DETAILED ACTION

Claims 1-38 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 03/12/2021 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.
Claim Objections

Claim 21 is objected to because of the following informalities:  Period “.” is missing.  Appropriate correction is required.


	Double Patenting

The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1 and 29 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 30 of U.S. Patent No. 10,929,572.
           Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature and anticipated by US Patent No. 10,929,572. See the table below:

Instant Application
US Patent No. 10,929,572
1. A storage device comprising:
 a controller; 
a storage medium coupled to the controller; and 
a data security bridge comprising a security module and a key management module; 
wherein the security module is configured to perform data encryption and/or data decryption; and 
wherein the key management module is configured to obtain a first security key stored in the storage device, obtain a second security key received by the storage device, and perform a user authentication based on the first security key and the second security key.


























29. A method performed by a storage device, the method comprising: obtaining a first security key from a medium in the storage device; obtaining a second security key stored in an external device; performing a user authentication by a key management module in the storage device based on the first security key and the second security key; and retrieving encrypted data from a storage medium in the storage device based at least in part on a result of the act of performing the user authentication.
1. A storage device comprising: 
a controller; 
a storage medium coupled to the controller; and
 a data security bridge comprising a security module and a key management module; 
wherein the controller, the storage medium, and 
the data security bridge comprising the security module and the key management module are parts of the storage device; 
wherein the security module of the storage device is configured to perform both data encryption to obtain encrypted user data and also data decryption to obtain decrypted user data; 
wherein the key management module of the storage device is configured to obtain a first security key stored in the storage device, obtain a second security key transmitted from an external device outside the storage device to the storage device, and perform a user authentication based on the first security key and the second security key; wherein the key management module is configured to perform the user authentication in the storage device, and the security module is configured to perform the data encryption and the data decryption in the storage device, so that the user authentication, the data encryption, and data decryption all occur inside the storage device; and wherein key management module is configured to generate a signature based on the second security key transmitted from the external device, and to perform the user authentication by comparing the signature with the first security key in the storage device.
30. A method performed by a storage device, the method comprising: obtaining user data; performing data encryption to encrypt the user data to obtain encrypted user data; storing the encrypted user data in a storage medium in the storage device; obtaining a first security key from a medium in the storage device; obtaining a second security key transmitted from an external device; performing a user authentication by a key management module in the storage device based on the first security key and the second security key; retrieving the encrypted user data from the storage medium in the storage device based at least in part on a result of the act of performing the user authentication; and performing data decryption to decrypt the encrypted user data; wherein the user authentication, the data encryption, and the data decryption are all performed inside the storage device; and wherein the method further comprises generating, by the storage device, a signature based on the second security key transmitted from the external device, and wherein the user authentication is performed by comparing the signature with the first security key in the storage device


This is a nonstatutory double patenting rejection 

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-38 are rejected under 35 U.S.C. 103 as being unpatentable over Barlow et al. (US Patent No. 6,038,551) (Hereinafter Barlow) in view of Funahashi et al. (US Patent Application No. 2005/0182973) (Hereinafter Funahashi).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barlow and Funahashi. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). 

As per claim 1, Barlow discloses a storage device comprising: 
a controller (col 7, line 33); 
a storage medium coupled to the controller (fig 3, col 8, lines 25-31, storing keys); and 
a data security bridge comprising a security module (fig 3, col 8, lines 25-31, a cryptographic services module, storing keys) and 
a key management module (fig 3, col 8, lines 25-31, a cryptographic services module, storing keys); 
wherein the security module is configured to perform data encryption and/or data decryption (fig 3, col 8, lines 25-31, a cryptographic services module, i.e. encrypting, decrypting, signing, authenticating, storing keys); and
 	wherein the key management module is configured to obtain a first security key (security key is interpreted as passcode) stored in the storage device (col 15, line 65-col 16, line 5; user enters passcode and validated by the stored pass code to authenticate the user; however ic card receives keys and validate certificates, col 13, lines 60-63, keys stored on the IC card and associated with various applications such as authentication), obtain a second security key received by the storage device (col 15, line 65-col 16, line 5; user enters passcode and validated by the stored pass code to authenticate the user), and perform a user authentication based on the first security key and the second security key device (col 15, line 65-col 16, line 5; user enters passcode and validated by the stored pass code to authenticate the user). Barlow does not explicitly disclose comparing two keys. For example, Funahashi discloses the terminal device having: a security chip storing a first encryption key to be requested for at the time of executing a predetermined security process in the terminal device; the information storage device having: a storage area storing a second encryption key identical with the first encryption key (para 15,20). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barlow and Funahashi. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). 

As per claim 2, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses further comprising a first interface for communication with a station, and a second interface configured to allow communication between the data security bridge with the controller (fig 1 and 3, col 11, lines 24-34).

As per claim 3, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the first interface and the second interface are of a same type (fig 1 and 3, col 11, lines 24-34, micro controller).

As per claim 4, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the first interface and the second interface are of different types (fig 1 and 3, col 11, lines 24-34).

As per claim 5, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the second interface is an internal interface integrated with the controller (fig 1 and 3, col 11, lines 24-34, micro controller).

As per claim 6, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the key management module is configured to perform the user authentication based on the first security key and the second security key each time the storage device is boot up from shutdown mode (col 4, line 65- col 5, line 10, initializing the card).

As per claim 7, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the key management module is configured to perform the user authentication based on the first security key and the second security key each time the storage device is waken up from power saving mode  (col 4, line 65- col 5, line 10, initializing the card, Funahashi: para 20 and 63, each time authentication is required).

As per claim 8, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses further comprising a first interface and a second interface, wherein the security module is configured to receive data via the first interface, and perform data encryption on the received data to obtain encrypted data (fig 3, col 5, lines 1-10, The IC card itself provides the electronic vehicle for securely transporting the user's private keys and certificates without exposing them in plaintext form. The IC card is designed with enough processing capabilities to perform rudimentary cryptographic functions so that the private keys may be employed for signing, encryption, and decryption without ever being exported from the card); and 
wherein the second interface is configured to transmit the encrypted data to the controller (fig 3, col 5, lines 1-10, The IC card itself provides the electronic vehicle for securely transporting the user's private keys and certificates without exposing them in plaintext form. The IC card is designed with enough processing capabilities to perform rudimentary cryptographic functions so that the private keys may be employed for signing, encryption, and decryption without ever being exported from the card).

As per claim 9, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses further comprising a first interface and a second interface, wherein the controller is configured to retrieve encrypted data from the storage medium, and transmit the encrypted to the security module via the second interface (fig 3, Encryption, decryption, digital signing, and verification are therefore the principal cryptographic primitives that are used in an electronic network setting to facilitate the security, privacy, authenticity, and integrity of information being exchanged); and 
wherein the security module is configured to decrypt the encrypted data to obtain decrypted data, and transmit the decrypted data out of the storage device via the first interface (fig 3, Encryption, decryption, digital signing, and verification are therefore the principal cryptographic primitives that are used in an electronic network setting to facilitate the security, privacy, authenticity, and integrity of information being exchanged).

As per claim 10, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses further comprising a housing for accommodating the controller, the storage medium, and the data security bridge (fig 1 and 3, smart card).

As per claim 11, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein the key management module of the data security bridge comprises a medium configured to store the first security key (the terminal device having: a security chip storing a first encryption key to be requested for at the time of executing a predetermined security process in the terminal device; the information storage device having: a storage area storing a second encryption key identical with the first encryption key ; see para 15,20).

As per claim 12, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the controller, the security module, and the key management module are integrated in an integrated circuit (IC) chip (fig 3, Encryption, decryption, digital signing, and verification are therefore the principal cryptographic primitives that are used in an electronic network setting to facilitate the security, privacy, authenticity, and integrity of information being exchanged).

As per claim 13, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein the second security key is stored in a USB or a cell phone (fig 2, para 15, 29).

As per claim 14, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein storage device is configured to communicatively coupled with a bridge of a station via a connector, the connector comprising a SATA connector, a m.2 connector, a PCIe connector, an Ethernet connector, or a U.2 connector (fig 8).

As per claim 15, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses further comprising a wireless receiver (col 7, lines 61-62, wireless communication) , Funahashi discloses wherein the storage device is configured to obtain the second security key via the wireless receiver (the terminal device having: a security chip storing a first encryption key to be requested for at the time of executing a predetermined security process in the terminal device; the information storage device having: a storage area storing a second encryption key identical with the first encryption key ; see para 15,20).

As per claim 16, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein the data security bridge further comprises a random number generator (para 97).

As per claim 17, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the storage medium is configured to store encrypted data (fig 3, Encryption, decryption, digital signing, and verification are therefore the principal cryptographic primitives that are used in an electronic network setting to facilitate the security, privacy, authenticity, and integrity of information being exchanged).

As per claim 18, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the storage medium comprises a spinning disk (fig 1, computer storage media is disk).

As per claim 19, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the storage medium comprises HDD, or NAND flash (fig 3, EPROM).

As per claim 20, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses A station comprising the storage device of claim 1 (fig 1, computer).

As per claim 21, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the station is configured to obtain a user identification that is different from the second security key (col 15, line 65-col 16, line 5; user enters passcode and validated by the stored pass code to authenticate the user).

As per claim 22, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the user identification comprises a user password (col 15, line 65-col 16, line 5; user enters passcode and validated by the stored pass code to authenticate the user).

As per claim 23, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein the user identification comprises a finger print, a retina scan, or a voice signature (para 128, biometric).

As per claim 24, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein the station is configured to receive the second security key from an external device, and pass the second security key to the key management module in the storage device (the terminal device having: a security chip storing a first encryption key to be requested for at the time of executing a predetermined security process in the terminal device; the information storage device having: a storage area storing a second encryption key identical with the first encryption key ; see para 15,20)..

As per claim 25, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses wherein the external device comprises a USB (fig 11).

As per claim 26, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses wherein the external device comprises a cell phone (fig 5, telephone asset, wireless interface disclosed , however prior art will be provided if requested).

As per claim 27, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Funahashi discloses comprising: a device detector configured to detect the external device; a boot-up and/or wake-up controller configured to pause a boot-up and/or wake-up process in response to the device detector detecting the external device (fig 9, para 67); and a notification generator configured to notify a user to remove the external device (fig 9, para 68).

As per claim 28, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses Funahashi discloses wherein the boot-up and/or wake-up controller is configured to resume the boot-up and/or wake-up process in response to the user removing the external device (para 11, devices are plug and play, however, prior art will be provided if requested).

As per claim 29, claim is rejected for the same reasons and motivation  as claim 1, above. In addition, Barlow discloses retrieving encrypted data from a storage medium in the storage device based at least in part on a result of the act of performing the user authentication (fig 11 and 12, in case the application requests decryption of encrypted data. The application interface passes the encrypted data to the IC card and the IC card decrypts the encrypted data using a decryption key and returns decrypted data to the application interface, see claim 17).

As per claim 30, claim is rejected for the same reasons and motivation  as claims 1 and 29, above. In addition, Barlow discloses further comprising obtaining a user identification from a user, wherein the encrypted data is retrieved from the storage medium in the storage device if the user identification satisfies a criteria and if the user authentication succeeds (see fig 12, after signature is verified, the IC card decrypts the encrypted data using a decryption key and returns decrypted data to the application interface) .

As per claim 31, claim is rejected for the same reasons and motivation  as claims 29 and 23, above.

As per claim 32, claim is rejected for the same reasons and motivation  as claims 29 and 26, above.

As per claim 33, claim is rejected for the same reasons and motivation  as claims 29 and 15, above.

As per claim 34, claim is rejected for the same reasons and motivation  as claims 29 and 8, above.

As per claim 35, claim is rejected for the same reasons and motivation  as claims 1 and 29, above. In addition, Barlow discloses further comprising: transmitting the encrypted data to a security module in the storage device; decrypting the encrypted data by the security module to obtain decrypted data; and transmitting the decrypted data out of the storage device (fig 11 and 12, in case the application requests decryption of encrypted data. The application interface passes the encrypted data to the IC card and the IC card decrypts the encrypted data using a decryption key and returns decrypted data to the application interface, see claim 17).

As per claim 36, claim is rejected for the same reasons and motivation  as claims 1 and 29, above. In addition, Barlow discloses wherein the storage device is coupled to a station, and wherein the second security key is transmitted from the external device to the station, which passes the second security key to the storage device(col 15, line 65-col 16, line 5; user enters passcode and validated by the stored pass code to authenticate the user). Funahashi discloses the terminal device having: a security chip storing a first encryption key to be requested for at the time of executing a predetermined security process in the terminal device; the information storage device having: a storage area storing a second encryption key identical with the first encryption key (para 15,20).

As per claim 37, claim is rejected for the same reasons and motivation  as claims 29 and 27, above.

As per claim 38, claim is rejected for the same reasons and motivation  as claims 29 and 27, above.
	


Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493