DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 11 February 2026 has been received and considered.
Claims 1-20 are pending.
This Action is Final.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: the various “module” limitations in claim 18.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
These limitations are considered to have proper 112 support in the Specification.
Claim Rejections - 35 USC § 101
The rejection under 35 U.S.C. 101 is withdrawn based on the filed amendments.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Warpinski et al. (US 20180268144) in view of Soffer (US 20180097629) and further in view of Powers et al. (US 20140337558).
As per claims 1 and 18-20,Warpinski et al. teaches an apparatus, device, medium (see paragraphs [0022]-[0026]) and method for controlling access to a USB device, wherein the method is applied to a USB access control device which is connected with a protected device through an interface, comprising the steps of: acquiring one or more descriptors of the USB device when the USB device is connected with the USB access control device (see paragraph [0027] and Fig. 2 step 210);
comparing the one or more descriptors of the USB device with registration information associated with the USB device (see paragraphs [0020], [0027] and Fig. 2 step 220 where the list is the registration information);
wherein, if each of the one or more descriptors of the USB device is the same as that in the registration information associated with the USB device, the USB access control device grants access so that the USB device can communicate with the protected device (see paragraphs [0020], [0027] and Fig. 2 steps 220-260 where the use of a white list, as opposed to a black list, will grant access when the descriptor information matches that of the white list);
wherein, when the USB device is communicating with the protected device, the one or more descriptors of the USB device are continuously acquired, and the acquired one or more descriptors of the USB device are compared with the registration information associated with the USB device (see paragraphs [0027], [0032], and Fig. 2 step 270 detecting a change of state, i.e. descriptors, while the device is connected);
wherein, if any one of the descriptors of the USB device is different from the registration information associated with the USB device, access sis prevented by the USB access control device (see paragraph [0027] and Fig. 2 steps 220-230).
While Warpinski et al. teaches changing between granting and denying access based on descriptor information, there lacks an explicit teaching of the use of a switch.
However, Soffer teaches comparing descriptor information to determine when to grant or deny access with the use of a switch (see paragraphs [0256]-[0263]).
At a time before the effective filing date of the invention, it would have been obvious to include the access control details of Soffer in the Warpinski et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to prevent physical connections between the devices, thereby improving the security of the system.
While the modified Warpinski et al. and Soffer system monitors descriptors, there lacks an explicit teaching that the monitoring includes acquiring communication data between the USB device and the protected device in real time and analyzing the communication data between USB device and protected device in real time, wherein one or more descriptors of the USB device are continuously acquired.
However, Powers et al. teaches monitoring includes acquiring communication data between the USB device and the protected device in real time and analyzing the communication data between USB device and protected device in real time, wherein one or more descriptors of the USB device are continuously acquired (see paragraphs [0084] and [0221]) and further discloses when the USB device is not authorized the power is switched off (see paragraphs [0080] and [0136]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to use the real time monitoring of Powers et al. in the modified Warpinski et al. and Soffer system.
Motivation to do so would have been to filter potentially dangerous commands (see Powers et al. paragraph [0221]).
Claims 2-6 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over the modified Warpinski et al., Soffer, and Powers et al. system as applied to claim 1 above, and further in view of Stephan (US 20020143921).
As per claims 2, 6, and 10 , the modified Warpinski et al., Soffer, and Powers et al. system discloses receiving one or more device descriptors determined by the USB device, but fails to explicitly disclose the use of the Get_Descriptor control packet to obtain this information.
However, Stephan teaches the use of the Get_Descriptor control packet being used to obtain device descriptors, configuration descriptors, and interface descriptors (see paragraphs [0040]-[0042]).
At a time before the effective filing date of the invention, it would have been obvious to use the control packet to obtain the descriptors of the modified Warpinski et al., Soffer, and Powers et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to use the well-known and common request method for obtain device descriptors.
As per claims 3-5, the modified Warpinski et al., Soffer, Powers et al., and Stephan system discloses white lists define authorized devices based on descriptor information that are used to control access by USB devices by comparing to determine whether the bDeviceClass in the one or more descriptors of the USB device is the same as the bDeviceClass in the registration information; comparing to determine whether the bDeviceSubClass in the one or more descriptors of the USB device is the same as the bDeviceSubClass in the registration information; comparing to determine whether bDeviceProtocol in the one or more descriptors of the USB device is the same as bDeviceProtocol in the registration information; comparing to determine whether the bLength in the one or more descriptors of the USB device is the same as the bLength in the registration information; comparing to determine whether the bdescriptype in one or more descriptors of the USB device is the same as the bdescriptype in the registration information; and comparing to determine whether the bString in the one or more descriptors of the USB device is the same as the bString in the registration information, wherein if each one of the one or more descriptors of the USB device is the same as that in the registration information associated with the USB device, the step of turning on the switch in the USB access control device comprises: if each value of bDeviceClass, bDeviceClass, bDeviceProtocol, bLength, bDescriptorType, and bString of the one or more descriptors of the USB device is equal to the corresponding descriptor in the registration information, the switch is turned on in the USB access control device, wherein if any of the one or more descriptors of the USB device is different from the corresponding descriptor in the registration information associated with the USB device, the step of turning off the switch in the USB access control device comprises: if any value of bDeviceClass, bDeviceClass, bDeviceProtocol, bLength, bDescriptorType, and bString of the one or more descriptors of the USB device is not equal to the corresponding descriptor in the registration information, the switch in the USB access control device is turned off (see Warpinski et al. paragraph [0020], Soffer paragraphs [0191], [0265]-[0263], [0312]-[0329] and Stephan paragraphs [0040]-[0042] where in order for a device to match the device in the list each of the properties must match).
As per claims 14-17, the modified Warpinski et al., Soffer, Powers et al., and Stephan system discloses white lists define authorized devices based on device descriptor, configuration descriptor, and interface descriptor that are used to control access by USB devices, wherein, if each one of the one or more descriptors of the USB device is the same as that in the registration information associated with the USB device, the step of turning on the switch in the USB access control device comprises: if each value of the device descriptor, the configuration descriptor and the interface descriptor of the one or more descriptors of the USB device is the same as that in the registration information associated with the USB device, turning on the switch in the USB access control device, wherein if any of the one or more descriptors of the USB device is different from that in the registration information associated with the USB device, the step of turning off the switch in the USB access control device comprises: if any value of the device descriptor, the configuration descriptor and the interface descriptor of the one or more descriptors of the USB device is not equal to the corresponding one in the registration information associated with the USB device, turning off the switch in the USB access control device, wherein if the USB device is an HID device, the one or more descriptors of the USB device further includes an HID descriptor; if each one of the one or more descriptors of the USB device is the same as that in the registration information associated with the USB device, the step of turning on the switch in the USB access control device comprises: if each value of the device descriptor, the configuration descriptor, the interface descriptor and the HID descriptor of the one or more descriptors of the USB device is equal to the corresponding one in the registration information associated with the USB device, turning on the switch in the USB access control device, wherein if any of the one or more descriptors of the USB device is different from that in the registration information associated with the USB device, the step of turning off the switch in the USB access control device comprises: if any value of the device descriptor, the configuration descriptor, the interface descriptor and the HID descriptor of one or more descriptors of the USB device is not equal to the corresponding one in the registration information associated with the USB device, turning off the switch in the USB access control device (see Warpinski et al. paragraph [0020], Soffer paragraphs [0191], [0265]-[0263], [0312]-[0329] and Stephan paragraphs [0040]-[0042] where in order for a device to match the device in the list each of the properties must match).
Claims 7-9 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over the modified Warpinski et al., Soffer, Powers et al., and Stephan system as applied to claims 6 and 10 above, and further in view of Appleboum et al. (US 11544416).
As per claims 7-9 and 11-13, the modified Warpinski et al., Soffer, Powers et al. and Stephan system discloses the use of various descriptors for comparison in determining whether to allow or deny access by a USB device and the use of configuration descriptors and interface descriptors (see Warpinski et al., Soffer, and Stephan as applied above), but fails to explicitly disclose the descriptors used in the comparison for access control are bNumInterfaces, bConfigurationValue and wTotalLength; and bInterfaceNumber, bInterfaceClass, bInterfaceSubClass and bInterfaceProtocol.
However, Appleboum et al. teaches obtaining these types of descriptor information (see Figs. 7 and 8).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include the descriptors of Appleboum et al. in the modified Warpinski et al., Soffer, Powers et al., and Stephan system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been that including more details for identifying devices allows for more granularity in device identification which will results in fewer false positive results.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed towards controlling access by USB devices.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached at (571) 270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Michael Pyzocha/ Primary Examiner, Art Unit 2409