DETAILED ACTION
This action is responsive to communication filed on 12/03/2020.  Claims 1, 11 and 20 are independent. Claim 15 is cancelled. Claims 1, 5, 8, 11-14 and 16-20 are amended. New claim 21 is added. Claims 1-14 and 16-21 are pending and being considered. Thus, Claims 1- 14 and 16-21 are rejected. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments/Remarks
	Applicant’s arguments/remarks filed on 12/03/2020 have been fully considered and are rendered moot in view of new grounds of rejection outlined below, which were necessitated by the applicant’s amendment. The argument do not apply to the current art being used.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 11-13 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over LIN et al. (US 2009/0300753 A1), hereinafter (LIN), in view of KOIKE et al. (US 2009/0025091 A1), hereinafter (Koike).

Regarding claim 1, LIN teaches a storage drive comprising: a hardware controller configured to (LIN, Fig. 1, illustrates a removable storage device 200 which includes a controller 210):
detect a connector of the storage drive connected to a connector of a computing device that is known to the storage drive by way of identification information other than an identifier of the storage drive; send the identification information to the computing device based at least in part on the detecting (LIN, Fig. 4 and Para. [0021], discloses that it is detected that a removable storage device ); 
receive an acknowledgment from the computing device indicating the identification information is successfully authenticated (LIN, Fig. 4 and Para. [0021], discloses that it is then determined whether the acquired identification data matches with the authentication information (step S606). If the acquired identification data matches with the authentication information, the inserted removable storage device is recognized as being authorized); 

allow the computing device to mount a storage medium of the storage drive on an operating system of the computing device LIN, Fig. 4 and Para. [0021], discloses that the authorized removable storage device is allowed to fully access the computer system such as access data).
However LIN fails to explicitly disclose but Koike from the same field of technology teaches perform a credential verification process based at least in part on the acknowledgment (Koike, Para. [0303 and 0305], discloses the evaluation process as to whether or not the PC 30g is the one which relates to a specific related person having a specific relationship with the USB memory 1g, is performed in the following manner. For example, the USB memory 1g registers therein a fingerprint or an or see also Fig. 12 and Para. [0280], discloses that similar to the PC30e of the third embodiment, in the USB memory 1f according to the fourth embodiment, the user confirming unit 38 confirms that a user of the PC 30a is a specific authorized user related to the PC 30a); and 
allow the computing device to mount a storage medium of the storage drive on an operating system of the computing device after successful verification of credentials in the credential verification process (Koike, Fig. 12 and Para. [0280], discloses that similar to the PC30 of the third embodiment, in the USB memory 1f according to the fourth embodiment, the user confirming unit 38 confirms that a user of the PC 30 is a specific authorized user related to the PC 30, and the alert controller 33 restrains the alerting unit 35 from giving an alert in a case where the USB memory confirming unit 40 decides that the USB memory 1f connected to the PC 30 is the one which relates to a specific authorized user, and as further disclosed in Para. [0241], whereas the validity can be confirmed by obtaining information (i.e., password, a fingerprint picture image, a picture image of a user's face, etc.) relating to the user of the PC 30. In other words, the PC 30 can be allowed to access/mount the storage unit 11 of the USB memory, when it is admitted that a user of the PC 30 is one of the specific related people having specific relationships with the PC 30).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to provide a secure connection between a USB memory and an information processing device (i.e., PC, laptop, etc.), in order to improve data confidentiality and to prevent confidential information leakage; Koike, Abstract and Para. [0002]. 
  
Regarding claim 2, LIN as modified by Koike teaches the storage drive of claim 1, wherein LIN further teaches the hardware controller is further configured to (LIN, Fig. 1 illustrates the controller 210): 
LIN fails to explicitly disclose but Koike further teaches prevent the credential verification process based at least in part on failing to receive the acknowledgment within a set time period or after receiving a negative acknowledgment from the computing device (Koike, Para. [0358-0359], discloses that when the USB memory 1h is connected to the USB port 31, the PC 30 obtains the identification information of this USB memory 1h through the USB connector 17 and the USB port 31. When it is detected that the USB memory 1h connected to the USB port 31 is not managed in the management unit 46 with reference to this management unit 46, the alerting unit 37 gives an alert. Further, it can also be performed to inhibit access to the HDD 305 or the like in the PC 30, or to make the inserted USB memory not usable as well as giving an alert by the alerting unit 37, and also as disclosed in Para. [0240], wherein the HDD 305 in the PC 30 holds/stores the specific authorized user In other words, by inhibiting access to the HDD 305 (which contains the specific authorized user information) in the PC 30 will prevent the credential verification process, based on the detection, that the USB memory 1h connected to the USB port 31 is not managed in the management unit 46 with reference to this management unit 46), 
wherein the computing device is prevented from mounting the storage medium without the successful verification of the credentials in the credential verification process (Koike, Fig. 13 and  Para. [0311-0312 or 0331], discloses that the access inhibitor 42 inhibits the PC 30 from accessing the storage unit 11. This access inhibitor 42 inhibits an access from the PC 30 to the storage unit 11, when a user of the PC 30 is not one of the specific related people having specific relationships with the PC 30. Further, when a user of the USB memory 1g is not one of the specific related people having specific relationships with the USB memory 1g, the access inhibitor 42 inhibits the PC 30g from accessing the storage unit 11).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to provide a secure connection between a USB memory and an information processing device (i.e., PC, laptop, etc.), in order to improve data confidentiality and to prevent confidential information leakage; Koike, Abstract and Para. [0002]. 

Regarding claim 3, LIN as modified by Koike teaches the storage drive of claim 1, wherein LIN fails to disclose but Koike further teaches performing the credential verification process includes the hardware controller being further configured to: 34Attorney Docket No. 55071.0173 (STL 073264)request the credentials from the computing device, wherein the credentials include at least one of a user name and password, a fingerprint scan, an eye scan, a face scan, a voice capture, or any combination thereof (Koike, Para. [0303], discloses the evaluation process as to whether or not the PC 30 is the one which relates to a specific related person having a specific relationship with the USB memory 1g, is performed in the following manner. For example, the USB memory 1g registers therein a fingerprint or an ID password for authentication of the PC 30 beforehand. The USB memory 1g accesses the PC 30 to obtain a fingerprint, an ID password or the like for authentication).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to provide a secure connection between a USB memory and an information processing device (i.e., PC, laptop, etc.), in order to improve data confidentiality and to prevent confidential information leakage; Koike, Abstract and Para. [0002]. 

Regarding claim 4, LIN as modified by Koike teaches the storage drive of claim 3, wherein LIN fails to disclose but Koike further teaches performing the credential verification process further includes the hardware controller being configured to: receive the requested credentials from the computing device; and verify the received credentials (Koike, Para. [0303], discloses the evaluation process as to whether or not the PC 30 is the one which relates to a specific related person having a specific relationship with the USB memory 1g, is performed in the following manner. For example, the USB memory 1g registers therein a fingerprint or an ID password for ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to provide a secure connection between a USB memory and an information processing device (i.e., PC, laptop, etc.), in order to improve data confidentiality and to prevent confidential information leakage; Koike, Abstract and Para. [0002]. 

Regarding claim 5, LIN as modified by Koike teaches the storage drive of claim 1, wherein LIN as modified by Koike further teaches sending the identification information to the computing device includes the hardware controller being configured to send to the computing device a provisioning file stored on the storage drive or data that is saved to the provisioning file (LIN, Fig. 1 and Para. [0018], discloses that controller 210 may have an identification data such as a predefined text string "SMI" such that the type of the removable storage device may be obtained and recognized. The flash memory 220 may store identification data of the removable storage device 200, and/or see Koike, Para. [0358], when the USB memory 1h is connected to the USB port 31, the PC 30 obtains the information (identification information) of this USB memory 1h through the USB connector 17 and the USB port 31, and such as disclosed in Para. [0352-0353], wherein the information (identification information) is assigned/registered beforehand therein information identifies the USB and/or see also Para. [0104], discloses that USB connector 17 is inserted/connected to a USB port 31 of a PC (Personal Computer; information processing apparatus, computer) 30a (see FIG. 3), the USB memory 1a being thereby connected to the PC 30a in a communicable manner there-between. The PC 30a accesses the storage unit 11 to perform processing such as reading, writing, and deleting of data or files (hereinafter will be simply called "data")).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to sending the identification information to the computing device includes the hardware controller being configured to send to the computing device a provisioning file stored on the storage drive or data that is saved to the provisioning file, as taught by Koike, in order to improve data confidentiality and to prevent confidential information leakage; Koike, Para. [0002]. 

Regarding claim 11, LIN teaches a computing device comprising: one or more processors; memory in electronic communication with the one or more processors, wherein the memory stores computer executable instructions that when executed by the one or more processors cause the one or more processors to perform (LIN, Fig. 1 and Para. [0016-0017], discloses that the computer system 100 at least comprises a processor 110, a volatile memory 120, a non-volatile storage medium 130 and a connection port 140 (e.g. USB port). The removable storage device 200 comprises a controller 210, etc. The volatile memory 120, such as a dynamic random access memory (DRAM), static random access memory (SRAM), or others, may store the computer program and be accessed by the processor 110): 
monitoring a connector of the computing device; detecting a storage drive connected to the connector based at least in part on the monitoring (LIN, Fig. 4 and Para. [0021], discloses that it is detected that a removable storage device has been inserted or plugged into the port of the computer system (step 602)); 
receiving identification information other than an identifier of the storage drive from the storage drive based at least in part on the detecting (LIN, Fig. 4 and Para. [0021], discloses that it is detected that a removable storage device has been inserted or plugged into the port of the computer system (step 602). When detecting that the removable storage device has been inserted or plugged into the port of the computer system, the identification data of the inserted removable storage device is acquired (step S604)); 
authenticating the identification information from the storage drive (LIN, Fig. 4 and Para. [0021], discloses that it is then determined whether the acquired identification data matches with the authentication information (step S606). If the acquired identification data matches with the authentication information, the inserted removable storage device is recognized as being authorized); 

mounting a storage medium of the storage drive on an operating system of the computing device LIN, Fig. 4 and Para. [0021], discloses that the authorized removable storage device is allowed to fully access the computer system such as access data).
performing a credential verification process based at least in part on successfully authenticating the information (Koike, Para. [0239], discloses that the user confirming unit 38 confirms that a person (user) who is using/operating the PC 30e is a specific authorized user of the PC 30e. In the third embodiment, on the basis of the information (user information) obtained by the user information obtaining unit 39, the user confirming unit 38 confirms that the user of the PC 30e is a specific authorized user of the PC 30e, and as disclosed in Para. [0241], the user information obtaining unit 39 obtains information (for example, information relating to a password, a fingerprint picture image, a picture image of a user's face, a smart card, and a FeLica card) for use in confirming that the user of the PC 30e is an identified authorized user, and/or see also Para. [0303 and 0305]); and 
mounting a storage medium of the storage drive on an operating system of the computing device based at least in part on a result of the credential verification process (Koike, Fig. 12 and Para. [0280], discloses that similar to the PC30 of the third embodiment, in the USB memory 1f according to the fourth embodiment, the user confirming unit 38 confirms that a user of the PC 30 is a specific authorized user related to the PC 30, and the alert controller 33 restrains the alerting unit 35 from giving an alert in a case where the USB memory confirming unit 40 decides that the USB memory 1f connected to the PC 30 is the one which relates to a specific authorized user, and as further disclosed in Para. [0241], whereas the validity can be confirmed by obtaining information (i.e., password, a fingerprint picture image, a picture image of a user's face, etc.) relating to the user of the PC 30. In other words, the PC 30 can be allowed to access/mount the storage unit 11 of the USB memory, when it is admitted that a user of the PC 30 is one of the specific related people having specific relationships with the PC 30).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to provide a secure connection between a USB memory and an information processing device (i.e., PC, laptop, etc.), in order to improve data confidentiality and to prevent confidential information leakage; Koike, Abstract and Para. [0002]. 

Regarding claim 12, LIN as modified by Koike teaches the computing device of claim 11, wherein LIN fails to explicitly disclose but Koike further teaches the instructions for performing the credential verification process further cause the one or more processors to perform (Koike, Fig. 3 and Para. [0144-0147], discloses a hardware construction of a PC 30a to which the USB memory 1a is connected. Wherein the CPU (Central Processing Unit) 301, executes programs stored in the HDD 305 and the ROM 302, thereby performing various kinds of calculation operation processing, and performs various kinds of controlling in the PC 30a): 
receiving credentials from a user (Koike, Para. [0241], discloses that the user information obtaining unit 39 obtains information (for example, information relating to a password, a fingerprint picture image, a picture image of a user's face, a smart card, and a FeLica card) for use in confirming that the user of the PC 30e is an identified authorized user); 
sending the credentials to the storage drive for verification; and 36Attorney Docket No. 55071.0173 (STL 073264)receiving the result of the credential verification process from the storage drive, the result indicating that the credentials are valid or that the credentials are invalid (Koike, Para. [0303], discloses the evaluation process as to whether or not the PC 30 is the one which relates to a specific related person having a specific relationship with the USB memory 1g, is performed in the following manner. For example, the USB memory 1g registers therein a fingerprint or an ID password for authentication of the PC 30 beforehand. The USB memory 1g accesses the PC 30 to obtain a fingerprint, an ID password or the like for authentication, and performs matching of the information thus obtained from the PC 30 with the previously registered fingerprint, an ID password or the like, and as disclosed in Para. [0311-0312], the access inhibitor 42 inhibits the PC 30g from accessing the storage unit 11. This access inhibitor 42 inhibits an access from the PC 30g to the storage unit 11, when a user of the PC 30g is not one of the specific related people having specific relationships with the PC 30g. Further, when a user of the USB memory 1g is not one of the specific related people having specific relationships with the USB memory 1g, the access inhibitor 42 inhibits the PC 30g from accessing the storage unit 11), wherein the one or more processors mounting the storage medium when the result indicates the credentials are valid (Koike, Fig. 12 and Para. [0280], discloses that similar to the PC30 of the third embodiment, in the USB memory 1f according to the fourth embodiment, the user confirming unit 38 confirms that a user of the PC 30 is a specific authorized user related to the PC 30, and the alert controller 33 restrains the alerting unit 35 from giving an alert in a case where the USB ).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into the teachings of ‘LIN’, with a motivation to provide a secure connection between a USB memory and an information processing device (i.e., PC, laptop, etc.), in order to improve data confidentiality and to prevent confidential information leakage; Koike, Abstract and Para. [0002]. 

Regarding claim 13, LIN as modified by Koike teaches the computing device of claim 11, wherein LIN fails to explicitly disclose but Koike further teaches receiving the identification information from the storage drive includes receiving a file stored on the storage drive or receiving data from the file (Koike, Para. [0358], when the USB memory 1h is connected to the USB port 31, the PC 30 obtains the information (identification information) of this USB memory 1h through the USB connector 17 and the USB port 31, and such as disclosed in Para. [0352-0353], wherein the information (identification information) is assigned/registered beforehand therein information identifies the USB memory 1h which is permitted to be connected to the PC 30, and/or see also Para. [0104], discloses that USB connector 17 is inserted/connected to a USB port 31 of a PC (Personal Computer; information processing apparatus, computer) 30a (see FIG. 3), the USB memory 1a being thereby connected to the PC 30a in a communicable manner there-between. The PC 30a accesses the storage unit 11 to perform processing such as reading, writing, and deleting of data or files (hereinafter will be simply called "data")).  


Regarding claim 15, (cancelled).

Regarding claim 17, LIN as modified by Koike teaches the computing device of claim 11, wherein LIN further teaches the instructions when executed by the one or more processors cause the one or more processors to perform (LIN, Fig. 1 and Para. [0016-0017], discloses that the computer system 100 at least comprises a processor 110, a volatile memory 120, a non-volatile storage medium 130 and a connection port 140 (e.g. USB port). The removable storage device 200 comprises a controller 210, etc. The volatile memory 120, such as a dynamic random access memory (DRAM), static random access memory (SRAM), or others, may store the computer program and be accessed by the processor 110): receiving a command instructing the computing device to block further communication with the storage drive (LIN, Fig. 4 and Para. [0022], discloses that if, in step S606, the acquired identification data is different from the authentication information (No in step S606), the inserted removable storage device is recognized as being unauthorized and steps S612-S616 are processed […]. With the computer system is locked, unauthorized data access is forbidden. Therefore, the data in the computer system is protected).  

18, LIN as modified by Koike teaches the computing device of claim 17, wherein LIN further teaches the instructions when executed by the one or more processors cause the one or more processors to perform (LIN, Fig. 1 and Para. [0016-0017], discloses that the computer system 100 at least comprises a processor 110, a volatile memory 120, a non-volatile storage medium 130 and a connection port 140 (e.g. USB port). The removable storage device 200 comprises a controller 210, etc. The volatile memory 120, such as a dynamic random access memory (DRAM), static random access memory (SRAM), or others, may store the computer program and be accessed by the processor 110): 
determining whether the storage drive is currently connected to the computing device; and unmounting the storage drive after determining the storage drive is currently connected (LIN, Para. [0020], discloses to determine whether a later plugged in or inserted in removable storage device is an authorized user/removable storage device or not. Thereafter, the first removable storage device is removed from the computer system (step S508)).  

Regarding claim 19, LIN as modified by Koike teaches the computing device of claim 18, wherein LIN further teaches the instructions when executed by the one or more processors cause the one or more processors to perform (LIN, Fig. 1 and Para. [0016-0017], discloses that the computer system 100 at least comprises a processor 110, a volatile memory 120, a non-volatile storage medium 130 and a connection port 140 (e.g. USB port). The removable storage device 200 comprises a controller 210, etc. The volatile memory 120, such as a dynamic random access ): 
However LIN fails to explicitly disclose but Koike further teaches removing authentication of the identification information to block future connections between the computing device and the storage drive after determining the storage drive is not currently connected (Koike, Para. [0295], when detecting that the PC 30 falls in an unused state thereof based on information or the like from the user detector 35 or the like, the unused state detector 34 outputs an unused state detection signal to the deleting unit 21, and as disclosed in Para. [0210 or 0226], the deleting unit 21 deletes the data stored in the storage unit 11. As a result, even when, for example, the USB memory 1d is left to be inserted to the PC 30a, a third person who obtains the USB memory 1d is incapable of using data stored in the storage unit 11, so that it is possible to improve the confidentiality of data, thereby preventing the leakage of confidential information, and as also disclosed in Para. [0212], the deleting unit 21 may delete all the data stored in the flash memory 110 (storage unit 11), or may delete only specific data. As to making the deleting unit 21 delete specific data, it can be realized by means of giving settings (flags), which indicate whether subject data is to be deleted or not to be deleted, to the data, or by means of giving setting which inhibits data, whose deletion is not expected, from being deleted by use of a data protection function that an OS (Operating System) or the like of a computer has, and/or see also Para. [0308-0310 or 0350]).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Koike’ into 

Regarding claim 20, claim recite substantially similar subject matter as claim 1. Therefore, the response set forth above with respect to claim 1 is equally applicable to claim 20 of ‘a method’.

Claims 6-7 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over LIN in view of Koike, as applied above, and further in view of WU, Zining (US 20180293407 A1), hereinafter (WU).

Regarding claim 6, LIN as modified by Koike teaches the storage drive of claim 5, wherein Koike further teaches the provisioning file is stored on a memory located on LIN, Fig. 1 and Para. [0018], discloses that the flash memory 220 may store identification data of the removable storage device 200).
Wherein LIN as modified by Koike fails to explicitly disclose but WU from the same field of technology teaches wherein the provisioning file is stored on a memory located on a bridge interface of the storage drive (WU, Para. [0070], discloses that, during an initialization process, the key management module 378 within the data security bridge 322 (as shown in Fig. 3 and Fig. 4) obtains the security key from the external device 390 and registers the security key at the storage device 320. For example, the storage device 320 may store the security key from the external device ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘WU’ into the teachings of ‘LIN’ as modified by ‘Koike’, with a motivation in which data transmitted from the station 312 can be encrypted by the security module 376, included within the data security bridge 322, for storage in the medium 350 of the storage device 320, and/or data from the medium 350 can be retrieved and decrypted by the security module 376 for output to the station 312, after both identification criterion are satisfied, as disclosed in Para. [0080] of WU.

Regarding claim 7, LIN as modified by Koike in view oy WU teaches the storage drive of claim 6, wherein LIN as modified by Koike fails to explicitly disclose but WU further teaches the bridge interface is connected between the hardware controller of the storage drive and the connector of the storage drive (WU, Fig. 3 and Para. [0066], discloses the storage device 320 includes a data security bridge 322, a storage medium 350, a controller 360, and a housing 370 containing the data security bridge 322, the storage medium 350, and the controller  360. The controller 360 is an electrical component within the storage device 320. As illustrated in the Fig. 3 the data security bridge 322 is connected between the controller 360 and a connector. Wherein the connector can be SATA connector, a m.2 connector, a 2.U connector, or any of other types of connectors, as disclosed in Para. [0054]).  


Regarding claim 10, LIN as modified by Koike teaches the storage drive of claim 1, wherein LIN as modified by Koike fails to teach but WU further teaches the storage drive includes a self-encrypting drive (WU, Fig. 2 and Para. [0059-0060], discloses a self-encrypted storage device 220).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘WU’ into the teachings of ‘LIN’ as modified by ‘Koike’, with a motivation wherein the storage drive includes a self-encrypting drive, as taught by WU, in order to store and protect data from un-authorized users in encrypted form; WU, Figs. 2-3.

Claims 8-9, 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over LIN in view of Koike, as applied above, and further in view of Efstathopoulos; Petros et al. (US 8,856,918 B1), hereinafter (Efs).

Regarding claim 8, LIN as modified by Koike teaches the storage drive of claim 5, wherein LIN as modified by Koike fails to explicitly disclose but Efs from the same the data stored in the provisioning file includes at least one of a serial number of the computing device, a globally unique identifier uniquely associated with the computing device, a host machine name associated with computing device, a media access control (MAC) number of the computing device, a processor identifier of a processor of computing device, a motherboard serial number of the computing device, or a unique random generated number generated by the storage drive based at least in part on the detecting, or any combination thereof (Efs, Col. 12 (line 1), discloses an identifier of the host computer).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Efs’ into the teachings of ‘LIN’ as modified by ‘Koike’, with a motivation in which the host validation system verifies whether the identified host computer is approved to access data stored on the portable storage device. To do so, the host validation system can compare an identifier of the host computer to a plurality of stored identifiers of host computers approved for accessing data stored on the portable storage device, as disclosed in Col. 2 (lines 49-54) of Efs.

Regarding claim 9, LIN as modified by Koike in view of Efs teaches the storage drive of claim 8, wherein LIN further teaches the connector of the storage drive includes a universal serial bus (USB) connector (LIN, Fig. 1 and Para. [0016-0017], discloses a USB connector 230 for removable storage device).  

14, LIN as modified by Koike teaches the computing device of claim 13, wherein LIN as modified by Koike fails to explicitly disclose but Efs from the same field of technology teaches the file includes at least one of a computer identifier unique to the computing device, or a random generated number, or any combination thereof (EFS, Col. 12 (line 1), discloses an identifier of the host computer).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Efs’ into the teachings of ‘LIN’ as modified by ‘Koike’, with a motivation in which the host validation system verifies whether the identified host computer is approved to access data stored on the portable storage device. To do so, the host validation system can compare an identifier of the host computer to a plurality of stored identifiers of host computers approved for accessing data stored on the portable storage device, as disclosed in Col. 2 (lines 49-54) of Efs.
 
Regarding claim 16, LIN as modified by Koike in view of Efs teaches the computing device of claim 14, wherein LIN further teaches the instructions for authenticating the identification information when executed by the one or more processors cause the one or more processors to perform (LIN, Para. [0017 and 0021], discloses that the processor 110 can execute a computer program to authenticate the identification data): 
However LIN as modified by Koike fails to explicitly disclose but Efs further teaches comparing the computer identifier to a device identifier associated with the computing device; and indicating the information is authenticated when the comparing indicates a match between the computer identifier and the device identifier (Efs, Col. 8 (lines 55-67) thru Col. 9 (lines 1-22), and as illustrated in FIG. 6, a portable storage device 301 (FIG. 3) containing a host validation system 101 (FIG. 1) is communicatively coupled 601 to a host computer 210 (FIG. 2). A host identifying module 501 (FIG. 5) of the host validation system 101 (FIG. 1) identifies 603 the host computer 210 (FIG. 2) to which the portable storage device 301 (FIG. 3) is communicatively coupled. In some embodiments, the host identifying module 501 (FIG. 5) uses 605 the host computer's TPM 503 (FIG. 5) to identify the host computer 210 (FIG. 2), for example by using remote attestation and identifying the current configuration of the host computer 210 (FIG. 2). A credentials verifying module 507 (FIG. 5) of the host validation system 101 (FIG. 1) verifies 607 whether the host computer 210 (FIG. 2) is approved to access data 303 (FIG. 3) stored on the portable storage device 301 (FIG. 3). To perform this verification, in some embodiments the credentials verifying module 507 (FIG. 5) compares 609 an identifier of the host computer 210 (FIG. 2) to a plurality of stored identifiers of host computers 210 (FIG. 2) approved for accessing data 303 (FIG. 3) stored on the portable storage device 301 (FIG. 3). In other embodiments, the credentials verifying module 507 (FIG. 5) can verify the host computer 210 (FIG. 2) by comparing 611 the identifier of the host computer 210 (FIG. 2) and its current configuration to a plurality of stored identifiers of host computer configurations approved for accessing data 303 (FIG. 3) stored on the portable storage device 301 (FIG. 3). An access determining module 509 (FIG. 5) of the host validation system 301 (FIG. 3) provides 613 the host computer 210 (FIG. 2) a level of access to ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Efs’ into the teachings of ‘LIN’ as modified by ‘Koike’, with a motivation in which the host validation system verifies whether the identified host computer is approved to access data stored on the portable storage device. To do so, the host validation system can compare an identifier of the host computer to a plurality of stored identifiers of host computers approved for accessing data stored on the portable storage device, as disclosed in Col. 2 (lines 49-54) of Efs.

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over LIN in view of Koike, as applied above, and further in view of Bolotin et al. (US 2008/0215841 A1), hereinafter (Bolotin).

Regarding claim 21, LIN as modified by Koike teaches the method of claim 20, wherein LIN as modified by Koike fails to explicitly disclose but Bolotin from the same field of technology teaches the identification information is successfully authenticated by a server communicatively coupled to the computing device (Bolotin, Fig. 8 and Para. [0198-0199], discloses that the user connects the memory lock system 802 to the customer computer 804 and unlocks the memory lock system 802 using the user's combination. The memory lock system 802 provides the first factor for two-factor authentication and the user's combination provides the second factor, which allows access to information in the memory lock system memory that the financial ).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Bolotin’ into the teachings of ‘LIN’ as modified by ‘Koike’, with a motivation wherein the identification information is successfully authenticated by a server communicatively coupled to the computing device, as taught by Bolotin, in order to reduce identity theft and unauthorized access to stored information; Bolotin, Para. [0186].

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose telephone number is 571-272-1239. The examiner can normally be reached on 8AM-4PM (EST) Monday-Friday. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey C Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2433


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498