption with externally generated entropy, the system comprising ([ALENDAL, ¶abstract]” Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self encryption external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.“):
a host operating system (OS) that is communicatively coupled to a Self-Encrypting Drive, wherein the host OS is configured to transmit data that is generated by an application to the Self-Encrypting Drive ([ALENDAL, ¶Introduction, Figure. 1]” The Western Digital My Passport and My Book devices are external hard drive series connecting to host computers using USB 2.0, USB 3.0, Thunderbolt or Firewire, depending on model. These consumer off-the-shelf hard drives are available world wide. Many of the models advertise the benefit of hardware implemented encryption. These hard drives comes pre-formatted, pre-encrypted and are supported by various free software from Western Digital, both for Windows and Mac, to manage and secure the hard disks”); and
an encryption controller that is embedded within the Self-Encrypting Drive, wherein the encryption controller is configured to ([ALENDAL, ¶ 2.1, Figure 1, Page 3] (USB bridges supporting HWAES)” The encryption and decryption in many of the My Passport models are done by the USB bridge that connects the host computer via USB to the SATA interface of the 2.5" HDD. In this bridge, the data is encrypted and decrypted after user authentication"; Figure 1 ):

    PNG
    media_image1.png
    481
    557
    media_image1.png
    Greyscale

receive a first number from a drive entropy source this is embedded within the
Self-Encrypting Drive ([ALENDAL, ¶4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3), receive a second number from a host entropy source that is external to the Self Encrypting Drive ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The MP devices support Windows and Mac as Host-OS. The erase command, resetting the DEK , is initiated from software running on the host computer. It is a dangerous command, so as a form of protection, there is a 4 byte ”SYN/ACK” as a challenge-response mechanism. These 4 bytes are handed
to the host computer through every status VSC sent to the device. So to be able to erase the disk: first the host computer has to send a status VSC to retrieve a 4-byte ”SYN” and then include this in the following erase VSC . The MP device will check if the SY N given out in last status VSC matches the received ACK value as part of the erase VSC. In addition, the erase VSC sends KeyLength key bytes to the MP. These KeyLength key bytes will be used in the DEK generation scheme. To generate an AES-256 key, the erase VSC provides 32 key bytes. It turns out that 32 bytes are always provided, regardless of the DEK length to be generated.
A key length of 32 bytes sounds a reasonable length of the host-provided key material, given (P)RNG generated data. However, it turns out that these 32 bytes are just eight repetitions of a 4 byte value, reducing the entropy source to a 32-bit value. Even for a truly random 32-bit value, a modern computer needs only a second to brute force. This 32-bit value comes from GetTickCount () on Windows host computers and rand() seeded with time() on Mac OS.”, Algorithm 3), generate an encryption key based on a combination of the first number and the second number ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] ⊕ HWRNGBYTE()”), encrypt the data, that is generated by the application, into encrypted data in accordance with the encryption key, and write the encrypted data to a storage medium that is embedded within the Self Encrypting Drive  ([ALENDAL, ¶ 2.3, Page 6] (Authentication and data confidentiality)” For those My Passport drives that support HW encryption by the USB bridge (see Tablel), the chip uses an AES-128 or AES-256 bit key to encrypt user data before storing it on the HDD. This datakey will from now on be called the DEK"; Algorithm 3: "DEK"“).

Referring to claim 2, ALENDAL teaches the system of claim 1, wherein the second number is provided to the encryption controller within an application programing interface (API) call that facilitates an initialization protocol of the Self-Encrypting Drive to ([ALENDAL, ¶Introduction, Figure. 1]” The Western Digital My Passport and My Book devices are external hard drive series connecting to host computers using USB 2.0, USB 3.0, Thunderbolt or Firewire, depending on model.”,  ([ALENDAL, ¶ 7.1.4, Page 24] (Key material source 2: on-board RNG)” As we can see from Algorithm 7, the two sources of on-device key material are HWRNG32() and GetTickCnt().“, ([ALENDAL, ¶ 2.1, Figure 1, Page 3] (USB bridges supporting HWAES)” The encryption and decryption in many of the My Passport models are done by the USB bridge that connects the host computer via USB to the SATA interface of the 2.5" HDD. In this bridge, the data is encrypted and decrypted after user authentication is successful", Algorithm 7).



Referring to claim 3, ALENDAL teaches the system of claim 1, wherein the encryption controller is further configured to:
generate, based upon an additive cipher, the combination of the first number and the
second number, and subsequent to generating the combination based upon the additive cipher, apply a cryptographic function to the combination, that is generated based on the additive cypher, to generate the encryption key ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”).

Referring to claim 4, ALENDAL teaches the system of claim 1, wherein the drive entropy source is a random number generator (RNG) that is embedded within the Self-Encrypting Drive ([ALENDAL, ¶ 4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3).

Referring to claim 5, ALENDAL teaches the system of claim 4, wherein the RNG that is embedded within the Self- Encrypting Drive is a first RNG ([ALENDAL, ¶ 4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3); and 
wherein the host entropy source is a second RNG that is embedded within a central processing unit that is operating to execute the host OS ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The MP devices support Windows and Mac as Host-OS. The erase command, resetting the DEK , is initiated from software running on the host computer. It is a dangerous command, so as a form of protection, there is a 4 byte ”SYN/ACK” as a challenge-response mechanism. These 4 bytes are handed to the host computer through every status VSC sent to the device. So to be able to erase the disk: first the host computer has to send a status VSC to retrieve a 4-byte ”SYN” and then include this in the following erase VSC . The MP device will check if the SY N given out in last status VSC matches the received ACK value as part of the erase VSC. In addition, the erase VSC sends KeyLength key bytes to the MP. These KeyLength key bytes will be used in the DEK generation scheme. To generate an AES-256 key, the erase VSC provides 32 key bytes. It turns out that 32 bytes are always provided, regardless of the DEK length to be generated. A key length of 32 bytes sounds a reasonable length of the host-provided key material, given (P)RNG generated data. However, it turns out that these 32 bytes are just eight repetitions of a 4 byte value, reducing the entropy source to a 32-bit value. Even for a truly random 32-bit value, a modern computer needs only a second to brute force. This 32-bit value comes from GetTickCount () on Windows host computers and rand() seeded with time() on Mac OS.”, Algorithm 3).

Referring to Claim 6, ALENDAL teaches the system of claim 1, wherein:
the first number that is received from the drive entropy source is a first N-bit number 
the second number that is received from the host entropy source is a second N-bit number, and the combination of the first number and the second number is a third N-bit number ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] ⊕ HWRNGBYTE()”).

Referring to Claim 7, ALENDAL teaches the system of claim 6, wherein the third N-bit number is generated by application of an additive cipher to the first N-bit number and the second N-bit number within the encryption controller of the Self-Encrypting Drive ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] ⊕ HWRNGBYTE()”).

Referring to Claim 8, ALENDAL teaches a computer-implemented method, comprising:
generating, locally within an encryption device, a first random number using a first random number generator that is embedded within the encryption device ([ALENDAL, ¶ 4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3);
receiving, at the encryption device, a second random number that is generated using a second random number generator that is external to the encryption device ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The MP devices support Windows and Mac as Host-OS. The erase command, resetting the DEK , is initiated from software running on the host computer. It is a dangerous command, so as a form of protection, there is a 4 byte ”SYN/ACK” as a challenge-response mechanism. These 4 bytes are handed to the host computer through every status VSC sent to the device. So to be able to erase the disk: first the host computer has to send a status VSC to retrieve a 4-byte ”SYN” and then include this in the following erase VSC . The MP device will check if the SY N given out in last status VSC matches the received ACK value as part of the erase VSC. In addition, the erase VSC sends KeyLength key bytes to the MP. These KeyLength key bytes will be used in the DEK generation scheme. To generate an AES-256 key, the erase VSC provides 32 key bytes. It turns out that 32 bytes are always provided, regardless of the DEK length to be generated.
A key length of 32 bytes sounds a reasonable length of the host-provided key material, given (P)RNG generated data. However, it turns out that these 32 bytes are just eight repetitions of a 4 byte value, reducing the entropy source to a 32-bit value. Even for a truly random 32-bit value, a modern computer needs only a second to brute force. This 32-bit value comes from GetTickCount () on Windows host computers and rand() seeded with time() on Mac OS.”, Algorithm 3);
generating a combined entropy input by combining the first random number and the second random number via a first algorithm ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”);
generating an encryption key by applying a second algorithm to the combined entropy
input [ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”); and
encrypting data into encrypted data in accordance with the encryption key ([ALENDAL, ¶ 2.3, Page 6] (Authentication and data confidentiality)” For those My Passport drives that support HW encryption by the USB bridge (see Tablel), the chip uses an AES-128 or AES-256 bit key to encrypt user data before storing it on the HDD. This datakey will from now on be called the DEK"; Algorithm 3: "DEK"“).

Referring to Claim 9, ALENDAL teaches the computer-implemented method of claim 8, wherein each of the combined entropy input and the encryption key are generated locally within the encryption device ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”).

Referring to Claim 10, ALENDAL teaches the computer-implemented method of claim 8, further comprising:
receiving, from a host OS that is communicatively coupled to the encryption device ([ALENDAL, ¶Introduction, Figure. 1]” The Western Digital My Passport and My Book devices are external hard drive series connecting to host computers using USB 2.0, USB 3.0, Thunderbolt or Firewire, depending on model. These consumer off-the-shelf hard drives are available world wide. Many of the models advertise the benefit of hardware implemented encryption. These hard drives comes pre-formatted, pre-encrypted and are supported by various free software from Western Digital, both for Windows and Mac, to manage and secure the hard disks”), an application programming interface (API) call that is addressed to an API that is provided by the encryption device, wherein the API call includes the second random number ([ALENDAL, ¶Introduction, Figure. 1]” The Western Digital My Passport and My Book devices are external hard drive series connecting to host computers using USB 2.0, USB 3.0, Thunderbolt or Firewire, depending on model.”,  ([ALENDAL, ¶ 7.1.4, Page 24] (Key material source 2: on-board RNG)” As we can see from Algorithm 7, the two sources of on-device key material are HWRNG32() and GetTickCnt().“, ([ALENDAL, ¶ 2.1, Figure 1, Page 3] (USB bridges supporting HWAES)” The encryption and decryption in many of the My Passport models are done by the USB bridge that connects the host computer via USB to the SATA interface of the 2.5" HDD. In this bridge, the data is encrypted and decrypted after user authentication is successful", Algorithm 7, ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The MP devices support Windows and Mac as Host-OS. The erase command, resetting the DEK , is initiated from software running on the host computer. It is a dangerous command, so as a form of protection, there is a 4 byte ”SYN/ACK” as a challenge-response mechanism. These 4 bytes are handed to the host computer through every status VSC sent to the device. So to be able to erase the disk: first the host computer has to send a status VSC to retrieve a 4-byte ”SYN” and then include this in the following erase VSC . The MP device will check if the SY N given out in last status VSC matches the received ACK value as part of the erase VSC. In addition, the erase VSC sends KeyLength key bytes to the MP. These KeyLength key bytes will be used in the DEK generation scheme. To generate an AES-256 key, the erase VSC provides 32 key bytes. It turns out that 32 bytes are always provided, regardless of the DEK length to be generated.
A key length of 32 bytes sounds a reasonable length of the host-provided key material, given (P)RNG generated data. However, it turns out that these 32 bytes are just eight repetitions of a 4 byte value, reducing the entropy source to a 32-bit value. Even for a truly random 32-bit value, a modern computer needs only a second to brute force. This 32-bit value comes from GetTickCount () on Windows host computers and rand() seeded with time() on Mac OS.”, Algorithm 3).

Referring to Claim 11, ALENDAL teaches the computer-implemented method of claim 10, wherein the API call is received at an API that is exposed by a self-encrypting drive to the host OS. ([ALENDAL, ¶Introduction, Figure. 1]” The Western Digital My Passport and My Book devices are external hard drive series connecting to host computers using USB 2.0, USB 3.0, Thunderbolt or Firewire, depending on model.”,  ([ALENDAL, ¶ 7.1.4, Page 24] (Key material source 2: on-board RNG)” As we can see from Algorithm 7, the two sources of on-device key material are HWRNG32() and GetTickCnt().“, ([ALENDAL, ¶ 2.1, Figure 1, Page 3] (USB bridges supporting HWAES)” The encryption and decryption in many of the My Passport models are done by the USB bridge that connects the host computer via USB to the SATA interface of the 2.5" HDD. In this bridge, the data is encrypted and decrypted after user authentication is successful", Algorithm 7).

Referring to Claim 14, ALENDAL teaches the computer-implemented method of claim 8, further comprising: 
writing the encrypted data to a storage medium that is embedded within the encryption device ([ALENDAL, ¶ 2.3, Page 6] (Authentication and data confidentiality)” For those My Passport drives that support HW encryption by the USB bridge (see Tablel), the chip uses an AES-128 or AES-256 bit key to encrypt user data before storing it on the HDD. This datakey will from now on be called the DEK"; Algorithm 3: "DEK"“).

Referring to Claim 16, ALENDAL teaches the computer-implemented method of claim 8, wherein:
the first random number that is generated locally within the encryption device is a first N-bit number ([ALENDAL, ¶ 4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3),
the second random number that is generated externally from the encryption device is a second N-bit number ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The MP devices support Windows and Mac as Host-OS. The erase command, resetting the DEK , is initiated from software running on the host computer. It is a dangerous command, so as a form of protection, there is a 4 byte ”SYN/ACK” as a challenge-response mechanism. These 4 bytes are handed to the host computer through every status VSC sent to the device. So to be able to erase the disk: first the host computer has to send a status VSC to retrieve a 4-byte ”SYN” and then include this in the following erase VSC . The MP device will check if the SY N given out in last status VSC matches the received ACK value as part of the erase VSC. In addition, the erase VSC sends KeyLength key bytes to the MP. These KeyLength key bytes will be used in the DEK generation scheme. To generate an AES-256 key, the erase VSC provides 32 key bytes. It turns out that 32 bytes are always provided, regardless of the DEK length to be generated.
A key length of 32 bytes sounds a reasonable length of the host-provided key material, given (P)RNG generated data. However, it turns out that these 32 bytes are just eight repetitions of a 4 byte value, reducing the entropy source to a 32-bit value. Even for a truly random 32-bit value, a modern computer needs only a second to brute force. This 32-bit value comes from GetTickCount () on Windows host computers and rand() seeded with time() on Mac OS.”, Algorithm 3), and
the combined entropy input is a third N-bit number ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”).

Referring to Claim 17, ALENDAL teaches a Self-Encrypting Drive comprising:
a storage medium ([ALENDAL, ¶abstract]” Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self-encryption external hard drive series“); and
an encryption controller that is configured to:
receivean application programing interface (API) call that includes an instance
of externally generated entropy ([ALENDAL, ¶abstract]” Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self encryption external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.“);
generate, locally within the encryption controller, an instance of internally
generated entropy ([ALENDAL, ¶ 4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3), and
encrypt data, that is received from a host operating system, into encrypted data
in accordance with the encryption key, and write the encrypted data to a storage medium that is embedded within the Self Encrypting Drive ([ALENDAL, ¶ 2.3, Page 6] (Authentication and data confidentiality)” For those My Passport drives that support HW encryption by the USB bridge (see Tablel), the chip uses an AES-128 or AES-256 bit key to encrypt user data before storing it on the HDD. This data key will from now on be called the DEK"; Algorithm 3: "DEK"“).

Referring to Claim 18, ALENDAL teaches the Self-Encrypting Drive of claim 17, wherein:
the instance of externally generated entropy is a first N-bit random number ([ALENDAL, ¶abstract]” Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self-encryption external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.“, ([Section 4.1.3, Page 15], (Key material source 1: Host computer) "The
conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“),and
the instance of internally generated entropy is a second N-bit random number ([ALENDAL, ¶ 4.1.2, Page 14] (generation and low entropy key material)” The generation of key material follows the basic steps outlined in Algorithm 3. Basically the device is fed key material from two sources: the host computer and the embedded device itself.“, ([ALENDAL, ¶ 4.1.4, Page 15] (on-board RNG)” The JMS538S on-board RNG does not seem to be implemented in the chip’s firmware, so the physical implementation of this RNG is unknown and not studied. For evaluating the randomness we collected values generated by this RNG. One obvious and easy way is to collect a set of 4-byte SYN values returned from the status VSC. Plotting the distribution of this set should give a random plot, given these 4-byte values comes from a cryptographically safe RNG.“, Algorithm 3).

Referring to Claim 19, ALENDAL teaches the Self-Encrypting Drive of claim 18, wherein the encryption controller is further configured to:
generate a combined entropy input, that is a third N-bit random number, based on the first N-bit random number and the second N-bit random number ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”).
; and
generate the encryption key based on the combined entropy input([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] ⊕ HWRNGBYTE()”).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim (12) is/are rejected under 35 U.S.C. 103 as being unpatentable over ALENDAL (Gunnar Alendal, Microsoft Research: "got HW crypto? On the (in)security of a Self-Encrypting Drive series", 28th-September-2015) and  in view of YONEDA et al. (US- 20120036364-A1, YONEDA referred to as " YONEDA”).

Referring to Claim 12, ALENDAL teaches the computer-implemented method of claim 11.
However, ALENDAL does not explicitly teach further comprising: 
authenticating the response that includes the second random number, that is generated
using the second random number generator that is external to the encryption device, based on:
a signature that is included within the response, and
a public key that is included within the encryption controller, wherein the public
key is different than the encryption key.
Wherein, YONEDA teaches further comprising: 
authenticating the response that includes the second random number, that is generated
using the second random number generator that is external to the encryption device, based on:
a signature that is included within the response, and
a public key that is included within the encryption controller, wherein the public
key is different than the encryption key  ([YONEDA, ¶0027] The self certificate reception part receives a self certificate that includes: an ID-based encryption private key signature, which is a digital signature of the public key data generated by using an ID-based encryption private key, for which the device ID is used as an ID-based encryption public key, as the device ID authentication information; and a self signature, which is a digital signature of the predetermined data generated by using the private key data, as the self-authentication information. The self certificate verification part verifies the self signature by using the public key data, and verifies the ID-based encryption private key signature by using the device ID).
Motivation statement.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ALENDAL to incorporate the teaching of YONEDA to utilize the above feature, with the motivation of enhancing the security through verification process of verifying the self certificate received by the self certificate reception process, by using a CPU, as recognized by (YONEDA [0034]).


Claims (13 and 20) is/are rejected under 35 U.S.C. 103 as being unpatentable over ALENDAL (Gunnar Alendal, Microsoft Research: "got HW crypto? On the (in)security of a Self-Encrypting Drive series", 28th-September-2015) and  in view of HANDSCHUH et al. (US-20190342092-A1, HANDSCHUH referred to as "HANDSCHUH”).

Referring to Claim 13, ALENDAL teaches the computer-implemented method of claim 8, wherein the first algorithm is an additive cipher ([ALENDAL, ¶ 4.1.3, Page 15] (Key material source 1: Host computer)” The conclusion is that the host computer only provides, at best, a 32-bit unknown value to be used as key material for the DEK generation scheme. This is easily bruteforce-able, but we remind the reader of the xoring with an on-board provided RNG explained in Section 4.1.2.“, ([ALENDAL, ¶ Algorithm 3, Page 114] (Algorithm 3 DEK generation on JMicron 538S)”  // Mix key material from host computer with My Passport on-board RNG DEK[i] = KeyBytesHost[i] XOR HWRNGBYTE()”), and
However, ALENDAL does not explicitly teach wherein the second algorithm is a cryptographic hash function.
Wherein, HANDSCHUH teaches wherein the second algorithm is a cryptographic hash function ([HANDSCHUH, ¶0020]” the cryptographic key may be generated by using the additional data and the random value as an input to the hash function“).
Motivation statement. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ALENDAL to incorporate the teaching of HANDSCHUH to utilize the above feature, with the motivation of using the random values with the hash function to generate a cryptographic key to encrypt transmitted data, as recognized by (HANDSCHUH [0011]).


Claim 20 is a Self-Encrypting Drive  claim reciting similar limitations as a computer-implemented method claim of 13.
Therefore claims 20 are rejected based on the same rational as the method claim 13.


Claims (15) is/are rejected under 35 U.S.C. 103 as being unpatentable over ALENDAL (Gunnar Alendal, Microsoft Research: "got HW crypto? On the (in)security of a Self-Encrypting Drive series", 28th-September-2015) and  in view of VENABLE et al. (US-20190075095-A1, VENABLE referred to as " VENABLE”).


Referring to Claim 15, ALENDAL teaches the computer-implemented method of claim 8.
However, ALENDAL does not explicitly teach further comprising:
transmitting the encrypted data to remote data storage that is external from within the encryption device 
wherein, VENABLE teaches further comprising:
transmitting the encrypted data to remote data storage that is external from within the encryption device ([VENABLE, ¶0060]” store encrypted data at remote locations, such as the storage medium 104 of FIG. 1 “).
Motivation statement. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified ALENDAL to incorporate the teaching of VENABLE to utilize the above feature, with the motivation of classifying the category of the request based on the value of the encrypted data, as recognized by (VENABLE [0061]).



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. PARK et al. (US-20150332261-A1, PARK referred to as " PARK”) suggests (par. [0042]) “The payment processing terminal 100 generates a hash value by executing a hash algorithm that uses a preset encryption key and receives the random value as an input value.”).
Any inquiry concerning this communication or earlier communications from the
examiner should be directed to AHMED HUMADI whose telephone number is (571)272-2066.
The examiner can normally be reached (7:30 am - 4:00 pm) Monday to Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at
http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw, can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be
obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AHMED HUMADI/Examiner, Art Unit 2497                                                                                                                                                                                                        
/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497