DETAILED ACTION
 	Claims 1-20 are pending. This is in response to Applicant’s arguments filed on May 5, 2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant’s arguments with respect to claims 1, 8 and 16 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further search and consideration a new ground of rejection is presented below.
Objection to the specification is withdrawn in view of the amendment.
 	This action is Non-Final.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

 	Claims 1-5, 8-14 and 16-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. 20140256419 (hereinafter Laputz) 
 	Regarding claim 1, Laputz teaches a data storage device having a boot module connected to a front end bus (Figs. 1-2A-2C and par. [0029]-[0032] discloses a game machine with several components including the Mass storage device 26 (e.g. data storage device), the removable ROM chip 22 and the Writable Boot chip 24 (e.g. both are considered as boot module) and the Imbedded Controller 18. Furthermore, par. [0029] discloses the Bridge (e.g. front end bus) as the main connector where all the components connected to each other. Note that Laputz states “…a multi-tiered authentication technique starts with a first authentication program 30 stored on the removable ROM chip 22. The multi-tiered authentication technique involves utilizing the first authentication program 30 stored on the removable ROM chip 22 to verify the contents of the writable boot chip 24…One of the reasons that the writable boot chip 24 is utilized instead of simply storing the second authentication program 32 and the entire operating system 40 on the mass data storage device 26 is due to the difficulties and additional programming that would be required to enable the embedded controller 18 to access the mass data storage device 26. It is much simpler to program the embedded controller 18 and to design an associated mother board to allow the embedded controller 18 to read a memory chip, such as the writable boot chip 24 than it would be to enable the embedded controller 18 to access the data stored on the mass data storage device 26…”. Hence, Mass storage device with the Writable Boot chip is the data storage device having a boot module); and 
 	 Laputz further discloses a secure boot assembly connected to the front end bus, the secure boot assembly comprising a security module connected to the boot module to authenticate a trustworthiness of the data storage device while the data storage device is disconnected from any remote host (par. [0032] discloses the Embedded Controller 18 as the secure boot assembly to authenticate the Mass storage device in order to allow whether games(s) on the Mass storage device can be loaded)

 	Regarding claim 2, Laputz teaches the claim of 1, wherein the secure boot assembly comprises a printed circuit board (par. [0033] discloses Embedded Controller 18 having a chip which must be attached to a printed circuit board).

 	Regarding claim 3 , Laputz teaches the claim of 1, wherein the front end bus is positioned external to a housing of the data storage device (the Bridge is external to the Mass storage device).

 	Regarding claim 4, Laputz teaches the apparatus of claim 2, wherein the security module comprises hardware resident on the printed circuit board (see claim 2 rejection).  

 	Regarding claim 5, Laputz teaches the apparatus of claim 1, wherein a security circuit of the boot module conducts at least one test to verify the operation and trustworthiness of the data storage device (par. [0033] discloses “…It is therefore desirable to utilize the embedded controller 18 to verify as little data as possible before allowing the game controller 12 to boot up and continue verifying the remaining data that requires authentication at a much faster pace…”).                                                                                                                                                                                                       
 	Regarding claim 8, Laputz teaches a method comprising: connecting a data storage device to a secure boot assembly, the data storage device having a boot module, the secure boot assembly comprising a security module connected to the boot module; verifying a trustworthiness of the data storage device with the boot module, verifying a trustworthiness of the data storage device with the boot module without the data storage device connected to any network; authenticating security information provided to the boot module with the security module without the secure boot assembly connected to any network; and loading the security information in the data storage device to initialize and make available secure data access capabilities of the data storage device (see claims 1 and 5 rejections. Moreover, there is no network connection mentioned during booting; also, gaming data, to be loaded to on the game machine, on the Mass data storage considered as secure from being manipulated). 

 	Regarding claim 9, Laputz teaches the method of claim 8, wherein the trustworthiness of the data storage device is verified by the boot module in conjunction with a security module of the secure boot assembly (par. [0032]-[0033] discloses the interaction of the writable boot chip and the embedded controller 18 to authenticate and verify the Mass data storage for booting).  

 	Regarding claim 10, Offenberg teaches the method of claim 9, wherein the security module provides the boot module with security credentials to allow software and hardware initialization (par. [0035]-[0038] discloses authentication using keys to verify the authenticity of the operating system on the writable boot chip and each of the game packages in the Mass data storage).

 	Regarding claim 11, Laputz further teaches the method of claim 8, wherein the secure boot assembly is physically connected to the front end bus prior to initialization of the data storage device (see claim 1 rejection).

 	Regarding claim 12, Laputz teaches the method of claim 8, wherein one or more verification functions are executed by an authentication module of the secure boot assembly to ensure security information of the secure boot assembly is authentic and trustworthy (see claim 10 rejection for verifying the authenticity of the operating system on the writable boot chip).

 	Regarding claim 13, Laputz teaches the method of claim 12, wherein the one or more verification functions comprise a source and a destination for existing security information (the writable boot chip as the source and the Mass data storage as destination).

 	Regarding claim 14, Laputz teaches the method of claim 12, wherein the authentication module generates at least one algorithm to ensure no tampering of existing security information has occurred (par: [0034]-[0035] discloses “…The signature generation program 50 may include a single hash function 56, or may include multiple hash functions and have a predetermined technique for selecting one of several hash functions to utilize for a particular data set…”).  

 	Regarding claim 16, Laputz teaches a method comprising: initializing a data storage device with an unoccupied front end bus; execute an initial boot sequence with a boot module of the data storage device, the initial boot sequence providing less than all of the data storage capabilities possible with the data storage device in response to the unoccupied front end bus (Fig. 1 and par: [0030]-[0034] discloses the game machine with different data storage devices can be installed for different games. Hence, the Mass data storage can only be attached to an empty bus slot. Laputz also discloses “…the embedded controller to verify as little data as possible before allowing the game controller to boot up and continue verifying the remaining data that requires authentication at a much faster pace…”); 
 	connecting a secure boot assembly, the secure boot assembly comprising a security module connected to the boot module; verifying a trustworthiness of the data storage device with the boot module; the data storage device to be disconnected from any network, instead requires the storage device to be connected to the remote server;
authenticating security information provided to the boot module with the security module without the secure boot assembly connected to any network; loading the security information in the data storage device to initialize and make available secure data access capabilities of the data storage device (see claim 8 rejection) .

 	Regarding claims 17-18, Laputz teaches wherein the secure boot assembly is removed from the front end bus after the security information is loaded and wherein the data storage device retains secure data access capabilities after the secure boot assembly is removed (par. [0040] discloses the game machine components are connected and programmed such that the removable ROM chip may be removed without interfering with the operation of the game machine).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 	Claims 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Laputz in view of n view of 20190363894 (hereinafter Kuma) 
  	Regarding claim 6, Laputz does not teach identifying an attempted third-party attack. Kumar teaches this limitation (par: [0025]-[0032] provides for the trusted boot module to detect an attack). Laputz and Kumar are all considered to be analogous to the claimed invention because they are in the same field of ensuring security to computing devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Laputz to incorporate the teachings of Kumar and provide a boot module to identify an attack. Doing so would aid in having the device to be protected during the boot process from malicious third party attacks.

 	Regarding claim 7, Kumar further teaches boot module altering security information in response to the identified attack (par: [0025] provides for the boot module to take steps to block identified attacks). Laputz and Kumar are all considered to be analogous to the claimed invention because they are in the same field of ensuring security to computing devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Laputz to incorporate the teachings of Kumar and provide a boot module to identify an attack and taking steps in response to the identified attack. Doing so would aid in having the device to be protected during the boot process from malicious third party attacks.
 	
	Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Laputz in view of an official notice
 	Regarding claim 15, Laputz disclose using key pairs for signature validation but it is a known fact keys can become stale due to a valid period issued for a key. Hence, it is an official notice that Laputz could replacing keys to verify signatures to teach wherein the authentication module alters security information in response to the security information becoming stale.  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Laputz to incorporate updating keys. Doing so as an obvious variation to arrive at the claimed invention with reasonable expectation of success.

 	Claims 19 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Laputz in view of n view of PG Pub 20210374245 (Hereinafter Offenberg)
 	Regarding claim 19, Laputz does not teach wherein the boot module completes a boot sequence for non-sensitive portions of the data storage device prior to the secure boot assembly being connected to the front end bus. Offenberg teaches this feature (par: [0013] provide for the boot sequence for non-sensitive portions of the data storage device by the boot module prior to the secure boot assembly functions).  Laputz and Offenberg are all considered to be analogous to the claimed invention because they are in the same field of information handling system for storage device. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Laputz to incorporate the teachings of Offenberg. Doing so as an obvious variation to arrive at the claimed invention with reasonable expectation of success since the goal of Laputz is faster booting if not all data resides in the Mass storage device.

 	Regarding claim 20, Offenberg further teaches the method of claim 19, wherein the non-sensitive portions of the data storage device comprises non-administrative information and data (Offenberg: [0013] provide for non-sensitive portions of the data storage device comprising non-administrative information and data for example, testing of registers and other components, the loading of parameters and other control information etc.).  

Pertinent Art
 	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure Wilden et al. (U.S. 20170364683A1) teaches about a method for secure booting for computing device.

inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/TRI M TRAN/Primary Examiner, Art Unit 2432