DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendments filed on August 31, 2022.
Claims 1, 14-15, 17, 19-20 have been amended.
Claims 1-20 are pending.

Response to Arguments
The objections regarding the claims have been withdrawn as the claims have been amended.
The rejections regarding 35 U.S.C. 103 for Claims 1-20 have been withdrawn as the claims have been amended.
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9, 13-15, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lingappa et al. (U.S. Pub. No. 2017/0171183 A1) hereinafter referred to as “Lingappa”, and further in view of Hegg et al. (U.S. Pub. No. 2013/0061291 A1) hereinafter referred to as “Hegg”.
Regarding Claim 1:
	Lingappa discloses the following limitations:
	A method, comprising: establishing, by a first computer system with a client computer system, a (Par. [0019], Par. [0020], Par. [0026], Par. [0039]). Lingappa teaches an authentication server, i.e. a first computer system, handling resource access requests from a user device, i.e. a client computer system. This is considered to be a connection, since Lingappa suggests the server and user device wirelessly communicating with each other over the web. 
	receiving, in the first computer system over the connection from the client computer system, a request about a memory device remote from the first computer system (Fig. 2, Par. [0026], Par. [0039], Par. [0028]). Lingappa teaches that the authentication server receives an access request to a resource, which is stored on a resource computer. Under the broadest reasonable interpretation, this resource computer is considered to be a memory device and an access of resources is considered a form of operation.
	determining, based on data stored in the first computer system, that the client computer system is eligible to operate the memory device (Par. [0054], Par. [0058], Par. [0059]). Lingappa teaches the authentication server authenticating the user device by verifying a digital signature. The server stores data in the form of a shared secret in order to determine this eligibility. 
	and communicating, by the first computer system with a second computer system secured behind the first computer system to generate a response to the request (Fig. 2, Fig. 3, Par. [0039], Par. [0043], Par. [0056], Par. [0057], Par. [0058]). Lingappa teaches the authentication server communicating with an authorization server, i.e. a second computer system, to validate a credential. The authentication server generates an authentication response to the access request based on this credential validation by the authorization server. Furthermore, this is considered to be secured behind the authentication server, since the authentication server acts as an intermediary between the user device and the authorization server. 
	(taught by Hegg below)

	Hegg discloses the following limitations not taught by Lingappa:
	a secure authenticated connection (Par. [0051], both client device 110 and server 140 may perform steps to authenticate one another using routine 600). Reference Hegg teaches using SSL/TLS authentication in order to create a secure channel. Hegg further teaches that using SSL/TLS allows for mutual authentication of device identities (Par. [0053]) while encrypting data communication between the two systems (Par. [0054]). 
	using at least a cryptographic key stored in the second computer system in association with an unique identification of the memory device (Par. [0032], In either case, the secure token may comprise encrypted data, such as an identifier of untrusted client device 170… authentication module 225 may authenticate the secure token by decrypting the token with the cryptographic key, and verifying the identifier of untrusted client device 170 (using at least a cryptographic key stored in the second computer system in association with an unique identification of the memory device)). Reference Lingappa teaches using a cryptographic key to decrypt and validate a credential (Par. [0053], Par. [0056]), but not an association with a unique memory device ID. Reference Hegg however teaches an alternative method of authentication where a secure token consists of an encrypted identifier of the device.

	References Lingappa and Hegg are considered to be analogous art because they relate to remote device authentication systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the device authentication system of Lingappa with the SSL/TLS protocol and secure token of Hegg in order to gain the benefit of additional security. Furthermore, it would have been obvious to one of ordinary skill in the art to substitute the credential of Lingappa with the secure token of Hegg because one of ordinary skill in the art would have recognized the credential and secure token to be alternative proofs of authentication. 

Regarding Claim 2:
	The combination of Lingappa/Hegg discloses Claim 1.	Reference Hegg further discloses the following limitation:
	wherein the response is generated via the second computer system performing operations using the cryptographic key without transmitting the cryptographic key outside of the second computer system (Par. [0032], Server 140 may store a secret cryptographic key that is used to create the secure token (without transmitting the cryptographic key outside of the second computer system)… authentication module 225 may authenticate the secure token by decrypting the token with the cryptographic key, and verifying the identifier of untrusted client device (wherein the response is generated via the second computer system performing operations using the cryptographic key)). Reference Hegg further teaches decrypting the token with the key and the key being secret, i.e. not transmitted outside the server. 

	The reasons for motivation/combination of references remain the same as in Claim 1. 

Regarding Claim 3:
	The combination of Lingappa/Hegg discloses Claim 2.
	Reference Hegg further discloses the following limitation:
	storing, in the first computer system, a list of Internet Protocol (IP) addresses; determining, by the first computer system, whether to establish the secure authenticated connection based at least in part on whether an address of the client computer system is in the list (Par. [0033], Authentication module 225 may implement an IP white list authentication scheme that stores a list of registered IP addresses (storing, in the first computer system, a list of Internet Protocol (IP) addresses). Authentication module 225 may only allow requests from registered IP addresses to pass through to web service 141 (determining, by the first computer system, whether to establish the secure authenticated connection based at least in part on whether an address of the client computer system is in the list)). Reference Hegg further teaches storing an IP address whitelist. In combination with the authentication server of Lingappa, this teaches the claimed limitation of the first computer system establishing the secure connection with the client device. Reference Hegg further teaches that the benefit of performing IP address authentication allows for additional efficiency by limiting the number of access requests (Par. [0034], By using the IP white list to limit the devices that can request web service 141, device integration can proceed more quickly). 

	References Lingappa and Hegg are considered to be analogous art because they relate to remote device authentication systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the device authentication system of Lingappa with the IP address whitelist of Hegg in order to gain the benefit of increased efficiency in performing authentication.  

Regarding Claim 4:
	The combination of Lingappa/Hegg discloses Claim 3.
	Reference Hegg further discloses the following limitation:
	wherein the establishing of the secure authenticated connection comprises: receiving, in the first computer system, a first certificate from the client computer system, the first certificate indicating an identity of the client computer system; and validating the first certificate (Par. [0053], Next, in block 604, client device 110 may send a client certificate to server 140. The client certificate may include an identifier of client device 110, an identifier of certificate authority 150, and a public key unique to client device 110 (wherein the establishing of the secure authenticated connection comprises: receiving, in the first computer system, a first certificate from the client computer system, the first certificate indicating an identity of the client computer system); Par. [0054], server 140 authenticates client device 110 using the client certificate (and validating the first certificate)). Reference Hegg clarifies that mutual authentication under the SSL/TLS protocol is performed by producing digital certificates from both parties. 	The reasons for motivation/combination of references remain the same as in Claim 1.

 Regarding Claim 5:
	The combination of Lingappa/Hegg discloses Claim 4.
	Reference Hegg further discloses the following limitation:
	wherein the establishing of the secure authenticated connection further comprises: providing, by the first computer system to the client computer system, a second certificate to indicate an identity of the first computer system, wherein the client computer system is configured to validate the second certificate prior to the establishing of the secure authenticated connection (Par. [0052], authentication module 221 on server 140 may send stored server certificate 301 to client device 110. Server certificate 301 may include an identifier for server 140, an identifier of certificate authority 150, and a public encryption key unique to server 140 (wherein the establishing of the secure authenticated connection further comprises: providing, by the first computer system to the client computer system, a second certificate to indicate an identity of the first computer system); Par. [0053], client device 110 authenticates server 140 using server certificate (wherein the client computer system is configured to validate the second certificate prior to the establishing of the secure authenticated connection)). Reference Hegg further teaches producing a second certificate for mutual authentication in the SSL/TLS protocol. 

	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 6:
	The combination of Lingappa/Hegg discloses Claim 5.
	Reference Hegg further discloses the following limitation:
	wherein the establishing of the secure authenticated connection further comprises: establishing a session key to encrypt data transmitted via the secure authenticated connection (Par. [0029], Authentication module 221 may also store a session key 302 for encrypting communications during a particular SSL/TSL session with one or more client devices (wherein the establishing of the secure authenticated connection further comprises: establishing a session key to encrypt data transmitted via the secure authenticated connection)). Reference Hegg further teaches encrypting communications with a session key as part of the secure channel. 

	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 7:
	The combination of Lingappa/Hegg discloses Claim 3.
	Reference Hegg further discloses the following limitation:
	wherein the request includes identity data of the memory device; and the response includes an indication of whether the memory device is authentic according to the cryptographic key (Par. [0032], In either case, the secure token may comprise encrypted data, such as an identifier of untrusted client device 170 (wherein the request includes identity data of the memory device)… authentication module 225 may authenticate the secure token by decrypting the token with the cryptographic key, and verifying the identifier of untrusted client device 170 (and the response includes an indication of whether the memory device is authentic according to the cryptographic key)). Previously, references Lingappa and Hegg were combined in a manner such that the request for authentication contained a secure token which is the encrypted token of the memory device for the reasons of additional security. As Hegg teaches authenticating the token via decryption of the token, this teaches an indication of whether the memory device is authentic according to the cryptographic key under the broadest reasonable interpretation.

	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 9:
	The combination of Lingappa/Hegg discloses Claim 7.
	Lingappa further discloses the following limitation:	
	establishing, by the first computer system with the second computer system, a separate (Fig. 2, Fig. 3). As shown in Figure 2 of Lingappa, the communication between the authentication server and authorization server is through a separate connection than that of the one between the user device and authentication server. 

	Hegg further discloses the following limitation:
	a secure authenticated connection (Par. [0051]). It was previously shown in the rejection of Claim 1 that Hegg teaches that creating a secure authenticated connection increases security by encrypting communication. This encryption of communications can be further applied to the separate connection of Lingappa for additional security. 

	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 13:
	The combination of Lingappa/Hegg discloses Claim 7.
	Reference Hegg further discloses the following limitation:	
	wherein the response includes a cryptographic key usable to apply a digital signature on a command to be executed by the memory device upon validation of the digital signature in the memory device (Par. [0055], In such embodiments, server 140 may generate the digital signatures using encryptor 303 with a unique private encryption key that was provided to server 140 in advance of routine 600 by certificate authority 150 (wherein the response includes a cryptographic key usable to apply a digital signature on a command to be executed by the memory device upon validation of the digital signature in the memory device)). Note that the phrase “usable to apply” indicates a statement of intended use. Reference Hegg further teaches providing a cryptographic key in order to create digital signatures during mutual authentication. 

	The reasons for motivation/combination of references remain the same as in Claim 1.

Regarding Claim 14:
	Lingappa discloses the following limitations:
	A computer system, comprising: memory storing data indicative of privileges of client computer systems to control memory devices (Abstract, Par. [0006], Par. [0046], Par. [0087], Par. [0088]). Lingappa teaches an authentication server, i.e. a computer system, which stores a shared secret as authentication data. Under the broadest reasonable interpretation, this is considered to be “data indicative of privileges” since only client computers able to supply a signature validated by the shared secret are authenticated for device access. Lingappa further teaches servers having memory for storage. 
	and at least one processor configured via a set of instructions to (Par. [0006], Par. [0087]). Lingappa teaches the authentication server having processors.  
	establish, with a client computer, a (Par. [0019], Par. [0020], Par. [0026], Par. [0039]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. 
	receive, over the connection from the client computer, a request about a memory device remote from the computer system (Fig. 2, Par. [0026], Par. [0039], Par. [0028]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. 
	determine, based on the data indicative of the privileges, that the client computer is eligible to control the memory device (Par. [0054], Par. [0058], Par. [0059]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. That is, Lingappa validates signatures using the shared secret data, i.e. stored data indicative of the privileges. 
	and communicate with a server computer secured behind the computer system to generate a response to the request (Fig. 2, Fig. 3, Par. [0039], Par. [0043], Par. [0056], Par. [0057], Par. [0058]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. 
	(taught by Hegg below)
	(taught by Hegg below)

	Hegg further discloses the following limitations not taught by Lingappa:
	a secure authenticated connection (Par. [0051]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 1. 
	using at least a cryptographic key stored in the server computer in association with an unique identification of the memory device (Par. [0032]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 1. 
	wherein the response is generated without transmission of the cryptographic key from the server computer (Par. [0032]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 2. 

	References Lingappa and Hegg are considered to be analogous art because they relate to remote device authentication systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the device authentication system of Lingappa with the SSL/TLS protocol and secure token of Hegg in order to gain the benefit of additional security. Furthermore, it would have been obvious to one of ordinary skill in the art to substitute the credential of Lingappa with the secure token of Hegg because one of ordinary skill in the art would have recognized the credential and secure token to be alternative proofs of authentication. 

Regarding Claim 15:
	The combination of Lingappa/Hegg discloses Claim 14.
	Reference Hegg further discloses the following limitation:
	wherein the at least one processor is further configured to determine whether to establish the secure authenticated connection based at least in part on whether an address of the client computer is in a predetermined list of Internet Protocol (IP) addresses (Par. [0033]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 3. 

	References Lingappa and Hegg are considered to be analogous art because they relate to remote device authentication systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the device authentication system of Lingappa with the IP address whitelist of Hegg in order to gain the benefit of increased efficiency in performing authentication.  

Regarding Claim 19:
	Lingappa discloses the following limitations:
	A non-transitory computer storage medium storing instructions which, when executed by a computer system, cause the computer system to perform a method, the method comprising (Par. [0006], Par. [0088]). Lingappa discloses a non-transitory computer storage medium containing the instructions to perform the invention. 
	establishing, with a client computer system, a (Par. [0019], Par. [0020], Par. [0026], Par. [0039]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. 
	receiving, over the connection from the client computer, a request about a memory device remote to the computer system (Fig. 2, Par. [0026], Par. [0039], Par. [0028]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. 
	determining, based on data stored in the computer system and representative of privileges of client computer systems to control memory devices, that the client computer is eligible to control the memory device (Par. [0054], Par. [0058], Par. [0059]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 14. 
	and communicating with a server computer secured behind the computer system to generate a response to the request (Fig. 2, Fig. 3, Par. [0039], Par. [0043], Par. [0056], Par. [0057], Par. [0058]). This limitation was previously shown to be taught by Lingappa in the rejection of Claim 1. 
	(taught by Hegg below)
	(taught by Hegg below)

	Hegg further discloses the following limitations not taught by Lingappa :
	a secure authenticated connection (Par. [0051]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 1. 
	using at least a cryptographic key stored in the server computer in association with an unique identification of the memory device (Par. [0032]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 1. 
	wherein the response is generated without transmission of the cryptographic key from the server computer (Par. [0032]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 2. 

	References Lingappa and Hegg are considered to be analogous art because they relate to remote device authentication systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the device authentication system of Lingappa with the SSL/TLS protocol and secure token of Hegg in order to gain the benefit of additional security. Furthermore, it would have been obvious to one of ordinary skill in the art to substitute the credential of Lingappa with the secure token of Hegg because one of ordinary skill in the art would have recognized the credential and secure token to be alternative proofs of authentication. 

Regarding Claim 20:
	The combination of Lingappa/Hegg discloses Claim 19.
	Reference Hegg further discloses the following limitations:
	wherein the method further comprises: determining whether to establish the secure authenticated connection based at least in part on whether an address of the client computer is in a predetermined list of Internet Protocol (IP) addresses (Par. [0033]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 3. 
	wherein the response includes at least one of: an indication of whether the memory device is authentic according to the cryptographic key, wherein the cryptographic key is generated by the server computer based on an unique device secret of the memory device stored in the server computer; a cryptographic key usable to apply a digital signature on a command to be executed by the memory device upon validation of the digital signature in the memory device; a command having a digital signature and executable in the memory device to transfer a privilege to an operator of the client computer; and a command having a digital signature and executable in the memory device to activate at least one security feature of the memory device (Par. [0055], In such embodiments, server 140 may generate the digital signatures using encryptor 303 with a unique private encryption key that was provided to server 140 in advance of routine 600 by certificate authority 150 (wherein the response includes at least one of: …a cryptographic key usable to apply a digital signature on a command to be executed by the memory device upon validation of the digital signature in the memory device)). As the claim recites the phrase “includes at least one of” for a list of options, only one option needs to be fulfilled under the broadest reasonable interpretation. Note that the phrase “usable to apply” indicates a statement of intended use. Reference Hegg further teaches providing a cryptographic key in order to create digital signatures during mutual authentication. 

	References Lingappa and Hegg are considered to be analogous art because they relate to remote device authentication systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the device authentication system of Lingappa with the IP address whitelist of Hegg in order to gain the benefit of increased efficiency in performing authentication.  

	Claims 8, 16 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lingappa/Hegg and further in view of Shiomi et al. (U.S. Pub. No. 2006/0248346 A1) hereinafter referred to as “Shiomi”. 
Regarding Claim 8:
	The combination of Lingappa/Hegg discloses Claim 7.
	Reference Shiomi discloses the following limitations not taught by Lingappa/Hegg:
	wherein the cryptographic key is generated by the second computer system based on an unique device secret of the memory device stored in the second computer system (Par. [0015], The method for generating a device unique key according to the invention includes a method further including the steps of: making the secret information processing portion of the host device encrypt the device unique ID to thereby generate an encrypted device unique ID; storing the encrypted device unique ID into the storage portion of the host device (based on an unique device secret of the memory device stored in the second computer system); and making the secret information processing portion of the host device generate a device unique key based on the device unique ID (wherein the cryptographic key is generated by the second computer system)). Reference Shiomi teaches generating a cryptographic key from a unique device identification which is intended to remain secret. 

	The combination of references Lingappa/Hegg do not teach key generation based on a device secret of the memory device. Reference Shiomi however teaches generating a cryptographic key from a unique device identification which is intended to remain secret. Shiomi further teaches that generating device unique key helps to protect the device secret in performing mutual authentication and prevent attacks (Par. [0016], Accordingly, protection of the device unique ID can be enhanced, and illegal access can be prevented. That is, when mutual authentication is established between the target device and the host device, an authentication key can be obtained).
	The combination of references Lingappa/Hegg and Shiomi are considered to be analogous art because they relate to authentication systems for devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the memory device authentication system of Lingappa/Hegg with the unique device key generation of Shiomi in order to gain the benefit of additional security against illegal access. 

Regarding Claim 16:
	The combination of Lingappa/Hegg discloses Claim 15.
	Hegg further discloses the following limitation:
	wherein the request includes identity data of the memory device; the response includes an indication of whether the memory device is authentic according to the cryptographic key (Par. [0032]). This limitation was previously shown to be taught by Hegg in the rejection of Claim 7. 
	(taught by Shiomi below)
	
	Reference Shiomi discloses the following limitations not taught by Lingappa/Hegg:
	and wherein the cryptographic key is generated by the server computer based on an unique device secret of the memory device stored in the server computer (Par. [0015]). This limitation was previously shown to be taught by Shiomi in the rejection of Claim 8. 

	The combination of references Lingappa/Hegg do not teach key generation based on a device secret of the memory device. Reference Shiomi however teaches generating a cryptographic key from a unique device identification which is intended to remain secret. Shiomi further teaches that generating device unique key helps to protect the device secret in performing mutual authentication and prevent attacks (Par. [0016], Accordingly, protection of the device unique ID can be enhanced, and illegal access can be prevented. That is, when mutual authentication is established between the target device and the host device, an authentication key can be obtained).
	The combination of references Lingappa/Hegg and Shiomi are considered to be analogous art because they relate to authentication systems for devices. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the memory device authentication system of Lingappa/Hegg with the unique device key generation of Shiomi in order to gain the benefit of additional security against illegal access. 

	Claims 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lingappa/Hegg and further in view of Zhu et al. (U.S. Pub. No. 2016/0182487 A1) hereinafter referred to as “Zhu”. 
Regarding Claim 10:
	The combination of Lingappa/Hegg discloses Claim 7.
	Zhu discloses the following limitation not taught by Lingappa/Hegg:	
	wherein the response includes a command executable in the memory device to transfer a privilege to an operator of the client computer system (Abstract, Par. [0065], Par. [0102], Par. [0148]). Zhu teaches remotely operating devices in a cloud environment by generating a workflow package in response to authenticating a user request. The commands in the workflow package are executed by running an environment with the user’s privileges. This is considered under the broadest reasonable interpretation to be a transferal of privileges to an operator, since the command gives the user the privilege to perform the requested workflow. Zhu further teaches that using such a workflow package allows for local validation of privileges (Par. [0095], Par. [0096]). 

	Lingappa/Hegg and Zhu are considered to be analogous art because they relate to remote device authentication and control systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the authentication response of Lingappa/Hegg with the workflow package of Zhu in order to gain the benefit of running the requested operations with local validation.  
	
Regarding Claim 11:
	The combination of Lingappa/Hegg/Zhu discloses Claim 10.
	Zhu further discloses the following limitations:	
	wherein the command includes a digital signature applied on the command using a cryptographic key of a current holder of the privilege (Par. [0090]). Zhu teaches the commands in the workflow package being digitally signed for validation. These digital signatures are from the user, i.e. a current holder of privilege, which suggests using a cryptographic key (Par. [0081]). 
	and the command is executable in the memory device after the digital signature is validated by the memory device (Par. [0091]). Zhu teaches continuing processing after signature validation. 

	The reasons for motivation/combination of references remain the same as in Claim 10. 

Regarding Claim 12:
	The combination of Lingappa/Hegg discloses Claim 7.
	Zhu discloses the following limitations not taught by Lingappa/Hegg:	
	wherein the response includes a command executable in the memory device (Abstract, Par. [0065], Par. [0102], Par. [0148]). This limitation was previously shown to be taught by Zhu in the rejection of Claim 10.
	to activate at least one security feature of the memory device (Abstract, Par. [0065], Par. [0102], Par. [0148]). Zhu teaches creating an environment with the least required privileges in order to run the workflow. Under the broadest reasonable interpretation, this is considered to be an activation of a security feature since a security feature is not explicitly defined within the specification, and the creation of such an environment relates to security. 

	Lingappa/Hegg and Zhu are considered to be analogous art because they relate to remote device authentication and control systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the authentication response of Lingappa/Hegg with the workflow package of Zhu in order to gain the benefit of running the requested operations with local validation.  

	Claims 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Lingappa/Hegg/Shiomi and further in view of Zhu.
Regarding Claim 17:
	The combination of Lingappa/Hegg/Shiomi discloses Claim 16.
	Zhu discloses the following limitations not taught by Lingappa/Hegg/Shiomi:
	wherein the response includes a command executable in the memory device to transfer a privilege to an operator of the client computer, or to activate at least one security feature of the memory device, or any combination thereof (Abstract, Par. [0065], Par. [0102], Par. [0148]). This limitation was previously shown to be taught by Zhu in the rejections of Claim 10 and 12.
	and wherein the command includes a digital signature applied on the command using a cryptographic key (Par. [0090]). This limitation was previously shown to be taught by Zhu in the rejection of Claim 11.
	and the command is executable in the memory device after the digital signature is validated by the memory device (Par. [0091]). This limitation was previously shown to be taught by Zhu in the rejection of Claim 11.

	Lingappa/Hegg/Shiomi and Zhu are considered to be analogous art because they relate to remote device authentication and control systems. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further combine the authentication response of Lingappa/Hegg/Shiomi with the workflow package of Zhu in order to gain the benefit of running the requested operations with local validation.  

Regarding Claim 18:
	The combination of Lingappa/Hegg/Shiomi/Zhu discloses Claim 17.
	Hegg further discloses the following limitation:		
	wherein the response includes a cryptographic key usable to apply a digital signature on a command to be executed by the memory device upon validation of the digital signature in the memory device (Par. [0055]).  This limitation was previously shown to be taught by Hegg in the rejection of Claim 13. 

	The reasons for motivation/combination of references remain the same as in Claim 17.

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Plewnia (U.S. Pub. No. 2014/0130142 A1) – Includes methods regarding access requests for multitenant architecture
Manion et al. (U.S. Pub. No. 2009/0178124 A1) – Includes methods regarding remote device authentication and management
Karr et al. (U.S. Patent No. 8,042,163 B1) – Includes methods regarding granting storage access using tokens

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on  (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/E.V.V./Examiner, Art Unit 2431                                                                                                                                                                                                        /LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431