Prosecution Insights
Last updated: July 17, 2026
Application No. 18/160,432

MULTI-PARTY AUTHORIZED SECURE BOOT SYSTEM AND METHOD

Non-Final OA §103
Filed
Jan 27, 2023
Examiner
TRUONG, LAWRENCE QUANG
Art Unit
2434
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
4 (Non-Final)
100%
Grant Probability
Favorable
4-5
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 100% — above average
100%
Career Allowance Rate
13 granted / 13 resolved
+42.0% vs TC avg
Minimal +0% lift
Without
With
+0.0%
Interview Lift
resolved cases with interview
Fast prosecutor
2y 0m
Avg Prosecution
16 currently pending
Career history
39
Total Applications
across all art units

Statute-Specific Performance

§101
1.3%
-38.7% vs TC avg
§103
90.0%
+50.0% vs TC avg
§112
1.3%
-38.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 13 resolved cases

Office Action

§103
DETAILED ACTION Claims 1-20 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 02/02/2026 have been fully considered but they are not persuasive. Regarding applicant’s argument that Deymonnaz, Siegler, Baltes, Vajravel, Khatri, Kumar, and/or Nix do not teach accessing two or more secure boot keys from a table that stores a plurality of secure boot keys, and performing an authentication process using each of the subset of secure boot keys, Examiner respectfully disagrees. Baltes at least in paragraph [0030] teaches two or more secure boot keys being accessed from a table that stores a plurality of secure boot keys. Deymonnaz in at least paragraph [0082] teaches performing an authentication process using each of the subset of secure boot keys. Regarding applicant’s arguments that Baltes cannot be construed to teach accessing two or more secure boot keys from a table that stores a plurality of secure boot keys, Examiner respectfully disagrees. Applicant cites that Baltes teaches the bootloader uses the last valid key in the key table as the current valid key and whenever a new updated bootloader is written, the previously used public key is invalidated such that only the last (i.e. a single) public key is used, and therefore Baltes cannot teach accessing two or more secure boot keys from a table. However, the claim language does not explicitly claim that the keys are accessed at the same time. The keys may be accessed at different times, thus, Baltes does teach accessing two or more secure boot keys from a table that stores a plurality of secure boot keys. Regarding applicant’s arguments that Baltes cannot be construed to teach performing an authentication process using each of the subset of secure boot keys, Examiner respectfully disagrees. One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Deymonnaz is used to teach performing an authentication process using each of the subset of secure boot keys at least in paragraph [0082]. For at least these reasons, Deymonnaz, Siegler, Baltes, Vajravel, Khatri, Kumar, and/or Nix, in combination do teach accessing two or more secure boot keys from a table that stores a plurality of secure boot keys, and performing an authentication process using each of the subset of secure boot keys. Therefore, the current rejection is maintained. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1, 4, 8, 9, 15, 16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. 20180198629 A1 to Deymonnaz et al. (Deymonnaz) in view of US 20070067634 A1 to Siegler (Siegler), and in further view of US 20130111203 A1 to Baltes et al. (Baltes). Regarding claim 1, Deymonnaz teaches a multi-party authorized secure boot system comprising: a processing device comprising one or more processors (Deymonnaz [0115], e.g., programmable processor) and one or more memory units (Deymonnaz [0115], e.g., memory device) including instructions (Deymonnaz [0115], e.g., computer program instructions) that, upon execution by the processors, cause the processing device to: during a boot process of the processing device, identify two or more secure boot keys that may be used to authorize, using an authentication process, an ensuing phase of the boot process (Deymonnaz [0048], e.g., Part of the boot process for the user device 140 includes checking the key version code against the stored version code to verify that the key used is current; [0051], e.g., After the developer has selected the desired set of software modules, the developer can instruct the platform provider system 110 to generate the software image and appropriate signatures), [the two or more secure boot keys being accessed from a table that stores a plurality of the secure boot keys and an indication whether each of the secure boot keys have been invalidated]; identify a subset of the secure boot keys that are to be used to perform the authentication process (Deymonnaz [0051], e.g., selected the desired set of software modules, Fig. 2, element 200; Note that software modules comprises of a signature and key; [0088], e.g., The bootloader performs verification steps for each module 440a-440d in the software image) [wherein the subset is less than a total quantity of the secure boot keys]; and using each of the subset of secure boot keys, perform the authentication process based upon whether the two or more secure boot keys have been invalidated (Deymonnaz [0082], e.g., In step 518, the bootloader determines if there is a match between the key used to sign the module-specific vbmeta image and a public key in the chain descriptor within the image-level vbmeta partition 432); [0048], e.g., Part of the boot process for the user device 140 includes checking the key version code against the stored version code to verify that the key used is current. During boot, if the user device 140 determines that a software module 132 is signed using an outdated key, the user device 140 may block execution of the software module or terminate the boot process to avoid running software that is potentially unsafe) Deymonnaz does not explicitly teach, but Siegler teaches wherein the subset of the secure boot keys is less than a total quantity of the secure boot keys (Siegler [0049], e.g., In an exemplary embodiment, the first and second private keys used to construct the first and second digital signatures have been selected from within a larger set of N private keys (such as 10 or more) and referred to as "2 of N" signing where N represents the total number of private keys within the larger set of private keys). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Deymonnaz with the teachings of Siegler with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of flexibility in use of the system in case of a key compromise. (Siegler [0049], e.g., advantage of having a large set of these keys in the first device is that it provides flexibility in use of the system should a key become compromised in some way. If a key is compromised, it can be erased, invalidated, retired, etc. from use). Deymonnaz and Siegler do not explicitly teach, but Baltes teaches the two or more secure boot keys being accessed from a table that stores a plurality of the secure boot keys (Baltes [0030], e.g., Several of the memory slots 124 in the memory segment 122, here four slots, are defined as a key table 126 and are dedicated for only storing public keys within the bootloader memory segment 122) and an indication whether each of the secure boot keys have been invalidated (Baltes [0030], e.g., Each memory slot in the key table 126 includes a validity flag 130 that identifies those keys that are currently valid). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Deymonnaz and Siegler with the teachings of Baltes with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of marking keys that are compromised and need to be replaced (Baltes [0008], e.g., If the public key in the bootloader is compromised or needs to be replaced for other reasons, it is desirable to provide a secure method by the appropriate service personnel to allow the key to be replaced. The bootloader generally uses only one flash segment of memory, which includes the public key, so the public key cannot be made a separately programmable calibration. Thus, if the public key needs to be replaced, the entire bootloader needs to be rewritten and replaced, which is undesirable as an interrupted operation could lead to an ECU that can no longer be programmed). Regarding claim 4, most of the limitations of this claim have been noted in the rejection of claim 1. Deymonnaz further teaches wherein the secure boot keys are owned and managed by different parties (Deymonnaz [0036], e.g., the boot stack includes code from at least three parties, each of which have their own signing keys to sign their part of the software). Regarding claim 8, most of the limitations of this claim have been noted in the rejection of claim 1. Deymonnaz further teaches wherein the instructions, upon execution, cause the processing device to when the ensuing phase does not pass the authentication process, inhibit booting of the ensuing phase (Deymonnaz [0104], e.g., However, if any of the verification steps 605-613 fails, e.g., indicates a difference from the expected values, the device 140 may block booting to avoid operating using insecure software. Similarly, if the values needed to perform the verification steps cannot be accessed, or if the permanent product attributes are not successfully verified in step 602, the device 140 may refuse to boot). Regarding claim 9, the claim recites a multi-party authorized secure boot method of the system of claim 1, and is similarly analyzed. Regarding claim 15, the claim recites a multi-party authorized secure boot method of the system of claim 8, and is similarly analyzed. Regarding claim 16, the claim recites a memory storage device of the method of claim 9, and it similarly analyzed. Regarding claim 18, the claim recites a memory storage device of the system of claim 4, and is similarly analyzed. Regarding claim 20, the claim recites a memory storage device of the system of claim 8, and is similarly analyzed. Claim(s) 2, 3, 10, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Deymonnaz in view of Siegler and Baltes, and in further view of US 20190018966 A1 to Khatri et al. (Khatri). Regarding claim 2, most of the limitations of this claim have been noted in the rejection of claim 1. Deymonnaz. Siegler, and Baltes do not explicitly teach, but Khatri teaches a processing device comprising a Baseboard Management Controller (Khatri [0032], e.g., board management controller (BMC) 144) configured in an Information Handling System (Khatri [0032], e.g., IHS 100). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified combined teachings of Deymonnaz, Siegler, and Baltes with the teachings of Khatri with a reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of remotely managing the information handling system (Khatri [0032], e.g., to enable remote management of IHS 100. For example, BMC 144 may enable a user to discover, configure, and manage BMC 144, setup configuration options, resolve and administer hardware or software problems) Regarding claim 3, most of the limitations of this claim have been noted in the rejection of claim 2. Deymonnaz further teaches wherein the instructions are performed during a fused authentication phase of the boot process (Fig. 5, elements 504, 506, 508, 518, 522; Deymonnaz teaches the fused authentication process because the fused process comprises of a boot method, certificate key ([0090], e.g., PRK public key), and a storage ([0090], e.g., protected storage) for the certificate keys). Regarding claim 10, the claim recites a multi-party authorized secure boot method of the system of claim 2, and is similarly analyzed Regarding claim 11, the claim recites a multi-party authorized secure boot method of the system of claim 1, and is similarly analyzed. Regarding claim 17, the claim recites a memory storage device of the system of claim 3, and is similarly analyzed. Claim(s) 5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Deymonnaz in view of Siegler and Baltes, and in further view of U.S. Patent No. 10,057,243 B1 to Kumar et al. (Kumar). Regarding claim 5, most of the limitations of this claim have been noted in the rejection of claim 1. Deymonnaz further teaches wherein the instructions, upon execution, cause the processing device to identify the subset ([0051], e.g., selected the desired set of software modules) of the secure boot keys ([0049], e.g., corresponding signatures and public keys). However, Deymonnaz, Siegler, and Baltes do not explicitly teach but, Kumar teaches to perform an authentication process using one or more Boolean operators (Col. 20, lines 40-46 e.g., logical operator). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Deymonnaz, Siegler, and Baltes with the teachings of Kumar with a reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit as countermeasure to detect compromise of public-private key pairs associated with the signing and verification process as taught by Kumar (Col. 20, lines 40-46, e.g., countermeasure). Regarding claim 12, the claim recites a multi-party authorized secure boot method of the system of claim 5, and is similarly analyzed. Claim(s) 6, 7, 13, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Deymonnaz in view of Siegler, Baltes and Kumar, and further in view of U.S. Patent No. 10,169,587 B1 to Nix (Nix). Regarding claim 6, most of the limitations of this claim have been noted in the rejection of claim 5. Deymonnaz further teaches the secure boot keys ([0049], e.g., corresponding signatures and public keys, Fig. 2, element 200). However, Deymonnaz and Siegler, and Baltes do not explicitly teach, but Kumar teaches a relationship of the secure boot keys using the Boolean operators (Col. 20, lines 40-46 e.g., logical operator). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings Deymonnaz, Siegler, and Baltes with the teachings of Kumar with a reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit as a countermeasure to detect compromise of public-private key pairs associated with the signing and verification process as taught by Kumar (Col. 20, lines 40-46, e.g., countermeasure). Deymonnaz, Siegler, Baltes, and Kumar do not explicitly teach, but Nix teaches wherein the instructions, upon execution, cause the processing device to access the table (Col. 37, lines 17-36, e.g., key table; Note it is implied that a table will be accessed to fetch keys stored in a key table). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified combined teachings Deymonnaz, Siegler, Baltes, and Kumar with the teachings of Nix with a reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of faster search and retrieval of keys. Regarding claim 7, most of the limitations of this claim have been noted in the rejection of claim 6. Deymonnaz further teaches to determine whether either one of the secure boot keys has been invalidated (Deymonnaz, [0035], e.g., detect that the signature no longer valid; Deymonnaz states that signature data for the module can include a corresponding signature and public key; [0044], e.g., signature data, corresponding signature and public key; Also note that a certificate key comprises of a key and signature). However, Deymonnaz, Siegler, Baltes, and Kumar do not explicitly teach, but Nix teaches wherein the instructions, upon execution, cause the processing device to access a table (Col. 37, lines 17-36, e.g., key table; Note it is implied that a table will be accessed to fetch keys stored in a key table) to determine an appropriate cryptographic algorithm (Col. 40, lines 54-65, e.g., hash algorithm 199e; Fig. 2b, e.g., element 199) for each cert. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified to have modified combined teachings Deymonnaz, Siegler, Baltes, and Kumar with the teachings of Nix with a reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of adding another layer of defense through the use of multiple sets of cryptographic parameters, as taught by Nix (Col. 38, lines 38-41, e.g., second set), in the case that a hash algorithm becomes compromised or cracked. Regarding claim 13, the claim recites a multi-party authorized secure boot method of the system of claim 5, and these are similarly analyzed. Regarding claim 14, the claim recites a multi-party authorized secure boot method of the system of claim 7, and is similarly analyzed. Regarding claim 19, the claim recites a memory storage device of the system of claim 7, and is similarly analyzed. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20150058979 A1 to Peeters et al. discloses employing a plurality of signature verification keys in the boot loader. The bootloader uses a validity bit to verify that a key is valid. US 20220180005 A1 to Kwok et al. discloses a key store storing one or more cryptographic keys. The key store includes an indicator associated with one or more cryptographic keys to activate or disable the associated key. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAWRENCE TRUONG whose telephone number is (571)272-6973. The examiner can normally be reached Monday - Friday, 8:00 am - 4 pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /LAWRENCE TRUONG/Examiner, Art Unit 2434 /NOURA ZOUBAIR/Primary Examiner, Art Unit 2434
Read full office action

Prosecution Timeline

Show 5 earlier events
Sep 23, 2025
Request for Continued Examination
Oct 06, 2025
Response after Non-Final Action
Nov 04, 2025
Non-Final Rejection mailed — §103
Feb 02, 2026
Response Filed
Apr 30, 2026
Final Rejection mailed — §103
Jun 30, 2026
Examiner Interview Summary
Jun 30, 2026
Applicant Interview (Telephonic)
Jun 30, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676897
SYSTEMS AND METHODS FOR APPLYING POLICIES IN A DATACENTER ENVIRONMENT
1y 10m to grant Granted Jul 07, 2026
Patent 12647249
ENCRYPTION PROCESSING APPARATUS AND ENCRYPTION PROCESSING METHOD
2y 6m to grant Granted Jun 02, 2026
Patent 12619697
IDENTITY RECOGNITION METHOD AND APPARATUS, AND FEATURE EXTRACTION METHOD AND APPARATUS FOR BIOMETRIC PATTERN INFORMATION
2y 6m to grant Granted May 05, 2026
Patent 12608704
METHOD OF CONTRACTING RESERVES WITH SINGLE TRANSACTION IN RESPONSE TO A PLURALITY OF CONTRACT REQUESTS
2y 4m to grant Granted Apr 21, 2026
Patent 12591375
DATA STORAGE DEVICE AND METHOD OF ACCESS IN CONFIDENTIAL MODE AND NORMAL MODE
2y 1m to grant Granted Mar 31, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
100%
Grant Probability
99%
With Interview (+0.0%)
2y 0m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 13 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month