DETAILED ACTION
1. 	This is in response to an amendment filed on 08/10/2022. Claims 1-21 are pending. Claims 1, 20 and 21 are independent. Each independent claim is amended. 
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

3.	The amendment made to at least independent claim 1 overcomes the objection set forth in the previous office action. Thus, this particular objection is withdrawn.

4.	On July 26, 2022, applicant's representative attorney Devin S. Morgan, Reg. No. 45,562 and examiner conducted applicant-initiated telephone interview. The summary of the interview is attached. 

Response to Arguments
5.	Applicant’s arguments filed on 08/10/2022 with respect to the objection and the 35 U.S.C. 103 rejection set forth in the previous office action have been fully considered and are persuasive.  Both the objection and the 35 U.S.C. 103 rejection have been withdrawn. 

Allowable Subject Matter
6.	Claims 1-21 are allowed. 
7.	The following is an examiner’s statements of reasons for allowance:
8. 	 The following references/prior arts disclose the general subject matter recited in independent claims 1, 20 and 21.

As per independent claims 1, 20 and 21 Souza a data storage device [See paragraph 0010 and FIG. 1 includes a hard disk drive 101] comprising a data path [See at least paragraph 0010 this data storage device 101 provides a data communication path between itself and the host shown on figure 1, 102 so that it can stores user data 105 generated by host system 102, A user generates user data 105 through host operating system 102, or alternatively, another type of host system. Hard disk drive 101 stores data 105 on hard disk 104.] and an access controller [See at least paragraph 0010 and figure 1, “controller 106”, Controller 106 runs software code for controlling many of the functions of hard disk drive 101, including data security and access control functions, according to some embodiments of the present invention.] wherein: 
the data path comprises: a data port configured to transmit data between a host computer system and the data storage device [See paragraph 0010-0011 and figure 1, data storage device 101 provides a data communication path between itself and the host shown on figure 1, 102 so that it can stores user data 105 generated by host system 102, A user generates user data 105 through host operating system 102, or alternatively, another type of host system. Hard disk drive 101 stores data 105 on hard disk 104.See also paragraph 0011, If hard disk drive 101 and host operating system 102 are on separate computer machines, drive 101 and host 102 can communicate with each other over a network, e.g., a local area network or wide area network.], wherein the data storage device is configured to register with the host computer system as a block data storage device [See paragraph 0014 and 0015, how during enrollment, the host computer 102 register with storage device 101 by providing its public key PuB. “During an enrollment process, the host 102 sends its public key (PuB) to the drive 101 with a request for generating secure storage for its data…]; 
a non-volatile storage medium [See figure 1, 104, “non-volatile memory] configured to store encrypted user content data [See paragraph 0013, figure 1, 105 where encrypted user content is stored. “FIG. 1, data 105 is encrypted with a bulk encryption key Kb in order to protect data 105 from unauthorized access and also to associate data 105 with host 102.”]; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system [See paragraph 0013, The one or more keys are put under access control to prevent an unauthorized user from obtaining access to the key(s) and decrypting data 105. In the example of FIG. 1, data 105 is encrypted with a bulk encryption key Kb in order to protect data 105 from unauthorized access and also to associate data 105 with host 102. See also paragraph 0018-0019. Host 102 requests a challenge from hard disk drive 101 to initiate the authentication process. Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102. Host 102 then uses its private key PrB to decrypt the challenge C to recover the random number R. Host 102 then sends R to drive 101. After receiving R, drive 101 uses R to unwrap private key PrA from WR(PrA). Because the wrapping function has integrity measurements, host 102 is authenticated in this process. Now that the drive 101 has recovered PrA, it can recover Kb by unwrapping Kb from WPuA(Kb) and In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R] ; and 
the access controller is configured to: 
generate a challenge for an authorized device [See at least paragraph 0017, FIG. 2 illustrates an example of a technique for securing data stored on a hard disk drive using challenge and response pairs, according to an embodiment of the present invention. According to the data security technique of FIG. 2, hard disk drive 101 uses public key PuB to generate a challenge and response pair]; 
send the challenge to the authorized device over a communication channel [See at least paragraph 0019, Hard disk drive 101 sends the challenge, i.e., the encrypted random number C=EPuB(R), to host 102 and see paragraph 0011, hard disk drive 101 and host operating system 102 are on separate computer machines, drive 101 and host 102 can communicate with each other over a network, e.g., a local area network or wide area network ]
 receive a response to the challenge from the authorized device over the communication channel; calculate the cryptographic key based at least partly on the response [paragraph 0020-0021, a secret S (e.g., a symmetric or asymmetric secret key) is called, then the hard disk drive pre-computes a challenge and response pair (C, R), for the host authority. The hard disk drive wraps the secret S (e.g., private key PrA) with the response R of the challenge. In other words, the hard disk drive computes WR(S), where the wrapping function both encrypts and provides integrity measurements. Alternatively, the hard disk drive can wrap the secret S with a number R′ that is a function of the response R, that is R′=f(R). The hard disk drive also stores WR(S) and C on the hard disk. During authentication, the host system returns the response R to the hard disk drive after receiving the challenge C from the hard disk drive. The hard disk drive then computes the number R′=f(R) using the function and the response R, and unwraps WR′(S) using number R′. See also paragraph 0022-0023, To recover S, the hard disk drive 101 needs random number R. The only way for hard disk drive 101 to get random number R is to recover it from the challenge number C. The only system capable of generating R from C is the host operating system 102…. The HDD then sends challenge number C to host 102. The host returns a random number in response to receiving C. Hard disk drive 101 can then recover secret S using the random number received from the host]; and 
provide the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium of the data storage device [See paragraph 0024, To secure all the data and resources that are associated with the host operating system 102, the encryption key Kb that secures the user data 105 is wrapped with the secret S. In this manner, data 105 can be recovered only after the authentication and see paragraph 0018, In order to recover the user data 105, the private key PrA first has to be recovered by unwrapping WR(PrA) using random number R. Then, PrA is used to unwrap WPuA(Kb) to recover Kb. Key Kb is then used to decrypt data 105. Thus, data 105 can only be recovered with random number R.].

		Souza substantially discloses all the limitation recited in the claim but doesn’t explicitly disclose the following underlined claim limitation:
“send the challenge to the authorized device over a communication channel that is different from the data path”;
 	However Linecker, at least on paragraph 0015 teaches authenticating user through a different  communication channel that is different from a communication channel used for requesting and receiving a resource where such authentication can increase the convenience of using challenge/response authentication and this meets the above claim limitation.

9.	Furthermore, with respect to independent claims 1, 20 and 21 a new updated search revealed the following prior arts that describes the general subject matter recited in the claims. 

A. 	US Publication No. 2005/0091491 A1 to Lee discloses a block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.

B. 	US Publication No. 2017/0288867 A1 to Collier discloses an apparatus, system, and method authenticating a system to access diagnostic interface in a storage device. The storage device includes a computer readable storage medium implemented to store data and a controller. The controller receives a request from the computer system to initiate a cryptographic nonce to access diagnostic interface in the storage device. The controller generates a nonce and returns to the computer system. Upon receiving an unlock request from the computer system to access the diagnostic interface including a signed nonce comprising at least the nonce encrypted with a private key by the authorized unlock system, the controller uses a public key that is a cryptographic pair with the private key to decrypt the signed nonce to determine whether to grant the computer system access to the diagnostic interface in the storage device.

C.	US Patent No. 9921978 B1 to Chan discloses a storage device features a processor and a random number generation which are communicatively coupled to a memory. The memory comprises an access control logic that is configured to (i) transmit a first message that comprises information associated with a random number generated by the random number generator and a first keying material, (ii) receive a second message in response to the first message, the second message comprises information generated using at least the random number, (iii) recover information from the second message, the recovered information comprises information generated using at least pre-stored keying material and a return value being based on the random number, (iv) compare the return value from the recovered information with the random number, and (v) alter an operating state of the storage device from a locked state to an unlocked state upon the return value matching the random number, the unlocked state allows one or more devices to control storage device including accessing stored content within the storage device.

D.	See the other cited prior art.


However, the above prior arts of record including the rest of the cited prior arts including those cited in the IDS, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the functional limitation recited in the amended independent claims 1, 20 and 21. For this reason, the specific claim limitations recited in amended independent claims 1, 20 and 21 taken as whole are found to be allowable.

10.	 The dependent claims 2-19 which are dependent on the above independent claim 1 being further limiting to the independent claims, definite and enabled by the specification are also allowed.

11.	Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497. 

Conclusion

12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SAMSON B LEMMA/
Primary Examiner, Art Unit 2498