Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending per amendment.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/7/26 has been entered.
Response to Arguments
Applicant’s arguments with respect to claims 1, 16 and 19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Terpstra is now relied upon to address alleged deficiencies of Reddy.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 6-8, 10, 11 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy (US 20230342446), in view of Terpstra (US 20230297682).
For claims 1, 16 and 19, Reddy discloses:
A data processing system, comprising:
a processor (par. 0010); and
a memory (par. 0010) coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing operation of the data processing system, the operations comprising:
while the data processing system is in a secure environment that prevents hardware resources of the data processing system from establishing an operable connection to a remote device (par. 0033: “The platform certificate verification engine 124…verifies the platform certificate 181 in a pre-boot environment…[C]orrective actions may include…sending an alert message to the management server 190, preventing the computer platform 100 from “joining the fleet” (e.g., preventing the computer platform 100 from being connected to the network fabric 194, or isolating the computer platform 100 from its associated group of nodes 90, and so forth).”):
starting, by the hardware resources, a startup of the data processing system (par. 0017 system startup); and
during the startup:
making, by the management controller, a determination regarding whether the components are validated based on the validation state (par. 0014: “If the verification component reveals that the actual attributes of the computer platform differ from the attested attributes, then the verification fails, and computer platform may be considered to be compromised.”), and
in a first instance of the determination where the components are not validated:
identifying, by the management controller and based on a policy for the data processing system, a response (par. 0014: Corrective actions for validation failure include powering down computer platform and preventing the computer platform from joining a fleet in a data center.); and
performing the response to manage an impact of an inability of the components to be validated (par. 0014: Powering down computer platform and preventing the computer platform from joining a fleet in a data center are among possible responses.).
While Reddy discloses a baseboard management controller (BMC) performing certificate and attribute verification via a management network channel (par. 0014, 0016, 0044, 0024, 0056), it fails to explicitly disclose:
“obtaining, by a management controller of the data processing system and via a sideband channel from a basic input/output system (BIOS), hardware component loadout for components of the hardware resources,
performing, by the management controller, a validation of the components by comparing the hardware component loadout with an expected component loadout in a certificate stored in the management controller to identify a validation state of the components”.
However, in a related endeavor, Terpstra discloses “…the BIOS engine 304 may determine whether a computing device change has been identified as a result of a change between any of a reference computing device component inventory and the current computing device component inventory determined at block 402…” (par. 0062) That is, “the current computing device component inventory identified as part of the platform certificate measurements 602 at block 402 and/or by the PCR1 attestation handler 604” is “compared against the platform/component device component certificates” (par. 0062). Furthermore, if no changes are detected, the BIOS subsystem causes computing device to enter a runtime state (par. 0063).
It would have been obvious to one of ordinary skill, before effective filing date of instant claimed invention, to have introduced Terpstra’s teachings alongside Reddy. The motivation to combine would have been to ensure validated hardware components are detected to ensure a trusted boot environment (Terpstra, par. 0056, 0060 and 0061)
For claims 2, 17 and 20, Reddy-Terpstra discloses:
The data processing system of claim 19, the operations further comprising:
in a second instance of the determination where the components are validated: authorizing, by the management controller and based on the validation state, a nominal completion of the startup (Reddy, par. 0061, 0062 and fig. 4, steps 414, 416, 418, 432: BMC verifies computing system certificate and expected attributes); and
performing, by the hardware resources and based on the authorization of the nominal completion, the nominal completion of the startup to place the data processing system in a state in which desired computer implemented services are provided (Reddy, par. 0061, 0062 and fig. 4).
For claims 3 and 18, Reddy-Terpstra discloses:
The non-transitory machine-readable medium of claim 17, wherein performing the response places the data processing system in a remedial state in which the desired computer implemented services are not provided (Reddy, par. 0014: Corrective actions include computer platform being powered down, the computer platform may be isolated from a network, and the computer platform being prevented from joining a fleet in a data center.).
For claim 6, Reddy-Terpstra discloses:
The method of claim 1, wherein the sideband channel is configured to provide the management controller with management authority of the hardware resources (Reddy, par. 0044 & par. 0024, 0056: Management controller (BMC) (Fig. 1, mgmt. system 103) utilizes management network channel for communication with host (Fig, 1, host 101); Reddy, par. 0029: BMC communicates with mgmt. system; and 0033: Corrective actions including powering down host 101, isolating platform, etc.).
For claim 7, Reddy-Terpstra discloses:
The method of claim 1, wherein the data processing system comprises a network module adapted to separately advertise network endpoints for the management controller and the hardware resources, the network endpoints being usable by remote entities to address communications to the hardware resources and the management controller (Reddy, par. 0027 BMC 123 provides monitoring of clients/servers and other management functions which may be controlled remotely by management server 190).
For claim 8, Reddy-Terpstra discloses:
The method of claim 7, wherein an out of band channel that services the management controller runs through the network module, and an in-band channel that services the hardware resources also runs through the network module (Reddy, par. 0027).
For claim 10, Reddy-Terpstra discloses:
The method of claim 1, wherein the certificate is a cryptographically verifiable data structure, and the data structure comprises information usable to identify the components of the hardware resources present at a point in time in the past (Reddy, par. 0011: EK certificate includes following attribute data: manufacturer of the security processor, a model of the security processor, a version of the security processor, a serial number of the security processor, a unique identifier of the security processor).
For claim 11, Reddy-Terpstra discloses:
The method of claim 10, wherein the point in time in the past is when manufacturing of the data processing system is complete (Reddypar. 0011: attribute data comprising model & serial number processor assigned at time of manufacture).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy, in view of Terpstra, in view of Shah (US 20190384917).
For claim 4, Reddy-Terpstra discloses:
The method of claim 3, but fails to disclose “wherein performing the response retains management of the data processing system with a startup management entity, and performing the nominal completion hands off management of the data processing system to an operation management entity.”
In a related field, Shah discloses “The network-accessible server system 404 may determine that the boot certificate matches a record in the registry corresponding to a verified boot certificate. If the boot certificate provided in the boot request does not correspond with any verified boot certificate, the network-accessible server system 404 may deny the boot request and prevent the network access device 402 from booting.” (par. 0063, 0071).
It would have been obvious to one of ordinary skill before effective filing date of claimed invention to have introduced Shah’s teachings alongside Reddy-Terpstra. The motivation to combine would have been to prevent introduction of malware to a managed system (Shah, par. 0071).
For claim 5, Reddy-Terpstra-Shah discloses:
The method of claim 4, wherein the operation management entity comprises an operating system (Shah, par. 0063, 0071).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Reddy, Terpstra, in view of Carley (USP 8474016).
For claim 9, Reddy-Terpstra discloses:
The method of claim 8, but fails to disclose “wherein the management controller and the network module are on separate power domains from the hardware resources so that the management controller and the network module are operable while the hardware resources are inoperable.”
In a related field, Carley discloses distinct power circuits for devices within a managed network (col. 11, ll 30-40 & Fig 2: SMACC taught as having separate power circuit/supply from SMACC enabled device).
It would have been obvious to one of ordinary skill before effective filing date of claimed invention to have introduced Carley’s teachings alongside Reddy-Terpstra. The motivation to combine would have been to provide redundancy and reliability in a managed network (Carley, col 17, ll 8-12).
Claims 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Reddy, Terpstra, in view of Sharma (US 20230325535).
For claim 12, Reddy-Terpstra discloses:
The method of claim 11, but fails to disclose “wherein the component data indicates the components of the hardware resources present at a second point in time, the validation of the components comprises identifying differences between the components present at the point in time in the past and the components present at the second point in time, and the second point in time is a present time.”
In a related field, Sharma discloses a system in which a prior inventory certificate is compared with a changed/delta inventory of device components (par. 0110-0112).
It would have been obvious to one of ordinary skill before effective filing date of claimed invention to have introduced Sharma’s teachings alongside Reddy-Terpstra. The motivation to combine would have been to report to an orchestrator system changed inventory of a computing device (par. 0113).
For claim 13, Reddy-Terpstra-Sharma discloses:
The method of claim 10, wherein while in the secure environment and prior to starting the startup of the data processing system, a portion of the components of the hardware resources is modified so that the certificate indicates that the components are different from the point in time in the past (Sharma, par. 0111: Chain-of-trust validation of delta hardware attestation certificate disclosed).
For claim 14, Reddy-Terpstra-Sharma discloses:
The method of claim 13, wherein performing the validation of the components comprises:
requesting, by the management controller, a replacement certificate in order to identify the validation state of the components (Sharma, par. 0110: new/updated delta hardware attestation certificates generated).
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Reddy-Terpstra.
For claim 15, Reddy discloses:
The method of claim 1, but fails to disclose “wherein the policy prescribes performance of different responses depending on connectivity between the management controller and a management system via an out of band channel.”
Examiner takes official notice that techniques for implementing prescribed actions responsive to detection of connection state between network entities were well-known and obvious at time of filing of the instant claimed invention. One of ordinary skill would have been motivated to implement this technique in order to respond to network connectivity detection or failure in a manner that meets with design objectives.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAYTON R WILLIAMS whose telephone number is (571)270-3801. The examiner can normally be reached M-F 10:00am - 6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached at 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CLAYTON R WILLIAMS/Primary Examiner, Art Unit 2443