DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on June 13, 2022.
Status of claims within the present application:
Claims 1 – 3, 6 – 11, 14 – 18, and 21 – 26 are pending.
Claims 1, 8, and 15 are amended.
Claims 4 – 5, 12 – 13, and 19 – 20 are cancelled.
Claims 25 – 26 are new.

Claim Rejections - 35 USC § 103
Regarding claims 1 – 3, 7 – 10, 14 – 17, and 21 that were rejected under 35 U.S.C. 103 as being unpatentable over US 8719952 B1 to Damm-Goossens, (hereafter, "Damm") in view of US 20190394042 A1 to Peddada, the rejections are withdrawn.

Regarding claims 4 – 6, 11 – 13, and 18 – 20 that were rejected under 35 U.S.C. 103 as being unpatentable over US 8719952 B1 to Damm-Goossens, (hereafter, "Damm") in view of US 20190394042 A1 to Peddada in further view of US 20150281233 A1 to Asenjo et al., (hereafter, “Asenjo”), the rejections are withdrawn.

Regarding claims 22 – 23 that were rejected under 35 U.S.C. 103 as being unpatentable over US 8719952 B1 to Damm-Goossens, (hereafter, "Damm") in view of US 20190394042 A1 to Peddada in further view of US 20130219166 A1 to Ristov et al., (hereinafter, “Ristov”) , the rejections are withdrawn.


Allowable Subject Matter
Claims 1 – 3, 6 – 11, 14 – 18, and 21 - 26 are allowed, but they are renumbered as claims 1 – 20. The following is an examiner’s statement of reasons for allowance: the following prior arts were yielded during examination of the claims filed on June 13, 2022 in response to office action mailed on January 13, 2022. They do not explicitly teach the applicant’s claimed invention, but they are in general realm of applicant’s field or endeavor:
Damm-Goossens [US 8719952 B1]: This is considered the closest prior art of the instant application that generally relates to the methodology and system for the public key of an RSA (asymmetric) software key pair is maintained confidentially on an authentication server, while the corresponding private key is maintained in encrypted, unstructured form on a mobile communication device (e.g. smartphone). The mobile device cannot verify locally whether a decrypted private key is correct, and a brute force, dictionary, or other attack that yields the correct private key among many decrypted keys does not allow determining which private key is correct without access to the authentication server. A relatively-long (128+ bit, e.g. 512-bit) public key exponent is used to make brute-force local verification of the private key impractical. The unstructured private key can secure other resources such as RSA keys used for digital signing. The enhanced security provided for the private key adds computational and logistical cost, but is of particular use if the mobile device controls access to external resources such as secure websites.
Damm-Goossens does discloses a mobile communication device comprising at least one processor to: generate an asymmetric public key cryptography key pair including a private key and a public key, the private key including a modulus and a private exponent, the public key including the modulus and a public exponent. any two or more of the illustrated service provider system 22, authentication server system 60, and client computer systems 20a-c may be implemented on common hardware, e.g. a common physical computer server. The ATM machine may include a service provider, client, and authentication server on a common physical computer system, and connected to each other through the memory or other local structures of the physical computer system. In some embodiments, each of the systems shown in FIG. 1 is implemented on a distinct physical computer system, and is connected to other systems through LAN/WAN/telecom network connections. such devices may be devices capable of web browsing and thus access to remotely-hosted protected websites, such as desktop, laptop, tablet computer devices, or mobile phones such as smartphones. In some embodiments, such devices may also be gateways to local resources, such as automatic teller machines (ATM), physical premise (e.g. building) security devices, or other local-authentication devices. If implemented on separate physical devices from client computer system 20, each of service provider computer system 22 and authentication server computer system 60 includes hardware components similar to the ones shown in FIG. 2.

Peddada [US 20190394042 A1]: This generally discloses a methodology and system for validation at an application server are described. The application server may validate a user device utilizing a public-private key pair, and may refrain from establishing a database connection until the user device is validated. For example, the application server may transmit a private key and a public key identifier to the user device. When the application server receives a session establishment message that is based on a private key and that contains the public key identifier, the application server may determine the public key of the public-private key pair based on the identifier. The application server may validate that the session establishment message is received from the user device based on the private key and the determined public key. Based on this validation procedure, the application server may establish a database connection with a database, granting the validated user device access to requested data.
Peddada does discloses when generating a private key-public key pair, the application server may store the public key in a local memory storage system of the application server along with an indication of the associated public key identifier, and may transmit the private key and the public key identifier to the user device. For example, the application server may contain association storage for storing associations between public keys of the public-private key pairs and user-specific or user device-specific key ID values associated with the private key. an application server may validate user devices without hitting the database with session authentication requests. For example, each application server may locally support validation for a user device by utilizing a public-private key pair. The application server may transmit the private key of the public-private key pair to a user device (e.g., when setting up the user device as a valid API client), along with either a user certificate or a key identifier (ID) value. the user device 505 may transmit a client certificate message to the application server 510 (e.g., to continue the TLS handshake protocol). The client certificate message may be an example of a session establishment message. The client certificate message may include one or more certificates, and may be based on the private key. For example, the client certificate message may include the certificate received at 520, a certificate generated by the user device 505, a certificate associated with a name from the list of names of root certificates included in the server certificate message, or any combination of these certificates. In some examples, the client certificate message may be generated by the user device 505 using the private key, and/or may contain a key ID value received at 520. For example, the client certificate message may be encrypted using the private key or may be signed by the private key.

Asenjo et al. [US 20150281233 A1]: This generally discloses a methodology and system for Authentication of cloud agents that collect and/or process industrial data facilitates secure communications with a cloud platform. An authentication component receives an authentication request from a cloud agent device residing at an industrial facility. The authentication component also authenticate the cloud agent device in response to the authentication request for a defined period of time based on an access key that uniquely identifies the cloud agent device residing at the industrial facility. A cloud data processing component receives, at a cloud platform, one or more data packets from the cloud agent device during the defined period of time and processes industrial data contained in the one or more data packets according processing instructions associated with the cloud platform.
Asenjo does discloses the authentication component can determine, in one example, an authentication policy for the cloud agent device based on the metadata (e.g., device identification data, industrial facility data, customer data, other data, etc.) associated with the access key. a user can set read permissions, write permissions and/or permissions for one or more cloud services associated with a cloud platform during the registration mode. Therefore, a user (e.g., a cloud service administrator, an owner, etc.) can define privileges to be assigned to each cloud agent device. In a non-limiting example, permissions for one or more cloud services can include permissions for a particular cloud agent device (e.g., a particular cloud agent device associated with a particular MAC address, customer identifier, site identifier and/or location identifier) to utilize a particular cloud storage location and/or cloud application.

Ristov et al. [US 20130219166 A1]: This generally discloses a methodology and system for providing authentication credentials to a server over a communications network includes initiating communication with a server over a communications network. The communication is to be established using a secure connection. A message is received from the server over the communications network as well as a request for a digital certificate associated with a first user account accessible to the server. An encrypted private key is decrypted in a secure hardware module to obtain a decrypted private key. The decrypted private key is associated with the first user account. The message received from the server is passed to the secure hardware module. The message is digitally signed in the secure hardware module using the decrypted private key. The digital certificate and the digitally signed message are sent to the server over the communication network.
Ristov does discloses secure key 582 is a key such as an Advanced Encryption Standard (AES) key that may be randomly generated by the HIM 440 when initializing the secure module 460. The secure key 582 is maintained in the secure module 460 at all times and thus is not even accessible to an administrator or root user of the operating system 426. The processor 551 in the secure module 460 encrypts the private key 580 using the secure key 582 to produce an encrypted private key 584 and transfers the encrypted private key to the HIM 440. The private key 580 then may be deleted from the memory of the secure module 460.
However, none of the prior arts of record independently or in-combination discloses all the limitation of the independent claims 1, 8, and 15 as recited in the amended set of claims being examined.
Therefore, the independent claims are allowable over the prior arts of record. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be labeled “Comments on Statement of Reasons for Allowance.”

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Please amend the claim as follow:
6. (Currently Amended) The method of claim [[5]] 1, further comprising: for each of the one or more logical storage units, determining a frequency with which to poll the storage system to validate the host system with respect to the logical storage unit.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434