Prosecution Insights
Last updated: July 17, 2026
Application No. 18/425,293

COMPONENT VALIDATION IN SECURE ENVIRONMENTS

Final Rejection §103
Filed
Jan 29, 2024
Examiner
WILLIAMS, CLAYTON R
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
4 (Final)
82%
Grant Probability
Favorable
5-6
OA Rounds
1m
Est. Remaining
77%
With Interview

Examiner Intelligence

Grants 82% — above average
82%
Career Allowance Rate
561 granted / 686 resolved
+23.8% vs TC avg
Minimal -5% lift
Without
With
+-5.1%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
16 currently pending
Career history
700
Total Applications
across all art units

Statute-Specific Performance

§101
4.9%
-35.1% vs TC avg
§103
74.7%
+34.7% vs TC avg
§102
6.2%
-33.8% vs TC avg
§112
7.8%
-32.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 686 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are pending per amendment. Response to Arguments Applicants contend Reddy-Teprstra fail to teach or disclose “transmitting…via a sideband channel, a request for hardware component loadout…”. Examiner disagrees to the extent Teprstra discloses a TPM device 308 utilized in exchanging certificate measurement and/or measurement data made by PCR1 attestation handler involving hardware components (par. 0045-0047). That is, the TPM device, system BIOS and other components exchange data during boot process to facilitate validation of system hardware components. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 6-8, 10, 11 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy (US 20230342446), in view of Terpstra (US 20230297682). For claims 1, 16 and 19, Reddy discloses: A data processing system, comprising: a processor (par. 0010); and a memory (par. 0010) coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing operation of the data processing system, the operations comprising: while the data processing system is in a secure environment that prevents hardware resources of the data processing system from establishing an operable connection to a remote device (par. 0033: “The platform certificate verification engine 124…verifies the platform certificate 181 in a pre-boot environment…[C]orrective actions may include…sending an alert message to the management server 190, preventing the computer platform 100 from “joining the fleet” (e.g., preventing the computer platform 100 from being connected to the network fabric 194, or isolating the computer platform 100 from its associated group of nodes 90, and so forth).”): starting, by the hardware resources, a startup of the data processing system (par. 0017 system startup); and during the startup: making, by the management controller, a determination regarding whether the components are validated based on the validation state (par. 0014: “If the verification component reveals that the actual attributes of the computer platform differ from the attested attributes, then the verification fails, and computer platform may be considered to be compromised.”), and in a first instance of the determination where the components are not validated: identifying, by the management controller and based on a policy for the data processing system, a response (par. 0014: Corrective actions for validation failure include powering down computer platform and preventing the computer platform from joining a fleet in a data center.); and performing the response to manage an impact of an inability of the components to be validated (par. 0014: Powering down computer platform and preventing the computer platform from joining a fleet in a data center are among possible responses.). While Reddy discloses a baseboard management controller (BMC) performing certificate and attribute verification via a management network channel (par. 0014, 0016, 0044, 0024, 0056), it fails to explicitly disclose: “transmitting, to a basic input/output system (BIOS) and via a sideband channel, a request for hardware component loadout for components of the hardware resources; obtaining, by a management controller of the data processing system and via the sideband channel from the BIOS, the hardware component loadout in response to the request, performing, by the management controller, a validation of the components by comparing the hardware component loadout with an expected component loadout in a certificate stored in the management controller to identify a validation state of the components”. However, in a related endeavor, Terpstra discloses “…the BIOS engine 304 may determine whether a computing device change has been identified as a result of a change between any of a reference computing device component inventory and the current computing device component inventory determined at block 402…” (par. 0062) That is, “the current computing device component inventory identified as part of the platform certificate measurements 602 at block 402 and/or by the PCR1 attestation handler 604” is “compared against the platform/component device component certificates” (par. 0062). Furthermore, if no changes are detected, the BIOS subsystem causes computing device to enter a runtime state (par. 0063). Of note, a TPM device 308 by a network bus is involved in exchanging certificate measurement and/or measurement data made by PCR1 attestation handler involving hardware components (par. 0045-0047). It would have been obvious to one of ordinary skill, before effective filing date of instant claimed invention, to have introduced Terpstra’s teachings alongside Reddy. The motivation to combine would have been to ensure detected hardware components match an expected hardware inventory of a trusted boot environment (Terpstra, par. 0056, 0060 and 0061) For claims 2, 17 and 20, Reddy-Terpstra discloses: The data processing system of claim 19, the operations further comprising: in a second instance of the determination where the components are validated: authorizing, by the management controller and based on the validation state, a nominal completion of the startup (Reddy, par. 0061, 0062 and fig. 4, steps 414, 416, 418, 432: BMC verifies computing system certificate and expected attributes); and performing, by the hardware resources and based on the authorization of the nominal completion, the nominal completion of the startup to place the data processing system in a state in which desired computer implemented services are provided (Reddy, par. 0061, 0062 and fig. 4). For claims 3 and 18, Reddy-Terpstra discloses: The non-transitory machine-readable medium of claim 17, wherein performing the response places the data processing system in a remedial state in which the desired computer implemented services are not provided (Reddy, par. 0014: Corrective actions include computer platform being powered down, the computer platform may be isolated from a network, and the computer platform being prevented from joining a fleet in a data center.). For claim 6, Reddy-Terpstra discloses: The method of claim 1, wherein the sideband channel is configured to provide the management controller with management authority of the hardware resources (Reddy, par. 0044 & par. 0024, 0056: Management controller (BMC) (Fig. 1, mgmt. system 103) utilizes management network channel for communication with host (Fig, 1, host 101); Reddy, par. 0029: BMC communicates with mgmt. system; and 0033: Corrective actions including powering down host 101, isolating platform, etc.). For claim 7, Reddy-Terpstra discloses: The method of claim 1, wherein the data processing system comprises a network module adapted to separately advertise network endpoints for the management controller and the hardware resources, the network endpoints being usable by remote entities to address communications to the hardware resources and the management controller (Reddy, par. 0027 BMC 123 provides monitoring of clients/servers and other management functions which may be controlled remotely by management server 190). For claim 8, Reddy-Terpstra discloses: The method of claim 7, wherein an out of band channel that services the management controller runs through the network module, and an in-band channel that services the hardware resources also runs through the network module (Reddy, par. 0027). For claim 10, Reddy-Terpstra discloses: The method of claim 1, wherein the certificate is a cryptographically verifiable data structure, and the data structure comprises information usable to identify the components of the hardware resources present at a point in a past time (Reddy, par. 0011: EK certificate includes following attribute data: manufacturer of the security processor, a model of the security processor, a version of the security processor, a serial number of the security processor, a unique identifier of the security processor). For claim 11, Reddy-Terpstra discloses: The method of claim 10, wherein the point in past time is when manufacturing of the data processing system is complete (Reddypar. 0011: attribute data comprising model & serial number processor assigned at time of manufacture). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy, in view of Terpstra, in view of Shah (US 20190384917). For claim 4, Reddy-Terpstra discloses: The method of claim 3, but fails to disclose “wherein performing the response retains management of the data processing system with a startup management entity, and performing the nominal completion hands off management of the data processing system to an operation management entity.” In a related field, Shah discloses “The network-accessible server system 404 may determine that the boot certificate matches a record in the registry corresponding to a verified boot certificate. If the boot certificate provided in the boot request does not correspond with any verified boot certificate, the network-accessible server system 404 may deny the boot request and prevent the network access device 402 from booting.” (par. 0063, 0071). It would have been obvious to one of ordinary skill before effective filing date of claimed invention to have introduced Shah’s teachings alongside Reddy-Terpstra. The motivation to combine would have been to prevent introduction of malware to a managed system (Shah, par. 0071). For claim 5, Reddy-Terpstra-Shah discloses: The method of claim 4, wherein the secure environment is air gapped from the remote device (Reddy, par. 0033: “The platform certificate verification engine 124…verifies the platform certificate 181 in a pre-boot environment…[C]orrective actions may include…sending an alert message to the management server 190, preventing the computer platform 100 from “joining the fleet” (e.g., preventing the computer platform 100 from being connected to the network fabric 194, or isolating the computer platform 100 from its associated group of nodes 90…). Note: per definition provided in par. 0084 of instant PGPub, “air gapped” system is defined as physical or conceptual air gap.). Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Reddy, Terpstra, in view of Carley (USP 8474016). For claim 9, Reddy-Terpstra discloses: The method of claim 8, but fails to disclose “wherein the management controller and the network module are on separate power domains from the hardware resources so that the management controller and the network module are operable while the hardware resources are inoperable.” In a related field, Carley discloses distinct power circuits for devices within a managed network (col. 11, ll 30-40 & Fig 2: SMACC taught as having separate power circuit/supply from SMACC enabled device). It would have been obvious to one of ordinary skill before effective filing date of claimed invention to have introduced Carley’s teachings alongside Reddy-Terpstra. The motivation to combine would have been to provide redundancy and reliability in a managed network (Carley, col 17, ll 8-12). Claims 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy, Terpstra, in view of Sharma (US 20230325535). For claim 12, Reddy-Terpstra discloses: The method of claim 11, but fails to disclose “wherein the component data indicates the components of the hardware resources present at a second point in time, the validation of the components comprises identifying differences between the components present at the point in past time and the components present at the second point in time, and the second point in time is a present time.” In a related field, Sharma discloses a system in which a prior inventory certificate is compared with a changed/delta inventory of device components (par. 0110-0112). It would have been obvious to one of ordinary skill before effective filing date of claimed invention to have introduced Sharma’s teachings alongside Reddy-Terpstra. The motivation to combine would have been to report to an orchestrator system changed inventory of a computing device (par. 0113). For claim 13, Reddy-Terpstra-Sharma discloses: The method of claim 10, wherein while in the secure environment and prior to starting the startup of the data processing system, a portion of the components of the hardware resources is modified so that the certificate indicates that the components are different from the point in past time (Sharma, par. 0111: Chain-of-trust validation of delta hardware attestation certificate disclosed). For claim 14, Reddy-Terpstra-Sharma discloses: The method of claim 13, wherein performing the validation of the components comprises: requesting, by the management controller, a replacement certificate in order to identify the validation state of the components (Sharma, par. 0110: new/updated delta hardware attestation certificates generated). Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Reddy-Terpstra. For claim 15, Reddy discloses: The method of claim 1, but fails to disclose “wherein the policy prescribes performance of different responses depending on connectivity between the management controller and a management system via an out of band channel.” Examiner takes official notice that techniques for implementing prescribed actions responsive to detection of connection state between network entities were well-known and obvious at time of filing of the instant claimed invention. One of ordinary skill would have been motivated to implement this technique in order to respond to network connectivity detection or failure in a manner that meets with design objectives. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAYTON R WILLIAMS whose telephone number is (571)270-3801. The examiner can normally be reached M-F 10:00am - 6:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached at 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CLAYTON R WILLIAMS/Primary Examiner, Art Unit 2443
Read full office action

Prosecution Timeline

Show 2 earlier events
Oct 16, 2025
Response Filed
Oct 31, 2025
Final Rejection mailed — §103
Jan 07, 2026
Request for Continued Examination
Jan 25, 2026
Response after Non-Final Action
Jan 28, 2026
Non-Final Rejection mailed — §103
Apr 27, 2026
Response Filed
May 18, 2026
Final Rejection mailed — §103
Jul 01, 2026
Interview Requested

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682033
DEVICE AND NETWORK-BASED ENFORCEMENT OF BIOMETRIC DATA USAGE
1y 11m to grant Granted Jul 14, 2026
Patent 12664246
TERMINAL, SYSTEM, CONTROL METHOD OF TERMINAL, AND STORAGE MEDIUM
1y 12m to grant Granted Jun 23, 2026
Patent 12657278
METHOD FOR MANAGING MOBILE APPS
2y 5m to grant Granted Jun 16, 2026
Patent 12652271
METHOD AND APPARATUS FOR SECURITY COMMUNICATION
3y 4m to grant Granted Jun 09, 2026
Patent 12640958
METHOD AND NODE OF A DATA NETWORK FOR FORWARDING DATA CONTENT
2y 8m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
82%
Grant Probability
77%
With Interview (-5.1%)
2y 7m (~1m remaining)
Median Time to Grant
High
PTA Risk
Based on 686 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month