Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

This action is in response to the communication filed on 8/23/22.
Claims 1 – 21 are pending.
Claims 1 – 5 and 14 – 21 are withdrawn from consideration.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.

Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 6 – 13 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
Specifically, regarding claim 6, the limitation of “…a protected area that stores a trap file accessible when an authentication operation with a host device is successful…” is not adequately described within the applicant’s originally disclosure.  Particularly it is noted that the applicant’s disclosure does not teach accessing the trap file when authentication is successful.  Rather, the applicant clearly teaches that the “trap file” is accessed before any authentication operation occurs (e.g. Specification, par. 126; fig. 7 – “Trap File Access” vs. s320, fig. 8 – “Trap File Access” vs. s320).  Furthermore, rather than providing access to a trap file when authentication is successful, the applicant’s disclosure teaches that “recovery data” or “boot data” is made accessible after successful authentication (e.g. Specification, fig. 7; fig. 8). 

Specifically regarding claim 8, the limitation “…wherein the protected area is accessible through the authenticator…” is not adequately described within the applicant’s originally disclosure.  Particularly, the applicant’s disclosure does not clearly illustrate how access to the protected area is made “through the authenticator”.  Rather, the applicant’s disclosure teaches that the storage unit provides access the access to the protected area, and that this occurs when “user authentication is completed through the authenticator” (e.g. Specification, par. 127).  Thus, it is user authentication, not any specific form of “access”, that occurs through the authenticator.  

Depending claims are rejected by virtue of dependency.




The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 6 – 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding claim 6, the limitation of “…a protected area that stores a trap file accessible when an authentication operation with a host device is successful…”  renders the scope of the claims indefinite.  Specifically, this recitation is unclear, because although it is to be interpreted in light of applicant’s disclosure, it appears to contradict the actual teachings of the applicant’s disclosure.  
Specifically, rather than teaching accessing the trap file when authentication is successful, the applicant clearly teaches that the “trap file” is accessed before any authentication operation occurs (e.g. Specification, par. 126; fig. 7 – “Trap File Access” vs. s320, fig. 8 – “Trap File Access” vs. s320).  Furthermore, rather than providing access to a trap file when authentication is successful, the applicant’s disclosure teaches that “recovery data” or “boot data” is made accessible after successful authentication (e.g. Specification, fig. 7; fig. 8). 
Furthermore, the examiner notes that it would be unclear to one of ordinary skill in the art as to why the trap file itself, i.e. an apparently arbitrarily generated file for detecting malware (e.g. Specification, par. 80, 126), would be a file desired to access after successful authentication, rather than that of the “boot data” or “recovery data” as disclosed within applicant’s specification.  
Thus, the scope of the claims are rendered indeterminate.

	Depending claims are rejected by virtue of dependency.

Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 6 – 10 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Schmugar et al. (i.e. Schmugar), US 2018/0018458.

Regarding claim 6, as best determined in view of the above noted deficiencies, Schmugar discloses:
A storage device comprising: a memory area including an area recognizable without authentication of a host device (e.g. Schmugar, par. 30, 31, 48, 51 – herein the storage device comprises a plurality of memory elements of which are recognizable within the system, without any form of authentication by a host device)  and a protected area that stores a trap file (e.g. Schmugar, par. 15; fig. 1:102, 112, 114 – storage device further comprises memory protected by a security engine, wherein the memory stores a “bait” (i.e. “trap”) file) accessible when an authentication operation with a host device is successful (e.g. Schmugar, fig. 3:308, 310; par. 36); 
and circuitry (e.g. Schmugar, fig. 3:114) configured to detect malware by analyzing a pattern of data corresponding to an input/output request received from the host device or determining whether the input/output request attempts to access or modulate a trap file (e.g. Schmugar, fig. 3:304, 308; par. 37).

Regarding claim 7, Schmugar discloses:
wherein the circuitry is configured to: detect the malware (e.g. Schmugar, fig. 1:120); perform the authentication operation when the malware is detected (e.g. Schmugar, fig. 1:122); and enter a protection mode to protect the memory area or the protected area when the authentication is not successful (e.g. Schmugar, par. 38; fig. 3:312).

Regarding claim 8, Schmugar discloses:
wherein the protected area is only accessible through the circuitry (e.g. Schmugar, fig. 1:118; fig. 3:308, 310).

Regarding claim 9, Schmugar discloses:
wherein the area recognizable without authentication of the host device comprises a read/write area and a read-only area, and wherein recovery data is stored in the read-only area or the protected area (e.g. Schmugar, par. 30, 48).

Regarding claim 10, Schmugar discloses:
wherein the protected area is implemented with a hiding device that is not recognized when the host device is not authenticated, and wherein the protected area functions as a secure storage device that is recognized when the host device is authenticated (e.g. Schmugar, fig. 3:310, 312; par. 30, 48).





Response to Arguments

Applicant's arguments filed 8/23/22 have been fully considered but they are not persuasive.

Applicant argues or alleges essentially that:
…
Based on the context in which the drawings are provided, persons of ordinary skill in the art would recognize that the “Trap File Access” processing the “System Lock S310” is a request from the Host Device 100 to access a trap file. Based on at least the above and the additional context illustrated in the figures, persons of ordinary skill in the art would not reasonably interpret FIGS. 7 and 8 as illustrating an example wherein the trap file is accessible to the host 100. 
…
Applicants respectfully disagree, as the 112(a) rejections ignores the context provided in support of the figures (see, supra, the Example Embodiment). For example, as noted above, persons of ordinary skill in the art would understand from the context provided by the supporting disclosure that the “Trap File Access” illustrated in FIGS. 7 and 8 is a request to access the trap file. Applicants assert, in view of the above, that the present includes sufficient support to comply with the 112(a) written description requirement.
…
Applicants respectfully disagree, as the 112(a) rejections ignores the context provided in support of the figures (see, supra, the Example Embodiment). For example, as noted above, persons of ordinary skill in the art would understand from the context provided by the supporting disclosure that the “Trap File Access” illustrated in FIGS. 7 and 8 is a request to access the trap file. Applicants assert, in view of the above, that the present includes sufficient support to comply with the 112(a) written description requirement.
…
(Remarks, pg. 10, 11)

Examiner respectfully responds:
The examiner respectfully disagrees.  Specifically, the examiner notes that the disclosed context, in which the applicant describes the recited trap file, clearly indicates that the sole utility and purpose of the claimed trap file is to detect malicious, not authorized, users.  The “trap file” is essentially an arbitrarily generated file that serves as bait for malicious users who may be probing the system.  Thus, the applicant’s disclosure clearly and explicitly states (e.g. par. 44): “According to at least one example embodiment of the inventive concepts, the protected area 222 may include a trap file. Here, the trap file may be data that is generated by a manufacturer or a user of the storage device 200 and may be used to detect a malicious access of an attacker. For example, when an access to the trap file of the protected area 222 is made without authentication, the access may be regarded as a malicious access of an attacker.” 
(e.g. par. 46): “…the storage device 200 that stores the trap file for detecting a malicious access.” 
(e.g. par. 55):  “..the attack detector 217 may detect viruses or malware by sensing an access to the trap file or an attempt to modulate the trap file.” 
(e.g. par. 80): “ …Afterwards, the storage device 200 may determine whether the external device accesses the trap file, by comparing the received address with the stored address information.”

Accordingly it is clear and explicit, the purpose and operation of the applicant’s disclosed system utilizing the claimed “trap file”, wherein as explicitly illustrated within applicant’s figures 7 and 8, (i) the trap file is accessed by a malicious user, (ii) an authentication operation is prompted, and (iii) access to “recovery”/”boot” data (i.e. NOT a “trap file”) is provided to any authorized user.

Applicant argues or alleges essentially that:
…
… Persons of ordinary skill in the art would also recognize that the “accessing” and the “modifying” a file, as used in Schmugar are different (i.e. not interchangeable operations). Therefore, the determination of whether “the application [is] authorized to modify the file type” of 308 of Schmugar does not reasonably teach, or suggest, an “authentication operation” for making a trap file accessible. In other words, the modification authorization operation of Schmugar does not reasonably teach, or suggest, “a protected area that stores a trap file accessible when an authentication operation with a host device is successful.”
…
(Remarks, pg. 13, 14)

Examiner respectfully responds:
The examiner respectfully disagrees, at least, for the reason that the applicant mistakenly concludes that a permission to “modify” a file is not a form of “access” to the file.  The examiner disagrees, and points out that the ability to modify a file, including the permission to write, rename, remove, etc. the file, is indeed a form of access to the file.


Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965.  The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495