DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

      Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 03/27/2020, 04/03/2020, 07/14/2020, 08/11/2020, 08/27/2020, 11/23/2020, 01/07/2021, 01/28/2021, 03/31/2021, 04/01/2021, 05/03/2021, 06/15/2021, 07/13/2021, 07/28/2021, 11/03/2021, 11/22/2021 and 01/13/2022 were filed before the mailing date of this office action.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 6-8, 11-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over US-PGPUB No. US 2020/0125772 A1 to Volos et al (hereinafter Volos) and further in view of US-PGPUB No. US 2020/0145409 A1 to Pochuev et al. (hereinafter Pochuev)
Regarding claim 1: 
Volos discloses:
A system for data protection, the system comprising: 
(see Volos ¶05: “… a peripheral device for use with a host computing device, the peripheral device comprising one or more compute elements a security module and at least one encryption unit.”); 
and a storage device coupled to the first computing device, wherein the security module comprises a Root of Trust (RoT), wherein the security module is configured to: 
establish a trust channel between the first computing device and the storage device (see Volos ¶05: “The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device.”, 
¶47: “The security module 120 contains a root endorsement key which is either burnt into fuses of the security module 120 or generated using hardware of the security module 120. The root endorsement key serves as a root of trust … “, and 
¶05: “… one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device.”);  
monitor the first computing device and the storage device (see Volos ¶05: “The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. At least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device.”, and 
¶31: “The first trusted computing entity is any computing device, or trusted execution environment, which is able to store sensitive code 102, store sensitive data 104, encrypt 106 sensitive code and/or sensitive data …”);
take over control of the storage device in response to detection of a security risk to the system (see Volos ¶66-67: “If the security module … receives a command from a tenant to create a TEE it switches into a secure mode … the security module …  disables read/write access to SRAM … the security module … puts the memory of the peripheral device into a known state, such as by resetting the peripheral device and resetting the memory of the peripheral device by writing zeros.”)
However, Volos failed to explicitly disclose the following limitation taught by Pochuev:  
establish multi-dimensional data access control by binding data access and permissions to the first computing device for users, applications, system services, networks, locations, and access (see Pochuev ¶35: “… a cryptographic core of the IoT device 110 … can manage access to the hardware or software RoT. Instead of a user having credentials, the IoT device has attributes stored at the authentication service 104. These attributes are referred to as RoT attributes, and may include 1) Sessions keys; 2) Sequences (inputs accepted); 3) Containers (programs, code, etc.); 4) Derived keys, or any combination thereof. The authentication service 104 can authorize the use of the RoT attributes to external parties, such as the device provisioning service 106, firmware updates, group privacy identity, or the like … the RoT attributes need not be stored in a database, but could be generated on demand by the authentication service 104. The RoT attributes may be key materials, device metadata such as kernel versions or the like, or other attributes.”).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Volos to incorporate the functionality of the IoT device to use multiple attributes to authenticate and authorize users, devices and applications as disclosed by Pochuev, such modification would allow to build precise policies to govern dynamic, scalable, and centralized access to information.  

Regarding claim 2:
The combination of Volos and Pochuev disclose:
The system of claim 1, wherein the security module comprises at least one of a Software- based Root of Trust (SRoT) or a Hardware Root of Trust (HRoT) (see Pochuev ¶27: “… a system for establishing a distributed trust network has a device with a hardware or software root of trust”).  

Regarding claim 3:
The combination of Volos and Pochuev disclose:
The system of claim 1, wherein the first computing device further comprises a third-party agent configured to communicate to one or more third-party applications, which include an insider threat detection application, a data loss prevention application, a system and/or network intrusion detection application, and/or a user behavior analysis application (see Pochuev ¶35: “The authentication service 104 can authorize the use of the RoT attributes to external parties, such as the device provisioning service 106, firmware updates, group privacy identity, or the like.”, and  
¶40: “… the IoT client libraries can includes IoT client libraries provided by third-party vendors or IoT platform providers.”).  

Regarding claim 4:
The combination of Volos and Pochuev disclose:
The system of claim 1, wherein the system further comprises a second computing device, wherein the security module uses resources from the first computing device and the second computing device (see Volos ¶05: “P05: there is a peripheral device for use with a host computing device, the peripheral device comprising one or more compute elements a security module and at least one encryption unit. … The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device.”, and
¶11: “FIG. 4 is a schematic diagram of a peripheral device which is an example of the second trusted computing entity of FIG. 1”
¶25: “… the tenant is a computing device referred to as a client, which is in communication with the host computing device over any suitable communications network.”).   

Regarding claim 6:
The combination of Volos and Pochuev disclose:
The system of claim 1, the security module autonomously takes over control of the storage device in response to detection of a security risk to the system (see Volos ¶66-67: “If the security module  … receives a command from a tenant to create a TEE it switches into a secure mode … the security module … disables ... external access to sensitive memory and registers in the peripheral, and places the hardware elements of the peripheral in a known state … the security module …  disables read/write access to SRAM … the security module … puts the memory of the peripheral device into a known state, such as by resetting the peripheral device and resetting the memory of the peripheral device by writing zeros.”).   

Regarding claim 7:

The system of claim 1, wherein the RoT prevents access to application, storage, network, and system resources on associated computing devices in response to detection of the security risk to the system (see Volos ¶66-67: “… If the security module … receives a command from a tenant to create a TEE it switches into a secure mode …  the security module … disables … external access to sensitive memory and registers in the peripheral …”).  

Regarding claim 8:
The combination of Volos and Pochuev disclose:
The system of claim 2, wherein the HRoT and SRoT work together to monitor user, system, application, storage media, and network access behaviors and activities of the system (see Pochuev ¶28: “The RoT of the IoT device 110 can be a hardware RoT, a software RoT, or any combination thereof. The RoT service 102 includes an authentication and authorization policy server 112 and a RoT identity server 114 … the RoT identity server 114 may contain a database of device keys that need to be secured.”).   

Regarding claim 11:
The combination of Volos and Pochuev disclose:
The system of claim 1, wherein the storage device comprises one of a local data storage, external data storage, or a cloud-based storage service (see Volos ¶112: “Although the computer storage media ... is shown within the computing-based device … the storage is, in some examples, distributed or located remotely and accessed via a network or other communication link …”).  

Regarding claim 12:
The combination of Volos and Pochuev disclose:
The system of claim 1, wherein the security risk comprises a suspicious or unauthorized data access from a remote device or from inside of the first computing device (see Volos ¶02: “… where peripheral devices are used additional challenges are introduced …  and often the host itself is untrusted.”, and 
¶126: “The quote enables a potentially remote entity to verify the state of the peripheral device before deciding whether to trust it.”).

Regarding claims 13-16 and 18-19: 
Claims 13-16 and 18-19 recite substantially the same limitations as claims 1-4 and 6-7, respectively, in the form of a data protection system implementing the corresponding method, therefore, they are rejected under the same rationale. 

Regarding claim 20: 
Claim 20 recites substantially the same limitations as claim 1, in the form of a data protection system computing means and storage means, therefore it is rejected under the same rationale.

Claims 5, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Volos, Pochuev and further in view of US-PGPUB No. US 2019/0305938 A1 to Sandberg-Maitland et al. (hereinafter Sandberg)
Regarding claim 5:
The combination of Volos and Pochuev disclose the system of claim 1, but failed to explicitly disclose the following limitation taught by Sandberg: 
wherein the security module establishes the trust channel based on permissioned blockchain technology (see Sandberg ¶20: “… an additional level of trust is needed for control and audit as the use of Distributed Ledger Technology blockchains becomes embedded within global commercial transaction applications ranging from finance to health care to trade. It is necessary to impose a permissioned mode of operation …”). 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Volos and Pochuev to incorporate the functionality of the Distributed Ledger Technology permissioned blockchains to handle global commercial transactions as disclosed by Sandberg, such modification would allow the entire system to be safe and data secure due to the fact that all information exchange and transactions are cryptographically encrypted, and thus all records will be provided with immutable signatures. 

Regarding claim 10:
The combination of Volos, Pochuev and Sandberg disclose:
The system of claim 5, wherein the RoT uses a permissioned Blockchain to log transactions, securely share secrets, establish consensus, confirm system critical operations, and extend trust in the system (see Sandberg ¶17: “… commercial systems which require auditability and strong authentication of peers are built around permissioned blockchain systems.”).  

Regarding claim 17: 
Claim 17 recites substantially the same limitations as claim 5, in the form of a data protection system implementing the corresponding method, therefore, it is rejected under the same rationale.

Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Volos, Pochuev and further in view of US-PGPUB No. US 2019/02534417 A1 to Kim et al. (hereinafter Kim) 
Regarding claim 9:
The combination of Volos and Pochuev disclose the system of claim 2, but failed to explicitly disclose the following limitation taught by Kim: 
wherein the SRoT monitors the HRoT and the HRoT monitors the SRoT (see Kim ¶144: “… the hardware may use the chain of trust to authenticate the software …the software may also authenticate the hardware, resulting in mutual authentication.”
¶143: “… performing software authentication step by step from the root of trust at the hardware level where modification is impossible and integrity is guaranteed may be referred to as a chain of trust.”, and see Fig. 7). 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Volos and Pochuev to incorporate the functionality of the system to mutually authenticate the hardware and software components as disclosed by Kim, such modification would allow sensitive information not to be easily leaked to the outside and thus can provide the highest level of security as a root of trust.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

Smith, II et al.  (US-PGPUB No. 2018/0004953 A1)- disclosed how to established an overall chain-of-trust for an industrial control system.
Le Roy (US-PGPUB No. 2019/0334919 A1)- disclosed access control of an electronic device's resources, relating to systems, devices, and methods for flexible, multi-level resource governorship for managing security and access control properties of an electronic device's resource groups. 
Kumar et al. (US-PGPUB No. 2018/0109538 A1)- disclosed a method that provides policy based adaptive application capability management and device attestation for dynamic control of remote device operations.
Huang et al. (US-PGPUB 2017/0116440 A1)- disclosed Methods, systems, and computer program products for protecting data stored on a device, even when the device is powered off.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Matthias Habtegeorgis whose telephone number is (571)272-1916. The examiner can normally be reached on 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through

Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/M.H./Examiner, Art Unit 2491 


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491