DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on December 4, 2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function.  Such claim limitation(s) is/are: “computer-readable instructions cause the computing device to execute/facilitate” and “second computer-readable instructions cause the computing device to monitor/execution/determine/execution” in claim 1; “execution of health check causes the computing device to perform scans/comparison” in claim 3; “execution of health check cause the computing device to determine/compare” in claim 4; and “second instructions cause the computing device to receive” in claim 7.
Because this/these claim limitation(s) is/are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof.
If applicant intends to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to remove the structure, materials, or acts that performs the claimed function; or (2) present a sufficient showing that the claim limitation(s) does/do not recite sufficient structure, materials, or acts to perform the claimed function.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 2, 4, 7-9, 13-15, 17, and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Eliseev et al, U.S. Patent 9,230,106.

As per claim 1, it is disclosed of a computing device, comprising: 
at least one primary processor; a communication interface communicatively coupled to the at least one primary processor; primary memory storing computer-readable instructions that, when executed by the at least one primary processor (col. 4, lines 15-22), cause the computing device to:
execute one or more applications accessing data stored in the primary memory of the computing device (an application makes calls to API functions of the OS to perform certain actions on a computing device, col. 4, lines 23-28);
facilitate communication by the one or more applications via one or more network interfaces of the communication interface (an application makes calls to API functions of the OS to perform certain actions on a computing device, col. 4, lines 23-28); and
a secure module (control module, col. 5, lines 3-5 & 55-62) comprising:
at least one secure processor (col. 4, lines 15-22); and
secure memory storing second computer-readable instructions that, when executed by the at least one secure processor, cause the computing device to:
monitor the computing device for an event trigger (an application makes calls to API functions of the OS to perform certain actions on a computing device, col. 4, lines 23-28 and col. 5, lines 24-33);
cause execution, based on identifying the event trigger and based on a health check configuration (monitors all levels of the architecture of the OS and environment for certain conditions of malicious activity) stored in the secure memory, of a health check of the computing device to identify one or more anomalies, wherein the one or more anomalies are associated with at least one security flaw at the computing device (col. 4, lines 35-41 and col. 5, lines 34-44);
determine, based on identifying an anomaly of the one or more anomalies and based on a response configuration stored in the secure memory, one or more response measures (remedial actions dictate how to respond to detected harmful behavior, col. 5, lines 53-64 and col. 6, lines 9-13), wherein the anomaly is identified in the health check (col. 4, lines 35-41 and col. 5, lines 34-44); and
cause execution, based on the determining the one or more response measures, of the one or more response measures at the computing device (col. 5, lines 53-64).
As per claim 2, it is disclosed wherein the event trigger comprises at least one of:
an expiration of a time interval;
a request to access data stored in the secure memory;
a request to store data in the secure memory;
deactivation of the communication interface; or
a startup of the computing device (col. 5, lines 24-33).
As per claim 4, is disclosed wherein the execution of the health check further causes the computing device to:
determine, by a location detection device of the computing device, location information that indicates a geographic location of the computing device (col. 5, lines 24-33); and
compare, by the secure module, the location information to a plurality of prohibited locations, wherein the health check configuration comprises the plurality of prohibited locations (col. 5, lines 24-38).
As per claim 7, it is taught wherein the second instructions, when executed by the at least one secure processor, cause the computing device to:
receive, via a network coupled to the communication interface and from a service provider, an authorized update to the health check configuration (remote antivirus server is interpreted as the service provider sending the authorized updates to be used by the control module to detect malicious activity, col. 6, lines 3-13);
receive, via the network and from a service provider, an authorized update to the response configuration (col. 6, lines 3-13); and
receive, via the network and from a service provider, an authorized update to a threat data store of the secure memory (col. 6, lines 3-13).
As per claim 8, it is disclosed of a method, comprising:
at a computing device comprising one or more primary processors, primary memory, one or more secure processors, secure memory, and a communication interface (col. 4, lines 35-41 and col. 5, lines 34-44):
monitoring, by a secure processor of the one or more secure processors (control module, col. 5, lines 3-5 & 55-62) operation of the one or more primary processors of the computing device (col. 4, lines 11-22) for an event trigger (an application makes calls to API functions of the OS to perform certain actions on a computing device, col. 4, lines 23-28 and col. 5, lines 24-33);
executing, by the secure processor based on an identified event trigger and based on a health check configuration (monitors all levels of the architecture of the OS and environment for certain conditions of malicious activity) stored in the secure memory, a health check of the computing device to identify an indication of one or more anomalies, wherein the one or more anomalies are associated with at least one security flaw at the computing device (col. 4, lines 35-41 and col. 5, lines 34-44);
determining, based on an identified anomaly and based on a response configuration stored in the secure memory, one or more response measures (remedial actions dictate how to respond to detected harmful behavior, col. 5, lines 53-64 and col. 6, lines 9-13); and
cause execution, based on a determined response measure, of the one or more response measures at the computing device (col. 5, lines 53-64).
As per claim 9, it is disclosed wherein the event trigger comprises at least one of:
an expiration of a time interval;
a request to access data stored in the secure memory;
a request to store data in the secure memory;
deactivation of the communication interface; or
a startup of the computing device (col. 5, lines 24-33).
As per claim 13, it is taught of further comprising:
receiving, via a network coupled to the communication interface and from a service provider, an authorized update to the health check configuration (remote antivirus server is interpreted as the service provider sending the authorized updates to be used by the control module to detect malicious activity, col. 6, lines 3-13);
receiving, via the network and from a service provider, an authorized update to the response configuration (col. 6, lines 3-13); and
receiving, via the network and from a service provider, an authorized update to a threat data store of the secure memory (col. 6, lines 3-13).
As per claim 14, it is disclosed of one or more non-transitory computer-readable media storing instructions that, when executed by a computing device comprising at least one processor, primary memory, at least one secure processor, secure memory (control module, col. 5, lines 3-5 & 55-62), and a communication interface (col. 4, lines 15-22), cause the computing device to:
cause execution, based on an expiration of a time interval and based on a health check configuration (monitors all levels of the architecture of the OS and environment for certain conditions of malicious activity) stored in the secure memory, a health check of the computing device to identify one or more anomalies, wherein the one or more anomalies are associated with at least one security flaw at the computing device (col. 4, lines 35-41 and col. 5, lines 34-44);
determine, based on an identified anomaly and based on a response configuration stored in the secure memory, one or more response measures (remedial actions dictate how to respond to detected harmful behavior, col. 5, lines 53-64 and col. 6, lines 9-13), wherein the anomaly is identified in the health check (col. 4, lines 35-41 and col. 5, lines 34-44); and
cause execution, based on a determined response measure, of the one or more response measures at the computing device (col. 5, lines 53-64).
As per claim 15, it is taught wherein the cause execution of the health check further causes the computing device to:
scan one or more network interfaces of the communication interface to identify one or more applications associated with the one or more network interfaces, wherein the one or more applications associated with the one or more network interfaces monitor or use the one or more network interfaces, wherein the one or more anomalies (col. 4, lines 25-31 and col. 5, lines 24-33) comprise at least one of:
an application that uses a communication protocol at a network interface of the communication interface, wherein the communication protocol is different from a second communication protocol that is associated with the network interface (different ports being used with different operating system versions, col. 5, lines 24-33); or
an application that monitors one or more communications at a network interface of the communication interface, wherein the application is not associated with the network interface (different ports being used, col. 5, lines 24-33).
As per claim 17, it is taught wherein the execution of the health check further causes the computing device to:
determine, by a location detection device of the computing device, location information that indicates a geographic location of the computing device (col. 5, lines 24-33);
compare, by the at least one secure processor, the location information to a plurality of prohibited locations, wherein the health check configuration comprises the plurality of prohibited locations (col. 5, lines 24-38);
wherein the one or more anomalies comprise the location information (col. 5, lines 24-38); and
wherein the location information indicates a location of the plurality of prohibited locations (col. 5, lines 24-38).
As per claim 19, it taught wherein the cause execution of the health check further causes the computing device to:
compare one or more files to threat information stored in a threat data store of the secure memory, wherein one or more directories of the primary memory comprise the one or more files (col. 4, lines 23-28 and col. 5, lines 24-33);
wherein the threat information comprises information associated with one or more malware; and wherein the one or more anomalies comprise a file comprising threat information (col. 4, lines 35-41 and col. 5, lines 34-44).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 5, 10, 11, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Eliseev et al, U.S. Patent 9,230,106 in view of Jones et al, US 2018/0063181.

As per claim 3, it is taught by Eliseev et al wherein the execution of the health check further causes the computing device to perform at least one of:
a scan of the one or more network interfaces of the communication interface to identify one or more applications associated with the one or more network interfaces, wherein the one or more applications associated with the one or more network interfaces monitor or use the one or more network interfaces (col. 4, lines 23-28 and col. 5, lines 24-33).
Eliseev et al fails to disclose of:
a scan of one or more files to identify hash information associated with the one or more files, wherein one or more protected directories of the primary memory comprise the one or more files;
a scan of one or more applications stored in the primary memory to identify signature information associated with the one or more applications; and 
a comparison of one or more files to threat information stored in a threat data store of the secure memory, wherein one or more directories of the primary memory comprise the one or more files and wherein the threat information comprises information associated with one or more malware.

Jones et al discloses:
a scan of one or more files to identify hash information associated with the one or more files, wherein one or more protected directories (paragraph 0059, lines 9-13) of the primary memory comprise the one or more files (paragraph 0104, lines 18-23);
a scan of one or more applications stored in the primary memory to identify signature information associated with the one or more applications (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23); and 
a comparison of one or more files to threat information stored in a threat data store of the secure memory, wherein one or more directories of the primary memory comprise the one or more files and wherein the threat information comprises information associated with one or more malware (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply hashing of directory information or order to detect differences of any changes in file directories between scans (Jones et al, paragraph 0104, lines 5-9) and (Jones et al, paragraph 0101, lines 15-21) to identify specific files by its unique hash signatures.  Eliseev et al recognizes signature and hashing techniques are well known for detecting malware (col. 1, lines 36-39), and the teachings of Jones et al focuses on a specific technique to detect threat information involving files in protected directories using hashing and signature functions that Eliseev et al fails to teach.

As per claim 5, it is taught by Eliseev et al wherein the one or more anomalies comprise at least one of:
location information indicating a location of a plurality of prohibited locations, wherein the health check configuration comprises the plurality of prohibited locations (col. 5, lines 24-38);
a file comprising threat information, wherein the threat information is stored in a threat data store of the secure memory and wherein the threat information comprises information associated with one or more malware (col. 4, lines 25-31 and col. 5, lines 24-33);
an application that uses a communication protocol at a network interface of the communication interface, wherein the communication protocol is different from a second communication protocol that is associated with the network interface (different ports being used with different operating system versions, col. 5, lines 24-33); or
an application that monitors one or more communications at a network interface of the communication interface, wherein the application is not associated with the network interface (different ports being used, col. 5, lines 24-33).
Eliseev et al fails to disclose:
an invalid hash of a file, wherein the file is stored in a protected directory of the primary memory and wherein the invalid hash is different from one or more hashes stored in the secure memory;
signature information of an application stored in the primary memory, wherein the signature information comprises one of an invalid signature, a self-signed signature, or an unsigned signature;

Jones et al discloses:
an invalid hash of a file, wherein the file is stored in a protected directory of the primary memory and wherein the invalid hash is different from one or more hashes stored in the secure memory (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23);
signature information of an application stored in the primary memory, wherein the signature information comprises one of an invalid signature (paragraph 0104, lines 18-23);
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply hashing of directory information or order to detect differences of any changes in file directories between scans (Jones et al, paragraph 0104, lines 5-9) and (Jones et al, paragraph 0101, lines 15-21) to identify specific files by its unique hash signatures.  Eliseev et al recognizes signature and hashing techniques are well known for detecting malware (col. 1, lines 36-39), and the teachings of Jones et al focuses on a specific technique to detect threat information involving files in protected directories using hashing and signature functions that Eliseev et al fails to teach.

As per claim 10, it is disclosed by Eliseev et al wherein the executing the health check further comprises at least one of:
scanning one or more network interfaces of the communication interface to identify one or more applications associated with the one or more network interfaces, wherein the one or more applications associated with the one or more network interfaces monitor or use the one or more network interfaces (col. 4, lines 23-28 and col. 5, lines 24-33).
determining, by a location detection device of the computing device, location information that indicates a geographic location of the computing device (col. 5, lines 24-33); and
comparing, by the secure processor, the location information to a plurality of prohibited locations, wherein the health check configuration comprises the plurality of prohibited locations (col. 5, lines 24-38).
Eliseev et al fails to disclose of:
scanning one or more files to identify hash information associated with the one or more files, wherein one or more protected directories of the primary memory comprise the one or more files;
scanning one or more applications stored in the primary memory to identify signature information associated with the one or more applications;
comparing one or more files to threat information stored in a threat data store of the secure memory, wherein one or more directories of the primary memory comprise the one or more files and wherein the threat information comprises information associated with one or more malware.

Jones et al discloses:
scanning one or more files to identify hash information associated with the one or more files, wherein one or more protected directories (paragraph 0059, lines 9-13) of the primary memory comprise the one or more files (paragraph 0104, lines 18-23);
scanning one or more applications stored in the primary memory to identify signature information associated with the one or more applications (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23);
comparing one or more files to threat information stored in a threat data store of the secure memory, wherein one or more directories of the primary memory comprise the one or more files and wherein the threat information comprises information associated with one or more malware (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply hashing of directory information or order to detect differences of any changes in file directories between scans (Jones et al, paragraph 0104, lines 5-9) and (Jones et al, paragraph 0101, lines 15-21) to identify specific files by its unique hash signatures.  Eliseev et al recognizes signature and hashing techniques are well known for detecting malware (col. 1, lines 36-39), and the teachings of Jones et al focuses on a specific technique to detect threat information involving files in protected directories using hashing and signature functions that Eliseev et al fails to teach.

As per claim 11, it is taught by Eliseev et al wherein the one or more anomalies comprise at least one of:
location information indicating a location of a plurality of prohibited locations, wherein the health check configuration comprises the plurality of prohibited locations (col. 5, lines 24-38);
a file comprising threat information, wherein the threat information is stored in a threat data store of the secure memory and wherein the threat information comprises information associated with one or more malware (col. 4, lines 25-31 and col. 5, lines 24-33);
an application that uses a communication protocol at a network interface of the communication interface, wherein the communication protocol is different from a second communication protocol that is associated with the network interface (different ports being used with different operating system versions, col. 5, lines 24-33);
or an application that monitors one or more communications at a network interface of the communication interface, wherein the application is not associated with the network interface (different ports being used, col. 5, lines 24-33).
Eliseev et al fails to disclose:
an invalid hash of a file, wherein the file is stored in a protected directory of the primary memory and wherein the invalid hash is different from one or more hashes stored in the secure memory;
signature information of an application stored in the primary memory, wherein the signature information comprises one of an invalid signature, a self-signed signature, or an unsigned signature;

 Jones et al discloses:
an invalid hash of a file, wherein the file is stored in a protected directory of the primary memory and wherein the invalid hash is different from one or more hashes stored in the secure memory (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23);
signature information of an application stored in the primary memory, wherein the signature information comprises one of an invalid signature (paragraph 0104, lines 18-23);
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply hashing of directory information or order to detect differences of any changes in file directories between scans (Jones et al, paragraph 0104, lines 5-9) and (Jones et al, paragraph 0101, lines 15-21) to identify specific files by its unique hash signatures.  Eliseev et al recognizes signature and hashing techniques are well known for detecting malware (col. 1, lines 36-39), and the teachings of Jones et al focuses on a specific technique to detect threat information involving files in protected directories using hashing and signature functions that Eliseev et al fails to teach.

As per claim 16, Eliseev et al fails to disclose wherein the cause execution of the health check further causes the computing device to:
scan one or more files to identify hash information associated with the one or more files, wherein one or more protected directories of the primary memory comprise the one or more files, wherein the one or more anomalies comprise an invalid hash of a file, wherein the file is stored in a protected directory of the primary memory and wherein the invalid hash is different from one or more hashes stored in the secure memory.

Jones et al discloses:
scan one or more files to identify hash information associated with the one or more files, wherein one or more protected directories (paragraph 0059, lines 9-13) of the primary memory comprise the one or more files (paragraph 0104, lines 18-23), wherein the one or more anomalies comprise an invalid hash of a file, wherein the file is stored in a protected directory of the primary memory and wherein the invalid hash is different from one or more hashes stored in the secure memory (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply hashing of directory information or order to detect differences of any changes in file directories between scans (Jones et al, paragraph 0104, lines 5-9) and (Jones et al, paragraph 0101, lines 15-21) to identify specific files by its unique hash signatures.  Eliseev et al recognizes signature and hashing techniques are well known for detecting malware (col. 1, lines 36-39), and the teachings of Jones et al focuses on a specific technique to detect threat information involving files in protected directories using hashing and signature functions that Eliseev et al fails to teach.

As per claim 18, Eliseev et al fails to disclose wherein the cause execution of the health check further causes the computing device to:
scan one or more applications stored in the primary memory to identify signature information associated with the one or more applications, wherein the one or more anomalies comprise the signature information of an application of the one or more applications; and
wherein the signature information comprises one of an invalid signature, a self-signed signature, or an unsigned signature.

Jones et al teaches of:
wherein the cause execution of the health check further causes the computing device to:
scan one or more applications stored in the primary memory to identify signature information associated with the one or more applications, wherein the one or more anomalies comprise the signature information of an application of the one or more applications (paragraph 0101, lines 1-23 and paragraph 0104, lines 9-23); and
wherein the signature information comprises one of an invalid signature (paragraph 0104, lines 18-23).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply hashing of directory information or order to detect differences of any changes in file directories between scans (Jones et al, paragraph 0104, lines 5-9) and (Jones et al, paragraph 0101, lines 15-21) to identify specific files by its unique hash signatures.  Eliseev et al recognizes signature and hashing techniques are well known for detecting malware (col. 1, lines 36-39), and the teachings of Jones et al focuses on a specific technique to detect threat information involving files in protected directories using hashing and signature functions that Eliseev et al fails to teach.

Claims 6, 12, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Eliseev et al, U.S. Patent 9,230,106 in view of Ma et al, US 2017/0017842.

As per claim 6, it is disclosed by Eliseev et al of implementing one or more response measure (col. 5, lines 59-62), however the teachings fail to disclose:
an overwrite of sensitive data stored at the secure memory, wherein the sensitive data comprises biometric data associated with a user of the computing device, passcode data associated with unlocking the computing device, and data associated with encryption of one or more areas of the primary memory;
a deletion of the biometric data;
a replacement of the passcode data with second passcode data, wherein the second passcode data includes one or more characters that are inaccessible at an input of the computing device; or
an encryption of the sensitive data using a public key, wherein a private key associated with the public key is unavailable at the computing device.
Ma et al discloses of deleting a biometric template as a response measure after detecting an abnormal condition (paragraph 0152, lines 1-6).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply countermeasures to protect sensitive data from unauthorized third parties.  The teachings of Ma et al disclose of anti-theft biometric template system that calculates probabilities based upon comparison scores (paragraph 0138, lines 6-8 and paragraph 0141, lines 1-3).  Although the teachings of Eliseev et al disclose of implement response measures due to detected malicious activities, the teachings of Ma et al offer further protection to biometric templates by deleting them in response to detected abnormal conditions. 

As per claim 12, it is taught by Eliseev et al of implementing one or more response measure (col. 5, lines 59-62), however the teachings fail to disclose:
an overwrite of sensitive data stored at the secure memory, wherein the sensitive data comprises biometric data associated with a user of the computing device, passcode data associated with unlocking the computing device, and data associated with encryption of one or more areas of the primary memory;
a deletion of the biometric data;
a replacement of the passcode data with second passcode data, wherein the second passcode data includes one or more characters that are inaccessible at an input of the computing device; or
an encryption of the sensitive data using a public key, wherein a private key associated with the public key is unavailable at the computing device.
Ma et al discloses of deleting a biometric template as a response measure after detecting an abnormal condition (paragraph 0152, lines 1-6).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply countermeasures to protect sensitive data from unauthorized third parties.  The teachings of Ma et al disclose of anti-theft biometric template system that calculates probabilities based upon comparison scores (paragraph 0138, lines 6-8 and paragraph 0141, lines 1-3).  Although the teachings of Eliseev et al disclose of implement response measures due to detected malicious activities, the teachings of Ma et al offer further protection to biometric templates by deleting them in response to detected abnormal conditions. 

As per claim 20, it is disclosed by Eliseev et al of implementing one or more response measure (col. 5, lines 59-62), however the teachings fail to disclose:
 an overwrite of sensitive data stored at the secure memory, wherein the sensitive data comprises biometric data associated with a user of the computing device, passcode data associated with unlocking the computing device, and data associated with encryption of one or more areas of the primary memory;
a deletion of the biometric data;
a replacement of the passcode data with second passcode data, wherein the second passcode data includes one or more characters that are unavailable at an input of the computing device; or
an encryption of the sensitive data using a public key, wherein a private key associated with the public key is unavailable at the computing device.
Ma et al discloses of deleting a biometric template as a response measure after detecting an abnormal condition (paragraph 0152, lines 1-6).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have been motivated to apply countermeasures to protect sensitive data from unauthorized third parties.  The teachings of Ma et al disclose of anti-theft biometric template system that calculates probabilities based upon comparison scores (paragraph 0138, lines 6-8 and paragraph 0141, lines 1-3).  Although the teachings of Eliseev et al disclose of implement response measures due to detected malicious activities, the teachings of Ma et al offer further protection to biometric templates by deleting them in response to detected abnormal conditions. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Tineo, US 2022/0094705 is relied upon for disclosing of determining whether a cybersecurity threat triggers the performance of an orchestrated response based upon a custom trigger event, see abstract.
Harutyunyan et al, US 2020/0356459 is relied upon for disclosing of triggering remedial measures based upon abnormal conditions, see paragraph 0117.
Huang et al, US 2020/0358683 is relied upon for disclosing of auto remediation of network anomalies that reduces computing resources required to monitor the health of network devices, see paragraph 0017.
Zonneveld et al, U.S. Patent 10,860,405 is relied upon for disclosing of producing health scores for a plurality of monitored applications from detected anomalies, and adjusting the configuration to mitigate the anomaly, see claim 1 of the patent.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LYNN FEILD can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431