DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-25 are pending.

Claim Objections
Claims 24, 25 are objected to because of the following informalities:  
Each of claims 24 and 25 depend from claim 21, claiming “The storage drive of claim 1”; however, claims 24 and 25 claim “The computer-program product of claim 21”.  The claims must be amended to recite “The storage drive of claim 1”, or alternatively amended to depend from a corresponding computer-program product claim.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 7, 11-12, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran et al (PGPUB 2015/0381610), and further in view of Sand-Soll (PGPUB 2016/0055340).

Regarding Claim 1:
	Poornachandran teaches a storage drive (abstract, portable device including encrypted storage divided into plurality of discrete units) comprising:
	a non-volatile memory (NVM) (paragraph 73-77, portable secured device including non-volatile encrypted storage); and
	a controller executing computer code configured to (paragraph 73-74, portable secured device including processor connected to memory storing executable instructions):
	determine a location of the storage drive (paragraph 19, portable device provided with short-range transceiver for determining location upon entering an area; identity and location provided to policy server);
	place the storage drive into a secure mode responsive to a determination that the location of the storage drive is in a permitted area (paragraph 24-25, storage device divided into plurality of partitions with separate location-based security policies, providing particular utility in full disk encryption schemes; paragraph 26, specific partitions contain different classes of data which can be individually encrypted and/or decrypted according to device-enforceable policy; paragraph 27, as user moves between areas of facility, device selectively applies time-and-place-driven security policies to the different partitions, and determines whether certain partitions should be encrypted or decrypted by default, so that access to certain data is denied in appropriate context (i.e. locations), and granted in appropriate contexts (i.e. locations)), the secure mode requiring a first level of security interaction to permit a data transfer between the NVM and a client device (paragraph 45, 48, Fig. 1B, 2B, security policies applicable to facility zones (e.g. zone 1 and zone 2) include allowing unlocked access to certain partitions, e.g. non-sensitive applications, but requires manual override to access other partitions (e.g. non-sensitive data in zone 1, and personal data/applications in zone 2), while access to certain partitions is denied regardless of manual override (e.g. classified data); paragraph 45, manual override requires a user to provide a token (e.g. password, key, or two-factor authentication) in order to obtain access to storage partition).
	Poornachandran does not explicitly teach the controller configured to: retain the storage device in the secure mode responsive to a determination that the location of the storage device has transitioned to a non-permitted area.
	However, Sand-Soll teaches the concept of a controller configured to: retain a storage device in a secure mode responsive to a determination that a location of the storage device has transitioned to a non-permitted area (abstract, method for providing data security for a device having a data storage drive; a predetermined geographical area within which access to data storage drive is permitted may be identified; when identified geographical location of computing device is within identified geographical area, access to portion (or all) of data storage drive may be allowed; paragraph 110-114, location where access to data storage drive is identified, and current geographical location is identified; determination is made whether device is outside permitted access location; if not, access is allowed, and location is periodically monitored; if device is determined to have transitioned outside of permitted geographical area, a determination is made whether a threshold has been met or exceeded, e.g. a threshold number of times device has been determined to be outside of predetermined geographical area or amount of time device has been determined to be outside of predetermined geographical area; therefore, device is retained in an “access permitted” (i.e. “secure mode”) for a certain amount of time/number of determination checks once the device has transitioned to a non-permitted area (i.e. outside of permitted area)).


Regarding Claim 2:
Poornachandran in view of Sand-Soll teaches the storage drive of claim 1.  In addition, Poornachandran teaches wherein the controller executing the computer code is further configured to unlock at least a portion of storage on the storage drive responsive to the storage drive being in the secure mode (paragraph 45, 48, Fig. 1B, 2B, security policies applicable to facility zones (e.g. zone 1 and zone 2) include allowing unlocked access to certain partitions, e.g. non-sensitive applications, but requires manual override to access other partitions (e.g. non-sensitive data in zone 1, and personal data/applications in zone 2), while access to certain partitions is denied regardless of manual override (e.g. classified data); paragraph 45, manual override requires a user to provide a token (e.g. password, key, or two-factor authentication) in order to obtain access to storage partition).

Regarding Claim 7:
Poornachandran in view of Sand-Soll teaches the storage drive of claim 2.  In addition, Poornachandran teaches wherein the controller executing computer code is further configured to lock (paragraph 111, when portable secured device leaves particular zone, security agent encrypts relevant partitions, making them unavailable, thereby “locking” said partitions).

Regarding Claims 11-12, 17:
	These are method claims corresponding to the storage drive of claims 1-2, 7 respectively, and are therefore rejected for corresponding reasons.

Claims 3-6, 13-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran in view of Sand-Soll, and further in view of Robinson et al (PGPUB 2016/0337863).

Regarding Claim 3:
Poornachandran in view of Sand-Soll teaches the storage drive of claim 2.  
Neither Poornachandran nor Sand-Soll explicitly teaches wherein the controller executing computer code is further configured to unlock at least the portion of storage on the storage drive responsive to the storage drive location being within a detectable proximity of a pre-authorized device.
However, Robinson teaches the concept wherein a controller executing computer code is configured to unlock at least a portion of storage on a storage drive responsive to the storage drive location being within a detectable proximity of a pre-authorized device (abstract, performing device security corrective action based on loss of proximity to another device, such as key device; paragraph 64-69, behavior modification module controls access to certain types of data stored on target device, e.g. allowing access to encrypted container only when certain conditions are satisfied; conditions include presence or absence of key device, and/or geo-location of target device is or is not near specified landmark; behavior modification module disables lockout features if key device is detected and target device is located in particular location, e.g. home or work office; paragraph 50, target device detects presence of key device using Near Field Communication (NFC) technology).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the detectable proximity of pre-authorized device teachings of Robinson with the location-based storage access teachings of Poornachandran in view of Sand-Soll, in order to improve the security environment by requiring multiple forms of verification prior to allowing access to sensitive data, thereby increasing the accuracy of the authentication determination and preventing malicious actors who may have stolen or guessed one form of authentication from being able to access the device without one or more additional factors which are more difficult to obtain or spoof, such as proximity to a key device.

Regarding Claim 4:
Cambridge in view of Robinson teaches the storage drive of claim 3.  In addition, Robinson teaches wherein the storage drive or the pre-authorized device, or both, comprises a near field communication (NFC) sensor to detect the proximity between the storage drive and the pre-authorized device (paragraph 50, target device detects presence of key device using Near Field Communication (NFC) technology).
The rationale to combine Poornachandran and Robinson is the same as provided for claim 3 due to the overlapping subject matter between claims 3 and 4.

Regarding Claim 5:
Poornachandran in view of Sand-Soll and Robinson teaches the storage drive of claim 3.  In addition, Poornachandran teaches wherein the controller executing computer code is further configured (paragraph 45, manual override requires a user to provide a token (e.g. password, key, or two-factor authentication) in order to obtain access to storage partition).

Regarding Claim 6:
Poornachandran in view of Sand-Soll and Robinson teaches the storage drive of claim 5.  In addition, Robinson teaches wherein at least one factor in the multi-factor authentication includes placing the storage drive within detectable proximity of the pre-authorized device (paragraph 59, 69, behavior modification module allows access to encrypted container when key device is detected and when user is authenticated; detection of key device includes authenticating key device; paragraph 64, user authenticates by providing appropriate authentication information).
The rationale to combine Poornachandran and Robinson is the same as provided for claim 4 due to the overlapping subject matter between claims 4 and 6.

Regarding Claims 13-16:
	These are method claims corresponding to the storage drive of claims 3-6 respectively, and are therefore rejected for corresponding reasons.

Claims 8, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran in view of Sand-Soll, and further in view of Lim et al (PGPUB 2020/0034928).

Regarding Claim 8:
Poornachandran in view of Sand-Soll teaches the storage drive of claim 1. 

However, Lim teaches wherein a controller executing computer code is configured to update an event ledger responsive to detecting a location of the storage drive, wherein the event ledger is stored in a blockchain of a cloud storage system (abstract, smart device comprising blockchain application module to blockchain data obtained by the smart device and transmit blockchained data to blockchain data system; paragraph 29, data obtained and stored by smart device comprises location of smart device; smart device blockchains data obtained by smart device; paragraph 30, blockchain data system configured as distributed ledger that receives and stores data that has been blockchained prior to being sent to blockchain data system (i.e. “cloud storage”) from the smart device); and
Poornachandran teaches wherein the device is a storage drive (paragraph 73-77, portable secured device including non-volatile encrypted storage).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the location tracking blockchain record of Lim with the location-based storage access teachings of Poornachandran in view of Sand-Soll, in order to provide a cryptographically secure means of tracking the location of a security device as it is transported or used, thereby allowing an administrator or security agent to determine the current or last known location of a secure device or identify locations where the device is not supposed to operate, preventing possible theft and allowing recovery or detection of abuse.  Use of blockchain allows such a record to be maintained in a way that makes maliciously tampering with the record extremely difficult to impossible.

Regarding Claim 18:
.

Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran in view of Sand-Soll, and further in view of Gillon et al (PGPUB 2014/0344886).

Regarding Claim 9:
Poornachandran in view of Sand-Soll teaches the storage drive of claim 1.  In addition, Sand-Soll teaches wherein the controller executing computer code is further configured to: 
program a user customized permitted area (paragraph 137, administrator establishes predetermined area or areas by entering boundary coordinates for the areas in which read/write access to the data storage drive will be permitted).
The rationale to combine Poornachandran and Sand-Soll is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 9.
Neither Poornachandran nor Sand-Soll explicitly teaches the hardware controller further configured to:
program the permitted area at a manufacturing site of the storage drive.
However, Gillon teaches the concept of a hardware controller further configured to:
program a permitted area at a manufacturing site of a storage drive (paragraph 16, information handling system that performs security policy enforcement using security policy data maintained in embedded controller; paragraph 44, manufacturer utilizes initial manufacturing interface access to establish for IHS a policy that specifies that system operation is enabled only within location bounds of a customer’s premises).
.

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran in view of Sand-Soll, and further in view of Saxena et al (PGPUB 2012/0159172).

Regarding Claim 10:
Poornachandran in view of Sand-Soll teaches the storage drive of claim 1.
Neither Poornachandran nor Sand-Soll explicitly teaches wherein the controller executing computer code is further configured to validate the determination that the location of the storage drive is in the permitted area by using a public key to verify a received GPS packet.
However, Saxena teaches the concept wherein a controller executing computer code is further configured to validate a determination that a location of a device is in a permitted area by using a public key to verify a received GPS packet (paragraph 18, logic configured to receive GPS location information from GPS sensor via a link; GPS sensor uses private key to encrypt and sign GPS location information before transmission; logic uses public key to authenticate and decrypt location information received over link to verify that true source of location information is GPS sensor; paragraph 22, location information used to authenticate user for access to trust-aware applications, i.e. user must be in permitted area to be authenticated); and
(paragraph 73-77, portable secured device including non-volatile encrypted storage).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the validated GPS location teachings of Saxena with the location-based storage access teachings of Poornachandran in view of Sand-Soll, in order to allow a location-dependent security system to validate received location data using well-known and understood cryptographic methods (e.g. asymmetric cryptographic signatures) in order to prevent malicious interception/spoofing of GPS location data which would allow an unauthorized agent to obtain access to a secure device.

Claims 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran, and further in view of Bates et al (PGPUB 2002/0125886).

Regarding Claim 19:
Poornachandran teaches a computer-program product to improve a storage system, the computer-program product comprising a non-transitory computer-readable medium storing instructions thereon, the instructions being executable by one or more processors to perform the steps of (abstract, portable device including encrypted storage divided into plurality of discrete units; paragraph 73-74, portable secured device including processor connected to memory storing executable instructions):
determining a location of a storage drive (paragraph 19, portable device provided with short-range transceiver for determining location upon entering an area; identity and location provided to policy server);
placing the storage drive in a secured mode responsive to a determination that the storage drive location is a non-overlapping portion of a permitted area (paragraph 24-25, storage device divided into plurality of partitions with separate location-based security policies, providing particular utility in full disk encryption schemes; paragraph 26, specific partitions contain different classes of data which can be individually encrypted and/or decrypted according to device-enforceable policy; paragraph 27, as user moves between areas of facility, device selectively applies time-and-place-driven security policies to the different partitions, and determines whether certain partitions should be encrypted or decrypted by default, so that access to certain data is denied in appropriate context (i.e. locations), and granted in appropriate contexts (i.e. locations)).
Poornachandran does not explicitly teach the storage system having the permitted area overlapping a non-permitted area; 
determining a preestablished precedence between the overlapping portions of the permitted area and the non-permitted area; and
retaining the storage drive in the secure mode responsive to a determination that the location of the storage drive has transitioned to the overlapping portions of the permitted area and the non-permitted area and to a determination that the preestablished precedence is the overlapping portion of the permitted area.
However, Bates teaches a storage system having a permitted area overlapping a non-permitted area (abstract, application/functions within electronic device having GPS can be enabled only when in specified geographic location; paragraph 29, data structure records application/function permissions according to region coordinates, priority of region, and whether function is enabled/disabled; given overlapping regions such as “work” and “school” regions, region having highest priority is the one that determines which applications/functions may be opened in the overlapping region); 
determining a preestablished precedence between the overlapping portions of the permitted area and the non-permitted area (paragraph 29, given overlapping regions such as “work” and “school” regions, region having highest priority is the one that determines which applications/functions may be opened in the overlapping region); and
retaining the device in the secure mode responsive to a determination that the location of the storage drive has transitioned to the overlapping portions of the permitted area and the non-permitted area and to a determination that the preestablished precedence is the overlapping portion of the permitted area (paragraph 30, geographic location of device is determined using GPS, and the data record is retrieved for the highest priority region at the geographic location; if record is found, enablement on/off bit is interrogated to determine when an application function is enabled or disabled in the geographic location associated with current GPS location; enabling functions can be seen as analogous to “secure mode”, i.e. access to features is provided; therefore, if the highest priority overlapping region is set to enable an application/function, the device will be retained in “secure mode”); and
Poornachandran teaches wherein the device is a storage drive (paragraph 73-77, portable secured device including non-volatile encrypted storage).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the overlapping region priority teachings of Bates with the location-based storage access teachings of Poornachandran, in order to have more administrative control over regions where access is allowed or denied, thereby preventing circumstances in which a device is unable to function due to conflicting or contradictory instructions.

Regarding Claim 20:
Poornachandran in view of Bates teaches the computer-program product of claim 19.  In addition, Poornachandran teaches wherein the instructions executed by the one or more processors cause the one or more processors to perform the steps of unlocking at least a portion of storage on the (paragraph 45, 48, Fig. 1B, 2B, security policies applicable to facility zones (e.g. zone 1 and zone 2) include allowing unlocked access to certain partitions, e.g. non-sensitive applications, but requires manual override to access other partitions (e.g. non-sensitive data in zone 1, and personal data/applications in zone 2), while access to certain partitions is denied regardless of manual override (e.g. classified data); paragraph 45, manual override requires a user to provide a token (e.g. password, key, or two-factor authentication) in order to obtain access to storage partition).

Claims 21-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Poornachandran in view of Sand-Soll, and further in view of Bates.

Regarding Claim 21:
	Poornachandran in view of Sand-Soll teaches the storage drive of claim 1.
Neither Poornachandran nor Sand-Soll explicitly teaches wherein a portion of the permitted area overlaps a portion of the non-permitted area, and where the controller executing the computer code is configured to retain the storage device in the secure mode responsive to the determination that the location of the storage device has transitioned to the overlapping areas.
However, Bates teaches the concept wherein a portion of a permitted area overlaps a portion of a non-permitted area, and where a controller executing computer code is configured to retain a device in a secure mode responsive to a determination that a location of the device has transitioned to the overlapping areas (abstract, application/functions within electronic device having GPS can be enabled only when in specified geographic location; paragraph 29, data structure records application/function permissions according to region coordinates, priority of region, and whether function is enabled/disabled; given overlapping regions such as “work” and “school” regions, region having highest priority is the one that determines which applications/functions may be opened in the overlapping region; paragraph 30, geographic location of device is determined using GPS, and the data record is retrieved for the highest priority region at the geographic location; if record is found, enablement on/off bit is interrogated to determine when an application function is enabled or disabled in the geographic location associated with current GPS location; enabling functions can be seen as analogous to “secure mode”, i.e. access to features is provided); and
Poornachandran teaches wherein the device is a storage drive (paragraph 73-77, portable secured device including non-volatile encrypted storage).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the overlapping region priority teachings of Bates with the location-based storage access teachings of Poornachandran in view of Sand-Soll, in order to have more administrative control over regions where access is allowed or denied, thereby preventing circumstances in which a device is unable to function due to conflicting or contradictory instructions.

Regarding Claim 22:
Poornachandran in view of Sand-Soll and Bates teaches the storage drive of claim 21.  In addition, Poornachandran teaches wherein the controller executing computer code is further configured to switch the storage drive to an unsecured mode responsive to a determination that the location of the storage drive has transitioned out of the permitted area (paragraph 111, when portable secured device leaves particular zone, security agent encrypts relevant partitions, making them unavailable, thereby “locking” said partitions).

Regarding Claim 23:
(paragraph 30, the geographic location of the electronic processing device is determined, preferably by using the GPS signals received using GPS processing electronics installed in the device; given a specific location the process continues and retrieves the data record for the highest priority regions associated with the applications/functions enabled at this geographic location; if a data record is found, the enablement on/off bit is interrogated to determine when an application/function is automatically enabled or disabled in the geographic location associated with the current GPS location; if an enablement on/off bit is on, then the function is opened and is able to perform normal operations; if the default is that the application/function is normally closed, i.e., the bit is set to "off" then control exits without performing the function; therefore, if the device transitions from high priority permitted area to non-overlapping non-permitted area, the device will disable application/function, i.e. be placed in “unsecured mode”); and
Poornachandran teaches wherein the device is a storage drive (paragraph 73-77, portable secured device including non-volatile encrypted storage).
The rationale to combine Poornachandran and Bates is the same as provided for claim 21 due to the overlapping subject matter between claims 21 and 23.

Regarding Claim 24:
	Poornachandran in view of Sand-Soll and Bates teaches the computer-program product of claim 21.  In addition, Bates teaches wherein an edge of the permitted area crosses over an edge of the non-(paragraph 29, given overlapping regions, the region having the highest priority is the one that determines which applications/functions may be opened in that geographic region).
The rationale to combine Poornachandran and Bates is the same as provided for claim 21 due to the overlapping subject matter between claims 21 and 24.

Regarding Claim 25:
	Poornachandran in view of Sand-Soll and Bates teaches the computer-program product of claim 21.  In addition, Bates teaches wherein one of the permitted area and the non-permitted area is embedded in the other of the permitted area and the non-permitted area (paragraph 29, given overlapping regions, the region having the highest priority is the one that determines which applications/functions may be opened in that geographic region).
The rationale to combine Poornachandran and Bates is the same as provided for claim 21 due to the overlapping subject matter between claims 21 and 24.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 11, and 19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Regarding the rejection of claims under 35 USC 112:
	Applicant’s amendments have overcome the 35 USC 112 rejection.  Therefore, this rejection is withdrawn.

Regarding the rejection of claims under 35 USC 102/103:
	With regard to claims 1 and 11, Applicant’s arguments regarding Cambridge are moot, as Cambridge is no longer part of the new ground(s) for rejection of claims 1 and 11, provided above.
	With regard to claim 19, Applicant’s arguments regarding Cambridge and Saxena are moot, as neither Cambridge nor Saxena are part of the new ground(s) for rejection of claim 19, provided above.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, in view of the new ground(s) for rejection provided above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814.  The examiner can normally be reached on 9:00AM-5:30PM M-F.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491