DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 1-2, 16-17 and 19-20 are amended.
Claim 18 is canceled.
Response to Arguments
Applicant’s arguments have been fully considered. In light of applicant’s amendments, previous rejections are withdrawn.
Claim Interpretation
As disclosed in the specification, the response from the service system is interpreted to include a lack of communication from the service system.1
Further each instance (the first and the second) is interpreted to be a different occurrence of the providing step and obtaining step.2
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 11-17 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Drury et al. U.S. Patent Application publication 2022/0276876 in view of Ponnuru et al. U.S. Patent Application publication 2020/0351293 in view of Slaight U.S. Patent Application publication 2011/0035526.
Claim 1,
Drury discloses
A method for managing a data processing system, the method comprising:
providing, by a management controller of the data processing system and via an out-of-band communication channel (see fig. 3) and to a service system (para 0032-remote site 106 may be configured to communicate with BMC 102 via a secure out-of-band (OOB) channel 128. OOB channel 128 may be implemented by, for example, a wireless network, non-production local area network (LAN), universal serial bus (USB) connection, or other suitable network protocol or medium. ),
behavior data for the data processing system, the behavior data indicating activity of the data processing system ascribed to a user of the data processing system based, at least in part, on operation of the hardware resources (para 0058-. BMC 102 may perform system diagnostics, at a granular level, with or without SoC 302 being powered on. BMC 102 may collect logging information directly from motherboard shared memory 304.)
obtaining, by the management controller and via the out-of-band communication channel and from the service system, a response to the provided behavior data, (para 0077- discloses sending corrective measures to the BMC, via OOB, in response to the analysis of logging data); and
in a first instance of the obtaining where the response indicates that the activity ascribed to the user is unexpected for the user:
obtaining, by the management controller and via the out-of-band communication channel and from the service system, an action set, the action set being based on the behavior data (para 0062-Management server 116 can analyze this information and download a set of corrective measures to BMC 102 via 00B channel 128. These may include changes to motherboard shared memory 304, motherboard firmware and UEFI 306, or motherboard operating system 308. These changes can be made prior to rebooting server 114 such that they take affect up on the next boot cycle),
the hardware resources comprising a motherboard of the data processing system (Fig. 1- motherboard) and
initiating, by the management controller, performance of the action set to update operation of the data processing system to manage an impact of undesired use of the data processing system reflected in the behavior data (para 0077-0078- At 642, BMC 102 may download the secure corrective measures from management server 116 using OOB channel 128. Using cryptographic functions provided by AES/RSA encryption module 212, BMC 104 may extract the corrective measures from the downloaded data and store it in its RAM 204.
At 644, BMC 102 may update motherboard shared memory 304 and motherboard firmware and UEFI 306 from its RAM 204 using PSI 118 as required. These updates may be available for the next boot cycle as described earlier in step 61).
Although Drury discloses substantial limitations of the claimed invention, it fails to explicitly disclose
providing, by a management controller of the data processing system and via an out-of- band communication channel without any connections with and that bypasses hardware resources of the data processing system and to a service system
the response indicating whether the activity ascribed to the user is expected for the user.
In an analogous art, Ponnuru disclose
the response indicating whether the activity ascribed to the user is expected for the user (para 0055- discloses the generation of a security vulnerability based on analysis of the collected data)
Ponnuru fails to explicitly disclose transmitting a report of a detected vulnerability to a OOB management controller. However, a person of ordinary skill in the art before the effective filing date of the invention would find it obvious to combine the vulnerability report of Ponnuru with the transmission of corrective steps of Drury to the OOB management controller to produce the predictable result of providing OOB management devices with notifications of the anomalies associated with the corrective measures.
Although Drury/Ponnuru discloses substantial limitations of the claimed invention, it fails to explicitly disclose
providing, by a management controller of the data processing system and via an out-of- band communication channel without any connections with and that bypasses hardware resources of the data processing system and to a service system.
In an analogous art, Slaight discloses
providing, by a management controller of the data processing system and via an out-of- band communication channel without any connections with and that bypasses hardware resources of the data processing system and to a service system. (Fig.1- management controller item 185 directly connects to the network controller, para 0030- management events are communicated externally via network controller)
One of ordinary skill in the art would find it obvious to combine the direct connection of the Management controller to the Network controller with the Drury/Ponnuru system to produce the predictable result of bypassing the motherboard and processor of Drury to communicate management data to a remote system. One of ordinary skill in the art would be motivated to combine Slaight with the Drury/Ponnuru system to conserve energy consumption by enabling communication without powering the motherboard and other hardware resources.
Claims 16 and 19 are rejected under similar rationale. Drury discloses a transitory machine-readable medium in paragraph 0029 and processor and memory in paragraph 0014.
Claim 2,
wherein the behavior data comprises at least one type of behavior data from a list of types of behavior data consisting of:
location data for the data processing system;
activity data indicating the operation of hardware resources of the data processing system; (Drury para 0058-system diagnostics, at a granular level)
user data stored by the data processing system; and
access data for the data processing system.
Claim 2 recites a Markush group and for the purposes of examination, each of the members of the group will be treated as functional alternatives. See MPEP 2117.
Claims 17 and 20 are rejected under similar rationale as claim 2.
Claim 11,
wherein the data processing system comprises a network module adapted to separately advertise network endpoints for the management controller and hardware resources of the data processing system, the network endpoints being usable by the service system to address communications to the hardware resources and the management controller. (Slaight Fig. 1, para 0032- Network controller 170 may then transfer information back and forth between computer 130 and network controller 170 using in-band data. For example, network controller 170 may then transfer in-band data to and from components of platform 135 via ICH 190. Network controller 170 may also transfer out-of-band data to and from one or more auxiliary devices, such as management controller 185 and/or storage device 195.
Para 0035- A routing module, such as, packet filter module 220, may allow apparatus 210 to recognize whether traffic from communications network 200 is in-band or out-of-band and route or communicate that traffic accordingly, in order to support the sideband communication. For example, packet filter module 220 may contain logic that recognizes aspects of the packets, such as the internet protocol (IP) address, the port type, etc., and use that information to route the packet to computing device 290 and/or management controller 270 as appropriate.)
Same motivation as claim 1.
Claim 12,
The method of claim 11, wherein the management controller and the network module are on separate power domains from the hardware resources so that the management controller and the network module are operable while the hardware resources are inoperable. (Drury para 0045- BMC is powered via ethernet and hardware resources powered by main power source 114.)
Claim 13,
The method of claim 12, wherein the behavior data is provided to the service system while a portion of the hardware resources are inoperable due to being unpowered. (Drury para 0058- BMC 102 may perform system diagnostics, at a granular level, with or without SoC 302 being powered on.)
Claim 14,
The method of claim 13, wherein the response is obtained by the management controller while a portion of the hardware resources are inoperable due to being unpowered. (Drury para 0052- discloses BMC may powered down the motherboard subsystem 108, para 0045- BMC operates independent of motherboard, fig. 6, item 642- BMC receives response after server is halted.)
Claim 15,
The method of claim 11, wherein the out-of-band communication channel runs through the network module, and an in-band communication channel that services the hardware resources also runs through the network module.(Drury Fig. 3, items 132, 220, 222, in-band connections from 302. Also see para 0086)
Claim 21,
The method of claim 11, wherein the network endpoints that are separately advertised by the single network module shared by the management controller and the hardware resources are usable by the service system to address communications separately to each of the hardware resources and the management controller such that first communications among the communications that are meant for the hardware resources never flow through the management controller and second communications among the communications that are meant for the management controller never flow through the hardware resources.(para 0035- For example, packet filter module 220 may contain logic that recognizes aspects of the packets, such as the internet protocol (IP) address, the port type, etc., and use that information to route the packet to computing device 290 and/or management controller 270 as appropriate. Also see fig. 4 and para 0050)
Same motivation as claim 1
Claims 3-10 are rejected under 35 U.S.C. 103 as being unpatentable over Drury et al. U.S. Patent Application publication 2022/0276876 in view of Ponnuru et al. U.S. Patent Application publication 2020/0351293 in view of Slaight U.S. Patent Application publication 2011/0035526 in view of Andrews et al. U.S. Patent Application publication 2021/0133329.
Claim 3,
Although Drury/Ponnuru/Slaight discloses substantial limitations of the claimed invention, it fails to explicitly discloses
performing, by the service system, an inferencing process using the behavior data to obtain the response.
In an analogous art, Andrews discloses
performing, by the service system, an inferencing process using the behavior data to obtain the response. (para 0080-discloses performing machine learning/AI algorithms to define policies describing risk classifications associated with different security contexts. Para 0138- the polices determine the changes to workspace)
One of ordinary skill in the art before the effective filing date of the invention would find it obvious to combine the inference process of Andrews with the Drury/Ponnuru/Slaight to produce the predictable result of generating inferences from the analysis of the user context data to determine whether remedial actions are required.
Claim 4,
updating, using an incremental learning method and previously collected behavior data, an aged inference model to obtain an inference model used in the inferencing process. (para 0068- discloses AI/ML algorithms to evaluate historical productivity and update policies rules dynamically)
Same motivation as claim 3.
Claim 5,
Although Drury/Ponnuru/Slaight discloses substantial limitations of the claimed invention, it fails to explicitly discloses
wherein the activity ascribed to the user that is unexpected for the user indicates that location data that indicates that the data processing system is located in an unexpected geographical area was obtained.
In an analogous art, Andrews discloses
wherein the activity ascribed to the user that is unexpected for the user indicates that location data that indicates that the data processing system is located in an unexpected geographical area was obtained. (para 0062- monitors the location of the IHS as a factor of the security context, para 0071-0072- disclose altering the workspace in response to changes to the security context)
One of ordinary skill in the art before the effective filing date of the invention would find it obvious to combine the location monitoring of Andrews with the Drury/Ponnuru/Slaight to produce the predictable result of performing remedial action in response to location changes.
Claim 6,
Although Drury/Ponnuru/Slaight discloses substantial limitations of the claimed invention, it fails to explicitly discloses
wherein the action set comprises disabling, by the management controller, a portion of hardware resources of the data processing system.
In an analogous art, Andrews discloses
wherein the action set comprises disabling, by the management controller, a portion of hardware resources of the data processing system. (Claim 8- discloses reducing hardware features based on the analysis of a user context)
One of ordinary skill in the art before the effective filing date of the invention would find it obvious to combine the remedial process of Andrews with the Drury/Ponnuru/Slaight to produce the predictable result of reducing hardware features as a remedial action in response to an inappropriate user context.
Claim 7,
wherein the portion of the hardware resources comprises a trusted platform module.(Andrews fig. 1, para 0036)
Same motivation as claim 6.
Claim 8,
Although Drury/Ponnuru/Slaight discloses substantial limitations of the claimed invention, it fails to explicitly discloses
wherein the action set comprises disabling a piece of software hosted by hardware resources of the data processing system.
In an analogous art, Andrews discloses
wherein the action set comprises disabling a piece of software hosted by hardware resources of the data processing system. (para 0014- an updated context includes a blacklisted application)
One of ordinary skill in the art before the effective filing date of the invention would find it obvious to combine the remedial process of Andrews with the Drury/Ponnuru/Slaight to produce the predictable result of restricting an application as a remedial action in response to an inappropriate user context.
Claim 9,
Although Drury/Ponnuru/Slaight discloses substantial limitations of the claimed invention, it fails to explicitly discloses
in a second instance of the obtaining where the response indicates that the activity ascribed to the user is expected for the user: continuing, by the management controller, to allow desired use of the data processing system reflected in the behavior data.
In an analogous art, Andrews discloses
in a second instance of the obtaining where the response indicates that the activity ascribed to the user is expected for the user: continuing, by the management controller, to allow desired use of the data processing system reflected in the behavior data. (Fig. 5, item 565- determines whether the risk score is adequate. If yes, the system continues operation. An adequate risk score is mapped to the expected response because no remediation is performed)
One of ordinary skill in the art before the effective filing date of the invention would find it obvious to combine the risk evaluation of Andrews with the Drury/Ponnuru/Slaight to produce the predictable result of permitting computing use when risk score is adequate.
Claim 10,
wherein when in the second instance of the obtaining, the response comprises a lack of any communication from the service system regarding whether the activity ascribed to the user is expected for the user based on the behavior data. (Andrews Fig. 5, item 565- determines the risk score is adequate and performs no communication regarding remedies)
Same motivation as claim 9.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH M COUSINS whose telephone number is (571)270-7746. The examiner can normally be reached 9:00am -5:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached at (571) 272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JMC/Examiner, Art Unit 2459
/TONIA L DOLLINGER/Supervisory Patent Examiner, Art Unit 2459
1 Ibid, paragraph 0108
2 Ibid, paragraphs 0020-0026