DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 05/25/2021.

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Matthew A. Stanford on 8/13/2021.

The claim amendments as follows:

1.	  A system for protecting a Computer System interfacing with peripheral elements via a generic port associated with an open standard interface, the system comprising:
		at least one Protection Device configured to be installed between the Computer System and Peripheral element/s of the Computer System and including:
			a pair of computer-peripheral interfaces including a “near end” interface and a “far-end” interface; and 
			a uni-directional data flow limiter protect the computer system from an abnormality flowing from the computer-peripheral interfaces by invoking an individual one of a following two states which each ensure that data flows only in one direction:
				a state which ensures that data flows only outward; or
				a state which ensures that data flows only inward. 
	2.  	  A system according to claim 1 and also comprising a first CPU configured to interface with the “near end” interface and to act as a virtual peripheral element.
	3.  	  A system according to claim 1 and also comprising a second CPU  configured to interface with the “far-end” USB interfaces and to act as a virtual computer system.   
	4. 	  A system according to claim 1 and also comprising first and second CPUs configured to interface with the “near end” interface and “far-end” USB interfaces  respectively and to act as a virtual peripheral element and a virtual computer system, respectively, and wherein the uni-directional data flow limiter is disposed intermediate the first and second CPUs. 
	5. 	  A system according to claim 4 wherein authentication firmware resides on the first CPU.
	6. 	  A system according to claim 4 wherein security tunnel firmware resides on the first CPU.
	7. 	  A system according to claim 1 and also comprising a dedicated power supply that feeds at least one peripheral element and is monitored to provide an indication for at least one manipulated device/attack. 
	8. 	  A system according to claim 1 and also comprising behavioral analysis functionality configured to receive data flowing between computer and peripheral and to provide an indication for at least one manipulated device/attack. 
	9.	  A system according to claim 1 wherein the hardware based uni-directional data flow limiter is permanently configured to invoke only one of two states each ensuring that data flows only in one direction, i.e. either only out or only in.
	10.	  A system according to claim 1 wherein the hardware based uni-directional data flow limiter invokes an input only state and is used in conjunction with a USB port, which protects the computer system against data leakage, while an input oriented peripheral is communicating with the USB port. 
	11.	  A system according to claim 1 wherein the hardware based uni-directional data flow limiter invokes an Output Only state and is used in conjunction with a USB port exporting data from the computer which ensures that the computer is detached from any external device or entity that could “push” harmful data or files inwards. 
	12-13.	  
	14.	  A system according to claim 1 wherein the Protection Device is operative to undergo training e.g. using supervised machine learning technology,  in which users’ profiles are learned, and accordingly, to detect a profile for each device trying to use a password, e.g. hostile or attacking device, that can “playback” predefined known keystroke patterns, and to compare said profile to a known profile  for the user who owns the password. 
	15.	  A system according to claim 14 and wherein said profile comprises a unique user “fingerprint” characterized by the time difference between each character and the next character when the user types her or his password (or almost any other word or sequence of characters).
	16.	  A system according to claim 1 wherein, if Authentication Software on the Computer System detects that the Protection Device is not present,  the Authentication Software uses management Software on the Computer System to alert at least one of the user and the system administrator.
	17.	  A system according to claim 1 wherein, if Authentication Software on the Computer System detects that the Protection Device has been replaced, the Authentication Software uses management Software on the Computer System to alert at least one of the user and the system administrator.
	18.	  A system according to claim 1 wherein, if Authentication Software on the Computer System detects that the Protection Device is not present, the Authentication Software uses management Software on the Computer System to automatically disable said port to ensure no infection can come through.
	19.	  A system according to claim 1 wherein, if Authentication Software on the Computer System detects that the Protection Device has been replaced, the Authentication Software uses management Software on the Computer System to automatically disable said port to ensure no infection can come through.
	20.	  A system according to claim 1 wherein plural host interfaces are used for connecting plural Peripheral Products to the Computer System via said port e.g. via a single port. 
	21.	  A system according to claim 1 wherein said Protection Device comprises a distributed device with separate  near end and far end portions connected by a single optical fiber while maintaining communications uni-directional on the hardware/physical layer.   
	22-25.	  
	26.	  A data security method comprising:
		Providing a pair of computer-peripheral interfaces including first and second computer-peripheral interfaces with data communication between the first and second computer-peripheral interfaces;
		Providing a power supply operative to supply power to a peripheral connected to one of the interfaces; and 
		Monitoring current usage by sampling current drawn from the power supply and to detect abnormal patterns in the peripheral’s current usage and, responsively, to disable data communication between the pair of interfaces, wherein:
			said peripheral serves a computer system, and 
			said power supply provided by said method is dedicated to generating an independent supply voltage for feeding said peripheral rather than having said peripheral receive power for operation of said peripheral from the computer system.
	27-32.	 


 	Examiner’s statement of reason of allowance

The following is an examiner's statement of reasons for allowance: In interpreting the claims, in light of the Specification and the applicant's amendments filed on 05/25/2021, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
 	The present relates to a method of :
 
	 	Independent claims 1, a uni-directional data flow limiter  intermediate the computer-peripheral interfaces, and the uni-directional data flow limiter is configured to 

 	 In dependent claim 26 , recite the uniquely distinct features of “ Monitoring current usage by sampling current drawn from the power supply and to detect abnormal patterns in the peripheral’s current usage and, responsively, to disable data communication between the pair of interfaces, wherein: said peripheral serves a computer system, and said power supply provided by said method is dedicated to generating an independent supply voltage for feeding said peripheral rather than having said peripheral receive power for operation of said peripheral from the computer system.


The closest prior art, (Cheng US 2012/0151102), discloses. A connection controller and connection control method for controlling the connections of a peripheral device with a computer is provided. The connection controller can detect the connection status of the peripheral devices and initializes the peripheral device while the peripheral device is connected. The connection controller transmits an interrupt signal to the computer while the peripheral device is initialized to allow the computer to access the peripheral device. Alternatively, the connection controller generates a suspend signal to switch off the power supply track from the computer to the peripheral device, and the connection controller will then be suspended without unloading the driver of the peripheral device to eliminate the repetition of loading and unloading the driver of the peripheral device. 


The closest prior art, (Zhang et al US 2016/0349308) discloses  Provided are an interface insertion anomaly detection circuit and method applicable to the field of mobile terminals. The interface insertion anomaly detection circuit comprises a power circuit (4), and further comprises: a first USB interface (1), comprising a first power line and a first signal line, a power end of the first power line being connected to the power circuit (4); a second USB interface (2), comprising a second power line and a second signal line, the second power line and the second signal line being short-circuit connected, wherein the second USB interface (2) connects the second signal and the first signal line through insertion to the first USB interface (1); and a controller (3), a first voltage collection end and a second voltage collection end thereof being respectively connected to the power end of the first power line and a signal end of the first signal line. The controller (3) can determine, according to a calculated voltage difference, whether the first power line and the second power line are well connected by insertion, and then determine whether to start or resume charging a cell of a mobile terminal through the first USB interface (1) and the second USB interface (2). 

 	
However, the prior art of record, either individually or in a reasonable combination, fails to disclose or suggest the underline limitations when in combination with the remaining limitations currently recited in the independent claims 1, and 26. In addition, updated search also did not yield any new applicable prior art with respect to the underlined limitations.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 






Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495