DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

	The instant application having Application No. 16/832,216 has a total of 20 claims pending in the application; there are 3 independent claims and 17 dependent claims, all of which are ready for examination by the examiner.

INFORMATION CONCERNING OATH/DECLARATION
Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

INFORMATION CONCERNING DRAWINGS
Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

ACKNOWLEDGEMENT OF REFERENCES CITED BY APPLICANT
As required by M.P.E.P.  609(C), the applicant’s submissions of the Information Disclosure Statements 03/27/20; 04/03/20; 07/14/20; 08/11/20; 08/27/20; 11/23/20; 01/07/21; 01/28/21; 03/31/21; 04/01/21; 05/03/21; 06/15/21; 07/28/21; 11/03/21; 11/22/21 and 01/13/22 are acknowledged by the examiner and the cited references have been considered in the M.P.E.P 609 C(2), a copy of the PTOL-1449 initialed and dated by the examiner is attached to the instant office action.

OBJECTIONS TO THE CLAIMS


	Claim 20 is objected to as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
		As per claim 20, line 3, discloses the phrase ‘the storage device’. There is insufficient antecedent basis for this limitation in the claim. ‘A storage device’ was not previously discloses. Correction is needed.
	
REJECTIONS BASED ON PRIOR ART

Claim Rejections - 35 USC § 103
1.	 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Brandwine et al. (US pat. 9,626,512), hereinafter, “Brandwine”, in view of Lee Kong Pheng (WO 2010/030157), hereinafter, “Pheng” and further in view of Trikalinou (US pub. 2018/0089425), hereinafter, “Trikalinou”.

3.         As per claims 1, 11 and 20, Brandwine discloses a system for data protection, the system comprising: a computing device comprising a processor (fig. 2A/B: platform components 152B, fig. 3: 102), a Hardware Root of Trust (HRoT) device (fig. 2A/B: security components 150A/B) and a storage device (fig. 2A/B: platform components 152B, fig. 3: 104), wherein the HRoT device is configured to: validate integrity of the computing device (see fig. 5).
but fails to expressly discloses authenticate the computing device to communicate with the storage device; and take over control of the storage device in response to detecting a security risk to at least one of the computing device and the storage device. 
Pheng discloses authenticate the computing device to communicate with the storage device (see abstract, which discloses “when the driver detected the portable data storage device is attached the host computer, it will send the Computer ID of the host computer to the portable data storage device. If the host Computer ID match with one of the computer ID stored within the portable data storage device, then the authentication is considered as OK or valid. Access to the mass storage data is allowed. Otherwise, access is denied”).
Trikalinou discloses “take over control of the storage device in response to detecting a security risk to at least one of the computing device and the storage device” (see paragraph 0010, which discloses “embodiments may capture a sudden and unnatural temperature drop and trigger an incidence response mechanism to protect the system's secrets. [...] If an attack is detected, various protection measures may be performed, as described herein. For example,[...], some or all data residing in memory can be erased or re-encrypted using a different key”).
It would have been obvious to one having ordinary skills in the art before the effective filling date of the claimed invention to incorporate Trikalinou’s teaching of detecting and protecting against a cold boot attack on a computer system and Pheng’s teaching of authenticating a computer ID for a portable data storage device into Brandwine’s teaching of validating an operational configuration of an offload device or a physical computing device to establish that it’s configured in accordance with a secure or trusted configuration for the benefit of stopping unauthorized access to a computing system, as taught by Trikalinou and Pheng.

4.         As per claims 2 and 12, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 1” [see rejection to claim 1 above], wherein the HRoT device validates integrity of the computing device by validating one or more of a firmware of the computing device, a firmware of operating system running on the computing device, and a kernel space of the operating system (see col. 16, lines 29-67 of Brandwine). 

5.         As per claims 3 and 13, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 1” [see rejection to claim 1 above], wherein the computing device further comprises Software Root of Trust (RoT) instance running on the processor (see col. 2, line 58 of Brandwine). 

claims 4 and 14, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 1” [see rejection to claim 1 above], wherein the HRoT device provides a Trusted Execution Environment (TEE) (see paragraph 0022 of Trikalinou). 

7.         As per claims 5 and 15, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 4” [see rejection to claim 4 above], wherein the HRoT device loads and executes a security monitoring application in the TEE (see paragraph 0022 of Trikalinou). 

8.         As per claims 6 and 16, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 1” [see rejection to claim 1 above], wherein the HRoT device, in response to detecting a security risk to at least one of the computing device and the storage device, blocks communication of the storage device (see paragraph 0010 of Trikalinou).. 

9.         As per claims 7 and 17, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 3” [see rejection to claim 3 above], wherein the RoT sends an alert signal to the HRoT device in response to detecting a security attack to at least one of the computing device and the storage device (see paragraph 0010 of Trikalinou). 

10.         As per claim 8, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 3” [see rejection to claim 3 above], wherein, wherein the storage device comprises a Secure Encrypted Drive (SED) (see col. 5, lines 36-56 of Brandwine). 

claims 9 and 18, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 1” [see rejection to claim 1 above], wherein the HRoT device controls data hosted on a cloud-based storage service, NAS, and/or SAN storage (see col. 6, lines 1-21 of Brandwine). 

12.         As per claims 10 and 19, the combination of Brandwine, Trikalinou and Pheng discloses “The system of claim 1” [see rejection to claim 1 above], wherein, wherein the security risk comprises a suspicious or unauthorized data access from a remote device or from inside of the computing device (see paragraph 0021 of Trikalinou).

RELEVANT ART CITED BY THE EXAMINER
	The following prior art made of record and not relied upon is cited to establish the level of skill in the applicant’s art and those arts considered reasonably pertinent to applicant’s disclosure. See MPEP 707.05(c).
	The following reference teaches authenticating a computing device to communicate with a storage device and to take over control of the storage device in response to detecting a security risk to at least one of the computing device and the storage device: US Pub. # 2017/0206034 (Fetik).

CLOSING COMMENTS
CONCLUSION

a. STATUS OF CLAIMS IN THE APPLICATION 

            The following is a summary of the treatment and status of all claims in the 

M.P.E.P. 707.07(i):

a (1) CLAIMS REJECTED IN THE APPLICATION 

            Per the instant office action, claims 1-20 have received a first action on the merits and are subject of a first action non-final.
b. DIRECTION OF FUTURE CORRESPONDENCES

            Any inquiry concerning this communication or earlier communications from the 

Examiner should be directed to Ernest Unelus whose telephone number is (571) 272-

8596. The examiner can normally be reached on Monday to Friday 9:00 AM to 5:00PM. 


IMPORTANT NOTE

            If attempts to reach the above noted Examiner by telephone are unsuccessful, the Examiner's supervisor, Mr. Idriss Alrobaye, can be reached at the following telephone number: Area Code (571) 270-1023.
The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through private PAIR only. For more information about the PMR system, see her//pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 91 97 (toll-free).

/Ernest Unelus/
Primary Examiner
Art Unit 2181