DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/19/2025 has been entered.
Response to Arguments
In response to claim objection, the claim objection has been withdrawn in light of claim amendment.
In response to 35 USC 112(b) on pages 10-15 of the remarks, filed 11/19/2025, the 35 USC 112b rejection has been withdrawn in light of claim amendment. However, the amendment claims contain issues that need to be reviewed.
In response to 35 USC 103 on page 14 of the remarks, filed 11/19/2025, For independent claims 1, 16 and 26 along with their respective dependent claims, applicant argues that the references fails to teach the recited claims.
Applicant’s argues that Chen fails to disclose or suggest “air gapped second information processing system that is physically and/or logically isolated from a first information processing system”. The Examiner does not concede. Chen, Rio and Amin disclose “air-gapped” environment. Please see 35 USC 103 rejection.
Applicant argues that Chen does not disclose or suggest hashing any files stored on the removable storage media. The Examiner does not concede. Chen teaches “generating, by the first information processing system, a first content hash of the one or more files stored on the removable storage device”. Chen recites “calculating the hash of the user message and IDm [Page 4358]”. Chen shows hashing the files stored on the removable storage media.
Applicant argues Chen fails to disclose or suggest "tokenizing, by the first information processing system, the first content hash, the set of device security data, and access data to generate a token; storing the token on the removable storage device such that the removable storage device stores the one or more files and the token". The Examiner does not concede. Chen teaches “tokenizing, by the information processing system, the first content hash, the set of device security data and access data to generate a token; storing the token on the removable storage device such that the removable storage device stores the one or more files and the token”. Chen recites “discloses IDm is encrypted with encryption key. the authentication server sign on the hash of user ID, password and IDm. After completing the registration phase, digital signature will be saved on the encryption area of the removable storage media[Page 4358]”. IDm contains VID, PID and HSN. HSN is interpreted as the set of device security data. PID as the access data. The hash, HSN, PID are converted to a token. The token is stored in the removable storage device. Applicant further indicates that the references do not teach “access data”. Under further review, Chen discloses access data. A password can be interpretated as an access data. Applicant did not discloses what “access data” encompass of.
Applicant argues that moreover, none of the cited art of record, whether alone or in combination, discloses or suggests "allowing, by the security manager, access by the removable storage device to the air- gapped network based on the second content hash matching the first content hash and the access data in the token". The Examiner does not concede. Amin teaches “allowing access by the removable storage device to the air-gapped network based on the second content hash matching the first content hash and the access data in the token”. Amin recites “S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, if it matches it implies that the user Ui provides correct identity, password and biometric template which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data). [III. Proposed Protocol, section B, Page 3]”. Amin shows that access from the removable storage device is allowed based on the information in the token.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10, 16-20, 22-24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Re. claims 1 and 16; the phrase "such that" renders the claim indefinite because it is unclear whether the limitation(s) following the phrase are part of the claimed invention. See MPEP § 2173.05(d).
Re. claim 5, 7, 17 and 19 recites the limitation “Access data" in line 2. There is insufficient antecedent basis for this limitation in the claim.
Claims 2-10, 17-20 and 22-24 fall together as they do not cure the deficiencies of the independent claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 3, 4, 16, 22-24 and 26-27 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen) in view of Del Rio et al. (EP 3144841, hereinafter Rio) and in further view of Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, 2015, hereinafter Amin).
Re. claim 1, Chen discloses a method for providing access to a removable storage device on an air-gapped second information processing system that is physically and/or logically isolated from a first information processing system, comprising: receiving, by the first information processing system, the removable storage device, the removable storage device storing one or more files and a set of device security data associated with one or more attributes of the removable storage device (Chen discloses obtains the unique identification of removable storage media IDm [Page 4358]. Properties that can uniquely identify it include the vendor ID (VID), product ID (PID) as well as hardware serial number (HSN) and so forth [6, 7, 8]. During the registration phase of this scheme, the authentication server records the unique identification of the removable storage media [Page 4354]. The access host is Lenovo-PC computer with one CPU of Intel Core2 Duo E7500 2.93GHz and 2G RAM memory. The authentication server is HP-DL380G7 X5675 server with two CPU of six-core 3.06GHz and 16G RAM memory. Two computers are connected through 100MB Local Area Network [Page 4360], receive removable storage device, the removable storage device containing VID, PID and HSN);
generating, by the first information processing system, a first content hash of the one or more files stored on the removable storage device (Chen discloses calculating the hash of the user message and IDm [Page 4358], IDm contains VID, PID and HSN. HSN is interpreted as the set of device security data. VID and PID as the files);
tokenizing, by the information processing system, the first content hash, the set of device security data and access data to generate a token (Chen discloses IDm is encrypted with encryption key. the authentication server sign on the hash of user ID, password and IDm. After completing the registration phase, digital signature will be saved on the encryption area of the removable storage media [Page 4358], IDm contains VID, PID and HSN. HSN is interpreted as the set of device security data. PID as the access data); storing the token on the removable storage device such that the removable storage device stores the one or more files and the token (Chen discloses the authentication server sign on the hash of user ID, password and IDm. After completing the registration phase, digital signature will be saved on the encryption area of the removable storage media [Page 4358]).
Chen discloses inserting the usb into another air-gapped system, Chen does not explicitly teach but Rio teaches determining, by a security manager as part of the air-gapped second information processing system, that the removable storage device is detected, and wherein the air-gapped second information processing system is physically and/or logically isolated from the first information processing system and the air-gapped second information processing system is communicatively coupled to systems and components that form an air-gapped (Rio teaches the software agent is configured: for detecting if a data storage device inserted into a port of the computer device is a private one or a corporate one [0007]. A software agent similar to the software agent 20 installed in the critical device 41 42 of the first type, thus keeping the critical device 43 44 isolated from the external data storage device [0045]. A connection between the internal data storage means 34, the control means 33 and the external critical device 43 44 to which the adapter 30 is physically plugged through socket or port 32 [0048][0029][0033] Fig. 1);
inspecting, by the security manager the token stored on the removable storage device (Rio teaches to check if the files stored in the external device 61 are valid files. The files 615 stored in the external device are schematized. This content is examined by the control means 33 [0055]. The four generated files(encrypted original content, encrypted hash file, encrypted list of corporate data storage devices and public key) are copied to the corporate data storage device [0035][0007]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen to determining, by a security manager as part of the air-gapped second information processing system, that the removable storage device is detected, and wherein the air-gapped second information processing system is physically and/or logically isolated from the first information processing system and the air-gapped second information processing system is communicatively coupled to systems and components that form an air-gapped; inspecting, by the security manager the token stored on the removable storage device as described by Rio. One of ordinary skill in the art would have been motivated for the purpose of preventing attacks originated in data storage systems, preventing cyberattacks, checking the content has been verified (Rio [0005]).
Chen discloses content hash and Rio teaches a security manager part of the air-gapped second information processing system, the combination of Chen-Rio do not explicitly teach but Amin teaches in response to the first content hash being comprised in the token stored on the removable storage device, hashing the one or more files stored on the removable storage device to generate a second content hash (Amin teaches the device computes user identity PID’ = h(ID ║
σ
'
). Masked password MPW’ = h(P’║ID’) [III. Proposed Protocol, section B, Page 3]. E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩ (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3], obtaining hash and security data from the validation token. The validation token stored in the USB that was inserted); allowing access by the removable storage device to the air-gapped network based on the second content hash matching the first content hash and the access data in the token (Amin teaches S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, if it matches it implies that the user Ui provides correct identity, password and biometric template which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data). [III. Proposed Protocol, section B, Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen-Rio to in response to the first content hash being comprised in the token stored on the removable storage device, hashing the one or more files stored on the removable storage device to generate a second content hash; allowing access by the removable storage device to the air-gapped network based on the second content hash matching the first content hash and the access data in the token as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract]).
Re. claim 2, the combination of Chen-Rio-Amin teach the method of claim 1, Although the combination of Chen discloses denying or granting access by the security manager when the token is stored, Chen-Rio does not explicitly teach but Amin teaches further comprising: denying access by the removable storage device to the air-gapped network based on determining that the token is not stored on the removable storage device (Amin teaches S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data) [III. Proposed Protocol, section B, Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Chen-Rio to include denying the removable storage device access to second the information processing system based on determining that the token is not stored on the removable storage device as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract][Page 5]).
Re. claim 3, the combination of Chen-Rio-Amin teach the method of claim 1, further comprising: in response to the token being stored on the removable storage device, decrypting, by the security manager, the token (Chen teaches decrypts the IDM of the storage. AS: Dkey(Ekey(I DM )) [Section 2.1, Page 4355]. Write I DM into the certified I DM library using corresponding managen1ent software [Page 4360]).
Re. claim 4, the combination of Chen-Rio-Amin teach the method of claim 3, wherein the token is decrypted using a private encryption key of the air-gapped second information processing system (Chen discloses decrypts the IDM of the storage. AS: Dkey(Ekey(I DM )) [Section 2.1, Page 4355].Two computers are connected through 100MB local area network [Page 4360]. Generate the private key and public key y. The authentication server selects private key, where 1 < x < q, and computes y = gx mod p. [Page 4361]).
Re. claim 16, Chen discloses a system for providing access to a removable storage device on an air-gapped second information processing system that is physically and/or logically isolated from the first information processing system, comprising: the first information processing system including memory storing computer-executable instructions and operatively coupled to least one processor that (Chen discloses memory and CPU [Page 4360]) performs receiving, by the first information processing system, the removable storage device storing one or more files and a set of device security data associated with one or more attributes of the removable storage device (Chen discloses obtains the unique identification of removable storage media IDm [Page 4358]. Properties that can uniquely identify it include the vendor ID (VID), product ID (PID) as well as hardware serial number (HSN) and so forth [6, 7, 8]. During the registration phase of this scheme, the authentication server records the unique identification of the removable storage media [Page 4354]. The access host is Lenovo-PC computer with one CPU of Intel Core2 Duo E7500 2.93GHz and 2G RAM memory. The authentication server is HP-DL380G7 X5675 server with two CPU of six-core 3.06GHz and 16G RAM memory. Two computers are connected through 100MB Local Area Network [Page 4360], receive removable storage device, the removable storage device containing VID, PID and HSN);
generating, by the first information processing system, a first content hash of the one or more files stored on the removable storage device (Chen discloses calculating the hash of the user message and IDm [Page 4358], IDm contains VID, PID and HSN. HSN is interpreted as the set of device security data. VID and PID as the files);
tokenizing, by the first information processing system, the first content hash, the set of device security data, and access data to generate a token (Chen discloses IDm is encrypted with encryption key. the authentication server sign on the hash of user ID, password and IDm. After completing the registration phase, digital signature will be saved on the encryption area of the removable storage media [Page 4358], IDm contains VID, PID and HSN. HSN is interpreted as the set of device security data. PID as the access data); storing the token on the removable storage device such that the removable storage device stores the one or more files and the token (Chen discloses the authentication server sign on the hash of user ID, password and IDm. After completing the registration phase, digital signature will be saved on the encryption area of the removable storage media [Page 4358]).
Chen discloses inserting the usb into another air-gapped system, Chen does not explicitly teach but Rio teaches determining, by a security manager as part of the air-gapped second information processing system, that the removable storage device is detected, and wherein the air-gapped second information processing system is physically and/or logically isolated from the first information processing system and the air-gapped second information processing system is communicatively coupled to systems and components that form an air-gapped (Rio teaches the software agent is configured: for detecting if a data storage device inserted into a port of the computer device is a private one or a corporate one [0007]. A software agent similar to the software agent 20 installed in the critical device 41 42 of the first type, thus keeping the critical device 43 44 isolated from the external data storage device [0045]. A connection between the internal data storage means 34, the control means 33 and the external critical device 43 44 to which the adapter 30 is physically plugged through socket or port 32 [0048][0029] [0033] Fig. 1);
inspecting, by the security manager the token stored on the removable storage device (Rio teaches to check if the files stored in the external device 61 are valid files. The files 615 stored in the external device are schematized. This content is examined by the control means 33 [0055]. The four generated files(encrypted original content, encrypted hash file, encrypted list of corporate data storage devices and public key) are copied to the corporate data storage device [0035]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen to determining, by a security manager as part of the air-gapped second information processing system, that the removable storage device is detected, and wherein the air-gapped second information processing system is physically and/or logically isolated from the first information processing system and the air-gapped second information processing system is communicatively coupled to systems and components that form an air-gapped; inspecting, by the security manager the token with the first content hash stored on the removable storage device as described by Rio. One of ordinary skill in the art would have been motivated for the purpose of preventing attacks originated in data storage systems, preventing cyberattacks, checking the content has been verified (Rio [0005]).
Chen discloses content hash and Rio teaches a security manager part of the air-gapped second information processing system, the combination of Chen-Rio do not explicitly teach but Amin teaches in response to the first content hash being comprised in the token stored on the removable storage device, hashing the one or more files stored on the removable device to generate a second content hash (Amin teaches the device computes user identity PID’ = h(ID ║
σ
'
). Masked password MPW’ = h(P’║ID’) [III. Proposed Protocol, section B, Page 3]. E=h(h(PID x) ║MPW), S=h(PID ║x) ⊕MPW; stores ⟨𝐸𝑖, 𝑆𝑖⟩ (interpreted as validation token) into the USB storage device [III. Proposed Protocol, section A, Page 3], obtaining hash and security data from the validation token. The validation token stored in the USB that was inserted); allowing access by the removable storage device to the air-gapped network based on the second content hash matching the first content hash and the access data in the token (Amin teaches S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, if it matches it implies that the user Ui provides correct identity, password and biometric template which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data). [III. Proposed Protocol, section B, Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen-Rio to in response to the first content hash being stored on the removable storage device, generating a second content hash by hashing the set of device security data and the hash of the files stored on the removable storage device; allowing access by the removable storage device to the air-gapped network based on the second content hash matching the first content hash as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract]).
Re. claim 22, rejection of claim 16 is included and claim 22 is rejected with the same rationale as applied in claim 2.
Re. claim 23, rejection of claim 22 is included and claim 23 is rejected with the same rationale as applied in claim 3.
Re. claim 24, the combination of Chen-Rio-Amin teach the system of claim 23, wherein the token is decrypted using a private encryption key of the air-gapped second information processing system (Chen discloses decrypts the IDM of the storage. AS: Dkey(Ekey(I DM )) [Section 2.1, Page 4355].Two computers are connected through 100MB local area network [Page 4360]. Generate the private key and public key y. The authentication server selects private key, where 1 < x < q, and computes y = gx mod p. [Page 4361]) and wherein the generating the first content hash of the files includes generating files with random data (Chen discloses hash of Idm with random data [Page 4358]).
Chen-Rio do not explicitly teach but Amin teaches generating the first hash of the files and the files with random data (Amin teaches every time it hashes it includes a random sequence generator [Page 2 Col 1][Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen-Rio to generating the first hash of the files and the files with random data as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract]).
Re. claim 26, claim 26 is rejected with the same rationale as applied in claims 1 and 16.
Re. claim 27, Chen-Rio-Amin teach the air-gapped information processing system of claim 26, further comprising: denying, by the security manager, access by the removable storage device to the air- gapped network based on determining that the token is not stored on the removable storage device (Amin teaches S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data) [III. Proposed Protocol, section B, Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen-Rio to include denying, by the security manager, access by the removable storage device to the air- gapped network based on determining that the token is not stored on the removable storage device as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract]).
Claims 5-7 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Del Rio et al. (EP 3144841, hereinafter Rio), Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), and in further view of Bacastow et al. (US 20080005426, hereinafter Bacastow).
Re. claim 5, the combination of Chen-Rio-Amin teach the method of claim 1, Amin further teaches wherein allowing, by the security manager, access by the removable storage device to the air-gapped network further comprises: determining that the token comprises access data token (Amin teaches S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, if it matches it implies that the user Ui provides correct identity, password and biometric template which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data). [III. Proposed Protocol, section B, Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen-Rio to determining that the token comprises access data token as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract]).
Amin discloses access data, Amin does not explicitly teach but Bacastow teaches determining, from the access data, a time value indicating when a security of the removable storage device for accessing the air-gapped network expires (Bacastow teach if the date and time is validated the software on the portable USB storage device functions normally. If the date and time is not validated, the software on the portable USB storage device will not fully function and the information stored on the portable USB storage device cannot be accessed [0042]);
and determining that the authorization of the removable storage device has not expired (If the date and time is validated the software on the portable USB storage device functions normally [0042]. Outside the timeframes the USB storage device will not be accessible [0017]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Chen—Rio-Amin to include determining, from the access data, a time value indicating when a security of the removable storage device for accessing the air-gapped network expires; and determining that the authorization of the removable storage device has not expired as described by Bacastow. One of ordinary skill in the art would have been motivated for the purpose of protect personal and corporate information from theft or accidental disclosure. And to fully protect information stored on USB (Bacastow [0004]).
Re. claim 6, the combination of Chen-Rio-Amin-Bacastow teach the method of claim 5, Bacastow further teaches wherein determining that the authorization of the removable storage device has not expired comprises: comparing the time value to a system clock of the second information processing system (Bacastow teaches the USB flash storage device locally validates the date and time information obtained from the PC. If the date and time is validated the software on the portable USB storage device functions normally [42]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Chen-Rio-Amin to include comparing the time value to a system clock of the information processing system as described by Bacastow. One of ordinary skill in the art would have been motivated for the purpose of protect personal and corporate information from theft or accidental disclosure. And to fully protect information stored on USC (Bacastow [4]).
Re. claim 7, the combination of Chen-Rio-Amin-Bacastow teach the method of claim 1, Amin further teaches wherein denying the removable storage device access to the information processing system further comprises: determining that the token comprises access data (Amin teaches S’ matches with S. If it is not matched the user is not corrected, the session is then terminated. If it is matched the user is corrected, if it matches it implies that the user Ui provides correct identity, password and biometric template which it grants access by not terminating the session (as stated above where S contains hash content and sets of verification data). [III. Proposed Protocol, section B, Page 3]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the second information system disclosed by Chen-Rio to determining that the token comprises access data token as described by Amin. One of ordinary skill in the art would have been motivated for the purpose of preventing an attacker to access important files and have accessible to a host computing device (Amin [Abstract]).
Amin discloses access data, Amin does not explicitly teach but Bacastow teaches determining, from the access data, a time value indicating when an authorization of the removable storage device for accessing the information processing system expires (Bacastow teaches the software installed on the portable USB storage device is configured to allow access based on a specific frequency. (one time, specific number of uses, uses within timeframe `velocity`) The USB flash storage device locally validates the frequency of use against the established limits for the device [0043]);
and determining that the authorization of the removable storage device has expired (If the frequency of use is not validated, the software on the portable USB storage device will not fully function and the information stored on the portable USB storage device cannot be accessed [0043]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Chen-Rio-Amin to include from the access data, a time value indicating when an authorization of the removable storage device for accessing the information processing system expires; and determining that the authorization of the removable storage device has expired as described by Bacastow. One of ordinary skill in the art would have been motivated for the purpose of protect personal and corporate information from theft or accidental disclosure. And to fully protect information stored on USB (Bacastow [4]).
Re. claim 17, rejection of claim 16 is included and claim 17 is rejected with the same rationale as applied in claim 5.
Re. claim 18, rejection of claim 16 is included and claim 18 is rejected with the same rationale as applied in claim 6.
Re. claim 19, rejection of claim 16 is included and claim 19 is rejected with the same rationale as applied in claim 7.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Del Rio et al. (EP 3144841, hereinafter Rio), in view of Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), and in further view of Knapp et al. (US 20170353461, hereinafter Knapp).
Re. claim 8, the combination of Chen-Rio-Amin teach the method of claim 1, the combination of Chen-Rio-Amin do not explicitly teach but Kohno teaches further comprising: generating, based on detecting the removable storage device, an audit token comprising at least an identifier of the air-gapped second information processing system (Knapp teaches Example details that may be included in the audit log file for a file activity could include a source node or device identifier, a target node or device identifier, parameters of the source and target nodes like Internet Protocol (IP) address and Medium Access Control (MAC) address, file name, file size, file type, file permissions, active user, and whether the file activity was allowed, blocked, or successful [0085]. When a storage device 402 with an audit log file connects to an SMX server 105 (such as for check-out), the SMX server 105 can copy the audit log file from the storage device 402 [0086]Fig. 6);
and storing the audit token on the removable storage device (Knapp teaches any suitable information could be included in an audit log file, either on a protected node 102 or on a storage device 402 [0085]. When a storage device 402 with an audit log file [0086][0084]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Chen-Rio-Amin to include generating, based on detecting the removable storage device, an audit token comprising at least an identifier of the air-gapped second information processing system; and storing the audit token on the removable storage device as described by Knapp. One of ordinary skill in the art would have been motivated for the purpose of tracking files (Knapp [87]).
Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Del Rio et al. (EP 3144841, hereinafter Rio), Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Knapp et al. (US 20170353461, hereinafter Knapp), and in further view of Chan et al. (US 20200186359, hereinafter Chan).
Re. claim 9, the combination of Chen-Rio-Amin-Knapp teach the method of claim 8, Although Knapp discloses audit token, the combination of Chen-Rio-Amin-Knapp do not explicitly teach but Chan teaches wherein the audit token further comprises: a token identifier of a most recent token stored on the removable storage device (Chan teaches the client 1302 generates a module request (the illustrated "get_module_req") to obtain the most recent version of the module 1310… the USB crypto token 1304 and includes an identifier of the token (token ID) [125] Figs 14A-14C);
and a hash pointer comprising a hash of data within the most recent token (the hash includes a the pointer to the configuration [141]. _data--The hash of the modified software image, or to-be-signed data [145]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Chen-Rio-Amin-Knapp to include a token identifier of a most recent token stored on the removable storage device; and a hash pointer comprising a hash of data within the most recent token as described by Chan. One of ordinary skill in the art would have been motivated for the purpose of storing data for later use. Permitting future requests (Chan [136]).
Re. claim 20, the combination of Chen-Rio-Amin teach the apparatus of clam 16, Chen-Rio-Amin do not explicitly teach but Knapp teaches wherein the security manager further: generates, based on the removable storage device being detected, an audit token (Knapp teaches Example details that may be included in the audit log file for a file activity could include a source node or device identifier, a target node or device identifier, parameters of the source and target nodes like Internet Protocol (IP) address and Medium Access Control (MAC) address, file name, file size, file type, file permissions, active user, and whether the file activity was allowed, blocked, or successful [0085]. When a storage device 402 with an audit log file connects to an SMX server 105 (such as for check-out), the SMX server 105 can copy the audit log file from the storage device 402 [0086]Fig. 6);
and stores the audit token on the removable storage device (Knapp teaches any suitable information could be included in an audit log file, either on a protected node 102 or on a storage device 402 [0085]. When a storage device 402 with an audit log file [0086][0084]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by the combination of Chen-Rio-Amin to include generating, based on detecting the removable storage device, an audit token comprising at least an identifier of the second information processing system; and storing the audit token on the removable storage device as described by Knapp. One of ordinary skill in the art would have been motivated for the purpose of tracking files (Knapp [87]).
Although Knapp discloses audit token, Chen-Rio-Amin-Knapp do not explicitly teach but Chan teaches comprising at least: an identifier of the information processing system, a token identifier of a most recent token stored on the removable storage device (Chan teaches the client 1302 generates a module request (the illustrated "get_module_req") to obtain the most recent version of the module 1310… the USB crypto token 1304 and includes an identifier of the token (token ID) [125] Figs 14A-14C),
and a hash pointer comprising a hash of data within the most recent token (the hash includes a the pointer to the configuration [141]. _data--The hash of the modified software image, or to-be-signed data [145]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by the combination of Chen-Rio-Amin-Knapp to include a token identifier of a most recent token stored on the removable storage device; and a hash pointer comprising a hash of data within the most recent token as described by Chan. One of ordinary skill in the art would have been motivated for the purpose of storing data for later use. Permitting future requests (Chan [136]).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (“A secure access authentication scheme for removable storage media”, hereinafter Chen), Del Rio et al. (EP 3144841, hereinafter Rio), Amin et al. (“Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device”, hereinafter Amin), Knapp et al. (US 20170353461, hereinafter Knapp), Chan et al. (US 2020086359, hereinafter Chan), and in further view of Ow et al. (US 20190324958, hereinafter Ow).
Re. claim 10, the combination of Chen-Rio-Amin-Knapp-Chan teach the method of claim 9, Knapp discloses storing audit token and token on the removable storage device, Chen-Rio-Amin-Knapp-Chan do not explicitly teach but Ow teaches wherein storing the audit token comprises: storing the audit token on the removable storage device in a blockchain configuration with at least the token on the removable storage device (Ow teaches the AXEL blockchain 1007 is running on a user personal computer 1005. The personal computer 1005 is running the PINApp unification client that is providing a direct communication link between the user smartphone 1010, the user tablet 1015, the user external hard drive 1020 and the user personal computer 1005. The user vault 1030 (secondary token/fiat storage) resides on the user external hard drive 1020 [0269]. Shows two different tokens [0275], external hard drive in a blockchain configuration, the token is stored in the external hard drive).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by the combination of Chen-Rio-Amin-Knapp-Chan to include storing the audit token on the removable storage device in a blockchain configuration with at least the token on the removable storage device as described by Ow. One of ordinary skill in the art would have been motivated for the purpose of preventing security events and ensures the privacy and security of the content being stored (Ow [0291] [0016]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Ali et al. ("Seamless fusion of secure software and trusted USB token for protecting enterprise and Government data") discloses validating secure token hardware.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KEVIN AYALA/Primary Examiner, Art Unit 2496