Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	Claims 23-31, 90-98 are pending.


Continuity
2.	The instant application is a divisional of 16/407599, now US 10,437,983.


Allowable Subject Matter
3.	Applicant has argued against the mapping in which the Examiner previously mapped the hardware device to be the data storage controller.  To amend around such limitation, Applicant has amended the limitation in the claim “a first internal communication channel with a host controller that is internal to a data storage device”

The Examiner agrees with Applicant’s arguments concerning the amendment, that such amendment does overcome the rejection mapping based on the prior art.







Applicant specification [0032] defines a host controller as sufficiently broad so as to potentially comprise software.  

Specification [0032] reads in relevant part
“The host controller 108 may be an application program that is implemented in hardware, software, or a combination thereof in the data storage device 106 that is configured to read and write data in the data storage device 106. The host controller may be configured to perform any functions related to access and modification of data stored in the data storage device 106, including the prevention of access to one or more data files, sectors, or blocks in the data storage device 106, the locking of sectors or blocks from modification, etc.”

Because of this, it is the Examiner’s position that the host controller may be implemented as software within a data storage device.

Shaw, USPGPUB 20130311737 discloses an embodiment where the data storage controller of figure 6 may be a device driver or firmware located within the data storage device.  Shaw et al. [0170, 0009, 0014, 0015] all support a position that the data storage controller may reasonably be construed to be an internal host controller within the meaning of the art in light of Applicant’s specification.  Data storage controller is not only firmware within the data storage device, but it controls encryption operations and the encryption processor of the data storage means.

Nevertheless, the consequence of such amendment requires an alternative mapping as a basis of rejection in which the host controller and data storage device are one device.  


In reference to claim 23:
Shaw et al. teaches a method for controlling data access, comprising:
Establishing, by a hardware device in a computing system, a first internal  communication channel with a host controller that is internal to a data storage device in the computing device, wherein the first internal communication channel is internal to the computing device, where the hardware device in a computing system is host device processor Item 4, and where the host device processor establishes in the computing system a first internal communication channel with data storage controller Item 3 that is a device driver/firmware internal Item 2 to the data storage device in the computing device.  Shaw et al. Figure 6
Establishing, by the hardware device, a second communication channel with a separate device in the computing system, where the hardware device, Host Device Processor Item 4, establishes a second communication channel with a separate device in the computing system where the separate device is the Security device.    Shaw et al. Figure 6

Shaw et al. however fails to teach the following limitations:
Receiving, by a receiver of the hardware device, a data request from the separate device using the second communication channel,  
Forwarding, by a transmitter of the hardware device, the received data request to the host controller using the first communication channel.

Although Shaw et al. does teach a transmitter and receiver, such receiver is located on the security device (Figure 7), or in an alternative embodiment, as part of the data storage device itself (Figure 7, item 2).  Either mapping is untenable.  Mapping the security device or the data storage device Item 2 as the hardware device, would however create an inconsistency because such data request from a separate device would not be transmitted by the host device (and received by the receiver of the security device).

Accordingly, Applicant’s claims 23-26, 90-93 have overcome the prior art and the claims are allowable.  




Claim Rejections - 35 USC § 103
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed 


5.	Claims 27-31, 94-98 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shaw et al. USPGPUB 20130311737 in view of Linga USPGPUB 2016/0283406 in further view of Applicant admitted prior art.



In reference to claim 27:
Shaw et al. teaches a method for controlling data access, comprising:
Storing, in a memory of a host controller of a data storage device in the computing system, one or more established rules, wherein the one or more rules are associated with a first portion of a plurality of data items, where the one or more established rules may be preprogrammed.  Shaw et al. [0118] *see 103 combination below, and where the one or more rules are associated with a first portion of a plurality of data items, where the first portion is any one of “nominated data”[0131], a particular directory structure of data within the drive, [0131], or data with respect to a particular user [0108], and where the plurality of data items are the remainder of the data on the drive. 
Receiving, by a receiver of the host controller, a data action request, the data action request indicating a data command and one or more affected data items, where the host controller receives data action requests pertaining to data commands and affected data items of those commands.  Shaw et al. [0131, see also 0118, 0128]
Responsive to determining that the one or more affected data items are included in the first portion of the plurality of data items, where the first portion is any one of “nominated data” Shaw et al. [0131], a particular directory structure of data within the drive, Shaw et al. [0131], or data with respect to a particular user Shaw et al. [0108], and where the plurality of data items are the remainder of the data on the drive.
Determining, by the host controller, whether the data action request is in compliance with the one or more established rules, where the controller determines whether the data action request (such as access) is in compliance with one or more established rules (such as permissible location).  Shaw et al. [0128, see also 0118, 0131]
If the data action request is in compliance, executing, by the host controller, the data command on the one or more affected data items, where if the action request is in compliance, access is granted.  Shaw et al. [0128, see also 0118, 0131]
If the data action request is not in compliance, transmitting by a transmitter of the host controller, where if the action request is not in compliance, access is denied.  Shaw et al. [0128, see also 0118, 0131]

The amended portions of the claim are bolded for the convenience of the reader.
Shaw et al. does not explicitly teach:
Responsive to determining that the one or more affected data items are not included in the first portion of the plurality of data items, executing, by the host controller, the data command on only the one or more affected data items not included in the first portion of the plurality of data items.




It is understood that Shaw et al. operates a system of file accesses for many different users.  Shaw et al. [0121, 0123, 0141-0142].  It logically follows that files which do not fall within the purview of one’s user’s files and attempt to access such files, may fall within the purview of another user’s rights to access said file.  Shaw et al. does not state this explicitly.

Nevertheless this concept is explicitly taught in Linga et al. USPGPUB 20160283406.
Linga et al. USPGPUB 20160283406 A1 teaches a method for monitoring document access requests and enforcing rules and policies to limit access to users not specifically identified as having access to the data.  Linga et al. [0045] for example teaches “Policies may be invoked responsive to various actions taken by a user…For that particular user profile and policies and that particular data segment or data file, the user does not have permission to print the data and thus the policy is invoked during the audit of a user initiated command, such as print.”


More specifically however, Linga et al. teaches that a file access and its accompanying access command that may not be accessed by one user may be performed by another in a multiuser system.  See Linga et al. [0068] stating: 

“The rules can be selected 810 and applied to specific users, domain or tenant groups, etc… A redact flow process would permit users to tag portions of data and then display those portions to different user depending on their access rights.  Everyone could be sent the same data, but depending on who you are you would only be able to see specific portions of the data.  For example, if the data is opened by one user with more rights the user could view more of the data than another user with fewer assigned rights who opened the same data.  Additionally, a certain user could modify data and the modifications would automatically not be viewable by all users since that user has an elevated level of security.”  

It would have been obvious to one of ordinary skill in the art before the effective filing date to secure files per the system of Linga et al. in which different users have different rules and rights applicable to their access rights and combine it with the system of Shaw et al.  This would provide the advantage of providing a secure access system for not only a single user, but rather a variety of users.  

The combination of Shaw et al. in view of Linga et al. teaches the step:
Responsive to determining that the one or more affected data items are not included in the first portion of the plurality of data items, executing, by the host controller, the data command on only the one or more affected data items not included in the first portion of the plurality of data items, where the first portion is any one of “nominated data”[0131], a particular directory structure of data within the drive, [0131], or data with respect to a particular user [0108], and where the plurality of data items are the remainder of the data on the drive, and where the command is executed with respect to such first portion [0131] indicating that such actions are with respect to instructions, 
and where if it is determined that one or more affected data items are not included in the first portion of the plurality of data items, the host controller executes the data command on only the one or more affected data items not included in the first portion of the plurality of data items for a different user.  Linga et al. [0068] see also Figure 11. 


Shaw et al. does not explicitly teach the embodiment where the preprogrammed rules are stored in the memory of the host controller of a data storage.  Shaw et al. however does teach three facts which render it obvious:
that preprogrammed rules may be loaded Shaw et al. [0118], 
the host controller decides whether to allow access or not.  Shaw et al. [0128]
that the host controller has a storage (not shown) Shaw et al. [0131]

It would have been obvious to one of ordinary skill in the art before the effective filing date to utilize the memory of the host controller to store the loaded pre-programmed rules, as it is the host controller which uses the rules to device whether to allow such request or not;  this would provide the advantage of faster retrieval by the storage controller in using said rules determine access, as opposed to storing them in another module, which would increase access latency.

Shaw et al. does not explicitly teach the method wherein where if the access is not in compliance, the method issues:
a response to the data action request indicating prevented access to the one or more affected data items.



Issuing a prompt response indicating that a command has failed alerts the interested parties whether a command has gone through.  Without such prompt a user remains unapprised as to the success of the request and may erroneously believe that a command has executed when it has not.  

It would have been obvious to one of ordinary skill in the art before the effective filing date to issue a response indicating an “access denied” or other prompt to inform the user the command has not been completed so as to allow an interested party to act appropriately to ensure that such denial may be remediated.  


In reference to claim 28:
Shaw et al. in view of Linga et al. in further view of Applicant admitted prior art teaches the method of claim 27, wherein
Each of the one or more established rules is associated with one of a plurality of data commands, where each of the rules is established at least with respect to data access.  
Determining whether the data action request is in compliance with the one or more established rules including determining whether the data action request is in compliance with rules of the one or more established rules that are associated with the data command  where the first portion is any one of “nominated data”[0131], a particular directory structure of data within the drive, [0131], or data with respect to a particular user [0108], and where the plurality of data items are the remainder of the data on the drive, where one of the rules of access involves determining a location of a device and whether or not such device is in a permissible geographic location.  Shaw et al. [0128, see also 0118, 0131]

In reference to claim 29:
Shaw et al. in view of Linga et al. in further view of Applicant admitted prior art teaches the method of claim 27, wherein 
The one or more established rules includes a geographic area, and determining if the data action request is in compliance with the one or more established rules includes determining if the computing system is within the geographic area, where one of the rules of access involves determining a location of a device and whether or not such device is in a permissible geographic location.  Shaw et al. [0128, see also 0118, 0131]

In reference to claim 30:
Shaw et al. in view of Linga et al. in further view of Applicant admitted prior art teaches the method of claim 29, wherein the determining step includes receiving a geographic location from a global positioning device interfaced with the computing system, where said determining step may include receiving geographic location data from a GPS device.  [0128, 0112, 0130]  see also Figures 1a, 2


Shaw et al. in view of Linga et al. in further view of Applicant admitted prior art teaches the method of claim 27, wherein 
The one or more established rules includes a rule requiring presence of a security device, and determining if the data action request is in compliance with the one or more established rules including detecting presence of the security device in the computing system, where one or more established rules may involve the presence of a security device in the computing system.  See Shaw et al. Figure 13.  


Claim 94 is substantially similar to claim 27 and is rejected under the same rationale.
Claim 95 is substantially similar to claim 28 and is rejected under the same rationale.
Claim 96 is substantially similar to claim 29 and is rejected under the same rationale.
Claim 97 is substantially similar to claim 30 and is rejected under the same rationale.
Claim 98 is substantially similar to claim 31 and is rejected under the same rationale.



Conclusion
6.       The following art not relied upon is made of record:
US 20060016877 A1 teaches a biometric safeguard with a smartcard.
US 20110086615 teaches a method of providing device security with a removable device.
US 20140082715 teaches a method of mobile multifactor sign-on.
US 20160239232 teaches an internal circuit with a chip capable of PPP for purposes of allowing access to secure data.
US-20060098675-A1 teaches a traffic control method for network equipment.
US-20180152356-A1 teaches a method for on-demand network communication.


7.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


8.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS M HO whose telephone number is (571)270-7862.  The examiner can normally be reached on 11-7:30PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/THOMAS  HO/
Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494