DETAILED ACTION
This Office Action is in response to the communication filed on 12/30/2025.
Claim 20 has been cancelled.
Claim 21 is new.
Claims 1-2, 9-10 and 15-16 have been amended.
Claims 1-19 and 21 are pending.
Claims 1-19 and 21 are rejected.
The Examiner cites particular sections in the references as applied to the claims below for the convenience of the applicant(s). Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant(s) fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
The claim objections are withdrawn due to Applicant’s amendments.
Claim Rejections - 35 USC § 112
The 112 rejections are withdrawn due to Applicant’s amendments.
Response to Arguments
Applicant's arguments filed 12/30/2025 have been fully considered but they are not persuasive.
Applicant argues that the prior art does not disclose [specific term or phrase] because the prior art does not explicitly recite [specific term or phrase].
Examiner disagrees because the prior art does not need to recite [specific term or phrase] to read on [specific term or phrase]. If the prior art discloses objects which perform the same function as [specific term or phrase] the prior art teaches [specific term or phrase].
Applicant argues that a host bus adapter (HBA) which is installed in the host is not disclosed by the prior art.
Examiner disagrees.
Applicant points to https://en.wikipedia.org/wiki/Host_adapter which recites “In computer hardware a host controller, host adapter or host bus adapter (HBA) connects a computer system bus which acts as the host system to other network and storage devices. The terms are primarily used to refer to devices for connecting SCSI, SAS, NVMe, Fibre Channel and SATA devices.”
The recited wiki article teaches that a HBA is a device is a device which connects “SCSI, SAS, NVMe, Fibre Channel and SATA devices”.
Prior art Ling teaches devices which connect “SCSI, SATA and SIS” [0067] “the physical interface between a host device and storage device 101… interfaces such as, but not limited to, small computer system interface (SCSI) protocol, serial advanced technology attachment (SATA) protocol, serial attached SCSI (SAS)”; which performs the same function as Applicant, and
Prior art Ling teaches that these connection devices can be within the host devices [0072] teaches that the components including a device which connects a computer system bus which acts as the host system to other network and storage devices, can be within host device 152 or 154.
Therefore Ling teaches the claimed HBA installed in the host.
Applicant's arguments filed 12/30/2025 have been fully considered but they are not persuasive.
Applicant argues that direct I/O processing, by the host, is not disclosed by the prior art.
Examiner disagrees.
Applicant points to https://www.ibm.com/docs/en/aix/7.2.0?topic=io-benefits-direct which explains “Direct I/O is an alternative caching policy that causes the file data to be transferred directly between the disk and the user's buffer”
Prior art Kabra teaches the storage device can bypass the disk stack and read data directly (direct i/o processing) [0021, 0047] “A secure-storage-enabled storage device (e.g., 110) can include logic that can enable robust, storage-device operations and checks, such as, for example, logic 152 enabling direct or trusted read capabilities allowing the storage device to bypass the disk stack file system and read directly from the data records on the storage device”; which performs the same function as Applicant.
Therefore Kabra teaches the claimed direct i/o processing.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, the motivation to combine is clear, blocking potentially harmful communication and providing secure storage functionality.
Applicant argues that dependent claims are allowable by virtue of their dependance, however the independent claim are now allowable therefore the dependent claim are not allowable. In addition, argument with respect to newly added dependent claim 21 is moot in view of new grounds of rejection set forth below.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ling (U.S. 20220382918), in view of Kabra (U.S. 20140310800).
Regarding claims 1, 9 and 15,
Ling discloses: A method for managing use of storage services provided by a storage array, the method comprising: (Ling [0001] This invention relates to a module and method for authenticating data transfer between a storage device and a host device)
identifying an attachment of the storage array to a host; (Ling [0014-0022]; [0040-0051] when storage device 101 is initially connected to host device, storage device 101 will be powered by host device.
in response to identifying the attachment: initiating, using a host bus adapter (HBA) installed in the host, an inquiry to the storage array by the host; (Ling [0014-0022]; [0040-0055] Upon receiving the required information from storage device and host device, module will initiate the pairing of these two devices by generating a digital signature for these two devices based on the serial number associated with storage device and the unique device identifier associated with host device… Once powered on, module will extract from storage device a unique serial number associated with storage device and a public key)
receiving, by the host and using the HBA of the host, a payload from the storage array, the payload being responsive to the inquiry and comprising storage array information and a digital signature; (Ling [0014-0022]; [0040-0054]; the module will extract from storage device a unique serial number associated with storage device and a public key… upon receiving the required information from storage device and host device, module will initiate the pairing of these two devices by generating a digital signature for these two devices based on the serial number associated with storage device and the unique device identifier associated with host device; As illustrated in FIG. 1, module may be provided at storage device and/or at any host device without departing from this invention; all communication exchanged with storage device will first have to pass through connector; [Fig. 5, 0082] process 500 may be implemented in module as provided in either the storage device and/or the host device)
Ling discloses: verifying authenticity of the storage array information using the digital signature and a trusted public key; (Ling [Fig. 1]; [0014-0022]; [0040-0051]; [Fig. 4 and 5]; [0077-0085] allow encrypted data transfer between the storage device and the host device when it is determined that the digital signature matches; module extracts from storage device a unique serial number associated with storage device and a public key; [0019, 0056-0062] This unique digital signature comprising the BLS signature, σ, is then subsequently written into blockchain 170. It should be noted that the BLS signature, σ, may be verified using the public BLS key of the device that was used to generate the BLS signature, e.g. the public key of device 101 or 152 respectively)
in a first instance of the verifying wherein the storage array information can be verified as authentic: (Ling [Fig. 1]; [0014]; [0040-0051]; [Fig. 5]; [0077-0085] allow encrypted data transfer between the storage device and the host device when it is determined that the digital signature matches)
utilizing storage services provided by the storage array; and (Ling [Fig. 1]; [0014]; [0040-0051]; [Fig. 5]; [0077-0085] allow encrypted data transfer between the storage device and the host device when it is determined that the digital signature matches)
in a second instance of the verifying wherein the storage array information cannot be verified as authentic: (Ling [Fig. 1]; [0014]; [0040-0051]; [Fig. 5]; [0077-0085] prevent data transfer between the storage device and the host device when it is determined that the digital signature does not match a digital signature)
the host bus adapter (Ling [0050] As illustrated in FIG. 1, connector 140 is illustrated as the intermediary between storage device 101 and host devices 152 and 154, server rack 156 and NaS 158 whereby all communication exchanged with storage device 101 will first have to pass through connector 140)
Ling does not explicitly disclose:
remediating the HBA.
the HBA providing direct input-output (direct I/O) processing by the host using the storage array
However, in the same field of endeavor Kabra discloses:
remediating the HBA. (Kabra [0018] information can be provided to the disk access security agent 115 and utilized, for instance, by an example access decision engine 138 to determine whether the read/write attempt is a legitimate, desired, or trustworthy one, or, in some instances, an unknown or untrustworthy read/write attempt that should be blocked, further analyzed, or otherwise remediated; [0047] Turning to the example of FIG. 5B, direct write operability of the storage device can be triggered by a disk access security agent and employed to remediate detected problems within an identified range of data records (e.g., 505) on the disk)
the HBA providing direct input-output (direct I/O) processing by the host using the storage array (Kabra [Abstract, 0021, 0029-0033, 0039, 0043-0047, 0053, 0059-0072, 0093-0095] performing, at a host device, host-based secure storage capability, which performs direct processing operations including a direct read operation; Host-based secure storage can be provided at the lowest level of the software stack, such as in an RST driver or controller driver. Host-based secure storage can function potentially across multiple hard disks and storage devices. Secure storage can additionally or alternatively be implemented at the chipset level, for instance, at the device communication bus level)
Ling and Kabra are analogous art because they are from the same field of endeavor Access control and authentication.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ling and Kabra before him or her, to modify the method of Ling to include the remediation of Kabra because it will allow “a set of features can be enabled for hardened system protection, detection, and remediation. Storage block and file lockdown can be realized” (Paragraph 0041-0050 by Kabra) and allowing for providing secure storage functionality (Paragraph 0029-0033, 0043-0046, 0059 by Kabra).
The motivation for doing so would be “performing remediation to improve data security” (Paragraph 0029-0033, 0041-0050 by Kabra)].
Therefore, it would have been obvious to combine Ling and Kabra to obtain the invention as specified in the instant claim.
Claim 9 additionally discloses: A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform (Ling [0008]; [0066]; The above and other problems are solved and an advance in the art is made by systems and methods provided by embodiments in accordance with the invention)
Claim 15 additionally discloses: A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform (Ling [0070, 0075] One skilled in the art will recognize that the various memory components described above comprise non-transitory computer-readable media and shall be taken to comprise all computer-readable media except for a transitory, propagating signal)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 2, 10 and 16,
Ling in view of Kabra discloses: The method of claim 1, wherein the digital signature is generated using a private key. (Ling [0062-0065] In yet another embodiment of the invention, the digital signature may be generated using any cryptographic scheme such as, but is not limited to… symmetric cryptography)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 3, 11 and 17,
Ling in view of Kabra discloses: The method of claim 2, wherein the digital signature is usable to verify authenticity of the storage array information. (Ling [Fig. 1]; [0014-0022]; [0040-0051]; [Fig. 4 and 5]; [0056-0062], [0077-0085] generate a digital signature for the storage device and the host device based on a unique number associated with the storage device and a unique device identity associated with the host device; determine if the digital signature has been written into a blockchain; allow encrypted data transfer between the storage device and the host device when it is determined that the digital signature matches a digital signature; hash a combination of the unique number associated with the storage device and the unique device identity associated with the host device to generate a hashed message h; converting, using a Boneh-Lynn-Shacham (BLS) signature scheme, the hashed message h into a BLS signature σ; and using the BLS signature a as the digital signature)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 4, 12 and 18,
Ling in view of Kabra discloses: The method of claim 3, wherein verifying the authenticity of the storage array information comprises: ingesting the digital signature, the storage array information, and a public key into a signature verification algorithm. (Ling [0014-0022]; [0040-0054] the module will extract from storage device a unique serial number associated with storage device and a public key… upon receiving the required information from storage device and host device, module will initiate the pairing of these two devices by generating a digital signature for these two devices based on the serial number associated with storage device and the unique device identifier associated with host device; As illustrated in FIG. 1, module may be provided at storage device and/or at any host device without departing from this invention; all communication exchanged with storage device will first have to pass through connector; [0019, 0056-0062] In this embodiment, the message, m, to be signed using the BLS signature scheme may comprise, but is not limited to, a combination of the private keys of devices and or a hash of the private key of device with the private key of device, to produce hashed message, h)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 5, 13 and 19,
Ling in view of Kabra discloses: The method of claim 2, wherein the payload further comprises a hash value based on the storage array information. (Ling [0019, 0056-0062] In this embodiment, the message, m, to be signed using the BLS signature scheme may comprise, but is not limited to, a combination of the private keys of devices and or a hash of the private key of device with the private key of device, to produce hashed message, h)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 6 and 14,
Ling in view of Kabra discloses: The method of claim 5, wherein the digital signature is usable to verify authenticity of the hash value. (Ling [0014-0019, 0056-0062] determine if the digital signature has been written into a blockchain; allow encrypted data transfer between the storage device and the host device when it is determined that the digital signature matches a digital signature written into the blockchain With regard to the first aspect of the invention, the instructions to generate the digital signature comprises instructions for directing the processing unit to: hash a combination of the unique number associated with the storage device and the unique device identity associated with the host device to generate a hashed message h; converting, using a Boneh-Lynn-Shacham (BLS) signature scheme, the hashed message h into a BLS signature σ; and using the BLS signature a as the digital signature; [Fig. 5, 0082] process 500 may be implemented in module as provided in either the storage device and/or the host device)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 7,
Ling in view of Kabra discloses: The method of claim 6, wherein the hash value is usable to verify authenticity of the storage array information. (Ling [Fig. 1]; [0014-0022]; [0040-0051]; [Fig. 4 and 5]; [0056-0062], [0077-0085] generate a digital signature for the storage device and the host device based on a unique number associated with the storage device and a unique device identity associated with the host device; determine if the digital signature has been written into a blockchain; allow encrypted data transfer between the storage device and the host device when it is determined that the digital signature matches a digital signature; hash a combination of the unique number associated with the storage device and the unique device identity associated with the host device to generate a hashed message h; converting, using a Boneh-Lynn-Shacham (BLS) signature scheme, the hashed message h into a BLS signature σ; and using the BLS signature a as the digital signature; [Fig. 5, 0082] process 500 may be implemented in module as provided in either the storage device and/or the host device)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Regarding claims 8,
Ling in view of Kabra discloses: The method of claim 7, wherein verifying the authenticity of the storage array information comprises: ingesting the digital signature, the hash value, and a public key into a signature verification algorithm; and (Ling [0014-0022]; [0040-0054] the module will extract from storage device a unique serial number associated with storage device and a public key… upon receiving the required information from storage device and host device, module will initiate the pairing of these two devices by generating a digital signature for these two devices based on the serial number associated with storage device and the unique device identifier associated with host device; As illustrated in FIG. 1, module may be provided at storage device and/or at any host device without departing from this invention; all communication exchanged with storage device will first have to pass through connector; [0019, 0056-0062] In this embodiment, the message, m, to be signed using the BLS signature scheme may comprise, but is not limited to, a combination of the private keys of devices and or a hash of the private key of device with the private key of device, to produce hashed message, h)
ingesting the storage array information into a hash value generation algorithm. (Ling [0014-0019, 0056-0062] hash a combination of the unique number associated with the storage device and the unique device identity associated with the host device to generate a hashed message h)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify with Kabra for similar reasons as cited in claim 1.
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Ling (U.S. 20220382918), in view of Kabra (U.S. 20140310800) and in further view of Kawamura (U.S. 20150074301).
Regarding claim 21,
Ling in view of Kabra discloses: The method of claim 1, wherein remediating the HBA comprises, at least:
Ling in view of Kabra does not explicitly disclose: placing the HBA in a nominal operating condition state where the HBA is configured to
perform only operations within expected thresholds defined by an entity associated with the host.
However, in the same field of endeavor Kawamura discloses:
placing the HBA in a nominal operating condition state where the HBA is configured to
perform only operations within expected thresholds defined by an entity associated with the host. (Kawamura [0027-0036, 0068-0076, 0080, 0090-0096, 0123] teaches setting HBA drivers to perform normal operations (within the expected thresholds).
Ling in view of Kabra and Kawamura are analogous art because they are from the same field of endeavor authentication and verification.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ling in view of Kabra and Kawamura before him or her, to modify the method of Ling in view of Kabra to include the guarantee of normal operations of Kawamura because it will prevent occurrence of any malfunctioning caused by an inappropriate setting of the HBA driver.
The motivation for doing so would be [“ prevent occurrence of any malfunctioning caused by an inappropriate setting of the HBA driver 413. Even when a verification result is output indicating that the HBA driver 413 to be set is not set, it is easy for the manager to acquire the HBA driver 413 to be set and therefore, the work steps executed by the manager and necessary for setting the HBA driver 413 can be reduced.”] (Paragraph 0119 by Kawamura)].
Therefore, it would have been obvious to combine Ling in view of Kabra and Kawamura to obtain the invention as specified in the instant claim.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
disclosure.
Negahdar 2021-01-28 (US 11539680) teaches a system and method for providing remote access to a device is disclosed. The method comprises receiving an automatically expiring authentication token having encrypted authentication token data including a session key from the device, transmitting the authentication token to secure facility, receiving the decrypted authentication token data from the secure facility, signing a tool package with a package verification key derived at least in part from the session key, the tool package comprising processor instructions providing remote access to the device when executed by the processor, providing the signed tool package to the device. The device verifies the signed tool package using the package verification key and executes the tool package only if the signature of the tool package is verified.
Negahdar 2021-01-28 (US 11539680) teaches a system and method for providing remote access to a device is disclosed. The method comprises receiving an automatically expiring authentication token having encrypted authentication token data including a session key from the device, transmitting the authentication token to secure facility, receiving the decrypted authentication token data from the secure facility, signing a tool package with a package verification key derived at least in part from the session key, the tool package comprising processor instructions providing remote access to the device when executed by the processor, providing the signed tool package to the device. The device verifies the signed tool package using the package verification key and executes the tool package only if the signature of the tool package is verified.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A CARNES whose telephone number is (571)272-4378. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
THOMAS A. CARNES
Examiner
Art Unit 2436
/THOMAS A CARNES/ Examiner, Art Unit 2436 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436