DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendments filed on June 24, 2022.
Claims 1, 15, 18-20 have been amended.
Claims 1-20 are pending.

Response to Arguments
The objection regarding Claim 20 has been withdrawn as the claim has been amended. 
The rejections regarding 35 U.S.C. 102 and 103 for Claims 1-20 have been withdrawn as the claims have been amended. 
Applicant’s arguments with respect to Claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 9 are rejected under 35 U.S.C. 103 as being unpatentable over Yacobi (U.S. Pub. No. 2012/0144210 A1) hereinafter referred to as “Yacobi”, and further in view of Au et al. (U.S. Patent  No. 8,543,838 B1) hereinafter referred to as “Au”.
Regarding Claim 1:
	Yacobi discloses the following limitations:
	A method comprising: detecting a coupling of a peripheral device to a hardware interface of a user equipment (Par. [0035], the data-store component (of a peripheral device) allocates storage space for data objects on behalf of owners who contract with the data-store component (detecting a coupling) for storage of data objects that can be accessed by reader users and writer users (to a hardware interface of a user equipment)). Reference Yacobi is directed towards an attribute-based encrypted data storage system in which users store encrypted data in the data-store components. Yacobi discloses that this data-store component may be a computational device (Par. [0035], the data
store component may alternatively be a single server, a special-purpose computational device), and that computational devices include peripherals (Par. [0034], peripheral microprocessors). Regarding the phrase “detecting a coupling”, as the system of Yacobi is directed towards storage of data, it is necessarily inherent for the user equipment to be able to detect the connection with the peripheral in order to store data, and is indicated as such when Yacobi discloses users contracting with the data-store component.
	detecting(Par. [0068], FIG. 9G provides a control-flow diagram for an interaction between a writer and the data store. In this interaction, the writer requests a data object from the data store for writing (detecting a request from the user equipment to write data to the peripheral device), carries out a WRITE operation, and returns the newly written data object to the data store). Figure 9G of Yacobi shows a write request in the system of Yacobi.
	selecting(Par. [0068], the writer obtains the freshest attribute-associated secret keys from the PBB, when necessary, in step 994 and decrypts the write payload key (selecting a first encryption scheme) using the attribute-associated secret keys to satisfy the write policy (based at least in part on the data to be written to the peripheral device)). The system of Yacobi is directed towards attribute-based encryption in which data objects which are grouped by class have different access policies (Par. [0065],  In general, data objects within the data store are aggregated together into classes, access to each data object in a class of data objects controlled by common read and write policies for the class. In addition, each class of data objects is generally associated with a set of payload-encryption keys, a payload-key encryption method, and data-payload encryption methods). Therefore, when Yacobi discloses the writer obtaining the write payload key, this corresponds to selecting an encryption scheme, i.e. the write payload key is used to encrypt the data, based at least in part on the data, i.e. the class which it belongs to since the write payload key is different for each class for access control (Par. [0065], the owner assigns payload keys to each class). 
	encrypting(Par. [0068], in step 996, the writer
encrypts data to be written to the data object, using the write payload key). As argued above, the system of Yacobi then encrypts the data using the write payload key.
	and after encrypting the data, writing(Par. [0068], and transmits the encrypted data and signature to the data store. In step 997, the data store stores the encrypted data (and after encrypting the data, writing the data to the peripheral device)). Data is transmitted and stored in the data store of Yacobi, i.e. write data, after encryption.
	(taught by Au below)

	Au discloses the following limitations not taught by Yacobi:
	by an encryption/decryption component (Col. 2, lines 27 – 38, a cryptographic module with a secure processor). Au teaches a cryptographic module for performing encryption. In combination with the attribute-based encryption taught by Yacobi, this teaches the claimed limitation.
	wherein the encryption/decryption component is a hardware component associated with the user equipment that stores at least the first encryption scheme and that keeps the first encryption scheme inaccessible to at least one other component of the user equipment (Col 2, lines 62-67, Col. 2, lines 27 – 38, cryptographic keys and other data stored in the secure memory cannot be accessed from outside the cryptographic module). Au further teaches that the cryptographic module has a secure memory which stores encryption keys, i.e. encryption schemes when combined with Yacobi, and that this secure memory cannot be accessed by other components outside the module, such as the host processor. 

	Yacobi does not teach a hardware encryption/decryption component which prevents access to the encryption scheme from other components. Au however teaches a cryptographic module which isolates itself from the rest of the system, and further teaches that this isolation provides extra security by preventing access by thieves (Col. 1, lines 31—37, Col. 5, lines 52-56, thereby acting as a gate to control authorized access and usage of those engines).
	Yacobi and Au are considered to be analogous art because they relate to data encryption methods. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the  attribute based encryption scheme of Yacobi with the cryptographic module of Au in order to gain the benefit of additional security from isolation of components.


Regarding Claim 2:
	Yacobi/Au discloses Claim 1.
	Yacobi further discloses the following limitation:
	wherein selecting the first encryption scheme is based at least in part on data associated with an active user associated of the user equipment or a status of the user equipment (Par. [0068], when the descriptor is verified and the writer possesses sufficient attributes (data associated with an active user associated of the user equipment) to write to the data object). The system of Yacobi is directed to attribute-based encryption, in which the writer must have matching attributes to perform a write operation. As a result, the choice of encryption in encrypting the data, i.e. the payload key specific to the access class of data, is also based on the user’s attributes, i.e. data associated with the active user. Under the broadest reasonable interpretation, this fulfills the condition of the claim since it recites fulfilling at least one of the options listed through the use of the word “or”.  

Regarding Claim 3:
	Yacobi/Au discloses Claim 1.
	Yacobi further discloses the following limitation:
	further comprising receiving, at the hardware interface via a communication channel, the first encryption scheme from a remote system (Par. [0068], in step 989, the data store (from a remote system) receives the request and, in response to the request, finds and returns (further comprising receiving, at the hardware interface via a communication channel) an objectHandle and data object descriptor (the first encryption scheme) to the writer in step 990). The data store of Yacobi as disclosed may comprise a remote system in addition to the peripheral (Par. [0035], A data-store component 102 may consist of one or more computer systems … the data store component may alternatively be a much larger distributed system of networked computers). That is, the user logs in to the data store and requests a data object descriptor, which includes the payload key necessary for encryption (Par. [0058], the descriptor includes clear-text read and write policies 808-809, an
encrypted read payload key 810, an encrypted write payload key 812), so it is understood that while the system of Yacobi can describe a peripheral as claimed, Yacobi also discloses the ability to retrieve the encryption scheme from a remote system. 

Regarding Claim 4:
	Yacobi/Au discloses Claim 1.
	Yacobi further discloses the following limitations:
	further comprising: detecting a request from the user equipment to read second data from the peripheral device (Par. [0069], FIG.9H provides a control-flow diagram of an interaction between a reader and the data store similar to the writer/data-store interaction for which a control-flow diagram is provided in FIG.9G. In the interaction illustrated in FIG. 9H, the reader accesses a data object from the data store for read access (further comprising: detecting a request from the user equipment to read second data from the peripheral device)). Yacobi discloses a similar process for read access in Figure 9H. As such, the claim limitations are analogously met by the write process disclosed previously, and these aspects are shown here. 
	decrypting the second data using the first encryption scheme (Figure 9H, decrypt data payload using decrypted read payload key). As analogously taught in the write operation process, reading the data involves selecting the appropriate decryption scheme according to the object class, i.e. the read payload key specifies a decryption scheme, and then decrypts the data after receiving the read payload key.
	and providing the second data to the user equipment (Par. [0069], the reader accesses a data object from the data store for read access). As the data is now decrypted and the end goal of the process is that the reader accesses the data object for reading, this comprises the user equipment being provided the decrypted data.

Regarding Claim 9:
	Yacobi/Au discloses Claim 1.
	Yacobi further discloses the following limitations:
	further comprising: detecting a second request from the user equipment to write second data to the peripheral device (Fig. 20, 2008, class 1 w policy, class 2 w policy). In Fig. 20 of Yacobi, two separate write policies are mapped to the same node in the Hasse diagram for key derivation. This means that a user possessing attributes corresponding to that node has access to two separate write policies (Par. [0172], each access policy is a disjunction of attribute conjunctions, each attribute conjunction mapping to a particular HD node). As such, having a second write policy inherently means that the same user equipment may make a second request from the user equipment to write second data with a different access policy. As argued previously in Claim 1, this constitutes detecting a request according to Fig. 9G. 
	selecting a second encryption scheme based at least in part on the second data to be written to the peripheral device (Par. [0065], In step 959, the owner assigns payload keys to each class. In step 960 the owner determines payload-key encryption and payload-encryption methods for the class (selecting a second encryption scheme based at least in part on the second data to be written to the peripheral device)). As argued in the previous limitation, the method of writing the second data was considered to be inherent from the fact that Yacobi discloses a user having access to a second write policy. The system of Yacobi is directed to an attribute-based encryption system in which data objects of different classes have different access policies, and therefore different encryption schemes. Therefore, the second write policy as argued previously corresponds to a second encryption scheme, and this is considered to be selected based on the data as argued previously in Claim 1 (Par. [0068]).
	the second encryption scheme different than the first encryption scheme (Fig. 20, 2008, class 1 w policy, class 2 w policy). As argued in the previous limitations, the system of Yacobi shows the same user having access to different write policies corresponding to different classes, and these write policies correspond to different encryption schemes.
	encrypting the second data using the second encryption scheme (Par. [0068], in step 996, the writer encrypts data to be written to the data object, using the write payload key). As argued previously in Claim 1, the system of Yacobi then encrypts the data using the write payload key.
	and after encrypting the second data, writing the second data to the peripheral device (Par. [0068], and transmits the encrypted data and signature to the data store. In step 997, the data store stores the encrypted data (and after encrypting the second data, writing the second data to the peripheral device )). As argued previously in Claim 1, data is transmitted and stored in the data store of Yacobi, i.e. write data, after encryption.
 
Claims 5, 6, 10, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Yacobi/Au, and further in view of Stufflebeam JR. et al. (U.S. Pub. No. 2011/0225428 A1) hereinafter referred to as “Stufflebeam”.
Regarding Claim 5:
	Yacobi/Au discloses Claim 1.
	Stufflebeam discloses the following limitation not taught by Yacobi/Au:
	wherein the request to write the data to the peripheral device includes a designation of a second encryption scheme, the second encryption scheme different than the first encryption scheme (Abstract, another method may include encrypting an item of data (wherein the request to write the data to the peripheral device) based on at least one of a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data and encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data (includes a designation of a second encryption scheme, the second encryption scheme different than the first encryption scheme)). Reference Yacobi/Au does not disclose a multiple encryption scheme. Reference Stufflebeam however teaches that a multiple encryption scheme in which the data is successively encrypted in independent layers may be performed. As such, when combined with Yacobi, this means that the request to write the encrypted data from Yacobi must inherently comprise a designation of a second encryption scheme in order to perform the multiple encryption. Stufflebeam further teaches that using multiple encryption keys to encrypt the data may enforce access control by assigning an encryption key to separate entities and enforcing that each entity is authorized (Par. [0051],  In this specific example, such encrypted data may later be decrypted and read only if accessed by the same user from the same storage resource 114 coupled to the same information handling system 102). 

	References Yacobi/Au and Stufflebeam are considered to be analogous art because they relate to attribute-based encryption of data for storage and access control. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attribute-based encryption system of Yacobi/Au with the multiple encryption schemes of Stufflebeam in order to gain the benefit of increased security by checking the authorization of various entities associated with accessing data. 

Regarding Claim 6:
	The combination of Yacobi/Au/Stufflebeam discloses Claim 5.
	Stufflebeam further discloses the following limitation:
	further comprising encrypting the data using the first encryption scheme prior to encrypting the data using the second encryption scheme (Abstract, encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data (further comprising encrypting the data using the first encryption scheme prior to encrypting the data using the second encryption scheme)). As previously argued in Claim 5, the system of Stufflebeam performs multiple layered encryption in order to enforce access control across different entities. As such, the same reasons of motivation/combination of references remain the same as argued in Claim 5.

Regarding Claim 10:
	Yacobi discloses the following limitations:
	A system comprising: a communication interface (Par. [0185], one of these devices is an I/O controller 2316 (A system comprising: a communication interface) that controls data exchange with a mass-storage device 2321). As disclosed previously, the system of Yacobi may communicate with networked storage devices which are remote. As such, there inherently is a communication interface in order to perform this communication.	a hardware interface for physically coupling to a peripheral device (Par. [0185], one of these devices is an I/O controller 2316 (a hardware interface) that controls data exchange with a mass-storage device 2321 (physically coupling to a peripheral device))
	one or more processors (Par. [0185], the computer includes a processor 2302 (one or more processors), memory 2304, a memory/processor bus 2306 that interconnects the processor, memory, and a bridge 2308)
	(taught by Stufflebeam below)
	receiving, via the communication interface, encryption/decryption data from a remote system; detecting a physical coupling of a first peripheral device to the hardware interface; detecting a request from a component of the system to write data to the peripheral device; selecting a first encryption technique (Par. [0035], Par. [0068]). As argued previously in Claim 1 and Claim 3, these limitations are disclosed by Yacobi in the respective paragraphs. Yacobi however does not disclose storing a plurality of encryption techniques, which is taught by Stufflebeam below. 
	(taught by Au below)

	Stufflebeam discloses the following limitations not taught by Yacobi:
	an encryption/decryption component coupled between the hardware interface and the one or more processors and the communication interface, the encryption/decryption component configured to perform operations including (Par. [0036], encryption accelerator 116 (an encryption/decryption component) may be communicatively coupled to I/O controller 116 (coupled between the hardware interface and the one or more processors and the communication interface) and may comprise any system, device, or apparatus configured to encrypt data for storage on one or more of storage resources 114, and/or decrypt data read from one or more of storage resources 114 (the encryption/decryption component configured to perform operations including)). The system of Yacobi does not disclose an encryption/decryption hardware component. Reference Stufflebeam however teaches that an encryption accelerator which performs cryptographic functions may be coupled to an I/O controller (the hardware interface and the communication interface) as shown in Figure 1, and the one or more processors (processor 103 and cryptoprocessor 110 in Figure 1).  Reference Stufflebeam further teaches that this encryption accelerator “encryption accelerator 116 may have stored thereon a plurality of cryptographic functions that may be executed” (Par. [0036]).
	from a plurality of stored encryption techniques (Par. [0036], encryption accelerator 116 may have stored thereon a plurality of cryptographic functions that may be executed). 

	Au discloses the following limitations not taught by Yacobi/Stufflebeam:
	wherein the encryption/decryption component is a hardware component that stores at least the plurality of stored encryption techniques and that keeps the plurality of stored encryption techniques inaccessible to at least one other component of the system (Col 2, lines 62-67, Col. 2, lines 27 – 38, cryptographic keys and other data stored in the secure memory cannot be accessed from outside the cryptographic module). Au teaches a hardware cryptographic module for performing encryption which has a secure memory which stores encryption keys/data, i.e. plurality of encryption techniques when combined with Yacobi/Stufflebeam, and that this secure memory cannot be accessed by other components outside the module, such as the host processor. 

	Yacobi does not disclose an encryption/decryption hardware component. Reference Stufflebeam however teaches a hardware encryption accelerator which has a plurality of stored encryption functions/techniques. Stufflebeam further teaches that this has the benefit of being able perform encryption/decryption on pre-boot I/O operations (Par. [0045], BIOS driver 107 may include instructions to unseal the encryption key so that the key may be loaded into encryption accelerator 116 and used to encrypt and decrypt pre-boot I/O operations). 
	Yacobi/Stufflebeam do not teach making the encryption techniques inaccessible to other system components. Au however teaches a cryptographic module which isolates itself from the rest of the system, and further teaches that this isolation provides extra security by preventing access by thieves (Col. 1, lines 31—37, Col. 5, lines 52-56, thereby acting as a gate to control authorized access and usage of those engines). 
	References Yacobi/Stufflebeam/Au are considered to be analogous art because they relate to attribute-based encryption of data for storage and access control. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attribute-based encryption system of Yacobi with the encryption accelerator of Stufflebeam in order to gain the benefit of local storage of encryption schemes and performing encryption/decryption on pre-boot I/O operations, and further combine with the cryptographic module of Au in order to gain the benefit of additional security from isolation of components. 
Regarding Claim 14:
	Yacobi/Au/Stufflebeam discloses Claim 10.	System Claim 14 corresponds to method Claim 9 except that Claim 14 recites additional limitations in Claim 10 by virtue of being dependent on Claim 10 which have previously been shown to be taught by the combination of Yacobi/Au/Stufflebeam . Therefore, the same arguments presented earlier in Claim 9 using reference Yacobi and in Claim 10 using the combination of Yacobi/Au/Stufflebeam are used as reasons for motivation/combination of references for Claim 14. 	Claims 7, 8 are rejected under 35 U.S.C. 103 as being unpatentable over Yacobi/Au, and further in view of Cohn et al. (WO 2018005361 A1) hereinafter referred to as “Cohn”.
Regarding Claim 7:
	Yacobi/Au discloses Claim 1.	Yacobi further discloses the following limitations:
	further comprising: detecting a second request from the peripheral device to write second data to the user equipment (Figure 9H, fetch data object and return copy to reader (further comprising: detecting a second request from the peripheral device to write second data to the user equipment)). As argued previously in Claim 4, the process of reading data from the peripheral is considered to be analogous to the process of writing data. In the process of reading the data, the system of Yacobi returns a copy of the data object for the user to decrypt/read. Under the broadest reasonable interpretation, this inherently comprises detecting a write request as the reader is receiving a copy of the data and later verifies the received data (Figure 9H).  
	selecting a decryption scheme based at least in part on the second data to be written to the user equipment (Figure 9H, receive copy of data object (selecting a decryption scheme based at least in part on the second data to be written to the user equipment)). A data object according to the system of Yacobi contains a descriptor which designates the encryption scheme in which to read the data (the data object 802 includes a descriptor 804 and a data payload 806. The descriptor includes clear-text read and write policies 808-809, an encrypted read payload key). Therefore, the receipt of the data object inherently constitutes a selection of a decryption scheme specified by the read payload key, and this is based in part on the data as the system of Yacobi is directed towards attribute-based encryption in which the class of the data object determines the encryption scheme as argued previously in Claim 1.  
	determining that the second data cannot be decrypted using the decryption scheme (Figure 9H, read failed (determining that the second data cannot be decrypted using the decryption scheme)). The system of Yacobi verifies the attributes of the reader, and determines that a reader does not have sufficient attributes to read the data when the read fails. That is, the second data cannot be decrypted using the decryption scheme because the system of Yacobi prevents the reader from doing so.  
	and presenting a notification (Par. [0067], when the verification is successful, as determined in step 983, returns a success indication to the owner (and presenting a notification) in step 984 or returns a failure indication in step 985 (the notification indicating that a user of the user equipment is not authorized to access the second data)). The system of Yacobi notifies the user through an indication that the user’s identity is authenticated or not. Under the broadest reasonable interpretation, this constitutes a notification to the user, and it indicates that the user is not authorized as it indicates a failure of having the proper attributes for authorization. 

	Cohn discloses the following limitation not taught by Yacobi/Au:
	on a display of the user equipment (Par. [0020], display this information in the device's graphical user interface). The notification to the user of Yacobi/Au does not disclose a display of the user equipment. Reference Cohn however discloses a system of notifying unauthorized access and discloses that such access may be displayed on the user’s graphical user interface, i.e. display. Cohn further teaches that such a system “may facilitate defining a mechanism for rejecting and notifying unauthorized users about the reason for the rejection and a possible resolution” (Par. [0016]).	References Yacobi/Au and reference Cohn are considered to be analogous art because they relate to authorization systems for accessing devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attribute-based encryption system of Yacobi/Au with the user notification system of Cohn in order to gain the benefit of providing the user reasons for rejection and a possible resolution. 

Regarding Claim 8:
	The combination of Yacobi/Au/Cohn discloses Claim 7.	Cohn further discloses the following limitation:
	wherein the notification includes instructions for the user to obtain authorization (Par. [0016], notifying unauthorized users about the reason for the rejection and a possible resolution (wherein the notification includes instructions for the user to obtain authorization)). Reference Cohn teaches that their notification system may include instructions to resolve the lack of authorization, i.e. for the user to obtain authorization. The reasons for motivation and combination of references remain the same as in Claim 7.	Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over the combination of Yacobi/Stufflebeam/Au, and further in view of Vaquero (U.S. Pub. No. 2016/0182462 A1) hereinafter referred to as “Vaquero”.Regarding Claim 11:
	The combination of Yacobi/Stufflebeam/Au discloses Claim 10.	Vaquero discloses the following limitation not taught by the combination of Yacobi/Stufflebeam/Au:
	wherein selecting the first encryption technique from the plurality of stored encryption techniques is based at least in part on a location of the system (Par. [0021], the policy may include flexible levels of availability and viewability (wherein selecting the first encryption technique from the plurality of stored encryption techniques ) based on context… Examples of context may include personal attributes of the user requesting the set of data, time stamps or limits, location, and internet protocol address (based at least in part on a location of the system)). The combination of references Yacobi/Stufflebeam/Au do not disclose using a system location as an attribute for access control. Reference Vaquero however teaches that one of the attributes used for access control and attribute based encryption may be the user’s location or IP address. As the user is accessing the user equipment, under the broadest reasonable interpretation, this constitutes a location of the system. Therefore, when combined with the combination of Yacobi/Stufflebeam/Au, this constitutes a selection of encryption scheme according to location, since Yacobi/Stufflebeam/Auteach selection of encryption schemes according to attributes. 

	The combination of Yacobi/Stufflebeam/Au discloses all features of the applicant’s claimed invention except it uses attributes other than location for attribute-based encryption. Reference Vaquero however discloses that system location may be used as an attribute in attribute-based encryption. Thus, all features of the claimed invention were known in the prior art. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute one of the attributes in the attribute-based encryption system of Yacobi/Stufflebeam/Au with system location as taught by Vaquero in order to gain the predictable result of the applicant’s claimed invention. 	Claims 12, 13 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Yacobi/Stufflebeam/Au, and further in view of Cohn.Regarding Claim 12:
	The combination of Yacobi/Stufflebeam/Au discloses Claim 10.
	System Claim 12 discloses additional limitations similar to those method Claim 7, which have previously been shown to be disclosed by the combination of Yacobi/Au/Cohn. That is, the combination of Yacobi/Stufflebeam/Au discloses all limitations of Claim 12 except for the notification appearing on a display of the system. Reference Cohn however discloses a system of notifying unauthorized access and discloses that such access may be displayed on the user’s graphical user interface, i.e. display. Cohn further teaches that such a system “may facilitate defining a mechanism for rejecting and notifying unauthorized users about the reason for the rejection and a possible resolution” (Par. [0016]).	The combination of references Yacobi/Stufflebeam/Au and reference Cohn are considered to be analogous art because they relate to authorization systems for accessing devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attribute-based encryption system of Yacobi/Stufflebeam/Au with the user notification system of Cohn in order to gain the benefit of providing the user reasons for rejection and a possible resolution. 

Regarding Claim 13:
	The combination of Yacobi/Stufflebeam/Au/Cohn discloses Claim 12.
	Cohn further discloses the following limitation: 
	wherein the notification includes instructions for the user to request authorization to access the second data (Par. [0016], notifying unauthorized users about the reason for the rejection and a possible resolution (wherein the notification includes instructions for the user to request authorization to access the second data)). Reference Cohn teaches that their notification system may include instructions to resolve the lack of authorization, i.e. for the user to obtain authorization. The reasons for motivation and combination of references remain the same as in Claim 12.

	Claims 15-16, 18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Stufflebeam, and further in view of Au.Regarding Claim 15:
	Stufflebeam discloses the following limitations:
	A component of a user equipment comprising: one or more processors (Par. [0027], information handling system 102 may include a processor 103)
	a non-transitory computer-readable media accessible to the one or more processors, the non-transitory computer-readable media storing computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including (Par. [0011], the computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor). The computing device of Stufflebeam includes a computer-readable medium which is non-transitory (Par. [0026], computer-readable media may include, without limitation, storage media such as a direct access storage device (e.g., a hard disk drive or floppy disk))
	storing encryption/decryption data, the encryption/decryption data including a plurality of encryption schemes and a plurality of decryption schemes (Par. [0036], encryption accelerator 116 may have stored thereon a plurality of cryptographic functions that may be executed). The encryption accelerator of Stufflebeam stores cryptographic functions, i.e.  encryption/decryption schemes, since it both encrypts and decrypts data for storage.
	receiving a first request from a peripheral device physically coupled to a hardware interface of the user equipment, the first request to access first data stored on the user equipment (Par. [0043], encryption accelerator 116 may authenticate that a requestor (e.g., application 202) (receiving a first request) of an encryption task is authorized to initiate an encryption task (the first request to access first data stored on the user equipment); Par. [0038], another component of information handling system 102 may execute application 202; Par. [0027], information handling system 102 may include … one or more storage resources 114 communicatively coupled to I/O controller 108 via respective busses 112 (from a peripheral device physically coupled to a hardware interface of the user equipment)). The system of Stufflebeam has an application which requests an encryption task, i.e. writing encrypting data or reading decrypted data, which inherently is a form of accessing data. This application is disclosed to be potentially executed on any component of the information handling system, of which the storage resource, i.e. the peripheral device, is a component. Therefore, the system of Stufflebeam discloses the claimed limitation in which peripheral device requests access of data from the user equipment. 
	selecting a first encryption scheme from the plurality of encryption schemes based at least in part on characteristics of the peripheral device (Par. [0017], wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted; Par. [0049], Among the characteristics of a storage resource 114 upon which a policy may be based are a port to which the particular storage resource 114 is coupled, the type of storage resource 114 (e.g., USB, FireWire, SATA, PCI/PCMCIA, etc.), manufacturer of storage resource 114, model of storage resource 114, serial number of storage resource (characteristics of the peripheral device)). The system of Stufflebeam is directed towards attribute-based encryption, and Stufflebeam further discloses that the attribute may be a peripheral device characteristic such as serial number.
	generating first encrypted data from the first data based at least in part on the first encryption scheme (Par. [0036], encryption accelerator 116 may be communicatively coupled to I/O controller 116 and may comprise any system, device, or apparatus configured to encrypt data (generating first encrypted data from the first data based at least in part on the first encryption scheme) for
storage on one or more of storage resources). The encryption accelerator encrypts the data using the encryption scheme chosen. 
	and allowing the peripheral device to access the first encrypted data (Par. [0036], for storage on one or more of storage resources (and allowing the peripheral device to access the first encrypted data)). The purpose of the encryption is to store the encrypted data on the storage resource of Stufflebeam, i.e. the peripheral device. Therefore, this inherently is a form of allowance of access to the encrypted data, since the peripheral device must have access to the encrypted data for it to be written to the peripheral device. This form of allowance may also be seen as a form of authentication (Par. [0043], encryption accelerator 116 may authenticate that a requestor (e.g., application 202) of an encryption task is authorized to initiate an encryption task. After encryption or decryption of data, data may be stored to a storage resource).	(taught by Au below)

	Au discloses the following limitations not taught by Stufflebeam:
	wherein the component is a hardware component that stores at least the encryption/decryption data and that keeps the encryption/decryption data inaccessible to at least one other component of the user equipment (Col 2, lines 62-67, Col. 2, lines 27 – 38, cryptographic keys and other data stored in the secure memory cannot be accessed from outside the cryptographic module). Au further teaches that the cryptographic module has a secure memory which stores encryption keys, i.e. encryption schemes when combined with Stufflebeam, and that this secure memory cannot be accessed by other components outside the module, such as the host processor. 

	Stufflebeam does not teach a hardware encryption/decryption component which prevents access to the encryption scheme from other components. Au however teaches a cryptographic module which isolates itself from the rest of the system, and further teaches that this isolation provides extra security by preventing access by thieves (Col. 1, lines 31—37, Col. 5, lines 52-56, thereby acting as a gate to control authorized access and usage of those engines) 
	Stufflebeam and Au are considered to be analogous art because they relate to data encryption methods. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the  attribute based encryption scheme of Stufflebeam with the cryptographic module of Au in order to gain the benefit of additional security from isolation of components.
Regarding Claim 16:
	Stufflebeam/Au discloses Claim 15.	Stufflebeam further discloses the following limitation:
	wherein individual encryption schemes of the plurality of encryption schemes include a designated encryption algorithm and a seed value (Par. [0036], encryption accelerator 116 may have stored thereon a plurality of cryptographic functions that may be executed (wherein individual encryption schemes of the plurality of encryption schemes include a designated encryption algorithm); Par. [0033], cryptoprocessor 110 may be configured to generate random numbers, generate encryption keys (e.g., RSA keys) (and a seed value)). The encryption accelerator of Stufflebeam stores cryptographic functions, i.e. encryption algorithms, to perform encryption. The cryptoprocessor of Stufflebeam generates random numbers and encryption keys for the encryption accelerator to use. It is well known in the art that a seed value is used to generate pseudorandom numbers which is pertinent to generating encryption keys as disclosed in NPL “Random Seed”. Thus, in order for the cryptoprocessor to generate pseudorandom numbers, this inherently means that the cryptoprocessor of Stufflebeam has a seed value stored. 

Regarding Claim 18:
	Stufflebeam/Au discloses Claim 15.
	Stufflebeam further discloses the following limitation:
	wherein selecting the first encryption scheme from the plurality of encryption schemes is based at least in part on one or more of the following: characteristics associated with a current user of the user equipment; content of the first data; characteristics of the first data; type of the first data; or characteristics associated with the user equipment (Abstract, encrypting or decrypting data associated with an input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based (selecting the first encryption scheme from the plurality of encryption schemes is based at least in part on one or more of the following) on one or more characteristics associated with the data to be encrypted or decrypted (characteristics of the first data)). Claim 18 recites needing to fulfill at least one of the criteria described for selecting an encryption scheme. The system of Stufflebeam is directed towards attribute-based encryption in which the selection of the encryption scheme is dependent on the characteristics of the data, which is one of the criteria claimed.

Regarding Claim 20:
	Stufflebeam/Au discloses Claim 15.
	Stufflebeam further discloses the following limitation:
	wherein the non-transitory computer-readable media stores additional computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including: detecting a second request from the peripheral device to access second data stored on the user equipment (Par. [0043], encryption accelerator 116 may authenticate that a requestor (e.g., application 202) (detecting a second request) of an encryption task is authorized to initiate an encryption task (to access second data stored on the user equipment); Abstract, encrypting or decrypting data associated with an input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted). Reference Stufflebeam is directed towards attribute-based encryption in which different encryption schemes are applied depending on the attributes of the user/data. This is understood by the fact that the problem Stufflebeam addresses is using a single encryption algorithm (Par. [0006], many traditional approaches employing hardware-based encryption generally allow only a particular encryption algorithm to be applied), and that a plurality of encryption algorithms are stored on the encryption accelerator (Par. [0036], encryption accelerator 116 may have stored thereon a plurality of cryptographic functions that may be executed) of which an a cryptographic scheme is selected according to attributes as per attribute-based encryption. Therefore, since Stufflebeam discloses storing data using different encryption algorithms depending on the data being stored, it is inherently understood that there may be a second request to access second data.
	selecting a second encryption scheme from the plurality of encryption schemes based at least in part on the characteristics of the peripheral device (Par. [0017], wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted; Par. [0049], Among the characteristics of a storage resource 114 upon which a policy may be based are a port to which the particular storage resource 114 is coupled, the type of storage resource 114 (e.g., USB, FireWire, SATA, PCI/PCMCIA, etc.), manufacturer of storage resource 114, model of storage resource 114, serial number of storage resource (characteristics of the peripheral device)). As argued previously in Claim 15, the selection of an encryption scheme is based on the characteristics of the peripheral device partly. 	the second encryption scheme different than the first encryption scheme (Par. [0049], A security policy for information handling system 102 may define whether an encryption or decryption task is to be executed and the designated cryptographic function and/or encryption key to be used in connection with such an encryption or decryption task based on one or more of a user logged into information handling system 102, characteristics of a storage resource 114 associated with the task, or characteristics regarding the directory path of the data to be written or read (e.g., folder/directory, file, etc.) (the second encryption scheme different than the first encryption scheme)). As argued in the previous limitations, the system of Stufflebeam is directed towards an attribute-based encryption system in which different encryption schemes are used depending on the attributes of the user or data being stored. As shown here, the encryption scheme may depend on the data having different file paths, so the same peripheral may be used and encounter different encryption schemes. 
	generating second encrypted data based at least in part on the second encryption scheme; and allowing the peripheral device to access the second encrypted data (Par. [0036], encryption accelerator 116 may be communicatively coupled to I/O controller 116 and may comprise any system, device, or apparatus configured to encrypt data (generating second encrypted data based at least in part on the second encryption scheme); Par. [0036], for storage on one or more of storage resources (and allowing the peripheral device to access the second encrypted data)). As argued previously in Claim 15, the system of Stufflebeam encrypts the data, and stores the data onto the peripheral, i.e. allow the peripheral to access the data. 


	Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Stufflebeam/Au, and further in view of High Court Rajan et al. (EP 2136310 A1) hereinafter referred to as “High Court Rajan”.Regarding Claim 17:
	Stufflebeam/Au discloses Claim 15.
	High Court Rajan discloses the following limitation not taught by Stufflebeam/Au:	wherein the non-transitory computer-readable media stores additional computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including prior to receiving the first request from the peripheral device, determining the peripheral device is authorized to access the user equipment (Abstract, a host device system comprises an operating system, at least one USB port for connecting a USB device, a filter driver capable of recognizing whether the connected USB device pertains to at least one defined class of USB devices, means for loading the filter driver before any functional driver related to the connected USB
device is loaded (perform operations including prior to receiving the first request from the peripheral device, determining the peripheral device is authorized to access the user equipment), and means for blocking a functional driver related to the connected USB device). The system of Stufflebeam/Au does not disclose authenticating the device before the first request is sent from the peripheral device. Reference High Court Rajan however discloses a method in which the user equipment filters out unauthorized USB peripheral devices based on class before the peripheral performs a request. High Court Rajan teaches that this provides port-based security which leads to the result that “the USB port of interest is neither rendered useless by physical blocking nor by software-based access denial to certain user” (Par. [0011]). 

	References Stufflebeam/Au and High Court Rajan are considered to be analogous art because they relate to authentication systems for peripheral devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attribute-based encryption system of Stufflebeam/Au with the port-based security of High Court Rajan to gain the benefit of protecting against peripherals before the peripherals request data while restricting the port in such a way that the port may still be used. 
	
	Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Stufflebeam/Au, and further in view of Cohn.
Regarding Claim 19:
	Stufflebeam/Au discloses Claim 15.
	Stufflebeam further discloses the following limitations:
	wherein the non-transitory computer-readable media stores additional computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including: detecting a second request from the peripheral device, the second request to write second data to the user equipment (Par. [0040], application 202 executing on processor 103 (detecting a second request from the peripheral device) may direct that a write operation to a storage resource 114 is to be encrypted or that a read operation from a storage resource 114 is to be decrypted (the second request to write second data to the user equipment)). From Claim 15 as argued previously, Stufflebeam discloses that application 202 may actually execute from any component of the information handling system, including the storage device, i.e. peripheral. Moreover, this operation is detected (Par. [0012], in response to detection of an input/output operation). Regarding the phrase “write second data”, a read operation from Stufflebeam inherently writes decrypted data to the computer-readable medium. That is, the system of Stufflebeam checks the volume of the computer-readable medium in order to check the decryption status of a read request (Par. [0014],  The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) periodically store, during an encryption or decryption operation performed on the computer-readable medium, one or more variables indicative of an encryption status of a volume of the computer-readable medium; (ii) determine, based on the one or more variables, whether the volume is in a partially encrypted or decrypted state). As such, when Stufflebeam discloses a read operation involving decryption, this is also a write operation. 	selecting a decryption scheme from the plurality of decryption schemes based at least in part on the characteristics of the peripheral device (Abstract, encrypting or decrypting data associated with an
input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted (selecting a decryption scheme from the plurality of decryption schemes based at least in part on); Par. [0049], among the characteristics of a storage resource 114 upon which a policy may be based are a port to which the particular storage resource 114 is coupled, the type of storage resource 114 (e.g., USB, FireWire, SATA, PCI/PCMCIA, etc.), manufacturer of storage resource 114, model of storage resource 114, serial number of storage resource (the characteristics of the peripheral device)). Stufflebeam discloses a selection of decryption scheme for read operations analogously to selecting an encryption scheme for write operations. As disclosed previously in Claim 15, this selection may be performed based on the characteristics of the peripheral device according to the security policy. 
	determining that the second data cannot be decrypted using the decryption scheme (Par. [0036], a task and/or owner's ability to insert a key may be authenticated to encryption accelerator 116 prior to acceptance of the key (determining that the second data cannot be decrypted using the decryption scheme)). The system of Stufflebeam determines whether an application is authorized to perform read/write operations. Under the broadest reasonable interpretation, this authorization check determines whether the data can or cannot be decrypted, as the user needs the necessary permissions before doing so. 
	(taught by Cohn below)

	Cohn discloses the following limitation not taught by Stufflebeam/Au:
	and presenting a notification on a display of the user equipment, the notification indicating that user equipment is unable to access the second data (Par. [0020], this may allow a device to query a peer device on whether the device is authorized to connect to it, and to display this information in the device's graphical user interface). Stufflebeam/Au does not disclose a notification of failure to access data. Reference Cohn however discloses a system of notifying unauthorized access and discloses that such access may be displayed on the user’s graphical user interface, i.e. display. Cohn further teaches that such a system “may facilitate defining a mechanism for rejecting and notifying unauthorized users about the reason for the rejection and a possible resolution” (Par. [0016]).
	References Stufflebeam/Au and reference Cohn are considered to be analogous art because they relate to authorization systems for accessing devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the attribute-based encryption system of Stufflebeam/Au with the user notification system of Cohn in order to gain the benefit of providing the user reasons for rejection and a possible resolution. 

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Colombo et al. (U.S. Pub. No. 2018/0330123 A1) – Includes methods related to performing encryption with an isolated hardware security module that relates to the newly amended features

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on  (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431           

/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431