DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments filed  on 08/18/2021 with respect to claims 7-10 and 11-14 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made (see, the rejection below).

Applicant has amended the independent claim 1 by incorporating the allowable feature of dependent claim 5, and cancelled claim 5. As such, claims 1-4 and 6 have been allowed. 


Claim Rejections - 35 USC § 103
4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5. Claims 7-10 are rejected under 35 U.S.C. 103 as being unpatentable over Power (US 2012/0311207) in view of Denney (US Pub.No.2020/0356665).  

6. Regarding claim 7 Powers teaches a computer-implemented method comprising: reading read-only memory (ROM) information on a universal serial bus (USB) device; identifying, in the 
 identifying a set of indicators of compromise including pre-determined trails of configuration files; determining a trail of the set of trails matches a pre-determined trail in the set of indicators of compromise (Para: 0058-0060 teaches checking the configuration files 94 define which USB devices (such as USB device 24 shown in fig. 1) are authorized to communicate with a host device to which mediation module 50 is connected. That is, for example, configuration files 94 includes one or more lists of identifying characteristics of authorized devices.
 Para: 0122-0123 teaches determine whether USB device 24 is authorized to communicate with host device 28. The mediation module 50 will compare the data contained in a descriptor of USB device 24 to authorized descriptors listed in one or more configuration files 94 stored in memory 92);

Powers teaches all the above claimed limitations, but does not expressly teach identifying a security score associated with the pre-determined trail; and taking a security action corresponding to the security score.

Denney teaches identifying and assigning a security score to the USB device; and taking a security action corresponding to the security score (Para: 0005-0007 and Para: 0037 teaches analyze unknown universal serial bus (USB)-powered devices introduced to a computing environment and, through the utilization of machine learning, determine the behavior of the unknown device before it can potentially cause harm to the computing environment. Classifying the external device as benign or malicious using machine learning (e.g., a decision tree, a random forest, Naive Bayes, k-nearest neighbors, or a support vector machine) on the extracted information. Figs.11-12, Para: 0082 and Para: 0106-0107 teaches ranking/scoring each of the external device features individually to prioritize the feature using machine learning. And based 

Therefore it would have been obvious to one of the ordinary skill in the art before the invention was filed to modify Powers to include assigning a security score to the USB device based on the comparing as taught by Denney, such a setup utilizes the machine learning technique, to detect the behavior of the unknown device before it potentially cause damage to the computing environment.

7.  Regarding claim 8 Denney teaches the computer-implemented method, further comprising: determining the security action by reference to a table associating a set of security actions, including the security action, with ranges of values of combined security scores, including the combined security score (Para: 0064-0068, Para: 0082, 0086 and Para: 0106-0107 teaches ranking/scoring each of the external device features individually to prioritize the feature using machine learning, and taking appropriate security action based on the generated score).

8.  Regarding claim 9 Powers teaches the computer-implemented method further comprising: detecting the USB device inserted into a USB port (Para: 0029 teaches detecting the USB device inserted into the port).

9.  Regarding claim 10 Powers in view of Denney teaches the computer-implemented method, wherein the security action is blocking the USB port from use by the USB device (Powers: Para: 0122- 0123 and Para: 0126-0127 teaches blocking/disabling the USB device.
Denney: Para: 0064-0068 teaches the security action is blocking unknown device).

s 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Butler (US 2019/0286817) in view of Denney (US Pub.No.2020/0356665).  
  
11. Regarding claim 11 Butler teaches a computer-implemented method comprising:  identifying a set of device drivers stored on a universal serial bus (USB) device, identifying a set of microcontroller device drivers; determining a device driver of the set of device drivers on the USB device matches a microcontroller device driver of the set of microcontroller device drivers (Para:0050 -0053, Para:0119-0120 and Para:0124-127 teaches identifying the set of device drivers on the USB device and comparing it with the expected functionality);

Butler teaches all the above claimed limitations, but does not expressly teach identifying a security score associated with the matching microcontroller device driver; and taking a security action corresponding to the security score.

Denney teaches identifying a security score; and taking a security action corresponding to the security score (Para: 0005-0007 and Para: 0037 teaches analyze unknown universal serial bus (USB)-powered devices introduced to a computing environment and, through the utilization of machine learning, determine the behavior of the unknown device before it can potentially cause harm to the computing environment. Classifying the external device as benign or malicious using machine learning (e.g., a decision tree, a random forest, Naive Bayes, k-nearest neighbors, or a support vector machine) on the extracted information. Figs.11-12, Para: 0082 and Para: 0106-0107 teaches ranking/scoring each of the external device features individually to prioritize the feature using machine learning. And based on the assigned score or threshold taking a security action such as blocking or preventing the unknown device attack).



12.    Regarding claim 12 Denney teaches the computer-implemented method, further comprising: determining the security action by reference to a table associating a set of security actions, including the security action, with ranges of values of combined security scores, including the combined security score (Para: 0064-0068, Para: 0082, 0086 and Para: 0106-0107 teaches ranking/scoring each of the external device features individually to prioritize the feature using machine learning, and taking appropriate security action based on the generated score).

13. Regarding claim 13 Butler teaches the computer-implemented method further comprising: detecting the USB device inserted into a USB port (Para: 00122 teaches detecting the USB device inserted into the port).

14. Regarding claims 14 Butler in view of Denney teaches the computer-implemented method, wherein the security action is blocking the USB port from use by the USB device (Butler: Para: 0124-0127 teaches generating a report based comparison.
Denney: Para: 0064-0068 teaches the security action is blocking unknown device).




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506.  The examiner can normally be reached on Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431