Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant's submission filed on 2/3/2021 has been entered.   Claims 1-20 are pending.  Newly amended features, where relevant, necessitate new ground(s) of rejections.
 Response to Arguments
Applicant's arguments filed 2/3/2021 have been fully considered but they are not persuasive.
On pages 7-8 of the Remarks, the Applicants argue that Hattori does not disclose “the authorization data to indicate a number of accesses the processor device is granted to the controlled data and a count of access to the controlled data.”
In response, The Examiner respectfully disagrees and asserts that (1) Arora discloses ARE unit monitors all commands/accesses to read/write data to the memory, Arora: Fig. 5, “54,” and by monitoring there could be a record or a log of data that is kept to monitor all activities,  such that there could have a history of timestamps and other information of the accessed session; (2) Going back as far as Microsoft Office 2007, there are codes to allow only a limited number of accesses and installations of a Microsoft office products to a user.  So with such access permission and counting technology, similar to claimed invention, are old and well known. This technology can be implemented by Arora in Figure 6, embedded within those policies: Ownership and or Access Rule; (3) with the combination of Hattori, keeping a count, similar to Microsoft’s .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/6/2020 is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6-10, 13-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Arora (US 2018/0357184) in view of Hattori (US 2007/0250906).

a memory device (FIG. 1, ¶ [0012]); and 
a microcontroller device integrated with the memory device and adapted to control access to the memory device by a processor device (FIG. 1, ¶ [0012]), the microcontroller device configured to: 
set an access permission for controlled data stored by the memory device based on authorization data stored in the memory device (FIG. 1, ¶ [0024]-[0026]; i.e. enforcing/setting the rules programmed by the access rule configuration unit or configuration tables), the authorization data to indicate a number of accesses the processor device is granted to the controlled data and a count of accesses to the controlled data; 
receive, from the processor device, a request to access the controlled data (¶ [0026]-[0028]; i.e. receiving transaction request or commands that attempt to read/write to the storage device); and 
determine whether to initiate access to the controlled data by the processor device based on the access permission (¶ [0026]-[0028]; i.e. the access rule enforcer monitors all requests or commands to access the storage device and enforces the access rules).
Arora does not explicitly disclose the authorization data to indicate a number of accesses the processor device is granted to the controlled data and a count of accesses to the controlled data.

Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Hattori’s teaching into Arora in order to detect unauthorized access from an application program (Hattori, ¶ [0007]-[0008]).
Regarding claim 2, Arora in view of Hattori discloses the apparatus of claim 1, wherein managing access by the processor device to the controlled data stored on the memory device further includes setting the access permission for the controlled data based on a comparison of the number of granted accesses and the count of accesses (Hattori, FIG. 3, ¶ [0042]-[0044], [0049]).
Regarding claim 3, Arora in view of Hattori discloses the apparatus of claim 2, wherein the microcontroller device is further configured to: initiate transmission of the controlled data to the processor device based on the access permission (Arora, ¶ [0024]; Hattori, ¶ [0039], [0042-[0043]); update the count of accesses in response to initiating transmission of the controlled data (Hattori, ¶ [0039], [0042-[0043]); and update the access permission based on the updated count (Hattori, ¶ [0039], [0042-[0043]).
Regarding claim 6, Arora in view of Hattori discloses the apparatus of claim 1, wherein the microcontroller device is further configured to update the authorization data based on a signal received during a hardware boot process (Arora, ¶ [0024]; i.e. configurable tables are programmed at boot time).

Regarding claim 8, Arora discloses a method comprising: 
managing, at a microcontroller device integrated into a memory device, access by a processor device to data stored on the memory device (FIG. 1, ¶ [0012]), wherein managing access by the processor device to the data stored on the memory device includes: 
setting an access permission for controlled data stored by the memory device based on authorization data stored in the memory device (FIG. 1, ¶ [0024]-[0026]; i.e. enforcing/setting the rules programmed by the access rule configuration unit or configuration tables), the authorization data to indicating a number of accesses the processor device is granted to the controlled data and a count of accesses to the controlled data; 
receiving, from the processor device, a request to access the controlled data (¶ [0026]-[0028]; i.e. receiving transaction request or commands that attempt to read/write to the storage device); and 
determining whether to initiate access to the controlled data by the processor device based on the access permission (¶ [0026]-[0028]; i.e. the access rule enforcer monitors all requests or commands to access the storage device and enforces the access rules).
Arora does not explicitly disclose the authorization data to indicating a number of accesses the processor device is granted to the controlled data and a count of accesses to the controlled data.

Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Hattori’s teaching into Arora in order to detect unauthorized access from an application program (Hattori, ¶ [0007]-[0008]).
Regarding claim 9, Arora in view of Hattori discloses the method of claim 8, further comprising setting the access permission for the controlled data based on a comparison of the number of granted accesses and the count of accesses (Hattori, FIG. 3, ¶ [0042]-[0044], [0049]).
Regarding claim 10, Arora in view of Hattori discloses the method of claim 9, further comprising: initiating transmission of the controlled data to the processor device based on the access permission (Arora, ¶ [0024]; Hattori, ¶ [0039], [0042-[0043]); updating the count of accesses in response to initiating transmission of the controlled data (Hattori, ¶ [0039], [0042-[0043]); and updating the access permission based on the updated count (Hattori, ¶ [0039], [0042-[0043]).
Regarding claim 13, Arora in view of Hattori discloses the method of claim 8, further comprising updating the authorization data based on a signal received during a hardware boot process (Arora, ¶ [0024]; i.e. configurable tables are programmed at boot time).
Regarding claim 14, Arora in view of Hattori discloses the method of claim 8, wherein the memory device comprises a flash memory device (Arora, FIG, 1, ¶ [0012]).

setting an access permission for controlled data stored by the memory device based on authorization data stored in the memory device (FIG. 1, ¶ [0024]-[0026]; i.e. enforcing/setting the rules programmed by the access rule configuration unit or configuration tables), the authorization data to indicate a number of accesses to the controlled data granted to the processor device and a count of accesses to the controlled data; 
receiving, from the processor device, a request to access the controlled data (¶ [0026]-[0028]; i.e. receiving transaction request or commands that attempt to read/write to the storage device); and 
determining whether to initiate access to the controlled data by the processor device based on the access permission (¶ [0026]-[0028]; i.e. the access rule enforcer monitors all requests or commands to access the storage device and enforces the access rules).
Arora does not explicitly disclose the authorization data to indicate a number of accesses to the controlled data granted to the processor device and a count of accesses to the controlled data.
However Hattori discloses the authorization data to indicate a number of accesses to the controlled data granted to the processor device and a count of accesses to the controlled data (FIG. 3, ¶ [0042]-[0044], [0049]).

Regarding claim 16, Arora in view of Hattori discloses the computer readable storage device of claim 15, wherein the instructions cause the one or more processors to set the access permission for the controlled data based on a comparison of the number of granted accesses and the count of accesses (Hattori, FIG. 3, ¶ [0042]-[0044], [0049]).
Regarding claim 17, Arora in view of Hattori discloses the computer readable storage device of claim 16, wherein the instructions cause the one or more processors to: initiate transmission of the controlled data to the processor device based on the access permission (Arora, ¶ [0024]; Hattori, ¶ [0039], [0042-[0043]); update the count of accesses in response to initiating transmission of the controlled data (Hattori, ¶ [0039], [0042-[0043]); and update the access permission based on the updated count (Hattori, ¶ [0039], [0042-[0043]).
Regarding claim 20, Arora in view of Hattori discloses the computer readable storage device of claim 15, wherein the instructions are further executable by the one or more processors to update the authorization data based on a signal received during a hardware boot process (Arora, ¶ [0024]; i.e. configurable tables are programmed at boot time).
s 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Arora (US 2018/0357184) in view of Hattori (US 2007/0250906) and further in view of Shah et al. (US 2019/0266037 hereinafter Shah).
Regarding claim 4, Arora in view of Hattori discloses the apparatus of claim 2, wherein the microcontroller device is further configured to: update the count of accesses in response to the signal (Hattori, ¶ [0039], [0042-[0043]); and update the access permission based on the updated count (Hattori, ¶ [0039], [0042-[0043]).
Arora in view of Hattori does not explicitly disclose wherein the memory device further comprises a hardware interrupt mechanism configured to transmit a signal to the microcontroller device in response to access to the controlled data.
However, Shah discloses wherein the memory device further comprises a hardware interrupt mechanism configured to transmit a signal to the microcontroller device in response to access to the controlled data (FIG. 1, ¶ [0020]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Shah’s teaching into Arora in view of Hattori in order to handle errors that occur during accessing memory (Shah, ¶ [0020]).
Regarding claim 11, Arora in view of Hattori discloses the method of claim 9, further comprising: determining whether to update the authorization data based on the updated count (Hattori, ¶ [0039], [0042-[0043]).
Arora in view of Hattori does not explicitly disclose updating the count of accesses in response to a signal from a hardware interrupt mechanism indicating access to the controlled data.

Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Shah’s teaching into Arora in view of Hattori in order to handle errors that occur during accessing memory (Shah, ¶ [0020]).
Regarding claim 18, see claim 11 above for the same reasons of rejections.
Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Arora (US 2018/0357184) in view of Hattori (US 2007/0250906) and further in view of Muhlestein et al. (US 2017/0316222 hereinafter Muhlestein).
Regarding claim 5, Arora in view of Hattori discloses the apparatus of claim 1.
Arora in view of Hattori does not explicitly disclose further including a clock device, wherein the authorization data indicates a granted access duration, and wherein the microcontroller device is configured to: determine an elapsed access duration based an indicator from the clock device; and set the access permission for the controlled data based on a comparison of the elapsed access duration to the granted access duration.
However, Muhlestein discloses wherein the authorization data indicates a granted access duration (FIG. 3 & 5, i.e. storage rules including a time to live instruction), and wherein the microcontroller device is configured to: determine an elapsed access duration based an indicator from the clock device (¶ [0019]); and set the access permission for the controlled data based on a comparison of the elapsed access duration to the granted access duration (¶ [0019]).

Regarding claims 12 and 19, see claim 5 above for the same reasons of rejections.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.D.N/Examiner, Art Unit 2435 
/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435