DETAILED ACTION
The following claims are pending in this office action: 1, 4-7, 10-13 and 16-18
The following claims are amended: 1, 7 and 13
The following claims are new: -
The following claims are cancelled: 2-3, 8-9 and 14-15
Claims 1, 4-7. 10-13 and 16-18 are rejected.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 02/17/2026 has been entered.
RESPONSE TO ARGUMENTS
Applicant’s arguments in the amendment filed 02/17/2026 have been fully considered but are moot in view of new grounds of rejection.
The independent claims are amended to recite: “prompting, by the boot image, for a password for an encrypted volume stored on the non-transitory computer-readable medium, wherein the encrypted volume includes a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system on the information handling system.” This limitation is disclosed by the combination of Shriver (US Pub. 2012/0151199), Beachem et al. (US Pub. 2012/0151200) and Schack (US Pub. 2020/0104495) as explained below and rejected accordingly.
The reason for the new rejection in view of the references is that the location and ordering of the steps make the claims in the independent claims. The claim recites that “the encrypted volume includes a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system on the information handling system”, however this language, in accordance to the BRI of the claims, does not limit the condensed operating system to be within the encrypted volume. As explained below a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system is clearly disclosed by the prior art. Using a condensed/compressed/small/minimal operating system such as WinPE or Live Linux to use a kernel/ramdisk is clearly disclosed by several references in the cited prior art.
To advance prosecution, Examiner suggests amending the claims to include that 1) the condensed operating system is within/included in the encrypted volume, and 2) the boot image reads the kernel and initial ramdisk to boot the condensed operating system before decrypting the encrypted volume using the password. This is clearly supported, for example, Fig. 3 of the drawings. These limitations serve to distinguish that the within the encrypted volume are operable to install an operating system without first decrypting the encrypted volume.
Independent claims 7 and 13 are amended in a similar way to claim 1. The amended limitations are disclosed the combination of Shriver (US Pub. 2012/0151199), Beachem et al. (US Pub. 2012/0151200) and Schack (US Pub. 2020/0104495) as explained below and rejected accordingly.
Dependent claims 4-6, 10-12 and 16-18 depend on independent claims 1, 7 and 13. The amended elements in the claims are disclosed by the combination of Shriver (US Pub. 2012/0151199), Beachem et al. (US Pub. 2012/0151200) and Schack (US Pub. 2020/0104495) as explained below, and so any additional features to the dependent claims are rejected accordingly.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 5-7, 11-13 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Shriver (US Pub. 2012/0151199) (hereinafter “Shriver”) in view of Beachem et al. (US Pub. 2012/0151200) (hereinafter “Beachem”) in view of Huang (US Pub. 2013/0198835) (hereinafter “Huang”) and in view of Schack (US Pub. 2020/0104495) (hereinafter “Schack”).
As per claim 1, Shriver teaches a computer-implemented method comprising: ([Shriver, para. 0036 “the various methods described are conveniently implemented in a general purpose computer”)
booting an information handling system from a boot image stored on a non-transitory computer readable storage medium; ([Shriver, para. 0004] “the boot process is initiating a session of the information handling system”; [para. 0023] “the boot configuration [boot image] from Master Boot Record (MBR) 320 of nonvolatile storage device 185 [stored on a non-transitory computer readable storage medium] ... include code executed during the boot process”)
prompting, by the boot image, ([Shriver, para. 0025] “Fig. 4 is a flowchart showing steps performed by the ... boot process”; [para. 0027] “the boot process [by the boot image] attempts to retrieve [prompting]”) for a password ([para. 0027] “the boot process attempts to retrieve an update encryption key ... from the user ... a password”) for an encrypted volume stored on the non-transitory computer-readable storage medium, ([para. 0027] “the update encryption key is used to [a password used for] decrypt an encrypted copy of the disk encryption key ... used to unlock encrypted partition 340 [an encrypted volume”]; [Fig. 3] Encrypted partition 340 is stored on the mass storage device 185) wherein the encrypted volume includes a kernel and an initial ramdisk; ([para. 0028] “an encrypted copy of the operating system kernel ... is decrypted and loaded from encrypted partition 340 ... an initial RAM disk ... is also retrieved and decrypted from encrypted partition 340”; a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system is more clearly taught by Schack below)
loading, by the boot image, the kernel of the condensed operating system; ([Shriver, para. 0028] “at step 480, [by the boot image as the steps of Fig. 4 including step 480 is performed by the boot process] an encrypted copy of the operating system kernel (the "kernel") is [the kernel of the condensed operating system – as there is no definition of “condensed operating system” nor any examples in the specification, Examiner interprets this in its ordinary broadest reasonable meaning as to be any operating system that includes a kernel that may be encrypted to be condensed; alternatively, Schack below teaches the kernel and the initial ramdisk is “for a condensed operating system” and “of the condensed operating system”] ... loaded from encrypted partition 340 [stored within the encrypted volume]”)
passing, by the boot image, the password to the condensed operating system; and ([Shriver, para. 0031] “at step 540, the kernel boot process [condensed operating system] attempts to retrieve an update encryption key [passing by the boot image to the kernel boot process] ... a password ... from some other input [passing, by the boot process]”; the “kernel boot process” is code stored within an encrypted volume as the kernel was stored within the encrypted partition 340 as described above; identically, the process of retrieving the password/update encryption key by the boot image was clearly described by Shriver as explained above, and so “some other input”/boot image/boot process passes/provides the password/update encryption key to the kernel boot process; wherein the password is passed via a command-line argument of the kernel is more clearly taught by Huang below)
decrypting, by the condensed operating system, ([Shriver, para. 0029] “Fig. 5 is a flowchart showing steps performed by the ... kernel boot process [condensed operating system]”) the encrypted volume using the password; ([Para. 0031] “at step 550, the received update encryption key [password] is used to decrypt an encrypted copy of the disk encryption ... used to unlock [decrypt] encrypted partition 340 [the encrypted volume]”)
Shriver does not clearly teach wherein the encrypted volume includes a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system on the information handling system; wherein the password is passed via a command-line argument of the kernel; and causing, by the condensed operating system, execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system.
However, Beachem teaches wherein the encrypted volume includes a condensed operating system ([Beachem, para. 0045] “the fully encrypted drive ... storage device 247”; [para. 0047] “pre-boot operating system 385 [the condensed operating system] ... on the ... storage drive 247”) that is configured to install an operating system on the information handling system; and ([para. 0048] “the pre-boot system 385 ... to update the main operating system 380”; [Fig. 3; para. 0042] the update is to be installed on the laptop/information handling system depicted in Fig. 3 as “memory 220 ... comprise a main operating system 380”)
causing, by the condensed operating system, ([Beachem, para. 0045] “the fully encrypted drive ... storage device 247”; [para. 0047] “pre-boot operating system 385 [the condensed operating system] ... on the ... storage drive 247”) execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system. ([Para. 0048] “data ... such as a software bundle [image] ... to update the main operating system [operation system installation image] is loaded onto the information exchange partition 390 and encrypted [stored within the encrypted volume”; [para. 0049] “the pre-boot operating system 385 [causing by the condensed operating system] ... decrypt the data to be loaded on the fully encrypted drive [on the information handling system – see para. 0013 “fully encrypted drive on an endpoint computing device”] ... to perform the update [execution of the operating image to install the operating system]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver with the teachings of Beachem to include wherein the encrypted volume includes a condensed operating system that is configured to install an operating system on the information handling system; and causing, by the condensed operating system, execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit allowing management and provision of updates to an end point computing device employing full disk encryption. (Beachem, para. 0062)
Shriver in view of Beachem does not clearly teach a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system; and wherein the password is passed via a command-line argument of the kernel.
However, Huang teaches wherein the password is passed via a command-line argument of the kernel. ([Huang, para. 0003] “A shell is a command language interpreter and acts as an interface between the user and the kernel ... and is commonly categorized into command-line shells”; [para. 0035] “the user of the user account shell [via command-line argument of the kernel] ... send a command [passed] with at least one parameter ... /dev/passwd [the password]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Beachem with the teachings of Huang to include wherein the password is passed via a command-line argument of the kernel. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of allowing engineers to conveniently read/write/move/copy system files such as the update described above. (Huang, para. 0004)
Shiver in view of Beachem and Huang does not clearly teach a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system.
However, Schack teaches a kernel and an initial ramdisk for a condensed operating system ([Schack, para. 0007] “At boot time of the operating system, the instructions cause the processor to boot a kernel of the [for] operating system with a minimal number of modules loaded [condensed operating system] ... fewer modules than needed for a fully functioning operating system ... to install packages of the file system”; [para. 0038] “the kernel access the ... Ramdisk) that is configured to install an operating system. ([para. 0039] “installing the file system packages ... as a fully functional operating system”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Huang and Beachem with the teachings of Schack to include a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system. One of ordinary skill in the art would have been motivated to make this modification because security breaches for a circuit platform subject to compromise by unauthorized changes to a file system may be mitigated by abstracting the file system into a minimal number of modules before installation. (Schack, para. 0005; para. 0008)
As per claim 5, Shriver in view of Beachem, Huang and Schack teaches claim 1.
Shriver also teaches wherein the encrypted volume is a Linux Unified Key Setup volume. ([Shriver, para. 0030] “the encrypted partition is unlocked by ... crypto engine process software 460 ... LUKS”; as the volume/partition is unlocked by the Linux Unified Key Setup software, it is necessarily a Linux Unified Key Setup volume; to the extent that there is any ambiguity within Shriver that LUKS refers to Linux Unified Key Setup, Examiner takes official notice that LUKS is commonly known to refer to Linux Unified Key Setup)
As per claim 6, Shriver in view of Beachem, Huang and Schack teaches claim 1.
Shriver In view of Huang and Schack does not clearly teach further comprising causing, by the installation image, the information handling system to reboot after completion of installation of the operating system.
However, Beachem teaches further comprising causing, by the installation image, the information handling system to reboot after completion of installation of the operating system. ([Beachem, para. 0049] “The data [the installation image – see para. 0047] on the exchange partition 390 may also include an instruction [causing by the installation image] to reboot the endpoint asset [the information handling system] once the update process [installation of the operating system] is complete”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Huang and Schack with the teachings of Beachem to include further comprising causing, by the installation image, the information handling system to reboot after completion of installation of the operating system. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit the need for being physically present at the endpoint device in order to provide updates that may require a reboot. (Beachem, para. 0062)
As per claim 7, Shriver teaches a system comprising: ([Shriver, para. 0015] “a computer system capable of performing the computing operations described herein”)
a processor; and ([Shriver, para. 0015] “Information handling system 100 includes one or more processors”)
a memory having computer-executable instructions thereon ([Shriver, para. 0036] “program code ... may ... be resident in the ... memory of the computer”) that are configured to generate a non-transitory computer-readable storage medium that is configured for, when read and executed by an information handling system: ([para. 0015] “Information handling system 100 ... performing [read and executing] the computing operations [instructions] described herein”; [para. 0036] “the set of instructions may be stored in another computer memory [generate], for example, in a hard disk drive or in a removable memory such as an optical disk [a non-transitory computer-readable storage medium] ... for eventual use [that is configured to] in a CD ROM”; Examiner interprets “configured to generate a non-transitory computer-readable storage medium” in accordance to its broadest reasonable interpretation to mean obtaining the instructions from the non-transitory medium; here the instructions are stored in an optical disk/generated to be in an optical disk as is identical to the generating step of the instant application – see for example step 202 described in pg. 7 of the instant application; to the extent that there is any ambiguity within Shriver that instructions executable by a processor for generating a non-transitory computer-readable storage medium is disclosed as explained, Examiner takes official notice that this is commonly known to a person of ordinary skill in the art)
booting the information handling system from a boot image stored on the non-transitory computer-readable storage medium; ([Shriver, para. 0004] “the boot process is initiating a session of the information handling system”; [para. 0023] “the boot configuration [boot image] from Master Boot Record (MBR) 320 of nonvolatile storage device 185 [stored on a non-transitory computer readable storage medium] ... include code executed during the boot process”)
prompting, by the boot image, ([Shriver, para. 0025] “Fig. 4 is a flowchart showing steps performed by the ... boot process”; [para. 0027] “the boot process [by the boot image] attempts to retrieve [prompting]”) for a password ([para. 0027] “the boot process attempts to retrieve an update encryption key ... from the user ... a password”) for an encrypted volume stored on the non-transitory computer-readable storage medium, ([para. 0027] “the update encryption key is used to [a password used for] decrypt an encrypted copy of the disk encryption key ... used to unlock encrypted partition 340 [an encrypted volume”]; [Fig. 3] Encrypted partition 340 is stored on the mass storage device 185) wherein the encrypted volume includes a kernel and an initial ramdisk; ([para. 0028] “an encrypted copy of the operating system kernel ... is decrypted and loaded from encrypted partition 340 ... an initial RAM disk ... is also retrieved and decrypted from encrypted partition 340”; a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system is more clearly taught by Schack below)
loading, by the boot image, the kernel of the condensed operating system; ([Shriver, para. 0028] “at step 480, [by the boot image as the steps of Fig. 4 including step 480 is performed by the boot process] an encrypted copy of the operating system kernel (the "kernel") is [the kernel of the condensed operating system – as there is no definition of “condensed operating system” nor any examples in the specification, Examiner interprets this in its ordinary broadest reasonable meaning as to be any operating system that includes a kernel that may be encrypted to be condensed; alternatively, Schack below teaches the kernel and the initial ramdisk is “for a condensed operating system” and “of the condensed operating system”] ... loaded from encrypted partition 340 [stored within the encrypted volume]”)
passing, by the boot image, the password to the condensed operating system; and ([Shriver, para. 0031] “at step 540, the kernel boot process [condensed operating system] attempts to retrieve an update encryption key [passing by the boot image to the kernel boot process] ... a password ... from some other input [passing, by the boot process]”; the “kernel boot process” is code stored within an encrypted volume as the kernel was stored within the encrypted partition 340 as described above; identically, the process of retrieving the password/update encryption key by the boot image was clearly described by Shriver as explained above, and so “some other input”/boot image/boot process passes/provides the password/update encryption key to the kernel boot process; wherein the password is passed via a command-line argument of the kernel is more clearly taught by Huang below)
decrypting, by the condensed operating system, ([Shriver, para. 0029] “Fig. 5 is a flowchart showing steps performed by the ... kernel boot process [condensed operating system]”) the encrypted volume using the password. ([Para. 0031] “at step 550, the received update encryption key [password] is used to decrypt an encrypted copy of the disk encryption ... used to unlock [decrypt] encrypted partition 340 [the encrypted volume]”)
Shriver does not clearly teach wherein the encrypted volume includes a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system on the information handling system; wherein the password is passed via a command-line argument of the kernel; and causing, by the condensed operating system, execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system.
However, Beachem teaches wherein the encrypted volume includes a condensed operating system ([Beachem, para. 0045] “the fully encrypted drive ... storage device 247”; [para. 0047] “pre-boot operating system 385 [the condensed operating system] ... on the ... storage drive 247”) that is configured to install an operating system on the information handling system; and ([para. 0048] “the pre-boot system 385 ... to update the main operating system 380”; [Fig. 3; para. 0042] the update is to be installed on the laptop/information handling system depicted in Fig. 3 as “memory 220 ... comprise a main operating system 380”)
causing, by the condensed operating system, ([Beachem, para. 0045] “the fully encrypted drive ... storage device 247”; [para. 0047] “pre-boot operating system 385 [the condensed operating system] ... on the ... storage drive 247”) execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system. ([Para. 0047] “data ... such as a software bundle [image] ... to update the main operating system [operation system installation image] is loaded onto the information exchange partition 390 and encrypted [stored within the encrypted volume”; [para. 0049] “the pre-boot operating system 385 [causing by the condensed operating system] ... decrypt the data to be loaded on the fully encrypted drive [on the information handling system – see para. 0013 “fully encrypted drive on an endpoint computing device”] ... to perform the update [execution of the operating image to install the operating system]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver with the teachings of Beachem to include wherein the encrypted volume includes a condensed operating system that is configured to install an operating system on the information handling system; and causing, by the condensed operating system, execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit allowing management and provision of updates to an end point computing device employing full disk encryption. (Beachem, para. 0062)
Shriver in view of Beachem does not clearly teach a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system; and wherein the password is passed via a command-line argument of the kernel.
However, Huang teaches wherein the password is passed via a command-line argument of the kernel. ([Huang, para. 0003] “A shell is a command language interpreter and acts as an interface between the user and the kernel ... and is commonly categorized into command-line shells”; [para. 0035] “the user of the user account shell [via command-line argument of the kernel] ... send a command [passed] with at least one parameter ... /dev/passwd [the password]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Beachem with the teachings of Huang to include wherein the password is passed via a command-line argument of the kernel. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of allowing engineers to conveniently read/write/move/copy system files such as the update described above. (Huang, para. 0004)
Shiver in view of Beachem and Huang does not clearly teach a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system.
However, Schack teaches a kernel and an initial ramdisk for a condensed operating system ([Schack, para. 0007] “At boot time of the operating system, the instructions cause the processor to boot a kernel of the [for] operating system with a minimal number of modules loaded [condensed operating system] ... fewer modules than needed for a fully functioning operating system ... to install packages of the file system”; [para. 0038] “the kernel access the ... Ramdisk) that is configured to install an operating system. ([para. 0039] “installing the file system packages ... as a fully functional operating system”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Huang and Beachem with the teachings of Schack to include a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system. One of ordinary skill in the art would have been motivated to make this modification because security breaches for a circuit platform subject to compromise by unauthorized changes to a file system may be mitigated by abstracting the file system into a minimal number of modules before installation. (Schack, para. 0005; para. 0008)
As per claim 11, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.
As per claim 12, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.
As per claim 13, Shriver teaches an article of manufacture comprising a non-transitory, computer-readable storage medium embodying computer program code, ([Shriver, para. 0036] “program code ... may ... be resident in the ... memory of the computer [an article of manufacture comprising a non-transitory, computer readable storage medium embodying computer program code]”) the computer program code comprising computer executable instructions configured for: ([claim 8] “a set of instructions stored in the memory and executed by at least one of the processors in order to perform the actions of ... a secure boot operation”)
booting an information handling system from a boot image stored on the non-transitory, computer-readable storage medium; ([Shriver, para. 0004] “the boot process is initiating a session of the information handling system”; [para. 0023] “the boot configuration [boot image] from Master Boot Record (MBR) 320 of nonvolatile storage device 185 [stored on a non-transitory computer readable storage medium] ... include code executed during the boot process”)
prompting, by the boot image, ([Shriver, para. 0025] “Fig. 4 is a flowchart showing steps performed by the ... boot process”; [para. 0027] “the boot process [by the boot image] attempts to retrieve [prompting]”) for a password ([para. 0027] “the boot process attempts to retrieve an update encryption key ... from the user ... a password”) for an encrypted volume stored on the non-transitory computer-readable storage medium, ([para. 0027] “the update encryption key is used to [a password used for] decrypt an encrypted copy of the disk encryption key ... used to unlock encrypted partition 340 [an encrypted volume”]; [Fig. 3] Encrypted partition 340 is stored on the mass storage device 185) wherein the encrypted volume includes a kernel and an initial ramdisk; ([para. 0028] “an encrypted copy of the operating system kernel ... is decrypted and loaded from encrypted partition 340 ... an initial RAM disk ... is also retrieved and decrypted from encrypted partition 340”; a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system is more clearly taught by Schack below)
loading, by the boot image, the kernel of the condensed operating system; ([Shriver, para. 0028] “at step 480, [by the boot image as the steps of Fig. 4 including step 480 is performed by the boot process] an encrypted copy of the operating system kernel (the "kernel") is [the kernel of the condensed operating system – as there is no definition of “condensed operating system” nor any examples in the specification, Examiner interprets this in its ordinary broadest reasonable meaning as to be any operating system that includes a kernel that may be encrypted to be condensed; alternatively, Schack below teaches the kernel and the initial ramdisk is “for a condensed operating system” and “of the condensed operating system”] ... loaded from encrypted partition 340 [stored within the encrypted volume]”)
passing, by the boot image, the password to the condensed operating system; and ([Shriver, para. 0031] “at step 540, the kernel boot process [condensed operating system] attempts to retrieve an update encryption key [passing by the boot image to the kernel boot process] ... a password ... from some other input [passing, by the boot process]”; the “kernel boot process” is code stored within an encrypted volume as the kernel was stored within the encrypted partition 340 as described above; identically, the process of retrieving the password/update encryption key by the boot image was clearly described by Shriver as explained above, and so “some other input”/boot image/boot process passes/provides the password/update encryption key to the kernel boot process; wherein the password is passed via a command-line argument of the kernel is more clearly taught by Huang below)
decrypting, by the condensed operating system, ([Shriver, para. 0029] “Fig. 5 is a flowchart showing steps performed by the ... kernel boot process [condensed operating system]”) the encrypted volume using the password. ([para. 0031] “at step 550, the received update encryption key [password] is used to decrypt an encrypted copy of the disk encryption ... used to unlock [decrypt] encrypted partition 340 [the encrypted volume]”)
Shriver does not clearly teach wherein the encrypted volume includes a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system on the information handling system; wherein the password is passed via a command-line argument of the kernel; and causing, by the condensed operating system, execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system.
However, Beachem teaches wherein the encrypted volume includes a condensed operating system ([Beachem, para. 0045] “the fully encrypted drive ... storage device 247”; [para. 0047] “pre-boot operating system 385 [the condensed operating system] ... on the ... storage drive 247”) that is configured to install an operating system on the information handling system; and ([para. 0048] “the pre-boot system 385 ... to update the main operating system 380”; [Fig. 3; para. 0042] the update is to be installed on the laptop/information handling system depicted in Fig. 3 as “memory 220 ... comprise a main operating system 380”)
causing, by the condensed operating system, ([Beachem, para. 0045] “the fully encrypted drive ... storage device 247”; [para. 0047] “pre-boot operating system 385 [the condensed operating system] ... on the ... storage drive 247”) execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system. ([Para. 0047] “data ... such as a software bundle [image] ... to update the main operating system [operation system installation image] is loaded onto the information exchange partition 390 and encrypted [stored within the encrypted volume”; [para. 0049] “the pre-boot operating system 385 [causing by the condensed operating system] ... decrypt the data to be loaded on the fully encrypted drive [on the information handling system – see para. 0013 “fully encrypted drive on an endpoint computing device”] ... to perform the update [execution of the operating image to install the operating system]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver with the teachings of Beachem to include wherein the encrypted volume includes a condensed operating system that is configured to install an operating system on the information handling system; and causing, by the condensed operating system, execution of an operating system installation image stored within the encrypted volume to install the operating system on the information handling system. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit allowing management and provision of updates to an end point computing device employing full disk encryption. (Beachem, para. 0062)
Shriver in view of Beachem does not clearly teach a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system; and wherein the password is passed via a command-line argument of the kernel.
However, Huang teaches wherein the password is passed via a command-line argument of the kernel. ([Huang, para. 0003] “A shell is a command language interpreter and acts as an interface between the user and the kernel ... and is commonly categorized into command-line shells”; [para. 0035] “the user of the user account shell [via command-line argument of the kernel] ... send a command [passed] with at least one parameter ... /dev/passwd [the password]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Beachem with the teachings of Huang to include wherein the password is passed via a command-line argument of the kernel. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of allowing engineers to conveniently read/write/move/copy system files such as the update described above. (Huang, para. 0004)
Shiver in view of Beachem and Huang does not clearly teach a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system.
However, Schack teaches a kernel and an initial ramdisk for a condensed operating system ([Schack, para. 0007] “At boot time of the operating system, the instructions cause the processor to boot a kernel of the [for] operating system with a minimal number of modules loaded [condensed operating system] ... fewer modules than needed for a fully functioning operating system ... to install packages of the file system”; [para. 0038] “the kernel access the ... Ramdisk) that is configured to install an operating system. ([para. 0039] “installing the file system packages ... as a fully functional operating system”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Shriver in view of Huang and Beachem with the teachings of Schack to include a kernel and an initial ramdisk for a condensed operating system that is configured to install an operating system. One of ordinary skill in the art would have been motivated to make this modification because security breaches for a circuit platform subject to compromise by unauthorized changes to a file system may be mitigated by abstracting the file system into a minimal number of modules before installation. (Schack, para. 0005; para. 0008)
As per claim 17, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.
As per claim 18, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.
Claims 4, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Shriver in view of Beachem, Huang and Schack as applied to claims 1, 7 and 13 above, and further in view of Claes (US Pub. 2021/0034750) (hereinafter “Claes”).
As per claim 4, Shriver in view of Beachem, Huang and Schack teaches claim 1.
Shriver in view of Beachem, Huang and Schack does not clearly teach wherein the boot image is a Grand Unified Boot Loader image.
However, Claes teaches wherein the boot image is a Grand Unified Boot Loader image. ([Claes, para. 0135] The program data stored in the storage area “/boot” [the boot image] comprise a so-called boot loader ... in Linux ... the so-called “Grand Unified Boot Loader”)
Shriverin view of Beachem, Huang and Schack teaches all of the claimed features of the information handling system except for wherein the boot image is a Grand Unified Boot Loader image. Shriver uses a boot process to boot a Linux system (see Shriver, para. 0004 “the boot process is initiating a session of the information processing system”; para. 0026; “unlock is performed by ... LUKS”). Claes teaches, in an information handling system, the use of the Grand Unified Boot Loader to boot a Linux system. Because both Shriver and Claes teach the use of a boot image/process to boot a Linux system, it would have been obvious to one skilled in the art to substitute one type of boot loader/image/process in Linux for another to achieve the predictable result of the boot loader/image/process in Linux of being a particular type, in this case, a Grand Unified Boot Loader.
As per claim 10, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.
As per claim 16, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Cherian et al. (US Pub. 2009/0327675) discloses a boot client prompting a user for a login name and password, and then installing the boot image based on the password being authorized.
Behera et al. (US Pub. 2023/0409439) discloses a Windows Preinstallation Environment that is a smaller operating system used to install other larger Windows operating systems.
Mueller et al. (US Pub. 2017/0237560) discloses using disk encryption to secure an OS where the OS is installed by a maintenance OS such as WinPE.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634. The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/ZHE LIU/Examiner, Art Unit 2493