DETAILED ACTION
Claims 1-20 are pending in this action.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 01/09/2019 are accepted.  
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 01/09/2019 and 07/20/2020 have been considered.  The submissions are in compliance with the provisions of 37 CFR 1.97 and 37 CFR 1.290.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 01/09/2019, and an initialed and data copy of the Third Party’s IDS form filed 07/20/2020 is attached to the instant Office action. 
Claim Objections
Claims 12, 19, 20 is objected to because of the following informalities:
Claims 12, 19, and 20 recites the limitation “the USB device form the remote host device” (claim 12, ln. 12; claim 19, ln. 11; claim 20, ln. 5).  Examiner suggests replacing “form” with “from” to clarify the limitation.  
Claim Rejections - 35 USC § 112  
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 10 and 20 
Claims 10 recites the limitation “the security cable” (claim 10, ln. 2).  There is insufficient antecedent basis for this limitation in the claim.  Examiner suggests replacing “the security cable” with “the data cable”.
Claims 10 recites the limitation “the security buffer” (claim 20, ln. 4).  There is insufficient antecedent basis for this limitation in the claim.  Examiner suggests replacing “the security buffer” with “the memory buffer”.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-2, and 9 are rejected under 35 U.S.C. 102(a)(1) as being as being unpatentable over Gourley (US Pub. 2015/0058991) (hereinafter “Gourley”).  

As per claim 1, Gourley teaches a security device comprising: an output connector; ([Gourley, Para. 0030] the communications interface of the monitoring device [security device] includes USB receptacles [output connectors])
a data cable with a first end and a second end ([Gourley, Para. 0030] the communications interface includes an USB cable]), wherein the first end of the data cable is configured to connect to the output connector ([para. 0021] in one embodiment, monitoring device 108 may be a USB hub device that monitors and filters USB traffic.  [Para. 0030; Fig. 2A] The monitoring device includes another USB receptacle [the first end of the data cable connected] for transmitting safe traffic [an output connector] to an end user system and the second end of the data cable is configured to connect to a remote host device and [Para. 0035] the USB hub is coupled to a USB port of the end user system over a USB Bus [configured to connect to a remote host device]) wherein the remote host device and the security device are physically separated by the data cable; [Para. 0035; Para. 0030] the USB hub [the security device] physically interfaces with the end-user system [the remote security device] by means of a port arrangement that includes a USB receptacle and wires [physically separated by a USB cable].
an input connector for receiving digital data from a peripheral device ([Gourley, para. 0021] in one embodiment, monitoring device 108 may be a USB hub device that monitors and filters USB traffic.  [Para. 0030; Fig. 2A] The monitoring device includes a USB receptacle [an input connector] for receiving digital data from a USB Media Drive [a peripheral device].  [Para. 0036] the USB hub [the security device] is coupled to a USB port of the peripheral device over a USB Bus)
a memory buffer to store the digital data in the memory buffer that was received from a peripheral device connected to the input connector; and ([Gourley, para. 0018] the monitoring device is a USB hub that is external with respect to end-user system, and coupled to end-user system and arranged to receive traffic from a USB device [data received from a peripheral device connected to the input connector].  [Para. 0054] traffic [data] received is stored in memory [a memory buffer to store the digital data in the memory buffer])
a malware detection logic ([Gourley, para. 0031] logic associated with a USB functionality module, a data monitoring module, and an unsafe traffic filtering module may be executed by processing arrangement [a malware detection logic]) to search the digital data stored in the memory buffer ([Para. 0020] known signatures of unsafe content, e.g., known signatures of viruses and/or malware. The signatures may be stored on monitoring device and compared with traffic [the digital data] obtained and stored in the monitoring module) for malware residing in the digital data, ([Para. 0033] the data monitoring module processes traffic obtained off of a USB bus and determine whether the traffic is safe or unsafe.  The module compares the signatures with signatures associated with the obtained traffic) wherein the malware detection logic is configured to remove digital data in the memory buffer that is associated with malware residing in the digital data ([Para. 0034] identified unsafe traffic [data that is associated with malware residing in the digital data] is filtered [removed from memory] to be prevented from forwarding to the end user system)

As per claim 2, Gourley teaches claim 1.   
Gourley also teaches a comparison logic ([Gourley, Fig. 4] flowchart of comparison logic) configured to compare the digital data stored in the memory buffer with known malware data ([para. 0033] signatures relating to known unsafe data [know malware data] is compared with signatures associated with obtained traffic [digital data sorted in the memory buffer]) wherein the malware detection logic detects malware based, at least in part, on comparisons performed by the comparison logic. ([Para. 0039] a determination is made as to whether the signature associated with the traffic indicates that the traffic is safe)  

As per claim 9, Gourley teaches claim 1.  
Gourley also teaches a housing, ([Gourley, Para. 0030] the USB hub device) wherein the malware detection logic ([Para. 0031] the USB hub device also includes a processing arrangement that executes logic associated with data monitoring [detection logic]) and the memory buffer ([Para. 0054] data obtained by the USB hub device is stored in memory of the device) are contained within the housing, and the data cable ([Para. 0030] the I/O of the USB hub devices includes wires) is adapted to pass from the housing to the remote host device. ([Para. 0030] the I/O of the USB hub is configured to be physically interfaced with an end user device [the remote host device])

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley as applied to claim 2 above and further in view of Richard et al. (US Pub. 2013/0145471) (hereinafter “Richard”).   

As per claim 3, Gourley teaches claim 2.   
Gourley does not teach wherein the comparison logic is configured to compare at least one of the group consisting of: hexadecimal data and byte size data.
However, Richard teaches wherein the comparison logic is configured to compare at least one of the group consisting of: hexadecimal data and byte size data.  ([Richard, para. 0025] the analysis module may generate one or more scores for a file sent or received by the user by comparing portions of the file [such as text strings, byte sequences or hexadecimal strings] to patterns taken from files known to be malware) 
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Richard to include wherein the comparison logic is configured to compare at least one of the group consisting of: hexadecimal data and byte size data.  One of ordinary skill in the art would have been motivated to make such portions of data in the file can be used to compare with portions that are associated malware to determine if there is actually malware present in the file.  (Richard, para. 0025)
 
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley as applied to claim 1 above and further in view of Bennet et al. (US Pub. 2009/0287653) (hereinafter “Bennet”).   

As per claim 4, Gourley teaches claim 1.  
Gourley does not teach a cryptographic logic configured to decrypt the digital data stored in the memory buffer before the digital data is searched for malware.
However, Bennet teaches a cryptographic logic configured to decrypt the digital data stored in the memory buffer before the digital data is searched for malware ([Bennet, para. 0021] if any data packets arrive in encrypted state, the search server [cryptographic logic] proceeds with decryption of the packet to commence the malware detection)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Bennet to include a cryptographic logic configured to decrypt the digital data stored in the memory buffer before the digital data is searched for malware.  One of ordinary skill in the art would have been motivated to make this modification because detection is more difficult if performed on encrypted data, and decryption of encrypted data prior to detection will be more effective.  (Bennet, para. 0021)

Claims 5 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Gourley as applied to claim 1 above, and further in view of Tian (US Pub. 2020/0073959) (hereinafter “Tian”).   

As per claim 5, Gourley teaches claim 1.  

However, Tian teaches wherein the malware detection logic detects malware in the memory buffer based, at least in part, on the hash value.  ([Tian, para. 0016] the hash comparator compares the hash values stored with hash values that correspond to hash values associated with malware, and if they are similar, the malware determines the files contain malware)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Tian to include wherein the malware detection logic detects malware in the memory buffer based, at least in part, on the hash value.  One of ordinary skill in the art would have been motivated to make this modification because use of hash from data allow analysis of different types of file features that have a greater clustering significance, and can be easily tuned, as needed, to reduce the number of false positives generated using the algorithms.  (Tian, para. 0011)

As per claim 11, Gourley teaches claim 1.  
Gourley does not teach a malware matching threshold percentage, wherein when more than the malware matching threshold percentage of device data matches a known malware signature within a defined range of memory addresses of the memory buffer, the malware detection logic determines that malware is detected.
However, Tian teaches a malware matching threshold percentage, ([Tian, para. 0017) the hash comparator calculates an amount of similarity between A and B (a percentage) determining a value for “P/(P+Q+R)” where “P” is equal to a total number of bit positions set to “1” that are shared by both A and B, where “Q” is equal to a total number of bit positions set to “1” for A, but not B, and where “R” is equal to a total number of bit positions set to “1” for B, but not A) wherein when more than the ([Tian, para. 0017) If the results of “P/(P+Q+R)” satisfy a similarity threshold [e.g., “P/(P+Q+R)”>0.8] [a threshold, and when more than the malware matching threshold percentage of the device data matches], then the file corresponding to A and the file corresponding to B are assigned to a same cluster.  [Para. 0012] the files belonging to a same type, class and/or cluster are determined by the malware detector to be either malignant [e.g., containing malware] or benign [not containing malware]) a known malware signature (comparing with a known malware signature is taught by Gourley above – see Gourley, para. 0017 a standalone appliance may compare traffic against signatures of known viruses, malware, and/or malicious software, and determine whether the traffic is malicious, or includes malicious content.  [Tian, Para. 0016] the malware detector can use any of a variety of techniques [including the methods in Gourley] to determine whether the clusters of files contain or are otherwise associated with malware) within a defined range of memory addresses of the memory buffer, the malware detection logic determines that malware is detected.  ([Tian, para. 0038] the example processes of malware detection logic may be implemented using a random-access memory in which information is stored for any duration [within a defined range of memory addresses of the memory buffer])
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Tian to include a malware matching threshold percentage, wherein when more than the malware matching threshold percentage of device data matches a known malware signature within a defined range of memory addresses of the memory buffer, the malware detection logic determines that malware is detected.  One of ordinary skill in the art would have been motivated to make this modification because analysis using a matching similarity threshold are more accurate reliable and scalable than conventional techniques.  (Tian, para. 0011)

Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley as applied to claim 1 above, and further in view of Garg (US Pub. 2008/0301779) (hereinafter “Garg”).   

As per claim 6, Gourley teaches claim 1.  
Gourley does not teach a descriptor table with a list of device descriptors indicating if a device is trusted or non-trusted, wherein the security device is configured to read a descriptor from the peripheral device, and wherein the malware detection logic allows the digital data in the memory buffer to access the remote host device based, at least in part, on the device descriptors in the descriptor table and the descriptor read from the peripheral device.
However Garg teaches a descriptor table ([Garg, para. 0076] a list of trusted devices) with a list of device descriptors indicating if a device is trusted or non-trusted ([Para. 0076] information associated with trusted devices can be placed in a list of trusted devices), wherein the security device is configured to read a descriptor from the peripheral device, and ([Para. 0055] descriptor information, such as IP addresses, MAC addresses, and IPsec information, and the identity described in para. 0076 is read from the requesting/peripheral device by the communication enforcement module [the security device]) wherein the malware detection logic ([Para. 0005] implementations include a computing-based device sending a request to write to a memory of another computing-based device which a user wishes to defend from trespass or dissemination of malware) allows the digital data in the memory buffer to access the remote host device based, at least in part, on the device descriptors in the descriptor table and the descriptor read from the peripheral device. ([Para. 0079] communication is allowed by the trust system between the second device and the protected device [allows the digital data in the memory buffer to access the remove device] if the information associated with the second device correlates to information on the list of trusted devices. For example, correlation can occur if the information associated with the second device includes an identity of the second device which is found on the list of trusted devices [descriptor in the descriptor table]. Similarly, correlation can occur if the information associated with the second device includes indications that the second device has access to one or more secrets found on the list of trusted devices [descriptor read from the peripheral device])
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Garg to include a descriptor table with a list of device descriptors indicating if a device is trusted or non-trusted, wherein the security device is configured to read a descriptor from the peripheral device, and wherein the malware detection logic allows the digital data in the memory buffer to access the remote host device based, at least in part, on the device descriptors in the descriptor table and the descriptor read from the peripheral device. One of ordinary skill in the art would have been motivated to make this modification because such an descriptor/identity table can help the protected device to determine if the peripheral device is safe or dangerous and prevent the dissemination of malware.  (Garg, para. 0005-0006)

Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Gourley as applied to claim 1 above and further in view of Yoffee and further in view of Solid State vs. Electromechanical relays. In Arrow Electronics Power Electronics Tutorials [online]. AspenCore Network, January 4, 2017; [retrieved on April 6, 2021]. Retrieved from the Internet: <URL: https://web.archive.org/web/20170104184427/ https://www.electronics-tutorials.ws/power/solid-state-relay.html> (hereinafter “Aspencore”)

As per claim 7, Gourley teaches claim 1.  
Gourley does not teach an isolation circuit configured to isolate the remote host device from electrical signals, and wherein the isolation circuit configured to isolate the remote host device from electrical signals when a current on the data cable exceeds a current threshold value.  
[when a voltage on the data cable exceeds a voltage threshold value], and wherein the isolation circuit configured to isolate the remote host device from electrical signals [when a current on the data cable exceeds a current threshold value] ([Yoffee, col. 10, ln. 59-61, Fig. 9] Fig. 9 shows an example of an implementation of an isolated circuit which includes a disconnector and a multi-positional switch [Col. 11, ln. 10-11] when D1 is in “mode 2” contact 3, and 4 open and disconnect the data line between DC1 [the host device] and PH1 [the peripheral device].  The multi-positional switch may be implemented in a number of different ways: by electro-mechanical components, by electrical components, by electronic components or a combination of the above.  Implementations by electronic components where the switch is triggered when a voltage on the data cable exceeds a voltage threshold value, and when a current on the data cable exceeds a current threshold value is taught by Aspencore below) 
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Yoffee to include wherein the remote host device and the security device are physically separated by the data cable. One of ordinary skill in the art would have been motivated to make this modification because it would be highly advantageous to have a simple internally isolated hardware security solution for users to prevent malware infections. (Yoffee, col. 3, ln. 31-36) 
Gourley in view of Yoffee does not explicitly (as it is implicit in the design of an electronic switch/relay) teach that the isolation occurs when a voltage on the data cable exceeds a voltage threshold value, and when a current on the data cable exceeds a current threshold value.  
However, Aspencore teaches that the isolation occurs (the triggering of the switch as taught in Yoffee) when a voltage on the data cable exceeds a voltage threshold value, and (a common implementation of a switch includes when a voltage on the data cable exceeds a voltage threshold value – [see Aspencore, pg. 3, under ‘Solid State Relay Input’] “to activate or turn ‘on’ a solid state relay into conduction, a voltage greater than a minimum value [voltage on the data exceeds a voltage threshold – usually 3 volts – the standard for low voltage data input] must be applied to its input terminals [triggering the switch for the isolation circuit].  [Pg. 9, under ‘Solid State Relay Example No1’] an example is given where a minimum threshold voltage of 9 volts is required to activate the LED in an implementation involving a triac) wherein the isolation circuit configured to isolate the remote host device from electrical signals when a current on the data cable exceeds a current threshold value (a common implementation of an switch includes when a current on the data cable exceeds a current value – [see pg. 2, under ‘Solid State Relay Input’] the current passes through the LED, turning the LED ON”.  The light of the LED powers on the optocoupled solid state relay [triggering the switch for the isolation circuit.  [Pg. 6, under ‘Solid State Relay Output Waveform’] the current must be above a threshold current value for the switch to be in the ‘ON’ state.  [Aspencore, pg. 8, under ‘Solid State Relay Example No1’] the LED needs a threshold current to shine reasonably bright)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Aspencore to include that the isolation occurs when a voltage on the data cable exceeds a voltage threshold value, and when a current on the data cable exceeds a current threshold value. One of ordinary skill in the art would have been motivated to make this modification because such a configuration provides complete electrical isolation between their input and output contacts with its output having almost infinite resistance when open and a very low resistance when closed.  (Aspencore, pg. 1, under ‘Solid State Relay’)

As per claim 8, Gourley in view of Yoffe and Aspencore teaches claim 7.  

However, Aspencore teaches optical isolation circuits configured to optically isolate the security device from the remote host device.  ([Aspencore, pg. 2, under ‘Solid State Relay Input’] one of the main components of a solid state relay is an opto-isolator which contain an LED and a photosensitive device.  The opto-isolator isolates the input [the security device] from the output [the remote host device])
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Aspencore to include optical isolation circuits configured to optically isolate the security device from the remote host device. One of ordinary skill in the art would have been motivated to make this modification because that solid state relays using opto-isolators have no moving parts to wear out, and therefore no contact bounce issues, are able to switch both “ON” and “OFF” much faster than a mechanical relays armature can move, as well as zero voltage turn-on and zero current turn-off eliminating electrical noise and transients.  (Aspencore, pg. 2, under ‘Solid State Relay’)

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley as applied to claim 1 above and further in view of Sandulescu (US Pub. 2005/0027889) (hereinafter “Sandulescu”)

As per claim 10, Gourley teaches claim 1.  
Gourley also teaches wherein the data cable has universal serial bus (USB) connectors at the first end and the second end.  ([Gourley, Para. 0030] the communications interface includes an USB cable where either end of the cable an USB receptacle])
Gourley does not teach wherein the security cable is at least three feet long.
([Sandulescu, para. 0012] the USB extender [the data cable/security cable that has USB connectors] includes a host transceiver [the first end] connectable to a USB host and a device transceiver [the second end] connectable to a USB device.  [Para. 0011] it the cable extends beyond the standard cable length limits of 5 meters [at least three feet long])
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Sandulescu to include wherein the data cable has universal serial bus (USB) connectors at the first end and the second end, and wherein the security cable is at least three feet long. One of ordinary skill in the art would have been motivated to make this modification because it would be preferable if USB devices could be connected by a technology that permits the devices to be more than about 5-10 meters from a host as it is difficult for normal USB cables to meet the stringent electrical signal requirements of USB standard specifications.  (Sandulescu, para. 0004)

Claims 12, 15-16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gourley in view of Yoffee et al. (US Patent No. 8,924,708) (hereinafter “Yoffee”).   Yoffee is included in the third party IDS dated 07/20/2020.

	As per claim 12 Gourley teaches 
	a USB cable; ([Gourley, Para. 0030] the communications interface includes an USB cable])
	a first USB connector configured to connect to a USB device; ([Gourley, para. 0021] in one embodiment, monitoring device 108 may be a USB hub device that monitors and filters USB traffic.  [Para. 0030; Fig. 2A] The monitoring device includes a USB receptacle [a first USB connector] for receiving digital data from a USB Media Drive [configured to connect to a USB device].  [Para. 0036] the USB hub is coupled to a USB port of the USB media device over a USB Bus)
	a second USB connector, wherein the USB cable connects between the second USB connector and a remote host device; ([Gourley, para. 0021] in one embodiment, monitoring device 108 may be a USB hub device that monitors and filters USB traffic.  [Para. 0030; Fig. 2A] The monitoring device includes another USB receptacle [a second USB connector] for transmitting safe traffic to an end user system [connects to a remote host device].  [Para. 0035] the USB hub is coupled to a USB port of the end user system over a USB Bus)
a buffer configured to store device data received from the USB device; ([Gourley, para. 0018] the monitoring device is a USB hub that receives traffic [data] from a USB device.  [Para. 0054] traffic [data] received is stored in memory [a memory buffer to store the digital data in the memory buffer])
a malware detection logic ([Gourley, para. 0031] logic associated with a USB functionality module, a data monitoring module, and an unsafe traffic filtering module may be executed by processing arrangement [a malware detection logic]) configured to determine data containing malware by searching device data in the buffer for malware, ([Para. 0020] known signatures of unsafe content, e.g., known signatures of viruses and/or malware. The signatures may be stored on monitoring device and compared with traffic [the digital data] obtained and stored in the monitoring module) wherein when malware is detected the malware detection logic is configured to prevent device data associated with the detected malware from reaching the remote host device.  ([Para. 0033] the data monitoring module processes traffic obtained off of a USB bus and determine whether the traffic is safe or unsafe.  The module compares the signatures with signatures associated with the obtained traffic.  [Para. 0034] identified unsafe traffic [data that is associated with malware residing in the digital data] is filtered [removed from memory] to be prevented from forwarding to the end user system)

	However, Yoffee teaches an isolation circuit configured to isolate the USB device from the remote host device when an unwanted electrical characteristic is detected.  ([Yoffee, col. 10, ln. 59-61, Fig. 9] Fig. 9 shows an example of an implementation of an isolated circuit which includes a disconnector and a multi-positional switch [Col. 11, ln. 10-11] when D1 is in “mode 2” contact 3, and 4 open and disconnect the data line between DC1 [the host device] and PH1 [the peripherafl device]. [Col. 7, ln. 57-62] when a threat [unwanted electrical characteristic] is detected, the isolation circuit is operated)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Yoffee to include wherein the remote host device and the security device are physically separated by the data cable. One of ordinary skill in the art would have been motivated to make this modification because it would be highly advantageous to have a simple internally isolated hardware security solution for users to prevent malware infections. (Yoffee, col. 3, ln. 31-36)

As per claim 15 Gourley in view of Yoffee teaches claim 12.  
	Gourley also teaches a first end with a USB connector and a second end with a USB connector. ([Gourley, Para. 0030; Para. 0035] the communications interface includes USB receptacles configured to allow the USB hub device to be physically interfaced with a USB media drive [a first end with a USB connector] and an end-user system [a second end with a USB connector].  Furthermore, the USB hub is coupled to a USB port of the end user system over a USB Bus)

As per claim 16 Gourley in view of Yoffee teaches claim 12.  
 ([Gourley, Para. 0031] Logic associated with a data monitoring module [correlation detection logic].  [Para. 0033] data monitoring is arranged to process traffic obtained off of a USB bus and to determine whether particular traffic is safe or unsafe by comparing it to known malware signatures).  [Para. 0054] traffic [data] received is stored in memory [a memory buffer to store the digital data in the memory buffer]) the malware detection logic is configured to prevent device data associated with the detected correlation from reaching the remote host device.  ([Para. 0034] unsafe traffic identified by data monitoring module may effectively be prevented from being forwarded)

As per claim 19, this claim recites a method comprising the steps disclosed in the USB security device of claim 12, has claim language that is identical or substantially similar to that of claim 12, and thus is rejected with the same rationale applied against claim 12.   

Claims 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gourley in view of Yoffee as applied to claim 12 above and further in view of Tian.   

As per claim 13, the claim language is identical or substantially similar to that of claim 11. Therefore, it is rejected under the same rationale applied to claim 11.

As per claim 18, Gourley in view of Yoffee teaches claim 12.
Gourley in view of Yoffee does not teach a data-bus configured to transfer data between the buffer and the malware detection logic.
([Tian, para. 0016] the example malware detector determines whether the clusters stored contain malicious code [Para. 0036] the example communication bus includes memory.   [Para. 0036, Fig. 1, Fig. 2], the communication data bus illustrated is configured to transfer data between the various devices including the malware detector and the memory of the communication bus) 
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Yoffe with the teachings of Tian to include a data-bus configured to transfer data between the buffer and the malware detection logic.  One of ordinary skill in the art would have been motivated to make this modification because allowing bits to be retrieved by the communications bus allows the files to be evaluated by the controller and to be compared against malware samples to determine whether the data contains malware.  (Tian, para. 0036; para. 0041)

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley in view of Yoffee as applied to claim 12 above and further in view of Garg.   

As per claim 14, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley in view of Yoffee as applied to claim 12 above and further in view of Raj (US Pub. 2018/0373872) (hereinafter “Raj”)

As per claim 17 Gourley in view of Yoffee teaches claim 12.  

However, Raj teaches wherein the USB security device ([Raj, para. 0028) the system may include drivers to control and receive data from a USB receptacle [interpreting the system as a USB security device]) is configured to indicate to user ([para. 0041] the user interface component provides a notification mechanism for communicating information to the user.  For example the popup window clearly indicates the reason why access has been blocked) to user on a graphical user interface (GUI) ([para. 0028] the system may also provide a common GUI environment for applications) to provide options to the user as to what action is to be taken with the detected malware. ([Para. 0041, Fig. 1] the popup window displayed includes detailed information about the GUI malware so a user can decide whether to continue to use the interface, i.e. contact the system administrator [provide options to the user as to what action is to be taken]) 
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gourley with the teachings of Raj to include the USB security device is configured to indicate to user on a graphical user interface (GUI) that malware has been detected and to provide options to the user as to what action is to be taken with the detected malware. One of ordinary skill in the art would have been motivated to make this modification because users may not understand that a virus was appropriately detected, and a GUI will cause the user understand a true-positive has been flagged, and allow use of an application without encountering the negative effects.  (Raj, para. 0004)

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Gourley in view of Yoffee  as applied to claim 19 above and further in view of Tian and Aspencore. 

As per claim 20 Gourley in view of Yoffee teaches claim 19.  
Gourley in view of Yoffee does not teach determining that malware is detected when more than a threshold percentage of device data matches a known malware signature; 
However, Tian teaches determining that malware is detected when more than a threshold percentage of device data ([Tian, para. 0017) If the results of “P/(P+Q+R)” satisfy a similarity threshold [e.g., “P/(P+Q+R)”>0.8] [a threshold, and when more the malware matching threshold percentage of the device data], then the file corresponding to A and the file corresponding to B are assigned to a same cluster) matches a known malware signature; [Para. 0012] the files belonging to a same type, class and/or cluster are determined by the malware detector to be either malignant [matches a known malware signature] or benign [not containing malware])
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Gourley and Tian for the same reasons as disclosed above.
Gourley in view of Yoffee and Tian does not teach optically isolating the security buffer from the remote host device when isolating the USB device from the remote host device.  
However, Aspencore teaches optically isolating the security buffer from the remote host device when isolating the USB device from the remote host device.  ([Aspencore, pg. 2, under ‘Solid State Relay Input’] one of the main components of a solid state relay is an opto-isolator which contain an LED and a photosensitive device.  The opto-isolator isolates the input [the security buffer] from the output [the remote host device] so that is isolates the USB device and the remote host device taught by Yoffee)
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Gourley and Aspencore for the same reasons as disclosed above.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Jing et al. (US Patent No. 10,333,949) discloses protecting an operating system by blocking of malware that includes a malware identification component that is located between two USB devices, connected by a USB cable.  Jaman (US Pub. 2017/0262632) discloses a system, method, and medium for securely transferring untrusted files from a portable medium to a computer and identifying malware from a collection of signatures.  M. Kang, USBWall: A Novel Security Mechanism to Protect Against Maliciously Reprogrammed USB Devices, 2015 discloses a device with the physical structure described by the applicant in the independent claims.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a 
/Z.L./Examiner, Art Unit 2493    
                                                                                                                                                                                                    /Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        4/9/2021