Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application claims priority to a 371 National Stage application # PCT/US2016/055484, dated 10/05/2016.
DETAILED ACTION
This Office Action is in response to an amendment application filed on 01/31/2022. In the amendment, applicant has amended claims 1, 5, 7-14 and 16. Claims 2 and 6 remain cancelled. Claims 3-4 and 15 remain original. 
For this Office Action, claims 1, 3-5 and 7-16 have been received for consideration and have been examined. 
Response to Arguments
Claims Rejection under 35 U.S.C. § 103
	Applicant’s amendments, filed 01/31/2022 have been reviewed by the examiner and appear to overcome the current cited references. Therefore, the current rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of new amendments to the claims. 




Claim Objections
	Claim 5 is objected to due to following informalities:
	Claim 5 is missing preamble and should be redrafted with the preamble of dependent claim as “The medium of claim 1, further comprising instructions executable to determine”. Appropriate correction is required. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5 and 7-16 are rejected under 35 U.S.C. 103 as being unpatentable over Stephan., (US20020143921A1) in view of Astrand., (US20090222814A1) and further in view of Soffer., (US20150365237A1).
Regarding claim 1, Stephan discloses:
	A non-transitory machine-readable medium storing instructions executable by a processing resource to cause a computing system to: 
i.e., when the USB device is plugged in; See FIG.3) to accept a universal serial bus (USB) device class from a first composite USB device (i.e., a speaker 27; See FIG. 2) and the USB device class from a second composite USB device (i.e., a CDROM 28) of a plurality of composite USB devices ([0040] When the device is plugged in or a notification received from the module which handles the power management functions in relation to the USB, the configuration software component transmits a Reset_Port command. This forces the device to enter a default state. At this point the device is unconfigured and responds only to requests targeted at endpoint and device zero. The configuration software retrieves the device class by determining which device class the particular device belongs to. In a preferred embodiment, this step uses the GET_DESCRIPTOR function; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface … Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … Two devices are shown residing on the USB: a speaker 27 and a CDROM 28), wherein:
filter, using a lower-level USB filter driver (i.e., filter driver / filter software 25; see FIG. 2) that modifies behavior of hardware (i.e., filter driver that disallow [a CDROM 28] or allow [a speaker 27] residing on the USB device; See [0042]) of the first composite USB device (i.e., a speaker 27) and the second composite USB device (i.e. a CDROM 28) ([0041] Two devices are shown residing on the USB: a speaker 27 and a CDROM 28. In the present example, the filter software is configured to prevent access by the CDROM to the USB; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Stephan explicitly fails to disclose: 
a first device function and a second device function of the first USB device class and the second USB device class based on a comparison of a descriptor of the first device function and the second device function to a function filter descriptor list created using a filter rule; and based on the comparison and the filter rule, determine whether to pass the first device function and the second device function descriptor onto an associated operating system or block the first device function and the second device function descriptor from recognition by the associated operating system, wherein the filter rule is a same filter rule used among the first composite USB device, the second composite USB device, and each of the remaining composite USB devices device of the plurality of composite USB devices; wherein: the first composite USB device has a first product identifier and a first vendor identifier; the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both.
However, Astrand discloses:
	a first device function (See FIG. 8B; Group A, i.e. block certain USB device function) and a second device function (See FIG. 8B; Group B, i.e. allow certain USB device function) of the first USB device class and the second USB device class based on a comparison (i.e., filtering communications between USB devices and guest OSes; See FIG. 6) of a descriptor of the first device function and the second device function to a function filter descriptor list created using a i.e., filtering USB descriptors) ([0022] the virtual machine application may hide the select functions of the USB device by filtering USB descriptors communicated during a USB device enumeration process; [0075] The inserted USB device may be a composite device. FIG. 7 is a diagram illustrating an exemplary composite USB device 700. A composite USB device is a device that may provide multiple functions over the USB interface. The device may present multiple interfaces, corresponding to the different functions of the USB device, to the host computer. In other words, a single physical USB device may consist of several logical sub-devices that each correspond to one or more functions; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices); and
based on the comparison and the filter rule, determine whether to pass (See FIG. 8B; i.e. Group B allowed) the first device function and the second device function descriptor onto an associated operating system ([0076] As an example of a composite USB device, assume device 700 is a USB webcam with a built in microphone. In this situation, device 700 may be configured as a composite device in which the video functions of the webcam are presented by the USB device as a first logical sub-device (e.g., the functions of Group A 710) and the audio functions of the USB device are presented by the USB device as a second logical sub-device (e.g., the functions of Group B 720). The functions of “Group A” 710 and the functions of “Group B” 720 may each require a separate USB driver to access these functions; See FIG. 5 & 6; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group B’ sub-logical device is passed/allowed by the composite USB device) or 
block (See FIG. 8B; i.e. Group A disallowed) the first device function and the second device function descriptor from recognition by the associated operating system, wherein the filter rule is a same filter rule used among the first composite USB device, the second composite USB device, and each of the remaining composite USB devices device of the plurality of composite USB devices ([0084] As shown in FIG. 8A, host OS 800 receives all of the descriptors associated with composite USB device 700, and thus has a complete view of the USB device. The host OS can thus access the functionality of both Group A 710 and Group B 720 of the USB device. As shown in FIG. 8B, however, in this example, VM application USB interface 535 has hidden the functions of Group A 710 from the USB device.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group A’ sub-logical device is blocked/disallowed by the composite USB device).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Stephan reference and include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device, as disclosed by Astrand.
	The motivation to include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device is to filter and control access to various functions of the single physical USB device for security purposes (See Astrand: Abstract & [0075]). 
The combination of Stephan and Astrand fails to disclose:

the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both.
However, Soffer discloses:
	the first composite USB device has a first product identifier and a first vendor identifier;
the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both (See FIG. 11 table lists operational permissions of USB devices according to Vendor ID (VID), Product ID (PID), Serial No. (S/N), etc.; See [0032] Creating a table that maps the operational permissions of devices to specific ports as a way to create a flexible operational and security matrix (detailed in FIG. 11). In this way, devices permitted to connect to some host computers will be prevented from connecting to other host computers; [0034] The operational and security matrix may comprise White list (approved devices) and black list (blocked devices); [0300] FIG. 11 Schematically Illustrates the configuration utility screen 111 used with the Secure USB Gateway exemplary embodiment of the current invention; [0315] Column 106 is the USB Vendor ID (VID). The user/administrator may enter this field to allow/reject specific VID of USB peripheral devices; [0316] Column 107 is the USB Product ID (PID). The user/administrator may enter this field to allow/reject specific PID of USB peripheral devices).
	It would have been obvious to ordinary skill in the art before the effective filing date of the claimed invention to modify the Stephan and Astrand references and include a USB security 
	The motivation to allow or restrict the peripheral device(s) based on vendor identifier and product identifier by the USB security gateway is to enforce a detailed USB peripherals security policy on connected computer to prevent potential malicious activity through peripherals connected on USB gateway (See Soffer: FIG. 11; [0032]).
Regarding claim 3, the combination of Stephan, Astrand and Soffer discloses:
	The medium of claim 1, wherein the function filter descriptor list is a device function descriptor block list (Stephan: [0042] the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization. When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table).
Regarding claim 4, the combination of Stephan, Astrand and Soffer discloses:
The medium of claim 1, wherein the function filter descriptor list is a device function descriptor allow list (Stephan: [0042] If attachment of the peripheral to the USB is allowed, then the descriptor data flow will be unchanged and the data is directed to the appropriate device driver 21).
Regarding claim 5, the combination of Stephan, Astrand and Soffer discloses:
The medium of claim 1, further comprising instructions executable to determine to pass the first device function descriptor, the second device function descriptor, or both, onto the associated operating system or block the first device function descriptor, the second device Stephan: [0041] Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … the filter software is configured to prevent access by the CDROM to the USB) or block the device function descriptor from recognition by the associated operating system during enumeration of the USB device; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Regarding claim 7, the combination of Stephan, Astrand and Soffer discloses:
The medium of claim 1, further comprising instructions executable to: intercept communication between the composite USB device and the associated operating system (Stephan: [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization); and 
filter the first device function and the second device function of the first composite USB device based on the comparison of the first filtered device function descriptor and the second filtered device function descriptor to the function filter descriptor list and the intercepted communication (Stephan: [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc. When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus).
Regarding claim 8, Stephan discloses:
A method, comprising:
	receiving a request (i.e., when the USB device is plugged in; See FIG.3) to accept a universal serial bus (USB) device class from a first composite USB device (i.e., a speaker 27; See FIG. 2) and the USB device class from a second composite USB device (i.e., a CDROM 28) of a plurality of composite USB devices ([0040] When the device is plugged in or a notification received from the module which handles the power management functions in relation to the USB, the configuration software component transmits a Reset_Port command. This forces the device to enter a default state. At this point the device is unconfigured and responds only to requests targeted at endpoint and device zero. The configuration software retrieves the device class by determining which device class the particular device belongs to. In a preferred embodiment, this step uses the GET_DESCRIPTOR function; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface … Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … Two devices are shown residing on the USB: a speaker 27 and a CDROM 28), wherein:
intercepting, using a lower-level filter driver (i.e. filter driver / filter software 25; see FIG. 2) that is below a first driver (i.e. USB host software 24; see FIG. 2) and above a second driver (i.e. host controller 26; see FIG. 2) of the first composite USB device (i.e. Speaker 27), the second composite USB device (i.e. CDROM 28) and modifies behavior of hardware of the first composite USB device and the second composite USB device, communication between the See FIG. 2; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus; [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization); 
comparing, using the lower-level filter driver (i.e. check the responses to the ‘Get_Descriptor’ against device table through filter software), the intercepted communication to a function filter descriptor list created using a filter rule ([0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc.); 
filtering, using the lower-level filter driver, the filter rule, and based on the comparison, a plurality of descriptors of functions of the first composite USB device and the second composite USB device into a block list or an allow list ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus),Page 3 of 10 Application No. 16/074,725 Amendment dated August 12, 2021 
Reply to Final Office Action dated May 21, 2021	wherein the filter rule is a same filter rule used among a plurality of composite USB devices ([0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB); 
blocking a first function descriptor of the plurality of descriptors of functions from recognition by the operating system in response to the first function descriptor being determined to be on the block list and based on the intercepted communication ([0044] This process is shown schematically in the simplified flowchart of FIG. 3. At 30 a device is plugged in. The results of the GET_DESCRIPTOR function and descriptor analysis (31/33) are then used, in this embodiment, to determine whether the data flux is to be redirected by remapping the configuration device descriptors, to a dummy driver 32. Once data flow is enabled between the appropriate driver (including possibly the dummy driver) it can be seen that the disallowed device is prevented from communicating on the bus, but the system is aware of its presence and can therefore deal with any network functions or which may be necessary. An alternative technique is illustrated schematically by the dashed line in FIG. 3, where the disallowed device is disable by means of a false end of packet signal 34); and 
allowing a second function descriptor to be accessed by the operating system in response to the second function descriptor being determined to be on the allow list and based on the intercepted communication ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus. The rules for configuration allowance or data transfer authorization may be in the form of a lookup table 22 or similar which lists the disallowed devices and their descriptor characteristics. If attachment of the peripheral to the USB is allowed; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Stephan explicitly fails to disclose: 
a first device function and a second device function of the first USB device class and the second USB device class based on a comparison of a descriptor of the first device function and the second device function to a function filter descriptor list created using a filter rule; and based on the comparison and the filter rule, determine whether to pass the first device function and the second device function descriptor onto an associated operating system or block the first device function and the second device function descriptor from recognition by the associated operating system, wherein the filter rule is a same filter rule used among the first composite USB device, the second composite USB device, and each of the remaining composite USB devices device of the plurality of composite USB devices; wherein: the first composite USB device has a first product identifier and a first vendor identifier; the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both.
However, Astrand discloses:
	a first device function (See FIG. 8B; Group A, i.e. block certain USB device function) and a second device function (See FIG. 8B; Group B, i.e. allow certain USB device function) of the first USB device class and the second USB device class based on a comparison of a descriptor of the first device function and the second device function to a function filter descriptor list i.e., filtering USB descriptors) ([0022] the virtual machine application may hide the select functions of the USB device by filtering USB descriptors communicated during a USB device enumeration process; [0075] The inserted USB device may be a composite device. FIG. 7 is a diagram illustrating an exemplary composite USB device 700. A composite USB device is a device that may provide multiple functions over the USB interface. The device may present multiple interfaces, corresponding to the different functions of the USB device, to the host computer. In other words, a single physical USB device may consist of several logical sub-devices that each correspond to one or more functions; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices); and
based on the comparison and the filter rule, determine whether to pass (See FIG. 8B; i.e. Group B allowed) the first device function and the second device function descriptor onto an associated operating system ([0076] As an example of a composite USB device, assume device 700 is a USB webcam with a built in microphone. In this situation, device 700 may be configured as a composite device in which the video functions of the webcam are presented by the USB device as a first logical sub-device (e.g., the functions of Group A 710) and the audio functions of the USB device are presented by the USB device as a second logical sub-device (e.g., the functions of Group B 720). The functions of “Group A” 710 and the functions of “Group B” 720 may each require a separate USB driver to access these functions; See FIG. 5 & 6; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group B’ sub-logical device is passed/allowed by the composite USB device) or 
block (See FIG. 8B; i.e. Group A disallowed) the first device function and the second device function descriptor from recognition by the associated operating system, wherein the filter rule is a same filter rule used among the first composite USB device, the second composite USB device, and each of the remaining composite USB devices device of the plurality of composite USB devices ([0084] As shown in FIG. 8A, host OS 800 receives all of the descriptors associated with composite USB device 700, and thus has a complete view of the USB device. The host OS can thus access the functionality of both Group A 710 and Group B 720 of the USB device. As shown in FIG. 8B, however, in this example, VM application USB interface 535 has hidden the functions of Group A 710 from the USB device.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group A’ sub-logical device is blocked/disallowed by the composite USB device).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Stephan reference and include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device, as disclosed by Astrand.
	The motivation to include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device is to filter and control access to various functions of the single physical USB device for security purposes (See Astrand: Abstract & [0075]). 
The combination of Stephan and Astrand fails to disclose:

the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both.
However, Soffer discloses:
	the first composite USB device has a first product identifier and a first vendor identifier;
the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both (See FIG. 11 table lists operational permissions of USB devices according to Vendor ID (VID), Product ID (PID), Serial No. (S/N), etc.; See [0032] Creating a table that maps the operational permissions of devices to specific ports as a way to create a flexible operational and security matrix (detailed in FIG. 11). In this way, devices permitted to connect to some host computers will be prevented from connecting to other host computers; [0034] The operational and security matrix may comprise White list (approved devices) and black list (blocked devices); [0300] FIG. 11 Schematically Illustrates the configuration utility screen 111 used with the Secure USB Gateway exemplary embodiment of the current invention; [0315] Column 106 is the USB Vendor ID (VID). The user/administrator may enter this field to allow/reject specific VID of USB peripheral devices; [0316] Column 107 is the USB Product ID (PID). The user/administrator may enter this field to allow/reject specific PID of USB peripheral devices).
	It would have been obvious to ordinary skill in the art before the effective filing date of the claimed invention to modify the Stephan and Astrand references and include a USB security 
	The motivation to allow or restrict the peripheral device(s) based on vendor identifier and product identifier by the USB security gateway is to enforce a detailed USB peripherals security policy on connected computer to prevent potential malicious activity through peripherals connected on USB gateway.
Regarding claim 9, the combination of Stephan, Astrand and Soffer discloses:
	The method of claim 8, wherein intercepting communication includes intercepting descriptor information of the first composite USB device and the second composite USB device (Stephan: See FIG. 2; [0041] shows two devices are shown residing on the USB interface: a speaker 27 and a CDROM 28 which are physically wired with the composite USB interface).
Regarding claim 10, the combination of Stephan, Astrand and Soffer discloses:
The method of claim 8, further comprising: 
filtering, using the lower-level filter driver and based on the comparison, a plurality of interfaces of the first composite USB device and the second composite USB device into the block list or the allow list (Stephan: [0041] Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … Two devices are shown residing on the USB: a speaker 27 and a CDROM 28. In the present example, the filter software is configured to prevent access by the CDROM to the USB. The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus); 
Stephan: [0042] Otherwise, in a preferred embodiment of the invention, this descriptor structure is patched in order to disable the disallowed device. This may be done by assigning new device and vendor identifications and will thus link the peripheral to a dummy device driver 29 that does nothing); and 
allowing, based on the intercepted communication, a second interface of the plurality of interfaces determined to be on the allow list to be accessed by the operating system (Stephan: [0042] The rules for configuration allowance or data transfer authorization may be in the form of a lookup table 22 or similar which lists the disallowed devices and their descriptor characteristics. If attachment of the peripheral to the USB is allowed, then the descriptor data flow will be unchanged and the data is directed to the appropriate device driver 21).
Regarding claim 11, the combination of Stephan, Astrand and Soffer discloses:
The method of claim 8, further comprising filtering, using the lower-level filter driver, the plurality of descriptors of functions of the first composite USB device and the second composite USB device and the plurality of composite USB devices into the block list and the allow list based on the comparison and the filter rule (Soffer: See FIG. 11 table lists operational permissions of USB devices according to Vendor ID (VID), Product ID (PID), Serial No. (S/N), etc.; See [0032] Creating a table that maps the operational permissions of devices to specific ports as a way to create a flexible operational and security matrix (detailed in FIG. 11). In this way, devices permitted to connect to some host computers will be prevented from connecting to other host computers; [0034] The operational and security matrix may comprise White list (approved devices) and black list (blocked devices); [0300] FIG. 11 Schematically Illustrates the configuration utility screen 111 used with the Secure USB Gateway exemplary embodiment of the current invention; [0315] Column 106 is the USB Vendor ID (VID). The user/administrator may enter this field to allow/reject specific VID of USB peripheral devices; [0316] Column 107 is the USB Product ID (PID). The user/administrator may enter this field to allow/reject specific PID of USB peripheral devices) and 
the filter rule, wherein at least two of the plurality of composite USB devices have different vendor identifiers (Stephan: [0042] When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc … Otherwise, in a preferred embodiment of the invention, this descriptor structure is patched in order to disable the disallowed device. This may be done by assigning new device and vendor identifications and will thus link the peripheral to a dummy device driver 29 that does nothing. That is, if the device is not allowed, the filter may, for example, change the device and vendor ID in order to connect the device to a generic driver 29 that causes the device to remain unconfigured).
Regarding claim 12, the combination of Stephan, Astrand and Soffer discloses:
A non-transitory machine-readable medium storing instructions executable by a processing resource to cause a computing system to: 
intercept communication including composite USB device descriptor information between a plurality of composite USB devices and an associated operating system, wherein:
filter, using a lower-level filter driver (i.e. filter driver / filter software 25; see FIG. 2) that is below a first driver (i.e. USB host software 24; see FIG. 2) and above a second driver (i.e. host controller 26; see FIG. 2) of the first composite USB device (i.e. Speaker 27), the second composite USB device (i.e. CDROM 28) and modifies behavior of hardware of the first composite USB device and the second composite USB device, communication between the first composite USB device and an associated operating system and the second composite USB device and the associated operating system (See FIG. 2; [0041] Reference is made to FIG. 2 which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25 … The filter software 25 includes a device table 22 which specifies which devices are allowed or how the configuration software should behave when a particular device is attached to the bus; [0042] Because the filter driver is loaded before any requests to the bus, the filter driver is ready and will intercept the results of the first GET_DESCRIPTOR when the peripheral sends its request for initialization… When the GET_DESCRIPTOR command is transmitted, the filter software 25 will check the responses to the GET_DESCRIPTOR function against entries in the (disallowed) device table. The fields may include the device class, device subclass, vendor, device manufacturer etc.); 
filter, using the lower-level filter driver, the filter rule, and based on the comparison, a plurality of descriptors of functions of the first composite USB device and the second composite USB device into a block list or an allow list ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus),Page 3 of 10 Application No. 16/074,725 Amendment dated August 12, 2021 
Reply to Final Office Action dated May 21, 2021	wherein the filter rule is a same filter rule used among a plurality of composite USB devices ([0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB); 
blocking a first function descriptor of the plurality of descriptors of functions from recognition by the operating system in response to the first function descriptor being determined to be on the block list and based on the intercepted communication ([0044] This process is shown schematically in the simplified flowchart of FIG. 3. At 30 a device is plugged in. The results of the GET_DESCRIPTOR function and descriptor analysis (31/33) are then used, in this embodiment, to determine whether the data flux is to be redirected by remapping the configuration device descriptors, to a dummy driver 32. Once data flow is enabled between the appropriate driver (including possibly the dummy driver) it can be seen that the disallowed device is prevented from communicating on the bus, but the system is aware of its presence and can therefore deal with any network functions or which may be necessary. An alternative technique is illustrated schematically by the dashed line in FIG. 3, where the disallowed device is disable by means of a false end of packet signal 34); and 
allowing a second function descriptor to be accessed by the operating system in response to the second function descriptor being determined to be on the allow list and based on the intercepted communication ([0042] When these fields are accessed, the filter software 25 checks if the device is allowed to be plugged into the bus. The rules for configuration allowance or data transfer authorization may be in the form of a lookup table 22 or similar which lists the disallowed devices and their descriptor characteristics. If attachment of the peripheral to the USB is allowed; [0045] As shown in the example in FIG. 2, the effect of the filter is to stop data transfer between the USB host and the host controller for a GET_DESCRIPTOR response which identifies the device 28 as a CDROM. However, the filter allows transfers for the allowed device 27 (speaker) which is not listed in the device table 22).
Stephan explicitly fails to disclose: 
a first device function and a second device function of the first USB device class and the second USB device class based on a comparison of a descriptor of the first device function and the second device function to a function filter descriptor list created using a filter rule; and based on the comparison and the filter rule, determine whether to pass the first device function and the second device function descriptor onto an associated operating system or block the first device function and the second device function descriptor from recognition by the associated operating system, wherein the filter rule is a same filter rule used among the first composite USB device, the second composite USB device, and each of the remaining composite USB devices device of the plurality of composite USB devices; wherein: the first composite USB device has a first product identifier and a first vendor identifier; the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both.
However, Astrand discloses:
	a first device function (See FIG. 8B; Group A, i.e. block certain USB device function) and a second device function (See FIG. 8B; Group B, i.e. allow certain USB device function) of the first USB device class and the second USB device class based on a comparison of a descriptor of the first device function and the second device function to a function filter descriptor list i.e., filtering USB descriptors) ([0022] the virtual machine application may hide the select functions of the USB device by filtering USB descriptors communicated during a USB device enumeration process; [0075] The inserted USB device may be a composite device. FIG. 7 is a diagram illustrating an exemplary composite USB device 700. A composite USB device is a device that may provide multiple functions over the USB interface. The device may present multiple interfaces, corresponding to the different functions of the USB device, to the host computer. In other words, a single physical USB device may consist of several logical sub-devices that each correspond to one or more functions; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices); and
based on the comparison and the filter rule, determine whether to pass (See FIG. 8B; i.e. Group B allowed) the first device function and the second device function descriptor onto an associated operating system ([0076] As an example of a composite USB device, assume device 700 is a USB webcam with a built in microphone. In this situation, device 700 may be configured as a composite device in which the video functions of the webcam are presented by the USB device as a first logical sub-device (e.g., the functions of Group A 710) and the audio functions of the USB device are presented by the USB device as a second logical sub-device (e.g., the functions of Group B 720). The functions of “Group A” 710 and the functions of “Group B” 720 may each require a separate USB driver to access these functions; See FIG. 5 & 6; [0082] VM application USB interface 535 may decide which descriptors to hide from guest OSes 420 based on, for example, a list of predefined USB devices.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group B’ sub-logical device is passed/allowed by the composite USB device) or 
block (See FIG. 8B; i.e. Group A disallowed) the first device function and the second device function descriptor from recognition by the associated operating system, wherein the filter rule is a same filter rule used among the first composite USB device, the second composite USB device, and each of the remaining composite USB devices device of the plurality of composite USB devices ([0084] As shown in FIG. 8A, host OS 800 receives all of the descriptors associated with composite USB device 700, and thus has a complete view of the USB device. The host OS can thus access the functionality of both Group A 710 and Group B 720 of the USB device. As shown in FIG. 8B, however, in this example, VM application USB interface 535 has hidden the functions of Group A 710 from the USB device.
Examiner notes that FIG. 8B clearly discloses that function of ‘Group A’ sub-logical device is blocked/disallowed by the composite USB device).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Stephan reference and include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device, as disclosed by Astrand.
	The motivation to include a composite USB device which is able to logically divide single physical USB device corresponding to the different functions of the USB device is to filter and control access to various functions of the single physical USB device for security purposes (See Astrand: Abstract & [0075]). 
The combination of Stephan and Astrand fails to disclose:

the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both.
However, Soffer discloses:
	the first composite USB device has a first product identifier and a first vendor identifier;
the second composite USB device has a second product identifier and a second vendor identifier; and the first product identifier is different than the second product identifier, the first vendor identifier is different that the second vendor identifier, or both (See FIG. 11 table lists operational permissions of USB devices according to Vendor ID (VID), Product ID (PID), Serial No. (S/N), etc.; See [0032] Creating a table that maps the operational permissions of devices to specific ports as a way to create a flexible operational and security matrix (detailed in FIG. 11). In this way, devices permitted to connect to some host computers will be prevented from connecting to other host computers; [0034] The operational and security matrix may comprise White list (approved devices) and black list (blocked devices); [0300] FIG. 11 Schematically Illustrates the configuration utility screen 111 used with the Secure USB Gateway exemplary embodiment of the current invention; [0315] Column 106 is the USB Vendor ID (VID). The user/administrator may enter this field to allow/reject specific VID of USB peripheral devices; [0316] Column 107 is the USB Product ID (PID). The user/administrator may enter this field to allow/reject specific PID of USB peripheral devices).
	It would have been obvious to ordinary skill in the art before the effective filing date of the claimed invention to modify the Stephan and Astrand references and include a USB security 
	The motivation to allow or restrict the peripheral device(s) based on vendor identifier and product identifier by the USB security gateway is to enforce a detailed USB peripherals security policy on connected computer to prevent potential malicious activity through peripherals connected on USB gateway.
Regarding claim 13, the combination of Stephan, Astrand and Soffer discloses:
The non-transitory machine-readable medium of claim 12, wherein more than two of the plurality of composite USB devices have different product identifiers (Soffer: See FIG. 11 table lists operational permissions of USB devices according to Vendor ID (VID), Product ID (PID), Serial No. (S/N), etc.; See [0032] Creating a table that maps the operational permissions of devices to specific ports as a way to create a flexible operational and security matrix (detailed in FIG. 11). In this way, devices permitted to connect to some host computers will be prevented from connecting to other host computers; [0034] The operational and security matrix may comprise White list (approved devices) and black list (blocked devices); [0300] FIG. 11 Schematically Illustrates the configuration utility screen 111 used with the Secure USB Gateway exemplary embodiment of the current invention; [0315] Column 106 is the USB Vendor ID (VID). The user/administrator may enter this field to allow/reject specific VID of USB peripheral devices; [0316] Column 107 is the USB Product ID (PID). The user/administrator may enter this field to allow/reject specific PID of USB peripheral devices).
Regarding claim 14, the combination of Stephan, Astrand and Soffer discloses:
Soffer: See FIG. 11 table lists operational permissions of USB devices according to Vendor ID (VID), Product ID (PID), Serial No. (S/N), etc.; See [0032] Creating a table that maps the operational permissions of devices to specific ports as a way to create a flexible operational and security matrix (detailed in FIG. 11). In this way, devices permitted to connect to some host computers will be prevented from connecting to other host computers; [0034] The operational and security matrix may comprise White list (approved devices) and black list (blocked devices); [0300] FIG. 11 Schematically Illustrates the configuration utility screen 111 used with the Secure USB Gateway exemplary embodiment of the current invention; [0315] Column 106 is the USB Vendor ID (VID). The user/administrator may enter this field to allow/reject specific VID of USB peripheral devices; [0316] Column 107 is the USB Product ID (PID). The user/administrator may enter this field to allow/reject specific PID of USB peripheral devices).
Regarding claim 15, the combination of Stephan, Astrand and Soffer discloses:
The non-transitory machine-readable medium of claim 12, further comprising instructions executable to create a block list or an allow list based on the filter rule (Stephan: [0023] the analysis step is carried out by filtering software which queries the device for device descriptors, compares the returned device descriptors with those listed in a table of disallowed device descriptors and, if the device is allowed, initiating data transfer on the USB or alternatively, if the device is disallowed, preventing communication on the USB).
Regarding claim 16, the combination of Stephan, Astrand and Soffer discloses:
Stephan: See FIG. 2; [0041] which illustrates a simplified schematic of a USB interface. An exemplary two port USB network is shown whereby application software 20 communicates via USB device drivers 21. Configuration requests are transmitted via USB host software 24 to the host controller 26 via filter software 25).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/S.M.A./Patent Examiner, Art Unit 2432                                                                                                                                                                                                        /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432