DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.  This Final Office Action is in response to amendment filed on 12/09/2021.
	Claims 1, 9 and 13 have been amended. Claims 16-20 have been newly added. Claims 1-20 remain pending in the application. 

Response to Amendment

The amendment filed 12/09/2021 has been entered. Claims 1, 9 and 13 have been amended. Claims 16-20 have been newly added. Claims 1-20 remain pending in the application.

Response to Arguments

Regarding Applicant’s arguments, on page 8-13 of the remark filed on 12/09/2021, on the limitations of claims 1: “decrypt the encrypted separate unique passphrases”, 
	“On the combination to incorporate Campagna teaching’s with Koning’s teachings”
“On the combination to incorporate Smith’s teachings with Koning’s teachings”, arguments, are not persuasive
	Applicant argues on page 10 paragraphs 1 of the remarks filed on 12/09/2021 that the cited references fail to expressly or inherently disclose or make obvious the features incorporate decrypting an encrypted separate unique passphrase corresponding to each disk drive. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Koning describes on Par. (0037) (0058), and (0050-0053) that teaches multiple passphrases being utilized for a plurality of machine-readable storage devices that can be broadly and reasonably interpreted as a separate passphrase. The features that Wang or Koning lack Campagna further supports in Par. (0019) that describes the encryption of an export key token, this key/token can be broadly and reasonably interpreted as a separate unique passphrase as Par. (0040) discloses multiple key tokens that are used. Campagna explains in detail in Par. (0021) the process of decrypting this export key token that was previously encrypted and thereby reads on the limitation of decrypting a separate unique passphrase. Therefore, the rejection is maintained.

Applicant argues on page 10 paragraph 3 of the remarks filed on 12/09/2021 that the cited references fail to expressly or inherently disclose or make obvious that the features would not have been obvious to one of ordinary skill in the art before the effective filing date to incorporate Campagna’s teachings with Konings teachings. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Koning teaches in similarity to the teachings of Campagna by the 

Applicant argues on page 11 paragraph 7 of the remarks filed on 12/09/2021 that the cited references fail to expressly or inherently disclose or make obvious that the features would not have been obvious to one of ordinary skill in the art before the effective filing date to incorporate Smith’s teachings with Konings teachings. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. It would have been obvious to one of ordinary skill in the art to incorporate Smith’s teaching because Smith further defines multiple storage devices and authenticating access stated in Par. (0018) “computer program product for providing comprehensive protection of data stored on storage devices in a computing platform. Data are protected by authenticating users of the platform prior to allowing access to data stored on the storage devices.” As well as the use of passphrases in the authentication process much like the teachings of Koning as further stated in Smith Par. 



Regarding Applicant’s arguments, on pages 8-13 of the remark filed on 12/09/2021, on the newly added limitations of claim 1: “a plurality of encrypted separate unique passphrases, each encrypted separate unique passphrase of the plurality of encrypted separate unique passphrases corresponding to an; of the plurality of encrypted separate unique passphrases”, arguments are persuasive.
Therefore, the 35 U.S.C. 103 rejection over Wang et al. (U.S Pub. No. 20130166869) and Koning et al. (U.S Pub. No. 20150052369) in further view of Campagna et al. (U.S Pub. No. 20170006018) has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in 
	For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Page 8-13, regarding allowance of the application. Examiner asserts that claims 1-20 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below.
	Conclusion: Wang- Koning – Campagna-Tu teaches the aforementioned limitations of independent claims 1, 9 and 13 rendering the claim limitations obvious before the effective date of the claimed invention.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 7 and 17-18 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a 

In regards to Claim 7, the applicant recites the limitation “a plurality of encrypted separate unique passphrases”, this is unclear because a plurality of encrypted separate unique passphrases is already previously recited earlier in independent claim 1. This creates confusion as to which plurality of encrypted separate unique passphrases the applicant is referring to if it is the plurality of encrypted separate unique passphrases recited earlier in the claims or a new embodiment of a plurality of encrypted separate unique passphrases. The specifications states on Par. (0020) “machine-readable storage medium 118 may store a plurality of encrypted passphrases for each machine-readable storage device 1121 to 11 2N, respectively. In this example, each of the plurality of encrypted passphrases for each machine-readable storage device 1121 to 11 2N corresponds to a different user token.”. Therefore it will be broadly and reasonable interpreted that a plurality of encrypted separate unique passphrases is referring to the same plurality of encrypted separate unique passphrases recited earlier in independent claim 1. Examiner suggests amending the claim by using the phrase “the” in front of a plurality of encrypted separate unique passphrases to recite consistent claim language and eliminate confusion. 

In regards to Claim 17, the applicant recites the limitation “a single external user token”, this is unclear because an external user token is already recited earlier in the independent claims. This creates confusion as to which external user token the platform firmware (e.g., basic input/output system (BIOS) or unified extensible firmware interface (UEFI)) is used to transparently and securely unlock a plurality of machine-readable storage devices for read and/or write access at boot time in response to receiving a single user token (e.g., password, passphrase, digital certificate, biometric token, etc.).” Therefore it will be broadly and reasonably interpreted that a single external user token is referring to a remote, external, USB or biometric token that is received by a firmware component. Examiner suggest amending the claims to recite consistent claim language with the already recited external user token.

In regards to Claim 18, the applicant recites the limitation “a valid key” and “an invalid key”, this creates confusion was to which key the applicant is referring to as “a key” was already previously recited in the independent claims. This creates uncertainty if the valid and invalid key is referring to the same key recited in the independent claims or if the invalid and valid key is referring to a new embodiment of keys. The specification states on Par. (0018) “In response to an invalid user token being provided and therefrom an invalid key being derived (i.e., the derived key does not provide key PWDK 120), platform firmware 104b and/or key management service 116 will be unable to decrypt the encrypted passphrases MP1 to MPN.” Therefore it will be broadly and reasonably interpreted that the valid key and invalid key is referring to the Examiner suggest amending the claims to clearly define what the invalid and valid key is referring to.


Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-2, 4, 6-11, 13 and 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (U.S Pub. No 20130166869, hereinafter referred to as "Wang"), Koning et al. (U.S Pub. No. 20150052369, hereinafter referred to as "Koning") and Tu et al. (U.S Pub. No. 20150200781, hereinafter referred to as "Tu") hereinafter referred to as “Campagna”)

Regarding Independent Claim 1 (Currently Amended), Wang teaches a system comprising: a plurality of machine-readable storage devices (Par. (0014) "a computing machine 100 coupled to a storage device"; storage device), (Par. (0082)"In other embodiments, the method of FIG. 6 uses additional components and/or devices in addition to and/or in lieu of those  noted above and illustrated  in FIGS.  1, 2, 3, 4, and 5."; a plurality of machine-readable storage devices (additional storage devices) 
platform firmware  (Par.  (0019) “The locking mechanism  can include a software, firmware, hardware, and/or mechanical component configured to restrict access to data and content on the storage device"; platform firmware (firmware)), (Par. (0024) "The storage application can be firmware which is embedded onto the processor 120, the computing machine 100, and/or the storage device 140. In another embodiment, the storage application is a BIOS (Basic lnpuUOutput System)": platform firmware (can be firmware/ BIOS)), (Par. (0065) "As noted above, in one embodiment, the storage application 510 is a BIOS or a firmware that is embedded into one or more components of the computing machine"; BIOS or firmware).
However Wang does not explicitly teach each of the plurality of machine-readable storage devices to be unlocked for read and/or write access via a separate unique passphrase for each individual machine-readable storage device of the plurality of machine-readable storage devices; a machine-readable storage medium storing a 
Wherein Koning teaches each of the plurality of machine-readable storage devices to be unlocked for read and/or write access via a separate unique passphrase for each individual machine-readable storage device of the plurality of machine-readable storage devices ((Figure 1 labels 140; plurality of machine-readable storage devices (disk drives)). (Par. (0019-0020) "providing a plurality of data storage devices; establishing an encryption key (e.g., PIN) for the plurality of data storage devices; and"; plurality of machine-readable storage devices). (Par. (0054)" The encryption key (Access Key/PIN) needed for unlocking and decrypting disk data is stored in pieces, shares or other partial amounts with the storage array across a plurality of storage devices"; unlocking of storage devices), (Par. (0058) “each member generates the Access Key separately, so the PINs (Access Keys) are different even if the arrays belong to the same cluster or network.”; separate unique passphrase (PINs/ Access Keys generated separately and are different)), (Par. (0017-0021) “the PIN from the shares, then sending the PIN to the disk driver to allow it to unlock the drives. [..] establishing an encryption key (e.g., PIN) for the plurality of data storage devices; [..] throughout the plurality of data storage devices such that the encryption key is rendered undeterminable with less than a threshold subset of the plurality of data storage devices.”; each individual machine-readable storage device of the plurality of machine-readable storage devices (disk drive associated with the plurality of data storage devices corresponding to unique passphrase (PIN) that unlock each of the storage devices))
decrypt ……..    ……….. stored in the machine-readable storage medium for each individual machine-readable storage device of the plurality of machine- readable storage devices using the key, ((Par. (0054) "The encryption key (Access Key/PIN) needed for unlocking and decrypting disk data is stored in pieces, shares or other partial amounts with the storage array across a plurality of storage devices,"; decrypting used to unlock storage device).
 and unlock each individual machine-readable storage device of the plurality of machine-readable storage devices using the corresponding decrypted separate unique passphrase for each individual machine-readable storage device of the plurality of machine- readable storage devices. (Par.(0037) "(1) redundant on-system key storage, and (2) no back door (bypass). The keys needed for unlocking and decrypting disk data are stored within the storage array across a plurality of storage devices"; decrypting (Encryption key/PINs) used to unlock storage device), (Par. (0058) “each member generates the Access Key separately, so the PINs (Access Keys) separate unique passphrase (PINs/ Access Keys generated separately and are different)), (Par. (0017-0021) “the PIN from the shares, then sending the PIN to the disk driver to allow it to unlock the drives. [..] establishing an encryption key (e.g., PIN) for the plurality of data storage devices; [..] throughout the plurality of data storage devices such that the encryption key is rendered undeterminable with less than a threshold subset of the plurality of data storage devices.”; each individual machine-readable storage device of the plurality of machine-readable storage devices (disk drive associated with the plurality of data storage devices corresponding to unique passphrase (PIN) that unlock each of the storage devices))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Koning within the teachings of Wang to include unlocking for read and/or write access of each of the plurality of machine-readable storage devices via a separate unique passphrase, unlocking the storage device using the decrypted passphrase because of the analogous concept of unlocking storage devices for access using a passphrase with encryption elements. Koning includes a method of unlocking a storage device for read/write access using a separate passphrase for multiple storage devices. This is important because it prevents a user from being required to remember multiple passphrases for each storage device. By matching the correct separate passphrase that corresponds to one specific storage device and differs from the other plurality of storage devices it creates efficient and fast boot time for the operation and in return is more convenient and eases the concern of the user in execution. Koning 
The motivation to combine these references is because by implementing a method to store, decrypt and unlock storage devices using a separate unique passphrase it will lessen the difficulties and burdens on users that a forced to remember multiple passwords for each storage device in various groups. This in return will lead to optimal boot and execution times for normal operations of storage devices without having to abandon the protection of confidential data from unauthorized access by using the encrypted passphrases leading to a significant reduction in unnecessary risk.
However Wang and Koning do not explicitly teach a machine-readable storage medium storing a plurality of encrypted separate unique passphrases, each encrypted separate unique passphrase of the plurality of encrypted separate unique passphrases corresponding to an individual machine-readable storage device of the plurality of 
Wherein Tu teaches a machine-readable storage medium storing a plurality of encrypted separate unique passphrases, (Par. (0024-0025) “a computer-readable storage medium may store thereon instructions that when executed by a machine result in performance according to any of the [..] a datastore may be stored in the repository for a data storage element”; machine-readable storage medium (datastore with data storage element corresponding to storage medium)), (Par. (0011-0012) “different datastores 172, 174 may store passwords in different ways. By ways of example only, the first datastore 172 might be associated with a database that saves a password [..] these passwords may be encrypted before being saved”; machine-readable storage medium (datastore with storage elements) storing a plurality of encrypted spate unique passphrases (store passwords that may be encrypted before being saved/stored)), (Par. (0030) “The data storage device 430 may comprise any appropriate persistent storage device, including combinations of magnetic storage devices (e.g., magnetic tape, hard disk drives”; machine readable storage medium (data storage) corresponding to a hard disk drives))
each encrypted separate unique passphrase of the plurality of encrypted separate unique passphrases corresponding to individual machine-readable storage device of the plurality of machine-readable storage devices; and (Par. (0026) “in the repository to associate the password reference identifier with an actual encrypted password for the data storage element. [..] the password reference identifier the actual encrypted password for the data storage element.”; each encrypted separate unique passphrase (encrypted password with password reference identifier) corresponding to individual machine-readable storage device (data storage element)), (Par. (0017-0018) “provided to facilitate the transfer of data between the data storage elements 212, 214. [..] each datastore 572, 574 stores a password reference identifier and the repository 260 further includes a password center table 280. [..] with the current encrypted passwords”; plurality of separate unique passphrases ( password center table with encrypted passphrases) of a plurality of machine readable storage devices (data storage elements 212, 214)), (Par. (0036) “each system described herein may be implemented by any number of devices in communication [..] Each device may comprise any number of hardware and/or software elements suitable to provide the functions described herein as well as any other functions”; plurality of machine readable storage devices ( any number of devices/ each device)), (Par. (0012) “these passwords may be encrypted before being saved [..] a data storage element 112, 114 may be allowed to change password at any time. In order to access data storage element 112 at runtime, the password must be decrypted. Since the password will be decrypted,”; each encrypted separate unique passphrase (passwords may be encrypted)) corresponding to individual machine readable storage devices ( data storage elements 112, 114 associated with allowed access to password and to decrypt the specific password)), (Par. (0014-0015) “for each password storage location, another "key_id" property might be attached for decryption purposes. That is, the actual key may be stored in another, secure place and the key_id can be used as a reference [..] the password value (which is likely less than 1% of the volume of the column), and assemble the whole column back to database. Note that the rekey logic may need to parse a substantially large XML string just to update a 20 character password”; encrypted separate unique passphrase (each password with key id and password value with 20 character password string))
of the plurality of encrypted separate unique passphrases (Par. (0011-0012) “different datastores 172, 174 may store passwords in different ways. By ways of example only, the first datastore 172 might be associated with a database that saves a password [..] these passwords may be encrypted before being saved”; plurality of encrypted separate unique passphrases ( passwords may be encrypted)), (Par. (0002) “may store encrypted passwords for the data storage elements to allow access to the data sources at run time.”; plurality of encrypted separate unique passphrases (store encrypted passwords))
decrypt the corresponding encrypted separate unique passphrase (Par. (0012) “In order to access data storage element 112 at runtime, the password must be decrypted. Since the password will be decrypted,”; decrypting the password)) (Par. (0033) “he encrypted password 506 may be actual encrypted password that will replace the reference identifier 504 within the datastore at execution time. The decryption key link 508 may comprise a pointer or other information that may help locate the key that can be used to decrypt the encrypted password.”; decrypting the password))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Tu within the teachings of Wang and to include storing a plurality of encrypted separate unique passphrases in a storage medium, with each encrypted passphrase corresponding to an individual storage device of a plurality and decrypt the encrypted separate unique passphrase because of the analogous concept of storage device protection for read/write access using 
However Wang, Koning and Tu do not explicitly teach to receive an external user token, derive a key from the external user token.
Wherein Campagna teaches to receive an external user token, (Figure 1 labels 102, 104, 106 and 108; receive an external user token (user (customer 102) sending key token (106) externally to service provider 104 via HSM 106)), (Par. (0019) “an export key token, the export key token may be provided to a hardware security module”; to receive an external user token (export key token may be provided))
derive a key from the external user token (Par. (0019) “the export key token to obtain the customer key and perform the requested cryptographic operations(s).”; derive a key (obtain the customer key) from the external user token (export key token to obtain the customer key))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Campagna within the teachings of Wang, Koning, and Tu to include receiving an external user token and deriving a key from the external user token because of the analogous concept of the secure protection of storage devices and an authentication process with the use of unique keys. Campagna includes a process of receiving an external user token and from that external user token deriving a key. This is significant because by implementing an external user token and deriving a key from that token it provides a solution to the problem of the user having to remember multiple passphrases. By receiving the token externally the user is assured that the key from within the token is not compromised or altered and that prior to the operation of unlocking the storage device it is ensured that passphrase cannot be forged or duplicated because of the existing token and derived key that is present. This in return makes the unlocking of the storage becomes more secure and protected by the utilization of the user token being received, derived, decrypted and then finally unlocking the corresponding device, leading towards a more protected exchange of communication.

Regarding dependent claim 2 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1. Wang further teaches the system of claim 1, wherein the platform firmware comprises the machine-readable storage medium. (Par. 0024 line 8-10, 0065 line 2-3, 14).

Regarding dependent claim 4 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 1, wherein the platform firmware comprises a basic input/output system (BIOS) or unified extensible firmware interface (UEFI). (Par. 0024 line 3-5, 0065 line 8-10).


Regarding dependent claim 6 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 1, …….. using symmetric encryption or asymmetric encryption, and (Par. (0048) The key 380 is a secret key which can include a sequence of numbers and/or characters which can be used to encrypt and/or decrypt the authorization”; asymmetric encryption (secret key (private key) used for encryption/decryption))
wherein the platform firmware decrypts a private decryption key using the key ….. using asymmetric encryption. (Par.  (0019) “The locking mechanism  can include a software, firmware, hardware, and/or mechanical component configured to restrict access to data and content on the storage device"; platform firmware (firmware)), (Par. (0024) "The storage application can be firmware which is embedded onto the processor 120, the computing machine 100, and/or the storage device 140. In another embodiment, the storage application is a BIOS (Basic lnpuUOutput System)": platform firmware (can be firmware/ BIOS)), (Par. (0062) “410 decrypts the encrypted authorization using the key 480 to obtain the authorization. The storage device 440 is then unlocked using the authorization.”; decrypts a private decryption key using the key (decrypts the encrypted authorization using the key)), (Par. (0030) “The authorization can include a password, a key, and/or any additional secret”; private decryption key (authorization corresponding to secret key)), (Par. (0048) “The key 380 is a secret key”; private decryption key (key is a secret key)), (Par. (0065) "As noted above, in one embodiment, the storage application 510 is a BIOS or a firmware that is embedded into one or more components of the computing machine"; BIOS or firmware),  (Par. 0031 line 5-6). (Par. (0048) The key 380 is a secret key which can include a sequence of numbers and/or characters which can be used to encrypt and/or decrypt the authorization”; asymmetric encryption (secret key (private key) used for encryption/decryption))
However Wang does not expliclty teach wherein each encrypted separate unique passphrase is encrypted, and decrypts the encrypted separate unique passphrases using the private decryption key when each encrypted separate unique passphrase is encrypted
Wherein Tu teaches wherein each encrypted separate unique passphrase is encrypted (Par. (0012) “In order to access data storage element 112 at runtime, the password must be decrypted. Since the password will be decrypted,”; decrypting the password)) 
and decrypts the encrypted separate unique passphrases using the private decryption key when each encrypted separate unique passphrase is encrypted (Par. (0033) “he encrypted password 506 may be actual encrypted password that will replace the reference identifier 504 within the datastore at execution time. The decryption key link 508 may comprise a pointer or other information that may help decrypt the encrypted password.”; decrypting the spate unique passphrases (password)))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Tu within the teachings of Wang and Koning for the reasons stated above in independent claim 1.
However Campagna further teaches using symmetric encryption or asymmetric encryption (Par. (0032) “a symmetric cryptographic key that is shared between the principal 202 and the authentication service 216. The authentication service, therefore, may use a copy of the symmetric cryptographic key to verify digital signatures of requests purported to have been generated by the principal 202. However, in other embodiments, the authentication service 216 may be configured to utilize asymmetric cryptography for digital signature verification”; using symmetric/asymettric)
using asymmetric encryption (Par. (0032) “a symmetric cryptographic key that is shared between the principal 202 and the authentication service 216. The authentication service, therefore, may use a copy of the symmetric cryptographic key to verify digital signatures of requests purported to have been generated by the principal 202. However, in other embodiments, the authentication service 216 may be configured to utilize asymmetric cryptography for digital signature verification”; using symmetric/asymmetric)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Campagna within the teachings of Wang, Koning and Tu for the reasons stated above in independent claim 1.


Regarding dependent claim 7 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 1, wherein the machine-readable storage medium stores a plurality of encrypted separate unique passphrases (Par. 0024 lines 6-8, 0030 line 7-11,), (Par. (0058) “each member generates the Access Key separately, so the PINs (Access Keys) are different even if the arrays belong to the same cluster or network.”; separate unique passphrase (PINs/ Access Keys generated separately and are different)), for each individual machine-readable storage device, (Par. 0014, 0082 line 8, 0066 line 7-8), (Par. (0017-0021) “the PIN from the shares, then sending the PIN to the disk driver to allow it to unlock the drives. [..] establishing an encryption key (e.g., PIN) for the plurality of data storage devices; [..] throughout the plurality of data storage devices such that the encryption key is rendered undeterminable with less than a threshold subset of the plurality of data storage devices.”; each individual machine-readable storage device of the plurality of machine-readable storage devices (disk drive associated with the plurality of data storage devices corresponding to unique passphrase (PIN) that unlock each of the storage devices)) each of the plurality of encrypted separate unique passphrases for each individual machine-readable storage device corresponding to a different …. user token. (Par. (0058) “each member generates the Access Key separately, so the PINs (Access Keys) are different even if the arrays belong to the same cluster or network.”; separate unique passphrase (PINs/ Access Keys generated separately and are different) corresponding to different storage devices)
However Wang, Koning and Tu do not explicitly teach an external user token 
an external user token (Figure 1 labels 102, 104, 106 and 108; an external user token (106)), (Par. (0019) “an export key token, the export key token may be provided to a hardware security module”; to receive an external user token (export key token may be provided))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Campagna to the teaching of Wang, Koning and Tu for the reasons stated above in independent claim 1.

Regarding dependent claim 8 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 1, wherein the ….user token unlocks an operating system at boot time. (Par. 0039 line 1-2, 0069 line 5-9, 0083 line 11-13).
However Wang, Koning and Tu do not explicitly teach an external user token 
Wherein Campagna teaches an external user token (Figure 1 labels 102, 104, 106 and 108; an external user token (106)), (Par. (0019) “an export key token, the export key token may be provided to a hardware security module”; to receive an external user token (export key token may be provided))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Campagna to the teaching of Wang, Koning and Tu for the reasons stated above in independent claim 1.

Regarding independent claim 9 (Currently Amended), claim 9 is a system claim that correspond to the system of claim 1. Claim 9 recites similar limitations as 

Regarding dependent claim 10 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 9, wherein the machine-readable storage medium stores identifying information for each individual machine-readable storage device associated with the encrypted separate unique passphrase for each individual machine-readable storage device. (Par. 0020, 0022, 0030 lines 5-11, 0033 line 5-8, 0036). (Par. (0058) “each member generates the Access Key separately, so the PINs (Access Keys) are different even if the arrays belong to the same cluster or network.”; separate unique passphrase (PINs/ Access Keys generated separately and are different)), (Par. (0017-0021) “the PIN from the shares, then sending the PIN to the disk driver to allow it to unlock the drives. [..] establishing an encryption key (e.g., PIN) for the plurality of data storage devices; [..] throughout the plurality of data storage devices such that the encryption key is rendered undeterminable with less than a threshold subset of the plurality of data storage devices.”; each individual machine-readable storage device of the plurality of machine-readable storage devices (disk drive associated with the plurality of data storage devices corresponding to unique passphrase (PIN) that unlock each of the storage devices))



Regarding dependent claim 11 (Original), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 9, wherein the …. user token comprises a password, a passphrase, a digital certificate, or a biometric token. (Par. 0030 lines 5-11).
However Wang, Koning and Tu do not explicitly teach an external user token 
Wherein Campagna teaches an external user token (Figure 1 labels 102, 104, 106 and 108; an external user token (106)), (Par. (0019) “an export key token, the export key token may be provided to a hardware security module”; to receive an external user token (export key token may be provided))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Campagna to the teaching of Wang, Koning and Tu for the reasons stated above in independent claim 1.


Regarding independent claim 13 (Currently Amended), claim 13 is a method claim that correspond to the system of claim 1. Claim 13 recites similar limitations as claim 1 and 9 and the teachings of Wang, Koning, Tu and Campagna address all the limitation discussed in Claim 1 and 9 and are thereby rejected under the same grounds.

Regarding dependent claim 15 (Original), the combination of Wang, Koning and Tu do not explicitly teach the method of claim 13, wherein deriving the key from the external user token comprises deriving the key using a hash function. 
the method of claim 13, wherein deriving the key from the external user token comprises deriving the key using a hash function (Figure 1 labels 102, 104, 106 and 108; an external user token (user (customer 102) sending key token (106) externally to service provider 104 via HSM 106)), (Par. (0019) “an export key token, the export key token may be provided to a hardware security module”; an external user token (export key token may be provided)), Par. (0019) “the export key token to obtain the customer key and perform the requested cryptographic operations(s).”; derive a key (obtain the customer key) from the external user token (export key token to obtain the customer key)), (Par. (0065) “Other ways of generating replacement export domain keys include use of key derivation functions and/or other operations. Generally, any way by which a cryptographic key may be generated”; hash function (functions corresponding with cryptographic operation)), (Par. (0090) “key algorithms may also include those used to generate output of one way functions and include algorithms that utilize hash-based message authentication codes (HMACs), message authentication codes (MACs) in general, PBKDF2, and Bcrypt. Asymmetric key algorithms may also include various schemes for performing cryptographic operations on data. Example algorithms include those that utilize the Diffie-Hellman key exchange protocol, the digital signature standard (DSS), the digital signature algorithm, the ElGamal algorithm, various elliptic curve algorithms, password-authenticated key agreement techniques”; key using a hash function (hash-based algorithms, digital signature algorithms))
.

Claims 5 and 12, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (U.S Pub. No 20130166869, hereinafter referred to as "Wang"), Koning et al. (U.S Pub. No. 20150052369, hereinafter referred to as "Koning"), Tu et al. (U.S Pub. No. 20150200781, hereinafter referred to as "Tu") and Campagna et al. (U.S Pub. No. 20170006018, hereinafter referred to as “Campagna”) in further view of Mann et al. (WO Pub. No. 2016032955, hereinafter referred to as "Mann").
 
Regarding dependent claim 5 (Original), the combination of Wang, Koning, Tu and Campagna do not explicitly teach the system of claim 1, wherein each machine-readable storage device comprises a non-volatile dual in-line memory module (NV-DIMM).
Wherein Mann teaches the system of claim 1, wherein each machine-readable storage device comprises a non-volatile dual in-line memory module (NV-DIMM). (Page 3 lines 27-35 and Page 4 lines 9-15 “one or more storage devices 120. Examples of storage device include solid-state device (SSD), hard disk drive (HDD), and a combination of SSDs [..] the storage system 100 includes one or more non- volatile random-access memory (NVRAM) devices 1 30. Examples of NVRAM include battery-backed DRAM, NVDIMM”; each machine-readable storage device (one or more storage devices) corresponding to Solid-state device, hard disk drive and NV-DIMM (NVDIMM))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Mann within the teachings of Wang, Koning, Tu and Campagna to include each machine-readable storage device comprises a non-volatile dual in-line memory module because of the analogous concept of secure protection of information stored on multiple storage devices. Mann includes an implementation of a non-volatile dual in-line memory module, this is important because by using an NV-DIMM storage devices improve the application performances and have the endurance and reliability to process heavy operations, system crash times and having the ability when the power fails to generate a backup power source. It is rationale to combine these references because it allows the efficient storage of data with quality assurance and quick reaction times.

Regarding dependent claim 12 (Original), the combination of Wang, Koning, Tu and Campagna do not explicitly teach the system of claim 9, wherein each machine-readable storage device comprises a non-volatile dual in-line memory module (NV-DIMM), a hard disk drive, a solid state drive, or a flash memory card. 
Wherein Mann teaches the system of claim 9, wherein each machine-readable storage device comprises a non-volatile dual in-line memory module (NV-DIMM), a hard disk drive, a solid state drive, or a flash memory card. (Page 3 lines 27-35 and Page 4 lines 9-15 “one or more storage devices 120. Examples of storage device include solid-state device (SSD), hard disk drive (HDD), and a each machine-readable storage device (one or more storage devices) corresponding to Solid-state device, hard disk drive and NV-DIMM (NVDIMM))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Mann to the teachings of Wang, Koning, Tu and Campagna because of the reasons stated above in dependent claim 5.


Claims 3, 14 and 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (U.S Pub. No 20130166869, hereinafter referred to as "Wang"), Koning et al. (U.S Pub. No. 20150052369, hereinafter referred to as "Koning"), Tu et al. (U.S Pub. No. 20150200781, hereinafter referred to as "Tu") and Campagna et al. (U.S Pub. No. 20170006018, hereinafter referred to as “Campagna”) in further view of Smith et al. (U.S Pub. No. 20120084555, hereinafter referred to as "Smith").

Regarding dependent claim 3 (Currently Amended), Wang does not explicitly teach separate unique passphrase for each individual machine-readable storage device
Wherein Koning teaches separate unique passphrase for each individual machine-readable storage device (Par. (0058) “each member generates the Access Key separately, so the PINs (Access Keys) are different even if the arrays belong to the same cluster or network.”; separate unique passphrase (PINs/ Access Keys generated separately and are different)), (Par. (0017-0021) “the PIN from the shares,  each individual machine-readable storage device of the plurality of machine-readable storage devices (disk drive associated with the plurality of data storage devices corresponding to unique passphrase (PIN) that unlock each of the storage devices))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Koning within the teachings of Wang to include separate unique passphrase for each individual machine-readable storage device because of the analogous concept of unlocking storage devices for access using a passphrase with encryption elements. Koning includes a method of unlocking a storage device for read/write access using a separate passphrase for multiple storage devices. This is important because it prevents a user from being required to remember multiple passphrases for each storage device. By matching the correct separate passphrase that corresponds to one specific storage device and differs from the other plurality of storage devices it creates efficient and fast boot time for the operation and in return is more convenient and eases the concern of the user in execution. Koning displays a storage for multiple passphrases that are encrypted, this prevents the unauthorized or unlawful user's access to the passphrases that could lead to compromise and alteration of the storage devices when unlocked. By implementing a secure storage component with encrypted passphrases it will make the system less 
The motivation to combine these references is because by implementing a method to store, decrypt and unlock storage devices using a separate unique passphrase it will lessen the difficulties and burdens on users that a forced to remember multiple passwords for each storage device in various groups. This in return will lead to optimal boot and execution times for normal operations of storage devices without having to abandon the protection of confidential data from unauthorized access by using the encrypted passphrases leading to a significant reduction in unnecessary risk.
However Wang, Koning and Tu do not explicitly teach an external key management service.
Wherein Campagna teaches an external key management service. (Par. (0022) “The service provider may be an entity that operates a computer system, which may be a distributed computer system, that is configured to provide one or more services, such as a cryptography service”; service provider corresponding to cryptography service)), (Par. (0017-0018) ‘the cryptography service of the service provider is configured to enable the submissions of requests involving cryptographic external key management service (cryptography service  that manages (involving/ managed)  keys)), (Par. (0020) “a cryptography service uses at least two classes of domain keys, one class for hosted customer keys and another class for exported customer keys. In this manner, different class domain keys can be rotated (e.g., replaced to avoid cryptographic key exhaustion) according to different rotation schedules. As an example, because the service provider has access to hosted customer keys (each of which may be stored encrypted under a current domain key), the service provider can rotate the domain key more frequently than for export domain keys without causing a loss of customer data. In particular, the service provider can access an encrypted customer key, use an expiring domain key to decrypt the customer key, use the new domain key to encrypt the customer key, and store the encrypted customer key.”; cryptography service managing keys)), (Par. (0022) “a cryptography service, provides other services, such as services classified as infrastructure as a service where the service provider hosts hardware that customers of the service provider can remotely and programmatically manage.”; external key management service (service provider and corresponding cryptography service can be managed remotely)).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Campagna within the teachings of Wang, Koning and Tu to include an external key management service because of the analogous concept of the secure protection of storage devices and an authentication 
However Wang, Koning, Tu and Campagna do not explicitly teach the system of claim 1, further comprising: an …. key management service comprising the machine-readable storage medium, wherein the platform firmware is to transmit the key to the …. key management service and in response the ….. key management service is to transmit the decrypted …… passphrase for each …. machine-readable storage device to the platform firmware.
Wherein Smith teaches the system of claim 1, further comprising: an …. key management service comprising the machine-readable storage medium, (Par. 0030, 0033, 0038 line 7-12),
wherein the platform firmware is to transmit the key to the …. key management service (Par. 0039-0040)
and in response the ….. key management service is to transmit the decrypted …… passphrase for each …. machine-readable storage device to the platform firmware. (Par. 0040, 0048).


Regarding dependent Claim 14 (Original), the combination of Wang, Koning Tu and Campagna teach the method of claim 13, Wang further teaches the method of claim 13, wherein decrypting the plurality of encrypted passphrases comprises: (Par. 0030, 0036 0037 0061 Fig 7. Label 785, 790)

Wherein Smith teaches transmitting the key to a key management service
(Par. 0039-0040); 
and receiving the plurality of decrypted passphrases from the key management service. (Par. 0040, 0048).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Smith within the teachings of Wang Koning, Tu and Campagna for the reasons discussed in dependent claim 3 states above.

Regarding Dependent Claim 18 (New), the combination of Wang, Koning, Tu and Campagna teach the system of claim 1, Wang further teaches the system of claim 1, …...the platform firmware…… (Par.  (0019)  "The locking mechanism  can include a software, firmware, hardware, and/or mechanical component configured to restrict access to data and content on the storage device"; platform firmware (firmware)), (Par. (0024) "The storage application can be firmware which is embedded onto the processor 120, the computing machine 100, and/or the storage device 140. In another embodiment, the storage application is a BIOS (Basic lnpuUOutput System)": platform firmware (can be firmware/ BIOS)), (Par. (0065) "As noted above, in one embodiment, the storage application 510 is a BIOS or a firmware that is embedded into one or more components of the computing machine"; BIOS or firmware).

Wherein Koning teaches decrypts ……. for each individual machine-readable storage device in response to a valid key, (((Par. (0054) "The encryption key (Access Key/PIN) needed for unlocking and decrypting disk data is stored in pieces, shares or other partial amounts with the storage array across a plurality of storage devices,"; decrypt used to unlock storage device).
fails to decrypt ……. for each individual machine-readable storage device in response to an invalid key. (Par. (0037) “The keys needed for unlocking and decrypting disk data are stored within the storage array across a plurality of storage devices, so that the failure of any one of those devices will not result in the loss of the on-system keys.”; fails to decrypt ( keys needed for uncloaking and decrypting corresponding to failure)), (Par. (0054) “The encryption key (Access Key/PIN) needed for unlocking and decrypting disk data is stored in pieces, shares or other partial amounts with the storage array across a plurality of storage devices, so the failure of any one storage device 140, 240 does not result”; fails to decrypt (key/PIN needed for unlocking and decrypting [..] so the failure does not result)), (Par. (0067) “the computed Access Key to the secondary controller, because the secondary controlling will need to know the fails to decrypt (keys corresponding to failover)), (EXAMINER NOTES: The wording of this limitation does not invoke nor imply that the decryption process is even attempted when there is an invalid key. The specification does not further define or explain how this process is performed either. Therefore Examiner broadly and reasonable interprets that a failure or fails to decrypt the passphrases to in the event of failure there is no decryption process even attempted. Examiner suggest further defining if in fact there is a decryption process attempted with the invalid key and how the invalid key is determined.)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Koning within the teachings of Wang for the reasons discussed in dependent claim 3 stated above.
However Wang and Koning do not expliclty teach decrypts the corresponding encrypted separate unique passphrase, the corresponding encrypted separate unique passphrase
Wherein Tu teaches decrypts the corresponding encrypted separate unique passphrase ((Par. (0012) “In order to access data storage element 112 at runtime, the password must be decrypted. Since the password will be decrypted,”; decrypting the password)) (Par. (0033) “he encrypted password 506 may be actual encrypted password that will replace the reference identifier 504 within the datastore at execution time. The decryption key link 508 may comprise a pointer or other information that may help decrypt the encrypted password.”; decrypting the password))
the corresponding encrypted separate unique passphrase (Par. (0011-0012) “different datastores 172, 174 may store passwords in different ways. By ways of example only, the first datastore 172 might be associated with a database that saves a password [..] these passwords may be encrypted before being saved”; plurality of encrypted separate unique passphrases ( passwords may be encrypted)), (Par. (0002) “may store encrypted passwords for the data storage elements to allow access to the data sources at run time.”; plurality of encrypted separate unique passphrases (store encrypted passwords))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Tu within the teachings of Wang and Koning for the reasons stated above in independent claim 1.
However Wang, Koning, Tu and Campagna do not explicitly teach the system of claim 1, wherein the platform firmware derives a valid key in response to a valid user token and an invalid key in response to an invalid user token.
Wherein Smith teaches wherein the platform firmware derives a valid key in response to a valid user token and an invalid key in response to an invalid user token,  (Par. (0044) “security/key management firmware 237 of FIG. 2 protects associated storage devices from theft by [..] key derivation function that outputs the device wrapping key (DWK). Because the device wrapping key (DWK) is derived each time the system is powered up, a thief must know the user passphrase and have access to the chipset key to unwrap the device wrapping key (DWK) in order to obtain the DEK platform firmware derives a valid key (platform firmware corresponding to key derivation)), (Par. (0048) “security/key management firmware 237 also generates a platform-independent key (not shown in FIG. 3) that can be used on a different platform. Typically, such a platform-independent key will wrapped by a token that is at least a 256-bit random number to form a migration key 350. Security/key management firmware 237 may use the migration key 350 to wrap the device wrapping key (DWK) 330”; in response to a valid user token (firmware corresponding to token)) (EXAMINER’S NOTES: There is no description in the specification that describes a invalid user token and more importantly how it is determined by the platform firmware. Examiner suggest further clarifying how the invalid user token and invalid key is in response to or determined as the valid key is derived.)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Smith within the teachings of Wang Koning, Tu and Campagna for the reasons discussed in dependent claim 3 states above.


Claims 16 and 19, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (U.S Pub. No 20130166869, hereinafter referred to as "Wang"), Koning et al. (U.S Pub. No. 20150052369, hereinafter referred to as "Koning"), Tu et al. (U.S Pub. No. 20150200781, hereinafter referred to as "Tu") and Campagna et al. (U.S hereinafter referred to as “Campagna”) in further view of Hagiwara et al. (U.S Pub. No. 20130185789, hereinafter referred to as " Hagiwara ").
Regarding Dependent Claim 16 (New), the combination of Wang, Koning, Tu and Campagna do not explicitly teach the system of claim 1, wherein the platform firmware requests the user token from a user at boot time and on resumes from suspend and/or hibernate.
Wherein Hagiwara teaches the system of claim 1, wherein the platform firmware requests the user token from a user at boot time and on resumes from suspend and/or hibernate. (Par. (0013) “These BIOSs execute a routine simplified more than a normal routine to complete the boot in a short time when returning from the hibernation state or a state similar thereto. In this case, requesting a password input inhibits returning in a short time. Therefore, the simplified routine is configured based on the premise that the BIOS automatically transmits a password to a disk drive on behalf of a user without displaying a prompt for inputting the password”; platform firmware (BIOS) request the user token (requesting a password) at boot time (complete the boot in short time) and on resumes from hibernate (returning from the hibernation))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Hagiwara within the teachings of Wang Koning, Tu and Campagna to include wherein the platform firmware requests the user token from a user at boot time and on resumes from suspend and/or hibernate because of the analogous concept of a authentication using a firmware component and tokens for verification. Hagiwara includes a process in which a firmware requests a token at boot time and resumes after hibernation. This is important because it allows the system to resume after sleep mode or hibernation and allows the user to be prompted with a 

Regarding Dependent Claim 19 (New), claim 19 recites similar limitation to claim 16 and the teachings of Wang Koning, Tu, Campagna and Hagiwara address all the limitation discussed in claim 16 and are thereby rejected under the same ground.



Claims 17 and 20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (U.S Pub. No 20130166869, hereinafter referred to as "Wang"), Koning et al. (U.S Pub. No. 20150052369, hereinafter referred to as "Koning"), Tu et al. (U.S Pub. No. 20150200781, hereinafter referred to as "Tu") and Campagna et al. (U.S Pub. No. 20170006018, hereinafter referred to as “Campagna”) in further view of Smith et al. (U.S Pub. No. 20110154023, hereinafter referred to as "Smith").

Regarding Dependent Claim 17 (New), the combination of Wang, Koning, Tu and Campagna does not explicitly teach the system of claim 1, wherein the platform firmware receives a single external user token to unlock each individual machine-readable storage device of the plurality of machine-readable storage devices.
the system of claim 1, wherein the platform firmware receives a single external user token to unlock each individual machine-readable storage device of the plurality of machine-readable storage devices. (Par. (0082) “This unlock token and ATA password for the user may be obtained from  [..] services from security/key management firmware 537 and protected device manager 539. In other embodiments, a separate Kerberos ticket may be obtained to access services provided by other manageability engine (ME) 130 components, such as security/key management firmware 537”; platform firmware receives a single external token to unlock (token is obtained for unlocking by firmware)), (Par. (0065) “management console 166 and chipset/secure partition 120, Kerberos authentication is used by identity management firmware 239 to [..] can obtain user credentials such as a username and password for a user associated with platform 100 [..] to obtain an associated password for the device, such as device 180 password 266B, and token”; platform firmware (management console with firmware) receives a single external user token obtains a token))
(Par. (0053) “as Token-2, that is stored on a USB device such as USB device 177. USB device 177 is intended to be securely stored at a physical location away from where a thief might have access [..] The USB device 177 contains Token-2”; external token (USB token that is at a physical location away)), (Par. (0063) “processing an unlock command in conjunction with a USB device storing a token to unlock the storage device.”; external user token to unlock each individual storage device (token to unlock storage device))
(Par. (0047) “SATA virtualization firmware 243 is used to access SATA storage devices such as SATA storage device 180 [..] to unlock SATA storage device 180 via commands from management console 166.”; to unlock each individual machine-readable storage devices of the plurality ( unlock SATA storage device 180 out of the SATA storage devices)), (Par. (0006) “on storage devices is that the storage devices themselves may be protected using a password protection scheme. For example, in accordance with the Advanced Technology Attachment (ATA) specification, a disk lock is a built-in security feature of a hard disk drive. [..] the disk can be unlocked with either the User or Master password, using the "SECURITY UNLOCK DEVICE" ATA command. There is an attempt limit, normally set to 5, after which the disk must be power cycled or hard-reset before unlocking can be attempted again”; to unlock each individual machine-readable storage device ( the disk can be unlocked with user password of the data stored on storage devices))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Smith within the teachings of Wang Koning, Tu and Campagna to include the platform firmware receives a single external user token to unlock each individual machine-readable storage device because of the analogous concept of unlocking storage devices using multiple passwords or tokens for access. Smith includes a process in which the platform firmware receives a single external user token to unlock each individual machine-readable storage device. This is significant because by authenticating or verifying an external, remote or USB token/password the storage devices a securely protected from harm. By using an external token theft, forgery or impersonation is highly unlikely because of the contents and integrity of the token is in a physical space outside of the storage devices. This leads to passwords and authentication for access to be difficult to obtain or intercept. By having a remote or external token the firmware would be able detect early on before harm or compromise the qualification and contents of the token and if it indeed was 



Regarding Dependent Claim 20 (New), claim 20 recites similar limitation to claim 17 and the teachings of Wang Koning, Tu, Campagna and Smith address all the limitation discussed in claim 17 and are thereby rejected under the same ground.

Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Stan Silvert (US Pub. No. 20190196981) "Systems And Methods For Providing Connected Anti-Malware Backup Storage". Considered this reference because it had the structure of a computer storage device with an authentication application working with the device to create a secure session.


Arthur Beaverson (US Pub No. 20170300424) "EFFICIENT METADATA IN A STORAGE SYSTEM". Considered this application because the inventor worked on the application for this rejection. This application had a 

Amy Nelson (US Pub No. 20170140151) "SECURELY PASSING USER AUTHENTICATION DATA BETWEEN A PRE-BOOT AUTHENTICATION ENVIRONMENT AND AN OPERATING SYSTEM". Considered this application because it dealt with the authentication and transmitting of encrypted data within a firmware that utilized a key and token.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/H.A.H./Examiner, Art Unit 2497                                                                                                                                                                                                        
/Jeremy S Duffield/Primary Examiner, Art Unit 2498