DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is in response to the amendments filed on 01/17/2022. Claims 1, 5-7, 14-17, 20, and 23 have been amended. Claim 22 has been canceled. Claims 1, 3, 5-21, and 23-25 are currently pending and have been considered below.

Response to Arguments
Applicant’s arguments, see pages 12-13, filed 01/17/2022, with respect to the rejections of claims 14, 15, 16, 17, and 20 under 35 U.S.C. 112(b), have been fully considered and are persuasive. Thus, the rejections have been withdrawn.
Applicant’s arguments, see pages 13-24, filed 01/17/2022, with respect to the rejections of claims 1, 3, and 5-25 under 35 U.S.C. 102(a)(2) and 103, have been fully considered but are moot because the arguments do not apply to references being used in the current rejection. Applicant's amendment necessitated the new ground(s) of rejection as will be discussed below.
Meanwhile, on page 19 of Remarks, Applicant asserts that Priev does not disclose or suggest the feature "authenticating said temporary master value using a second master value that has been previously prepared" recited in claim1.  The Examiner respectfully disagrees.
In this regard, Priev discloses that 
an authentication may be performed based on a shared key, which may be a MK (block 220). More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the 
The pairing process creates a master key (MK) in both portions. In an embodiment, the generated master key is stored securely in a secure storage of the portions (see para. [0018]).

That is, Priev disclose that a base portion may access an entry in its secure storage using the detachable portion ID and determine whether the detachable portion is authenticated using the stored shared key which has been previously prepared. Here, the detachable portion ID teaches a temporary master value; and the stored shared key teaches a second master value, as in the new ground of rejections as will be stated below. Regarding the limitation “authenticating said temporary master value”, the claim does not specify how said temporary master value, itself, is authenticated. Thus, for the sake of examination under the broadest reasonable interpretation, the limitation is interpreted as authenticating a respective connectable or disconnectable component using the temporary master value. Accordingly, a base portion determines whether the detachable portion is authenticated using the detachable portion ID and the stored shared key, which teaches authenticating said temporary master value using a second master value.

On pages 19-20 of Remarks, Applicant asserts that it is improper for the Office to read the "device ID" of Priev et al. on both the recited "temporary master value" and the distinctly recited "information specific to each of said at least one connectable or disconnectedly component" as claimed."  The Examiner respectfully disagrees.
In this regard, the claim does not specify as to what the “information” exactly is or includes, or how the “information” is different from the “temporary master value.” Thus, for the sake of examination under the broadest reasonable interpretation, the "device ID" of Priev can be interpreted as the device ID itself as well as a kind of information specific to the detachable 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 5-12, 14-15, 17, 21, and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Priev et al. (US 2016/0085960 A1; hereinafter, “Priev”) in view of King et al. (US2014/0253977 A1; hereinafter “King”), and further in view of Kaal (US2013/0021949 A1; hereinafter, “Kaal”).

Regarding claim 1:
Priev teaches: 
A method of verifying the integrity of an electronic device having connected thereto at least one connectable or disconnectable component (para. [0001]: Embodiments relate to securely pairing computing devices; para. [0027]: As shown in FIG. 1, system 10 is a detachable portable computing device having a base portion 12 and a detachable portion 18; para. [0045]: Referring now to FIG. 4, shown are timing illustrations of a pairing protocol and a connection protocol in an embodiment. As first illustrated in FIG. 4, a pairing protocol 410 is initially used to securely pair the devices. --- It is noted that securely pair the devices teaches a method of verifying the integrity of an electronic device having connected thereto at least one connectable or disconnectable component; a base portion 12 teaches an electronic device; and a detachable portion 18 teaches at least one connectable or disconnectable component), the method comprising: 
obtaining information specific to each of said at least one connectable or disconnectable component, the information being stored in each of said at least one connectable or disconnectable component respectively (para. [0037]: As seen, method 200 begins by receiving a request to connect (block 210). This request is received in the base portion from the detachable portion; para. [0038]: With this request, an identifier for the detachable portion is received (which may be different than a MAC identifier of the detachable portion; para. [0020]: Note of course that each device may also store its own device ID. --- It is noted that an identifier for the detachable portion is received teaches obtaining information specific to each of said at least one connectable or disconnectable component; here, the detachable portion teaches said at least one connectable or disconnectable component, and an identifier and/or MAC identifier teaches information specific to each component; each device may also store its own device ID teaches that the identifier for the detachable portion is stored in the detachable portion, which teaches the information being stored in each of said at least one connectable or disconnectable component respectively);
preparing a temporary master value on the basis of said information specific to each of a respective connectable or disconnectable component of the at least one connectable or disconnectable component (Figs. 4 and 5 & para. [0038]: More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key); para. [0087]: In Example 16, the authentication of the first portion of Example 14 comprises access to an entry in a secure storage of the second portion including the identifier for the first portion and the shared key, using the identifier for the first portion. --- It is noted that a base portion may access an entry using the detachable portion ID teaches preparing a temporary master value, here the detachable portion ID teaches a temporary master value as well as said information since the detachable portion ID is a kind of information. Also, the detachable portion ID is temporarily used for accessing an entry, which teaches preparing a temporary master value; in this regard, the claim does not specify how a temporary master value is prepared, so for the sake of examination, the limitation “preparing” is interpreted as making (something) ready for use; based on the received detachable portion ID teaches on the basis of said information specific to each of a respective connectable or disconnectable component of the at least one connectable or disconnectable component);
authenticating said temporary master value using a second master value that has been previously prepared in order to determine the integrity of the electronic device (para. [0038]: an authentication may be performed based on a shared key, which may be a MK (block 220). More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key); para. [0018]: The pairing process creates a master key (MK) in both portions. In an embodiment, the generated master key is stored securely in a secure storage of the portions. --- It is noted that an authentication may be performed based on the received detachable portion ID and based on a shared key teaches authenticating said temporary master value using a second master value; the generated master key stored securely in a secure storage teaches a second master value that has been previously prepared; a base portion may access an entry using the detachable portion ID and determine whether the detachable portion is authenticated teaches authenticating said temporary master value in order to determine the integrity of the electronic device; here, the claim does not specify how said temporary master value is authenticated, thus for the sake of examination, it is interpreted as authenticating a respective connectable or disconnectable component using the temporary master value); and  
prior to preparing the temporary master value, verifying a state of an indicator of the electronic device, the indicator being stored in a secure memory of the electronic device and configured … (para. [0022]: Based on given policy, an embodiment may first authenticate a user of both devices (e.g., according to a multi-factor authentication) and confirm identity of the user (at least to a given threshold) before the pairing process is enabled. In some cases it may be sufficient from a policy standpoint for a user to be logged in to each device of the to-be-paired devices to confirm that the pairing is not initiated by other than the owner; FIG. 6 & para. [0051]: As seen, one or more user input devices 505 are provided to receive user input; para. [0052]: Based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user to which the user input information is compared for a relative or probabilistic match), security engine 510 may generate an authentication result, e.g., to indicate whether a given user is authenticated according to a given authentication process. --- It is noted that first authenticate a user of both devices before the pairing process teaches prior to preparing the temporary master value, since the detachable portion ID (i.e., the temporary master value) is received in the connection protocol; to confirm that the pairing is not initiated by other than the owner teaches verifying a state of an indicator of the electronic device, here the claim does not specifically define what the indicator exactly is and what a state of an indicator means, so for the sake of examination, an indicator is interpreted as any information regarding a state of a device (e.g., identity record for a user), and a state of an indicator is interpreted as a state of the device indicated by the information (e.g., the pairing is not initiated by other than the owner); information (e.g., identity record for a user) is stored in a secure storage 520 teaches the indicator being stored in a secure memory of the electronic device; here a secure storage teaches a secure memory);
wherein … the second master value are a value of a type selected from the group comprising: a key; [a token; the result of a hashing function; and a result of a cryptographic function] (para. [0038]: More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key) --- It is noted that the stored shared key teaches the second master value is a value of a type selected from the group comprising: a key). 
Priev is silent about: 
… [the indicator] … configured to indicate whether the electronic device is locked for only one user;
wherein the temporary master value … are a value of a type selected from the group comprising: a key; a token; the result of a hashing function; and a result of a cryptographic function.
King teaches:  
… [the indicator] … configured to indicate whether the electronic device is locked for only one user (para. [0890]: Additional security for transactions can be obtained by associating a portable device with only one user, such as by correlating the device serial number to a user's account or subscription in a network database. Alternatively, the system stores the device identifier in the smart card (or storing a smart card identifier in the portable scanner) to lock the scanner to the smart card. The device's processor verifies that the correct smart card was inserted before the portable scanner 200 is permitted to function. Smart cards with internal processors could also verify that they are inserted in the portable device to which they have been locked prior to allowing access to any information in the smart card. --- Note that the system stores the device identifier to verify a device is associated with only one user with only one user, which teaches the indicator indicates whether the electronic device is locked for only one user).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Priev’s apparatus by enhancing Priev’s apparatus to confirm whether the base portion is associated with only one owner (i.e., locked with only one user), as taught by King, in order to allow the only one owner to initiate the pairing process and connection process. 
The motivation is to protect the base portion and sensitive information included therein from unauthorized persons by confirming whether the base portion is associated with only an authorized person.
Priev in view of King is silent about:  
wherein the temporary master value … are a value of a type selected from the group comprising: a key; a token; the result of a hashing function; and a result of a cryptographic function.
Kaal teaches:  
wherein the temporary master value … are a value of a type selected from the group comprising: a key; a token; the result of a hashing function; and a result of a cryptographic function (Abstract: A set of identifiers which belong to the set of networks can be stored at the first node. Hash values are generated at the first node for the identifiers in the set of identifiers using a hash function. The generated hash values are transmitted from the first node to the second node. The second node determines an identifier of a particular network available for communicating with the second node. The second node generates a hash value for the identifier using the hash function. The second node compares the hash value of the identifier with the hash values received at the second node from the first node to determine whether the particular network belongs to said set of networks. --- Note that hash values are generated at the first node for the identifiers and transmitted to the second node, which teaches the temporary master value is the result of a hashing function).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Priev in view of King’s apparatus by enhancing Priev in view of King’s detachable portion to send a hash value for its identifier to the base portion, as taught by Kaal, in order to transfer the identifier in a secure manner. 
The motivation is to protect the sensitive information from an unauthorized person thereby preventing the unauthorized persons from accessing the base and detachable portions using an identifier illegally obtained. 

Regarding claim 3:
Priev in view of King and Kaal teaches: 
The method according to claim 1, wherein. 
Priev further teaches: 
wherein said information specific to each of said at least one connectable or disconnectable component includes an identifier of the respective connectable or disconnectable component (para. [0020]: Note of course that each device may also store its own device ID. --- It is noted that device ID teaches an identifier of the respective connectable or disconnectable component).  

Regarding claim 5: 
Priev in view of King and Kaal teaches:
The method according to claim 1, further comprising. 
Priev further teaches: 
obtaining information specific to a user of the electronic device as stored in said connectable or disconnectable component ((para. [0020]: Note of course that each device may also store its own device ID; para. [0052]: Based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user to which the user input information is compared for a relative or probabilistic match), security engine 510 may generate an authentication result, e.g., to indicate whether a given user is authenticated according to a given authentication process. --- It is noted that based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user…) teaches obtaining information specific to a user of the electronic device as stored in said connectable or disconnectable component); and
deducing the integrity of the electronic device from said authentication of said temporary master value and from authentication of the information specific to the user of the electronic device by using previously-obtained information specific to the user of the electronic device (para. [0022]: Based on given policy, an embodiment may first authenticate a user of both devices (e.g., according to a multi-factor authentication) and confirm identity of the user (at least to a given threshold) before the pairing process is enabled. In some cases it may be sufficient from a policy standpoint for a user to be logged in to each device of the to-be-paired devices to confirm that the pairing is not initiated by other than the owner; (para. [0038]: an authentication may be performed based on a shared key, which may be a MK (block 220). More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). --- It is noted that only an authenticated user performs a given authentication process, and an authentication may be performed based on a shared key, which teaches deducing the integrity of the electronic device from said authentication of said temporary first master value and from authentication of the information specific to the user of the electronic device by using previously-obtained information specific to the user of the electronic device).

Regarding claim 6: 
Priev in view of King and Kaal teaches:
The method according to claim 5. 
Priev further teaches: 
wherein the information specific to the user of the electronic device and stored in the connectable or disconnectable component and the previously-obtained information specific to the user of the electronic device are prepared based on biometric information of the user (para. [0064]: In addition, one or more authentication devices 995 may be used to receive, e.g., user biometric input for use in authentication operations. --- It is noted that receive, e.g., user biometric input for use in authentication operations teaches the information specific to the user are prepared based on biometric information of the user) [or based on a personal code of the user of the electronic device]. 

Regarding claim 7: 
Priev in view of King and Kaal teaches:
The method according to claim 1, further comprising … 
Priev further teaches: 
obtaining information specific to a user of the electronic device (para. [0052]: Based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user to which the user input information is compared for a relative or probabilistic match), security engine 510 may generate an authentication result, e.g., to indicate whether a given user is authenticated according to a given authentication process. --- It is noted that based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user…) teaches obtaining information specific to a user of the electronic device); and 
deducing the integrity of the electronic device from said authentication of said temporary master value and from authentication of the information specific to the user of the electronic device by using previously-obtained information specific to the user of the electronic device (para. [0022]: Based on given policy, an embodiment may first authenticate a user of both devices (e.g., according to a multi-factor authentication) and confirm identity of the user (at least to a given threshold) before the pairing process is enabled. In some cases it may be sufficient from a policy standpoint for a user to be logged in to each device of the to-be-paired devices to confirm that the pairing is not initiated by other than the owner; (para. [0038]: an authentication may be performed based on a shared key, which may be a MK (block 220). More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). --- It is noted that only an authenticated user performs a given authentication process, and an authentication may be performed based on a shared key, which teaches deducing the integrity of the electronic device from said authentication of said temporary master value and from authentication of the information specific to the user of the electronic device by using previously-obtained information specific to the user of the electronic device), wherein the information specific to the user of the electronic device and the previously-obtained information specific to the user of the electronic device are prepared based on biometric information of the user (para. [0064]: In addition, one or more authentication devices 995 may be used to receive, e.g., user biometric input for use in authentication operations. --- It is noted that receive, e.g., user biometric input for use in authentication operations teaches the information specific to the user are prepared based on biometric information of the user) [or based on a personal code of the user of the electronic device], and 
wherein the information specific to the user is stored in a secure memory of the electronic device (para. [0052]: Based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user to which the user input information is compared for a relative or probabilistic match), security engine 510 may generate an authentication result, e.g., to indicate whether a given user is authenticated according to a given authentication process. --- It is noted that based on information stored in a secure storage 520 (such as a corresponding identity record for a user…) teaches the information specific to the user is stored in a secure memory) or in a memory of a secure element of the electronic device or in a remote server.

Regarding claim 8: 
Priev in view of King and Kaal teaches:
The method according to claim 5. 
Priev further teaches: 
wherein said previously-obtained information specific to the user is associated with said second master value (para. [0052]: Based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user to which the user input information is compared for a relative or probabilistic match), security engine 510 may generate an authentication result, e.g., to indicate whether a given user is authenticated according to a given authentication process; para. [0061]: Further, understand that TPM 892 may further include a secure storage to store secrets such as a shared master key and transport keys, user identity records, device attestation information, and/or policy information, as examples. --- It is noted that the claim does not specifically define how the information specific to the user is associated with said second master value, thus, for the sake of examination, it is interpreted as being associated in any reason. That is, a shared master key can be accessed only after a given user is authenticate, which teaches associated with each other; or a shared master key and user identity records are stored in the same storage, which also teaches associated with each other).

Regarding claim 9: 
Priev in view of King and Kaal teaches:
The method according to claim 1, including … 
Priev further teaches: 
verifying a state of a second indicator for the at least one connectable or disconnectable component that indicates whether the at least one connectable or disconnectable component is associated with the electronic device (para. [0042]: Responsive to this request, the detachable portion sends a request to the base portion with an identifier for the detachable portion (block 320). Next, it is determined (at diamond 325) whether a response is received from the base portion including an identifier for the base portion and attribute information of the base portion. Note that this response may be sent responsive to authentication of the detachable portion in the base portion, e.g., as performed using a shared key, e.g., a MK as discussed above. Note that if this information is not received (e.g., within a given timeout period), control passes to block 345 where a connection failure may be reported, such as by display of a message on a display of one of the base portion and the detachable portion. --- It is noted that it is determined (at diamond 325) whether a response is received from the base portion including an identifier for the base portion and attribute information of the base portion, which teaches verifying a state of a second indicator for the at least one connectable or disconnectable component that indicates whether the at least one connectable or disconnectable component is associated with the electronic device; here, a response including an identifier for the base portion and attribute information of the base portion teaches a second indicator; if this information is not received (e.g., within a given timeout period), a connection failure may be reported, so which teaches a second indicator indicates whether the at least one connectable or disconnectable component is associated with the electronic device).

Regarding claim 10:  
Priev in view of King and Kaal teaches:
The method according to claim 1. 
Priev further teaches: 
wherein the second master value is stored in a secure memory of the electronic device (para. [0038]: More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). --- It is noted that the stored shared key (stored in the base portion) teaches the second master value; the stored shared key is stored in its secure storage, which teaches stored in a secure memory of the electronic device), [or in a memory of a secure element of the electronic device, or in a remote server, and if the second master value is stored in the remote server, said authenticating of the temporary master value is performed by at least one communication with said remote server].

Regarding claim 11: 
Priev in view of King and Kaal teaches:
The method according to claim 1. 
Priev further teaches: 
wherein the integrity of the device is verified prior to performing at least one secure (para. [0013]: In various embodiments, multiple portions of a platform may be securely paired and connected, first via a pairing protocol which in an embodiment may leverage a conventional wireless pairing protocol, and then secure connection via a connection protocol, which may leverage a conventional wireless connection protocol; para. [0045]: Referring now to FIG. 4, shown are timing illustrations of a pairing protocol and a connection protocol in an embodiment. As first illustrated in FIG. 4, a pairing protocol 410 is initially used to securely pair the devices. --- It is noted that a pairing protocol is performed and then secure connection via a connection protocol is performed; here, a pairing protocol 410 initially used to securely pair the devices teaches the integrity of the device is verified; secure connection via a connection protocol teaches at least one secure function).  

Regarding claim 12: 
Priev in view of King and Kaal teaches:
The method according to claim 1. 
Priev further teaches: 
wherein the method is performed at least in part using a trusted execution environment (para. [0014]: In various embodiments, both during a pairing protocol and a connection protocol, the devices may be executing in a trusted execution environment (TEE)).

Regarding claim 14: 
Priev in view of King and Kaal teaches:
The method according to claim 1. 
Priev further teaches: 
wherein preparing of the second master value comprises: (para. [0045]: In response to receipt of this pairing response, detachable portion 440 may create a shared key, namely a MK and store this MK in an entry of a secure storage along with an identifier of the base portion. Similar operations to create and store the shared key in a secure storage of base portion 450 also may be performed such that both devices include corresponding entries in their secure storage that associate the shared key with the device identifier for the other device. --- It is noted that the base portion creates a shared key, namely a MK, which teaches preparing of the second master value): 
connecting said connectable or disconnectable component to the electronic device (para. [0045]: In the embodiment shown in FIG. 4, a detachable portion 440 issues a pairing request to a base portion 450. Note that this request may be sent when the devices are physically connected (which may be a condition required by a given pairing policy. --- It is noted that request is sent when the devices are physically connected, which teaches connecting said connectable or disconnectable component to the electronic device prior to the obtaining); 
obtaining said information specific to said at least one connectable or disconnectable component stored in said connectable or disconnectable component (para. [0037]: As seen, method 200 begins by receiving a request to connect (block 210). This request is received in the base portion from the detachable portion; para. [0038]: With this request, an identifier for the detachable portion is received (which may be different than a MAC identifier of the detachable portion; para. [0020]: Note of course that each device may also store its own device ID. --- It is noted that an identifier for the detachable portion is received teaches obtaining said information specific to said at least one connectable or disconnectable component; each device may also store its own device ID teaches stored in said connectable or disconnectable component); and 
preparing said second master value based on said information specific to said at least one connectable or disconnectable component (para. [0045]: In response to receipt of this pairing response, detachable portion 440 may create a shared key, namely a MK and store this MK in an entry of a secure storage along with an identifier of the base portion. Similar operations to create and store the shared key in a secure storage of base portion 450 also may be performed such that both devices include corresponding entries in their secure storage that associate the shared key with the device identifier for the other device; para. [0038]: an authentication may be performed based on a shared key, which may be a MK (block 220). More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). --- It is noted that the base portion creates a shared key, namely a MK, which teaches preparing of the second master value; the stored shared key is accessed based on the received detachable portion ID, which teaches based on said information specific to said at least one connectable or disconnectable component).  

Regarding claim 15: 
Priev in view of King and Kaal teaches:
The method according to claim 1. 
Priev further teaches: 
wherein preparing of the second master value comprises: (--- see claim 14 above): 
connecting said connectable or disconnectable component to the electronic device (--- see claim 14 above); 
obtaining said information specific to said at least one connectable or disconnectable component stored in said connectable or disconnectable component (--- see claim 14 above); and 
preparing said second master value based on said information specific to said at least one connectable or disconnectable component (--- see claim 14 above); 
wherein it is verified that the state of the indicator of the electronic device indicates that the device is not locked for only one user prior to preparing said second master value (para. [0022]: Based on given policy, an embodiment may first authenticate a user of both devices (e.g., according to a multi-factor authentication) and confirm identity of the user (at least to a given threshold) before the pairing process is enabled. In some cases it may be sufficient from a policy standpoint for a user to be logged in to each device of the to-be-paired devices to confirm that the pairing is not initiated by other than the owner; para. [0017]: In this way, someone who is not an owner but has physical access to one of the parts will not be able to trigger the pairing process. --- It is noted that someone who is not an owner will not be able to trigger the pairing process teaches it is verified that the state of the indicator indicates that the device is not locked for only one user; the pairing process teaches preparing said second master value; the user authentication is performed prior to the pairing process). 

Regarding claim 17: 
Priev in view of King and Kaal teaches:
The method according to claim 5. 
Priev further teaches: 
wherein preparing of the second master value comprises: (--- see claim 14 above): 
 connecting said connectable or disconnectable component to the electronic device (--- see claim 14); 
obtaining said information specific to said at least one connectable or disconnectable component stored in said connectable or disconnectable component (--- see claim 14); and 
preparing said second master value based on said information specific to said at least one connectable or disconnectable component (--- see claim 14); 
preparing said information specific to the user, wherein the information specific to the user is obtained from user interaction with the electronic device, and storing said information specific to the user in said at least one connectable or disconnectable component (para. [0051]: As seen, one or more user input devices 505 are provided to receive user input. Types of user input devices vary in different examples and can include familiar keyboard, virtual keyboard, mouse, touchpad, touchscreen, and so forth, in addition to authentication-based devices such as a fingerprint scanner, eye scanner, among others; para. [0022]: Based on given policy, an embodiment may first authenticate a user of both devices (e.g., according to a multi-factor authentication) and confirm identity of the user (at least to a given threshold) before the pairing process is enabled. In some cases it may be sufficient from a policy standpoint for a user to be logged in to each device of the to-be-paired devices to confirm that the pairing is not initiated by other than the owner. --- It is noted that one or more user input devices 505 are provided to receive user input, which teaches preparing said information specific to the user, wherein the information specific to the user is obtained from user interaction with the electronic device. In this regard, the specification describes that In step A12, the user interacts with the interface and inputs information such as a PIN or biometric information received by the man-machine interface in step C12 (see para. [0101]), thus the “obtain” is interpreted as “input”; and a user to be logged in to each device of the to-be-paired devices, which teaches storing said information specific to the user in said at least one connectable or disconnectable component). 

Regarding claim 21:
Priev in view of King and Kaal teaches:
The method according to claim 1. 
Priev further teaches: 
wherein when an error is detected and the electronic device is blocked, or the electronic device is caused to operate in a degraded mode of operation, or said at least one connectable or disconnectable component is blocked (para. [0038]: Note that if the detachable portion is not authenticated at diamond 225, control passes to block 240 where a connection failure may be reported. For example, a user may be notified of the connection failure via a message on a display of one of the base portion and the detachable portion. --- It is noted that if the detachable portion is not authenticated, a connection failure may be reported, which implies said at least one connectable or disconnectable component is blocked).  

Regarding claim 23:
Claim 23 recites an electronic device which corresponds to a method of claim 1, and additionally contains “a processor” and “a non-transitory computer-readable medium”. 
In this regard, Priev further discloses that such operation may especially be performed when the parts are smart (namely including some form of storage to store identifying information, memory and central processing unit (CPU)) to provide control as to what devices are allowed to connect and in what manner (e.g., whether coupling remotely is allowed) (See para. [0012]). Therefore claim 23 is rejected by applying the same rationale used to reject claim 1 above.

Regarding claim 24:
Priev in view of King and Kaal teaches:
	The electronic device according to claim 23.
Priev further teaches: 
wherein the electronic device is a mobile electronic device (para. [0027]: Referring to FIG. 1, shown is an illustration of a portable system in accordance with an embodiment of the present invention).   

Regarding claim 25:
Priev in view of King and Kaal teaches:

Priev further teaches: 
when the integrity of the electronic device is verified, unblocking or activating a near-field communication component of the electronic device (para. [0064]: In various embodiments, at least portions of the secure pairing and connection techniques may be performed using security processor 950, which may be used in part to set up a TEE. A plurality of sensors 925 may couple to application processor 910 to enable input of a variety of sensed information such as accelerometer and other environmental information. In addition, one or more authentication devices 995 may be used to receive, e.g., user biometric input for use in authentication operations; para. [0065]: As further illustrated, a near field communication (NFC) contactless interface 960 is provided that communicates in a NFC near field via an NFC antenna 965. --- It is noted that the secure pairing and connection techniques may be performed teaches when the integrity of the electronic device is verified; and a near field communication (NFC) contactless interface 960 is provided teaches unblocking or activating a near-field communication component of the electronic device).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Priev et al. (US 2016/0085960 A1; hereinafter, “Priev”) in view of King et al. (US2014/0253977 A1; hereinafter “King”), and further in view of Kaal (US2013/0021949 A1; hereinafter, “Kaal”) and Sprague (US 2016/0275461 A1; hereinafter, “Sprague”).

Regarding claim 13: 
Priev in view of King and Kaal teaches:
The method according to claim 12. 
Priev in view of King and Kaal is silent about: 

Sprague teaches: 
wherein the electronic device is provided with a rich operating system and the method includes initially switching from the rich operating system to the trusted execution environment (para. [0061]: In one example preferred embodiment, the TEE may be implemented as a mobile phone hardware security chip separate execution environment that runs alongside the Rich Operating System and provides security services to that rich environment. The TEE offers an execution space that provides a higher level of security than a Rich OS).  
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Priev in view of King and Kaal’s apparatus by enhancing Priev in view of King and Kaal’s apparatus to run executing in a trusted execution environment (TEE) alongside the Rich Operating System, as taught by Sprague, in order to provide an extra layer of security.
The motivation is to offer an execution space by the TEE that provides a higher level of security than a Rich OS (Sprague, para. [0061]).

Claims 16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Priev et al. (US 2016/0085960 A1; hereinafter, “Priev”) in view of King et al. (US2014/0253977 A1; hereinafter “King”), and further in view of Kaal (US2013/0021949 A1; hereinafter, “Kaal”) and Louboutin et al. (US 8,925,069 B2; hereinafter, “Louboutin”).

Regarding claim 16: 
Priev in view of King and Kaal teaches: 

Priev teaches: 
wherein preparing of the second master value comprises: (para. [0045]: In response to receipt of this pairing response, detachable portion 440 may create a shared key, namely a MK and store this MK in an entry of a secure storage along with an identifier of the base portion. Similar operations to create and store the shared key in a secure storage of base portion 450 also may be performed such that both devices include corresponding entries in their secure storage that associate the shared key with the device identifier for the other device. --- It is noted that the base portion creates a shared key, namely a MK, which teaches preparing of the second master value): 
connecting said connectable or disconnectable component to the electronic device (para. [0045]: In the embodiment shown in FIG. 4, a detachable portion 440 issues a pairing request to a base portion 450. Note that this request may be sent when the devices are physically connected (which may be a condition required by a given pairing policy. --- It is noted that request is sent when the devices are physically connected, which teaches connecting said connectable or disconnectable component to the electronic device prior to the obtaining);
obtaining said information specific to said at least one connectable or disconnectable component stored in said connectable or disconnectable component (para. [0037]: As seen, method 200 begins by receiving a request to connect (block 210). This request is received in the base portion from the detachable portion; para. [0038]: With this request, an identifier for the detachable portion is received (which may be different than a MAC identifier of the detachable portion; para. [0020]: Note of course that each device may also store its own device ID. --- It is noted that an identifier for the detachable portion is received teaches obtaining said information specific to said at least one connectable or disconnectable component; each device may also store its own device ID teaches stored in said connectable or disconnectable component); and 
(para. [0045]: In response to receipt of this pairing response, detachable portion 440 may create a shared key, namely a MK and store this MK in an entry of a secure storage along with an identifier of the base portion. Similar operations to create and store the shared key in a secure storage of base portion 450 also may be performed such that both devices include corresponding entries in their secure storage that associate the shared key with the device identifier for the other device; para. [0038]: an authentication may be performed based on a shared key, which may be a MK (block 220). More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). --- It is noted that the base portion creates a shared key, namely a MK, which teaches preparing of the second master value; the stored shared key is accessed based on the received detachable portion ID, which teaches based on said information specific to said at least one connectable or disconnectable component); 
wherein it is verified that the state of the indicator of the electronic device indicates that the device is not locked for only one user prior to preparing said second master value (para. [0017]: In this way, someone who is not an owner but has physical access to one of the parts will not be able to trigger the pairing process. --- It is noted that someone who is not an owner will not be able to trigger the pairing process teaches it is verified that the state of the indicator of the electronic device indicates that the device is not locked for only one user; the pairing process teaches preparing said second master value; the user authentication is performed prior to the pairing process); and 
wherein if the state of the indicator of the electronic device indicates that the device is not locked for only one user (para. [0017]: In this way, someone who is not an owner but has physical access to one of the parts will not be able to trigger the pairing process. --- It is noted that someone who is not an owner will not be able to trigger the pairing process teaches it is verified that the state of the indicator of the electronic device indicates that the device is not locked for only one user; the pairing process teaches preparing said second master value; the user authentication is performed prior to the pairing process), the state of said second indicator … indicate that the connectable or disconnectable component is associated with the electronic device after preparing said second master value (para. [0042]: Responsive to this request, the detachable portion sends a request to the base portion with an identifier for the detachable portion (block 320). Next, it is determined (at diamond 325) whether a response is received from the base portion including an identifier for the base portion and attribute information of the base portion. Note that this response may be sent responsive to authentication of the detachable portion in the base portion, e.g., as performed using a shared key, e.g., a MK as discussed above. Note that if this information is not received (e.g., within a given timeout period), control passes to block 345 where a connection failure may be reported, such as by display of a message on a display of one of the base portion and the detachable portion. --- It is noted that a response including an identifier for the base portion and attribute information of the base portion teaches the second indicator; if this information is not received (e.g., within a given timeout period), a connection failure may be reported, so which teaches a second indicator indicates whether the at least one connectable or disconnectable component is associated with the electronic device). 
Priev in view of King and Kaal is silent about: 
… the state of said second indicator is set to indicate …  
Louboutin teaches: 
… the state of said second indicator is set to indicate …  (col. 11, ll. 4-7: a host device and an accessory are “connected” whenever a communication channel is established between their respective interfaces and “disconnected” when the channel is terminated; col. 13, ll. 57-60: In some embodiments, known-good list 142 can also include a state indicator that indicates whether accessory 102 is currently connected, and block 314 can include setting the indicator to the “connected” state; col. 15, ll. 8-11: If accessory 102 has reconnected, then at block 412, host device 100 can update known-good list 142 to indicate that accessory 102 is connected (e.g., by changing the state indicator to indicate the connected state). --- It is noted that if a communication channel is established, a state indicator indicating that accessory is currently connected).  
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Priev in view of King and Kaal’s apparatus by enhancing Priev in view of King and Kaal’s response from the base portion to indicate the connection state, as taught by Louboutin, in order to trigger the pairing process.
The motivation is to bypass an authentication process of the removal medium and allow the client system and the removal medium to resume communication more quickly after an interruption by verifying that the removal medium is connected with the client apparatus and in the known-good list.

Regarding claim 18: 
Priev in view of King and Kaal teaches: 
The method according to claim 1. 
Priev teaches: 
wherein said at least one connectable or disconnectable component is … verifying (para. [0038]: More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). If the authentication is determined (at diamond 225). --- It is noted that If the authentication is determined that the detachable portion is authenticated, which teaches wherein said at least one connectable or disconnectable component is … verifying).
Priev in view of King and Kaal is silent about: 
… disconnected after the verifying.
Louboutin teaches: 
… disconnected after the verifying (col. 14, ll. 8-12: Accessory I/O interface 218 of host device 202 and host I/O interface 236 of accessory 204 allow host device 202 to be connected with accessory 204 and subsequently disconnected from accessory 204. As used herein, a host device and an accessory are “connected” whenever a communication channel is established between their respective interfaces and “disconnected” when the channel is terminated; col. 14, ll. 8-12: Once interoperation begins at block 316, it can continue indefinitely, until such time as the accessory becomes disconnected from the host. For instance, one or both devices might be powered down, moved out of wireless communication range of the other, or physically disconnected; col. 14, ll. 19-22: at block 402, where a host device (e.g., host device 100) detects that an accessory (e.g., accessory 102) that was interoperating with the host device has become disconnected).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Priev in view of King and Kaal ‘s apparatus by enhancing Priev in view of King and Kaal’s apparatus to disconnect the detachable portion from the base portion when the operation is terminated, as taught by Louboutin, for the safety of the detachable portion and the base portion. 
It is well known that an attachable or detachable device is disconnected from a base or main device when its operation is terminated for the safety of the apparatus.

Regarding claim 19: 
Priev in view of King and Kaal teaches: 

Priev teaches: 
wherein said at least one connectable or disconnectable component is … verifying (para. [0038]: More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). If the authentication is determined (at diamond 225). --- It is noted that If the authentication is determined that the detachable portion is authenticated, which teaches wherein said at least one connectable or disconnectable component is … verifying) …
Priev in view of King and Kaal is silent about: 
… disconnected after the verifying; and 
wherein prior to said disconnection, the state of said second indicator is set to indicate that the connectable or disconnectable component is not associated with the electronic device.
Louboutin teaches: 
… disconnected after the verifying (col. 14, ll. 8-12: Accessory I/O interface 218 of host device 202 and host I/O interface 236 of accessory 204 allow host device 202 to be connected with accessory 204 and subsequently disconnected from accessory 204. As used herein, a host device and an accessory are “connected” whenever a communication channel is established between their respective interfaces and “disconnected” when the channel is terminated; col. 14, ll. 8-12: Once interoperation begins at block 316, it can continue indefinitely, until such time as the accessory becomes disconnected from the host. For instance, one or both devices might be powered down, moved out of wireless communication range of the other, or physically disconnected; col. 14, ll. 19-22: at block 402, where a host device (e.g., host device 100) detects that an accessory (e.g., accessory 102) that was interoperating with the host device has become disconnected); and 
(col. 14, ll. 29-33: At block 404, in response to detecting disconnection, host device 100 can update known-good list 142 to indicate that accessory 102 has become disconnected, e.g., by updating the state indicator associated with the accessory identifier from the “connected” state to a “disconnected” state).  
The motivation for claim 18 is applicable for claim 19.

Regarding claim 20: 
Priev in view of King and Kaal teaches: 
The method according to claim 5. 
Priev teaches: 
wherein said at least one connectable or disconnectable component is … verifying (para. [0038]: More specifically, based on the received detachable portion ID, a base portion may access an entry in its secure storage (using the detachable portion ID) and determine whether the detachable portion is authenticated (e.g., using the stored shared key). If the authentication is determined (at diamond 225). --- It is noted that If the authentication is determined that the detachable portion is authenticated, which teaches wherein said at least one connectable or disconnectable component is … verifying) …
… the method includes:   
preparing said information specific to the user in which the user interacts with the electronic device (para. [0051]: As seen, one or more user input devices 505 are provided to receive user input. Types of user input devices vary in different examples and can include familiar keyboard, virtual keyboard, mouse, touchpad, touchscreen, and so forth, in addition to authentication-based devices such as a fingerprint scanner, eye scanner, among others. --- It is noted that one or more user input devices 505 are provided to receive user input, which teaches preparing said information specific to the user in which the user interacts with the electronic device), and 
comparing said information specific to the user as prepared with the information as stored in said connectable or disconnectable component (para. [0052]: Based on user input information and information stored in a secure storage 520 (such as a corresponding identity record for a user to which the user input information is compared for a relative or probabilistic match); para. [0022]: Based on given policy, an embodiment may first authenticate a user of both devices (e.g., according to a multi-factor authentication) and confirm identity of the user (at least to a given threshold) before the pairing process is enabled. In some cases it may be sufficient from a policy standpoint for a user to be logged in to each device of the to-be-paired devices to confirm that the pairing is not initiated by other than the owner. --- It is noted that the user input information is compared, which teaches comparing said information specific to the user as prepared with the information; for a user to be logged in to each device of the to-be-paired devices teaches as stored in said connectable or disconnectable component).  
Priev in view of King and Kaal is silent about: 
… disconnected after the verifying; 
wherein prior to said disconnection, the state of said second indicator is set to indicate that the component is not associated with the electronic device; and 
wherein in order to set the state of said second indicator to indicate that the connectable or disconnectable component is not associated with the electronic device …
Louboutin teaches: 
… disconnected after the verifying (col. 14, ll. 8-12: Accessory I/O interface 218 of host device 202 and host I/O interface 236 of accessory 204 allow host device 202 to be connected with accessory 204 and subsequently disconnected from accessory 204. As used herein, a host device and an accessory are “connected” whenever a communication channel is established between their respective interfaces and “disconnected” when the channel is terminated; col. 14, ll. 8-12: Once interoperation begins at block 316, it can continue indefinitely, until such time as the accessory becomes disconnected from the host. For instance, one or both devices might be powered down, moved out of wireless communication range of the other, or physically disconnected; col. 14, ll. 19-22: at block 402, where a host device (e.g., host device 100) detects that an accessory (e.g., accessory 102) that was interoperating with the host device has become disconnected); 
wherein prior to said disconnection, the state of said second indicator is set to indicate that the component is not associated with the electronic device (col. 14, ll. 29-33: At block 404, in response to detecting disconnection, host device 100 can update known-good list 142 to indicate that accessory 102 has become disconnected, e.g., by updating the state indicator associated with the accessory identifier from the “connected” state to a “disconnected” state.--- It is obvious to update the state indicator prior to disconnection); and 
wherein in order to set the state of said second indicator to indicate that the connectable or disconnectable component is not associated with the electronic device, the method … (col. 14, ll. 29-33: At block 404, in response to detecting disconnection, host device 100 can update known-good list 142 to indicate that accessory 102 has become disconnected, e.g., by updating the state indicator associated with the accessory identifier from the “connected” state to a “disconnected” state.--- Louboutin does not exactly disclose that the method includes … in order to give a state, but it would be obvious to determine user’s authority to give a state).  
The motivation for claim 18 is applicable for claim 20.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Any inquiry concerning this communication or earlier communications from the examiner should be directed to WANSIK YOU whose telephone number is (571)270-3360.  The examiner can normally be reached on 7:30-5:30 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KHOI TRAN can be reached on (571)-272-6919.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/W.Y./Examiner, Art Unit 3664



/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491