Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Information Disclosure Statement
3.    The information disclosure statement (IDS) submitted on 06/17/2021, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
4.    Applicant’s Oath was filed on 06/17/2021.

Drawings
5.    Applicant’s drawings filed on 07/01/2021 has been inspected and is in compliance with MPEP 608.01.
Specification
6.    Applicant’s specification filed on 06/17/2021 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
7.    NO objections warranted at initial time of filing for patent.

Remarks
8.	Examiner request Applicant review relevant prior art under the conclusion of this office action.


Reasons for Allowance
9.	Claim 14 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Publication No. 20090327720 discloses on paragraph 0008 “According to a first aspect there is provided a method of using a mini filter driver to secure access to encrypted information stored on a removable storage device, the method comprising: receiving a request to read information from the removable storage device; ascertaining if the request originates from an authorized client; receiving encrypted information read from the removable storage device; decrypting the encrypted information in the event that the request originated from an authorized client; and conveying the decrypted information to the authorized client.” Paragraph 0010 “Ascertaining if the request originates from an authorized client may further comprise: requiring a client to send a registration request to the mini filter driver prior to that client sending a request to read information from the removable storage device; validating the registration request; optionally sending an acknowledgement to that client; and creating an entry for that client in an authorized client list.” Para 0028 “By virtue of this aspect, a management application executing in user mode is operable to receive information that has been decrypted by a mini filter executing in kernel mode.”

U.S. Publication No. 20150237025 discloses on paragraph 0011 “Embodiments of the disclosure store a key to an encrypted file in a kernel keyring of a kernel memory. An online infrastructure may provide services and/or servers to be accessed by one or more users. Such services and servers provided by an online infrastructure may be referred to as resources of the online infrastructure. Each user may be associated with permissions that define which services and servers a user is authorized to access. Such permissions may be referred to as authentication credentials. As a user accesses the services and servers of the online infrastructure, the user may be required to present authentication credentials to separate services and servers at different times. For example, the user may transmit authentication credentials to access a first service or server at a first time and later may be required to transmit authentication credentials again if the user is accessing a second service or server at a second time.

U.S. Publication No. 20100217970 discloses paragraph 0015 “In a first aspect of the present invention, a computer operating system comprises a kernel that is configured to encrypt and decrypt data transferred between a computer memory and a secondary device. Preferably, the computer operating system is based on the UNIX operating system. In one embodiment, the kernel comprises an encryption engine. The encryption engine is configured to encrypt clear data to generate cipher data, and to decrypt the cipher data to generate the clear data. In another embodiment, the computer operating system further comprises a memory portion coupled to the encryption engine and configured to store the cipher data. In another embodiment, the encryption engine is configured to encrypt clear data and decrypt cipher data according to a symmetric encryption algorithm, such as the Rijndael algorithm.” Paragraph 0019 “In a fifth aspect of the present invention, a method of accessing a file comprises authenticating a user, checking the user's permission to access the file, and encrypting the file using an encryption key. In one embodiment, encrypting the file comprises dividing the file into a plurality of file segments, each file segment having an associated file segment number, dividing each file segment into a plurality of corresponding file blocks, dividing the encryption key into a plurality of corresponding encryption key segments, permutating the corresponding encryption key segments using the associated file segment number and a first permutation function to produce a corresponding intermediate key, encrypting the corresponding file blocks using an encryption algorithm and the corresponding intermediate key to generate a corresponding first encrypted data, and permutating the corresponding first encrypted data using a second permutation function and the associated file number to generate corresponding final encrypted data. Reversing the steps can be used to decrypt data. In one embodiment, the encryption algorithm comprises the Rijndael algorithm. In another embodiment, the first permutation function differs from the second permutation function. Preferably, each file segment is at least 1024-bits long and the encryption key is at least 2048-bits long.”

U.S. Publication No. 20190028488 discloses on paragraph 0040 “In addition, when the network file server client driver is run by changing the configuration, if the program to request the file is not the previously designated program after downloading a list of programs which may be requested to the server from the server in advance, a client program module may return a message "You do not have an access authority" at a kernel level to program to request the file.”

U.S. Publication No. 20190205533 discloses on paragraph 0147 “In some examples, at block 802, processor 106 can provide, in the kernel mode 204, the validation request identifying a file to which access is requested. The file can be referenced, e.g., by data 206 of the event. The event can be, e.g., a normal open() of a file, or a request to access the file accompanied by a privilege or elevation request.”

U.S. Publication No. 20010005682 discloses on paragraph 0177 “Next, the control unit 104 selects one other communication device, for example, the communication device BO from the transmission destination list table for server (S58) to generate a transmission destination list table to be distributed which is obtained by replacing the communication device number, the communication address and the public key related to the selected communication device BO in the transmission destination list table for server by the communication device number, the communication address and the public key related to the own communication device AO in the own communication device information table (S60). Then, transmit the obtained transmission destination list table to the terminal device having the selected communication device BO inserted into the slot by using the communication device AO inserted into the slot 2a of the own device (S61). In this transmission, the communication address of the communication device BO is set as a transmission destination address. In addition, the transmission destination list table is encrypted by the public key of the communication device BO.”

The following is an Examiner’s Statement of Reasons for Allowance:
Claim 14 is allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above.

Although the prior art discloses protecting the computer using an encrypted input list holding predefined parameters, providing a device holding a digital security key, the digital security key configured for encrypting and decrypting data on the computer, the device configured for connection to the computer, installing an encrypted input list, kernel software driver and authenticating a file or folder based on encrypted user right parameter is authorized, no one or two references anticipates or obviously suggest; configuring a device so that it is not necessary for operation of a computer to which said device is connected and storing on the computer an encrypted security key. And including in a kernel software driver, programming code operable for implementing steps of using the digital security key to decrypt the encrypted security key deriving a decrypted security key and using the decrypted security key to encrypt a confirmatory predefined value to produce a confirmatory predefined encrypted value.
Thereafter, saving the confirmatory predefined encrypted value as metadata in a plurality of computer files stored in the non-transitory computer storage medium of the computer and defining as a non-authorized computer file, any computer file that lacks the confirmatory predefined encrypted value or has an invalid confirmatory predefined encrypted value.
Receiving at the kernel software driver each request received by the computer to access a computer file, reading the metadata of the computer file to determine a presence or absence of the confirmatory predefined encrypted value and when the confirmatory predefined encrypted value does not exist within the metadata, disallowing access to the computer file.
Thereafter,  when the confirmatory predefined encrypted value is found in the metadata, using the decrypted security key to decrypt the confirmatory predefined encrypted value and derive a confirmatory predefined decrypted value and using the kernel software driver to determine whether or not the confirmatory predefined decrypted value matches a known value.
Lastly, when the confirmatory predefined decrypted value matches the known value, then allowing access pursuant to each such request for access to the computer file and when the confirmatory predefined decrypted value does not match the known value, then disallowing access to the computer file. 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

 Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499