Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 6/5/2020. Claims 1, 6 and 17 are independents. Claims 1-20 are currently pending.

Claim Rejections -35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 5-7 and 17 are rejected under 35 U.S.C. 102(a)(2) as being clearly anticipated by Smith et al. (US 20180004953 A1), hereinafter Smith.

	Regarding claim 1, Smith teaches [a]n apparatus comprising:
	a network controller connected to a data storage device and a remote host (FIG. 4 and para. 0037, FIG. 4 illustrates a system 400 [remove host] with a security zone 450 for an industrial control system in accordance with some embodiments. The system 400 includes a CPU 410 and a Platform Controller Hub (“PCH”) 420 (outside of the security zone 450). The security zone may include a “keep out zone barrier,” such as a 0.1inch barrier. Within, the security zone 450, a TPM 460, Solid State Drive (“SSD”) 470 [data storage device], and FPGA 480 may be protected); and
	an attack module connected to the network controller and comprising a module controller to generate and execute an attack mitigation strategy involving periodic queries of the data storage device to identify a powered move attack on the data storage device (para. 0037 and 0038, review and evaluate the hardware and firmware architecture of the ICS components, to facilitate an understanding of the security threats, capabilities and features of the components used in implementing the ICS component. This may include reviewing the processor architecture(s) and other hardware components used in the design, identification of security critical components in the design and articulating the threats and associated mitigation strategies
identified for the system; 0075, removing the storage device from a system and installing and accessing the information from their own computing systems with the intent of compromising the system).

Regarding claim 5, Smith teaches all of the limitations of claim 1 as described above. Smith further teaches wherein the network controller is connected to the data storage device via a secure data pathway (para. 0057, using TPM).

Regarding claim 6, Smith teaches [a] method comprising:
	connecting a network controller to a data storage device and a remote host (FIG. 4 and para. 0037, FIG. 4 illustrates a system 400 [remove host] with a security zone 450 for an industrial control system in accordance with some embodiments. The system 400 includes a CPU 410 and a Platform Controller Hub (“PCH”) 420 (outside of the security zone 450). The security zone may include a “keep out zone barrier,” such as a 0.1inch barrier. Within, the security zone 450, a TPM 460, Solid State Drive (“SSD”) 470 [data storage device], and FPGA 480 may be protected);
	generating an attack mitigation strategy with an attack module connected to the network controller in response to detected data storage conditions in the data storage device (para. 0037 and 0038, review and evaluate the hardware and firmware architecture of the ICS components, to facilitate an understanding of the security threats, capabilities and features of the components used in implementing the ICS component. This may include reviewing the processor architecture(s) and other hardware components used in the design, identification of security critical components in the design and articulating the threats and associated mitigation strategies
identified for the system; 0075, removing the storage device from a system and installing and accessing the information from their own computing systems with the intent of compromising the system);
	executing the attack mitigation strategy with the attack module by sending separate first and second security queries to the data storage device over time ; and identifying a powered move attack with the second security query (para. 0037 and 0038, review and evaluate the hardware and firmware architecture of the ICS components, to facilitate an understanding of the security threats, capabilities and features of the components used in implementing the ICS component. This may include reviewing the processor architecture(s) and other hardware components used in the design, identification [second query] of security critical components in the design and articulating the threats and associated mitigation strategies identified for the system; 0075, removing the storage device from a system and installing and accessing the information from their own computing systems with the intent of compromising the system; The first query is the checking when the system booted. The system checks each component is properly initialized, including the storage device).

Regarding claim 7, Smith teaches all of the limitations of claim 6 as described above. Smith further teaches wherein the first security query is different than the second security query (para. 0037 and 0038, review and evaluate the hardware and firmware architecture of the ICS components, to facilitate an understanding of the security threats, capabilities and features of the components used in implementing the ICS component. This may include reviewing the processor architecture(s) and other hardware components used in the design, identification [second query] of security critical components in the design and articulating the threats and associated mitigation strategies identified for the system; 0075, removing the storage device from a system and installing and accessing the information from their own computing systems with the intent of compromising the system; The first query is the checking when the system booted. The system checks each component is properly initialized, including the storage device).

Regarding claim 17,  Smith teaches [a] method comprising:
	connecting a network controller to a data storage device and a remote host (FIG. 4 and para. 0037, FIG. 4 illustrates a system 400 [remove host] with a security zone 450 for an industrial control system in accordance with some embodiments. The system 400 includes a CPU 410 and a Platform Controller Hub (“PCH”) 420 (outside of the security zone 450). The security zone may include a “keep out zone barrier,” such as a 0.1inch barrier. Within, the security zone 450, a TPM 460, Solid State Drive (“SSD”) 470 [data storage device], and FPGA 480 may be protected);
	generating an attack mitigation strategy with an attack module connected to the network controller in response to predicted data storage (para. 0043 and 0044, check physical address [predicated data storage] to find out if something indicating tampering with the system) conditions in the data storage device (para. 0037 and 0038, review and evaluate the hardware and firmware architecture of the ICS components, to facilitate an understanding of the security threats, capabilities and features of the components used in implementing the ICS component. This may include reviewing the processor architecture(s) and other hardware components used in the design, identification of security critical components in the design and articulating the threats and associated mitigation strategies
identified for the system; 0075, removing the storage device from a system and installing and accessing the information from their own computing systems with the intent of compromising the system);
	executing the attack mitigation strategy with the attack module by sending separate first and second security queries to the data storage device over time; and identifying a powered move attack with the second security query (para. 0037 and 0038, review and evaluate the hardware and firmware architecture of the ICS components, to facilitate an understanding of the security threats, capabilities and features of the components used in implementing the ICS component. This may include reviewing the processor architecture(s) and other hardware components used in the design, identification [second query] of security critical components in the design and articulating the threats and associated mitigation strategies identified for the system; 0075, removing the storage device from a system and installing and accessing the information from their own computing systems with the intent of compromising the system; The first query is the checking when the system booted. The system checks each component is properly initialized, including the storage device).

Claim Rejections -35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Smith, as applied in the claims above, further in view of Baryudin et al. (JP 6049716 B2), hereinafter Baryudin.

Regarding claim 4, Smith teaches all of the limitations of claim 1 as described above. 
 	Smith does not explicitly disclose wherein the data storage device is a self-encrypting device. However, in an analogous art, Baryudin teaches wherein the data storage device is a self-encrypting device (p.4/20, the self-encrypting storage device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Smith and Baryudin because it provides more security to the storage device and prevent valuable data from being lost or hijacked (p.2/20).

Claim Objection
	Claims 2, 3, 8-16 and 18-20 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the
limitations of the base claims and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday -Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/Examiner, Art Unit 2437 



/MATTHEW SMITHERS/Primary Examiner, Art Unit 2437