DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-14, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Fellner et al US 9,817,605 in view of Lim US 2013/0222109.

 	As per claim 1, Fellner discloses an apparatus comprising: 
 	a plurality of processing devices arranged as collection ( fig.1, data storage device 102 and data storage device 108), each processing device 5storing an internal token value comprising a unique ID ( col 8, lines 43-45, the data storage devices 102 and 108 has the identifiers ID_1 and ID_2 , i.e. unique ID and col 12, lines 3-10, the log 
 a host controller circuit (col 6, lines 31-35, the host device 130) configured to perform by accessing a distributed ledger as a data structure in a memory (col 5, 45-50, perform a search operation, i.e. accessing, on the data structure to identify one more entries, i.e. internal token, or to perform a look-up operation to identify a particular entry in the data structure 154, i.e. a distributed ledger ) 
 that lists the internal token values of the respective processing devices (col 5, 40-44, the network application 152 may also be configured to update, i.e. adding, or lists, one or more entries of the data structure 154, such as by updating directory information of one or more entries).  

Fellner does not explicitly disclose a host controller circuit configured to perform a local authentication of respective processing devices.
However, Lim discloses a host controller circuit configured to perform a local authentication of respective processing devices ( fig.1, par 0022 The unique host device identifier is used to authenticate the combination of a system 100, i.e. respective processing devices with a particular destined host when operating the system in combination with a host device as explained below. In case that a plurality of host device identifiers can be stored on authentication device 140, so a plurality of host devices corresponding to the stored host device identifiers can be used when operating the system).


Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of identifying the presence of the storage device in the cloud database of Fellner, based on the teaching of authenticating by the device of the host device of Lim, because doing so would provide authenticating the device.

As per claim 3, Fellner in view of Lim discloses The apparatus of claim 1, Fellner discloses wherein each processing device further stores a 15copy of the distributed ledger and transfers the copy of the distributed ledger to the host controller circuit during the local authentication (col 4, lines 1-10, (14) FIG. 1 is a block diagram of a particular illustrative embodiment of a system 100 including a cloud storage system 150,, i.e. stores a 15copy of the distributed ledger,  a host device 130, and one or more data storage devices, such as a first data storage device 102 and a second data storage device 108. The system 100 may enable storage of and access to data associated with content stored in the one or more data storage devices).  

 As per claim 4, Fellner in view of Lim discloses The apparatus of claim 1, Fellner discloses wherein each processing device further stores an external token value comprising the internal token value of one other processing device in 20the collection ( col 4, lines 60-67 Each entry (e.g., row) of the data structure 154 may correspond to a data storage device. Each entry may include an identifier (e.g., a unique media device identifier), a user-identifier (e.g., an identifier that is user-selectable and unique to a user), and directory information (e.g., a log file), as illustrative, non-limiting examples. To illustrate, a first entry of the data structure 154 may correspond to the first data storage device 102 and may include a first identifier (ID_1), a first user-identifier (Work-01), and first directory information (<log 1>). A second entry of the data structure 154 may correspond to the second data storage device 108 and may include a second identifier (ID_2), a second user-identifier (Home), and second directory information (<log 2).  

 As per claim 5, Fellner in view of Lim discloses The apparatus of claim 4, Lim discloses wherein the host controller circuit  (par 0022 The unique host device identifier )further performs the local authentication by retrieving the external token values stored by the respective processing devices in the collection (fig.1, par 0022 The unique host device identifier is used to authenticate the combination of a system 100, i.e. respective processing devices with a particular destined host when operating the system in combination with a host device as explained below. In case that a plurality of host device identifiers can be stored on authentication device 140, so a plurality of host devices corresponding to the stored host device identifiers can be used when operating the system ).  
 	
As per claim 6, Fellner in view of Lim discloses The apparatus of claim 1, Lim discloses wherein the host controller circuit performs the local authentication by retrieving the distributed ledger, authenticating the distributed ledger and locating each of the processing devices via the internal tokens as listed in a most recent block of the distributed ledger ( par 0022 The unique host device identifier )further performs the local authentication by retrieving the external token values stored by the respective processing devices in the collection (fig.1, par 0022 The unique host device identifier is used to authenticate the combination of a system 100, i.e. respective processing devices with a particular destined host when operating the system in combination with a host device as explained below. In case that a plurality of host device identifiers can be stored on authentication device 140, so a plurality of host devices corresponding to the stored host device identifiers can be used when operating the system).  

 As per claim 7, Fellner in view of Lim discloses the apparatus of claim 1, Lim discloses wherein the host controller circuit (par 0022 The unique host device identifier ) is further configured to add a new processing device to the collection responsive to detecting the new processing device during the local authentication (par 0049 he host device is adapted and configured for checking the authenticable devices or the authentication device for malfunctions or failures in their functions or communication to the host device. This method step can be performed optionally when performing step 340. The authenticable devices and the authentication device are adapted correspondingly to detect and communicate malfunctions to the host device accordingly. Upon communication of such failure to the host device, the identifier or information of the device's failure shall be recorded in the authentication device before the failure is notified to the user. For communicating information about device failures the hashed information transmitted between the devices can be extended to comprise information about failures. The process steps of hashing the device identifiers or forming the transmitted messages in the authentication device or authenticable devices are adapted accordingly to include the failure information before communicating the message to the host. When a host device receives the message comprising the failure information, the host device can identify the occurrences of failure. In addition, if special failure codes are used for different devices or types of failures, the host device may calculate a hash value of a failure code with the identifier values to look for matching information received from the authentication device to identify the failure mechanism and to use this mechanism of tracking failures to further prevent the use of not authenticated or malfunctioning devices. ). The host controller circuit ( par 0022 The unique host device identifier)authenticating the new processing device via communications, over a network, with a remote authorized 5server, the host controller further operating to add an internal token value associated with the new processing device to the distributed ledger (par 0049 he process steps of hashing the device identifiers or forming the transmitted messages in the authentication device or authenticable devices are adapted accordingly to include the failure information before communicating the message to the host. When a host device receives the message comprising the failure information, the host device can identify the occurrences of failure. In addition, if special failure codes are used for different devices or types of failures, the host device may calculate a hash value of a failure code with the identifier values to look for matching information received from the authentication device to identify the failure mechanism and to use this mechanism of tracking failures to further prevent the use of not authenticated or malfunctioning devices.).  

 As per claim 8, Fellner in view of Lim discloses the apparatus of claim 1, wherein  Lim discloses the host controller circuit authenticates the collection by forwarding a first query to each of the processing devices, and evaluating 10a corresponding response from each of the processing devices generated using the internal token value stored by the associated processing device (par 0049 he host device is adapted and configured for checking the authenticable devices or the authentication device for malfunctions or failures in their functions or communication to the host device. This method step can be performed optionally when performing step 340. The authenticable devices and the authentication device are adapted correspondingly to detect and communicate malfunctions to the host device accordingly. Upon communication of such failure to the host device, the identifier or information of the device's failure shall be recorded in the authentication device before the failure is notified to the user. For communicating information about device failures the hashed information transmitted between the devices can be extended to comprise information about failures. The process steps of hashing the device identifiers or forming the transmitted messages in the authentication device or authenticable devices are adapted accordingly to include the failure information before communicating the message to the host. When a host device receives the message comprising the failure information, the host device can identify the occurrences of failure. In addition, if special failure codes are used for different devices or types of failures, the host device may calculate a hash value of a failure code with the identifier values to look for matching information received from the authentication device to identify the failure mechanism and to use this mechanism of tracking failures to further prevent the use of not authenticated or malfunctioning devices). 
 
 As per claim 9, Fellner in view of Lim discloses the apparatus of claim 1, Lim disclose wherein the distributed ledger comprises a sequence of ledger blocks, each ledger block updated responsive to a separate 15authentication operation to authenticate the collection, each ledger block listing the processing devices in the collection, the associated internal tokens for the processing devices, registration information associated with the processing devices, and security policy information associated with the processing devices (par 0049 he host device is adapted and configured for checking the authenticable devices or the authentication device for malfunctions or failures in their functions or communication to the host device. This method step can be performed optionally when performing step 340. The authenticable devices and the authentication device are adapted correspondingly to detect and communicate malfunctions to the host device accordingly. Upon communication of such failure to the host device, the identifier or information of the device's failure shall be recorded in the authentication device before the failure is notified to the user. For communicating information about device failures the hashed information transmitted between the devices can be extended to comprise information about failures. The process steps of hashing the device identifiers or forming the transmitted messages in the authentication device or authenticable devices are adapted accordingly to include the failure information before communicating the message to the host. When a host device receives the message comprising the failure information, the host device can identify the occurrences of failure. In addition, if special failure codes are used for different devices or types of failures, the host device may calculate a hash value of a failure code with the identifier values to look for matching information received from the authentication device to identify the failure mechanism and to use this mechanism of tracking failures to further prevent the use of not authenticated or malfunctioning devices).  

 As per claim 10, 20 Fellner in view of Lim discloses the apparatus of claim 1, Fellner discloses wherein the processing devices comprise data storage devices each having a data storage device controller circuit and a non-volatile memory (NVM) to store user data supplied by the host device (col 4, lines 10-15  he first data storage device 102 may be coupled to the host device 130 (e.g., a first interface, such as a first wired interface or a first wireless interface) via a first communication path 110 and the second data storage device 108 may be coupled to the host device 130).  

 As per claim 11, Fellner in view of Lim discloses the apparatus of claim 1, Fellner discloses wherein the host controller circuit comprises a 25crypto circuit that applies a cryptographic function to cryptographically protect the distributed ledger and a local secure memory in which a copy of the cryptographically protected distributed ledger is stored (col 6, lines 15-29,  information associated with the set of entries may be protected from unauthorized access by users that do not have the user name and/or password of the user account. An administrator of the cloud storage may have access to the information associated with the user account (e.g., the user profile and/or information from the set of entries, such as model information of data storage devices) and may use the information to communicate with the user of the user account. For example, the administrator may communicate with the user to inform the user of a software update for a particular data storage device, to inform the user of new products, or to provide the user).  

 As per claim 12, Fellner in view of Lim discloses the apparatus of claim 1, Fellner discloses wherein the host controller circuit is an edge 30computing device in a cloud networking environment ( col 4, lines 1-10, (14) FIG. 1 is a 100 including a cloud storage system 150,, i.e. stores a 15copy of the distributed ledger,  a host device 130, and one or more data storage devices, such as a first data storage device 102 and a second data storage device 108. The system 100 may enable storage of and access to data associated with content stored in the one or more data storage devices).  

As per claim 13, Fellner discloses a method comprising:
 	 forming a collection of processing devices each storing a unique internal token value in a keystore memory(col 7, lines, 40-45 28) After a particular data storage device is registered or is verified to have previously been registered, the client application 134 may provide updated directory information to the cloud storage system 150 periodically or when there is a change in the content stored in the particular data storage device (while the particular data storage device is coupled to the host device 130)); 
  generating, by a host controller circuit coupled to the processing devices, a 5distributed ledger as a data structure in a memory, the distributed ledger including a copy of the internal token values stored by the processing devices ( col 5, lines 35-45 the network application 152 may be configured to generate and maintain the data structure 154. For example, the network application 152 may be configured to register one or more data storage devices with the cloud storage system 150 and to initiate generation of an entry for each data storage device. The network application 152 may also be configured to update one or more entries of the data structure 154, such as by updating directory information of one or more entries. ); and
 using the host controller circuit to (col 6, line 30-40  the host device ) perform a local authentication of the collection of the processing devices by decoding the distributed ledger ( col 5, 45-50, perform a search operation, i.e. accessing, on the data structure to identify one more entries, i.e. internal token, or to perform a look-up operation to identify a particular entry in the data structure 154, i.e. a distributed ledger ) and confirming the 10internal token values from the distributed ledger match the internal token values stored by the processing devices ( col 5, 45-50, perform a search operation, i.e. accessing, on the data structure to identify one more entries, i.e. internal token, or to perform a look-up operation to identify a particular entry in the data structure 154, i.e. a distributed ledger and  col 5, 40-44, the network application 152 may also be configured to update, i.e. adding, or lists, one or more entries of the data structure 154, such as by updating directory information of one or more entries).  
Fellner does not explicitly disclose a host controller circuit configured to perform a local authentication of respective processing devices.
However, Lim discloses a host controller circuit configured to perform a local authentication of respective processing devices ( fig.1, par 0022 The unique host device identifier is used to authenticate the combination of a system 100, i.e. respective processing devices with a particular destined host when operating the system in combination with a host device as explained below. In case that a plurality of host device identifiers can be stored on authentication device 140, so a plurality of host devices corresponding to the stored host device identifiers can be used when operating the system).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of identifying the presence of the storage device in the cloud database of Fellner, based on the teaching of authenticating by the device of the host device of Lim, because doing so would provide authenticating the device.
 
As per claim 14, Fellner in view of Lim disclose the method of claim 13, Lim discloses further comprising detecting a new device during the local authentication, authenticating the new device by communicating, via a network, 15security information between the host controller circuit and a remote trusted authority server, generating a new internal token value for the new device, and adding the new internal token value for the new device to the distributed ledger (0022, Optionally at least one unique identifier of a host device is stored in the authentication device 140. The at least one unique host device identifier can be provided from host device database 160 having stored therein the at least one unique host device identifier. The unique host device identifier is used to authenticate the combination of a system 100 with a particular destined host when operating the system in combination with a host device as explained below. In case that a plurality of host device identifiers can be stored on authentication device 140, so a plurality of host devices corresponding to the stored host device identifiers can be used when operating the system ). 

As per claim 16, Fellner in view of Lim disclose the method of claim 13, Lim discloses wherein each of the processing devices further stores an external token value comprising the internal token value of a selected one of the other processing devices in the collection, wherein the distributed ledger identifies which processing device stores which external token value in the collection, and wherein the 25host controller circuit further uses the external token values to authenticate the collection (par 0032 In case the identifier of the authentication device has been stored in the host device, the host device may optionally send a request message to the authentication device requesting the identifier of the authentication device. The authentication device may accordingly transmit its identifier to the host device using the secure communication. Upon receipt the host device may then check the provided authentication device identifier with a corresponding identifier stored in the host device. Note that the authentication device may provide a hash value of its identifier, and the host device may use the provided hash value for verification. In this way the host device may ensure that it communicates to a particular individual authentication device, which has been authorized for communication with the host device by storing the authentication device identifier in the host device. In case the transmitted authentication device identifier differs from the corresponding identifier stored in the host device, the host device may raise a corresponding error action and may exit the authentication method thus preventing the use of the full functionality of the system. In case the host device finds that the provided authentication device identifier matches the transmitted identifier, the method may perform subsequent steps of the authentication method. ).  

As per claim 17, Fellner in view of Lim disclose the method of claim 13, wherein the host controller circuit authenticates the collection by forwarding a first query to each of the processing devices, and evaluating a corresponding response from each of the processing devices generated using the internal 30token value stored by the associated processing device ( par 0031 In one of the first steps of the authentication method 300, the host device establishes in 310 a secure communication session with the authentication device. In one embodiment this can be achieved by using conventional method steps. In one embodiment the host device may transmit a first message to the authentication device comprising the public portion of a public/private key pair. Note that the public key of a public/private key pair enables encryption only, whereas for decryption the public and the private key are needed. The authentication device may send a reply message to the host device comprising an encrypted symmetric key, i.e., a session key, which the host device and the authentication device may use for encrypting and decrypting messages. The host device may decrypt the encrypted symmetric key thus being able to encrypt and decrypt messages using that symmetric key as a session key ).  

As per claim 18, Fellner in view of Lim disclose the method of claim 13, Lim discloses wherein the distributed ledger comprises a sequence of ledger blocks, each ledger block updated responsive to a separate authentication operation to authenticate the collection, each ledger block listing the 5processing devices in the collection, the associated internal tokens for the processing devices, registration information associated with the processing devices, and security policy information associated with the processing devices(par 0032 [0032] In case the identifier of the authentication device has been stored in the host device, the host device may optionally send a request message to the authentication device requesting the identifier of the authentication device. The authentication device may accordingly transmit its identifier to the host device using the secure communication. Upon receipt the host device may then check the provided authentication device identifier with a corresponding identifier stored in the host device. Note that the authentication device may provide a hash value of its identifier, and the host device may use the provided hash value for verification. In this way the host device may ensure that it communicates to a particular individual authentication device, which has been authorized for communication with the host device by storing the authentication device identifier in the host device. In case the transmitted authentication device identifier differs from the corresponding identifier stored in the host device, the host device may raise a corresponding error action and may exit the authentication method thus preventing the use of the full functionality of the system. In case the host device finds that the provided authentication device identifier matches the transmitted identifier, the method may perform subsequent steps of the authentication method).  


As per claim 19, Fellner discloses A method comprising: 
 adding a new storage device to an existing collection of storage devices coupled to an edge computing device in a cloud computing network (col 7, lines, 40-45 28) After a particular data storage device is registered or is verified to have previously been registered, the client application 134 may provide updated directory information to the cloud storage system 150 periodically or when there is a change in the content stored in the particular data storage device (while the particular data storage device is coupled to the host device 130) ); 
authenticating, through communications between the edge computing device and a 5trusted server across the network, the new storage device, the authenticating including a transfer of security information to the new storage device for storage in a secure memory thereof ( col 5, lines 35-45 the network application 152 may be configured to generate and maintain the data structure 154. For example, the network application 152 may be configured to register one or more data storage devices with the cloud storage system 150 and to initiate generation of an entry for each data storage device. The network application 152 may also be configured to update one or more entries of the data structure 154, such as by updating directory information of one or more entries); 
appending the security information to a distributed ledger maintained by the edge computing device, the distributed ledger listing security information for each 10of the existing collection of storage devices ( col 5, 45-50, perform a search operation, i.e. accessing, on the data structure to identify one more entries, i.e. internal token, or to perform a look-up operation to identify a particular entry in the data structure 154, i.e. a distributed ledger and  col 5, 40-44, the network application 152 may also be configured to update, i.e. adding, or lists, one or more entries of the data structure 154, such as by updating directory information of one or more entries ); and 
establishing a trust boundary that includes the new storage device, the existing collection of storage devices and the edge computing device responsive to a local authentication operation using the distributed ledger without reference to the trusted server (col 5, 45-50, perform a search operation, i.e. accessing, on the data structure to identify one more entries, i.e. internal token, or to perform a look-up operation to identify a particular entry in the data structure 154, i.e. a distributed ledger ).  

Fellner does not explicitly disclose a host controller circuit configured to perform a local authentication of respective processing devices.
However, Lim discloses a host controller circuit configured to perform a local authentication of respective processing devices ( fig.1, par 0022 The unique host device identifier is used to authenticate the combination of a system 100, i.e. respective processing devices with a particular destined host when operating the system in combination with a host device as explained below. In case that a plurality of host device identifiers can be stored on authentication device 140, so a plurality of host devices corresponding to the stored host device identifiers can be used when operating the system).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of identifying the presence of the storage device in the cloud database of Fellner, based on the teaching of authenticating by the device of the host device of Lim, because doing so would provide authenticating the device.


As per claim 20, Fellner in view of Lim discloses the method of claim 19, wherein each of the new storage device and the existing collection of storage devices comprise a solid-state drive (SSD) with a storage device controller circuit and a flash memory(col 4, lines 10-15  he first data storage device 102 may be coupled to the host device 130 (e.g., a first interface, such as a first wired interface or a first wireless interface) via a first communication path 110 and the second data storage device 108 may be coupled to the host device 130).  


Claims 2 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over  Fellner et al US 9,817,605 in view of Lim US 2013/0222109 in view of Christensen et al US 2020/0036514.

 	As per claim 2, Fellner in view of Lim discloses the apparatus of claim 1, wherein the distributed ledger is arranged as a blockchain. 
 	However, Manchovski discloses  wherein the distributed ledger is arranged as a blockchain ( [0090] Next, the server generates an operation token corresponding to the input data storage operation (see block 730). As discussed above, the operation token may include one or more blockchain tokens that correspond to the storage of the input data on a blockchain network.). 

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of identifying the presence of the storage device in the cloud database of Fellner, based on the teaching of authenticating by the device of the host device of Lim,  based on the teaching of token includes in the blockchain of Christensen, because doing so would provide data recording and retrieval using the operation token(abstract).

 	As per claim 15, Fellner in view of Lim discloses the method of claim 13, wherein the distributed ledger is a blockchain.  
 	However, Manchovski discloses wherein the distributed ledger is a blockchain.  
 ([0090] Next, the server generates an operation token corresponding to the input data storage operation (see block 730). As discussed above, the operation token may include one or more blockchain tokens that correspond to the storage of the input data on a blockchain network). 
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of identifying the presence of the storage device in the cloud database of Fellner, based on the teaching of authenticating by the device of the host device of Lim,  based on the teaching of token includes in the blockchain of Christensen, because doing so would provide data recording and retrieval using the operation token(abstract).

 	


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Manchovski US 2021/0097795. (par 0118 After the user device 503 receives the token 506 or a notification regarding the token 506, the user device 503 verifies the token 506 against the Blockchain to make sure that the token 506 represents the correct information).


Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496