Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsDELL PRODUCTS, L.P. › 18364067
Last updated: May 29, 2026
Application No. 18/364,067

EXTEND MACHINE TRUST TO THIRD-PARTY FIRMWARE

Non-Final OA §103
Filed
Aug 02, 2023
Examiner
LANE, GREGORY A
Art Unit
2438
Tech Center
2400 — Computer Networks
Assignee
DELL PRODUCTS, L.P.
OA Round
2 (Non-Final)
74%
Grant Probability
Favorable
2-3
OA Rounds
6m
Est. Remaining
74%
With Interview

Interview Optional

-0.2% interview lift. Interview lift (-0.2%) is below the 15.0% threshold. A written response is recommended.
Based on 593 resolved cases, 2023–2026

Examiner Intelligence

LANE, GREGORY A View full profile →
Grants 74% — above average
74%
Career Allowance Rate
442 granted / 593 resolved
+16.5% vs TC avg
Minimal -0% lift
Without
With
+-0.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
15 currently pending
Career history
618
Total Applications
across all art units

Statute-Specific Performance

§101
0.8%
-39.2% vs TC avg
§103
97.3%
+57.3% vs TC avg
§102
1.4%
-38.6% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 593 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 1. The following is a Final Office Action in response to applicant’s arguments filed on September 30, 2025 claims 6, 12 and 18 are cancelled claims 1, 7, and 13 are amended Claims 1-5, 7-11, and 13-17 are pending Examiner’s Note: The specification discloses on page 14 that the management controller may include a processor, memory, and a network interface Response to Arguments Applicant’s amendment to claims 1, 7 and 13 filed on 9/30/2025 regarding, “a management controller configured to provide out-of-band management of the information handling system and comprising a firmware that includes a bootloader component that is cryptographically signed by a manufacturer of the information handling system and a runtime component that is not cryptographically signed by the manufacturer of the information handling system;” necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-5, 7-11, and 13-17 have been considered but are moot in view of the new ground(s) of rejection. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 1.) Claims 1, 7 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080244257, Vaid in view of US 20200145825, Reimann In regards to claim 1, Vaid teaches an information handling system comprising: a host system (US 20080244257, Vaid, para. 0023, Referring now to FIG. 2A, there is shown a block diagram illustrating an exemplary server platform, according to embodiments of the invention. In one server embodiment, a platform comprises processor 301 communicatively coupled to DRAM 303a-b, an input/output Hub (IOH) 307, flash memory 305, and an input/output controller hub (ICH) 309. In this server embodiment, the north bridge (memory controller not shown) resides in the processor 301. The platform may have a trusted platform module (TPM) 311 and may be connected to an external LAN 313. The platform may also be coupled with a discrete graphics controller 315 via an external baseboard management controller (BMC)); and a management controller configured to provide out-of-band management of the information handling system and comprising a firmware that includes a bootloader component that is cryptographically signed by a manufacturer of the information [handling system (US 20080244257, Vaid, paras. [0014] and [0039]; [0014] - utilizing the OOB capabilities of the microcontroller, certificates and keys may be compared with authenticated web sites or bulletin boards accessible via an OOB connection, typically on the public Internet. During boot, the certificates and keys may be validated by the OOB microcontroller. [0039], In embodiments of the disclosed invention, a goal is to have Unified Extensible Firmware Interface (UEFI) firmware check the loader signature and not invoke if the platform is not in the owner-authorized state. Since UEFI participates in code-integrity guarantees, it becomes even more important to ensure that code-integrity violations do not occur. It will be understood that while disclosed embodiments of the invention work well with a platform conforming to an UEFI architecture, any platform with a separate controller with OOB capabilities may be used to verify keys and ensure the integrity of the boot loader and other key components of the platform. ) and a runtime component that is not cryptographically signed by the manufacturer of the information handling system (US 20080244257, Vaid, para. 0002, The Unified Extensible Firmware Interface (UEFI) specification defines a new model for the interface between operating systems and platform firmware. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls[i.e. note: runtime components] that are available to the operating system and its loader.); Vaid does not teach wherein the management controller is configured to establish trust with a remote information handling system by: receiving a handshake request from the remote information handling system, the handshake request including a payload; the runtime component transmitting the payload to the bootloader component for encryption; the bootloader component encrypting the payload upon a subsequent boot of the management controller via a key that is accessible by the bootloader component but not accessible by the runtime component; and responding to the handshake request by transmitting the encrypted payload to the remote information handling system However, Reimann teaches wherein the management controller is configured to establish trust with a remote information handling system by: receiving a handshake request from the remote information handling system, the handshake request including a payload (US 20200145825, Reimann, para. 0027, the NFC device 117 may perform a handshaking process with the NFC device 137 to authenticate the NFC device 137. For example, the NFC device 117 may transmit one or more messages to initiate communication and/or to establish a communication link with a nearby NFC device. Upon receiving the messages, the NFC device 137 may transmit one or more messages to the NFC device 117 to establish a communication link with the NFC device 117. The NFC device 117 and the NFC device 137 may exchange credential information (e.g., identifiers, signatures, keys, etc.) during the handshaking process to establish the communication link.); the runtime component transmitting the payload to the bootloader component for encryption (US 20200145825, Reimann, para. 0029 and 0030: [0029]- the firmware 113 can verify a boot loader that may load the operating system 119 and/or runtime environment for the computing device 110 (e.g., by verifying a digital signature associated with the boot loader). The firmware 113 may load the boot loader upon verifying the boot loader. The boot loader may load data for the operating system 119 from secondary memory (e.g., from a disk drive or solid state drive) into main memory.[0030]- In some embodiments, the NFC device 137 may also provide the NFC device 117 with data to be used during the boot process. For example, the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process.); the bootloader component encrypting the payload upon a subsequent boot of the management controller via a key that is accessible by the bootloader component but not accessible by the runtime component(US 20200145825, Reimann, para. 0030, In some embodiments, the NFC device 137 may also provide the NFC device 117 with data to be used during the boot process. For example, the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a storage device of the computing device 110 (e.g., a memory of the computing device 110).); and responding to the handshake request by transmitting the encrypted payload to the remote information handling system (US 20200145825, Reimann, para. 0027 and 0030: [0027]- The NFC device 117 and the NFC device 137 may exchange credential information (e.g., identifiers, signatures, keys, etc.) during the handshaking process to establish the communication link.[0030]- the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a storage device of the computing device 110 (e.g., a memory of the computing device 110). In some embodiments, the NFC device 137 may transmit the cryptographic key to the NFC device 117 after the NFC device 117 is successfully authenticated by the NFC device 137. For example, the NFC device 117 can send credential information of the NFC device 117 to the NFC device 137 (e.g., an identifier, signature, password, etc. [i.e. note: the credential information is implicitly encrypted and stored and subsequently transmitted]). Vaid and Reimann are combinable because both are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vaid with the teaching of Reimann because a user would have been motivated to enhance hardware security by performing device authentication, taught by Reimann, in order to verify an identity of a device prior to performing a booting process in a system taught by Vaid (Reimann, para. 0026) In regards to claim 7, Vaid teaches a method comprising: wherein the management controller includes a firmware that includes a bootloader component that is cryptographically signed by a manufacturer of the information handling system and a runtime component that is not cryptographically signed by the manufacturer of the information handling system(US 20080244257, Vaid, para. 0039, In embodiments of the disclosed invention, a goal is to have UEFI firmware check the loader signature and not invoke if the platform is not in the owner-authorized state. Since UEFI participates in code-integrity guarantees, it becomes even more important to ensure that code-integrity violations do not occur. It will be understood that while disclosed embodiments of the invention work well with a platform conforming to an UEFI architecture, any platform with a separate controller with OOB capabilities may be used to verify keys and ensure the integrity of the boot loader and other key components of the platform. ); Vaid does not teach the following limitations: a management controller of an information handling system that is configured to provide out-of-band management of the information handling system receiving handshake request from a remote information handling system, the handshake request including a payload, the bootloader component management controller encrypting the payload upon a subsequent boot of the management controller via a key that is accessible by the bootloader component but not accessible by the runtime component; and the management controller responding to the handshake request by transmitting the encrypted payload to the remote information handling system; the runtime component transmitting the payload to the bootloader component for encryption; However, Reimann teaches the limitations as follows: a management controller of an information handling system that is configured to provide out-of-band management of the information handling system receiving handshake request from a remote information handling system, the handshake request including a payload (US 20200145825, Reimann, para. 0027, the NFC device 117 may perform a handshaking process with the NFC device 137 to authenticate the NFC device 137. For example, the NFC device 117 may transmit one or more messages to initiate communication and/or to establish a communication link with a nearby NFC device. Upon receiving the messages, the NFC device 137 may transmit one or more messages to the NFC device 117 to establish a communication link with the NFC device 117. The NFC device 117 and the NFC device 137 may exchange credential information (e.g., identifiers, signatures, keys, etc.) during the handshaking process to establish the communication link.), the bootloader component management controller encrypting the payload upon a subsequent boot of the management controller via a key that is accessible by the bootloader component but not accessible by the runtime component (US 20200145825, Reimann, para. 0030, In some embodiments, the NFC device 137 may also provide the NFC device 117 with data to be used during the boot process. For example, the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a storage device of the computing device 110 (e.g., a memory of the computing device 110).); and the management controller responding to the handshake request by transmitting the encrypted payload to the remote information handling system (US 20200145825, Reimann, para. 0027 and 0030: [0027]- The NFC device 117 and the NFC device 137 may exchange credential information (e.g., identifiers, signatures, keys, etc.) during the handshaking process to establish the communication link.[0030]- the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a storage device of the computing device 110 (e.g., a memory of the computing device 110). In some embodiments, the NFC device 137 may transmit the cryptographic key to the NFC device 117 after the NFC device 117 is successfully authenticated by the NFC device 137. For example, the NFC device 117 can send credential information of the NFC device 117 to the NFC device 137 (e.g., an identifier, signature, password, etc. [i.e. note: the credential information is implicitly encrypted and stored and subsequently transmitted]); the runtime component transmitting the payload to the bootloader component for encryption (US 20200145825, Reimann, para. 0029 and 0030: [0029]- the firmware 113 can verify a boot loader that may load the operating system 119 and/or runtime environment for the computing device 110 (e.g., by verifying a digital signature associated with the boot loader). The firmware 113 may load the boot loader upon verifying the boot loader. The boot loader may load data for the operating system 119 from secondary memory (e.g., from a disk drive or solid state drive) into main memory.[0030]- In some embodiments, the NFC device 137 may also provide the NFC device 117 with data to be used during the boot process. For example, the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process.). Vaid and Reimann are combinable because both are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vaid with the teaching of Reimann because a user would have been motivated to enhance hardware security by performing device authentication, taught by Reimann, in order to verify an identity of a device prior to performing a booting process in a system taught by Vaid (Reimann, para. 0026) In regards to claim 13, Vaid teaches an article of manufacture comprising a non-transitory, computer-readable medium having computer-executable instructions thereon that are executable by a processor of a management controller of an information handling system that is configured to provide out-of-band management of the information handling system, wherein the management controller includes a firmware that includes a bootloader component that is cryptographically signed by a manufacturer of the information handling system and a runtime component that is not cryptographically signed by the manufacturer of the information handling system(US 20080244257, Vaid, para. 0039, In embodiments of the disclosed invention, a goal is to have UEFI firmware check the loader signature and not invoke if the platform is not in the owner-authorized state. Since UEFI participates in code-integrity guarantees, it becomes even more important to ensure that code-integrity violations do not occur. It will be understood that while disclosed embodiments of the invention work well with a platform conforming to an UEFI architecture, any platform with a separate controller with OOB capabilities may be used to verify keys and ensure the integrity of the boot loader and other key components of the platform. ), Vaid does not teach the instructions executable for: receiving handshake request from a remote information handling system, the handshake request including a payload; the runtime component transmitting the payload to the bootloader component for encryption; the bootloader component encrypting the payload upon a subsequent boot of the management controller via a key that is accessible by the bootloader component but not accessible by the runtime component; and responding to the handshake request by transmitting the encrypted payload to the remote information handling system; However, Reimann teaches the instructions executable for: receiving handshake request from a remote information handling system, the handshake request including a payload(US 20200145825, Reimann, para. 0027, the NFC device 117 may perform a handshaking process with the NFC device 137 to authenticate the NFC device 137. For example, the NFC device 117 may transmit one or more messages to initiate communication and/or to establish a communication link with a nearby NFC device. Upon receiving the messages, the NFC device 137 may transmit one or more messages to the NFC device 117 to establish a communication link with the NFC device 117. The NFC device 117 and the NFC device 137 may exchange credential information (e.g., identifiers, signatures, keys, etc.) during the handshaking process to establish the communication link.); the runtime component transmitting the payload to the bootloader component for encryption(US 20200145825, Reimann, para. 0029 and 0030: [0029]- the firmware 113 can verify a boot loader that may load the operating system 119 and/or runtime environment for the computing device 110 (e.g., by verifying a digital signature associated with the boot loader). The firmware 113 may load the boot loader upon verifying the boot loader. The boot loader may load data for the operating system 119 from secondary memory (e.g., from a disk drive or solid state drive) into main memory.[0030]- In some embodiments, the NFC device 137 may also provide the NFC device 117 with data to be used during the boot process. For example, the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process.); the bootloader component encrypting the payload upon a subsequent boot of the management controller via a key that is accessible by the bootloader component but not accessible by the runtime component(US 20200145825, Reimann, para. 0030, In some embodiments, the NFC device 137 may also provide the NFC device 117 with data to be used during the boot process. For example, the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a storage device of the computing device 110 (e.g., a memory of the computing device 110).); and responding to the handshake request by transmitting the encrypted payload to the remote information handling system (US 20200145825, Reimann, para. 0027 and 0030: [0027]- The NFC device 117 and the NFC device 137 may exchange credential information (e.g., identifiers, signatures, keys, etc.) during the handshaking process to establish the communication link.[0030]- the NFC device 137 may transmit, to the NFC device 117, a cryptographic key that can be used to access encrypted data to be used to complete the boot process. The cryptographic key can be and/or include, for example, a disk decryption key that can be used to decrypt and/or access encrypted data stored in a storage device of the computing device 110 (e.g., a memory of the computing device 110). In some embodiments, the NFC device 137 may transmit the cryptographic key to the NFC device 117 after the NFC device 117 is successfully authenticated by the NFC device 137. For example, the NFC device 117 can send credential information of the NFC device 117 to the NFC device 137 (e.g., an identifier, signature, password, etc. [i.e. note: the credential information is implicitly encrypted and stored and subsequently transmitted]). Vaid and Reimann are combinable because both are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vaid with the teaching of Reimann because a user would have been motivated to enhance hardware security by performing device authentication, taught by Reimann, in order to verify an identity of a device prior to performing a booting process in a system taught by Vaid (Reimann, para. 0026) 2.) Claims 2, 3, 8, 9, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080244257, Vaid in view of US 20200145825, Reimann and further in view of US 20230342446, Reddy In regards to claim 2, the combination of Vaid and Reimann teach the information handling system of claim 1. The combination of Vaid and Reimann do not teach wherein the remote information handling system is a chassis management controller However, Reddy teaches wherein the remote information handling system is a chassis management controller (US 20230342446, Reddy, para. 0029, The baseboard management controller may have hardware level access to hardware devices that are located in a server chassis including system memory.). Reddy, Vaid and Reimann are combinable because all are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Reddy because a user would have been motivated to utilize the management controller and security processor, taught by Reddy, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to provide security functions that resist tampering and malicious software affecting the firmware (Reddy, para. 0038) In regards to claim 3, the combination of Vaid and Reimann teach the information handling system of claim 1. The combination of Vaid and Reimann do not teach wherein the management controller comprises a baseboard management controller (BMC) However, Reddy teaches wherein the management controller comprises a baseboard management controller (BMC) (US 20230342446, Reddy, para. 0029, The baseboard management controller may have hardware level access to hardware devices that are located in a server chassis including system memory.). Vaid, Reimann and Reddy are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Reddy because a user would have been motivated to utilize the management controller and security processor, taught by Reddy, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to provide security functions that resist tampering and malicious software affecting the firmware(Reddy, para. 0038) In regards to claim 8, the combination of Vaid and Reimann teach the method of claim 7. The combination of Vaid and Reimann do not teach wherein the remote information handling system is a chassis management controller However, Reddy teaches wherein the remote information handling system is a chassis management controller (US 20230342446, Reddy, para. 0029, The baseboard management controller may have hardware level access to hardware devices that are located in a server chassis including system memory.). Vaid, Reimann and Reddy are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Reddy because a user would have been motivated to utilize the management controller and security processor, taught by Reddy, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to provide security functions that resist tampering and malicious software affecting the firmware(Reddy, para. 0038) In regards to claim 9, the combination of Vaid and Reimann teach the method of claim 7. The combination of Vaid and Reimann do not teach wherein the management controller comprises a baseboard management controller (BMC) However, Reddy teaches wherein the management controller comprises a baseboard management controller (BMC (US 20230342446, Reddy, para. 0029, The baseboard management controller may have hardware level access to hardware devices that are located in a server chassis including system memory.). Vaid, Reimann and Reddy are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Reddy because a user would have been motivated to utilize the management controller and security processor, taught by Reddy, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to provide security functions that resist tampering and malicious software affecting the firmware(Reddy, para. 0038) In regards to claim 14, the combination of Vaid and Reimann teach the article of claim 13. The combination of Vaid and Reimann do not teach wherein the remote information handling system is a chassis management controller However, Reddy teaches wherein the remote information handling system is a chassis management controller (US 20230342446, Reddy, para. 0029, The baseboard management controller may have hardware level access to hardware devices that are located in a server chassis including system memory.). Vaid, Reimann and Reddy are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Reddy because a user would have been motivated to utilize the management controller and security processor, taught by Reddy, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to provide security functions that resist tampering and malicious software affecting the firmware(Reddy, para. 0038) In regards to claim 15, the combination of Vaid and Reimann teach the article of claim 13. The combination of Vaid and Reimann do not teach wherein the management controller comprises a baseboard management controller (BMC) However, Reddy teaches wherein the management controller comprises a baseboard management controller (BMC) (US 20230342446, Reddy, para. 0029, The baseboard management controller may have hardware level access to hardware devices that are located in a server chassis including system memory.). Vaid, Reimann and Reddy are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Reddy because a user would have been motivated to utilize the management controller and security processor, taught by Reddy, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to provide security functions that resist tampering and malicious software affecting the firmware(Reddy, para. 0038) 3.) Claims 4, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080244257, Vaid in view of US 20200145825, Reimann and further in view of US 20230134324, Emerson In regards to claim 4, the combination of Vaid and Reimann teach the information handling system of claim 1. The combination of Vaid and Reimann do not teach wherein the key is a derived key based on a hardware identity certificate However, Emerson teaches wherein the key is a derived key based on a hardware identity certificate (US 20230134324, Emerson, para. 0038, In response to the request API call corresponding to the request for the key, the secure enclave 140 may extract the requisite hashes, extract the hardware identity certificate, generate the key, and provide the key to the remote management server 190.). Vaid, Reimann and Emerson are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Emerson because a user would have been motivated to utilize the baseboard management controller and secure enclave, taught by Emerson, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to prevent tampering and malicious manipulation of the firmware(Emerson, para. 0057) In regards to claim 10, the combination of Vaid and Reimann teach the method of claim 7. The combination of Vaid and Reimann do not teach wherein the key is a derived key based on a hardware identity certificate However, Emerson teaches wherein the key is a derived key based on a hardware identity certificate (US 20230134324, Emerson, para. 0038, In response to the request API call corresponding to the request for the key, the secure enclave 140 may extract the requisite hashes, extract the hardware identity certificate, generate the key, and provide the key to the remote management server 190.). Vaid, Reimann and Emerson are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Emerson because a user would have been motivated to utilize the baseboard management controller and secure enclave, taught by Emerson, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to prevent tampering and malicious manipulation of the firmware(Emerson, para. 0057) In regards to claim 16, the combination of Vaid and Reimann teach the article of claim 13. The combination of Vaid and Reimann do not teach wherein the key is a derived key based on a hardware identity certificate However, Emerson teaches wherein the key is a derived key based on a hardware identity certificate (US 20230134324, Emerson, para. 0038, In response to the request API call corresponding to the request for the key, the secure enclave 140 may extract the requisite hashes, extract the hardware identity certificate, generate the key, and provide the key to the remote management server 190.). Vaid, Reimann and Emerson are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Emerson because a user would have been motivated to utilize the baseboard management controller and secure enclave, taught by Emerson, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to prevent tampering and malicious manipulation of the firmware(Emerson, para. 0057) 4.) Claims 5, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080244257, Vaid in view of US 20200145825, Reimann and further in view of US 20200134185, Cho In regards to claim 5, the combination of Vaid and Reimann teach the information handling system of claim 1. The combination of Vaid and Reimann do not teach wherein the key is a hidden root key (HRK) However, Cho teaches wherein the key is a hidden root key (HRK)(US 20200134185, Cho, para. 0006, In a number of the disclosed embodiments of the BMC, the HRK may comprise a symmetric advanced encryption standard (AES) cryptographic key based on one-time programmable (OTP) fuse bits fused in a first configuration.). Vaid, Reimann and Cho are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Cho because a user would have been motivated to utilize the baseboard management controller, taught by Cho, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to prevent malicious code from modifying the firmware(Cho, para. 0041) In regards to claim 11, the combination of Vaid and Reimann teach the method of claim 7. The combination of Vaid and Reimann do not teach wherein the key is a hidden root key (HRK) However, Cho teaches wherein the key is a hidden root key (HRK) (US 20200134185, Cho, para. 0006, In a number of the disclosed embodiments of the BMC, the HRK may comprise a symmetric advanced encryption standard (AES) cryptographic key based on one-time programmable (OTP) fuse bits fused in a first configuration.). Vaid, Reimann and Cho are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Cho because a user would have been motivated to utilize the baseboard management controller, taught by Cho, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to prevent malicious code from modifying the firmware(Cho, para. 0041) In regards to claim 17, the combination of Vaid and Reimann teach the article of claim 13. The combination of Vaid and Reimann do not teach wherein the key is a hidden root key (HRK) However, Cho teaches wherein the key is a hidden root key (HRK) (US 20200134185, Cho, para. 0006, In a number of the disclosed embodiments of the BMC, the HRK may comprise a symmetric advanced encryption standard (AES) cryptographic key based on one-time programmable (OTP) fuse bits fused in a first configuration.). Vaid, Reimann and Cho are combinable because they are from the same field of endeavor of device booting. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vaid and Reimann with the teaching of Cho because a user would have been motivated to utilize the baseboard management controller, taught by Cho, to provide enhanced protection for the firmware, taught by the combination of Vaid and Reimann, in order to prevent malicious code from modifying the firmware(Cho, para. 0041) CONCLUSION Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469. The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /GREGORY A LANE/ Examiner, Art Unit 2438 /SHARON S LYNCH/Primary Examiner, Art Unit 2438
Read full office action

Prosecution Timeline

Aug 02, 2023
Application Filed
Jun 30, 2025
Non-Final Rejection mailed — §103
Sep 30, 2025
Response Filed
Jan 12, 2026
Final Rejection mailed — §103
Mar 11, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

17/340,340
Patent 12634264
SECURE END-TO-END COMMUNICATION SYSTEM
4y 11m to grant Granted May 19, 2026
17/749,074
Patent 12634343
DETECTING OPERATION OF AN AUTONOMOUS VEHICLE ON AN UNTRUSTED NETWORK
4y 0m to grant Granted May 19, 2026
18/347,176
Patent 12625963
OVER-THE-AIR DEVICE, OVER-THE-AIR METHOD AND OVER-THE-AIR SYSTEM
2y 10m to grant Granted May 12, 2026
17/656,073
Patent 12619764
SPECIFYING CHARACTERISTICS OF AN OUTPUT DATASET OF A DATA PIPELINE
4y 1m to grant Granted May 05, 2026
17/656,062
Patent 12596833
INTERFACES FOR SPECIFYING INPUT DATASETS, COMPUTATIONAL STEPS, AND OUTPUTS OF A DATA PIPELINE
4y 0m to grant Granted Apr 07, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

2-3
Expected OA Rounds
74%
Grant Probability
74%
With Interview (-0.2%)
3y 4m (~6m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 593 resolved cases by this examiner. Grant probability derived from career allowance rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month