Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
1.	This action is responsive to communication filed on: 7 July 2022 with acknowledgement of an original application filed on 21 December 2020 which claims the benefit of PCT filed 18 December 2020 which claims priority to provisional application filed on 20 December 2019.
2.	Claims 1-17 are currently pending.  Claims 1, 12, and 16, are independent claims.  Claims1-4, 7, 10, 12, 14, and 16, have been amended.  Claim 17 is new.  
Response to Arguments

3.	Applicant's arguments filed 7 July 2022 have been fully considered however they are not persuasive where noted below or are moot due to new grounds of rejection necessitated by applicant’s amendments to the claims.  The 112 rejections are withdrawn due to amendment.
I)	In response to Applicant’s argument beginning on page 7, “…Applicant traverses this rejection for at least the following reasons…Thus, there is no distinction in Quinn of a general purpose domain and secure domain, on mention of secure data assets (files). Moreover, Quinn does not disclose that the access rights being governed by the secure agent. Rather, the secure agent on the device relies on policy determination from another device to govern access to the secure data assets…Accordingly, Applicant submits that the claims as originally filed are patentable over Soffer and Quinn”.
	The Examiner disagrees with the argument for multiple reasons.  One it is the combination that teaches the invention, the Soffer reference teaches a computer system that has two isolated computing modules one for secure computing the other for general computing, see the Abstract and paragraph 13.  Two the Quinn reference was utilized to teach the limitations in association with encryption module, context controller, and an authentication module.  Quinn clearly teaches/suggests the protection of digital data assets.  The Examiner interprets data that needs protection to be located in a secure domain.  In order to protect the digital assets (i.e. secure domain) Quinn utilizes policies, security agents, encryption/decryption, location information, and identifiers.  Quinn teaches/suggests the claim limitation “an encryption module configured to encrypt data to facilitate secure data transmission between the general-purpose domain and the secure domain, …” in paragraphs 17 and 49.  Therefore the Applicant’s argument is not persuasive.
II)	In response to applicant’s argument beginning on page 10, “As described above, at no point does Soffer teach, disclose or suggest inter alia a security module configured to facilitate secure data transmission between the general-purpose domain and the secure domain…Similarly, as described above Quinn fails to remedy the deficiencies of Soffer…However, no point does Quinn teach, disclose or suggest that the secure agent stores the keys.  Further, at no point does Quinn teach, disclose, or suggest that the keys are unique to the secure agent”
The Examiner disagrees with argument for multiple reasons.  One as stated above it is the combination that teaches the invention, the Soffer reference teaches a computer system that has two isolated computing modules one for secure computing the other for general computing, see the Abstract and paragraph 13.  Two the Quinn reference was utilized to teach the limitations in association with encryption module, context controller, and an authentication module.  Quinn clearly teaches/suggests the protection of digital data assets.  The Examiner interprets data that needs protection to be located in a secure domain.  In order to protect the digital assets (i.e. secure domain) Quinn utilizes policies, security agents, encryption/decryption, location information, and identifiers.  Quinn teaches/suggests the claim limitation “an encryption module configured to encrypt data to facilitate secure data transmission between the general-purpose domain and the secure domain…” in paragraphs 17 and 49.  Three the Applicant’s representative is incorrect with his understanding of the rejection.  Quinn teaches in paragraphs 46-47 and 49 that a data access controller supports secure communication between devices and that the data access control server provides a key store.  The key store is used by the secure agent to retrieve the encryption key associated with a digital asset, however the keys are clearly stored in the access control server.  The combination of references clearly teach/suggest the argued limitations of storing the encryption keys as well as general-purpose domain and secure domain.
III)	In response to applicant’s argument beginning on page 11, “Claim 16, as amended, recites…Moreover, there is nothing in Quinn to suggest that the key store sores a common network security key, a common network identifier, or storage encryption key that is unique to the key store…”
The Examiner disagrees with argument for multiple reasons.  As stated above the combination of references clearly teach/suggest the claim limitations.  In addition, please review paragraphs 36, 46-47, 49, and 117 of Quinn.  Note the key store 121 can be used to store and provide decryption keys as needed by the secure agent.  Also note the identifiers are used to associate the appropriate key with the protected data, see paragraphs 36 and 117.  Therefore the Applicant’s arguments are not persuasive.

Claim Objections
4.	Claim 1 is objected to because of the following informalities: the wording in the amended claim is awkward and appears grammatically incorrect, note the below limitations:
“a context controller to configured to set the state of the security module”.  Appropriate correction is required, such as deleting the extra “to”.  
Claim Rejections - 35 USC § 112
5.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


6.	Claims 1-11 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  The claims have been amended to include the limitation “a security module comprising: an encryption module configured to encrypt data to facilitate secure data transmission between the general-purpose domain and the secure domain, thereby providing the secure domain with secure access to the non-volatile store systems and the at least one networking device”.  The underlined limitation is indefinite, it appears the term “the secure domain” above should be replaced with “the general-purpose domain”.  Based on the Applicant’s disclosure see paragraphs 9, 21, and 36, data located in the secure domain is secure, rather the encryption module is used to provide the general-purpose domain with access to secure data.  Appropriate Correction is required.

Claim Rejections – 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1-10 and 12-17 are rejected under 35 U.S.C. 103 as being unpatentable over Soffer U.S. Patent Application Publication No. 2020/0285778 (hereinafter Soffer) in view of Quinn et al. U.S. Patent Application Publication No. 2017/0237747 (hereinafter Quinn).
	As to independent claim 1, “A secure computer comprising: a general-purpose domain configured to provide general-purpose computing, the general-purpose domain comprising: a host processor, a non-volatile storage system, and at least one networking device; a secure domain configured to provide secure computing, the secure domain comprising: a secure processor” is taught in Soffer Abstract and paragraph 13;
the following is not explicitly taught in Soffer:  
	“and a security module comprising: an encryption module configured to encrypt data to facilitate secure data transmission between the general-purpose domain and the secure domain, thereby proving the secure domain with secure access to the non-volatile store systems and the at least one networking device ” however Quinn teaches a method and system for data protection through encryption and decryption of data assets with the use a security agent, a security agent that enforces policy on a user device that determines when access is allowed and if access allows provides keying material and perform the decryption to facilitate data transmission as well as returning the document to its encrypted format in paragraphs 17 and 49;
	“and a context controller to configured to set the state of the security module” however Quinn teaches a policy service (i.e. context controller) for the asset protection system that specifies what user and user devices are allowed access to which digital assess and under which conditions in paragraphs 41-42;
	“and an authentication module configured to authenticate a user of the secure computer before enabling the secure domain” however Quinn teaches authenticating a user before enabling access to secure data in paragraph 39.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure while minimizing security risk resulted from sharing same peripheral device  taught in Soffer to include a means to have a security module configured to facilitate data transmission as well as context controller and user authentication.  One of ordinary skill in the art would have been motivated to perform such a modification to reduce security breaches of digital assets see Quinn paragraph 2. 
	As to dependent claim 2, “The secure computer of claim 1, the security module comprising: key storage for storing at least one network encryption key; network identification (ID) storage for storing a network identifier; and the encryption module includes network encryption module configured to encrypt data communicated from the secure domain to the general-purpose domain and decrypt data communicated from the general-purpose domain to the secure domain using the at least one network encryption key” is taught in Quinn paragraphs 36, 46-47, 49, and 117.
	As to dependent claim 3, “The secure computer of claim 2, wherein the key storage further stores at least one data storage encryption key and the security encryption module further comprises: a storage encryption module configured to encrypt data communicated from the secure domain to the general-purpose domain and decrypt data communicated from the general-purpose domain to the secure domain using the at least one network encryption key; wherein the at least one network encryption key is used to encrypt and decrypt data communicated with the at least one networking device; and wherein the at least one storage encryption key is used to encrypt and decrypt data communicated with the non-volatile storage system” is shown in Quinn paragraphs 47 and 49.
	As to dependent claim 4, “The secure computer of claim 1, wherein the security module comprises a video switch to determine which of the general-purpose domain or the secure domain has control over a display” is disclosed in Soffer Abstract and paragraphs 13-14.
	As to dependent claim 5, “The secure computer of claim 1, to wherein the security module further comprises a secure peripheral device interface configured to facilitate communication with the secure domain” is taught in Soffer Abstract.
	As to dependent claim 6, “The secure computer of claim 5, wherein the security module further comprises a host peripheral device interface configured to facilitate communication with the general-purpose domain” is shown in Soffer Abstract.
	As to dependent claim 7, “The secure computer of claim 6, wherein the security module further comprises a peripheral device filter configured route data from system devices to the secure peripheral device interface and block data from the host peripheral device interface when the secure domain is active” is disclosed in Soffer paragraphs 13-14, note the switch prevents leakage of data.
	As to dependent claim 8, “The secure computer of claim 2, wherein the network encryption module is disabled when the secure domain is inactive” is taught in Quinn paragraphs 18 and 22.
	As to dependent claim 9, “The secure computer of claim 3, wherein the storage encryption module is disabled when the secure domain is inactive” is shown in Quinn paragraphs 18 and 22.
	As to dependent claim 10, “The secure computer of claim 1, wherein the security module further comprises the authentication module configure to authenticate a user of the secure computer before enabling the secure domain” is disclosed in Quinn paragraph 39.
	As to independent claim 12, “A security module to facilitate secure communication in a network data transfer in a secure computer” is taught in Soffer Abstract and paragraph 13;the following is not explicitly taught in Soffer:
	“the security module comprising: key storage for storing at least one network encryption key and at least one storage encryption key unique to the security module; network identification (ID) storage for storing a network identifier; a network encryption module configured to encrypt data to be communicated between a plurality of the secure computer and one or more devices in a network using the at least one network encryption key” however Quinn teaches a security agent that facilitates the encryption/decryption of protected resources as well as stores encryption key and identifying information in paragraphs 36, 46-47, 49, and 117;
	“and a storage encryption module configured to encrypt and decrypt data for local storage in a local storage device using the at least storage key” however Quinn teaches a method and system for data protection through encryption and decryption of data assets with the use a security agent, a security agent that enforces policy on a user device that determines when access is allowed and if access allows provides keying material and perform the decryption to facilitate data transmission as well as returning the document to its encrypted format in paragraphs 17 and 49.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure while minimizing security risk resulted from sharing same peripheral device  taught in Soffer to include a means to have a security module configured to facilitate encryption and encryption key storage as well as decryption.  One of ordinary skill in the art would have been motivated to perform such a modification to reduce security breaches of digital assets see Quinn paragraph 2. 
	As to dependent claim 13, “The security module of claim 12, wherein the network encryption key and the network identifier are common to the plurality of devices in the network” is taught in Quinn paragraphs 36, 46-47, and 49.
	As to dependent claim 14, “The security module of claim 12, further comprising a storage encryption key configured to encrypt and decrypt data for local storage in a local storage device, the storage encryption key unique to the security module wherein the local storage device is located in a general-purpose domain of the secure computer” is shown in Quinn paragraphs 36, 46-47, 49, and 117.
	As to dependent claim 15, “The security module of claim 14, wherein the network encryption key and the storage encryption key are inaccessible to external devices” is disclosed in Quinn paragraphs 18 and 22.
	As to independent claim 16, “A programming unit for programming a plurality of security modules, the programming unit comprising: a plurality of security module interfaces configured to physically couple the programming unit with corresponding ones of the security modules” is taught in Soffer Abstract and paragraph 13;
the following is not explicitly taught in Soffer:
	“and computer readable instructions which, when executed by the programming unit, cause the programming unit to: program each of the security modules with a common network security key; and program each of the security modules with a common network identifier; and program each of the security modules with at least one storage encryption key that is unique to the security module” however Quinn teaches a system and method that uses a security agent that communicates data access control server that contains a key store, as well as a policy server, to facilitates the encryption/decryption of protected resources as well as stores encryption key and identifying information that is unique (associated) to the data asset (i.e. security module) in paragraphs 36, 46-47, 49, and 117.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure while minimizing security risk resulted from sharing same peripheral device  taught in Soffer to include a means to have a security module configured to facilitate encryption and encryption key storage.  One of ordinary skill in the art would have been motivated to perform such a modification to reduce security breaches of digital assets see Quinn paragraph 2. 
	As to dependent claim 17, “The secure computer of claim 1, wherein the security module is removable” is taught in Soffer paragraph 63, note “Mass Storage Device is non-volatile memory that is used to store the Red (Higher-security) computer 2a data and programs. It may use non-volatile memory technologies such as SSD (Solid State Disk) that uses flash, mechanical hard-drive or any other suitable non-volatile memory technology. Preferably the CPU 18a interface with the Mass Storage Device 21a should support full data encryption for added security. MSD 21a may be optionally coupled to CPU 18a through full-time hardware based disk encryption module of the prior-art (not shown here). Mass Storage Device 21a may be modular (removable) or preferably mechanically fixed for added security”.

9.	Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Soffer U.S. Patent Application Publication No. 2020/0285778 (hereinafter Soffer) in view of Quinn et al. U.S. Patent Application Publication No. 2017/0237747 (hereinafter Quinn) in further view of Shah et al. U.S. Patent Application Publication No. 2018/0198786 (hereinafter Shah).
	As to dependent claim 11, the following is not explicitly taught in Soffer and Quinn: “The secure computer of claim 1, wherein the authentication module is configured to provide a different level of authentication based on a preprogrammed authentication type” however Shah teaches policy server devices controls what permissions to grant user devices while connecting to private networks note policies may provide various user authentication and authorization levels in paragraph 46.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure while minimizing security risk resulted from sharing same peripheral device  taught in Soffer and Quinn to include a means to provide different level of authentication.  One of ordinary skill in the art would have been motivated to perform such a modification because present authorization and authentication are not tied together therefore technical improvements are needed see Shah paragraphs 11 and 23.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        4 October 2022