DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on July 25, 2022.
Status of claims within the present application:
Claims 1 – 20 are pending.
Claims 1, 3 – 7, 9 – 10, 12, 15 – 16, and 18 – 20 are amended.

Response to Arguments
Applicant’s argument, see page [12] of Applicant’s remarks, filed on July 25, 2022, with respect to claims 5 and 18 are objected to due to informalities, have been considered and are persuasive. Therefore, the objections are withdrawn.
Applicant’s argument, see page [12] of Applicant’s remarks, filed on July 25, 2022, with respect to claims 3, 4, 5, 8 and 10 that were rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention, have been considered and are persuasive. Therefore, the objections are withdrawn.
Applicant’s argument, see page [12] of Applicant’s remarks, filed on July 25, 2022, with respect to claims 1 – 20 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20180357406 A1 to Bolotin et al., (hereinafter, “Bolotin”) in view of US 20090138727 A1 to Campello de Souza (hereinafter, “Campello”) in view of US 20180167208 A1 to Le Saint et al., (hereinafter, “Saint”), have been considered, but they are not persuasive. Therefore, the applicant is directed to the response below:
Applicant’s arguments with respect to claims 1 – 20 have been considered but are moot because of the new interpretation the previously reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

This application includes one or more claim limitations that do use the word “means,” and are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are:
Claim 20 recites “means for generating a recovery private key;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [102]: The method commences by access controller 102 generating 501 a recovery private key, such as by generating a random value or a 32 byte randomly generated elliptic curve cryptography (ECC) private scalar. In examples disclosed herein, the recovery private key is not stored on non-volatile memory in the data storage device.

Claim 20 recites “means for generating encrypted authorization data based on the recovery private key;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [102]: Access controller 102 also generates 502 encrypted authorization data 250 based on the recovery private key and stores 502 the encrypted authorization data on a data store. 

Claim 20 recites “means for storing the encrypted authorization data in a data store;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [102]: Access controller 102 also generates 502 encrypted authorization data 250 based on the recovery private key and stores 502 the encrypted authorization data on a data store. 

Claim 20 recites “means for sending data indicative of the recovery private key to a manager device;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [102]: Access controller 102 then sends 503 data indicative of the recovery private key to manager device 110 registered with the DSD 100. The data indicative of the recovery key should then be stored safely by a manager user, such as printed on paper and locked in a safe.

Claim 20 recites “means for receiving a recovery public key, calculated based on the recovery private key, from a recovery manager device over a communication channel;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [102]: Access controller 02 calculates the recovery public key from the recovery private key, and the authorization data 250 comprises the recovery public key 259 corresponding to the recovery private key, encrypted by the pre-authorization metadata wrapping key 263 that is derived from the recovery public key.

Claim 20 recites “means for decrypting the encrypted authorization data based on the recovery public key;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [104]: Access controller 102 can then decrypt 505 the encrypted authorization data based on the recovery public key by deriving the pre-authorization metadata wrapping key using the authorized device slot key stored on the configuration memory 115. This decryption provides the public key ECC-Pub(RPK) which enables access controller 102 to generate 506 a challenge for the recovery manager device 1 14 based on the decrypted authorization data as described above with respect to the authorized device 111.

Claim 20 recites “means for generating a challenge for the recovery manager device based on the decrypted authorization data;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [104]: Access controller 102 can then decrypt 505 the encrypted authorization data based on the recovery public key by deriving the pre-authorization metadata wrapping key using the authorized device slot key stored on the configuration memory 115. This decryption provides the public key ECC-Pub(RPK) which enables access controller 102 to generate 506 a challenge for the recovery manager device 1 14 based on the decrypted authorization data as described above with respect to the authorized device 111.

Claim 20 recites “means for sending the challenge to the recovery manager device over the communication channel;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [104]: Accordingly, access controller sends 507 the challenge to the recovery manager device 114 over the communication channel that is different from the data path 101. Recovery manager device 114 calculates a response based on the stored recovery private key (as entered by the user) and corresponding to the unlocking private key described above.

Claim 20 recites “means for receiving a response to the challenge from the recovery manager device over the communication channel;”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [104]: Accordingly, access controller sends 507 the challenge to the recovery manager device 114 over the communication channel that is different from the data path 101. Recovery manager device 114 calculates a response based on the stored recovery private key (as entered by the user) and corresponding to the unlocking private key described above. Subsequently, access controller receives 508 a response to the challenge from the recovery manager device 1 14 over the communication channel.

Claim 20 recites “means for enabling, based at least partly on the response, decryption of the encrypted user content data.”
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Examiner has investigated the specification of the instant application and finds the following:
Page [29], Para. [104]: the access controller enables 509, based at least partly on the response, decryption of the encrypted user content data. That is, access controller 102 uses the response to calculate the ephemeral unlock secret 273, which decrypts the manager key 271, which enables direct derivation of the user key 221, which decrypts the user drive key (not shown), which decrypts the user content data (potentially with further keys in a chain).

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180357406 A1 to Bolotin et al., (hereinafter, “Bolotin”) in view of US 20090138727 A1 to Campello de Souza (hereinafter, “Campello”) in view of US 20180167208 A1 to Le Saint et al., (hereinafter, “Saint”).	
Regarding claim 1, Bolotin teaches a data storage device comprising a data path comprising: a data port configured to transmit data between a host computer system and the data storage device; [Bolotin, para. 14 discloses a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; para. 82 discloses a mobile transceiver 302 (e.g., in a mobile phone, tablet, a key-fob, etc.) is employed to transmit user identification 304 to a data security transceiver 306 in an authentication subsystem 310. For exemplary purposes, transceivers are employed for bi-directional communication flexibility, but a transmitter-receiver combination for uni-directional communication could also be used.] a non-volatile storage medium configured to store encrypted user content data; [Bolotin, para. 14 discloses a data security system including: ... a storage subsystem connected to the authentication subsystem. Para. 57 discloses the storage subsystem 106 is electronic circuitry that includes an interface controller 108, an encryption engine 110, and storage media 112. The storage media 112 can be an internal or external hard disk drive, USB flash drive, solid state drive, hybrid drive, memory card, tape cartridge, and optical media including optical disk (e.g., Blu-ray disk, digital versatile disk or DVD, and compact disk or CD). The storage media 112 can include a data protection appliance, archival storage system, and cloud-based data storage system.] and a cryptography engine connected between the data port and the non-volatile storage medium, where the cryptography engine is configured to use a cryptographic key to decrypt the encrypted user content data stored on the non-volatile storage medium in response to a request from the host computer system; [Bolotin, para. 85 discloses the encryption engine 110 then employs the encryption key 116 to convert clear information to encrypted information and encrypted information to clear information along the data channel 206-207. Any attempt to read encrypted information from the storage media 112 without the encryption key 116 will result in information that is unusable by the host computer system 120.], but Bolotin does not teach an access controller configured to: responsive to a registration process for a manager device: generate a recovery private key; generate encrypted authorization data based on the recovery private key, wherein the encrypted authorization data includes a recovery key record for unlocking a manager key; store the encrypted authorization data in a data store configured for access by the access controller; and send data indicative of the recovery private key to the manager device, wherein:Page 2 of 16 Application No. 16/738,856Atty. Dkt. No. WDA-4672-USthe data indicative of the recovery private key is configured for: transfer to a recovery manager device; and derivation of the recovery private key by the recovery manager device; and the recovery manager device is a different device than the manager device; and during a recovery process: receive a recovery public key from the recovery manager device over a communication channel that is different from the data path, wherein the recovery manager device is configured to calculate the recovery public key from the recovery private key; decrypt the encrypted authorization data based on the recovery public key; generate a challenge for the recovery manager device based on the decrypted authorization data; send the challenge to the recovery manager device over the communication channel that is different from the data path; receive a response to the challenge from the recovery manager device over the communication channel; and based at least partly on the response and the recovery key record, enable decryption of the encrypted user content data.
However, Saint does teach an access controller configured to: responsive to a registration process for a manager device: generate a recovery private key; [Saint, para. 42 discloses the user device 120 may generate a user device authentication key pair (“UD Auth. Pub. & Priv. Key Pair”) 126. The user device authentication key pair 126 includes a user device authentication public key (“UD Auth. Pub. Key”) 128 and a user device authentication private key corresponding to the user device authentication public key. The user device authentication key pair 126 may be uniquely identified with the user 180 and the authentication information input by the user 180.] generate encrypted authorization data based on the recovery private key, [Saint, para. 44 discloses the user device 120 may sign the user device authentication public key 128 using the user device attestation private key. That is, the user device 120 may generate a signed user device authentication public key including a signature. The user device 120 may generate a registration response including the signed user device authentication public key 128 and the user device attestation certificate 124. The registration response may also include the user device authentication public key 128, the user device attestation certificate 124, and a signature.] wherein the encrypted authorization data includes a recovery key record for unlocking a manager key; [Saint, para. 45 discloses the authentication server 140 may store the CA public key (e.g., in a memory circuit). The authentication server 140 may verify the user device attestation certificate using the CA public key. Then authentication server 140 may then verify the user device authentication public key 128, which was signed by the user device 120 using the user device attestation private key, using the user device attestation public key of the user device attestation certificate 124] store the encrypted authorization data in a data store configured for access by the access controller; [Saint, para. 45 discloses the authentication server 140 may store the user device authentication public key 128 (e.g., in a memory circuit). Thus, the user device 120 has registered the user device authentication public key 128 with the authentication server 140 such that it may be used for authentication of the user device 120.] and send data indicative of the recovery private key to the manager device, [Saint, para. 41 discloses the authentication server 140 may send a registration request to the user device 120 (e.g., over a network). The registration request may include parameters specifying authentication criteria for authentication of the user 180.] wherein:Page 2 of 16 Application No. 16/738,856Atty. Dkt. No. WDA-4672-USthe data indicative of the recovery private key is configured for: transfer to a recovery manager device; [Saint, para. 87 discloses the provisioning server 460 may provide provisioning data the user device 420 based on whether the signed authentication challenge is verified. For instance, if the provisioning server 460 does not receive an indication from the authentication server 440 that the signature of the signed authentication challenge is valid, then the provisioning server 460 may not provide provisioning data to the user device 420. The provisioning server 460 may encrypt the provisioning data. In some embodiments, the provisioning server 460 may encrypt the provisioning data using the shared secret. ]  and derivation of the recovery private key by the recovery manager device; [Saint, para. 86 discloses the authentication server 440 may verify the signed authentication challenge of the authentication response using the stored user device authentication public key 428. For example, the signed challenge data may be decrypted using the user device authentication public key 428 to obtain a decrypted challenge, which may be compared to the authentication challenge included in the authentication request. The signed authentication challenge may be verified based on whether the decrypted challenge matches an expected value. At 406, the authentication server 440 may send an indication that the signed authentication challenge has been verified to the provisioning server 460.] and the recovery manager device is a different device than the manager device; [Saint, para. 74 discloses the user device 420 of FIG. 4 may operate similar to the user device 320 described above. The authentication server 440 of FIG. 4 may operate similar to the authentication server 340 described above. The provisioning server 460 of FIG. 4 may operate similar to the provisioning server 360 described above. The messaging of FIG. 4 may be performed in a different order or in another suitable manner. The authentication server 440 and the provisioning server 460 may perform certain operations instead of the other or the authentication server 440 and the provisioning server 460 may be combined] and during a recovery process: receive a recovery public key from the recovery manager device over a communication channel that is different from the data path, wherein the recovery manager device is configured to calculate the recovery public key from the recovery private key; [Saint, para. 53 discloses the user device 220 may generate a shared secret using a private key of the user device 220 and a public key of the provisioning server 260. The provisioning server 260 may generate the same shared secret using a private key of the provisioning server and a public key of the user device 220 corresponding to the private key of the user device 220. In some embodiments, the user device 220 may store a provisioning server certificate (“PS Cert.”) 264 of the provisioning server 260. The provisioning server certificate 264 may include a provisioning server public key that may be used by the user device 220 to generate a shared secret for encrypting communications.]  decrypt the encrypted authorization data based on the recovery public key. [Saint, para. 56 discloses the user device 220 may receive the blinded provisioning server public key and the encrypted provisioning server certificate from the provisioning server 260. The user device 220 may generate the same first shared secret generated by the provisioning server 260, using the blinded provisioning server public key and the user device ephemeral private key. The user device 220 may generate the first session key using the first shared secret. The user device 220 may use the first session key to decrypt the encrypted provisioning server certificate to obtain the provisioning server certificate. In some embodiments, the user device 220 may also receive and decrypt the encrypted provisioning server blinding factor. The user device 220 may verify the provisioning server certificate 264 using the CA public key of the CA certificate 232. In some embodiments, the user device 220 may verify the blinded provisioning server public key using the provisioning server blinding factor and the provisioning server public key of the provisioning server certificate 264. In some embodiments, the user device 220 may also receive and decrypt the encrypted authentication cryptogram and may also validate the authentication cryptogram.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]
However, Bolotin in view of Saint does not teach generate a challenge for the recovery manager device based on the decrypted authorization data; send the challenge to the recovery manager device over the communication channel that is different from the data path; receive a response to the challenge from the recovery manager device over the communication channel; and based at least partly on the response and the recovery key record, enable decryption of the encrypted user content data., but Campello does teach the access controller is configured to: generate a challenge for the recovery manager device based on the decrypted authorization data; [Campello, para. 17 discloses hard disk drive 101 uses public key PuB to generate a challenge and response pair. R is a random number (e.g., 256 bits) and C is a challenge number. The random number R is the correct response to the challenge C. For example, the challenge number C can be the random number R encrypted with the public key PuB of host 102, i.e., C = EPuB(R). It follows that the random number R equals the challenge number C decrypted with the private key PrB of host 102, i.e., R = DPrB(C). The random number and the challenge number can, for example, include characters that are represented by binary codes.] send the challenge to the recovery manager device over the communication channel that is different from the data path; [Campello, para. 19 discloses Hard disk drive 101 sends the challenge, i.e., the encrypted random number C = EPuB(R), to host 102. Host 102 then uses its private key PrB to decrypt the challenge C to recover the random number R.] receive a response to the challenge from the recovery manager device over the communication channel; [Campello, para. 19 discloses Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping K.sub.b from WPuA(Kb).] and based at least partly on the response and the recovery key record, enable decryption of the encrypted user content data. [Campello, para. 18 discloses in order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover K-b. Key K-b is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 2, modified Bolotin teaches the data storage device of claim 1, but modified Bolotin does not teach wherein the recovery private key is stored on the recovery manager device and the response is based on the recovery private key stored on the recovery manager device.
However, Campello does teach wherein the recovery private key is stored on the recovery manager device and the response is based on the recovery private key stored on the recovery manager device. [Campello, para. 17 discloses securing data stored on a hard disk drive using challenge and response pairs, according to an embodiment of the present invention. According to the data security technique of FIG. 2, hard disk drive 101 uses public key PuB to generate a challenge and response pair. R is a random number (e.g., 256 bits) and C is a challenge number. The random number R is the correct response to the challenge C. For example, the challenge number C can be the random number R encrypted with the public key PuB of host 102, i.e., C=EPuB(R). It follows that the random number R equals the challenge number C decrypted with the private key PrB of host 102, i.e., R=D PrB(C). The random number and the challenge number can, for example, include characters that are represented by binary codes. Hard disk drive 101 can also perform a technique for storing private key PrA on drive 101 in a secure manner that is not vulnerable to brute force attempts to read PrA directly from the surface of the hard disk. Hard disk drive 101 wraps the secret private key PrA of the authentication credential of drive 101 with random number R to calculate WR(PrA), where WR( ) indicates the wrap of a number using R. Then, drive 101 erases random number R and the private key PrA from volatile memory 103. Drive 101 stores the challenge number C, WPuA(Kb), PuA, PuB and WR(PrA) on hard disk 104. As a result, not enough information is stored on hard disk 104 to recover key Kb.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 3, modified Bolotin teaches the data storage device of claim 2, but modified Bolotin does not teach wherein the manager key is configured to enable configuration of the access controller to enable decryption of the encrypted user content data.
However, Campello does teach wherein the manager key is configured to enable configuration of the access controller to enable decryption of the encrypted user content data. [Campello, para. 18 discloses In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover K-b. Key K-b is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 4, modified Bolotin teaches the data storage device of claim 3, but modified Bolotin does not teach wherein the manager key is configured to enable registration of an authorized device with the access controller to enable decryption of the encrypted user content data in response to the authorized device being connected to the data storage device.
However, Saint does teach wherein the manager key is configured to enable registration of an authorized device with the access controller to enable decryption of the encrypted user content data in response to the authorized device being connected to the data storage device. [Saint, para. 41 discloses In performing registration, at 101, the authentication server 140 may send a registration request to the user device 120 (e.g., over a network). The registration request may include parameters specifying authentication criteria for authentication of the user 180. The registration request may also include a challenge. The registration request may be passed from the authentication server 140 through the webserver to the user device 120. Para. 46 discloses In response to receiving the authentication information input by the user 180, the user device 120 may identify the user device authentication key pair 126 generated during registration by matching the authentication information input by the user 180. The user device 120 may sign the authentication challenge using the user device authentication private key corresponding to the user device authentication public key 128, which has been registered with the authentication server 140, to obtain a signed authentication challenge. The signed authentication challenge includes a signature of the authentication challenge that may be verified using the user device authentication public key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

Regarding claim 5, modified Bolotin teaches the data storage device of claim 4, but modified Bolotin does not teach wherein: registration of the authorized device comprises creation of an authorized device record entry as further encrypted authorization data in the data store based on a public key associated with the authorized device; the authorized device record entry comprises an encrypted user key calculated based on the manager key; and the access controller is configured to determine the cryptographic key based on the user key.
However, Saint does teach wherein: registration of the authorized device comprises creation of an authorized device record entry as further encrypted authorization data in the data store based on a public key associated with the authorized device; [Saint, para. 63 discloses the user device 320 may register and authenticate with the authentication server 340 in a process similar to the registration and authentication process described above with reference to FIG. 1. At 301, the authentication server 340 may send a registration request to the user device 320. The registration request at 301 of FIG. 3 may be structured similar to the registration response at 101 of FIG. 1 described above. In response to receiving the registration request, the user device may authenticate a user of the user device 320 and generate a user device authentication key pair (“UD Auth. Pub. & Priv. Key Pair”) 326. The user device authentication key pair 326 may include a user device authentication public key 328 and a user device authentication private key corresponding to the user device authentication public key 328. The user device 320 may store (e.g., in a memory circuit) the user device authentication key pair 326.] the authorized device record entry comprises an encrypted user key calculated based on the manager key; [Saint, para. 63 discloses in response to receiving the registration request, the user device may authenticate a user of the user device 320 and generate a user device authentication key pair (“UD Auth. Pub. & Priv. Key Pair”) 326. The user device authentication key pair 326 may include a user device authentication public key 328 and a user device authentication private key corresponding to the user device authentication public key 328.] and the access controller is configured to determine the cryptographic key based on the user key. [Saint, para. 65 discloses the authentication server 340 may verify the user device attestation certificate 324 using the CA public key of the CA certificate. The authentication server 340 may also verify the user device authentication public key 328 using the user device attestation public key of the user device attestation certificate 324.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

Regarding claim 6, modified Bolotin teaches the data storage device of claim 5, but modified Bolotin does not teach wherein: the recovery key record has a first structure that is identical to a second structure of encrypted authorization data; and the second structure of encrypted authorization data based on the public key associated with the authorized device that is authorized to unlock the data storage device by responding to a challenge generated by the access controller.
However, Saint does teach wherein: the recovery key record has a first structure that is identical to a second structure of encrypted authorization data; and the second structure of encrypted authorization data based on the public key associated with the authorized device that is authorized to unlock the data storage device by responding to a challenge generated by the access controller. [Saint, para. 7 discloses the encrypted authentication response may include the signed challenge. The user device may send the encrypted authentication response to the authentication server. The authentication server may receive the encrypted authentication response from the user device and generate the first shared secret using an authentication server private key corresponding to the authentication server public key and the user device authentication public key. The authentication server may decrypt the encrypted authentication response using the first shared secret to obtain an authentication response including the challenge. The authentication server may authenticate the user device based on the decrypted authentication response. In some embodiments, the authentication server may verify the signed challenge using the user device authentication public key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

Regarding claim 7, modified Bolotin teaches the data storage device of claim 6, but modified Bolotin does not teach wherein the first structure and the second structure comprise a respective public key field; and the access controller is further configured to store the recovery public key in the public key field of the first structure and to store the public key associated with the authorized device in the public key field of the second structure.
However, Saint does teach wherein the first structure and the second structure comprise a respective public key field; and the access controller is further configured to store the recovery public key in the public key field of the first structure and to store the public key associated with the authorized device in the public key field of the second structure. [Saint, para. 45 discloses the authentication server 140 may store the CA public key (e.g., in a memory circuit). The authentication server 140 may verify the user device attestation certificate using the CA public key. Then authentication server 140 may then verify the user device authentication public key 128, which was signed by the user device 120 using the user device attestation private key, using the user device attestation public key of the user device attestation certificate 124. The authentication server 140 may store the user device authentication public key 128 (e.g., in a memory circuit). Thus, the user device 120 has registered the user device authentication public key 128 with the authentication server 140 such that it may be used for authentication of the user device 120.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

Regarding claim 8, modified Bolotin teaches the data storage device of claim 5, but modified Bolotin does not teach wherein the user key is directly derivable from the manager key.
However, Saint does teach wherein the user key is directly derivable from the manager key. [Saint, para. 53 discloses the user device 220 may generate a shared secret using a private key of the user device 220 and a public key of the provisioning server 260. The provisioning server 260 may generate the same shared secret using a private key of the provisioning server and a public key of the user device 220 corresponding to the private key of the user device 220. In some embodiments, the user device 220 may store a provisioning server certificate (“PS Cert.”) 264 of the provisioning server 260. The provisioning server certificate 264 may include a provisioning server public key that may be used by the user device 220 to generate a shared secret for encrypting communications.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

Regarding claim 9, modified Bolotin teaches the data storage device of claim 1, but modified Bolotin does not teach wherein the access controller is further configured to determine, based at least partly on the response, the manager key to enable decryption of the encrypted user content data.
However, Campello does teach wherein the access controller is further configured to determine, based at least partly on the response, the manager key to enable decryption of the encrypted user content data. [Campello, para. 18 discloses In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover K-b. Key K-b is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R. Para. 19 discloses Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping K.sub.b from WPuA(Kb).] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 10, modified Bolotin teaches the data storage device of claim 1, but modified Bolotin does not teach wherein the access controller is further configured to determine the cryptographic key based on the manager key.
However, Saint does teach wherein the access controller is further configured to determine the cryptographic key based on the manager key. [Saint, para. 53 discloses the provisioning server 260 may generate the same shared secret using a private key of the provisioning server and a public key of the user device 220 corresponding to the private key of the user device 220. In some embodiments, the user device 220 may store a provisioning server certificate (“PS Cert.”) 264 of the provisioning server 260. The provisioning server certificate 264 may include a provisioning server public key that may be used by the user device 220 to generate a shared secret for encrypting communications.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

Regarding claim 11, modified Bolotin teaches the data storage device of claim 1, but modified Bolotin does not teach wherein the encrypted authorization data comprises metadata encrypted by a pre-authorization metadata wrapping key that is derivable from the recovery public key.
However, Campello does teach wherein the encrypted authorization data comprises metadata encrypted by a pre-authorization metadata wrapping key that is derivable from the recovery public key. [Campello, para. 15 discloses Drive 101 wraps bulk encryption key Kb  with the public key (PuA) of the authentication authority to calculate WPuA(Kb). Wrapping involves encryption with integrity measurements (e.g., using hash functions). After Kb has been wrapped with PuA, Kb can only be recovered by unwrapping WPuA(Kb) with private key PrA. An example of an encryption technique that can be used for bulk encryption with embodiments of the present invention is 256-bit advanced encryption standard (AES).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 12, modified Bolotin teaches the data storage device of claim 11, wherein the access controller is further configured to derive the pre-authorization metadata wrapping key by performing a key derivation function using the recovery public key as an input.
However, Campello does teach wherein the access controller is further configured to derive the pre-authorization metadata wrapping key by performing a key derivation function using the recovery public key as an input. [Campello, para. 18 discloses In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 13, modified Bolotin teaches the data storage device of claim 12, but modified Bolotin does not teach wherein the access controller is further configured to perform the key derivation function using an authorized device slot key as a further input.
However, Campello does teach wherein the access controller is further configured to perform the key derivation function using an authorized device slot key as a further input. [Campello, para. 33 discloses hard disk drive 101 sends the challenge C to host 102. At step 404, host 102 uses the secret key Kh to generate the response R to the challenge C received from drive 101. The response to the challenge is the random number R. At step 405, host 102 then sends the random number R to hard disk drive 101. At step 406, hard disk drive 101 uses random number R to unwrap the key Kh from wrapped value WR(Kh). The hard disk drive 101 then uses the integrity measurement that is part of the wrapping function to check whether the key Kh is the correct secret key. If Kh is the correct secret key, then the authentication process is complete, and drive 101 has authenticated host 102.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 14, modified Bolotin teaches the data storage device of claim 13, but modified Bolotin does not teach wherein the authorized device slot key is stored on the data store in plain text. 
However, Campello does teach wherein the authorized device slot key is stored on the data store in plain text. [Campello, para. 17 discloses Hard disk drive 101 can also perform a technique for storing private key PrA on drive 101 in a secure manner that is not vulnerable to brute force attempts to read PrA directly from the surface of the hard disk. Hard disk drive 101 wraps the secret private key PrA of the authentication credential of drive 101 with random number R to calculate WR(PrA), where WR( ) indicates the wrap of a number using R. Then, drive 101 erases random number R and the private key PrA from volatile memory 103. Drive 101 stores the challenge number C, WPuA(Kb), PuA, PuB and WR(PrA) on hard disk 104.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 15, modified Bolotin teaches the data storage device of claim 11, but modified Bolotin does not teach wherein: the access controller is further configured to generate the challenge for the recovery manager device based on the metadata encrypted by the pre-authorization metadata wrapping key; and the manager key that is encrypted by an unlock secret that is derivable from the response to enable decryption of the encrypted user content data.
However, Campello does teach wherein: the access controller is configured to generate the challenge for the recovery manager device based on the metadata encrypted by the pre-authorization metadata wrapping key; [Campello, para. 17 discloses hard disk drive 101 uses public key PuB to generate a challenge and response pair. R is a random number (e.g., 256 bits) and C is a challenge number. The random number R is the correct response to the challenge C. For example, the challenge number C can be the random number R encrypted with the public key PuB of host 102, i.e., C = EPuB(R). It follows that the random number R equals the challenge number C decrypted with the private key PrB of host 102, i.e., R = DPrB(C). The random number and the challenge number can, for example, include characters that are represented by binary codes.] and the manager key that is encrypted by an unlock secret that is derivable from the response to enable decryption of the encrypted user content data. [Campello, para. 18 discloses In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover K-b. Key K-b is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R. Para. 19 discloses Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping K.sub.b from WPuA(Kb).]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 16, modified Bolotin teaches the data storage device of claim 15, but modified Bolotin does not teach wherein: the metadata encrypted by the pre-authorization metadata wrapping key comprises an elliptic curve public key corresponding to an ephemeral unlock key; and the unlock secret is based on the ephemeral unlock key.
However, Saint does teach wherein: the metadata encrypted by the pre-authorization metadata wrapping key comprises an elliptic curve public key corresponding to an ephemeral unlock key; and the unlock secret is based on the ephemeral unlock key. [Saint, para. 06 discloses the user device may generate a first shared secret using the user device authentication private key corresponding to the user device authentication public key and an authentication server public key of the authentication server. The user device may encrypt an authentication response including the challenge using the first shared secret to obtain an encrypted authentication response.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 17, modified Bolotin teaches the data storage device of claim 1, but modified Bolotin does not teach wherein the access controller is further configured to delete authorization data other than the generated encrypted authorization data based on the recovery private key in response to enabling decryption.
However, Campello does teach wherein the access controller is further configured to delete authorization data other than the generated encrypted authorization data based on the recovery private key in response to enabling decryption. [Campello, para. 40 discloses The data security techniques described above prevent an attacker from being able to steal data 105 by using code that reads and stores the response R sent to drive 101 from host 102, then stealing drive 101, and reading C and WR(Kh) from disk 104. Because drive 101 erases WR(Kh) from disk 104 before each authentication attempt, then wraps Kh with a new challenge and response pair C' and R', and stores (C', WR(Kh)) on disk 104, an attacker will not be able to decrypt data 105 after intercepting the response R from host 102 and stealing the hard disk drive.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Campello’s system with Bolotin’s system, with a motivation to provide data security using challenge and response access controls and secure data stored on a hard disk drive using asymmetric public and private encryption keys. [Campello, para. 9]

Regarding claim 18, modified Bolotin teaches the data storage device of claim 1, but modified Bolotin does not teach wherein: the recovery public key is calculated by the access controller and the recovery manager device, and the recovery private key is not stored in non-volatile memory by the access controller.
However, Saint does teach wherein: the recovery public key is calculated by the access controller and the recovery manager device, and the recovery private key is not stored in non-volatile memory by the access controller. [Saint, para. 53 discloses the user device 220 may generate a shared secret using a private key of the user device 220 and a public key of the provisioning server 260. The provisioning server 260 may generate the same shared secret using a private key of the provisioning server and a public key of the user device 220 corresponding to the private key of the user device 220. In some embodiments, the user device 220 may store a provisioning server certificate (“PS Cert.”) 264 of the provisioning server 260. The provisioning server certificate 264 may include a provisioning server public key that may be used by the user device 220 to generate a shared secret for encrypting communications. However, in some embodiments, the user device 220 may not store the provisioning server certificate 264 and may need to receive it from the provisioning server 260.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Saint’s system with Bolotin’s system, with a motivation to request data from a provisioning server to be stored on the user device and send data to the user device may be based on certain criteria or rules. The data may be communicated using a channel established based on a public key identifying the user device. During provisioning, even if communications are encrypted or otherwise protected, the identity of the user device or a user or the user device may be determined. [Saint, para. 49]

	Regarding claim 19 and 20, they have features similar to the features within claim 1, therefore they are rejected in a similar manner.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434 

/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434