Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
	This application claims priority to a 371 National Stage application # PCT/US2016/055484, dated 10/05/2016.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/12/2021 has been entered.
DETAILED ACTION
This office action is in response to a Request for Continued Examination (RCE) application received on 08/12/2021. In RCE, applicant has amended claims 1, 5, 7-8, 11-12 and 16. Claims 2 and 6 have been cancelled. Claims 3-4, 9-10 and 13-15 remain original. 
For this office action, claims 1, 3-5 and 7-16 have been received for consideration and have been examined. 




Response to Arguments
Claim Rejection under 35 U.S.C. § 112
	Applicant’s amendments to independent claims 8 & 12 have been reviewed by the examiner and appear to overcome the 112(b) indefiniteness issues. Therefore examiner has withdrawn this rejection in this office action.
Claim Rejection under 35 U.S.C. § 102
Applicant’s arguments, filed 08/12/2021, with respect to the rejections of claims 1, 3-5 and 7-16 under 35 U.S.C. § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of new amendments to the claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 3-5 and 7-16 are rejected under 35 U.S.C. 103 as being unpatentable over Stephan., (US20020143921A1) in view of Astrand., (US20090222814A1).
Regarding claim 1, Stephan discloses:
A non-transitory machine-readable medium storing instructions executable by a processing resource to cause a computing system to: 
receive a request (See FIG.3;  i.e. when the USB device is plugged in) to accept a universal serial bus (USB) device class from a first composite USB device (See FIG.1; Hub(s) 12) of a plurality of composite USB devices ([0040] When the device is plugged in or a notification received from the module which handles the power management functions in relation to the USB, the configuration software component transmits a Reset_Port command. This forces the device to enter a default state. At this point the device is unconfigured and responds only to requests targeted at endpoint and device zero. The configuration software retrieves the device class by determining which device class the particular device belongs to. In a preferred embodiment, this step uses the GET_DESCRIPTOR function; [0041] Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25; [0042] The fields may include the device class, device subclass, vendor, device manufacturer etc.;  [0044] FIG. 3 shows At step 30 a device is plugged in); 
filter, using a lower-level USB filter driver (i.e. filter driver / filter software 25; see FIG. 2) that modifies behavior of hardware of the USB device a device function of the USB device class based on a comparison of a descriptor of the device function to a function filter descriptor list  (See FIG. 2; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus; [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization; [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc.); and 
based on the comparison, determine whether to pass the device function descriptor onto an associated operating system or block the device function descriptor from recognition by the associated operating system ([0023] Preferably, the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB; [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc. When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus; [0044] This process is shown schematically in the simplified flowchart of FIG. 3. At 30 a device is plugged in. The results of the GET_DESCRIPTOR function and descriptor analysis (31/33) are then used, in this embodiment, to determine whether the data flux is to be redirected by remapping the configuration device descriptors, to a dummy driver 32. Once data flow is enabled between the appropriate driver (including possibly the dummy driver) it can be seen that the disallowed device is prevented from communicating on the bus, but the system is aware of its presence and can therefore deal with any network functions or which may be necessary. An alternative technique is illustrated schematically by the dashed line in FIG. 3, where the disallowed device is disable by means of a false end of packet signal 34; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22), 
wherein the filter rule is a same filter rule used among each composite USB device of the plurality of composite USB devices ([0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB).
Stephan fails to disclose:
	the composite USB device with a first device function and a second device function and determine where to pass the first device function and the second device function descriptor onto an associated operating system or block the first device function and the second device function descriptor from recognition by the associated operating system.
However, Astrand discloses:
See FIG. 7; device 700 may be configured as a composite device) with a first device function (See FIG. 8B; Group A, i.e. block certain USB device function) and a second device function (See FIG. 8B; Group B, i.e. allow certain USB device function) and determine where to pass the first device function and the second device function descriptor onto an associated operating system ([0076] As an example of a composite USB device, assume device 700 is a USB webcam with a built in microphone. In this situation, device 700 may be configured as a composite device in which the video functions of the webcam are presented by the USB device as a first logical sub-device (e.g., the functions of Group A 710) and the audio functions of the USB device are presented by the USB device as a second logical sub-device (e.g., the functions of Group B 720). The functions of “Group A” 710 and the functions of “Group B” 720 may each require a separate USB driver to access these functions; See FIG. 5 & 6; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group B’ sub-logical device is passed/allowed by the composite USB device) or 
block (See FIG. 8B; i.e. Group A disallowed) the first device function and the second device function descriptor from recognition by the associated operating system ([0084] As shown in FIG. 8A, host OS 800 receives all of the descriptors associated with composite USB device 700, and thus has a complete view of the USB device. The host OS can thus access the functionality of both Group A 710 and Group B 720 of the USB device. As shown in FIG. 8B, however, in this example, VM application USB interface 535 has hidden the functions of Group A 710 from the USB device.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group A’ sub-logical device is blocked/disallowed by the composite USB device).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Stephan reference and include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device, as disclosed by Astrand.
	The motivation to include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device is to filter and control access to various functions of the single physical USB device for security purposes (See Astrand: Abstract & [0075]). 
Regarding claim 3, the combination of Stephan and Astrand discloses:
	The medium of claim 1, wherein the function filter descriptor list is a device function descriptor block list (Stephan: [0042] the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization. When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table).
Regarding claim 4, the combination of Stephan and Astrand discloses:
The medium of claim 1, wherein the function filter descriptor list is a device function descriptor allow list (Stephan: [0042] If attachment of the peripheral to the USB is allowed, then the descriptor data flow will be unchanged and the data is directed to the appropriate device driver 21
Regarding claim 5, the combination Stephan and Astrand discloses:
The medium of claim 1, further comprising instructions executable to determine to pass the first device function descriptor, the second device function descriptor, or both, onto the associated operating system or block the first device function descriptor, the second device function descriptor, or both, from recognition by the associated operating system during enumeration of the composite USB device (Stephan: [0041] Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … the filter software is configured to prevent access by the CDROM to the USB) or block the device function descriptor from recognition by the associated operating system during enumeration of the USB device; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Regarding claim 7, the combination Stephan and Astrand discloses:
The medium of claim 1, further comprising instructions executable to: intercept communication between the composite USB device and the associated operating system (Stephan: [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization); and 
filter the first device function and the second device function of the composite USB device based on the comparison of the first filtered device function descriptor and the second filtered device function descriptor to the function filter descriptor list and the intercepted Stephan: [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc. When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus).
Regarding claim 8, Stephan discloses:
A method, comprising: 
intercepting, using a lower-level filter driver (i.e. filter driver / filter software 25; see FIG. 2) that sits below a first driver (i.e. USB host software 24; see FIG. 2) and above a second driver (i.e. host controller 26; see FIG. 2) of a composite universal serial bus (USB) device (i.e. USB device driver 21) and modifies behavior of hardware of the composite USB device, communication between the composite USB device and an associated operating system (See FIG. 2; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus; [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization); 
comparing, using the lower-level filter descriptor driver (i.e. check the responses to the ‘Get_Descriptor’ against device table through filter software), the intercepted communication [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc.); 
filtering, using the lower-level filter driver, the filter rule, and based on the comparison, a plurality of descriptors of functions of the composite USB device into a block list or an allow list ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus),Page 3 of 10USB DEVICE FILTERING Application No. 16/074,725 Amendment dated August 12, 2021 
Reply to Final Office Action dated May 21, 2021	wherein the filter rule is a same filter rule used among a plurality of composite USB devices ([0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB); 
blocking a first function descriptor of the plurality of descriptors of functions from recognition by the operating system in response to the first function descriptor being determined to be on the block list and based on the intercepted communication ([0044] This process is shown schematically in the simplified flowchart of FIG. 3. At 30 a device is plugged in. The results of the GET_DESCRIPTOR function and descriptor analysis (31/33) are then used, in this embodiment, to determine whether the data flux is to be redirected by remapping the configuration device descriptors, to a dummy driver 32. Once data flow is enabled between the appropriate driver (including possibly the dummy driver) it can be seen that the disallowed device is prevented from communicating on the bus, but the system is aware of its presence and can therefore deal with any network functions or which may be necessary. An alternative technique is illustrated schematically by the dashed line in FIG. 3, where the disallowed device is disable by means of a false end of packet signal 34); and 
allowing a second function descriptor to be accessed by the operating system in response to the second function descriptor being determined to be on the allow list and based on the intercepted communication ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus. The rules for configuration allowance or data transfer authorization may be in the form of a lookup table 22 or similar which lists the disallowed devices and their descriptor characteristics. If attachment of the peripheral to the USB is allowed; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Stephan fails to disclose:
	the composite USB device to allow for selective allowance or blockage of a functionality of the plurality of composite USB devices.
However, Astrand discloses:
	the composite USB device (See FIG. 7; device 700 may be configured as a composite device) to allow for selective allowance (See FIG. 8B; Group A ‘not’ allowed) ([0076] As an example of a composite USB device, assume device 700 is a USB webcam with a built in microphone. In this situation, device 700 may be configured as a composite device in which the video functions of the webcam are presented by the USB device as a first logical sub-device (e.g., the functions of Group A 710) and the audio functions of the USB device are presented by the USB device as a second logical sub-device (e.g., the functions of Group B 720). The functions of “Group A” 710 and the functions of “Group B” 720 may each require a separate USB driver to access these functions.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group B’ sub-logical device is passed/allowed by the composite USB device) or 
blockage of a functionality (See FIG. 8B; i.e. Group B allowed) of the plurality of composite USB devices ([0084] As shown in FIG. 8A, host OS 800 receives all of the descriptors associated with composite USB device 700, and thus has a complete view of the USB device. The host OS can thus access the functionality of both Group A 710 and Group B 720 of the USB device. As shown in FIG. 8B, however, in this example, VM application USB interface 535 has hidden the functions of Group A 710 from the USB device.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group A’ sub-logical device is blocked/disallowed by the composite USB device).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Stephan reference and include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device, as disclosed by Astrand.
	The motivation to include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device is to filter and control access to various functions of the single physical USB device for security purposes (See Astrand: Abstract & [0075]
Regarding claim 9, the combination Stephan and Astrand discloses:
The method of claim 8, wherein intercepting communication includes intercepting descriptor information of the composite USB device (Stephan: See FIG. 2; [0041] shows two devices are shown residing on the USB interface: a speaker 27 and a CDROM 28 which are physically wired with the composite USB interface).
Regarding claim 10, the combination Stephan and Astrand discloses:
The method of claim 8, further comprising: 
filtering, using the lower-level filter driver and based on the comparison, a plurality of interfaces of the composite USB device into the block list or the allow list (Stephan: [0041] Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … Two devices are shown residing on the USB: a speaker 27 and a CDROM 28. In the present example, the filter software is configured to prevent access by the CDROM to the USB. The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus); 
blocking, based on the filtering, a first interface of the plurality of interfaces determined to be on the block list from recognition by the operating system (Stephan: [0042] Otherwise, in a preferred embodiment of the invention, this descriptor structure is patched in order to disable the disallowed device. This may be done by assigning new device and vendor identifications and will thus link the peripheral to a dummy device driver 29 that does nothing); and 
allowing, based on the intercepted communication, a second interface of the plurality of interfaces determined to be on the allow list to be accessed by the operating system (Stephan: [0042] The rules for configuration allowance or data transfer authorization may be in the form of a lookup table 22 or similar which lists the disallowed devices and their descriptor characteristics. If attachment of the peripheral to the USB is allowed, then the descriptor data flow will be unchanged and the data is directed to the appropriate device driver 21).
Regarding claim 11, the combination Stephan and Astrand discloses:
The method of claim 8, further comprising filtering, using the lower-level filter driver, the plurality of descriptors of functions of the composite USB device and the plurality of composite USB devices into the block list and the allow list based on the comparison (Stephan: See FIG. 2; [0041] shows two devices are shown residing on the USB interface: a speaker 27 and a CDROM 28 which are physically wired with the composite USB interface) and 
the filter rule, wherein at least two of the plurality of composite USB devices have different vendor identifiers (Stephan: [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc … Otherwise, in a preferred embodiment of the invention, this descriptor structure is patched in order to disable the disallowed device. This may be done by assigning new device and vendor identifications and will thus link the peripheral to a dummy device driver 29 that does nothing. That is, if the device is not allowed, the filter may, for example, change the device and vendor ID in order to connect the device to a generic driver 29 that causes the device to remain unconfigured).
Regarding claim 12, Stephan discloses:

intercept, using a lower-level filter driver (i.e. filter driver / filter software 25; see FIG. 2) that sits below a first driver (i.e. USB host software 24; see FIG. 2) and above a second driver (i.e. host controller 26; see FIG. 2) of a composite universal serial bus (USB) device (i.e. USB device driver 21) and modifies behavior of hardware of the composite USB device, communication between the composite USB device and an associated operating system (See FIG. 2; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus; [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization); 
compare, using the lower-level filter descriptor driver (i.e. check the responses to the ‘Get_Descriptor’ against device table through filter software), the intercepted communication to a function filter descriptor list created using a filter rule ([0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc.); 
filter, using the lower-level filter driver, the filter rule, and based on the comparison, a plurality of descriptors of functions of the composite USB device into a block list or an allow list ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus),Page 3 of 10USB DEVICE FILTERING Application No. 16/074,725 Amendment dated August 12, 2021 
[0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB); 
block a first function descriptor of the plurality of descriptors of functions from recognition by the operating system in response to the first function descriptor being determined to be on the block list and based on the intercepted communication ([0044] This process is shown schematically in the simplified flowchart of FIG. 3. At 30 a device is plugged in. The results of the GET_DESCRIPTOR function and descriptor analysis (31/33) are then used, in this embodiment, to determine whether the data flux is to be redirected by remapping the configuration device descriptors, to a dummy driver 32. Once data flow is enabled between the appropriate driver (including possibly the dummy driver) it can be seen that the disallowed device is prevented from communicating on the bus, but the system is aware of its presence and can therefore deal with any network functions or which may be necessary. An alternative technique is illustrated schematically by the dashed line in FIG. 3, where the disallowed device is disable by means of a false end of packet signal 34); and 
allow a second function descriptor to be accessed by the operating system in response to the second function descriptor being determined to be on the allow list and based on the intercepted communication ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus. The rules for configuration allowance or data transfer authorization may be in the form of a lookup table 22 or similar which lists the disallowed devices and their descriptor characteristics. If attachment of the peripheral to the USB is allowed; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Stephan fails to disclose:
the composite USB device to allow for selective allowance or blockage of a functionality of the plurality of composite USB devices.
However, Astrand discloses:
the composite USB device (See FIG. 7; device 700 may be configured as a composite device) to allow for selective allowance (See FIG. 8B; Group A ‘not’ allowed) ([0076] As an example of a composite USB device, assume device 700 is a USB webcam with a built in microphone. In this situation, device 700 may be configured as a composite device in which the video functions of the webcam are presented by the USB device as a first logical sub-device (e.g., the functions of Group A 710) and the audio functions of the USB device are presented by the USB device as a second logical sub-device (e.g., the functions of Group B 720). The functions of “Group A” 710 and the functions of “Group B” 720 may each require a separate USB driver to access these functions.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group B’ sub-logical device is passed/allowed by the composite USB device) or 
blockage of a functionality (See FIG. 8B; i.e. Group B allowed) of the plurality of composite USB devices ([0084] As shown in FIG. 8A, host OS 800 receives all of the descriptors associated with composite USB device 700, and thus has a complete view of the USB device. The host OS can thus access the functionality of both Group A 710 and Group B 720 of the USB device. As shown in FIG. 8B, however, in this example, VM application USB interface 535 has hidden the functions of Group A 710 from the USB device.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group A’ sub-logical device is blocked/disallowed by the composite USB device).

The motivation to include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device is to filter and control access to various functions of the single physical USB device for security purposes (See Astrand: Abstract & [0075]).
Regarding claim 13, the combination Stephan and Astrand discloses:
The non-transitory machine-readable medium of claim 12, wherein at least two of the plurality of composite USB devices have different product identifiers (Stephan: See FIG. 2 & [0045] shows CDROM and Speaker are two devices connected to USB controller).
Regarding claim 14, the combination Stephan and Astrand discloses:
The non-transitory machine-readable medium of claim 12, wherein at least two of the plurality of composite USB devices have different vendor identifiers (Stephan: [0042] The fields may include the device class, device subclass, vendor, device manufacturer etc).
Regarding claim 15, the combination Stephan and Astrand discloses:
The non-transitory machine-readable medium of claim 12, further comprising instructions executable to create a block list or an allow list based on the filter rule (Stephan: [0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB
Regarding claim 16, the combination Stephan and Astrand discloses:

The medium of claim 1, wherein the lower-level USB filter driver sits below a first driver and above a second driver of the composite USB device (Stephan: See FIG. 2; [0041] which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018.  The examiner can normally be reached on 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 






/S.M.A./Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/SYED A ZAIDI/Primary Examiner, Art Unit 2432