Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-2, 4,5,8,12 and 14 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Lim (US20040044897).
	
Regarding Claim 1, Lim discloses A computer security system, comprising: (Paragraph [0007 lines 1-2])
an endpoint authentication interface configured to receive one or more user credentials; (Paragraph [0026 lines 1-14] Examiner Notation (E.N.) The fingerprint sensor acts as an authentication interface by scanning user’s biometric information such as fingerprint which can be used as user credentials)
an endpoint enrollment controller operatively connected to the endpoint authentication interface; (Paragraph [00027] E.N. The user must first enroll their finger point data into the embedded fingerprint biometrics processing unit which acts as an endpoint authentication interface)
and an endpoint access controller operatively connected to the endpoint enrollment controller and configured to enable or disable one or more data connections between a protected device and an endpoint terminal system. (Paragraph [0026 lines 2-10 and 0027 lines 1-3] E.N. The user must first enroll their fingerprint into the embedded fingerprint biometrics processing unit, the information is then stored in the biodata storage unit. The fingerprint is then processed and verified, if the verification is successful, information in the flash memory can be sent to the host computer. If the verification fails, the user is denied access to the data.)

Regarding Claim 2, Lim discloses the computer security system of Claim 1. Lim further discloses wherein the endpoint enrollment controller is programmed with instructions that receive the one or more user credentials from the endpoint authentication interface (Paragraph [0027] E.N. The user has to enroll their fingerprint into the processing unit which is then stored into the bio-storage unit.)
and send a signal to the endpoint access controller to cause the endpoint access controller to enable or disable the one or more data connections. (Paragraph [0026] E.N. The fingerprint biometrics processing unit verifies the user’s fingerprint. If the verification is successful the user is allowed access to the data.)

Regarding Claim 4, Lim discloses the computer security system of Claim 1. Lim further discloses wherein the protected device comprises a host computer, server, network link, or storage device. (Paragraph [0007 lines 1-2])

Regarding Claim 5, Lim discloses the computer security system of Claim 4. Lim further discloses wherein the protected device is not connected to an external system outside of a secured computing system that includes the-3-150524024.1Application No.: Not Yet KnownDocket No.: 133449-8001.US01 Preliminary Amendment under 37 CFR 1.115protected device, (Paragraph [0002] E.N. A data storage device containing biometric technologies to ensure that the information within the device is secured (making it a protected device) is used as a portable hard disk. To ensure that the information within the device is not accessed by users in an external system outside of a secured computing system, only the users with authorized fingerprints can activate the function of the storage device.)
and wherein the endpoint access controller is not connected to an external system outside of the secured computing system. (Paragraph [0029] E.N. The fingerprint of the user is scanned and verified by the device (which acts as the endpoint access controller by verifying the user’s identity) and a data encryption scheme is used for safe keeping the data within a biometric parameter protected computer serial bus interface portable data storage device (making it a secured computing system as only user’s with authorized fingerprints can activate the function of the storage device (See Paragraph [0002] for more information)).

Regarding Claim 8, Lim discloses the computer security system of Claim 1. Lim further discloses wherein the endpoint enrollment controller comprises a computer with an operating system and programmed with instructions that receive user enrollment credentials and determine whether a user is authenticated to access the protected device. (Paragraph [0011 and 0031] E.N. The data from the embedded fingerprint processing unit (See Paragraph [0026 lines 1-5]) is accessible by a micro-controller and the data processing unit which in turn can verify the user’s fingerprints.)

Regarding Claim 12, Lim discloses the computer security system of Claim 1. Lim further discloses wherein a hub device configured to interconnect one or more of the endpoint enrollment controller, the endpoint access controller, and the endpoint authentication interface. (Paragraph [0025] E.N. A portable data storage device can be considered as a hub device due to the device comprising a fingerprint sensor which can be considered an enrollment controller as it is enrolling a user’s fingerprints. The access control decision unit which acts as the endpoint access controller is connected to the fingerprint biometric processing unit which in turn acts as an authentication interface due to the processing unit verifying the user.)

Regarding Claim 14, Lim discloses the computer security system of Claim 1. Lim further discloses wherein an interface interrogator device operatively connected to the endpoint access controller, the interface interrogator device including a controller programmed with instructions that, when executed, determine if a user interface device is authorized to connect with the protected device, and in response to determining if the user interface device is authorized to connect with the protected device, enabling or disabling communication between the user interface device and the protected device. (Paragraph [0026] E.N. Fingerprint is collected from the user and is sent to a processing unit to verify. If the verification is unsuccessful, the user will be denied access to the data in the protected device (disk).)

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim(s) 3 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lim (US20040044897) in view of Linetsky (US20050138433).

	Regarding Claim 3, Lim discloses the computer security system of Claim 1. Lim does not, but in related art, Linetsky teaches: wherein the one or more data connections comprise connections between the protected device and a keyboard, a mouse, or a monitor. (Paragraph [0017] E.N. A method for protecting a computer device against security breaches of peripheral devices which can include a keyboard, mouse, monitor etc.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Lim to incorporate Linetsky because Lim fails to explicitly teach connections between a protected device and a peripheral device which is taught by Linetsky. Incorporating the teachings of Linetsky to Lim allows for the security system to protect against potential security breaches regarding peripheral devices. 

Regarding Claim 15, Lim discloses the computer security system of Claim 14. Lim does not, but in related art, Linetsky teaches: wherein when the user interface device comprises a mass storage device, the interface interrogator device is configured to prevent or disable communication between the mass storage device and the protected device. (Paragraph [0051] E.N. Untrusted peripheral devices that are attached to the host device remain blocked until an authorized party activates/reactivates the peripheral device and allows the connection. Peripheral device can include USB storage (See Paragraph [0013 lines 7-9]) which is flash memory and is considered a mass storage device (See Paragraph [0036 lines 1-2])). 
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Lim to incorporate Linetsky because Lim fails to explicitly teach disabling communication between a mass storage and a protected device which is taught by Linetsky. Incorporating the teachings of Linetsky to Lim allows for the security system to not allow mass storage device from having access to a protected device without any authorization.)

Claim(s) 6,11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lim (US20040044897) in view of Miliefsky (US20140143864).

Regarding Claim 6, Lim discloses the computer security system of Claim 1. Lim does not, but in related art, Miliesky teaches: wherein the endpoint access controller comprises a manual button configured to enable or disable the one or more data connections. (Paragraph [0025 lines 1-6] E.N. If there is any sort of data leakage, the user is able to manually turn off a specific port to block detected leakage, eavesdropping or any sort of spyware software.)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Lim to incorporate Miliesky because Lim fails to explicitly teach a manual button to disable connections which is taught by Miliesky. Incorporating the teaching of Miliesky to Lim allows for the security system to have a manual switch to turn off connection in an event of a data leakage or any security problems. 

Regarding Claim 11, Lim discloses the computer security system of Claim 1. Lim does not, but in related art, Miliesky teaches: a kill button configured to generate and transmit a signal to the endpoint enrollment controller to instruct the endpoint enrollment controller to further instruct the endpoint access controller to disable the one or more data connections. (Paragraph [0025] E.N. During an event such as data leakage, the user (who acts as an enrollment controller having control of the manual turn off button which in hand acts as an access controller) has the ability to monitor status of available hardware devices/data traffic across each hardware device interface and turn off specific hardware device via a turn-off switch for a specific hardware device or the ability to use the turn-all-off switch upon detecting unauthorized changes.)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Lim to incorporate Miliesky because Lim fails to explicitly teach a kill button to disable connections which is taught by Miliesky. Incorporating the teaching of Miliesky to Lim allows for the security system to have a manual switch to turn off connection in an event of a data leakage or any security problems. 

Regarding Claim 13, Lim discloses the computer security system of Claim 1. Lim does not, but in related art, Miliesky teaches: wherein one or more additional endpoint access controllers configured to enable or disable one or more additional data connections between the protected device and one or more additional endpoint terminal systems. (Paragraph [0023 lines 3-10] E.N. When a user tries to install an application, the Snoopwall application (See Paragraph [0012] for more detail regarding the Snoopwall application) reviews the download and is able to find that the application is asking to access certain ports such as USB, Bluetooth, webcam etc. The Snoopwall application (which is acting as an endpoint access controller) informs the user and asks if they want to either block access to the ports from the installed application or allow it.)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Lim to incorporate Miliesky because Lim fails to explicitly teach an access controller configured to enable/disable connections which is taught by Miliesky. Incorporating the teachings of Miliesky to Lim allows for a security system to check the user before allowing applications access to certain ports such as USB, Bluetooth etc. 

Claim 9 rejected under 35 U.S.C. 103 as being unpatentable over Lim (US20040044897) in view of Litichever (US20200320023).

Regarding Claim 9, Lim discloses the computer security system of Claim 1. Lim does not, but in related art, Litichever teaches: wherein the endpoint authentication interface comprises a keypad, a card reader, or a radio-frequency identification device. (Paragraph [0218] E.N. A smart card reader (which can be considered an endpoint authentication interface due to the ability to allow or deny access) is connected to the host port and has the ability to authenticate devices before they are coupled/connected to the host device.)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Lim to incorporate Litichever because Lim fails to explicitly teach an endpoint authentication interface which is taught by Litichever. Incorporating the teachings of Litichever to Lim allows for the computer system to use smart card readers for endpoint authentication. 

Claim 16 and 18,19 and 21 rejected under 35 U.S.C. 103 as being unpatentable over Linetsky (US20050138433) in view of Bacastow (US8566924B2) and in further view of Hong (US20060031624).
	
Regarding Claim 16, Linetsky discloses an interrogator device comprising: a plurality of connectors, wherein at least one first connector is configured to engage with a host port of a computing device, and wherein at least one second connector is configured to engage with a slave device; (Paragraph [0028] E.N. A parallel port is used to connect printers to a personal computer. The use of parallel port between a printer and computer makes the computer a master device and the printer a slave device as the printer is operating under the command of the computer.)
and a control chip connected to the interrogation chip, the control chip further being connected to the at least one first connector and programmed with instructions that enable or disable a connection between the slave device and the host port of the computing device. (Paragraph [0052] E.N. After a peripheral device (such as a USB storage device (See Paragraph [0013 lines 7-9]) which incorporates a master/slave technology, as it operates under the control of a host computer) is attached to the host device, authentication is required. The authentication process is completed by an appropriate user/entity (who acts as an interrogation chip by determining if the connected device is authorized). Once the device is authorized, the security module (which acts as a control chip due to its ability to allow/deny connections between the host and connected device) receives the authentication information from the user/entity, and allowing for the connected peripheral device to communicate with the host device.)

Linetsky does not but in related art, Bacastow teaches: an interrogation chip connected to the second connector and configured to receive data from the slave device; (Figure 3, E.N. The USB (which is a slave device as it operates under the control of its host/master device.) uses its first connecter (male USB connector) to connect to the laptop’s second connector (female USB port) and the laptop (which relates to an interrogation chip as the processing power inside laptop is used to determine if the connection to receive data between the laptop and USB device is valid and authorized) is then configured to be able to receive data from the USB.)
Therefore, it would be obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Linetsky to incorporated the teachings of Bacastow because Linetsky already discloses connecting a slave device to a host device and having the ability to enable/disable a connection between the host and slave device while failing to explicitly teach receiving data and information regarding the slave device which is taught by Bascastow. Incorporating the teachings of Bacastow to Linetsky allows for the ability to find information regarding the slave device which in turn can be used to either allow or deny connection to the host device. 

Linesky and Bacastow do not but in related art, Hong teaches: wherein the data from the slave device comprises a slave device type, a slave device manufacturer, or a slave device product identification number. (Paragraph [0010] E.N. The host device collects information from each slave device that is connected to the host. Information such as device type, model name, manufacturer’s name etc. is collected and stored (See Paragraph [0011] regarding storing the collected data))
Therefore, it would be obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Linetsky in view of Bacastow to incorporated the teachings of Hong because Linetsky and Bacastow already discloses connecting a slave device to a host device and having the ability to enable/disable a connection between the host and slave device as well as obtaining data from the slave device while both failing to explicitly disclose slave device type or manufacturer which is taught by Hong. Incorporating the teachings of Hong to Linetsky and Bacastow allows for the system to gain specific information regarding the slave devices and determine the best course of action by either allowing or denying connection to the host device. 

Regarding Claim 18, Linetsky in view of Bacastow disclose the interface interrogator device of claim 16. Linetsky further discloses wherein the control chip or the interrogation chip is programmed with instructions that, when executed, analyze the data from the slave device, determine whether the slave device is an authorized device, and, depending on the determination of whether the slave device is an authorized device, enable or disable the connection. (Paragraph [0055] E.N. The input filter is able to collect all peripheral device input such as keystrokes (a keyboard is a slave device as it uses USB technology which in turn uses master/slave technology with the host device acting as the master and the connected device such as a keyboard acting as a slave) and the user/administrator is able to authenticate the device and either block or unblock the peripheral device and allow its input to pass onto the computer.) 

Regarding Claim 19, Linetsky in view of Bacastow disclose the interface interrogator device of claim 16. Linetsky further discloses wherein the connection is disabled when the slave device type indicates a mass storage device. (Paragraph [0051] E.N. Untrusted peripheral devices that are attached to the host device remain blocked until an authorized party activates/reactivates the peripheral device and allows the connection. Peripheral device can include USB storage (See Paragraph [0013 lines 7-9]) which is flash memory and is considered a mass storage device (See Paragraph [0036 lines 1-2])).

Regarding Claim 21, Linetsky in view of Bacastow disclose the method of claim 20. Linetsky and Bacastow do not but in related art, Hong teaches: wherein the data includes a slave device type, a slave device manufacturer, or a slave device product identification number. (Paragraph [0010] E.N. The host device collects information from each slave device that is connected to the host. Information such as device type, model name, manufacturer’s name etc. is collected and stored (See Paragraph [0011] regarding storing the collected data))
Therefore, it would be obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Linetsky to incorporated the teachings of Bacastow because Linetsky fails to explicitly disclose slave device type data which is taught by Bacastow. Incorporating the teachings of Bacastow to Linetsky allows for the method to find information regarding the slave device to come in conclusion on allowing/denying access to the host device.

Claims 20 and 22 rejected under 35 U.S.C. 103 as being unpatentable over Linetsky (US20050138433) in view of Bacastow (US8566924B2).

Regarding Claim 20, Linetsky discloses determining, based on the data that identifies the slave device, whether the slave device is an authorized device; (Paragraph [0018 lines 1-3] When a device (such as a USB device which is a slave device as it operates under the command of the host/master device) is attached to the computer, the agent module determines if the device is authorized and is allowed to communicate with the host device.)
if the slave device is an authorized device, sending an approval signal from the interrogation chip to a control chip; -6-150524024.1Preliminary Amendment under 37 CFR 1.115using the control chip, establishing a connection between the host computer and the slave device based on the approval signal. (Paragraph [0052] E.N. The security system alerts the user when a device is attached to the host device. In order to establish connection between the attached device and the host computer, the security system prompts the user for a device-specific password, if the password is correct the security module (which acts as a control chip by having the ability to establish/deny connections) may unlock the device and reactivate the data stream for the peripheral device.)
	Linetsky does not, but in related art, Bacastow teaches: A method of controlling connections between a host computer and a slave device, the method comprising: identifying a slave device using an interrogation chip, wherein identifying the slave device comprises receiving, in the interrogation chip, data that identifies the slave device; (Figure 1 Element 3, E.N. When a new USB connection is detected, the device type is identified by the host computer (acting as the interrogation chip) before making any decisions regarding the connected device.)
	Therefore, it would be obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Linetsky to incorporated the teachings of Bacastow because Linetsky already discloses determining if a slave device is an authorized device and allow access if the slave device is an authorized access while failing to explicitly teach identifying the slave device which is taught by Bacastow. Incorporating the teachings of Bacastow to Linetsky allows for determining if the slave device should have access based on the information regarding the slave device. 

Regarding Claim 22, Linetsky in view of Bacastow disclose the method of claim 20. Linetsky further discloses further comprising monitoring the connection, wherein if the slave device is removed or modified, disabling the connection and re-determining whether the slave device is an authorized device before re-enabling the connection. (Paragraph [0019] E.N. A password is supplied to peripheral devices. Upon a detachment and reattachment to the host device, the communication between the peripheral and host device remains blocked until the password is supplied to once again authorize the device and re-enable the connection.)

Claim 23 rejected under 35 U.S.C. 103 as being unpatentable over Linetsky (US20050138433) in view of Bacastow (US8566924B2) and in further view of Thornton (US20050172134).

Regarding Claim 23, Linetsky in view of Bacastow disclose the method of claim 20. Linetsky and Bacastow do not, but in related art, Thornton teaches: enabling a learning mode with the interrogation chip in which data identifying the slave device is stored in a memory. (Paragraph [0016] E.N. In order to identify the peripheral device, the processor asks for identification of the peripheral device, which is then used to compare with prior knowledge of the peripheral device to make a conclusion regarding the peripheral device.)
Therefore, it would be obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to have modified Linetsky in view of Bacastow to incorporated the teachings of Thornton because Linetsky and Bacastow fails to explicitly disclose data identifying the slave device is stored in a memory which is taught by Thornton. Incorporating the teachings of Thornton to Linetsky and Bacastow allows for the method to use prior knowledge to either allow/deny access to the host computer. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AAYUSH ARYAL whose telephone number is (571)272-2838. The examiner can normally be reached 8:00 a.m. - 5:30 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AAYUSH ARYAL/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435