DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/16/2021 has been entered.
Response to Arguments
Applicant’s arguments, see Remarks, filed 02/162021, with respect to the rejection(s) of claim(s) 8- 20 under 35 U.S.C. § 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Van Hoof.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claims 8-15,17-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Van Hoof; Robert, US 8868898 B1, October 21, 2014, hereafter referred to as Van Hoof in view of Garces-Erice; Luis et al, US 20150332050 Al, November 19, 2015, hereafter referred to as Garces-Erice.

          As to claim 8, Van Hoof teaches a method (Van Hoof Fig. 4), comprising:
          detecting, on a device, a key located on an interfaced device - Van Hoof [column 8, lines 66 -67]… Both of the USB drives are plugged into any computer 14);
          forcing a boot of the device based on a presence of the key – Van Hoof [column 9, lines 66 -67] … computer is powered on which is then booted from the Dongle USB boot sector …where then the key match is performed. VAN HOOF DOES NOT TEACH
          loading, by an Operating System (OS) loader of the device, a customized image of an OS with custom security settings to complete the boot based on the key – Van Hoof [column 8, lines 31 - 43]…The system provides a pair of USB storage devices 20, 22 that work in concert to enable the secure communications system 10 by booting from the USB's 20 boot sector, which will test for the presence of a USB dongle key match before initiating login to the secure communications system 10…. The secure communications system provides a boot startup and application software that circumvents the computer's installed operating system therefore no record of the communication would be present within the computer's default operating system. Here, the claimed ‘loading’ is taught by Van Hoof as ‘booting’ whereas the claimed ‘custom security settings’ is suggested by Van Hoof as ‘application software that , and         processing, on the device, the detecting, the forcing, and the loading while the device lacks network connectivity – Van Hoof [column 9, lines 1-4] Figure 4 method Steps S10 – S24 the computer is powered on which is then booted from the Dongle USB boot sector 46 where then the key match is performed, as shown in step S14. If the keys don't match, the system will shut down, as shown in Step S16. WHILE VAN HOOF SUGGESTS a customized image of an OS with custom security settings to complete the boot based on the key GARCES-ERICE TEACHES a customized image of an OS - Garces-Erice [0104] the physical storage medium 120 of the computer 101 stores a first host OS 111-1, e.g., a native OS (also called "home" OS) and a second host OS 111-2 (e.g., a "corporate" OS. Here, the claimed ‘customized image’ is taught by Garces-Erice as ‘corporate OS" because either the home or corporate OS can be modified) loading, by an Operating System (OS) loader of the device, with custom security settings to complete the boot based on the key - Garces-Erice [0121] the bootloader 16 may be configured to check the integrity of the located part Bl of the second host operating system 111-2 by hashing contents of said part and check a resulting hash value against said integrity check data 13...It is in that case sufficient to store on the device 10 a hash of the contents of the part Bl, e.g., an unencrypted boot image, and compare this with that found on disk at every boot.  Here, the claimed ‘complete the boot’ is taught by Garces-Erice as ‘check a resulting hash’ whereas the claimed ‘key’ is taught by Garces-Erice as ‘a hash’ via key 13 of Figure 2.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Van Hoof with Garces-Erice boot mechanism Bring Your Own Management automatically customizing the security settings for the user. While Van Hoof teaches a booting an operating system from two USB devices Van Hoof only suggest that the device loads operating system 2 but not the settings.  Gares-Erice allows for customization of operating system features that are secure and unique to the user and user context. Van Hoof would be motivated to consider 

           As to claim 9, the combination of Van Hoof and Garces-Erice teaches the method of claim 8, wherein detecting further includes authenticating a user for performing the boot and using the key on the device – Van Hoof [column 9, lines 5-7] if there is a key match the application queries for a login, which if successful as shown in step S22 continues with the system ready application interface).

          As to claim 10, the combination of Van Hoof and Garces-Erice teaches the method of claim 9 wherein authenticating further includes writing the key to one of: a non-volatile secure memory location on the device and a secure hard drive storage location on the device. - Garces-Erice [0046-0050] … the invention is embodied as a computer program product comprising a computer-readable storage medium having a bootloader embodied therewith, wherein the bootloader… is detectable by a firmware of a computer; and … comprises instructions … for said firmware to load the bootloader into a memory of the computer for subsequent execution; and… to interact with the firmware, upon execution at the computer.  Here, the reasons to combine Van Hoof with Garces-Erice and motivation is for the reasons as set forth in claim 8).

          As to claim 11, the combination of Van Hoof and Garces-Erice teaches the method of claim 10, wherein forcing further includes checking for the key in the non-volatile secure memory location or the secure hard drive storage location during the boot and before loading of the OS on the device - Garces-Erice [0051] determine, in a physical storage medium of said computer storing a first host operating system and a second host operating system respectively on a first portion and a second portion thereof, said second portion, from partition information of said physical storage medium, which partition information acknowledges the first host operating system.   Here, the reasons to combine Van Hoof with Garces-Erice and motivation is for the reasons as set forth in claim 8).

             As to claim 12, the combination of Van Hoof and Garces-Erice teaches the method of claim 11, wherein loading further includes selecting the customized image of the OS from a plurality of images for the OS based on the key - Garces-Erice [0178]... the host OS 111-2 of the employer is not be modifiable by the employee, such that a single unique image can be deployed to all employees, a thing that enhances security and simplifies the updating of the system. Here, the claimed ‘plurality of images’ is taught by Gares-Erice as ‘single unique image to all employees’ whereas employees receive this single image constitutes a plurality of images sent where the claimed ‘selecting’ is taught by ‘customized’ because in order to customize the VM image the image has to be identified and therefore selected. Here, the claimed ‘key’ is taught by Garces-Erice generally as ‘trusted device 10’.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention for Van Hoof to consider Garces-Erice logic that provides for the storing of a plurality of customized images in order to accommodate Van Hoof subscribers and further enhance the ability to provide a covert communication module as taught by Van Hoof as location [column 6, lines 8-9]).

           As to claim 13, the combination of Van Hoof and Garces-Erice teaches the method of claim 8, wherein loading further includes selecting the customized image of the OS as a base image for the OS - Garces-Erice [0178] ...a single unique image can be deployed to all employee, a thing that enhances security and simplifies the updating of the system. The corporate host OS 111-2 is then simply the means to safely run the corporate VM assigned  Here, the reasons to combine Van Hoof with Garces-Erice and motivation is for the reasons as set forth in claim 12).

           As to claim 14, the combination of Van Hoof and Garces-Erice teaches the method of claim 13, wherein loading further includes starting native services within the OS for availability within the OS post boot - Garces-Erice [0178] the present solution allows to start the second OS, e.g., a corporate OS, and for the latter to be run on a home computer without requiring to execute the native OS. As to be explained later in detail, the needed configuration elements can be accessed from partition information. Here, the reasons to combine Van Hoof with Garces-Erice and motivation is for the reasons as set forth in claim 8).

          As to claim 15, the combination of Van Hoof and Garces-Erice teaches the method of claim 8, wherein loading further includes selecting the customized security settings based on the key - Garces-Erice [0177 and 01778] since at ’78 ... This VM can be customized for the employee in terms of the software it executes and can be modified by the user in the same way as their normal desktop machine since at ’77 The user can thus be prompted to confirm that the bootloader and/or keys should be made available. Here, the reasons to combine Van Hoof with Garces-Erice and motivation is for the reasons as set forth in claim 8).

         As to claim 17, the combination of Van Hoof and Garces-Erice teaches the method of claim 8 further comprising, providing access to an executing instance of the OS on the device post boot with the customized security settings being enforced by the OS - if there is a key match the application queries for a login, which if successful as shown in step S22 continues with the system ready application interface).

            As to claim 18, Van Hoof teaches a system, comprising: a device - Van Hoof Device 14 of Figure 1 and a portable device - Van Hoof Devices 20 and 22 of Figure 1)
wherein the device is configured to: (i) detect a key present on the portable device when the portable device is interfaced to the device - Van Hoof [column 8, lines 63-65]  …Both of the USB drives are plugged into any computer 14) (ii) authenticated a user for using the key - Van Hoof [column 9, lines 5-7] If the keys don't match, the system will shut down… if there is a key match the application queries for a login. (iii) force a boot of the device - Van Hoof [column 9, lines 5-7] computer is powered on which is then booted from the Dongle USB boot sector 46 where then the key match is performed, wherein (it) (ii), (iii),  and (iv) are processed by the device while the device lacks network connectivity.– Van Hoof [column 9, lines 1-4] Figure 4 method Steps S10 – S24 the computer is powered on which is then booted from the Dongle USB boot sector 46 where then the key match is performed, as shown in step S14. If the keys don't match, the system will shut down.  Here, the claimed ‘detecting, loading authenticating and forcing of the boot is depicted in Figure 4 prior to method step 20. VAN HOOF DOES NOT TEACH and (iv) load, by an Operating System (OS) loader of the device, a customized OS with customized security settings into volatile memory of the OS for execution on the device based on a value for the key to complete the boot. HOWEVER GARCES-ERICE TEACHES load, by an Operating System (OS) loader of the device - Garces-Erice [0104] only the second one of the OSs can effectively boot from the user portable device 10. Here, the claimed ‘loading’ is taught by Garces-Erice as ‘boot’) a customized OS - Garces-Erice [0104] the physical storage medium 120 of the computer 101 stores a first host OS 111-1, e.g., a native OS (also called "home" OS) and a second host OS 111-2 (e.g., a "corporate" OS. Here, the claimed ‘customized image’ is taught by Garces-Erice as ‘corporate with custom security settings into volatile memory of the OS for execution on the device based on a value for the key to complete the boot -Garces-Erice [0121] the bootloader 16 may be configured to check the integrity of the located part Bl of the second host operating system 111-2 by hashing contents of said part and check a resulting hash value against said integrity check data 13...It is in that case sufficient to store on the device 10 a hash of the contents of the part Bl, e.g., an unencrypted boot image, and compare this with that found on disk at every boot. Here, the claimed ‘complete the boot’ is taught by Garces-Erice as ‘check a resulting hash’ whereas the claimed ‘key’ is taught by Garces-Erice as ‘a hash’ via key 13 of Figure 2.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Van Hoof with Garces-Erice boot mechanism Bring Your Own Management. While Van Hoof teaches a booting an operating system from a device Van Hoof fails to teach or suggest that the device loads a customized image based on a key. The combination of Van Hoof and Gares-Erice allows for customization of operating system features that are secure and unique to the user and user context. Van Hoof would be motivated to consider Garces-Erice It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Van Hoof with Garces-Erice boot mechanism Bring Your Own Management for automatically customizing the security settings for the user. While Van Hoof teaches a booting an operating system from two USB devices Van Hoof only suggest that the device loads operating system 2 but not the settings.  Gares-Erice allows for customization of operating system features that are secure and unique to the user and user context. Van Hoof would be 

As to claim 20, claim 20 is a system that is directed to method of claim 10. Therefore, claim 20 is rejected for the reasons as set forth in claim 10.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Van Hoof in view of Garces-Erice, and in further view of Mann; Eric K. et al.; Luis et al, US 6922722 B1, US 6922722 B1, hereafter referred to as Mann.

          As to claim 16, the combination of Van Hoof and Garces-Erice teaches the method of claim 15. THE COMBINATION OF VAN HOOF AND GARCES-ERICE DOES NOT TEACH
wherein selecting further includes providing the customized security settings as increased access from what is available during a safe boot of the OS HOWEVER MANN TEACHES wherein selecting further includes providing the customized security settings as increased access from what is available during a safe boot of the OS - Mann [column 17, lines 7-9] the networked client is automatically provided with additional configuration data while in a post-boot state. Here, the claimed ‘increased access’ is taught by Mann as ‘additional configuration data’ because post boot phase of the process already renders the device totally operable while the additional data brings the device up to the automatic configuration taught by Mann). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention for Van Hoof to consider Mann to provide a plurality of BIOS options. While Mann and Garces-Erice teach customizing security settings for boot operations neither, singularly or in combination, present the user the plurality of boot options provided by Mann. Van Hoof would be motivated to consider Mann to enhance his .

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Van Hoof and Garces-Erice, in view of Mann, and in further view of Hamid; Laurence et al, US 20160148597 A1, May 26, 2016, May 26, 2016, hereafter referred to as Hamid.

        As to claim 19, the combination of Van Hoof and Gares-Erice teaches the system of claim 18, wherein the portable device is a Universal Serial Bus (USB) device - Van Hoof [column 8, lines 66-67] …Both of the USB drives are plugged into any computer 14. THE COMBINATION OF VAN HOOF AND GARES-ERICE DO NOT TEACH and wherein the device is one of: a Self-Service Terminal (SST), an Automated Teller Machine (ATM), a kiosk, and a Point-of-Sale (POS) terminal, HOWEVER HAMID TEACHES and wherein the device is one of: a Self-Service Terminal (SST), an Automated Teller Machine (ATM), a kiosk, and a Point-of-Sale (POS) terminal – Hamid [0140] the primary configuration has been a user's PED in conjunction with a computer system. However, it would be evident that the computer system may be generalized to a FED or another PED, e.g. an ATM. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to consider Hamid’s flexible configuration whereby a USB offers access security and protection by customizing a system based on settings inserted into that system. The combination of Van Hoof and Gares-Erice does not contemplate the computer being transactional, however Hamid provides for this feature and configuration.  Van Hoof would be 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637. The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571 -272-3900.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/WILLIAM B JONES/
Examiner, Art Unit 2491 11/6/20203/5/2021
/ASHOKKUMAR B PATEL/            Supervisory Patent Examiner, Art Unit 2491