Office Action Predictor
Last updated: April 16, 2026
Application No. 18/925,554

UPDATEABLE ENCRYPTION IN SELF ENCRYPTING DRIVES

Non-Final OA §103§DP
Filed
Oct 24, 2024
Examiner
PHAM, PHUC H
Art Unit
2408
Tech Center
2400 — Computer Networks
Assignee
Seagate Technology LLC
OA Round
1 (Non-Final)
90%
Grant Probability
Favorable
1-2
OA Rounds
2y 7m
To Grant
99%
With Interview

Examiner Intelligence

Grants 90% — above average
90%
Career Allow Rate
149 granted / 166 resolved
+31.8% vs TC avg
Strong +23% interview lift
Without
With
+23.2%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
23 currently pending
Career history
189
Total Applications
across all art units

Statute-Specific Performance

§101
7.6%
-32.4% vs TC avg
§103
59.9%
+19.9% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
8.2%
-31.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 166 resolved cases

Office Action

§103 §DP
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present application, filed on October 24, 2024, is accepted. Claims 1 – 20 are being considered on the merits. Drawings The drawings, filed on October 24, 2024, are accepted. Specification The specification, filed on October 24, 2024, is accepted. Double Patenting Claims 1 – 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 – 14 of U.S. Patent No. 12166873. Claims 1 – 14 of US Patent No. 12166873 contains every element of claims 1 – 20 of the instant application. Claims of the instant application therefore are not patently distinct from the earlier application claims and as such are unpatentable over obvious-type double patenting. A later patent/application claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). “Claim 1 is generic to the species of invention covered by claim 1 of the ‘010 application. Thus, the generic invention is "anticipated" by the species of the patented invention. Cf., Titanium Metals Corp. v. Banner, 778 F.2d 775, 227 USPQ 773 (Fed. Cir. 1985) (holding that an earlier species disclosure in the prior art defeats any generic claim). This court's predecessor has held that, without a terminal disclaimer, the species claims preclude issuance of the generic application. In re Van Ornum, 686 F.2d 937, 944, 214 USPQ 761, 767 (CCPA 1982); Schneller, 397 F.2d at 354. Accordingly, absent a terminal disclaimer, claim 1 was properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1 – 5, and 9 – 13 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210223968 A1 to Umesawa et al., (hereinafter, “Umesawa”) in view of US 8582777 B2 to Urivskiy et al., (hereafter, “Urivskiy”) and US 20150016606 A1 to Omino et al., (hereinafter, “Omino”). Regarding claim 1, Umesawa teaches a method of rotating a set of keys, having a media encryption key (MEK) and a current media encryption key encryption key (MEKEK) encrypted and stored in a self-encrypting drive (SED) having data encrypted with the MEK (MEK(data)), the method comprising: decrypting, in the SED, the stored MEK and the current MEKEK; [Umesawa, para. 69 discloses when the root key encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with the common key. Alternatively, when the root key encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with a private key. The encryption key generation module 123 generates the data encryption key using the decrypted root key.] generating, in the SED, a new media encryption key (MEK') and a new media encryption key encryption key (MEKEK'); [Umesawa, para. 63 discloses the key information receiving module 122 receives, from the secure microcomputer 7, key information to be used to generate a data encryption key. The key information is, for example, root key information 221 stored in the secure microcomputer 7. The data encryption key is an encryption key used when the encryption circuit 15 performs encryption of data and decryption of encrypted data. Para 64 discloses the encryption key generation module 123 generates a root key using the root key information 221, which is received from the secure microcomputer 7, and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates a data encryption key using the root key. That is, the data encryption key may be indirectly derived from the root key information 221 and the OTP key information] encrypting, in the SED, the MEKEK' to replace the current encrypted MEKEK; [Umesawa, para. 67 discloses When the root key information 221 encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with the common key. Alternatively, when the root key information 221 encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with a private key (that is, a secret key). The encryption key generation module 123 generates the root key using the decrypted root key information 221 and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates the data encryption key using the root key.], but Umesawa does not teach concatenating, in the SED, the MEK and the MEK' to obtain a concatenated key; encrypting, in the SED, the concatenated key with MEKEK'; and storing, in the SED, the encrypted concatenated key over ciphertext comprising MEK encrypted with MEKEK; re-encrypting, in the SED, the already-encrypted data MEK(data) in the SED with MEK' without decrypting the MEK(data); and overwriting the MEK(data) with the re-encrypted data. However, Urivskiy does teach concatenating, in the SED, the MEK and the MEK' to obtain a concatenated key; [Urivskiy, col. 2 lines 51 – 57 discloses The system for lightweight key distribution in a wireless network may further include a network node for generating a session key. The calculating operation may include a network node for calculating the second intermediate value by applying a first concatenated value, which is acquired by concatenating the session key and the first intermediate value, to a hash function.] encrypting, in the SED, the concatenated key with MEKEK'; [Urivskiy, col. 2 lines 64 – 67 to col. 3 lines 1 – 3 discloses The encrypting operation may include network nodes for extracting a key index in common with a key index of the new node; generating the encryption key by applying a second concatenated value, which is acquired by concatenating the second intermediate value corresponding to the common key index, to a hash function; and encrypting a partial key corresponding to the common key index with the encryption key.] and storing, in the SED, the encrypted concatenated key over ciphertext comprising MEK encrypted with MEKEK; [Urivskiy, col. 5 lines 40 – 47 discloses the initial backbone node M1 210 sends a key part P1, corresponding to the common key index, to the new node A 250 (S145). Herein, the key part P.sub.1 includes the encrypted partial key E.sub.K.sub.A(ki) and the second intermediate value Si corresponding to the common key index. Specifically, the initial backbone node M1 210 sends to the new node A 250 the key part P1, which contains the encrypted partial keys E.sub.K.sub.A(k3) and E.sub.K.sub.A(k5), and the second intermediate value {S3, S5}.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] However, Umesawa in view of Urivskiy does not teach re-encrypting, in the SED, the already-encrypted data MEK(data) in the SED with MEK' without decrypting the MEK(data); and overwriting the MEK(data) with the re-encrypted data, but Omino does teach re-encrypting, in the SED, the already-encrypted data MEK(data) in the SED with MEK' without decrypting the MEK(data); [Omino, para. 284 discloses The re-encrypting device 150 acquires the first ciphertext C.sub.1 from the first client terminal 131. The re-encrypting device 150 outputs a request to the server 140 in response to the acquisition of the first ciphertext C.sub.1 to acquire the first re-encryption key K.sub.1.sup.(r) and the second re-encryption key K.sub.2.sup.(r). para. 285 discloses The re-encrypting device 150 generates a second ciphertext C.sub.2 (=Enc(k.sub.2, m)) obtained by encrypting a plaintext m with the second client key K.sub.2 on the basis of the first ciphertext C.sub.1, the first re-encryption key K.sub.1.sup.(r) and the second re-encryption key K.sub.2.sup.(r). The re-encrypting device 150 then outputs the second ciphertext C.sub.2 to the second client terminal 132.] and overwriting the MEK(data) with the re-encrypted data. [Omino, para. 286 discloses the second client terminal 132 acquires and stores the second client key K.sub.2 from the generating device 120. The second client terminal 132 acquires the second ciphertext C.sub.2 from the re-encrypting device 150.]. Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Omino’s system with Umesawa’s system, with motivation for a configuration of the re-encrypting device 150 when exclusive OR operation is used as an encryption process will be described. In this case, the plaintext m, the first client key K.sub.1, the second client key K.sub.2, the master key K.sub.r, the first re-encryption key K.sub.1.sup.(r), the second re-encryption key K.sub.2.sup.(r) a combined key K.sub.1,2.sup.(r), the first ciphertext C.sub.1, and the second ciphertext C.sub.2 are all binary data having the same bit length. [Omino, para. 287] Regarding claim 2, modified Umesawa discloses the method of claim 1, but Umesawa does not teach wherein the MEK comprises a MEK string having a combination of nested MEK iterations and null values, and wherein the MEK string has a fixed length of an integer multiple, and wherein decrypting the stored MEK comprises decrypting the MEK string. However, Urivskiy does teach wherein the MEK comprises a MEK string having a combination of nested MEK iterations and null values, and wherein the MEK string has a fixed length of an integer multiple, [Urivskiy, col. 5 lines 27 – 49 discloses the initial backbone node M1 210 and the backbone nodes Mj 220 through 240 respectively extract a key index in common with the key index IA = {2, 3, 5} of the new node A 250 from their key indexes and encrypt a partial key ki corresponding to the extracted key index with the encryption key KA (S140). Assuming that the key index IA of the new node A 250 is {2, 3, 5} and the key index of the initial backbone node M1 210 is {3, 5, 6}, the initial backbone node M1 210 extracts a common key index BIM1 ∩ IA ={3, 5} from its key index and the key index of the new node A 250, and encrypts partial keys k3 and k5 corresponding to the extracted common key index with the encryption key KA. Next, the initial backbone node M1 210 sends a key part P1, corresponding to the common key index, to the new node A 250 (S145). Herein, the key part P1 includes the encrypted partial key EKA(ki) and the second intermediate value Si corresponding to the common key index. Specifically, the initial backbone node M.sub.1 210 sends to the new node A 250 the key part P1, which contains the encrypted partial keys EKA(k3) and EKA(k5), and the second intermediate value {S3, S5}. The key part P1 transmitted by the initial backbone node M1 210 is expressed as Equation 3.] and wherein decrypting the stored MEK comprises decrypting the MEK string. [Urivskiy, col. 6 lines 61 – 64 discloses by decrypting the encrypted partial keys EKA(k2), EKA (k3), and EKA (k5) corresponding to its key index IA with the decryption key K'A, the new node A 250 acquires key sets k2, k3, and k5 corresponding to its key index IA (S180).] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] Regarding claim 3, modified Umesawa teaches the method of claim 2, but Umesawa does not teach wherein decrypting the MEK comprises decrypting all nested MEK iterations in the MEK string. However, Urivskiy does teach wherein decrypting the MEK comprises decrypting all nested MEK iterations in the MEK string. [Urivskiy, col. 6 lines 61 – 64 discloses by decrypting the encrypted partial keys EKA(k2), EKA (k3), and EKA (k5) corresponding to its key index IA with the decryption key K'A, the new node A 250 acquires key sets k2, k3, and k5 corresponding to its key index IA (S180).] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] Regarding claim 4, modified Umesawa teaches the method of claim 2, but Umesawa does not teach wherein encrypting a concatenation of the MEK and the MEK' comprises encrypting all the nested MEK iterations from the MEK string with the MEK'. However, Urivskiy does teach wherein encrypting a concatenation of the MEK and the MEK' comprises encrypting all the nested MEK iterations from the MEK string with the MEK'. [Urivskiy, col. 2 lines 64 – 67 to col. 3 lines 1 – 3 discloses The encrypting operation may include network nodes for extracting a key index in common with a key index of the new node; generating the encryption key by applying a second concatenated value, which is acquired by concatenating the second intermediate value corresponding to the common key index, to a hash function; and encrypting a partial key corresponding to the common key index with the encryption key.]. Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] As per claim 5, modified Umesawa teaches the method of claim 1, wherein decrypting the MEK comprises: deriving a master key (MK) from a user password (PIN); [Umesawa, para. 62 discloses the session key generation module 121 generates and exchanges a session key when a session is established in a connection between the memory controller 4 and the secure microcomputer 7. The session key generation module 121 may generate and exchange the session key each time the session is established, or may generate and exchange the session key only once when the session is first established between the memory controller 4 and the secure microcomputer 7. The session key may be used as a common key.] decrypting the current MEKEK from the encrypted MEKEK (MK(MEKEK)) by decrypting MK(MEKEK) with MK; and decrypting the MEK from the encrypted MEK (MEKEK(MEK)) by decrypting MEKEK(MEK) with MEKEK. [Umesawa, para. 69 discloses when the root key encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with the common key. Alternatively, when the root key encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with a private key. The encryption key generation module 123 generates the data encryption key using the decrypted root key.] Regarding claim 9, Umesawa teaches a method of updating a key in a self-encrypting drive (SED) storing encrypted data MEK(data), comprising: deriving, in the SED, a master key (MK) from a user password (PIN); [Umesawa, para. 62 discloses the session key generation module 121 generates and exchanges a session key when a session is established in a connection between the memory controller 4 and the secure microcomputer 7. The session key generation module 121 may generate and exchange the session key each time the session is established, or may generate and exchange the session key only once when the session is first established between the memory controller 4 and the secure microcomputer 7. The session key may be used as a common key.] decrypting, in the SED, wrapping keys comprising a media encryption key (MEK) and a media encryption key encryption key (MEKEK) from stored ciphertext MEKEK(MEK) and MK(MEKEK) using the MK; [Umesawa, para. 69 discloses when the root key encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with the common key. Alternatively, when the root key encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with a private key. The encryption key generation module 123 generates the data encryption key using the decrypted root key.] generating, in the SED, new wrapping keys MEK' and MEKEK'; [Umesawa, para. 63 discloses the key information receiving module 122 receives, from the secure microcomputer 7, key information to be used to generate a data encryption key. The key information is, for example, root key information 221 stored in the secure microcomputer 7. The data encryption key is an encryption key used when the encryption circuit 15 performs encryption of data and decryption of encrypted data. Para 64 discloses the encryption key generation module 123 generates a root key using the root key information 221, which is received from the secure microcomputer 7, and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates a data encryption key using the root key. That is, the data encryption key may be indirectly derived from the root key information 221 and the OTP key information] encrypting, in the SED, MEKEK' with MK to obtain new ciphertext MK(MEKEK'); [Umesawa, para. 67 discloses When the root key information 221 encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with the common key. Alternatively, when the root key information 221 encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with a private key (that is, a secret key). The encryption key generation module 123 generates the root key using the decrypted root key information 221 and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates the data encryption key using the root key.] and storing, in the SED, ciphertext MEK'(MEK(data)), ciphertext MK(MEKEK'), and ciphertext MEKEK'(MEK', MEK) in the SED-such that MEK(data) is overwritten with MEK'(MEK(data)) and MEKEK'(MEK', MEK) replaces MEKEK(MEK). [Umesawa, para. 65 discloses the encryption circuit 15 encrypts data, which is to be written into the NAND flash memory 5, with the data encryption key, and decrypts data, which is read from the NAND flash memory 5, with the data encryption key.], but Umesawa does not teach re-encrypting, in the SED, the already-encrypted data MEK(data) in the SED with MEK' without decrypting the MEK(data) to obtain ciphertext MEK' (MEK(data)); encrypting, in the SED, a concatenation of MEK and MEK' with MEKEK' in a MEK string to obtain new ciphertext MEKEK'(MEK', MEK);. However, Urivskiy does teach encrypting, in the SED, a concatenation of MEK and MEK' with MEKEK' in a MEK string to obtain new ciphertext MEKEK'(MEK', MEK); [Urivskiy, col. 2 lines 64 – 67 to col. 3 lines 1 – 3 discloses The encrypting operation may include network nodes for extracting a key index in common with a key index of the new node; generating the encryption key by applying a second concatenated value, which is acquired by concatenating the second intermediate value corresponding to the common key index, to a hash function; and encrypting a partial key corresponding to the common key index with the encryption key.]. Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] However, Umesawa in view of Urivskiy does not teach re-encrypting, in the SED, the already-encrypted data MEK(data) in the SED with MEK' without decrypting the MEK(data) to obtain ciphertext MEK' (MEK(data));, but Omino does teach re-encrypting, in the SED, the already-encrypted data MEK(data) in the SED with MEK' without decrypting the MEK(data) to obtain ciphertext MEK' (MEK(data));. [Omino, para. 284 discloses The re-encrypting device 150 acquires the first ciphertext C.sub.1 from the first client terminal 131. The re-encrypting device 150 outputs a request to the server 140 in response to the acquisition of the first ciphertext C.sub.1 to acquire the first re-encryption key K.sub.1.sup.(r) and the second re-encryption key K.sub.2.sup.(r). para. 285 discloses The re-encrypting device 150 generates a second ciphertext C.sub.2 (=Enc(k.sub.2, m)) obtained by encrypting a plaintext m with the second client key K.sub.2 on the basis of the first ciphertext C.sub.1, the first re-encryption key K.sub.1.sup.(r) and the second re-encryption key K.sub.2.sup.(r). The re-encrypting device 150 then outputs the second ciphertext C.sub.2 to the second client terminal 132.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Omino’s system with Umesawa’s system, with motivation for a configuration of the re-encrypting device 150 when exclusive OR operation is used as an encryption process will be described. In this case, the plaintext m, the first client key K.sub.1, the second client key K.sub.2, the master key K.sub.r, the first re-encryption key K.sub.1.sup.(r), the second re-encryption key K.sub.2.sup.(r) a combined key K.sub.1,2.sup.(r), the first ciphertext C.sub.1, and the second ciphertext C.sub.2 are all binary data having the same bit length. [Omino, para. 287] Regarding claim 10, modified Umesawa teaches the method of claim 9, but Umesawa does not teach wherein encrypting a concatenation comprises: concatenating MEK and MEK' in the MEK string; and encrypting the MEK string with new wrapping key MEKEK'. However, Urivskiy does teach wherein encrypting a concatenation comprises: concatenating MEK and MEK' in the MEK string; and encrypting the MEK string with new wrapping key MEKEK'. [Urivskiy, col. 2 lines 64 – 67 to col. 3 lines 1 – 3 discloses The encrypting operation may include network nodes for extracting a key index in common with a key index of the new node; generating the encryption key by applying a second concatenated value, which is acquired by concatenating the second intermediate value corresponding to the common key index, to a hash function; and encrypting a partial key corresponding to the common key index with the encryption key.]. Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] Regarding claim 11, modified Umesawa teaches the method of claim 10, but Umesawa does not teach wherein concatenating further comprises: providing a fixed length for the MEK string, the fixed length being an integer multiple of a size of an MEK iteration; and padding the MEK string with null values for a remaining length of the MEK string after concatenating the MEK and MEK'. However, Urivskiy does teach wherein concatenating further comprises: providing a fixed length for the MEK string, the fixed length being an integer multiple of a size of an MEK iteration; and padding the MEK string with null values for a remaining length of the MEK string after concatenating the MEK and MEK'. [Urivskiy, col. 5 lines 27 – 49 discloses the initial backbone node M1 210 and the backbone nodes Mj 220 through 240 respectively extract a key index in common with the key index IA = {2, 3, 5} of the new node A 250 from their key indexes and encrypt a partial key ki corresponding to the extracted key index with the encryption key KA (S140). Assuming that the key index IA of the new node A 250 is {2, 3, 5} and the key index of the initial backbone node M1 210 is {3, 5, 6}, the initial backbone node M1 210 extracts a common key index BIM1 ∩ IA ={3, 5} from its key index and the key index of the new node A 250, and encrypts partial keys k3 and k5 corresponding to the extracted common key index with the encryption key KA. Next, the initial backbone node M1 210 sends a key part P1, corresponding to the common key index, to the new node A 250 (S145). Herein, the key part P1 includes the encrypted partial key EKA(ki) and the second intermediate value Si corresponding to the common key index. Specifically, the initial backbone node M.sub.1 210 sends to the new node A 250 the key part P1, which contains the encrypted partial keys EKA(k3) and EKA(k5), and the second intermediate value {S3, S5}. The key part P1 transmitted by the initial backbone node M1 210 is expressed as Equation 3.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] Regarding claim 12, modified Umesawa teaches the method of claim 11, and further comprising: when an additional update of a key is desired, deriving the master key (MK) from the user password (PIN); [Umesawa, para. 62 discloses the session key generation module 121 generates and exchanges a session key when a session is established in a connection between the memory controller 4 and the secure microcomputer 7. The session key generation module 121 may generate and exchange the session key each time the session is established, or may generate and exchange the session key only once when the session is first established between the memory controller 4 and the secure microcomputer 7. The session key may be used as a common key.] decrypting the current MEKEK from MK(MEKEK') with the MK; decrypting MEK' and MEK from MEKEK'(MEK', MEK)with the current MEKEK; [Umesawa, para. 69 discloses when the root key encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with the comon key. Alternatively, when the root key encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with a private key. The encryption key generation module 123 generates the data encryption key using the decrypted root key.] generating new wrapping keys MEK" and MEKEK"; [Umesawa, para. 63 discloses the key information receiving module 122 receives, from the secure microcomputer 7, key information to be used to generate a data encryption key. The key information is, for example, root key information 221 stored in the secure microcomputer 7. The data encryption key is an encryption key used when the encryption circuit 15 performs encryption of data and decryption of encrypted data. Para 64 discloses the encryption key generation module 123 generates a root key using the root key information 221, which is received from the secure microcomputer 7, and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates a data encryption key using the root key. That is, the data encryption key may be indirectly derived from the root key information 221 and the OTP key information] re-encrypting MEK'(MEK(data)) with MEK" to obtain ciphertext MEK" (MEK' (MEK(data))); [Umesawa, para. 65 discloses The encryption key generation module 123 sets the generated data encryption key in the encryption circuit 15. As described above, the encryption circuit 15 encrypts data, which is to be written into the NAND flash memory 5, with the data encryption key, and decrypts data, which is read from the NAND flash memory 5, with the data encryption key.] encrypting MEKEK" with MK to obtain new ciphertext MK(MEKEK"); Umesawa, para. 67 discloses When the root key information 221 encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with the common key. Alternatively, when the root key information 221 encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with a private key (that is, a secret key). The encryption key generation module 123 generates the root key using the decrypted root key information 221 and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates the data encryption key using the root key.] and storing ciphertext MEK"(MEK'((MEK(data))), ciphertext MK(MEKEK"), and ciphertext MEKEK"(MEK", MEK', MEK) in the SED[Umesawa, para. 65 discloses the encryption circuit 15 encrypts data, which is to be written into the NAND flash memory 5, with the data encryption key, and decrypts data, which is read from the NAND flash memory 5, with the data encryption key.], but Umesawa does not teach encrypting a concatenation of all MEK iterations with MEKEK" to obtain ciphertext MEKEK"(MEK", MEK', MEK). However, Urivskiy does teach encrypting a concatenation of all MEK iterations with MEKEK" to obtain ciphertext MEKEK"(MEK", MEK', MEK). [Urivskiy, col. 2 lines 64 – 67 to col. 3 lines 1 – 3 discloses The encrypting operation may include network nodes for extracting a key index in common with a key index of the new node; generating the encryption key by applying a second concatenated value, which is acquired by concatenating the second intermediate value corresponding to the common key index, to a hash function; and encrypting a partial key corresponding to the common key index with the encryption key.]. Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] Regarding claim 13, modified Umesawa teaches the method of claim 11, and further comprising: when the MEK is to be updated, updating the MEK string additional times by: generating a new MEK and a new MEKEK; [Umesawa, para. 63 discloses the key information receiving module 122 receives, from the secure microcomputer 7, key information to be used to generate a data encryption key. The key information is, for example, root key information 221 stored in the secure microcomputer 7. The data encryption key is an encryption key used when the encryption circuit 15 performs encryption of data and decryption of encrypted data. Para 64 discloses the encryption key generation module 123 generates a root key using the root key information 221, which is received from the secure microcomputer 7, and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates a data encryption key using the root key. That is, the data encryption key may be indirectly derived from the root key information 221 and the OTP key information] encrypting the new MEK string with the new MEKEK to replace the current encrypted MEKEK; encrypting the new MEKEK with the MK; [Umesawa, para. 67 discloses When the root key information 221 encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with the common key. Alternatively, when the root key information 221 encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key information 221 with a private key (that is, a secret key). The encryption key generation module 123 generates the root key using the decrypted root key information 221 and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates the data encryption key using the root key.] and re-encrypting user data with the new current MEK. [Umesawa, para. 65 discloses the encryption key generation module 123 sets the generated data encryption key in the encryption circuit 15. As described above, the encryption circuit 15 encrypts data, which is to be written into the NAND flash memory 5, with the data encryption key, and decrypts data, which is read from the NAND flash memory 5, with the data encryption key.], but Umesawa does not teach concatenating all decrypted MEK iterations from the MEK string with the new MEK and nulls to fill out a remainder of the MEK string into a new MEK string; However, Urivskiy does teach concatenating all decrypted MEK iterations from the MEK string with the new MEK and nulls to fill out a remainder of the MEK string into a new MEK string;' [Urivskiy, col. 2 lines 64 – 67 to col. 3 lines 1 – 3 discloses The encrypting operation may include network nodes for extracting a key index in common with a key index of the new node; generating the encryption key by applying a second concatenated value, which is acquired by concatenating the second intermediate value corresponding to the common key index, to a hash function; and encrypting a partial key corresponding to the common key index with the encryption key.]. Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Urivskiy’s system with Umesawa’s system, with motivation to transform an input value of an arbitrary length to a fixed-length output value. The one-way hash function has the following properties: it is impossible to calculate an original input value with a given output value, it is impossible to find an output value with a given input value or to find another input value, and it is impossible to find and calculate two different input values that produce the same output value. The hash function characterized by the above features may be used in functions applied for data integrity, authentication, repudiation prevention, and the like. [Urivskiy, col. 4 lines 53 – 61] Claim 6, 14, and 17 – 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210223968 A1 to Umesawa et al., (hereinafter, “Umesawa”) in view of US 8582777 B2 to Urivskiy et al., (hereafter, “Urivskiy”) and US 20150016606 A1 to Omino et al., (hereinafter, “Omino”) in further view of US 20190288834 A1 to Black et al, (hereinafter, “Black”). Regarding claim 6, modified Umesawa teaches the method of claim 2, but modified Umesawa does not teach further comprising refreshing the MEK string when a predetermined number N of re-encryptions of the encrypted data has previously occurred, as indicated by a number of non-null MEKs in the MEK string. However, Black does teach further comprising refreshing the MEK string when a predetermined number N of re-encryptions of the encrypted data has previously occurred, as indicated by a number of non-null MEKs in the MEK string. [Black, para. 42 discloses the at least one set of key components includes a single set of key components and the at least one processor 204 is configured to reconstruct the encrypted key and the at least one encryption key at least in part by being configured to: reconstruct a combined string, including both the encrypted key and the at least one encryption key, from the single set of key components; and extract the encrypted key and the at least one encryption key from the combined string to be used to securely decrypt the encrypted key into the key using the at least one encryption key. In examples, the at least one processor 204 is configured to receive the at least one subset of key components from the at least one subset of users that can be used to reconstruct the encrypted key and the at least one encryption key at least in part by being configured to: receive a first subset of a first set of key components from a first subset of users that can be used to reconstruct the encrypted key; and receive at least a second subset of key components of at least a second set of key components from at least a second subset of users that can be used to reconstruct at least one encryption key used to securely decrypt the key from the encrypted key.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Black’s system with modified Umesawa’s system, with motivation to provide by keys split to various users which can help with the situation where some or all of the key subsets become lost, comprised, etc. without having the change the key itself. [Black, para. 41] Regarding claim 14, it recites features similar to features within claim 6, therefore, it is rejected in a similar manner. Regarding claim 17, Umesawa teaches a method of refreshing a nested concatenation of a plurality of media encryption key (MEK) iterations and a current media encryption key encryption key (MEKEK) stored in encrypted form, the media encryption key iterations used for nested encryption and re-encryption of user data without decryption in a self-encrypting drive (SED), the method comprising: decrypting the plurality of media encryption key iterations to a MEK string; [Umesawa, para. 69 discloses when the root key encrypted with a common key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with the common key. Alternatively, when the root key encrypted with a public key is received from the secure microcomputer 7, the key information receiving module 122 decrypts the encrypted root key with a private key. The encryption key generation module 123 generates the data encryption key using the decrypted root key.] generating a new media encryption key and a new media encryption key encryption key; [Umesawa, para. 63 discloses the key information receiving module 122 receives, from the secure microcomputer 7, key information to be used to generate a data encryption key. The key information is, for example, root key information 221 stored in the secure microcomputer 7. The data encryption key is an encryption key used when the encryption circuit 15 performs encryption of data and decryption of encrypted data. Para 64 discloses the encryption key generation module 123 generates a root key using the root key information 221, which is received from the secure microcomputer 7, and the OTP key information 161 stored in the OTP memory 16. Then, the encryption key generation module 123 generates a data encryption key using the root key. That is, the data encryption key may be indirectly derived from the root key information 221 and the OTP key information], but modified Umesawa does not teach determining a number of re-encryptions of the user data using a number of non-null MEK entries in the decrypted MEK string; and refreshing the stored MEK string in the SED when a predetermined number N of re-encryptions of the encrypted data has previously occurred, as indicated by a number of non-null MEK iterations in the MEK string. However, Black does teach further determining a number of re-encryptions of the user data using a number of non-null MEK entries in the decrypted MEK string; and refreshing the stored MEK string in the SED when a predetermined number N of re-encryptions of the encrypted data has previously occurred, as indicated by a number of non-null MEK iterations in the MEK string. [Black, para. 42 discloses the at least one set of key components includes a single set of key components and the at least one processor 204 is configured to reconstruct the encrypted key and the at least one encryption key at least in part by being configured to: reconstruct a combined string, including both the encrypted key and the at least one encryption key, from the single set of key components; and extract the encrypted key and the at least one encryption key from the combined string to be used to securely decrypt the encrypted key into the key using the at least one encryption key. In examples, the at least one processor 204 is configured to receive the at least one subset of key components from the at least one subset of users that can be used to reconstruct the encrypted key and the at least one encryption key at least in part by being configured to: receive a first subset of a first set of key components from a first subset of users that can be used to reconstruct the encrypted key; and receive at least a second subset of key components of at least a second set of key components from at least a second subset of users that can be used to reconstruct at least one encryption key used to securely decrypt the key from the encrypted key.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Black’s system with modified Umesawa’s system, with motivation to provide by keys split to various users which can help with the situation where some or all of the key subsets become lost, comprised, etc. without having the change the key itself. [Black, para. 41] Regarding claim 18, modified Umesawa does not teach the method of claim 17, but Umesawa does not teach wherein the plurality of media encryption key iterations is stored in a fixed length MEK string having a length that is (N+2) times a length of an MEK in the MEK string, and comprising all previous MEK iterations and null-value MEK iterations for remaining space of the fixed length MEK string. However, Black does teach wherein the plurality of media encryption key iterations is stored in a fixed length MEK string having a length that is (N+2) times a length of an MEK in the MEK string, and comprising all previous MEK iterations and null-value MEK iterations for remaining space of the fixed length MEK string. [Black, para. 47 discloses splitting the encrypted key and the at least one encryption key into at least one set of key components, wherein at least a subset of key components of the at least one set of key components can be used to reconstruct the encrypted key and the at least one encryption key. In examples, the encrypted key and the at least one encryption key are combined together before splitting the encrypted key and the at least one encryption key into the at least one set of key components that can be provided to a plurality of users. For example, the encrypted key and the at least one encryption key can be concatenated together into a string that is then split into at the at least one set of key components that can be provided to a plurality of users. In examples, the encrypted key and the at least one set of key components can be split apart into separate sets of key components that can be provided to a plurality of users. For example, the encrypted key can be split into a first set of key components that can be provided to a first plurality of users, wherein at least a first subset of the first key components can be used to reconstruct the encrypted key. Similarly, each encrypted key of the at least one encryption key can be split into at least second key components that can be provided to at least a second plurality of users, wherein at least a second subset of the at least second key components can be used to reconstruct the at least one encryption key.] Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Black’s system with modified Umesawa’s system, with motivation to provide by keys split to various users which can help with the situation where some or all of the key subsets become lost, comprised, etc. without having the change the key itself. [Black, para. 41] Allowable Subject Matter Claims 7 – 8, 15 – 16, and 19 – 20 objected to as being dependent upon a rejected base claim only over the prior arts, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Pertinent prior art made of record however not relied upon: US 20190173674 A1 to Agarwal et al. “An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.” Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /P.P./Patent Examiner, Art Unit 2408 /CHAU LE/Primary Examiner, Art Unit 2408
Read full office action

Prosecution Timeline

Oct 24, 2024
Application Filed
Jan 24, 2025
Response after Non-Final Action
Jan 08, 2026
Non-Final Rejection — §103, §DP
Mar 24, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12598201
MULTIFACETED DETECTION OF FRAUDULENT DATA USAGE
2y 5m to grant Granted Apr 07, 2026
Patent 12585305
REMOVABLE COMPUTER FOR AN AIRCRAFT
2y 5m to grant Granted Mar 24, 2026
Patent 12580924
TELEMETRY RESTRICTION MECHANISM
2y 5m to grant Granted Mar 17, 2026
Patent 12562890
METHOD FOR EXCHANGING CRYPTOGRAPHIC KEYS BETWEEN COMMUNICATION SUBSCRIBERS
2y 5m to grant Granted Feb 24, 2026
Patent 12556383
SYSTEMS AND METHODS FOR UTILIZING MACHINE LEARNING MODELS TO GENERATE ENCRYPTION KEYS
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
90%
Grant Probability
99%
With Interview (+23.2%)
2y 7m
Median Time to Grant
Low
PTA Risk
Based on 166 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month