DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/948,562 filed on 9/23/2020.
Claims 1-20 have been examined and are pending in this application.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Bourque et al. (US 2016/0098554; Hereinafter “Bourque”) in view of Kaines (US 2016/0203311; Hereinafter “Kaines”).
Regarding claim 1, Bourque teaches a method comprising: the authorization data associated with a designated type of peripheral device approved to access the user equipment (Bourque: Para. [0028], Host device 102 may determine the address by using authenticator 118 to inspect EDID information or address information received from an entity within peripheral 106 or HDMI cable 202. Para. [0033], The media provided to peripheral 106 may be configured based on an EDID previously received or based on a type or class of peripheral 106 indicated by the identifier received. After peripheral 106 is authenticated, authenticator 118 may relinquish access of the non-media channel to HDMI module 120 allowing a multimedia communication and/or encryption thereof to be established.); 
detecting a coupling of a first peripheral device to the hardware interface (Bourque: Para. [0024], At block 302, connection of a peripheral to a media interface is detected by a host device. Para. [0026]); 
receiving authorization credentials from the first peripheral device (Bourque: Para. [0028], At block 304, an address of a non-media channel at which the peripheral can be authenticated is determined by the host device. Host device 102 may do so based on information received, by querying peripheral 106 (e.g., using device discovery), or based on a predefined range of addresses.); 
determining that the first peripheral device is authorized to access the user equipment based at least in part on the authorization data and the authorization credentials (Bourque: Para. [0029], At block 306, an authentication protocol is performed using the address to determine if the peripheral is authentic. Various manners of authentication can be used. In this ongoing example, authenticator 118 requests (or discovers) an identifier from peripheral 106. After an identifier is received from peripheral 106, authenticator 118 determines whether the identifier matches one of a set of authentic identifiers to determine authenticity of peripheral 106. This set of authentic identifiers is accessible by host device 102, such as by being stored in host media 112.); and 
allowing, in response to determining the first peripheral device is authorized, the first peripheral device to access the user equipment (Bourque: Para. [0034], Authenticator 118 may also configure ways in which host device 102 may act and interact with peripheral 106. Consider a case where host device 102 is a smartphone physically connected or “docked” with laptop-dock 106-3, which provides an external display, keyboard, and additional ports. In such a case, authenticator 118 configures host 102 to make use of these functionalities, such as by configuring the media interface to provide content for the external display and configuring the non-media channel to receive input from the keyboard. In other cases, the non-media channel can be configured to exchange data between host device 102 and peripheral 106, such as general purpose I/O signals, button presses, status updates, short text messages, or tiny user interface messages. Para. [0033], The media provided to peripheral 106 may be configured based on an EDID previously received or based on a type or class of peripheral 106 indicated by the identifier received. After peripheral 106 is authenticated, authenticator 118 may relinquish access of the non-media channel to HDMI module 120 allowing a multimedia communication and/or encryption thereof to be established.).
Bourque does not explicitly teach receiving, at a hardware interface of a user equipment via a wireless communication channel, authorization data from a remote system, the authorization data associated with a designated type of peripheral device approved to access the user equipment.
In an analogous art, Kaines teaches receiving, at a hardware interface of a user equipment via a wireless communication channel, authorization data from a remote system, the authorization data associated with a designated type of peripheral device approved to access the user equipment, the authorization data associated with a designated type of peripheral device approved to access the user equipment (Kaines: Para. [0025], the policy module 103 will return the host access status to the device driver 203 via the host 102. The host access status will tell the device driver 203 whether to deny the device further interaction with the host 102 or whether to allow the host 102 to mount the specific device driver 204 intended by the device manufacturer to unlock the device's primary functionality. Para. [0018], Shown as well is a policy server 205 that houses the policy module 103 and records 207.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Kaines with the system and method of Bourque to include receiving, at a hardware interface of a user equipment via a wireless communication channel, authorization data from a remote system, the authorization data associated with a designated type of peripheral device approved to access the user equipment, because this functionality provides security countermeasures for malicious USB devices (Kaines: Para. [0006]).
Regarding claim 7, Bourque, in combination with Kaines, teaches the method as claim 1 recites, wherein determining that the first peripheral device is authorized to access the user equipment is based at least in part on one or more of a current user of the user equipment, a status of the user equipment, or a location of the user equipment (Kaines: Para. [0025], The administrators of the policy module 103 would then be able to determine whether to allow the specimen 101 to be used by the requesting host based on a selective combination of criteria. Examples include location, user, time, date, host ID, previous connection history, etc.).

Claim(s) 2-3 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Bourque et al. (US 2016/0098554; Hereinafter “Bourque”) in view of Kaines (US 2016/0203311; Hereinafter “Kaines”) in view of Edwards et al. (US 2016/0182539; Hereinafter “Edwards”).
Regarding claim 2, Bourque, in combination with Kaines, teaches the method as claim 1 recites. Bourque, in combination with Kaines, does not teach further comprising: detecting a coupling of a second peripheral device to the hardware interface; receiving second authorization credentials from the second peripheral device; determining that the second peripheral device is not authorized to access the user equipment based at least in part on the authorization data and the second authorization credentials; and preventing the second peripheral device from accessing the user equipment.  
In an analogous art, Edwards teaches further comprising: detecting a coupling of a second peripheral device to the hardware interface (Edwards: Para. [0066], where the peripheral monitoring module is further configured to determine that a second peripheral is connected to the electronic device,); receiving second authorization credentials from the second peripheral device (Edwards: Para. [0066], determine a second type for the second peripheral); determining that the second peripheral device is not authorized to access the user equipment based at least in part on the authorization data and the second authorization credentials (Edwards: Para. [0066], determine a second type for the second peripheral, and block communication to and from the peripheral if the determined type for the peripheral matches the determined second type for the second peripheral.); and preventing the second peripheral device from accessing the user equipment (Edwards: Para. [0066], determine a second type for the second peripheral, and block communication to and from the peripheral if the determined type for the peripheral matches the determined second type for the second peripheral.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Edwards with the system and method of Bourque and Kaines to include detecting a coupling of a second peripheral device to the hardware interface; receiving second authorization credentials from the second peripheral device; determining that the second peripheral device is not authorized to access the user equipment based at least in part on the authorization data and the second authorization credentials; and preventing the second peripheral device from accessing the user equipment because this functionality provides enhanced security by preventing inadvertent disclosure of sensitive information (Edwards: Para. [0002]).
Regarding claim 3, Bourque, in combination with Kaines and Edwards, teaches the method as claim 2 recites, further comprising: sending, via the wireless communication channel, an alert to the remote system, the alert indicating an attempt to couple an unauthorized peripheral device to the user equipment has occurred (Edwards: Para. [0034], In an embodiment, if the other peripheral is not a data storage peripheral, then a signal or alert may be sent to the system or a user that two of the same devices are connected to the electronic device (e.g., two keyboards are connected to the electronic device). They system or user may take remedial action to correct the issue or may create an exception. Kaines: Para. [0028], On the other hand, if the cloned device was connected to a corporate computer before the employee's compromised device, then the employee's device will be subsequently denied, thus alerting the employee that the device was potentially compromised. An investigation might ensue, using the records collected to cross-reference the employee's actual use of the device.).
Regarding claim 5, Bourque, in combination with Kaines and Edwards, teaches the method as claim 3 recites, wherein the alert includes data associated with at least one of the second peripheral device, an active user account on the user equipment, or an indication of a location of the user equipment (Edwards: Para. [0034], In an embodiment, if the other peripheral is not a data storage peripheral, then a signal or alert may be sent to the system or a user that two of the same devices are connected to the electronic device (e.g., two keyboards are connected to the electronic device). They system or user may take remedial action to correct the issue or may create an exception..

Claim(s) 6 are rejected under 35 U.S.C. 103 as being unpatentable over Bourque et al. (US 2016/0098554; Hereinafter “Bourque”) in view of Kaines (US 2016/0203311; Hereinafter “Kaines”) in view of Edwards et al. (US 2016/0182539; Hereinafter “Edwards”) in view of Topp et al. (US 7,877,788; Hereinafter “Topp”).
Regarding claim 6, Bourque, in combination with Kaines and Edwards, teaches the method as claim 2 recites.  Bourque, in combination with Kaines and Edwards, does not explicitly teach wherein preventing the second peripheral device from accessing the computing resource includes physically decoupling the hardware interface from at least one other component of the user equipment. 
In an analogous art, Topp teaches wherein preventing the second peripheral device from accessing the computing resource includes physically decoupling the hardware interface from at least one other component of the user equipment (Topp: Col. 5, Lines 50-67, Col. 6, Lines 1-23, At step 506, the method 500 determines whether the peripheral device is authentic. For a USB device, the device driver request (e.g., a request for a plug-and-play driver) is trapped and analyzed to determine the device type and/or other device related information. At step 508, the method 500 queries whether the device is authentic. If the query is negatively answered, the method 500 proceeds to step 516 where no change of the connectivity control element is performed, i.e., the peripheral device is denied access to the host system. At step 518, the method 500 may perform an optional step to notify an operator (or other designated person) that an unauthorized peripheral device attempted access to the host system. Col. 6, Lines 24-36, This architecture forces a USB peripheral device to be electronically isolated from a host system until the device has been authenticated. By default, the USB interface PHY 202 is connected to an authentication host controller (AHC) 204 by a switch 201 (in the depicted embodiment a multi-port SPDT switch is shown). Once a connected USB peripheral device on one of the ports has been authenticated, the PHY 202 is connected to an operational host controller (OHC) 206. The PHY connection reverts back to the AHC 204 whenever a peripheral device is disconnected.)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Topp with the system and method of Bourque, Kaines, and Edwards to include wherein preventing the second peripheral device from accessing the computing resource includes physically decoupling the hardware interface from at least one other component of the user equipment because this functionality provides enhanced security by controlling connectivity of the coupling between the interface connector and the interface circuit when authenticating a peripheral device (Topps: Col. 2, Lines 1-4).

Claim(s) 8-9, 11-13, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaines (US 2016/0203311; Hereinafter “Kaines”) in view of Topp et al. (US 7,877,788; Hereinafter “Topp”).
Regarding claim 8, Kaines teaches a system comprising: a communication interface; a hardware interface for physically coupling to a peripheral device; one or more processors; an authorization component coupled between the hardware interface and the one or more processors and the communication interface (Kaines: Para. [0031], The replacement device driver has at least two interfaces: (a) a first interface to the device; and (b) a second interface to the host computer, which enables the device driver to query the policy module whether to accept or deny the device's connection attempt.), the authorization component configured to perform operations including: 
receiving, wirelessly via the communication interface, authorization data from a remote system (Kaines: Para. [0025], the policy module 103 will return the host access status to the device driver 203 via the host 102. The host access status will tell the device driver 203 whether to deny the device further interaction with the host 102 or whether to allow the host 102 to mount the specific device driver 204 intended by the device manufacturer to unlock the device's primary functionality. Para. [0018], Shown as well is a policy server 205 that houses the policy module 103 and records 207.); 
detecting a physical coupling of a first peripheral device to the hardware interface (Kaines: Para. [0024], The computer host hardware is usually monitored by a device driver, sometimes called a generic device driver 203, whether the computer host hardware features a physical connector as previously described or a radio transceiver or even a network connection (non-proximate case). When the presence of the device 101 is detected, the device driver 203 initiates a query of the device 101 to find out how to use the device 101,); 
receiving authorization credentials from the first peripheral device (Kaines: Para. [0024], The generic device driver 203 may query the device 101 for its identifier and authenticator. Then it will transmit the device information, via the host 102 over a secure connection, to the policy module 103 and await a response from the policy module 103, informing whether the host 102 may be allowed to use the device 101.); 
determining that the first peripheral device is authorized to access the system based at least in part on the authorization data and the authorization credentials (Kaines: Para. [0029], The content of the received authenticator is decrypted and examined by the policy module to make sure that the identifier in the certificate is the same as the identifier that has been looked up in the database pursuant to the receipt step. If the data in the database does not match the data (date of entry, identifier, wrong encryption or lack of a trusted signer, key does not work with the particular authenticator, etc.) in the received authenticator or if the received authenticator cannot be decrypted, the policy module will skip to the transmission step and send a denial decision. Otherwise, the policy module will move on to the decision step. Once it reaches the decision step, the policy module will decide whether to deny or authorize the device based on the security policy the policy module is meant to enforce. In this example, authorized devices are not to be connected to computers belonging to the Active Directory Lookup service on the same network as the policy module outside normal business hours.).
Kaines does not explicitly teach decoupling the hardware interface from the communication interface and the one or more processors; and in response to determining the first peripheral device is authorized, recoupling the hardware interface to the communication interface and the one or more processors.
In an analogous art, Topp teaches decoupling the hardware interface from the communication interface and the one or more processors (Topp: Claim 23, in response to detecting the disconnection of the peripheral device, decoupling the interface connector from the interface circuit. [interface is in a decoupled state prior to peripheral being inserted]); 
detecting a physical coupling of a first peripheral device to the hardware interface (Topp: Col. 5, Lines 50-67, The method 500 begins at step 502 and proceeds to step 504. At step 504, the method 500 detects the connection of the peripheral device to the interface connector, e.g., for a USB device, the indicia of connection is an impedance change in the interface connector that is detected by a USB controller within the interface controller. Generally, a state change for the interface connector forms an interrupt that launches the method 500.); 
receiving authorization credentials from the first peripheral device (Topp: Col. 5, Lines 50-67, At step 506, the method 500 determines whether the peripheral device is authentic. For a USB device, the device driver request (e.g., a request for a plug-and-play driver) is trapped and analyzed to determine the device type and/or other device related information. Device-related information includes USB Device ID, USB Vendor ID and bus-related information such as bus instance ID, bus hardware ID and bus compatibility ID. At step 508, the method 500 queries whether the device is authentic.); 
determining that the first peripheral device is authorized to access the system based at least in part on the authorization data and the authorization credentials (Topp: Col. 6, Lines 1-8, If the query is negatively answered, the method 500 proceeds to step 516 where no change of the connectivity control element is performed, i.e., the peripheral device is denied access to the host system. At step 518, the method 500 may perform an optional step to notify an operator (or other designated person) that an unauthorized peripheral device attempted access to the host system.); and 
in response to determining the first peripheral device is authorized, recoupling the hardware interface to the communication interface and the one or more processors (Topp: Col. 6, Lines 9-23, If the query at step 508 is affirmatively answered, the method 500 proceeds to step 510 to optionally perform other processing, e.g., policy compliance analysis, security compliance analysis, non-secure host processing, user verification, bio-metric data analysis, and the like. At step 512, assuming the results of the "other processing" permits; the method 500 connects the peripheral device to the interface circuit and ends at step 514. Once connected to the interface circuit, the peripheral device operates with the host system in a conventional manner. If the peripheral device is disconnected, the connectivity control element disconnects the interface connector from the interface circuit. Col. 3, Lines 63-67, Once a device 109 is authenticated, the connectivity control element 114 provides a connection between interface circuits 118 and the interface connector 112 establishing a transparent connection between the peripheral device 109 and the host system 100 until the device 109 is disconnected.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Topp with the system and method of Kaines to include decoupling the hardware interface from the communication interface and the one or more processors; and in response to determining the first peripheral device is authorized, recoupling the hardware interface to the communication interface and the one or more processors because this functionality provides enhanced security by controlling connectivity of the coupling between the interface connector and the interface circuit when authenticating a peripheral device (Topps: Col. 2, Lines 1-4).
Regarding claim 9, Kaines, in combination Topp teaches the system as recited in claim 8, wherein the decoupling the hardware interface from the communication interface and the one or more processors is a physical decoupling (Topp: Col. 6, Lines 9-23, If the peripheral device is disconnected, the connectivity control element disconnects the interface connector from the interface circuit. In an embodiment, the connectivity control element disconnects the interface controller if a policy violation such as excess bandwidth consumption or audit failure is detected.).
Regarding claim 11, Kaines, in combination Topp teaches the system as recited in claim 8, wherein the authorization component is further configured to perform operations including determining a current user associated with the system and wherein determining the first peripheral device is authorized to access the system is based at least in part on the current user (Topp: Col. 4, Lines 27-39, As such, the securable peripheral data interface 108 can utilize unprotected services to validate users or provide other security-related services. In one embodiment, the peripheral device is a smart card reader and the unprotected connection is coupled to a smart card user identification database. In such an arrangement, the reader is authenticated and then the smart card information is sent to the smart card database via the unprotected connection. If the user is validated, the securable peripheral data interface 108 couples the user to the host system 100.).
Regarding claim 12, Kaines, in combination Topp teaches the system as recited in claim 8, wherein: the authorization component includes a memory accessible to the authorization component when the hardware interface is decoupled from the communication interface and the one or more processors the; and the authorization component is further configured to perform operations including storing the authorization data in the memory (Topp: Col. 7, Lines 11-20, In an alternative embodiment, policy information is retrieved from locally stored policy database 210 which provides a predefined list of policies. Policy database 210 may be accessible from authentication server 124 and updated after initialization or periodically, enabling offline authentication of peripheral devices in cases where management interconnect path 122 is a network connection subject to disconnection.).
Regarding claim 13, Kaines, in combination Topp teaches the system as recited in claim 8, wherein the authorization component is further configured to perform operations including: detecting a decoupling of the first peripheral device from the hardware interface (Topp: Col. 6, Lines 9-23, If the peripheral device is disconnected, the connectivity control element disconnects the interface connector from the interface circuit. In an embodiment, the connectivity control element disconnects the interface controller if a policy violation such as excess bandwidth consumption or audit failure is detected.); requesting, via the communication interface, updated authorization data from the remote system receiving, via the communication interface, the updated authorization data from the remote system (Topp: Fig. 3, Col. 9, Lines 2-14, In one alternative embodiment, device re-authorization is also enforced based on policy change events. In such an embodiment, a state transition from "Device Authorized" 304 in FIG. 3 to "Device Unauthorized Hold" 306 in FIG. 3 is forced in the event of a policy change. If the device meets the new policy, a transition from "Device Unauthorized Hold" 306 back to "Device Authorized" 304 occurs.); and decoupling the hardware interface from the communication interface and the one or more processors (Topp: Col. 9, Lines 20-35, An unauthorized device that has previously failed an authentication negotiation may be electrically disconnected Authentication_Pass Authentication server 124 signals the (322) authorization of peripheral device 109 Authentication_Fail Authentication server 124 signals that (324) peripheral device 109 is not authorized for connection Release (328) Device Disconnection signal from OHC 206 (For example, a signal from OHC 206 that a device has been disconnected, a policy violated or a change in user or authorization profile)).
Regarding claim 15, Kaines teaches an authorization component of a user equipment comprising: 
one or more processors; a non-transitory computer-readable media accessible to the one or more processors when the decoupling circuit is in the first state, the non-transitory computer-readable media storing computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including (Kaines: Para. [0031], The replacement device driver has at least two interfaces: (a) a first interface to the device; and (b) a second interface to the host computer, which enables the device driver to query the policy module whether to accept or deny the device's connection attempt.): 
storing authorization data associated with one or more peripheral devices on the non-transitory computer-readable media (Kaines: Para. [0025], the policy module 103 will return the host access status to the device driver 203 via the host 102. The host access status will tell the device driver 203 whether to deny the device further interaction with the host 102 or whether to allow the host 102 to mount the specific device driver 204 intended by the device manufacturer to unlock the device's primary functionality. Para. [0018], Shown as well is a policy server 205 that houses the policy module 103 and records 207.); 
detecting a physical coupling of a first peripheral device to the hardware interface (Kaines: Para. [0024], The computer host hardware is usually monitored by a device driver, sometimes called a generic device driver 203, whether the computer host hardware features a physical connector as previously described or a radio transceiver or even a network connection (non-proximate case). When the presence of the device 101 is detected, the device driver 203 initiates a query of the device 101 to find out how to use the device 101,); 
receiving authorization credentials from the first peripheral device (Kaines: Para. [0024], The generic device driver 203 may query the device 101 for its identifier and authenticator. Then it will transmit the device information, via the host 102 over a secure connection, to the policy module 103 and await a response from the policy module 103, informing whether the host 102 may be allowed to use the device 101.); 
determining that the first peripheral device is authorized to access the user equipment based at least in part on the authorization data and the authorization credentials (Kaines: Para. [0029], The content of the received authenticator is decrypted and examined by the policy module to make sure that the identifier in the certificate is the same as the identifier that has been looked up in the database pursuant to the receipt step. If the data in the database does not match the data (date of entry, identifier, wrong encryption or lack of a trusted signer, key does not work with the particular authenticator, etc.) in the received authenticator or if the received authenticator cannot be decrypted, the policy module will skip to the transmission step and send a denial decision. Otherwise, the policy module will move on to the decision step. Once it reaches the decision step, the policy module will decide whether to deny or authorize the device based on the security policy the policy module is meant to enforce. In this example, authorized devices are not to be connected to computers belonging to the Active Directory Lookup service on the same network as the policy module outside normal business hours.).
Kaines does not explicitly teach a decoupling circuit having a first state in which the authorization component is communicatively coupled to a hardware interface and communicatively decoupled from other components of the user equipment and a second state in which the authorization component is communicatively coupled to the hardware interface and the other components of the user equipment; causing the decoupling circuit to enter the first state; and in response to determining the first peripheral device is authorized, causing the decoupling circuit to transition to the second state.
In an analogous art Topp teaches a decoupling circuit having a first state in which the authorization component is communicatively coupled to a hardware interface and communicatively decoupled from other components of the user equipment and a second state in which the authorization component is communicatively coupled to the hardware interface and the other components of the user equipment (Topps: Fig. 1, Fig. 3, Col. 3, Lines 13-35, The connectivity control element 114 interrupts the electric connection between the interface connector 112 and the interface circuit 118 until the peripheral device 109 has been authenticated. Note that in an exemplary embodiment, device authentication comprises authorizing the device for host system connection by validating device identification information against a connection policy.); 
storing authorization data associated with one or more peripheral devices on the non-transitory computer-readable media (Topp: Col. 7, Lines 11-20, In an alternative embodiment, policy information is retrieved from locally stored policy database 210 which provides a predefined list of policies. Policy database 210 may be accessible from authentication server 124 and updated after initialization or periodically, enabling offline authentication of peripheral devices in cases where management interconnect path 122 is a network connection subject to disconnection.
causing the decoupling circuit to enter the first state (Topp: Claim 23, in response to detecting the disconnection of the peripheral device, decoupling the interface connector from the interface circuit. [interface is in a decoupled state prior to peripheral being inserted]);
detecting a physical coupling of a first peripheral device to the hardware interface (Topp: Col. 5, Lines 50-67, The method 500 begins at step 502 and proceeds to step 504. At step 504, the method 500 detects the connection of the peripheral device to the interface connector, e.g., for a USB device, the indicia of connection is an impedance change in the interface connector that is detected by a USB controller within the interface controller. Generally, a state change for the interface connector forms an interrupt that launches the method 500.);
receiving authorization credentials from the first peripheral device (Topp: Col. 5, Lines 50-67, At step 506, the method 500 determines whether the peripheral device is authentic. For a USB device, the device driver request (e.g., a request for a plug-and-play driver) is trapped and analyzed to determine the device type and/or other device related information. Device-related information includes USB Device ID, USB Vendor ID and bus-related information such as bus instance ID, bus hardware ID and bus compatibility ID. At step 508, the method 500 queries whether the device is authentic.);
determining that the first peripheral device is authorized to access the user equipment based at least in part on the authorization data and the authorization credentials (Topp: Col. 5, Lines 50-67, At step 506, the method 500 determines whether the peripheral device is authentic. For a USB device, the device driver request (e.g., a request for a plug-and-play driver) is trapped and analyzed to determine the device type and/or other device related information. Device-related information includes USB Device ID, USB Vendor ID and bus-related information such as bus instance ID, bus hardware ID and bus compatibility ID. At step 508, the method 500 queries whether the device is authentic. Col. 6, Lines 1-8, If the query is negatively answered, the method 500 proceeds to step 516 where no change of the connectivity control element is performed, i.e., the peripheral device is denied access to the host system. At step 518, the method 500 may perform an optional step to notify an operator (or other designated person) that an unauthorized peripheral device attempted access to the host system.)
and in response to determining the first peripheral device is authorized, causing the decoupling circuit to transition to the second state (Topp: Col. 6, Lines 9-23, If the query at step 508 is affirmatively answered, the method 500 proceeds to step 510 to optionally perform other processing, e.g., policy compliance analysis, security compliance analysis, non-secure host processing, user verification, bio-metric data analysis, and the like. At step 512, assuming the results of the "other processing" permits; the method 500 connects the peripheral device to the interface circuit and ends at step 514. Once connected to the interface circuit, the peripheral device operates with the host system in a conventional manner. If the peripheral device is disconnected, the connectivity control element disconnects the interface connector from the interface circuit. Col. 3, Lines 63-67, Once a device 109 is authenticated, the connectivity control element 114 provides a connection between interface circuits 118 and the interface connector 112 establishing a transparent connection between the peripheral device 109 and the host system 100 until the device 109 is disconnected.)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Topp with the system and method of Kaines to include a decoupling circuit having a first state in which the authorization component is communicatively coupled to a hardware interface and communicatively decoupled from other components of the user equipment and a second state in which the authorization component is communicatively coupled to the hardware interface and the other components of the user equipment; causing the decoupling circuit to enter the first state; and in response to determining the first peripheral device is authorized, causing the decoupling circuit to transition to the second state because this functionality provides enhanced security by controlling connectivity of the coupling between the interface connector and the interface circuit when authenticating a peripheral device (Topps: Col. 2, Lines 1-4).
Regarding claim 16, Kaines, in combination Topp teaches the authorization component as recited in claim 15, wherein the decoupling circuit causes a physical decoupling between the authorization component and the other components of the user equipment (Topp: Col. 6, Lines 9-23, If the peripheral device is disconnected, the connectivity control element disconnects the interface connector from the interface circuit. In an embodiment, the connectivity control element disconnects the interface controller if a policy violation such as excess bandwidth consumption or audit failure is detected.).
Regarding claim 17, Kaines, in combination Topp teaches the authorization component as recited in claim 15, wherein the non-transitory computer- readable media stores additional computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including requesting, via a wireless communication interface, updated authorization data from a remote system while the decoupling circuit is in the second state and the first peripheral device is decoupled from the hardware interface (Topp: Col. 6, Lines 9-23, If the peripheral device is disconnected, the connectivity control element disconnects the interface connector from the interface circuit. In an embodiment, the connectivity control element disconnects the interface controller if a policy violation such as excess bandwidth consumption or audit failure is detected. Fig. 3, Col. 9, Lines 2-14, In one alternative embodiment, device re-authorization is also enforced based on policy change events. In such an embodiment, a state transition from "Device Authorized" 304 in FIG. 3 to "Device Unauthorized Hold" 306 in FIG. 3 is forced in the event of a policy change. If the device meets the new policy, a transition from "Device Unauthorized Hold" 306 back to "Device Authorized" 304 occurs.).
Regarding claim 18, Kaines, in combination Topp teaches the authorization component as recited in claim 15, wherein determining that the first peripheral device is authorized to access the user equipment is based at least in part on one or more of the following: data associated with a current user of the use equipment; data associated with the user equipment; or data associated with the first peripheral device (Topp: Col. 5, Lines 50-67, At step 506, the method 500 determines whether the peripheral device is authentic. For a USB device, the device driver request (e.g., a request for a plug-and-play driver) is trapped and analyzed to determine the device type and/or other device related information. Device-related information includes USB Device ID, USB Vendor ID and bus-related information such as bus instance ID, bus hardware ID and bus compatibility ID. At step 508, the method 500 queries whether the device is authentic.).
Regarding claim 19, Kaines, in combination Topp teaches the authorization component as recited in claim 15, wherein the non-transitory computer- readable media stores additional computer-executable instructions, which when executed by the one or more processors cause the one or more processors to perform operations including detecting a decoupling of the first peripheral device from the hardware interface (Topp: Col. 9, Lines 20-35, An unauthorized device that has previously failed an authentication negotiation may be electrically disconnected Authentication_Pass Authentication server 124 signals the (322) authorization of peripheral device 109 Authentication_Fail Authentication server 124 signals that (324) peripheral device 109 is not authorized for connection Release (328) Device Disconnection signal from OHC 206 (For example, a signal from OHC 206 that a device has been disconnected, a policy violated or a change in user or authorization profile)); and causing the decoupling circuit to transition to the first state (Topp: Claim 23, in response to detecting the disconnection of the peripheral device, decoupling the interface connector from the interface circuit.).

Claim(s) 10 are rejected under 35 U.S.C. 103 as being unpatentable over Kaines (US 2016/0203311; Hereinafter “Kaines”) in view of Topp et al. (US 7,877,788; Hereinafter “Topp”) in view of Young et al. (US 2018/0293408; Hereinafter “Young”).
Regarding claim 10, Kaines, in combination Topp teaches the system as recited in claim 8. Kaines, in combination Topp teach does not explicitly teach wherein the authorization component is further configured to perform operations including determining a current location of the system and wherein determining the first peripheral device is authorized to access the system is based at least in part on the current location.   
In an analogous art, Young teaches wherein the authorization component is further configured to perform operations including determining a current location of the system and wherein determining the first peripheral device is authorized to access the system is based at least in part on the current location (Young: Para. [0011], The number of engines (e.g., user authorization engine 106, device authorization engine 108, instruction engine 110, loader engine 112) can include a combination of hardware and programming, but at least hardware, that is configured to perform functions described herein (e.g., authorize credentials of a user and authorize a physical location of the user,)
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Young with the system and method of Kaines and Topp to include wherein the authorization component is further configured to perform operations including determining a current location of the system and wherein determining the first peripheral device is authorized to access the system is based at least in part on the current location because this functionality provides enhanced security to protect interfaces that are vulnerable to hardware interface attacks (Young: [0007]).

Claim(s) 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaines (US 2016/0203311; Hereinafter “Kaines”) in view of Topp et al. (US 7,877,788; Hereinafter “Topp”) in view of Edwards et al. (US 2016/0182539; Hereinafter “Edwards”).
Regarding claim 14, Kaines, in combination Topp teaches the system as recited in claim 13. Kaines, in combination Topp does not explicitly teach wherein the authorization component is further configured to perform operations including: detecting a coupling of a second peripheral device to the hardware interface; receiving second authorization credentials from the second peripheral device; determining that the second peripheral device is not authorized to access the system based at least in part on the updated authorization data and the second authorization credentials; and notifying a user of the system that the second peripheral device is not authorized to access the system. 
In an analogous art, Edwards teaches wherein the authorization component is further configured to perform operations including: detecting a coupling of a second peripheral device to the hardware interface (Edwards: Para. [0066], where the peripheral monitoring module is further configured to determine that a second peripheral is connected to the electronic device,); receiving second authorization credentials from the second peripheral device (Edwards: Para. [0066], determine a second type for the second peripheral); determining that the second peripheral device is not authorized to access the system based at least in part on the updated authorization data and the second authorization credentials (Edwards: Para. [0066], determine a second type for the second peripheral, and block communication to and from the peripheral if the determined type for the peripheral matches the determined second type for the second peripheral.); and notifying a user of the system that the second peripheral device is not authorized to access the system (Edwards: Para. [0066], determine a second type for the second peripheral, and block communication to and from the peripheral if the determined type for the peripheral matches the determined second type for the second peripheral.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Edwards with the system and method of Kaines and Topp to include wherein the authorization component is further configured to perform operations including: detecting a coupling of a second peripheral device to the hardware interface; receiving second authorization credentials from the second peripheral device; determining that the second peripheral device is not authorized to access the system based at least in part on the updated authorization data and the second authorization credentials; and notifying a user of the system that the second peripheral device is not authorized to access the system because this functionality provides enhanced security by preventing inadvertent disclosure of sensitive information (Edwards: Para. [0002]).
Regarding claim 20, Claim 20 is rejected under similar rational as claim 14.
Allowable Subject Matter
	Regarding claim 4, Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Patent Application Publication No. US 2021/0248223 by Chippakurthy et al. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NELSON S. GIDDINS/            Primary Examiner, Art Unit 2437