DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/22/2022 has been entered.
 
Response to Arguments
In response to 35 USC 112(a), see remarks page 8, filed 07/22/2022, the 35 USC 112(a) rejection has been withdrawn in light of claim amendment.

In response to 35 USC 112(b), see remarks page 9, filed 07/22/2022, the 35 USC 112(b) rejection has been withdrawn in light of claim amendment.

In response to 35 SUC 103, filed 07/22/2022, regarding claims 1 and 16, applicant argues Amin fails to teach “determining if the removable storage device comprises a validation token generated and stored on the removable storage device by another information processing system”.
Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument.

In response to 35 USC 103, filed 07/22/2022, regarding claims 1, 11 and 16, applicant argues Amin fails to teach “responsive to determining that the validation token is stored on the removable storage device at the time the removable storage device was received, obtaining a first content hash and a first set of device security data associated with one or more attributes of the removable storage device and stored by the other information processing system as part of the validation token”.
The examiner respectfully disagrees. Amin teaches “responsive to determining that the validation token is stored on the removable storage device at the time the removable storage device was received, obtaining a first content hash and a first set of security data from the validation token based on the validation token, wherein the first content hash and the first set of device security data are part of the validation token at the time the removable storage device was received”. Amin discloses “the device computes user identity PID’ = h(ID ║σ'). Masked password MPW’ = h(P’║ID’) [III. Proposed Protocol, section B, Page 3]. E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3]. inserting his/her USB storage device into the client machine and inputs ID’, P’, B’. Then the device computes S’. S’ matches with S [III. Proposed Protocol, section B, Page 3]”. Amin shows that the stored validation token is being used. The validation token containing the hash and security data. The validation token stored in the USB is being used. 
Chen teaches “a first set of device security data associated with one or more attributes of the removable storage device and stored by the other information processing system as part of the validation token”. Chen discloses “read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write IDm into the certified IDm library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as IDm [Section 2.1, Page 4355]”. Chen shows that validation token contains set of device security data. The first set of device security data associated with one or more attributes of the removable storage device is interpreted as the information of the IDm, where the IDm contains vendeor id, product ID and hardware serial number.
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., the information processing system that determines if the removable storage device comprises the validation token is the same information processing system that obtains the first content hash and a set of device security data) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Claims 1-4, 9-10 and 20 fall together as accordingly as they do not cure the deficiencies of the independent claims. 

In response to 35 USC 103, filed 07/22/2022, regarding claims 1 and 16, applicant argues Amin fails to teach “obtaining a second content hash based in hashing one or more files currently stored on the removable storage device prior to the removable storage device being received”.
The examiner respectfully disagrees. Amin teaches “obtaining a second content hash based in hashing one or more files currently stored on the removable storage device prior to the removable storage device being received”. Amin discloses “(E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3]”. Amin shows inserting the USB. The USB containing the validation token that contains the hash and security data. Si has files that are hashed that already stored in the validation token in the USB Therefore, Amin does show a hash that was stored in the USB at the time the USB was received. 
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., when compared to the first content hash allows the information processing system to determine if the contents of the removable storage device have changed since the validation token was stored on the removable storage device) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Claims 1-4, 9-10 and 20 fall together as accordingly as they do not cure the deficiencies of the independent claims. 

In response to 35 USC 103, filed 07/22/2022, regarding claims 1 and 16, applicant argues Amin fails to teach “denying the removable storage device access to the information processing system based on at least one of the first and second content hashes failing to match; granting the removable storage device access to the information processing system based on the first and second content hashes matching”.
The examiner respectfully disagrees. Amin teaches “denying the removable storage device access to the information processing system based on at least one of the first and second content hashes failing to match; granting the removable storage device access to the information processing system based on the first and second content hashes matching”. Amin discloses “S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session [III. Proposed Protocol, section B, Page 3]”. Amin shows matching the first and second hash in order to determine if the USB has access or not.
Claims 1-4, 9-10 and 20 fall together as accordingly as they do not cure the deficiencies of the independent claims. 

In response to 35 USC 103, filed 07/22/2022, regarding claim 11 applicant argues the combination of Amin-Chen fails to teach “storing device security data associated with one or more attributes of the removable storage device in the validation file; and tokenizing the validation file to generate a token that is stored on the removable storage device”.
Chen teaches “storing device security data associated with one or more attributes of the removable storage device in the validation file; and tokenizing the validation file to generate a token that is stored on the removable storage device; and tokenizing the validation file to generate a token that is stored on the removable storage device”. Chen discloses “read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write IDm into the certified IDm library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as IDm [Section 2.1, Page 4355]”. Chen shows that validation token or validation file contains set of device security data. The first set of device security data associated with one or more attributes of the removable storage device is interpreted as the information of the IDm, where the IDm contains vendeor id, product ID and hardware serial number.
Amin further teaches “tokenizing the validation file to generate a token that is stored on the removable storage device”. Amin discloses “AS stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token, Ei/Si is the validation file) into the USB storage device… user computes 𝐵𝑃𝑊𝑖 = 𝜂⊕ℎ(𝑃𝑖) and finally stores it in USB storage device [III. Proposed Protocol, section A, Page 3]”. Amin shows that the validation file becomes the validation token stored in the USB.

In response to 35 USC 103, filed 07/22/2022, regarding claim 2, applicant argues the combination of Amin-Chen-Kakutani fails to teach “denying the removable storage device access to the information processing system based on determining that the validation token is not stored on the removable storage device”.
Amin teaches “denying the removable storage device access to the information processing system based on at least one of the first and second content hashes failing to match”. Amin discloses “S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session [III. Proposed Protocol, section B, Page 3]”. Amin shows matching the first and second hash in order to determine if the USB has access or not.
Katutani teaches “denying the removable storage device access to the information processing system based on determining that the validation token is not stored on the removable storage device”. Katutani discloses “determines that the TPM encryption key backup data is not stored in the USB memory [0149”. Katutani shows the TPM encryption key interpreted as the validation token (Amin-Chen further shows validation token) not being stored in the USB memory. The access is being denied.

In response to 35 USC 103, filed 07/22/2022, regarding claims 3 and 4, applicant argues the combination of Amin-Chen-Yeara fails to teach “silent on decrypting a validation token to obtain the first content hash and the first set of device security data”.
Chen teaches “first set of device verification data comprises decrypting the validation token”. Chen disclose “decrypts the IDM of the storage. AS: Dkey(Ekey(I DM )) [Section 2.1, Page 4355]”. Chen shows decrypting the token.
Yeara teaches “obtaining the first content hash comprises decrypting the validation token” Yeara discloses “the Token must be able to decrypt using your public key. Only can get back this value ( hash) if RSA is applied using the related public key, which must be in the USB Token currently connected [0040]”. Yeara shows obtaining the hash value by decrypting the token using the public key.

Claim 4 fall together as accordingly as they do not cure the deficiencies of the independent claims. 

In response to 35 USC 103, filed 07/22/2022, regarding claims 5-7 and 17-19, applicant argues the combination of Amin-Chen-Bacastow fails to teach “validation token comprises access data”.
The examiner respectfully disagrees. Bacastow teaches “validation token comprises access data”. Bacastow discloses “additional secret information be transmitted from the portable USB storage device to a designated server via the internet or intranet. This secret information may be in the form of a digital certificate, token, or other secret information stored on (or created from) the portable USB storage device that uniquely identifies the portable USB storage device from any other otherwise similar or identical device [0013]. The software installed on the portable USB storage device is configured to allow access during specific times (date, time of day, day of the week, etc.) [0042]”. Bacastow shows that the token comprises access data. The secret information is the specific time that allows access.

In response to 35 USC 103, filed 07/22/2022, regarding claim 8, applicant argues the combination of Amin-Chen-Kohno fails to teach “audit id is an identifier of the information processing system performing the operations of claim 1 and 8”.
The examiner respectfully disagrees. Amin and Chen teach claim 1. Kohno further teaches claim 8. Kohno discloses “each protected file F is associated with a unique identifier called the audit ID and illustrated as ID.sub.F. [0049]. Strong audit guarantees for encrypted file systems even if an optional first layer of defense, such as encryption with a password or cryptographic token [0109]”. Kohno shows a system that has audit id as an identifier.

In response to 35 USC 103, filed 07/22/2022, regarding claims 9, 10, 14 and 20.
Claims 9, 10, 14 and 20 fall together as accordingly as they do not cure the deficiencies of the independent claims. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Amended claims 1 and 16 recites “determining if the removable storage device comprises a validation token generated and stored on the removable storage device by another information processing system; obtaining a first content hash and a first set of device security data associated with one or more attributes of the removable storage device and stored by the other information processing system as part of the validation token”. The specification in paragraph [0044] discloses “The security manager 136, at step 404, inspects the removable storage device 130 to determine if a validation token 612 is stored on the device 130. If the security manager 136 determines that a validation token 612 is not stored on the device 130, the device 130 is not validated and the security manager 136 determines the device 130 to be an unauthorized device”. The specification just indicates that the system just checks the token of the removable storage device. The specification does not indicated that the system both checks token and the removable storage device stored by another information processing system. These is no support checking the system that the removable storage device is stored by another information processing system.
The amended claim 11 recites “identifying a set of files on a removable storage device, wherein the set of files have been stored on the removable storage device by another computing device”. The specification in paragraph [0037] discloses “one or more generated files that have been stored on the removable storage device”. The specification just indicates that the system just checks the token of the removable storage device. The specification does not indicated that the system identifying the files have been stored on the removable storage device by another computing device. There is no support of identifying the files stored on the removable storage device by another computing device.
Claims 2-10, 12-15 and 17-20 fall together as they do not cure the deficiencies of independent claims 1, 11 and 16. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 11-13, and 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, 2015, hereinafter Amin) in view of Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen).

Re. claim 1, Amin discloses a method, on an information processing system, comprising: determining a removable storage device has been received (Amin discloses inserting his/her USB storage device into the client machine [III. Proposed Protocol, section A, Page 3], inserting the USB is taught as determine that the removable storage being received); 
determining if a validation token is stored on the removable storage device at the time the removable storage device was received (Amin discloses AS stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device… user computes 𝐵𝑃𝑊𝑖 = 𝜂⊕ℎ(𝑃𝑖) and finally stores it in USB storage device [III. Proposed Protocol, section A, Page 3]. inserting his/her USB storage device into the client machine and inputs ID’, P’, B’. Then the device computes S’. S’ matches with S [III. Proposed Protocol, section B, Page 3], the validation token is stored on the removable storage at the time USB was inserted. It is determined to have the validation token being stored since it was used);
responsive to determining that the validation token is stored on the removable storage device at the time the removable storage device was received (Amin discloses AS stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device… user computes 𝐵𝑃𝑊𝑖 = 𝜂⊕ℎ(𝑃𝑖) and finally stores it in USB storage device [III. Proposed Protocol, section A, Page 3]. inserting his/her USB storage device into the client machine and inputs ID’, P’, B’. Then the device computes S’. S’ matches with S [III. Proposed Protocol, section B, Page 3]), obtaining a first content hash and a first set of security data from the validation token (the device computes user identity PID’ = h(ID ║                        
                            σ
                            '
                        
                    ). Masked password MPW’ = h(P’║ID’) [III. Proposed Protocol, section B, Page 3]. E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3], obtaining hash and security data from the validation token. The validation token stored in the USB that was inserted);
obtaining a second content hash based on hashing one or more files currently stored on the removable storage device prior to the removable storage device being received (E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3], Si has files that are hashed that already stored in the validation token in the USB); 
denying the removable storage device access to the information processing system based on at least one of the first and second content hashes failing to match (S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data) [III. Proposed Protocol, section B, Page 3]); and 
granting the removable storage device access to the information processing system based on the first and second content hashes matching (S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data) [III. Proposed Protocol, section B, Page 3]).  
Although Amin teaches a token with at least three variables, Chen does not explicitly teach but Chen teaches determining if the removable storage device comprises a validation token generated and stored on the removable storage device by another information processing system (Chen teaches read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write I DM into the certified I DM library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as I DM [Section 2.1, Page 4355]);
a first set of device security data associated with one or more attributes of the removable storage device and stored by the other information processing system as part of the validation token (Chen teaches read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write I DM into the certified I DM library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as I DM [Section 2.1, Page 4355]); 
obtaining, from the removable storage device, a second set of device security data stored on the removable storage device prior to the removable storage device being received (the authentication server compares this identification with the stored IDm (taught as the second set of device security data, IDm is stored in the removable storage media that was inserted to the access host) [Section 2.1, Page 4355]. Whether the unique identification is in the certified IDm library or not, in order to judge whether the removable storage media is legitimate media [4.1 System architecture, Pages 4359-4360]); 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Amin to include a first set of device security data from the validation token are part of the validation token at the time the removable storage device was received; obtaining, from the removable storage device, a second set of device security data stored on the removable storage device at the time the removable storage device was received as described by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting the device in order to have access, improves security by verifying the legality of the device (Chen [Section 2.1, Page 4355-4356]).

Re. claim 11, Amin discloses a method, on a computing device, for authorizing a removable storage device for use on one or more information processing systems, the method comprising: 
hashing the set of files to create a set of hashing data (Amin discloses E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩ into the USB storage device [III. Proposed Protocol, section A, Page 3], 𝑋𝑖 = ℎ(𝑃𝐼𝐷’∥ 𝑎 ∥ 𝐹𝑛 ∥ 𝑊𝑖 ∥ 𝑀𝑃𝑊′) and sends 𝑀1 = ⟨𝑃𝐼𝐷’,𝑖,𝐾𝑖, 𝐹𝑛,𝑋𝑖, 𝑆𝑖⟩ to the AS through open channel, [Section III, Section b, Page 3], hashing files);
storing the set of hashing data within a validation file on the removable storage device (E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩ into the USB storage device [III. Proposed Protocol, section A, Page 3],𝑌𝑖 = ℎ(”0” ∥ 𝑃𝐼𝐷𝑖 ∥ 𝑎∗ ∥ 𝐹𝑛 ∥ 𝑏 ∥ 𝑛 ∥ 𝑊∥ 𝑀𝑃𝑊 ), AS sends 𝑀2 = ⟨𝐿𝑖, 𝐶, 𝑌𝑖⟩ to the USB storage device [Section III, Section b, Page 3], the hashing files are stored in a validation file on the USB); and 
tokenizing the validation file to generate a token that is stored on the removable storage device (AS stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token, Ei/Si is the validation file) into the USB storage device… user computes 𝐵𝑃𝑊𝑖 = 𝜂⊕ℎ(𝑃𝑖) and finally stores it in USB storage device [III. Proposed Protocol, section A, Page 3]).  
Although Amin teaches storing security data in USB in the validation file, Chen does not explicitly teach but Chen teaches identifying a set of files on a removable storage device, wherein the set of files have been stored on the removable storage device by another computing device (Chen teaches read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write I DM into the certified I DM library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as I DM [Section 2.1, Page 4355]);
storing device security data associated with one or more attributes of the removable storage device in the validation file (read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write I DM into the certified I DM library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as I DM [Section 2.1, Page 4355]. Whether the unique identification is in the certified IDm library or not, in order to judge whether the removable storage media is legitimate media. Generates the signature SIGas,m of the removable storage media. Reading signature file module reads the signature successfully. Verifies the received message [4.1 System architecture, Pages 4359-4360]. The access host reads the digital signature in removable storage media and gets user id and password presented by the user [2.2 Analysis of authentication scheme based on the schnorr protocol, Page 4356]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Amin to include identifying a set of files on a removable storage device, wherein the set of files have been stored on the removable storage device by another computing device; storing device security data associated with one or more attributes of the removable storage device in the validation file as described by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting the device in order to have access, improves security by verifying the legality of the device (Chen [Section 2.1, Page 4355-4356]).

Re. claim 12, the combination of Amin-Chen teach the method of claim 11, Chen furthers teaches further comprising: obtaining the device security data directly from the removable storage device (Chen teaches getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Amin to include obtaining the device verification data directly from the removable storage device as described by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting the device in order to have access, improves security by verifying the legality of the device (Chen [Section 2.1, Page 4355-4356]).

Re. claim 13, the combination of Amin-Chen teach the method of claim 12, Chen furthers teaches wherein the device verification data comprises at least a unique identifier of the removable storage device (Chen teaches getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Amin to include device verification data comprises at least a unique identifier of the removable storage device as described by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting the device in order to have access, improves security by verifying the legality of the device (Chen [Section 2.1, Page 4355-4356]).

 Re. claim 15, the combination of Amin-Chen teach the method of claim 11, Amin further teaches wherein identifying the set of files on the removable storage device comprises: determining that the removable storage device fails to comprise at set of files (Amin discloses S’ matches with S. if it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of device verification data) [III. Proposed Protocol, section B, Page 3]); and generating the set of files utilizing random data (random sequence generators in key agreement, authentication protocols and so on [Section II, Page 2]. the device computes user identity PID’ = h(ID ║σ'). Masked password MPW’ [III. Proposed Protocol, section B, Page 3]).  

Re. claim 16, Amin discloses an information processing system comprising: memory (Amin discloses memory [Section III part d. Page 3]); 
determines a removable storage device has been received (Amin discloses inserting his/her USB storage device into the client machine [III. Proposed Protocol, section A, Page 3], inserting the USB is taught as detecting that the removable storage being received); 
responsive to a determination that the removable storage device comprises the validation token being stored on the removable storage device at the time the removable storage was received (Amin discloses AS stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device… user computes 𝐵𝑃𝑊𝑖 = 𝜂⊕ℎ(𝑃𝑖) and finally stores it in USB storage device [III. Proposed Protocol, section A, Page 3]. inserting his/her USB storage device into the client machine and inputs ID’, P’, B’. Then the device computs S’. S’ matches with S [III. Proposed Protocol, section B, Page 3]), Attorney Docket No. 480-PO 11237 NextEra Docket No. 092705obtains a first content hash and a first set of security data from the validation token (the device computes user identity PID’ = h(ID ║                        
                            σ
                            '
                        
                    ). Masked password MPW’ = h(P’║ID’) [III. Proposed Protocol, section B, Page 3]. E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3], obtaining hash and security data from the validation token. The validation token stored in the USB that was inserted); 
obtains a second content hash based on hashing one or more files currently stored on the removable storage device prior to the removable storage device being received (E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩  (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3], Si has files that are hashed that already stored in the validation token in the USB); 
denies the removable storage device access to the information processing system based on at least one of the first and second content hashes failing to match (S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data) [III. Proposed Protocol, section B, Page 3]); 
and grants the removable storage device access to the information processing system based on the first and second content hashes matching (S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data) [III. Proposed Protocol, section B, Page 3]).  
Although Amin teaches a token with at least two variables, Chen does not explicitly teach but Chen teaches at least one processor (Chen CPU [Section 4.2, Page 4360]); 
determines if the removable storage device comprises a validation token generated and stored on the removable storage device by another information processing system (Chen teaches read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]. After purchasing a new batch of removable storage media, the system administrator will write I DM into the certified I DM library using corresponding management software, to avoid the abuse of unauthorized removable storage media [4.1 System architecture, Page 4360]. Verify legality of the removable storage media using the unique identification, such as VID, PID and HSN, which we refer to it as I DM [Section 2.1, Page 4355]);
and a security manager operatively coupled to the memory and the at least one processor (Chen teaches the signature module [Section 4.1, Page 4360]), wherein the security manager: a first set of device security data from the validation token are part of the validation token at the time the removable storage device was received (Chen teaches read the IDm of the removable storage media [Section 2.1, Page 4355]. Getting the user ID and password in addition to the unique identification IDm (unique identification of removable storage media) [Section 3.2.2, Page 4359]); 
obtains, from the removable storage device, a second set of device security data stored on the removable storage device prior to the removable storage device being received (the authentication server compares this identification with the stored IDm (taught as the second set of device security data, IDm is stored in the removable storage media that was inserted to the access host) [Section 2.1, Page 4355]. Whether the unique identification is in the certified IDm library or not, in order to judge whether the removable storage media is legitimate media [4.1 System architecture, Pages 4359-4360]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Amin to include at least one processor; determines if the removable storage device comprises a validation token generated and stored on the removable storage device by another information processing system; and a security manager operatively coupled to the memory and the at least one processor, wherein the security manager: a first set of device security data from the validation token are part of the validation token at the time the removable storage device was received; obtains, from the removable storage device, a second set of device security data stored on the removable storage device prior to the removable storage device being received as described by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting the device in order to have access, improves security by verifying the legality of the device (Chen [Section 2.1, Page 4355-4356]).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin) in view of Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen) and in further view of Kakutani (US 20160065369).

Re. claim 2, the combination of Amin-Chen teach the method of claim 1, Although the combination of Amin-Chen discloses denying or granting access when the validation token is stored, the combination of Amin-Chen do not explicitly teach but Kakutani teaches further comprising: denying the removable storage device access to the information processing system based on determining that the validation token is not stored on the removable storage device (Katutani teaches determines that the TPM encryption key (interpreted as validation token) backup data is not stored in the USB memory [0149] (being denied access by going back to step S1114) Fig. 11).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include denying the removable storage device access to the information processing system based on determining that the validation token is not stored on the removable storage device as described by Katutani. One of ordinary skill in the art would have been motivated for the purpose of preventing the key to be executed. Disabling the user authentication and use of the key (Katutani [0009, 0151]).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin) in view of Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen) and in further view of Yeara (US 20150116084).

Re. claim 3, the combination of Amin-Chen teach the method of claim 1, Amin does not explicitly teach but Chen teaches wherein a first set of device verification data comprises decrypting the validation token (Chen teaches decrypts the IDM of the storage. AS: Dkey(Ekey(I DM )) [Section 2.1, Page 4355]).
Although Chen discloses decrypting the token to get the first set of device verification data, Amin-Chen do not explicitly teach but Yeara teaches obtaining the first content hash comprises decrypting the validation token (Yeara teaches the Token must be able to decrypt using your public key. Only can get back this value ( hash) if RSA is applied using the related public key, which must be in the USB Token currently connected [0040] (obtaining the hash value by decrypting the token using the public key)).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include obtaining the first content hash comprises decrypting the validation token as described by Yeara. One of ordinary skill in the art would have been motivated for the purpose of allowing the token to initialized successfully (Yeara [0040]).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Yeara (US 20150116084), and in further view of Chou et al. (US 20110197061, hereinafter Chou).

Re. claim 4, the combination of Amin-Chen-Yeara teach the method of claim 3, Yeara discloses validation token (USB Token) is decrypted by the public key, the combination of Amin-Chen Amin-Chen-Yeara do not explicitly teach but Chou teaches wherein the validation token is decrypted using a private encryption key of the information processing system (Chou teaches if a user authenticates with the PKI Management system using a USB token which protects a private/public key pair the data can be retrieved by decrypting the sensitive data with the private key secured on the user's token [0077]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen-Yeara to include the validation token is decrypted using a private encryption key of the information processing system as described by Chou. One of ordinary skill in the art would have been motivated for the purpose of the sensitive data that is generated by a request is linked to and only accessible by the requesting user (Chou [0077]).

Claims 5-7 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen) and in further view of Bacastow et al. (US 20080005426, hereinafter Bacastow).

Re. claim 5, the combination of Amin-Chen teach the method of claim 1, the combination of Amin-Chen do not explicitly teach but Bacastow teaches wherein granting the removable storage device access to the information processing system further comprises: determining that the validation token comprises access data (Bacastow teaches additional secret information be transmitted from the portable USB storage device to a designated server via the internet or intranet. This secret information may be in the form of a digital certificate, token, or other secret information stored on (or created from) the portable USB storage device that uniquely identifies the portable USB storage device from any other otherwise similar or identical device [0013]. The software installed on the portable USB storage device is configured to allow access during specific times (date, time of day, day of the week, etc.) [0042]); 
determining, from the access data, a time value indicating when an authorization of the removable storage device for accessing the information processing system expires (if the date and time is validated the software on the portable USB storage device functions normally. If the date and time is not validated, the software on the portable USB storage device will not fully function and the information stored on the portable USB storage device cannot be accessed [0042]; 
and determining that the authorization of the removable storage device has not expired (If the date and time is validated the software on the portable USB storage device functions normally [0042]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include determining that the validation token comprises access data; determining, from the access data, a time value indicating when an authorization of the removable storage device for accessing the information processing system expires; and determining that the authorization of the removable storage device has not expired as described by Bacastow. One of ordinary skill in the art would have been motivated for the purpose of protect personal and corporate information from theft or accidental disclosure. And to fully protect information stored on USB (Bacastow [0004]).

Re. claim 6, the combination of Amin-Chen-Bacastow teach the method of claim 5, Bacastow further teaches wherein determining that the authorization of the removable storage device has not expired comprises: comparing the time value to a system clock of the information processing system (Bacastow teaches The USB flash storage device locally validates the date and time information obtained from the PC. If the date and time is validated the software on the portable USB storage device functions normally [42]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include comparing the time value to a system clock of the information processing system as described by Bacastow. One of ordinary skill in the art would have been motivated for the purpose of protect personal and corporate information from theft or accidental disclosure. And to fully protect information stored on USC (Bacastow [4]).

Re. claim 7, the combination of Amin-Chen-Bacastow teach the method of claim 1, Bacastow further teaches wherein denying the removable storage device access to the information processing system further comprises: determining that the validation token comprises access data (Bacastow teaches additional secret information be transmitted from the portable USB storage device to a designated server via the internet or intranet. This secret information may be in the form of a digital certificate, token, or other secret information stored on (or created from) the portable USB storage device that uniquely identifies the portable USB storage device from any other otherwise similar or identical device [13]. The software installed on the portable USB storage device is configured to allow access during specific times (date, time of day, day of the week, etc.) [0042]); 
determining, from the access data, a time value indicating when an authorization of the removable storage device for accessing the information processing system expires (Bacastow teaches the software installed on the portable USB storage device is configured to allow access based on a specific frequency. (one time, specific number of uses, uses within timeframe `velocity`) The USB flash storage device locally validates the frequency of use against the established limits for the device [0043]); 
and determining that the authorization of the removable storage device has expired (If the frequency of use is not validated, the software on the portable USB storage device will not fully function and the information stored on the portable USB storage device cannot be accessed [0043]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include determining that the validation token comprises access data; determining, from the access data, a time value indicating when an authorization of the removable storage device for accessing the information processing system expires; and determining that the authorization of the removable storage device has expired as described by Bacastow. One of ordinary skill in the art would have been motivated for the purpose of protect personal and corporate information from theft or accidental disclosure. And to fully protect information stored on USB (Bacastow [4]).

Re. claim 17, rejection of claim 16 is included and claim 17 is rejected with the same rationale as applied in claim 5.

Re. claim 18, rejection of claim 16 is included and claim 18 is rejected with the same rationale as applied in claim 6.

Re. claim 19, rejection of claim 16 is included and claim 19 is rejected with the same rationale as applied in claim 7. 

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), and in further view of Kohno et al. (US 20130198522, Kohno).

Re. claim 8, the combination of Amin-Chen teach the method of claim 1, the combination of Amin-Chen do not explicitly teach but Kohno teaches further comprising: generating, based on detecting the removable storage device, an audit token comprising at least an identifier of the information processing system (Kohno teaches each protected file F is associated with a unique identifier called the audit ID and illustrated as ID.sub.F. [0049]. Strong audit guarantees for encrypted file systems even if an optional first layer of defense, such as encryption with a password or cryptographic token [0109]); 
and storing the audit token on the removable storage device (Other computing devices having memory configured to store data may also be protected by the auditing file system, such as a USB flash memory device, a removable disk such as a floppy disk or optical disk, a SIM card, a compact flash card, and/or the like [046]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include generating, based on detecting the removable storage device, an audit token comprising at least an identifier of the information processing system; and storing the audit token on the removable storage device as described by Kohno. One of ordinary skill in the art would have been motivated for the purpose of preventing malicious user to read/write data within protected files (Kohno [27]).


Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Kohno et al. (US 20130198522, Kohno), and in further view of Chan et al. (US 20200186359, hereinafter Chan).

Re. claim 9, the combination of Amin-Chen-Kohno teach the method of claim 8, Although Kohno discloses audit token, the combination of Amin-Chen-Kohno do not explicitly teach but Chan teaches wherein the audit token further comprises: a token identifier of a most recent token stored on the removable storage device (Chan teaches the client 1302 generates a module request (the illustrated "get_module_req") to obtain the most recent version of the module 1310… the USB crypto token 1304 and includes an identifier of the token (token ID) [125] Figs 14A-14C); 
and a hash pointer comprising a hash of data within the most recent token (the hash includes a the pointer to the configuration [141]. _data--The hash of the modified software image, or to-be-signed data [145]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Amin-Chen to include a token identifier of a most recent token stored on the removable storage device; and a hash pointer comprising a hash of data within the most recent token as described by Chan. One of ordinary skill in the art would have been motivated for the purpose of storing data for later use. Permitting future requests (Chan [136]).

Re. claim 20, the combination of Amin-Chen teach the information processing system of clam 16, Amin-Chen do not explicitly teach but Kohno teaches wherein the security manager further: generates, based on the removable storage device being detected, an audit token (Kohno teaches each protected file F is associated with a unique identifier called the audit ID and illustrated as ID.sub.F. [49]. Strong audit guarantees for encrypted file systems even if an optional first layer of defense, such as encryption with a password or cryptographic token [109]); 
and stores the audit token on the removable storage device  (Other computing devices having memory configured to store data may also be protected by the auditing file system, such as a USB flash memory device, a removable disk such as a floppy disk or optical disk, a SIM card, a compact flash card, and/or the like [46]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by the combination of Amin-Chen to include generates, based on the removable storage device being detected, an audit token; and stores the audit token on the removable storage device as described by Kohno. One of ordinary skill in the art would have been motivated for the purpose of preventing malicious user to read/write data within protected files (Kohno [27]).
Although Kohno discloses audit token, Amin-Chen-Kohno do not explicitly teach but Chan teaches comprising at least: an identifier of the information processing system, a token identifier of a most recent token stored on the removable storage device (Chan teaches the client 1302 generates a module request (the illustrated "get_module_req") to obtain the most recent version of the module 1310… the USB crypto token 1304 and includes an identifier of the token (token ID) [125] Figs 14A-14C), 
and a hash pointer comprising a hash of data within the most recent token (the hash includes a the pointer to the configuration [141]. _data--The hash of the modified software image, or to-be-signed data [145]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by the combination of Amin-Chen to include a token identifier of a most recent token stored on the removable storage device; and a hash pointer comprising a hash of data within the most recent token as described by Chan. One of ordinary skill in the art would have been motivated for the purpose of storing data for later use. Permitting future requests (Chan [136]).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Kohno et al. (US 20130198522, Kohno), Chan et al. (US 2020086359, hereinafter Chan), and in further view of Shi (US 20200412521).

Re. claim 10, the combination of Amin-Chen-Kohno-Chan teach the method of claim 9, Kohno discloses storing audit token, Amin-Chen-Kohno-Chan do not explicitly teach but Shi teaches wherein storing the audit token comprises: storing the audit token in a blockchain configuration with at least the validation token on the removable storage device (Shi teaches distributed ledger technology operations can include adding data to a blockchain, reading data from a blockchain, transferring (manually or autonomously) cryptocurrency (e.g., tokens) from one wallet to another wallet (e.g., sending, storing, receiving cryptocurrency tokens, or adding transactions to a blockchain), accessing or running DApps, mining (e.g., performing proof of work and/or proof of stake operations to validate transactions), perming light node operations, storing private keys, and/or any other distributed consensus operations on distributed ledger [17]. A transaction moving tokens out of a blockchain wallet can be signed with the private key associated with that wallet. Private keys can also be stored in hardware wallets (e.g., on a USB device) [3]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by the combination of Amin-Chen to include storing the audit token in a blockchain configuration with at least the validation token on the removable storage device as described by Shi. One of ordinary skill in the art would have been motivated for the purpose of securing the token (Shi [3]).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), and in further view of Yurusov (US 20190243978).

Re. claim 14, the combination of Amin-Chen teach the method of claim 11, the combination of Amin-Chen do not explicitly teach but Yurusov teaches wherein tokenizing the validation file comprises: encrypting the validation file using a public key associated with at least one computing system for which the removable storage device is being authorized to access (Yurusov teaches a removable storage device is connected to system. System determines whether the public key stored on the removable storage device is valid using the private key stored in either the memory of system or in a key store or token store that is isolated from the system. The processor 4 may encrypt and/or decrypt one or more files using the public and/or private keys to validate the public key. [32]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by the combination of Amin-Chen to include encrypting the validation file using a public key associated with at least one computing system for which the removable storage device is being authorized to access as described by Yeara. One of ordinary skill in the art would have been motivated for the purpose of enabling a second mode of operation. To eliminate the need to distribute multiple versions of the system (Yeara [3, 33]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Ali et al. ("Seamless fusion of secure software and trusted USB token for protecting enterprise and Government data") discloses validating secure token hardware.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496