MANAGING TRUST FOR ENDPOINT DEVICES USING A MANAGEMENT CONTROLLER

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 12/29/2025. Claims 1-20 are currently pending in the present filing, claims 1-20 were pending in the previous filing of 1/29/2024. No claims have been cancelled or added. Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 102/103 The applicant’s remarks, on pages 7-9 of the response / amendment, the applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 102/103 rejections. Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection. Information Disclosure Statements The information disclosure statement(s) (IDS) submitted on 3/16/2026 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) have been considered by the examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 9, 14-16, and 18-20 are rejected 35 U.S.C. 103 as being unpatentable over US 20250181859 to Mouyade et al. (hereinafter Mouyade), in view of US 20220383333 to Young et al. (hereinafter Young). Regarding claim 1, Mouyade teaches, A method of establishing trust between an endpoint device and a server, the method comprising: (fig. 4, [0048-0051] teaches an agent of a device 102 / “endpoint device” forwarding a challenge for signing to an authenticator during a web authentication registration, where the challenge is received from the relying party 103 in 402. Abstract, teaches web authentication registration.) obtaining, by a software agent (agent 102a) hosted by hardware resources of the endpoint device (device 102) and from the server, (relying party 103) a request to initiate a process that requires a level of trust between the endpoint device and the server; ([0048] teaches a request from the agent of the user device 102 to the relying party 103 for a challenge.) signing, based on the request and using a side band communication channel between the hardware resources and a management controller (authenticator 102b) of the endpoint device, a data package using a private key of a public private key pair to obtain a signed data package, the data package being signed by the management controller ([0049] teaches agent forwarding the challenge (“data package”) to authenticator 102b. [0049] teaches the authenticator signing the challenge and generating credentials which include a public / private key pair. [0050] teaches that 406 of fig 4 is the transmission of the signed challenge from the authenticator 102b to the agent.) providing, by the software agent and via an in band communication channel between the hardware resources and the server, the signed data package to the server. ([0050] teaches transmitting signed challenge from authenticator to agent. [0051] teaches that the agent transmits the signed challenge to the relying party 103 / “server.” Regarding “side band” vs “in band” communication channels, fig. 4 teaches that channel 403 / 406, used for agent to authenticator communication, is different than channels used to communicate with relying party 103 / “server”.) Mouyade fails to explicitly teach the management controller as a separate and independently operating computing device installed in the endpoint device, However, Young teaches, the data package being signed by the management controller, and the management controller is a separate and independently operating computing device from the endpoint device that is physically installed within the endpoint device; (fig. 1, teaches baseboard management controller / BMC 130 that is separate from processor 120. Fig. 5 & [0057] teaches BMC 130 signing the certificate 432 of fig. 4, where the certificate is used for components. See also fig. 5 description in [0055-61] and [0018-20] teaching certificate authority signing certificates.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade with the added ability to utilize a separate BMC with its own protected private key to authenticate information provided to a server, as taught by Young, for the purpose of increasing security while maintaining computational efficiency by using a separate BMC that protects its private key. Regarding claim 2, Mouyade and Young teach, The method of claim 1, wherein signing the data package comprises: obtaining, by the management controller and from the software agent, a request to generate the public private key pair from the software agent; (Mouyade, fig. 3, 403 in [0049] teaches that the agent communicating with the authenticator 102b / “management controller” for challenge signature and creation of new credentials, which is referred to as “new credential command” sent to authenticator. [0050] teaches that new credentials are public / private key pair generated by authenticator 102b.) generating, in response to the request and by the management controller, the public private key pair; (Mouyade, [0049-50] teaches the authenticator generating the new credentials which include public / private key pair.) obtaining, by the management controller and from the software agent, the data package; (Mouyade, [0049] teaches that the agent forwards the challenge to authenticator 102.) signing, by the management controller and using the private key of the public private key pair, the data package; and (Mouyade, [0050] teaches signing of the challenge.) (Young, [0057] teaches the BMC signing data using a private key.) providing, by the management controller, the signed data package to the software agent. (Mouyade, [0050] discussing 406 of fig. 4 teaching the authenticator 102 transmits the signed challenge back to the agent.) Regarding claim 3, Mouyade and Young teach, The method of claim 1, wherein the private key of the public private key pair is kept secret by the management controller and is not known by the software agent. (Mouyade [0051] teaches that the private key may be stored on the second device. However, fig. 8 and [0061-62] teach that subsequent authentications using the private key, after the registration of fig. 4, require that challenges again be provided to the authenticator (“management controller”) to be signed, where the end of [0061] teaches the authenticator 102b performing get credential command and retrieving the credentials / public & private key for the signature. Thus, the authenticator 102b stores the private key and keeps it as a secret.) Regarding claim 9, Mouyade and Young teach, The method of claim 1, wherein the process that requires a level of trust between the endpoint device and the server is an onboarding process for the endpoint device. (Mouyade, fig. 4 and [0048-51] teach a registration process for user device 102.) Regarding claim 14, Mouyade and Young teach, A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for establishing trust between an endpoint device and a server, the operations comprising: (Mouyade, [0067] teaches non-transitory storage media, including instructions that are executable by a processor and stored in memory.) obtaining, by a software agent hosted by hardware resources of the endpoint device and from the server, a request to initiate a process that requires a level of trust between the endpoint device and the server; signing, based on the request and using a side band communication channel between the hardware resources and a management controller of the endpoint device, a data package using a private key of a public private key pair to obtain a signed data package, the data package being signed by the management controller, and the management controller is a separate and independently operating computing device from the endpoint device that is physically installed within the endpoint device; and providing, by the software agent and via an in band communication channel between the hardware resources and the server, the signed data package to the server. Claim 14 is rejected using the same basis of arguments used to reject claim 1 above. Regarding claim 15, Mouyade and Young teach, The non-transitory machine-readable medium of claim 14, wherein signing the data package comprises: obtaining, by the management controller and from the software agent, a request to generate the public private key pair from the software agent; generating, in response to the request and by the management controller, the public private key pair; obtaining, by the management controller and from the software agent, the data package; signing, by the management controller and using the private key of the public private key pair, the data package; and providing, by the management controller, the signed data package to the software agent. Claim 15 is rejected using the same basis of arguments used to reject claim 2 above. Regarding claim 16, Mouyade and Young teach, The non-transitory machine-readable medium of claim 14, wherein the private key of the public private key pair is kept secret by the management controller and is not known by the software agent. Claim 16 is rejected using the same basis of arguments used to reject claim 3 above. Regarding claim 18, Mouyade and Young teach, A data processing system, comprising: a processor; and (Mouyade, [0067] teaches storage media, including instructions that are executable by a processor and stored in memory.) a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for establishing trust between an endpoint device and a server, the operations comprising: (Mouyade, [0067] teaches storage media, including instructions that are executable by a processor and stored in memory.) obtaining, by a software agent hosted by hardware resources of the endpoint device and from the server, a request to initiate a process that requires a level of trust between the endpoint device and the server; signing, based on the request and using a side band communication channel between the hardware resources and a management controller of the endpoint device, a data package using a private key of a public private key pair to obtain a signed data package, the data package being signed by the management controller, and the management controller is a separate and independently operating computing device from the endpoint device that is physically installed within the endpoint device; and providing, by the software agent and via an in band communication channel between the hardware resources and the server, the signed data package to the server. Claim 18 is rejected using the same basis of arguments used to reject claim 1 above. Regarding claim 19, Mouyade and Young teach, The data processing system of claim 18, wherein signing the data package comprises: obtaining, by the management controller and from the software agent, a request to generate the public private key pair from the software agent; generating, in response to the request and by the management controller, the public private key pair; obtaining, by the management controller and from the software agent, the data package; signing, by the management controller and using the private key of the public private key pair, the data package; and providing, by the management controller, the signed data package to the software agent. Claim 19 is rejected using the same basis of arguments used to reject claim 2 above. Regarding claim 20, Mouyade and Young teach, The data processing system of claim 18, wherein the private key of the public private key pair is kept secret by the management controller and is not known by the software agent. Claim 20 is rejected using the same basis of arguments used to reject claim 3 above. Claims 4, 7, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Mouyade, in view of Young, in view of US 20190034925 to Sundaresan (hereinafter Sundaresan). Regarding claim 4, Mouyade and Young teach, The method of claim 1, further comprising: obtaining a trust challenge from (Mouyade, fig. 8 and [0061] teaches agent 102b receiving a second challenge from the same relying party 103, where the agent forwards the second challenge to the authenticator 102b.) generating, by the endpoint device, a challenge response based on the trust challenge using at least the private key of the public private key pair; and (Mouyade, [0061-62] teaches the authenticator 102b transmitting the signed second challenge back to the agent, where the credentials were retrieved by the authenticator 102b, where credentials include private key, as taught by [0050].) providing, by the software agent hosted by hardware resources of the endpoint device, the challenge response to the (Mouyade, [0063] teaches the agent provides the signed second challenge to the relying party.) (Notice, that fig. 5, does teach a third party 510 (“entity”), different than the relying party 103, which may transmit / receive information. However, no certificate is used, and the challenge / response are not provided by / sent to the third party 510.) Mouyade and Young fail to explicitly teach using a certificate to establish trust with a new entity that is different than the server, However, Sundaresan teaches, The method of claim 1, further comprising: obtaining a trust challenge from an entity that has access to a certificate based on the signed data package; (Abstract and [0036-37] teach a relying party (“entity”) that sends a challenge to a user device for signing. Abstract and [0037] both teach a certificate that is matched with information of the payment card to obtain a signed record including the users public key, which may be verified by the relying party.) providing, (Abstract and [0036] teach the user device signing the challenge (“challenge response”) and providing back to the relying party.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]), with Sundaresan, which also teaches challenge response for authentication of a user device using signatures, and additionally teaches using the challenge response to authenticate the user to a relying party that has access to public records / certificate that associate the public key of the user to the user’s device or user (Abstract, [0036-37]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade and Young with the added ability to authenticate a user device using public key and certificate to authenticate the user to a third party / relying party by publishing a public record / certificate of the user’s public key, as taught by Sundaresan, for the purpose of maintaining security in increasing efficiency by using certificates that may be accessible to the public to verify possession of a public key by a user device. Regarding claim 7, Mouyade, Young, and Sundaresan teach, The method of claim 4, wherein generating the challenge response comprises: obtaining, by the management controller, the challenge response from the software agent; (Mouyade, fig. 8 and [0061] teaches forwarding second challenge to authenticator 102b (“management controller”) from agent.) signing, by the management controller and using the private key of the public private key pair, the challenge response; and (Mouyade, fig. 8 & [0061-62] teaches the authenticator signing the second challenge. This is similar to registration procedure in fig. 4 and [0048-51], which describes the user credentials including a private key that is used to sign the challenges.) providing, by the management controller, the signed challenge response to the software agent. (Mouyade, [0062] and 803 of fig. 8.) Regarding claim 17, Mouyade, Young, and Sundaresan teach, The non-transitory machine-readable medium of claim 14, further comprising: obtaining a trust challenge from an entity that has access to a certificate based on the signed data package; generating, by the endpoint device, a challenge response based on the trust challenge using at least the private key of the public private key pair; and providing, by the software agent hosted by hardware resources of the endpoint device, the challenge response to the entity to attempt to demonstrate that the endpoint device is trustworthy for the level of trust. Claim 17 is rejected using the same basis of arguments used to reject claim 4 above. Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Mouyade, in view of Young, in view of Sundaresan, in view of US 20140282936 to Fitzgerald et al. (hereinafter Fitzgerald). Regarding claim 5, Mouyade, Young, and Sundaresan teach, The method of claim 4, Mouyade, Young, and Sundaresan fail to explicitly teach out of band channel for the management controller, However, Fitzgerald teaches, wherein the trust challenge is obtained by the management controller (HSM) via an out of band communication channel of the endpoint device. ([0027] teaches that HSMs have their own IP addresses. See also [0023] discussing customer IP addresses. Applicants printed publication at [0072-75] teach that different bands correspond to different addresses. See also claim 6 rejection below.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]), with Sundaresan, which also teaches challenge response for authentication of a user device using signatures, and additionally teaches using the challenge response to authenticate the user to a relying party that has access to public records / certificate that associate the public key of the user to the user’s device or user (Abstract, [0036-37]), with Fitzgerald, which also teaches HSMs that use HSMs using private / public key pairs, certificates, and signatures for network monitoring, maintenance, and credential updating of customer devices / networks / sub-networks ([0067]), and also teach the use of HSMs through a customer organization for authentication ([0030]), and additionally teaches the use of specific addresses for HSMs separate from the addresses of customer devices ([0027]) and [0043] teaches different data centers may be on the same network (in band) while using the internet (out of band) to connect to each other securely. One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade, Young, and Sundaresan with the added ability to use HSMs (“management controller”) on their own separate network addresses, as taught by Fitzgerald, for the purpose of increasing security and efficiency by having redundant authentication system and efficient network addressing that allows for the efficient routing of communications based on separate addressing of different devices such as computer and HSMs. Regarding claim 6, Mouyade, Young, and Sundaresan teach, The method of claim 4, Mouyade, Young, and Sundaresan fail to explicitly teach in band channel for the endpoint, However, Fitzgerald teaches, wherein the trust challenge is obtained by hardware resources of the endpoint device via an in band communication channel of the endpoint device. (Fitzgerald, [0043] teaches that different data centers of the same network / sub-network may be in different rooms / locations for redundancy purposes. Out of band communications may include general internet traffic while in band communications may be the traffic within the customer network / subnet of fig. 2. In another example, the customer network of fig. 2 may include different locations running through different routers, that share the same sub-network, as discussed in [0023-27].) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]), with Sundaresan, which also teaches challenge response for authentication of a user device using signatures, and additionally teaches using the challenge response to authenticate the user to a relying party that has access to public records / certificate that associate the public key of the user to the user’s device or user (Abstract, [0036-37]), with Fitzgerald, which also teaches HSMs that use HSMs using private / public key pairs, certificates, and signatures for network monitoring, maintenance, and credential updating of customer devices / networks / sub-networks ([0067]), and also teach the use of HSMs through a customer organization for authentication ([0030]), and additionally teaches the use of specific addresses for HSMs separate from the addresses of customer devices ([0027]) and [0043] teaches different data centers may be on the same network (in band) while using the internet (out of band) to connect to each other securely. One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade, Young, and Sundaresan with the added ability to use HSMs (“management controller”) on their own separate network addresses, as taught by Fitzgerald, for the purpose of increasing security and efficiency by having redundant authentication system and efficient network addressing that allows for the efficient routing of communications based on separate addressing of different devices such as computer and HSMs. Claims 8 are rejected under 35 U.S.C. 103 as being unpatentable over Mouyade, in view of Young, in view of Sundaresan, in view of US 20230224294 to Halemane et al. (hereinafter Halemane). Regarding claim 8, Mouyade, Young, and Sundaresan teach, The method of claim 4, further comprising: Mouyade, Young, and Sundaresan fail to explicitly teach sending a second challenge based on security concerns, However, Halemane teaches, making a determination, by the management controller and based on a security posture of hardware resources of the endpoint device, regarding whether to generate a second challenge response to a second trust challenge; and ([0091] teaches using risk / sensitivity of interaction to repeat the authentication procedure of fig. 4. The authentication procedure of fig. 4 in [0087-88] teaches the use of challenges. Thus, additional challenges would be used for authentication. [0087] also teaches multiple challenges, and the use of the TPM to sign the challenge with the private key.) in an instance of the determination in which the security posture does not meet criteria for the security posture: ([0091] teaches that shorter interaction may not require repeat of authentication procedure.) declining, by the management controller, to sign the second challenge response to prevent the level of trust being demonstrated to a second entity that provided the second trust challenge. ([0087] teaches that the authentication must include a device proximity threshold being met. Thus, the authentication / signing of challenge is not performed if there is no device proximity threshold that is met.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]), with Sundaresan, which also teaches challenge response for authentication of a user device using signatures, and additionally teaches using the challenge response to authenticate the user to a relying party that has access to public records / certificate that associate the public key of the user to the user’s device or user (Abstract, [0036-37]), with Halemane, which also teaches a third party that initiates authentication using challenge response ([0086-88]), and additionally teaches using security risk and sensitivity as the basis of performing further authentication / multiple challenges ([0091]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade, Young, and Sundaresan with the added ability to use the security assessment to determine the level of authentication / number of challenges, as taught by Halemane, for the purpose of increasing security by applying different levels of security based on the security situation. Claims 10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Mouyade, in view of Young, in view of Fitzgerald. Regarding claim 10, Mouyade and Young teach, The method of claim 1, wherein the data processing system comprises a single network module that is shared by both the hardware resources and the management controller, the single network module being adapted to ([0044] teaches using the address of the device to establish communications in a network.) (Young, fig. 1 teaches processor 120 and BMC 130 share network interface 180.) Mouyade and Young fail to explicitly teach establishing different addresses for the hardware of the endpoint and the management controller, However, Fitzgerald teaches, wherein the data processing system comprises a network module adapted to separately advertise network endpoints for the management controller (HSM) and the hardware resources, … (fig. 2 and [0028-29] teach a network of computers / devices and HSMs. [0027] teaches that HSMs have their own IP addresses. See also [0023] discussing customer IP addresses. [0033] teaches a network address translation (NAT) between HSM and subnets of customers.) …. the network endpoints being usable by the server to separately address communications to the hardware resources using an in band communication channel and the management controller using the out of band communication channel. ([0027] teaches that HSMs have their own IP addresses. See also [0023] discussing customer IP addresses. Applicants printed publication at [0072-75] teach that different bands correspond to different addresses. See also rejection of claim 13 for differences between in band and out of band communications taught by Fitzgerald.) (Young, fig. 1, teaches network interface, and [0038] teaches IPMI. [0028-29] teaches the use of different comm protocols including VPNs.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]), with Fitzgerald, which also teaches HSMs that use HSMs using private / public key pairs, certificates, and signatures for network monitoring, maintenance, and credential updating of customer devices / networks / sub-networks ([0067]), and also teach the use of HSMs through a customer organization for authentication ([0030]), and additionally teaches the use of specific addresses for HSMs separate from the addresses of customer devices ([0027]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade and Young with the added ability to use HSMs (“management controller”) on their own separate network addresses, as taught by Fitzgerald, for the purpose of increasing security and efficiency by having redundant authentication system and efficient network addressing that allows for the efficient routing of communications based on separate addressing of different devices such as computer and HSMs. Regarding claim 12, Mouyade, Young, and Fitzgerald teach, The method of claim 10, wherein the out of band communication channel runs through the single network module, and an in band communication channel that services the hardware resources also runs through the single network module. (Fitzgerald, [0043] teaches that different data centers of the same network / sub-network may be in different rooms / locations for redundancy purposes. Out of band communications may include general internet traffic while in band communications may be the traffic within the customer network / subnet of fig. 2. In another example, the customer network of fig. 2 may include different locations running through different routers, that share the same sub-network, as discussed in [0023-27].) Regarding claim 13, Mouyade, Young, and Fitzgerald teach, The method of claim 10, wherein the single network module hosts a transmission control protocol/internet protocol (TCP/IP) stack to facilitate network communications via the out of band communication channel. (Fitzgerald, [0020] teaches external TCP/IP. [0023-24] teaches the customer’s subnets (in band) that may be linked with internet / out of band communications.) Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Mouyade, in view of Young, in view of Fitzgerald, in view of US 20240329709 to Wolford (hereinafter Wolford). Regarding claim 11, Mouyade, Young, and Fitzgerald teach, The method of claim 10, Mouyade, Young, and Fitzgerald fail to explicitly teach the management controller and network module on separate power domains, However, Wolford teaches wherein the management controller and the single network module are on separate power domains from the hardware resources so that the management controller and the single network module are operable while the hardware resources are inoperable. (Wolford, [0002] teaches BMC having a redundant power supply for the case of power failure to enable backups after failure.) (Fitzgerald, [0042-43] teaches that different parts of the network may have different power sources. [0070] teaches that HSMs may have redundant power supplies.) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Mouyade, which teaches web authentication registration (Abstract & [0048]) and further teaches a relying party that sends a challenge to an agent that forwards the challenge to an authenticator for authentication by signing and asymmetric key generation that provides the signed challenge and asymmetric keys back to the agent that forwards the signed challenge to the relying party ([0048-51]), with Young, which also teaches signing of certificates after authentication (Abstract & [0018-20]), and additionally teaches using a BMC that is separate from the processor (fig. 1) where the BMC signs certificates used to authenticate the BMC so that a CA can sign the certificate (fig. 5 & [0057]), with Fitzgerald, which also teaches HSMs that use HSMs using private / public key pairs, certificates, and signatures for network monitoring, maintenance, and credential updating of customer devices / networks / sub-networks ([0067]), and also teach the use of HSMs through a customer organization for authentication ([0030]), and additionally teaches the use of specific addresses for HSMs separate from the addresses of customer devices ([0027]), with Wolford, which also teaches a BMC (title), and additionally teaches the use of different power supplies for the BMC ([0002]). One of ordinary skill in the art would have been motivated to perform such an addition to provide Mouyade, Young, and Fitzgerald with the added ability to use HSMs (“management controller”) on their own separate network addresses, as taught by Wolford, for the purpose of increasing security and efficiency by having redundant power supplies for the BMC to perform backups. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942. The examiner can normally be reached on 9AM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /B.W.A./ /JASON K GEE/Primary Examiner, Art Unit 2495