TARGETING OPERATING SYSTEM PROFILES FOR BARE METAL RESTORE

DETAILED ACTION The following claims are pending in this office action: 1-20 Claims 1, 8 and 15 are independent. The following claims are amended: 2-4, 6, 8-11, 13 and 15-19 The following claims are new: - The following claim is cancelled: - Claims 1-5, 7-12, 14-18 and 20 are rejected. This rejection is FINAL. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Allowable Subject Matter Claims 6, 13 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. RESPONSE TO ARGUMENTS Applicant’s arguments in the amendment filed 11/24/2025 have been fully considered but the arguments directed to the independent claims are not persuasive. The reasons are set forth below. Applicant’s position is that the searched prior art does not teach “first and second computing devices from which the first and second integrity data are received.” Arguments, pg. 12. Applicant explains: …no single reference teaches receiving, from two computing devices, image integrity data, then checking to see that the image integrity data matches. (Arguments, pg. 12) ... The claims specify receiving first and second image integrity data from first and second computing devices, respectively, and verifying that the first and second image integrity data match, and registering the second computing device based on the verifying ... (Arguments, pg. 12-13) ...Wu verifies integrity of one device’s disk image in two different places for two different purposes ... In this case, the purpose is to check for version drift at the server, not for modification of the local copy. (Arguments, pg. 13) ...Herzi performs a local integrity check for a boot process from external media. More specifically, Herzi receives a boot image and integrity data from a storage device or remote server and then performs its own integrity check on the boot image to ensure it matches the integrity data it received. (Arguments, pg. 13) ...Parry-Barwick evaluates timeliness of periodic host-state reports and performs VM registration based on VM digital signatures, not based on any cross-device integrity match, and not based on boot-image integrity of two separate computing devices. (Arguments pg. 13) Parry-Barwick does not involve receiving first and second integrity data ... from a first and second computing device, respectively. (Arguments, pg. 16) If an Applicant disagrees with any factual findings by the Office, an effective traverse of a rejection based wholly or partially on such findings must include a reasoned statement explaining why the Applicant believes the Office has erred substantively as to the factual findings. A mere statement or argument that the Office has not established a prima facie case of obviousness will not be considered substantively adequate to rebut the rejection or an effective traverse of the rejection under 37 CFR 1.111(b). See MPEP §2141. During patent prosecution, “claims must be given their broadest reasonable interpretation in light of the specification… Though understanding the claim language may be aided by explanations contained in the written description, it is important not to import into a claim limitations that are not part of the claim.” See MPEP § 2111. "A person of ordinary skill in the art is also a person of ordinary creativity, not an automaton." KSR Int'l Co. sv. Teleflex Inc., 550 U.S. 398, 421, 82 USPQ2d 1385, 1397 (2007). "[I]n many cases a person of ordinary skill will be able to fit the teachings of multiple patents together like pieces of a puzzle." Id. at 420, 82 USPQ2d 1397. Office personnel may also take into account "the inferences and creative steps that a person of ordinary skill in the art would employ." Id. at 418, 82 USPQ2d at 1396. Also see MPEP 2141.03. One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). As described below, Wu teaches “the device generates a signature ... a hash of the disk image ... and sends the signature to the device disk image host server ... the server may then ... determine ... if the hash [first image integrity data] doesn’t match a hash of the corresponding disk image.” Wu, para. 0045. Herzi teaches “where first measure actions action(s) are performed on the operating system image to produce one or more first operating system measurement(s) ... perform a hashing operation on the operating system image received at block 302 in order to produce an operating system hash measurement.” Herzi, para. 0020. The operating system image is received from an external device “the user may couple live media such as ... Universal Serial Bus (USB) drive ... then receive/retrieve the operating system image”. Herzi, para. 0019. Herzi also teaches “second measurement action(s) are performed on the operating system image to produce second operating system measurement(s) ... by reading the read-only operating system image stored on the mass storage device(s) 210a, and ... perform one or more second measurement actions on the operating system image in order to produce second operating system measurement(s).” Herzi, para. 0026. Fig. 2 of Herzi clearly shows the mass storage device 210a is a different computing device from an external USB. Thus, Wu and Herzi together, clearly teaches comparing a hash of a disk image, which is measured from a live media such as a USB drive (receiving first image integrity data from first computing device) with a measurement of an image stored on an internal mass storage device (receiving second image integrity data from second computing device) that is a copy of the image from the USB drive to determine if the hash doesn’t match the corresponding hash (and verifying that the first and second image integrity data match). Here, Applicant first argues that “no single reference teaches receiving, from two computing devices, image integrity data, then checking to see that the image integrity data matches.” However, as explained above, Herzi teaches a receiving first and second measurement (receiving first and second integrity data) which are received from, respectively, an external device and a mass storage device (from two computing devices). The two measurements are then matched. See Fig. 3 and para. 0028 of Herzi. Thus, Herzi clearly teaches “receiving, from two computing device image integrity data, then checking to see that the image integrity matches”, or the limitation as stated in the independent claims. Wu is used as the primary reference to teach other elements of the claim, in addition to a concept of comparing two different image integrity data, which is taught by both Herzi and Wu. Because Applicant’s argument mistakes the scope of the prior art, this argument is unreasoned and is not persuasive Furthermore, it is unclear from Applicant’s arguments how the structure claimed is not taught by Wu. Wu clearly teaches a hash of the disk image sent to a host server, where the server matches hash of a corresponding disk image found at the server end. It is unclear why Applicant believes this to be “one device’s disk image in two places” as there are clearly two different hashes from two different disk images being compared. Although the images and thus the hashes correlate to each other, it is clear that a mismatch can occur. A mismatch cannot occur if the images are the same image. Applicant provides no explanation, because it is not possible to explain, how “one device’s disk image” can be in two different places. As noted by Applicant “the local device sends the disk image hash to the remote server which compares with a current version of the image that it has on hand.” A current version of software on one device is clearly a different object from a past version of the software on a different device. Applicant’s specification itself describes a comparison between two different versions of an image. See para. 0018 of the instant specification “The MDM server compares the current image integrity data to the original image integrity data.” Because Applicant’s own instant specification undermines their interpretation of the claims in view of Wu, this argument is unreasoned and is not persuasive. Furthermore, it is unclear from Applicant’s arguments how the structure claimed is not taught by Herzi. As explained above and in the rejection below, Herzi clearly teaches two different integrity data: “1st measurement” and “2nd measurement.” There is no ambiguity in the reference these are separate integrity measurements of the operating system image. Applicant admits “Herzi performs a local integrity check for a boot process from external media.” Additionally, “Herzi receives ... integrity data from data from a storage device.” Applicant does not explain how comparing the integrity data vis-à-vis boot image from the external media to integrity data from data (a copy of the boot image) from a different storage device is different from the claimed limitation: receiving first and second image integrity data from first and second computing devices, respective and verifying that the first and second image integrity data match. As Applicant’s argument fails to identify differences in structure between Herzi and the claims (in order to provide a reasoned explanation why Examiner errored in mapping claimed structure/elements as identified by Examiner in the mapping above and repeated below), this argument is unreasoned and is not persuasive. Finally, it is unclear from Applicant’s arguments how “registering the second computing device with the device management system based on the verification and the determination” is not taught by Parry-Barwick. Parry-Barwick, as explained below teaches if a managed digital signature is verified, the VM computing device associated with the digital signature is added to the inventory of virtual devices. Furthermore, Parry-Barwick teaches an enrollment period in which the VM computing device must enroll. Applicant notes that Parry-Barwick performs registration “not based on any cross-device integrity match, and not based on boot-image integrity of two separate computing devices.” However, the matching and boot-image integrity (in addition to be taught by Parry-Barwick) are at least clearly taught by Wu and Herzi below, which only occurs contingent upon verification of a signature which, as taught by at least Wu, is based on a cross-device integrity match and boot-image integrity of two separate computing devices. See para. 0045 of Wu which such a verification/matching is also described as matching signatures. A person of ordinary skill in the art would include the registration aspect as well to make the client machines/VMs easier to manage as explained by Parry-Barwick. Because Applicant does not consider the effects of the “combination of references” and the ordinary creativity of a person of ordinary skill in the art, in addition to the teachings of Parry-Barwick as explained below, these arguments are unreasoned and are not persuasive. In conclusion, Applicant’s argument that the cited prior art does not teach “receiving first and second image integrity data from first and second computing devices, respectively, and verifying that the first and second image integrity data match, and registering the second computing device based on the verifying” and related arguments is not persuasive as it does not include reasoned statements explaining why the Applicant believes the Office has erred substantively as to the factual findings. Instead, it amounts to mere statements or arguments that the Office has not established a prima facie case of obviousness and is not considered substantively adequate to rebut the rejection. Applicant further asserts that “the rejection does not identify, let alone explain, how or why a person of the ordinary skill in the art would have combined” the teachings of the cited prior art. Arguments, pg. 12. Applicant explains: ... the rejection does not identify ... why a person of ordinary skill in the art would have combined these teachings into the particular multi-device architecture recited in the claims. (Arguments, pg. 12) ... the Office Action does not provide any "articulated reasoning with rational underpinnings"' to explain why a person of ordinary skill would have modified Wu's single-device hash-verification workflow so that the server would instead compare Wu's first device hash to Herzi's second-device hash, which relate to two images generated in fully different contexts for unrelated purposes. (Arguments, pg. 13-14) ...Under KSR ... It can be important to identify a reason that would have promoted a person of ordinary skill in the relevant field to combine the elements in the way the claimed new invention does... (Arguments, pg. 14) ...Wu already ensures image integrity using its own technique in which the local device downloads the OS image from the server, generates a hash locally, and sends it back to the server to ensure that the local image is unmodified or uncorrupted. (Arguments pg. 14) ...In both Herzi and Wu, there is only one computing device and one server involved in the integrity check ... there would have been no reason to introduce a new device ... since Wu already performs the local integrity check ... without requiring a second device. (Arguments, pg. 14) Wu ... has nothing to do with device registration or integrity check of the local copy... (Arguments, pg. 14) Wu teaches a provisioning of personalized disk images ... there is no intermediary “support computer” as in the present application ... Since no intermediary is needed in either of these solutions, there is no rational basis upon which to combine the two references together to arrive at such a configuration. (Arguments, pg. 15) “… Any motivation to combine references, whether articulated in the references themselves or supported by evidence of the knowledge of a skilled artisan, is sufficient to combine those references to arrive at the claimed process. The motivation supported by the record … need not be the same motivation articulated in the patent for making the claimed combination.” Outdry, 859 F.3d at 1370-71, citing KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 420 (2007). A reference is analogous art to the claimed invention if: (1) the reference is from the same field of endeavor as the claimed invention (even if it addresses a different problem); or (2) the reference is reasonably pertinent to the problem faced by the inventor (even if it is not in the same field of endeavor as the claimed invention). Note that “same field of endeavor” and “reasonably pertinent” are two separate tests for establishing analogous art; it is not necessary for a reference to fulfill both tests in order to qualify as analogous art. See Bigio, 381 F.3d at 1325, 72 USPQ2d at 1212 and MPEP 2141.01(a)(I). As described below, Herzi “the system and methods of the present disclosure ... ensure security of that live media boot by ensuring no modification shave been made to the live media stored on the computing device.” This is an articulated benefit which would entice a person of ordinary skill in the art to combine the teachings of Wu with Herzi. Here, Applicant first argues that there is no identification why a person of ordinary skill in the art would have combined these teachings. However, the reason is clearly stated that such a combination would increase the security of the boot process. Additionally, Applicant argues that the images are generated in fully different contexts and thus does not “combine the elements in the way the claimed invention does.” However, this is a mischaracterization of the cited prior art. Both Wu and Herzi describes using a disk image to boot a computing device. See Wu, para. 0034 and Herzi para. 0017. As explained below, Wu does not explicitly teach “receive, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image.” Although Wu describes comparing two different image integrity data to verify the data, it is lacking an explicit description to securely “receive, from a second computing device” the image integrity data. Herzi, as explained within the reference itself, provides a method to do this securely. The reason as articulated, although not the same as articulated by the instant specification, is a motivation for an ordinarily skilled artisan to make the combinations as claimed: in order to provide additional security for the device management system. Because Applicant does not consider the reasoning articulated in Herzi for improving the disk image boot process of Wu, these arguments are unreasoned and are not persuasive. Furthermore, Applicant makes various arguments that Wu performs a local integrity check without requiring a second device which makes it so that there would be no reason to introduce a new device. However, as explained by Herzi, “levels of high security are achieved by ensuring the operating system on the computing device includes up-to-date “patches” for any known vulnerabilities ... using conventional secure booting methods to boot the computing devices ... users may use conventional live media ... to perform the secure booting.” Herzi, para. 0003. Similarly, Wu describes providing an updated disk image based on matching two different image integrity data. Herzi, para. 0045. However, aside from secure internet communications, the Application is silent regarding secure methods of booting the disk image. Thus, a person of ordinary skill in the art would combine the method described by Herzi, i.e. securely introduce the image onto the server by an external device, in order to further increase the security of the mechanism of Wu for patching/updating the operating system by a secure boot. Because Applicant does not consider benefits of the secure boot system as articulated by Herzi to augment the device management system, these arguments are unreasoned and are not persuasive. Furthermore, Applicant argues that Wu has nothing to do with registration or integrity checking. However, the references are within the same field of endeavor. Applicant’s arguments describe that “Both Wu and Herzi perform ... integrity verification.” Although this is in a context of the determination of whether an update should be performed, it is unclear what Applicant considers to be substantially different between “analyze the signature to determine if a new disk image to be provisioned” of Wu and “If ... it is determined that the ... operating system measurements match ... installation of the operation system provided ... is performed” of Herzi. Both results in the provision/installation of the operating system image onto the computer device. Additionally, Herzi solves the security problem as explained above and below. In regards to registration, although Wu is silent on registering a device for providing a system image, a person of ordinary skill would clearly look to Parry-Barwick for this teaching as Parry-Barwick also relates to the same field of update management of computing devices. Although the reason provided within Parry-Barwick for registration of devices is for organization and space saving benefits, it is still a benefit that a person of ordinary skill would be motivated to include to improve the claimed elements as disclosed by Wu. Because Applicant fails to consider the reasonably pertinent benefits of including the elements of Herzi and Parry-Barwick as explained, this argument is unreasoned and not persuasive. Finally, Applicant argues that there is no intermediary “support computer.” Without making a determination of whether such an intermediary is disclosed, Examiner notes that such an intermediary support computer is not claimed in the independent claims. Because Applicant recites elements that are not claimed, this argument is unreasoned and not persuasive. In conclusion, Applicant’s argument that “the rejection does not identify, let alone explain, how or why a person of the ordinary skill in the art would have combined” the cited references and related arguments is not persuasive as it does not include reasoned statements explaining why the Applicant believes the Office has erred substantively as to the factual findings. Instead, it amounts to mere statements or arguments that the Office has not established a prima facie case of obviousness and is not considered substantively adequate to rebut the rejection. As for Applicant’s arguments directed towards “Amended independent claims 6, 13 and 20,” arguments pg. 16-18, this appears to be a typo. None of these claims are independent claims. Furthermore claim 20 is not amended. These arguments appear to be directed towards dependent claims 6, 13 and 19. Examiner had already indicated that the independent claims would be allowable if these elements were integrated into the independent claims in an interview with Applicant dated 03/04/2026. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 7-12, 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wu (US Pub. 2019/0104172) (hereinafter “Wu”) in view of Herzi (US Pub. 2017/0249133) (hereinafter “Herzi”) and in view of Parry-Barwick et al. (US Pub. 2022/0350629) (hereinafter “Parry-Barwick”). As per claim 1, Wu teaches a device management system comprising: ([Wu, para. 0009] “described is a system for provisioning disk images on remote devices”) a processor; and ([Wu, para. 0009] “The system includes ... a processor”) a computer-readable medium storing instructions that are operative upon execution by the processor to: ([Wu, para. 0009] “The system includes ... a processor”) receive, from a first computing device, a boot image generation request ([Wu, para. 0009] “The system ... includes a server”; [para. 0035] “the device transmits a disk image request to a disk image host server”) and first image integrity data, the first image integrity data representing a first boot image; ([para. 0045] “the device generates a signature [first image integrity data] for the provisioned disk image [a first boot image] ... and sends the signature to the device disk image host server with the disk image request”) store an image timestamp associated with the boot image generation request; and ([Wu, para. 0045] “the device generates a signature ... e.g. ... a last provisioned timestamp ... and sends the signature to the device disk image host server ... The server may then analyze [store] the signature [timestamp]”) verify that the first image integrity data matches the second image integrity data. ([Wu, para. 0045] “the device generates a signature [first image integrity data] ... a hash of the disk image ... and sends the signature to the device disk image host server ... the server may then ... determine ... if the hash [first image integrity data] doesn’t match a hash of the corresponding disk image [the second image integrity data] at the server end”) Wu does not clearly teach receive, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image; determine that the message was received within a length of time from the image timestamp; and register the second computing device with the device management system based on the verification and the determination. However, Herzi teaches receive, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image. ([Herzi, para. 0019] “the BIOS 204 [system] may then receive ... the operating system image [a message that includes second image integrity data] ... through the external device connectors”; [para. 0020] “first measurement action(s) are performed on the operating system image to produce one or more first operating system measurement(s) ... perform a hashing operation on the operating system image received ... to produce an operating system hash measurement [second image integrity data]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu with the teachings of Herzi to include receive, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image. One of ordinary skill in the art would have been motivated to make this modification because such a technique ensure security of the image by ensuring that no modification have been made to the boot image stored on the computing device, by comparing the measurements and making sure they match. (Herzi, para. 0017) Wu in view of Herzi does not clearly teach determine that the message was received within a length of time from the image timestamp; and register the second computing device with the device management system based on the verification and the determination. However, Parry-Barwick teaches determine that the message was received within a length of time from the image timestamp. ([Parry-Barwick, para. 0133] “the guest management agent 209 can periodically receive host device state data [the message] ... The host device state data 215 can be stored in the guest operating system 251 registry [image] along with a timestamp ... If the cached values [message] ... are outdated based on the timestamp [received within a length of time from the image timestamp]”) register the second computing device with the device management system based on the verification and the determination. ([Parry-Barwick, para. 0235] “if the managed VM digital signature is verified [based on the verification], the provisioning tool 131 can add the managed VM 122 to the inventory of virtual devices [register the second computing device with the device management system]”; [para. 0092] “a user ... can enter ... an enrollment grace period or period of time [based on the determination] within which the managed VM 122 must enroll [register]”; [para. 0047] “authenticate one of the host devices” aligns with the verification of a boot image as “The management service 120 can also validate that the VM base image ... meets the managed VM rules”; the “period of time” aligns with the determination of an image timestamp where the timestamp is associated with the boot image generation as “The packaging tool 130 can modify a VM based image [associated with the boot image generation request as the boot image is generated according to a request – see para. 0153-0154] into a managed VM 122 by writing a managed VM configuration file 124 into the VM base image” – see [para. 0038], and “period timer [timestamp] can start once the managed VM 122 is executed for the first time [modified/associated with the boot image generation request]” – see para. 0237) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Herzi with the teachings of Parry-Barwick to include determine that the message was received within a length of time from the image timestamp; and register the second computing device with the device management system based on the verification and the determination. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of providing greater deployment flexibility and storage efficiency while requiring fewer complete managed images. (Parry-Barwick, para. 0245) As per claim 2, Wu in view of Herzi and Parry-Barwick teaches claim 1. Wu in view of Herzi does not clearly teach transmit first enrollment metadata to the first computing device in response to the boot image generation request, the first enrollment metadata including one or more of user data, device data, and tenant data, the first enrollment metadata being included in the first boot image; receive second enrollment metadata from the second computing device; and verify that the first enrollment metadata matches the second enrollment data. However, Parry-Barwick teaches transmit first enrollment metadata to the first computing device in response to the boot image generation request, the first enrollment metadata including one or more of user data, device data, and tenant data, the first enrollment metadata being included in the first boot image; ([Parry-Barwick, para. 0181] “a packaging tool 130 can prepare a VM base image 403 [boot image generation request] ... into a managed VM package 210 [being included in the first boot image] ... certificates, Wi-Fi profiles, email profiles [user/tenant data], data stores, network drives [device data], and data that can be included in the managed VM package 210 [the first enrollment metadata]”]; [para. 0229] “In step 653, a provisioning tool 131 [the first computing device as it is part of the device that uses the image – see para. 0225: “provisioning tool 131 ... included with the host management agent 209” and Fig. 2 where the agent is located within the Host Device 106] can receive a managed VM package 210 ... from the management service”) receive second enrollment metadata from the second computing device; and ([Parry-Barwick, para. 0226] “an administrator can distribute ... through a removable drive ... a managed VM 122 [from the second computing device]”; [para. 0232] “a verifying digital signature [second enrollment metadata] that is based on an intended version of .... managed VM 122 [from the second computing device]”) verify that the first enrollment metadata matches the second enrollment metadata. ([Parry-Barwick, para. 0232] “The managed VM digital signature [first enrollment metadata as it is a certificate – see para. 0222] from the managed VM package 210 can be compared [matches] to a verifying digital signature [second enrollment metadata]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Herzi with the teachings of Parry-Barwick to include transmit first enrollment metadata to the first computing device in response to the boot image generation request, the first enrollment metadata including one or more of user data, device data, and tenant data, the first enrollment metadata being included in the first boot image; receive second enrollment metadata from the second computing device; and verify that the first enrollment metadata matches the second enrollment metadata. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of allowing the system to indicate the parameters of the first image match those of an intended version, thereby preventing potential for conflicts and disruptive changes. (Parry-Barwick, para. 0163; and para. 0234) As per claim 3, Wu in view of Herzi and Parry-Barwick teaches claim 1. Wu also teaches wherein the first image integrity data includes a first hash value generated by a hash algorithm using at least operating system data included in the first boot image. ([Wu, para. 0043] “disk image may include [included in the first boot image] a hash [generated by a hash algorithm] of the disk image [using at least operating system data included in the first boot image]”; [para. 0061] “the disk image includes an operating system for the device [operating system data included in the first boot image]”) Wu in view of Parry-Barwick does not clearly teach wherein the second image integrity data includes a second hash value generated by the hash algorithm using at least operating system data included in the second boot image. However, Herzi teaches wherein the second image integrity data includes a second hash value generated by the hash algorithm using at least operating system data included in the second boot image. ([Herzi, para. 0020] “at block 304 the BIOS 204 may perform a hashing operation [hashing algorithm] on the operating system image [using at least operating system data included in the second boot image] received at block 302 in order to produce an operating system hash measurement [the second image integrity data]”) the first boot image and the second boot image comprise installation files for an operating system. ([Herzi, para. 0019] “the user may couple live media such as, for example, Linux LiveCD or Read-only LiveUSB ... external media such as a compact disc (CD) or Universal Serial Bus (USB) drive that stores a complete bootable computer installation (e.g., in an .iso file) that includes the operating system image [first boot image comprise installation files for an operation system]”; [para. 0026] the BIOS 204 may receive the operating system image stored on the mass storage device It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Parry-Barwick with the teachings of Herzi to include wherein the second image integrity data includes a second hash value generated by the hash algorithm using at least operating system data included in the second boot image. One of ordinary skill in the art would have been motivated to make this modification because such a technique ensure security of the image by ensuring that no modification have been made to the boot image stored on the computing device, by comparing the measurements and making sure they match as the hash will ensure any modifications will be detected. (Herzi, para. 0017; and para. 0028) As per claim 4, Wu in view of Herzi and Parry-Barwick teaches claim 1. Wu also teaches wherein the operating system image is included in the first boot image, ([Wu, para. 0055] “the disk image [boot image] includes an operating system for the device [operating system image] ... the device is configured to boot the operating system”) the first boot image being provided to the first computing device in response to the receiving of the boot image generation request. ([para. 0034; Fig. 2] “a client device 120 [computing device] transmits 210 an image request [receiving of a boot image request] ...then ... the server 150 sends 260 the disk image ... to the requesting client device 210 [the first boot image being provided to the first computing device in response to the receiving]”) Wu in view of Herzi does not clearly teach wherein the instructions are further operative to: identify a policy profile for the boot image generation request based on device data provided in the boot image generation request that identifies the second computing device, wherein the policy profile defines at least an operating system version; and identify an operating system image associated with the operating system version. However, Parry-Barwick teaches wherein the instructions are further operative to: identify a policy profile for the boot image generation request based on device data provided in the boot image generation request that identifies the second computing device, ([Parry-Barwick, para. 0027] “The policies, rules, and configuration data can be collectively administered [identify a policy profile] for several of the host devices 106 [for the boot image generation request: see para. 0154 “A VM base image ... assembled on the host device 106”] by organizing the host devices 106 [identifies the second computing device as “The managed VM package ... can be accessed during deployment through a removable drive connected to the host device 106” – see para. 0226, and the managed VM package is created based on the base image – see para. 0153-0154] into several different groups or categories of devices according to enterprise [based on device data provided]; [para. 0095] “The packaging tool can identify .... the enterprise ... based on a request that includes the VM enterprise identifier and the user group identifier”) wherein the policy profile defines at least an operating system version; and ([para. 0048 and para. 0055] “Managed VM rules can specify requirements for the base image of the managed desktop VMs 122 ... For example, the requirements can include ... Windows® 10 or another acceptable guest operating system”) identify an operating system image associated with the operating system version. ([Parry-Barwick, para. 0109-0110] “[0109] The host management agent 209 can enable collection and reporting of host device state data 215 ... The host device state 215 can include ... Operating system type and version for the host operating system 151”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Herzi with the teachings of Parry-Barwick to include wherein the instructions are further operative to: identify a policy profile for the boot image generation request based on device data provided in the boot image generation request that identifies the second computing device, wherein the policy profile defines at least an operating system version; and identify an operating system image associated with the operating system version. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of allowing revoking or authorizing access to various services for users in the enterprise based on status of a host device assigned to a user which provides the benefit of greater flexibility and efficacy for these devices. (Parry-Barwick, para. 0014) As per claim 5, Wu in view of Herzi and Parry-Barwick teaches claim 1. Wu does not clearly teach wherein storing the image timestamp further comprises generating the image timestamp in response to receipt of the first image integrity data from the first computing device. ([Wu, para. 0045] “The device will periodically repeat the method ... the device generates a signature for the provisioned disk image ... combined with metadata such as a last provisioned timestamp ... and sends ... to the device disk image host server”; as the method is repeated, the device generates a timestamp after the receipt of the first image integrity data) As per claim 7, Wu in view of Herzi and Parry-Barwick teaches claim 1. Wu also teaches comparing the first image integrity data to the second image integrity data; and ([Wu, para. 0045] “The server may then analyze the signature to determine if a new disk image should be provisioned ... if the hash doesn't match a hash of the corresponding disk image at the server end”) performing an operating system installation on the second computing device when the first image integrity data matches the second image integrity data. ([Wu, para. 0045] “If the analysis indicates that a new disk image should be sent, the server then transmits the disk image and the device continues with stage 360 receiving the image ... It overwrites the previously provisioned image [performing an operating system installation] and restarts or reloads from the newly provisioned image”) Wu in view of Parry-Barwick does not clearly teach further comprising the second computing device, wherein the second computing device is configured to: perform a local integrity check of the second boot image during a boot process from an external disk device that stores at least the second boot image, the local integrity check comprises: reading the first image integrity data from the external disk device; and computing the second image integrity data using at least operating system data retrieved from the external disk device. However, Herzi teaches further comprising the second computing device, wherein the second computing device is configured to: ([Herzi, para. 0015] “the computer device 200 ... performs the functionality discussed below”) perform a local integrity check of the second boot image during a boot process from an external disk device that stores at least the second boot image, ([para. 0017] “an embodiment of a method 300 for providing secure live media booting [during a boot process] is illustrated”; [para. 0019] “the user may couple live media such as, for example, Linux LiveCD or Read-only LiveUSB, to the external device connector(s) 208 that may include external media such as a compact disc (CD) or Universal Serial Bus (USB) drive that stores a complete bootable computer installation [second boot image] ... that includes the operating system image”; [para. 0031] “methods ... provide an operating system image ... to ensure the integrity of that read-only operating system image”) the local integrity check comprises: reading the first image integrity data from the external disk device; and ([Herzi, para. 0026] “The method 300 then proceeds to block 312 where second measurement action(s) are performed on the operating system image to produce second operating system measurement(s) ... In an embodiment, at block 304, the BIOS 204 may retrieve the operating system image by reading the read-only operating system image”; the operating system image is from the external disk device – see para. 0018) computing the second image integrity data using at least operating system data retrieved from the external disk device. ([Herzi, para. para. 0020] “first measurement action(s) [computing] are performed on the operating system image to produce one or more first operating system measurement(s) ... perform a hashing operation on the operating system image received ... to produce an operating system hash measurement [second image integrity data]”; the operating system image is from the external disk device – see para. 0018) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Parry-Barwick with the teachings of Herzi to include further comprising the second computing device, wherein the second computing device is configured to: perform a local integrity check of the second boot image during a boot process from an external disk device that stores at least the second boot image, the local integrity check comprises: reading the first image integrity data from the external disk device; and computing the second image integrity data using at least operating system data retrieved from the external disk device. One of ordinary skill in the art would have been motivated to make this modification because such a technique ensures security of the image on the external disk device by ensuring that no modification have been made to the boot image stored on the external disk device, by comparing the measurements and making sure they match. (Herzi, para. 0017) As per claim 8, Wu teaches a computer-implemented method for a device management system, the method comprising: ([Wu, para. 0011] “described is a method of provisioning a disk image [device management] on a remote device”) receiving, from a first computing device, a boot image generation request ([Wu, para. 0009] “The system ... includes a server”; [para. 0035] “the device transmits a disk image request to a disk image host server”) and first image integrity data, the first image integrity data representing a first boot image; ([para. 0045] “the device generates a signature [first image integrity data] for the provisioned disk image [a first boot image] ... and sends the signature to the device disk image host server with the disk image request”) storing an image timestamp associated with the boot image generation request; and ([Wu, para. 0045] “the device generates a signature ... e.g. ... a last provisioned timestamp ... and sends the signature to the device disk image host server ... The server may then analyze [store] the signature [timestamp]”) verifying that the first image integrity data matches the second image integrity data. ([Wu, para. 0045] “the device generates a signature [first image integrity data] ... a hash of the disk image ... and sends the signature to the device disk image host server ... the server may then ... determine ... if the hash [first image integrity data] doesn’t match a hash of the corresponding disk image [the second image integrity data] at the server end”) Wu does not clearly teach receiving, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image; determining that the message was received within a length of time from the image timestamp; and registering the second computing device with the device management system based on the verification and the determination. However, Herzi teaches receiving, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image. ([Herzi, para. 0019] “the BIOS 204 [system] may then receive ... the operating system image [a message that includes second image integrity data] ... through the external device connectors”; [para. 0020] “first measurement action(s) are performed on the operating system image to produce one or more first operating system measurement(s) ... perform a hashing operation on the operating system image received ... to produce an operating system hash measurement [second image integrity data]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu with the teachings of Herzi to include receiving, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image. One of ordinary skill in the art would have been motivated to make this modification because such a technique ensure security of the image by ensuring that no modification have been made to the boot image stored on the computing device, by comparing the measurements and making sure they match. (Herzi, para. 0017) Wu in view of Herzi does not clearly teach determining that the message was received within a length of time from the image timestamp; and registering the second computing device with the device management system based on the verification and the determination. However, Parry-Barwick teaches determining that the message was received within a length of time from the image timestamp; and ([Parry-Barwick, para. 0133] “the guest management agent 209 can periodically receive host device state data [the message] ... The host device state data 215 can be stored in the guest operating system 251 registry [image] along with a timestamp ... If the cached values [message] ... are outdated based on the timestamp [received within a length of time from the image timestamp]”) registering the second computing device with the device management system based on the verification and the determination. ([Parry-Barwick, para. 0235] “if the managed VM digital signature is verified [based on the verification], the provisioning tool 131 can add the managed VM 122 to the inventory of virtual devices [register the second computing device with the device management system]”; [para. 0092] “a user ... can enter ... an enrollment grace period or period of time [based on the determination] within which the managed VM 122 must enroll [register]”; [para. 0047] “authenticate one of the host devices” aligns with the verification of a boot image as “The management service 120 can also validate that the VM base image ... meets the managed VM rules”; the “period of time” aligns with the determination of an image timestamp where the timestamp is associated with the boot image generation as “The packaging tool 130 can modify a VM based image [associated with the boot image generation request as the boot image is generated according to a request – see para. 0153-0154] into a managed VM 122 by writing a managed VM configuration file 124 into the VM base image” – see [para. 0038], and “period timer [timestamp] can start once the managed VM 122 is executed for the first time [modified/associated with the boot image generation request]” – see para. 0237) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Herzi with the teachings of Parry-Barwick to include determining that the message was received within a length of time from the image timestamp; and registering the second computing device with the device management system based on the verification and the determination. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of providing greater deployment flexibility and storage efficiency while requiring fewer complete managed images. (Parry-Barwick, para. 0245) As per claim 9, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2. As per claim 10, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3. As per claim 11, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4. As per claim 12, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5. As per claim 14, the claim language is identical or substantially similar to that of claim 7. Therefore, it is rejected under the same rationale applied to claim 7. As per claim 15, Wu teaches a computer storage device having computer-executable instructions for a device management system stored thereon, which, on execution by a computer, cause the computer to perform operations comprising: ([Wu, para. 0011] “described is a method of provisioning a disk image on a remote device”; [para. 0067] “these methods may be encoded as computer-readable instructions for execution by one or more processors ... The computer-readable instructions can be encoded on non-transitory computer-readable media”) receiving, from a first computing device, a boot image generation request ([Wu, para. 0009] “The system ... includes a server”; [para. 0035] “the device transmits a disk image request to a disk image host server”) and first image integrity data, the first image integrity data representing a first boot image; ([para. 0045] “the device generates a signature [first image integrity data] for the provisioned disk image [a first boot image] ... and sends the signature to the device disk image host server with the disk image request”) storing an image timestamp associated with the boot image generation request; and [Wu, para. 0045] “the device generates a signature ... e.g. ... a last provisioned timestamp ... and sends the signature to the device disk image host server ... The server may then analyze [store] the signature [timestamp]”) verifying that the first image integrity data matches the second image integrity data. ([Wu, para. 0045] “the device generates a signature [first image integrity data] ... a hash of the disk image ... and sends the signature to the device disk image host server ... the server may then ... determine ... if the hash [first image integrity data] doesn’t match a hash of the corresponding disk image [the second image integrity data] at the server end”) Wu does not clearly teach receiving, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image; determining that the message was received within a length of time from the image timestamp; and registering the second computing device with the device management system based on the verification and the determination. However, Herzi teaches receiving, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image. ([Herzi, para. 0019] “the BIOS 204 [system] may then receive ... the operating system image [a message that includes second image integrity data] ... through the external device connectors”; [para. 0020] “first measurement action(s) are performed on the operating system image to produce one or more first operating system measurement(s) ... perform a hashing operation on the operating system image received ... to produce an operating system hash measurement [second image integrity data]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu with the teachings of Herzi to include receiving, from a second computing device, a message that includes second image integrity data, the second image integrity data representing a second boot image. One of ordinary skill in the art would have been motivated to make this modification because such a technique ensure security of the image by ensuring that no modification have been made to the boot image stored on the computing device, by comparing the measurements and making sure they match. (Herzi, para. 0017) Wu in view of Herzi does not clearly teach determining that the message was received within a length of time from the image timestamp; and registering the second computing device with the device management system based on the verification and the determination. However, Parry-Barwick teaches determining that the message was received within a length of time from the image timestamp; and ([Parry-Barwick, para. 0133] “the guest management agent 209 can periodically receive host device state data [the message] ... The host device state data 215 can be stored in the guest operating system 251 registry [image] along with a timestamp ... If the cached values [message] ... are outdated based on the timestamp [received within a length of time from the image timestamp]”) registering the second computing device with the device management system based on the verification and the determination. ([Parry-Barwick, para. 0235] “if the managed VM digital signature is verified [based on the verification], the provisioning tool 131 can add the managed VM 122 to the inventory of virtual devices [register the second computing device with the device management system]”; [para. 0092] “a user ... can enter ... an enrollment grace period or period of time [based on the determination] within which the managed VM 122 must enroll [register]”; [para. 0047] “authenticate one of the host devices” aligns with the verification of a boot image as “The management service 120 can also validate that the VM base image ... meets the managed VM rules”; the “period of time” aligns with the determination of an image timestamp where the timestamp is associated with the boot image generation as “The packaging tool 130 can modify a VM based image [associated with the boot image generation request as the boot image is generated according to a request – see para. 0153-0154] into a managed VM 122 by writing a managed VM configuration file 124 into the VM base image” – see [para. 0038], and “period timer [timestamp] can start once the managed VM 122 is executed for the first time [modified/associated with the boot image generation request]” – see para. 0237) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Wu in view of Herzi with the teachings of Parry-Barwick to include determining that the message was received within a length of time from the image timestamp; and registering the second computing device with the device management system based on the verification and the determination. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of providing greater deployment flexibility and storage efficiency while requiring fewer complete managed images. (Parry-Barwick, para. 0245) As per claim 16, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2. As per claim 17, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3. As per claim 18, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4. As per claim 20, the claim language is identical or substantially similar to that of claim 7. Therefore, it is rejected under the same rationale applied to claim 7. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Khatri et al. (US Pub. 2024/0256673) discloses a remote management interface/intermediate device that includes a TPM which calculated hashes of boot loaders that are compared against reference hash values that were previously stored. Saluja et al. (US Pub. 2021/0334380) discloses trusted firmware verification where a third-party entity service verifies the status for the firmware. There is a separate computing environment that stores the compliance rules, and a separate client device that utilizes the firmware. Gandhi et al. (US Pub. 2017/0249135) discloses digital image service hosted by a server computing device. A different computing device acts as a proxy for delivering the encrypted digital image to a third different embedded system. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634. The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000. /Z.L./Examiner, Art Unit 2493 /CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493