Detailed Action

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Response to Remarks
	In Remarks filed on 11/12/2021, no claims were cancelled; claims 11, 13, and 18 were amended; no new claims were added.
Claims 1-20 are pending, of which claims 1, 11 and 16 are in independent form.
Response to Arguments
Applicant’s arguments in view of amendment of claims have been considered carefully and respectfully but are not persuasive.
On page 7 of Remarks filed on 11/17/2021, applicant argues that the steps of claim 1 and other independent claims are performed by user device not by server as indicated in Meredith. However, the way the claim is written is such that there is no indication that the steps are self-performed by the user device without relying on the external server. And therefore, teachings of Meredith still reads on the limitations of claim 1 and other independent claims.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 8, 16, and 17 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Meredith et al. (US 2018/0234431 A1) hereinafter Meredith.
As to claim 1, Meredith teaches a method of operating a user device, comprising: 	detecting whether the user device is located within a restricted zone by a monitoring entity of the user device (see para. [0048] “There restricted data access service 106 can determine a current geographic location…at which the device is located…If the current location of the device matches a location defined by any the records… the restricted data access service 106 can authorize use of the restricted data 108 for the purpose(s) specified by the one or more matching records.”; see para. [0130]); and 
limiting access to the user device by the monitoring entity in response to detecting the user device as being outside the restricted zone (see para. [0083] and [0084] “Thus, the server computer 102 can disallow use of the restricted data for purposes other than those allowed by the law and regulation.”). 
As to claim 16, claim 16 includes limitations similar to those of claim 1 and thus claim 16 is rejected under the same rationale as claim 1.
As to claim 8, in view of claim 1, Meredith teaches wherein detecting whether the user device is located within a restricted zone comprises detecting a physical location of the user device through receiving at least one of a GPS signal, a Wi-Fi signal, a cellular network signal, an RFID signal, an NFC signal, a Bluetooth signal, an ultrasonic signal and a network address of the user device (see para. [0130], e.g., signals from GPS devices).
As to claim 17, claim 17 includes limitations similar to those of claim 8 and thus claim 17 is rejected under the same rationale as claim 8.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 2, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Picionielli et al. (US 2014/0013420 A1) hereinafter Picionielli.
As to claim 2, in view of claim 1, Meredith does not explicitly teach but Picionielli teaches the following limitation – “wherein limiting access to the user device comprises locking a display of the user device” (see para. [0154] “For example, content associated with a plurality of regions may be provided to all user's that access the web site, but the content may be encrypted, tagged or provided with shell or wrapper software as described above (for example, with respect to FIGS. 8 and 9 and related embodiments), such that only user's located in a first region will be able to access (decrypt, or otherwise process) the content associated with the first region and not the content associated with another region. On the other hand, a user located in the other region would be able to access (decrypt or otherwise process) content associated with that other region and not the content associated with the first region.”; The examiner equates presenting encrypted content to a display such that viewing of the content is blocked on the display as equivalent to the instant application’s locking a display of the user device based on location information.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith and Picionielli before him or her, to modify the scheme of Meredith by including Picionielli. The suggestion/motivation for doing so would have been to prevent operation of the hard drive in response to location information provided by the position determining means that indicates that the location of the computer is not a location in which use of the computer is authorized, as briefly described in Picionielli, para. [0010]-[0013] and [0018].
Claim 18 includes similar limitations as claim 2 and thus is rejected under the same rationale as claim 2.
Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Xu et al. (US 2019/0018972 A1) hereinafter Xu.
As to claim 3, in view of claim 2, Meredith does not explicitly teach but Xu teaches “wherein the user device comprises a storage device (see Fig 2, data storage device 120; It is noted that the data storage device can be DSA coupled to a user device via a connection cable of the DAS device and can be a NAS device coupled to a network as described in para. [0016]), and limiting access to the user device comprises encrypting the storage device of the user device” (see para. [0092] “…the process 800 may determine one or more of the geographical location of the data storage device (e.g., GPS coordinates), pressures (e.g., force, magnitude, etc.) of the first set of tap inputs, and the speed of the first set of motions, as discussed above. At block 815, the process determines whether the geographical location of the data storage device, the pressures of the tap inputs, and the speeds of the motions are valid, as discussed above. If the geographical location of the data storage device, the pressures of the tap inputs, and the speeds of the motions are valid, the process 800 may allow access to the non-volatile memory of the data storage device at block 825…”; see para. [0054], [0089] “…the process 600 may allow access to the non-volatile memory at block 620. For example, the process 600 may decrypt data stored on the non-volatile memory based on the encryption key.”, and [0090]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith and Xu before him or her, to modify the scheme of Meredith by including Xu. The suggestion/motivation for doing so would have been to control access to a storage device coupled to a user device based on current location of the user in possession of the user device/and or storage device by allowing decryption of a non-volatile memory the storage device with a key when location requirement is met, as briefly discussed in [0089] and [0090] of Xu.
Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Xu, and further in view of Litwack et al. (US 2009/0089568 A1) hereinafter Litwack.
As to claim 4, in view of claim 3, the combination of Meredith and Xu does not explicitly teach but Litwack teaches the following limitation -“decrypting the storage device and launching an operating system prior to detecting whether the user device is located within the restricted zone” (see para. [0036], [0039]-[0042]; It is noted that an encrypted OS is retrieved from a storage and decrypted before launching the OS.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Xu, and Litwack before him or her, to modify the scheme of Meredith and Xu by including Litwack for securely launching encrypted OS. The suggestion/motivation for doing so would have been to enhance the security of the user device by securely loading an OS being used for the location-based operation of the user device.
Claim(s) 11-12, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Litwack.
As to claim 11, Meredith teaches a non-transitory computer readable storage medium, comprising instructions which, when executed by a processor, performs steps of operating a user device, the steps comprising: 
performing a monitoring operation and detecting whether a risk condition of the user device exists (see para. [0048] “There restricted data access service 106 can determine a current geographic location…at which the device is located…If the current location of the device matches a location defined by any the records… the restricted data access service 106 can authorize use of the restricted data 108 for the purpose(s) specified by the one or more matching records.”; see para. [0130]). 
Meredith does not explicitly teach but Litwack teaches the following limitation – “decrypting a storage device of the user device after the user device is powered on; launching an operating system of the user device from the decrypted storage device” (see para. [0036], [0039]-[0042]; It is noted that an encrypted OS is retrieved from a storage and decrypted before launching the OS.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, and Litwack before him or her, to modify the scheme of Meredith by including Litwack for securely launching encrypted OS. The suggestion/motivation for doing so would have been to enhance the security of the user device by securely loading an OS being used for the location-based operation of the user device.
As to claim 12, in view of claim 11, Meredith teaches limiting access to the user device in response to the risk condition being detected (see para. [0083] and [0084] “Thus, the server computer 102 can disallow use of the restricted data for purposes other than those allowed by the law and regulation.”)
As to claim 15, in view of claim 11, Litwack teaches performing another monitoring operation after the user device is powered on and prior to decrypting the storage device of the user device (see para. [0036], [0039]-[0042]; It is noted that an encrypted OS is retrieved from a storage and decrypted before launching the OS.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, and Litwack before him or her, to modify the scheme of Meredith by including Litwack for securely launching encrypted OS. The suggestion/motivation for doing so would have been to enhance the security of the user device by securely loading an OS being used for the location-based operation of the user device.
Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Xu, in view of Litwack, and further in view of Khatri et al. (US 2010/0111309 A1) hereinafter Khatri.
As to claim 5, in view of claim 4, the combination of Meredith, Xu and Litwack does not explicitly teach but Khatri teaches the following limitation – “accessing a key server and decrypting the storage device using the key received from the key server” (see para. [0014] and [0024], It is noted that the encryption keys required for the decryption of the storage device is obtained from a key management server and provided to a storage controller for later decryption of the encrypted portion of the storage device.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Xu, Litwack, and Khatri before him or her, to modify the scheme of Meredith, Xu and Litwack by including Khatri. The suggestion/motivation for doing so would have been to provide a convenient and flexible way to communicate encryption keys during initialization of information handling system and reduce the likelihood of unauthorized access to the keys, as briefly described in para. [0029] of Khatri.
Claim(s) 6, 9, 10, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Zellner (US 2008/0096529 A1).
As to claim 6, in view of claim 1, Meredith does not explicitly teach but Zellner teaches wherein limiting access to the user device comprises either shutting down the user device or causing the user device to enter a hibernation mode (see para. [0122] “If the user is determined to be within a Red zone, the device or system may undertake an evasive action, such as erasing all memory locations, encrypting information contained within the device or system, and/or severing the power or functionality associated with the device or system.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Zellner before him or her, to modify the scheme of Meredith by including Zellner for location-based security rules. The suggestion/motivation for doing so would have been to enable a user to access a resource when the user provides proper identification information at a corresponding permitted location using location-based security rules, as briefly described in para. [0008] of Zellner.
As to claim 19, in view of claim 16, Meredith does not explicitly teach but Zellner teaches a power supply coupled to the monitoring entity and the storage device, wherein the monitoring entity is configured to shut down the power supply in response to detecting a physical location of the user device as being outside the restricted zone (see para. [0122] “If the user is determined to be within a Red zone, the device or system may undertake an evasive action, such as erasing all memory locations, encrypting information contained within the device or system, and/or severing the power or functionality associated with the device or system.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Zellner before him or her, to modify the scheme of Meredith by including Zellner for location-based security rules. The suggestion/motivation for doing so would have been to enable a user to access a resource when the user provides proper identification information at a corresponding permitted location using location-based security rules, as briefly described in para. [0008] of Zellner. 
As to claim 9, in view of claim 1, Meredith does not explicitly teach but Zellner teaches wherein detecting whether the user device is located within a restricted zone comprises authenticating a user accessing the user device based on a biometric indicator comprising at least one of voice, iris, fingerprint, finger vein data, palm vein data, and facial data of the user (see para. [0119] “If location authentication fails, access is denied at 718. For this example, the user's location authentication is preferably performed by a location authentication system, such as an authentication network. If the user's location is authenticated, at 806, the user is required to input a valid corporate ID and/or a biometric identifier.”-[0121]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Zellner before him or her, to modify the scheme of Meredith by including Zellner for location-based security rules. The suggestion/motivation for doing so would have been to enable a user to access a resource when the user provides proper identification information at a corresponding permitted location using location-based security rules, as briefly described in para. [0008] of Zellner.
As to claim 10, in view of claim 1, Meredith does not teach but Zellner teaches wherein limiting access to the user device comprises shutting down the user device prior to launching an operating system in response to detecting a physical location of the user device as being outside the restricted zone for a predetermined period (see para. [0122] “If the user is determined to be within a Red zone, the device or system may undertake an evasive action, such as erasing all memory locations, encrypting information contained within the device or system, and/or severing the power or functionality associated with the device or system.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Zellner before him or her, to modify the scheme of Meredith by including Zellner for location-based security rules. The suggestion/motivation for doing so would have been to enable a user to access a resource when the user provides proper identification information at a corresponding permitted location using location-based security rules, as briefly described in para. [0008] of Zellner.
As to claim 20, in view of claim 16, Meredith does not teach but Zellner teaches an input device configured to acquire biometric information based on at least one of voice, iris, fingerprint, finger vein data, palm vein data, and facial data of a user of the user device (see para. [0119] “If location authentication fails, access is denied at 718. For this example, the user's location authentication is preferably performed by a location authentication system, such as an authentication network. If the user's location is authenticated, at 806, the user is required to input a valid corporate ID and/or a biometric identifier.”-[0121]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Zellner before him or her, to modify the scheme of Meredith by including Zellner for location-based security rules. The suggestion/motivation for doing so would have been to enable a user to access a resource when the user provides proper identification information at a corresponding permitted location using location-based security rules, as briefly described in para. [0008] of Zellner.
Claim(s) 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Litwack, and further in view of Zellner.
As to claim 13, in view of claim 11, the combination of Meredith and Litwack does not explicitly teach but Zellner teaches wherein the limiting access to the user device comprises at least one of locking an output device of the user device, encrypting the storage device, demounting the storage device and shutting down power of the storage device (see para. [0122] “If the user is determined to be within a Red zone, the device or system may undertake an evasive action, such as erasing all memory locations, encrypting information contained within the device or system, and/or severing the power or functionality associated with the device or system.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Litwack, and Zellner before him or her, to modify the scheme of Meredith and Litwack by including Zellner for location-based security rules. The suggestion/motivation for doing so would have been to enable a user to access a resource when the user provides proper identification information at a corresponding permitted location using location-based security rules, as briefly described in para. [0008] of Zellner.
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Hillary et al (US 2015/0087303 A1) hereinafter Hillary.
As to claim 7, in view of claim 1, Meredith does not explicitly teach but Hillary teaches wherein detecting whether the user device is located within a restricted zone comprises accessing a server within the restricted zone, wherein the server comprises at least one of a predetermined domain controller, a predetermined anti-virus server, a predetermined web server, a predetermined proxy server, a predetermined DNS server, a predetermined DHCP server, a predetermined Email server, a predetermined NTP server, a predetermined printer server, a predetermined operation system patch server, and a predetermined key server (see para [0040]-[0042] and [0091]-[0093], e.g., WI-Fi data source such as Wi-Fi  router or access point devices and cellular device location data source such s carrier network server(s) 208). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Hillary before him or her, to modify the scheme of Meredith by including Hillary. The suggestion/motivation for doing so would have been to offer precise location information as to user device such that access to services or resources are correctly controlled to comply with the rules and regulations according to the predetermined geographical boundaries, as briefly described in the Hillary Para. [0014]-[0017].
Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Meredith, in view of Litwack, and further in view of Khatri.
As to claim 14, in view of claim 11, the combination of Meredith, and Litwack does not explicitly teach but Khatri teaches the following limitation – “wherein decrypting the storage device of the user device comprises accessing a key server and receiving a key associated with the decrypted storage device” (see para. [0014] and [0024], It is noted that the encryption keys required for the decryption of the storage device is obtained from a key management server and provided to a storage controller for later decryption of the encrypted portion of the storage device.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Meredith, Litwack, and Khatri before him or her, to modify the scheme of Meredith, and Litwack by including Khatri. The suggestion/motivation for doing so would have been to provide a convenient and flexible way to communicate encryption keys during initialization of information handling system and reduce the likelihood of unauthorized access to the keys, as briefly described in para. [0029] of Khatri.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE K SONG whose telephone number is (571)270-3260. The examiner can normally be reached on M-F 9:00 am – 5:00 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867 .  The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HEE K SONG/Examiner, Art Unit 2497