DETAILED ACTION
This Office Action is in response to the communication filed on 01/15/2021. 
The objections to claims 1-6, 8-9, 11, 13-16, and 18-20 have been withdrawn in view of amendments of the claims. 
The rejections of claims 1-20 under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite have been withdrawn in view of amendments of the claims. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/15/2021 has been entered.
Examiner's Amendment
An Examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner's amendment was given in a discussion with Jason Graff (Reg. No. 54,134) on 03/25/2021.
The application has been amended as follows:
1. (Currently Amended) An apparatus, comprising:
a classification module that:
assigns a respective first security level of a plurality of security levels to each application of a plurality of applications of a mobile personal computing device based on a type of application for the each application of the plurality of applications, and
assigns a respective second security level of the plurality of security levels to each storage partition of a plurality of storage partitions of a storage device of the mobile personal computing device; 
a security module that provides or denies the each application of the plurality of applications access to the each storage partition of the plurality of storage partitions to access data stored on the each storage partition of the respective first security level assigned to the each application of the plurality of applications and the respective second security level assigned to the each storage partition of the plurality of storage partitions; and
an encryption module that changes [[an]] a respective encryption key for the each storage partition of the plurality of storage partitions in response to the security module determining that the nexus of the match between the respective first security level of the plurality of security levels assigned to the each application of the plurality of applications and the respective second security level of the plurality of security levels assigned to the each storage partition of the plurality of storage partitions is not established [[to]], and prevents an  security module provides toa particular application of the plurality of applications, access to a particular storage partition of the plurality of storage partitions that includes the respective second security level of the plurality of security levels assigned that is less than or equal to the respective first security level of the plurality of security levels assigned to particular application of the plurality of applications, and denies to the particular application of the plurality of applications, access to another particular storage partition of the plurality of storage partitions that includes the respective second security level assigned that is greater than the respective first security level assigned to theparticular application of the plurality of applications, and wherein at least a portion of each of said classification module, said security module, and said encryption module comprises one or more of a set of hardware circuits[[,]] and a set of programmable hardware devices
2. (Currently Amended) The apparatus of claim 1, wherein: the classification module is configured to one of: automatically assign the respective first security level of the plurality of security levels to the each application of the plurality of the applications, and assign the respective first security level of the plurality of security levels to the each application of the plurality of applications based on user input.
3. (Currently Amended) The apparatus of claim 1, further comprising: a machine-learning module that determines a respective data type for each portion of a set of data stored on the storage device using a machine-learning technique, a corresponding second security level of the plurality of security levels to the each portion of the set of data stored on the storage device based on the respective data type determined for the each portion of the set of data, the each portion of the set of data is stored on a storage partition of the plurality of storage partitions including the respective second security level of the plurality of security levels corresponding to the corresponding second security level of the plurality of security levels assigned to the each portion of the set of data, and at least a portion of said machine-learning module comprises the one or more of the set of hardware circuits[[,]] and the set of programmable hardware devices
4. (Currently Amended) The apparatus of claim 1, further comprising: an input/output (I/O) module that receives incoming data; and a machine-learning module that determines a data type for the incoming data using a machine-learning technique, wherein: a corresponding second security level of the plurality of security levels to the respective second security level of the plurality of security levels corresponding to the corresponding second security level of the plurality of security levels assigned to the incoming data, and at least a portion of each of said I/O module and said machine-learning module comprises the one or more of the set of hardware circuits[[,]] and the set of programmable hardware devices
5. (Currently Amended) The apparatus of claim 1, wherein: a first portion of [[the]]a set of data stored on a first storage partition of the storage device is encrypted using an Advanced Encryption Standard 256-bit (AES-256) encryption technique; a second portion of [[the]]a set of data stored on a second storage partition of the storage device is encrypted using an AES-192 encryption technique; a third portion of [[the]]a set of data stored on a third storage partition of the storage device is encrypted using an AES-128 encryption technique; and a fourth portion of [[the]]a set of data stored on a fourth storage partition of the storage device is stored unencrypted.
respective security level respective data type for each portion; and the each portion of the set of data is stored on a particular storage partition corresponding to the respective security level assigned
7. (Currently Amended) The apparatus of claim 1, wherein: the security module is configured to: receive, from a requesting application of the plurality of applications, an input/output (I/O) request to one of read data from or write data to a certain storage partition of the plurality of storage partitions, determine, in response to receiving the I/O request, whether the requesting application and the certain storage partition of the plurality of storage partitions include [[the]]a nexus of the respective first security level of the plurality of security levels assigned to the requesting application of the plurality of applications and the respective second security level of the plurality of security levels assigned to the certain storage partition of the plurality of storage partitions, and perform data access operations
8. (Currently Amended) The apparatus of claim 7, wherein: in performing the data access operations, the security module is configured to perform I/O certain storage partition in response to determining that the requesting application and the certain storage partition include the nexus of the respective first security level assigned to the requesting application and the respective second security level assigned to the certain storage partition.
9. (Currently Amended) The apparatus of claim 8, wherein: the security module is configured to: perform read operations to read [[the]] data from the certain storage partition in response to the I/O request including a read request in performing the I/O operations, perform write operations to write [[the]] data to the certain storage partition in response to the I/O request including a write request in performing the I/O operations, and perform the read operations or the write operations without allowing the requesting application to access the certain storage partition. 
10. (Currently Amended) The apparatus of claim 7, wherein: the security module, in performing the data access operations, is configured to terminate the I/O request in response to determining that the requesting application and the certain storage partition do not include the nexus of the respective first security level assigned to the requesting application and the respective second security level assigned to the certain storage partition.

assigning, by a processor, a respective first security level of a plurality of security levels to each application of a plurality of applications of a mobile personal computing device based on a type of application for the each application of the plurality of applications; 
assigning, by the processor, a respective second security level of the plurality of security levels to each storage partition of a plurality of storage partitions of a storage device of the mobile personal computing device;
providing or denying the each application of the plurality of applications access to the each storage partition of the plurality of storage partitions to access data stored on the each storage partition of the plurality of storage partitions based on a nexus of a match between the respective first security level assigned to the each application of the plurality of applications and the respective second security level assigned to the each storage partition of the plurality of storage partitions; [[and]] 
changing [[an]] a respective encryption key for the each storage partition of the plurality of storage partitions in response torespective first security level of the plurality of security levels assigned to the each application of the plurality of respective second security level of the plurality of security levels assigned to the each storage partition of the plurality of storage partitions is not established [[to]], and preventing an ;
providing, toa particular application of the plurality of applications, access to a particular storage partition of the plurality of storage partitions that includes the respective second security level of the plurality of security levels assigned that is less than or equal to the respective first security level of the plurality of security levels assigned to theparticular application of the plurality of applications[[,]]; and  
denying, to the particular application of the plurality of applications, access to another particular storage partition of the plurality of storage partitions that includes the respective second security level assigned that is greater than the respective first security level assigned to theparticular application of the plurality of applications.
12. (Currently Amended) The method of claim 11, further comprising:
certain storage partition of the plurality of storage partitions;
determining, in response to receiving the I/O request, whether the requesting application of the plurality of applications and the certain storage partition of the plurality of storage partitions include [[the]]a nexus ofrespective first security level of the plurality of security levels assigned to the requesting application of the plurality of applications and the respective second security level of the plurality of security levels assigned to certain the storage partition of the plurality of storage partitions; and  
performing data access operations
13. (Currently Amended) The method of claim 12, wherein:
performing the data access operations comprises performing I/O operations corresponding to reading [[the]] data from or writing [[the]] data to the certain storage  partition of the plurality of storage partitions in response to determining that the requesting application of the plurality of applications and the certain storage partition of the plurality of storage partitions include the nexus ofrespective first security level of the plurality of security levels assigned to the requesting application of the plurality of respective second security level of the plurality of security levels assigned to the certain storage partition of the plurality of storage partitions; and
terminating the I/O request in response to determining that the requesting application of the plurality of applications and the certain storage partition of the plurality of storage partitions do not include the nexus ofrespective first security level of the plurality of security levels assigned to the requesting application of the plurality of applications and the respective second security level of the plurality of security levels assigned to the certain storage partition of the plurality of storage partitions, wherein the I/O operations are performed without allowing the requesting application of the plurality of applications to access the certain storage partition of the plurality of storage partitions. 
14. (Currently Amended) The method of claim 11, further comprising:
determining a respective data type for each portion of a set of data stored on the storage device using a machine-learning technique; and 
assigning [[the]] a corresponding second security level of the plurality of security levels to the each portion of the set of data stored on the storage device based on the respective data type determined for the each portion of the set of respective second security level of the plurality of security levels corresponding to the corresponding second security level of the plurality of security levels assigned to the each portion of the set of data. 
15. (Currently Amended) The method of claim 11, further comprising:
receiving incoming data;
determining a data type for the incoming data using a machine-learning technique;
assigning [[the]] a corresponding second security level of the plurality of security levels to the incoming data based on the data type determined for the incoming data; and
storing the incoming data on a storage partition of the plurality of storage partitions including the respective second security level of the plurality of security levels corresponding to the corresponding second security level of the plurality of security levels assigned to the incoming data.
16. (Currently Amended) A computer program product comprising a non-transitory computer-readable storage medium including program instructions 
assign a respective first security level of a plurality of security levels to each application of a plurality of applications of a mobile personal computing device based on a type of application for the each application of the plurality of applications;
assign a respective second security level of the plurality of security levels to each storage partition of a plurality of storage partitions of a storage device of the mobile personal computing device;
provide or deny the each application of the plurality of applications access to the each storage partition of the plurality of storage partitions to access data stored on the each storage partition of the plurality of storage partitions based on a nexus of a match between the respective first security level assigned to the each application of the plurality of applications and the respective second security level assigned to the each storage partition of the plurality of storage partitions; [[and]]
change [[an]] a respective encryption key for the each storage partition of the plurality of storage partitions in response torespective first security level of the plurality of security levels assigned to the each application of the plurality of respective second security level of the plurality of security levels assigned to the each storage partition of the plurality of storage partitions is not established [[to]], and prevent an ;
provide toa particular application of the plurality of applications, access to a particular storage partition of the plurality of storage partitions that includes the respective second security level of the plurality of security levels assigned that is less than or equal to the respective first security level of the plurality of security levels assigned to theparticular application of the plurality of applications[,]; and
deny to the particular application of the plurality of applications, access to another particular storage partition of the plurality of storage partitions that includes the respective second security level assigned that is greater than the respective first security level assigned to theparticular application of the plurality of applications.
17. (Currently Amended) The computer program product of claim 16, wherein the program instructions further cause the processor to:
certain storage partition of the plurality of storage partitions;
determine, in response to receiving the I/O request, whether the requesting application of the plurality of applications and the certain storage partition of the plurality of storage partitions include [[the]]a nexus ofrespective first security level of the plurality of security levels assigned to the requesting application of the plurality of applications and the respective second security level of the plurality of security levels assigned to the certain storage partition of the plurality of storage partitions; and
perform data access operations
18. (Currently Amended) The computer program product of claim 17, wherein:
performing the data access operations comprises performing I/O operations corresponding to reading [[the]] data from or writing [[the]] data to the certain storage partition of the plurality of storage partitions in response to determining that the requesting application of the plurality of applications and the certain storage partition of the plurality of storage partitions include the nexus ofrespective first security level of the plurality of respective second security level of the plurality of security levels assigned to the certain storage partition of the plurality of storage partitions; and
terminating the I/O request in response to determining that the requesting application of the plurality of applications and the certain storage partition of the plurality of storage partitions do not include the nexus ofrespective first security level of the plurality of security levels assigned to the requesting application of the plurality of applications and the respective second security level of the plurality of security levels assigned to the certain storage partition of the plurality of storage partitions, wherein the I/O operations are performed without allowing the requesting application of the plurality of applications to access the certain storage partition of the plurality of storage partitions.
19. (Currently Amended) The computer program product of claim 16, wherein the program instructions further cause the processor to:
determine a respective data type for each portion of a set of data stored on the storage device using a machine-learning technique; and
a corresponding second security level of the plurality of security levels to the each portion of the set of data stored on the storage device based on the respective data type determined for the each portion of the set of data, wherein the each portion of the set of data is stored on a storage partition of the plurality of storage partitions including the respective second security level of the plurality of security levels corresponding to the corresponding second security level of the plurality of security levels assigned to the each portion of the set of data.
20. (Currently Amended) The computer program product of claim 16, wherein the program instructions further cause the processor to:
receive incoming data;
determine a data type for the incoming data using a machine-learning technique;
assign [[the]] a corresponding second security level of the plurality of security levels to the incoming data based on the data type determined for the incoming data; and
store the incoming data on a storage partition of the plurality of storage partitions including the respective second security level of the plurality of security corresponding second security level of the plurality of security levels assigned to the incoming data.
Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner's statement of reasons for allowance:
Regarding independent claim 1: None of the prior art of record discloses, individually or in a reasonable combination, the following combination of limitations as recited in claim 1: "an encryption module that changes a respective encryption key for the each storage partition of the plurality of storage partitions in response to the security module determining that the nexus of the match between the respective first security level of the plurality of security levels assigned to the each application of the plurality of applications and the respective second security level of the plurality of security levels assigned to the each storage partition of the plurality of storage partitions is not established, and prevents an entity from using a backdoor access of the each application of the plurality of applications to gain unauthorized access to the data stored on the each storage partition of the plurality of storage partitions via malware" in combination with other limitations as a whole and in the context recited in claim 1.

Regarding independent claim 16: None of the prior art of record discloses, individually or in a reasonable combination, the following combination of limitations as recited in claim 16: "change a respective encryption key for the each storage partition of the plurality of storage partitions in response to determining that the nexus of the match between the respective first security level of the plurality of security levels assigned to the each application of the plurality of 
Regarding dependent claims: Dependent claims are allowed as they depend from allowable independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIE C LIN whose telephone number is (571)272-7752.  The examiner can normally be reached on M-F 9:00AM -5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436