DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responsive to communication received on 01/29/2024. The applicant has submitted 20 claims for examination, all claims are currently pending.
The Examiner recommends filing a written authorization for Internet communication in response to the present action. Doing so permits the USPTO to communicate with Applicant using Internet email to schedule interviews or discuss other aspects of the application. Without a written authorization in place, the USPTO cannot respond to Internet correspondence received from Applicant. The preferred method of providing authorization is by filing form PTO/SB/439, available at: https://www.uspto.gov/patent/forms/forms. See MPEP § 502.03 for other methods of providing written authorization.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1, 4-11, 16 and 19 are rejected under 35 U.S.C. 102 a1,a2 as being anticipated by Sambamurthy US 2014/0282965.
Regarding claims 1, 16 and 19, Sambamurthy teaches a method, non-transitory CRM and system for managing a data processing system, comprising: obtaining motion data for the data processing system, the motion data being usable to characterize a gait pattern for a person transporting the data processing system while the motion data is obtained(SCED of device such as installed on a smart phone obtains motion data characterizing the activity of a user, the motion including gaIe data)
[0065] Is also noted that the SCED may not only interface with the camera and the computer device, but also with any other type of biometric input device, such as skin recognition, iris recognition, galvanic resistant, heartbeat monitoring, gait monitoring, etc.
[0069] In one embodiment, the SCED provides a side-band communications channel to the secure server. The SCED measures and tracks digital and physical activities (e.g., presence, motions, etc.) and establishes a link between the digital and physical activities of the user. In another embodiment, the SCED shares the same network communication path as the computer device.
[0152] In one embodiment, the interaction data further includes one or more of a mouse input, an audio input, a biometric signal for the user, a geographic location of the user, a name of an active application interfaced by the user, an operation to save data to an external device, or an operation to print. In yet another embodiment, the screen captures are performed periodically with an interval between 1 and 10 seconds, although other intervals are also possible.
performing, at least in part, by a management controller of the data processing system, a motion analysis process using the motion data to determine whether the gait pattern of the motion data is expected for the data processing system(determine the user patterns and behaviors fall outside of security model, patterns including gait, ¶s 65,92)
[0065] Is also noted that the SCED may not only interface with the camera and the computer device, but also with any other type of biometric input device, such as skin recognition, iris recognition, galvanic resistant, heartbeat monitoring, gait monitoring, etc.
[0092] In operation 708, the schema generation produces tags, identifies security-critical data, etc., as well as generating alerts based on the security model. A graph, search, analytics, and report generation engine produces security data for the administrator. For example, the security system may identify user patterns and behaviors as well as the times when the behaviors fall outside the security model. In this case, an alert is generated for the administrator identifying the unusual or unsafe behavior.
and in a first instance of the performing of the motion analysis process where it is determined that the gait pattern is not expected for the data processing system(if behavior is outside the mode perform an action such as send and alert, ¶92):
[0092] In operation 708, the schema generation produces tags, identifies security-critical data, etc., as well as generating alerts based on the security model. A graph, search, analytics, and report generation engine produces security data for the administrator. For example, the security system may identify user patterns and behaviors as well as the times when the behaviors fall outside the security model. In this case, an alert is generated for the administrator identifying the unusual or unsafe behavior.
identifying, by the management controller, a policy for the data processing system that, at least in part, governs operation of the data processing system(security policy defines action responsive to detection such as generation of alerts, ¶84),
[0084] The data store 632 includes several types of data, such as raw data related to computer use (e.g., images, inputs, screen captures, etc.), "cleansed" data (e.g., data that results from filtering the raw data according to some criteria), alert schema (e.g., events defined in the security policy that create alerts for administrator), and model results after applying the model to the data. The alert schema may identify potential security threats, such as a user accessing confidential documents that include words like "proprietary" or "confidential."
and initiating, by the management controller, performance of an action set based on the policy to update the operation of the data processing system to place the data processing system in an elevated security state(action can be performed based on rules of a policy such as alerting a administrator, ¶84).
[0084] The data store 632 includes several types of data, such as raw data related to computer use (e.g., images, inputs, screen captures, etc.), "cleansed" data (e.g., data that results from filtering the raw data according to some criteria), alert schema (e.g., events defined in the security policy that create alerts for administrator), and model results after applying the model to the data. The alert schema may identify potential security threats, such as a user accessing confidential documents that include words like "proprietary" or "confidential."
Regarding claim 4, Sambamurthy teaches wherein the motion data is obtained using at least one sensing component of the data processing system from a list of sensing components consisting of: an accelerometer; a gyroscope; a magnetometer; and a global positioning system sensor.
[0080] The data 610 may be captured for any digital or physical activity of the user, such as, mouse inputs, audio inputs, display updates, screen captures, external device being utilized (e.g., plugging in a thumb drive), biometric signals of the user (face, iris, fingerprints, heartbeat, temperature, weight, briefing patterns, etc.), location of the user (e.g., GPS data), timestamps, etc.
Regarding claim 5, Sambamurthy teaches wherein the action set comprises disabling, by the management controller, a portion of hardware resources of the data processing system.
[0098] FIGS. 8A-8C illustrate continuous authentication using a network access device, according to one embodiment. In one embodiment, the computer device access secure resources via a network access device 808. The network access device 808 provides an added level of control for user access, because the network access device allows the system to cut off access by disabling the user from utilizing the network access device 808.
Regarding claim 6, Sambamurthy teaches wherein the portion of the hardware resources comprises a trusted platform module(TPM trusted platform management chip).
[0134] The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as remote attestation and sealed storage. "Remote attestation" creates a nearly unforgeable hash-key summary of the hardware and software configuration. The program encrypting the data determines the extent of the summary of the software. This allows a third party to verify that the software has not been changed. "Binding" encrypts data using the TPM endorsement key, a unique RSA key burned into the chip during its production, or another trusted key descended from it. "Sealing" encrypts data in similar manner to binding, but in addition specifies a state in which the TPM must be in order for the data to be decrypted (unsealed). Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is the expected system. Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution.
Regarding claim 7, Sambamurthy teaches wherein the action set comprises disabling a piece of software hosted by hardware resources of the data processing system(disable authentication processes, ¶112).
[0112] In operation 866, the access to the network access device is denied due to the failure of the authentication, and from operation 866 the method flows back to operation 852. In other embodiments (not shown), after the authentication fails, the method uses another loop to perform continuous authentication while access is disabled, and if the authentication is reestablished, the method goes back to operation 860 to obtain access to the network access device.
Regarding claim 8, Sambamurthy teaches wherein the action set comprises providing, by the management controller and via an out-of-band communication channel and to a service system, a notification indicating that the gait pattern is unexpected(communicate alert to administrator upon determination of non-confirming gait pattern, communication via sidelink/out of band communication link).
[0058] The security control integrated circuit 402 shares a link to the host computer with the display panel IC. This link provides the data to be displayed on the monitor and may utilize one or more different protocols such as HDMI, DVI, DP, etc. In addition, the security control IC 402 utilizes the side band network interface 408 to communicate with a remote security server without having to rely on networking resources from the host. The side band network interface 408 may utilize one or more communications protocols selected from a group consisting of USB, serial port, Ethernet, WiFi, Bluetooth, GPRS, any mobile communications protocol, etc.
[0084] The data store 632 includes several types of data, such as raw data related to computer use (e.g., images, inputs, screen captures, etc.), "cleansed" data (e.g., data that results from filtering the raw data according to some criteria), alert schema (e.g., events defined in the security policy that create alerts for administrator), and model results after applying the model to the data. The alert schema may identify potential security threats, such as a user accessing confidential documents that include words like "proprietary" or "confidential."
Regarding claim 9, Sambamurthy teaches wherein the notification is provided while a portion of hardware resources of the data processing system are inoperable(communication of a security alert to a administrator using sideband and not the regular network is implied since communication to a security server uses the sideband communication, ¶s58,95)
[0058] The security control integrated circuit 402 shares a link to the host computer with the display panel IC. This link provides the data to be displayed on the monitor and may utilize one or more different protocols such as HDMI, DVI, DP, etc. In addition, the security control IC 402 utilizes the side band network interface 408 to communicate with a remote security server without having to rely on networking resources from the host. The side band network interface 408 may utilize one or more communications protocols selected from a group consisting of USB, serial port, Ethernet, WiFi, Bluetooth, GPRS, any mobile communications protocol, etc
[0095] In one embodiment, the user may be also notified that the user has triggered a security alert, such as when the user is accessing a confidential file. Once the user is notified, the user may contact the administrator to explain the identified security alert.
Regarding claim 10, Sambamurthy teaches wherein the policy is obtained by the management controller via an out-of-band communication channel and from a service system tasked with managing policies for the data processing system(security server transmits policies to the SCED via sideband link to enforce access control, ¶s 58,132).
[0058] The security control integrated circuit 402 shares a link to the host computer with the display panel IC. This link provides the data to be displayed on the monitor and may utilize one or more different protocols such as HDMI, DVI, DP, etc. In addition, the security control IC 402 utilizes the side band network interface 408 to communicate with a remote security server without having to rely on networking resources from the host. The side band network interface 408 may utilize one or more communications protocols selected from a group consisting of USB, serial port, Ethernet, WiFi, Bluetooth, GPRS, any mobile communications protocol, etc
[0132] In one embodiment, a security circuit is attached to the bus and controls the output to LCD, by interfacing with the circuitry that drives the LCD (e.g., processor and pixel memory). In addition, the SCED 1114 sends security data to the security server and receives security and configuration commands from the security server. In one embodiment, the security server sends authorized user information to the SCED regarding the users authorized to utilize the computing device, the policy rules for implementing security in the computing device, login parameters, authenticated devices that may be coupled to the computing device, etc.
Regarding claim 11, Sambamurthy teaches wherein when the data processing system is in the elevated security state, data previously accessible via the data processing system is inaccessible via the data processing system(authentication is continuous meaning access can be granted to data but once authentication fails access is denied), ¶s111,112)
[0111] In operation 860, access is granted to the user through the network access device. From operation 860, the method flows to operation 862 were continuous authentication and monitoring of user activities is performed. In operation 864, a check is made to determine if the authentication fails at any point in time. If the user continues being authenticated, the method flows back to operation 862, but if the authentication fails at any time, the method flows to operation 866.
[0112] In operation 866, the access to the network access device is denied due to the failure of the authentication, and from operation 866 the method flows back to operation 852. In other embodiments (not shown), after the authentication fails, the method uses another loop to perform continuous authentication while access is disabled, and if the authentication is reestablished, the method goes back to operation 860 to obtain access to the network access device.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sambamurthy as applied to claim 1 above, and further in view of Lee US 2017/0227995.
Regarding claims 2, 17 and 20, Sambamurthy teaches a remote security server sending security policies to be enforced on the computing device using out of band communication(¶s 127,132) and teaches a machine learning(i.e.self-learning) algorithm to generate the model but is unclear as to which entity performs the self-learning model generation. Thus Sambamurthy does not teach prior to obtaining the motion data and during a provisioning process for the data processing system: obtaining, by the data processing system, initial motion data for the data processing system while a person authorized to transport the data processing system is transporting the data processing system, providing, by the management controller and via an out-of-band communication channel and to a service system, the initial motion data, and obtaining, by the management controller and via the out-of-band communication channel and from the service system, a gait signature, the gait signature being based on the initial motion data. Lee in the same field of endeavor as the invention teaches a system for biometric authentication including gait biometrics(walking behavioral model, ¶35). Lee teaches prior to obtaining the motion data and during a provisioning process for the data processing system: obtaining, by the data processing system, initial motion data for the data processing system while a person authorized to transport the data processing system is transporting the data processing system(during an enrollment phase the initial data from sensors is captured such data including walking behavior (i.e. gait),¶35)
[0035] One embodiment of the enrollment phase is depicted in FIG. 2. At the simplest level, sensor data is first gathered (22). This data can be gathered in a variety of ways; for example, a sensor can be continuously sending data or the sensor can send data only in certain conditions. For example, a given sensor may only send data continuously when it detects motion, or a given sensor may be requested to send data gathered within a period of time before, during, and after when a legitimate user is using an explicit form of authentication (such as signing in with a password, pin, or using some biometric sensor). Once the data is sent, features of that sensor data are extracted (23), and an authentication model is trained (25) based on those extracted features. In some embodiments, a context model (21) is used to improve accuracy. The use of context models stems from the observation that users' behavioral patterns are often different from person to person, and vary under different usage contexts, when they use devices such as smartphones and wearables such as smartwatches or smartglasses. For embodiment, a person's behavior may be different when they are walking versus when they are riding a subway, versus when they are sitting in a chair at home. Instead of authenticating the user with one unified model, it may be better to utilize different finer-grained models to authenticate the user based on different usage contexts. For embodiment, using a user's walking behavioral model to authenticate the same user who is sitting while using the smartphone will likely be less accurate than having an authentication process that determines whether the user is walking or sitting, then using the appropriate authentication model. Thus, in FIG. 2, some or all of the extracted features (23), which may all be in the frequency domain, all in the time domain, or some combination of both, can be combined with the context model (21) to enable a system to detect context (24). That detected context (24) can be used with some or all of the extracted features (23) to train the authentication model (25) as well.
providing, by the management controller and via the communication channel and to a service system, the initial motion data, and(initial enrollment phase included sending sensor data for training an authentication model where the training is performed on a remote server(i.e. security server), ¶9)
[0009]…The method may also include an enrollment phase that includes receiving sensor data, sending the data for use in training an authentication model, and receiving the authentication model, whether the training is done by a remote server, or by the device itself such as a smartphone. In response to a failed authorization attempt, the method may also include blocking further access to a device or generating an alert. The sensor sampling rate may also be adjustable. This method may be conducted via a smartphone application. As such, it may also include utilizing sensors that do not generate data that is of concern for privacy, that would have required permission for those measurements to be used if they were used on the smartphone (such as GPS sensors, camera sensors, or microphones). The method may also include rapidly training an authentication model, such as when the training time is less than about 20 seconds. The method may also be utilized when the sensor is in one device, the authentication is accomplished in a second device, and a third device is optionally requesting the results of the authentication.
obtaining, by the management controller and via the communication channel and from the service system, a gait signature, the gait signature being based on the initial motion data(the authentication model is returned to the device that performs the authentication .. from the remote device(i.e.security server) to the computing device(¶9), the authentication model based on user walking walking patterns(i.e. signature), ¶65)
[0009]…The method may also include an enrollment phase that includes receiving sensor data, sending the data for use in training an authentication model, and receiving the authentication model, whether the training is done by a remote server, or by the device itself such as a smartphone. In response to a failed authorization attempt, the method may also include blocking further access to a device or generating an alert. The sensor sampling rate may also be adjustable. This method may be conducted via a smartphone application. As such, it may also include utilizing sensors that do not generate data that is of concern for privacy, that would have required permission for those measurements to be used if they were used on the smartphone (such as GPS sensors, camera sensors, or microphones). The method may also include rapidly training an authentication model, such as when the training time is less than about 20 seconds. The method may also be utilized when the sensor is in one device, the authentication is accomplished in a second device, and a third device is optionally requesting the results of the authentication.
[0065] Therefore, in one embodiment, two sensors were selected, the accelerometer and gyroscope, because they have higher FS scores and furthermore, are the most common sensors built into current smartphones and smartwatches. These two sensors also represent different information about the user's behavior: 1) the accelerometer records coarse-grained motion patterns of a user, such as how she walks; and 2) the gyroscope records fine-grained motions of a user such as how she holds a smartphone. Furthermore, these sensors do not need the user's permissions, making them useful for continuous background monitoring in implicit authentication scenarios, without requiring user interaction. In some embodiments, only a single sensor is used. In others, two or more are used.
It would have been obvious to a person of ordinary skill in the art before the time of the effective filing of the instant application to modify Sambamurthy security server communicating security rules/polices using out of band communication with performing the machine learning training of an authentication model at a remote device such as the security server. The reason for this modification would be to relieve the computing device of the burden to perform machine learning by offloading such task to the security server.
Claims 3 and 18 is rejected under 35 U.S.C. 103 as being unpatentable over Sambamurthy/Lee as applied to claim 2 and 17 above, and further in view of Phillips US 2019/0213597.
Regarding claims 3 and 18, The combination of Sambamurthy/Lee do not teach wherein performing the motion analysis process comprises: obtaining the gait pattern based on the motion data; comparing the gait pattern to the gait signature for the data processing system identify a level of similarity between the gait pattern and the gait signature; making a determination regarding whether the gait pattern is expected for the data processing system based on the level of similarity; and in a first instance where the level of similarity exceeds a similarity threshold: treating the gait pattern as unexpected. Phillips in the same field of endeavor as the invention teaches a system for transaction authentication using biometrics such as gait signatures. Phillips teaches wherein performing the motion analysis process comprises: obtaining the gait pattern based on the motion data(gait signature from sensors is obtained and compared to a gait authentication signature that is expected for a user, ¶23)
comparing the gait pattern to the gait signature for the data processing system identify a level of similarity between the gait pattern and the gait signature(gait signature is compared to expected gait signature and if a match within a threshold similarity is judged as matching, ¶23)
making a determination regarding whether the gait pattern is expected for the data processing system based on the level of similarity(gait signature is compared to expected gait signature and if a match withing a threshold similarity is judged as matching, ¶23)
and in a first instance where the level of similarity exceeds a similarity threshold: treating the gait pattern as unexpected(if beyond threshold of similarity user in not authentic and transaction is denied or delayed, ¶23,72)
[0023] Authentication device 230 includes one or more devices capable of receiving, generating, storing, processing, and/or providing information associated with authentication based on sensor data. For example, authentication device 230 may include a communication and/or computing device, such as a server computer, personal computer, mobile phone, laptop computer, tablet computer, or a similar type of device. Authentication device 230 may be capable of analyzing sensor data to produce sensor based signatures, produce sensor data that can be compared to the signatures, and/or determine whether sensor data matches a signature. Signatures may be based on a variety of authentication, such as object recognition methods (e.g., facial recognition, fingerprint recognition, retina recognition, voice recognition, and/or the like), gait recognition, ocular recognition, and/or the like. For example, authentication device 230 may include a gait authentication device that uses raw sensor data as input (e.g., gait sensor data, such as GPS, accelerometer, and/or gyroscope data) to produce a gait signature for a user. An example gait recognition device may also be capable of using raw sensor data to convert the sensor data into gait data that can be compared to a gait signature. Additionally, or alternatively, an example gait recognition device may perform authentication by comparing gait data to a gait signature to determine whether a match exists (e.g., an exact match or a match within a threshold degree of similarity).
[0072] In some implementations, the action may include denying or holding the transaction, e.g., pending additional confirmation and/or authentication. For example, if transaction server 220 does not confirm and/or authenticate a transaction, transaction server 220 may cause the transaction to be denied or held (e.g., by holding or denying the transaction at the transaction server 220 and/or notifying a third party associated with the transaction—such as a bank associated with the user of the first user device 210 and/or second user device 210). Denying and/or holding the transaction may enable the user of the first user device 210 and/or the user of the second user device 210 to retry confirmation and/or authentication of the transaction in the same or a similar manner, or using a different form of confirmation and/or authentication. Holding and/or denying a transaction based on lack of confirmation and/or authentication may increase the security of transactions performed by user devices 210 that make use of transaction server 220 to confirm and/or authenticate transactions.
It would have been obvious to a person of ordinary skill in the art before the time of the effective filing date of the instant application to modify Sambamurthy/Lee’s gait based authentication with determining the a threshold level of similarity is determined. The reason for this modification would be to ensure that sufficient similarity to the gait signature for stronger authentication.
Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Sambanurthy as applied to claim 1 above, and further in view of Shah US 2013/0326039.
Regarding claim 12, Sambamurthy does not teach wherein the data processing system comprises a network module adapted to separately advertise network endpoints for the management controller and hardware resources of the data processing system, the network endpoints being usable by a service system to address communications to the hardware resources and the management controller. Shah in the same field of endeavor as the invention teaches a system for a network controller with integrated management controller. Shah teaches wherein the data processing system comprises a network module adapted to separately advertise network endpoints for the management controller and hardware resources of the data processing system, the network endpoints being usable by a service system to address communications to the hardware resources and the management controller(network control provide connection and routing of regular network traffic to host and management traffic to management controllers(ie. BMCs out-of band management), ¶s28, 51)
[0028] The integration provides, in one NC 102, all of the network ports and interfaces for both network controller functions and management controller functions. As noted above, the network ports can be individually configured to allow any combination of management and network communication traffic. Packet filtering and merging logic facilitates delivering traffic to the appropriate controller or host and sending and receiving both network and management communications over the same port.
[0051] Additionally, one or more network interfaces may be provided in the NC 102 for network traffic (e.g., LAN traffic). The network interfaces may include one or more ports, for example, each of which may support a certain traffic rate (e.g., 100 Mbps or 1 Gbps). The network interfaces may include port configuration logic that is operable to specify, on a global or individual basis whether any particular port or group of ports is permitted to carry or support: 1) network communication traffic for the network controller but no management communication traffic for the management controller; 2) management communication traffic but no network communication traffic; 3) both network communication traffic and management communication traffic; and 4) neither network communication traffic nor management communication traffic.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the instant application to modify Sambamurthy
with network controller that handles both network and management traffic as taught by Shah. The reason for this modification would be to provide more efficient connection that processes both normal host traffic and management traffic relieving the need for a dedicated management port on a device.
Regarding claim 13, Shah teaches wherein an out-of-band communication channel that services the management controller runs through the network module, and an in-band communication channel that services the hardware resources also runs through the network module(management and regular network traffic through same network interface, ¶51)
[0051] Additionally, one or more network interfaces may be provided in the NC 102 for network traffic (e.g., LAN traffic). The network interfaces may include one or more ports, for example, each of which may support a certain traffic rate (e.g., 100 Mbps or 1 Gbps). The network interfaces may include port configuration logic that is operable to specify, on a global or individual basis whether any particular port or group of ports is permitted to carry or support: 1) network communication traffic for the network controller but no management communication traffic for the management controller; 2) management communication traffic but no network communication traffic; 3) both network communication traffic and management communication traffic; and 4) neither network communication traffic nor management communication traffic.
Claims 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Sambamurthy/Shah as applied to claim 12 above, and further in view of Gadi US 2024/0241728.
Regarding 14, Sambamurthy/Shah does not teach wherein the management controller and the network module are on separate power domains from the hardware resources so that the management controller and the network module are operable while the hardware resources are inoperable. Gadi in the same field of endeavor as the invention teaches a system for remote management and monitoring of computing devices. Gadi teaches wherein the management controller and the network module are on separate power domains from the hardware resources so that the management controller and the network module are operable while the hardware resources are inoperable(separate power supply( i.e. domain) from one that host(device) uses , provides power to management controller(SCED device of Sambamurthy) so that maintenance/security monitoring can be performed while host(device) is shutdown., ¶s 32,34)
)[0032] The DPU maintenance process 152 can be a DPU component installer executed by the host device 106 to perform an installation of a software, firmware, or other executable instruction set on the DPU device 106. The DPU maintenance process 152 can be a host shutdown process that includes host-DPU coordination instructions executed by the host device 106 to coordinate with the DPU device 106 for host shutdowns. The DPU maintenance process 152 can be a DPU reboot process that includes host-DPU coordination instructions executed by the host device 106 to coordinate reboots of the DPU device 106. The DPU maintenance process 152 can be provided to the host device 106 using a command from the management service 120, downloaded from a network location, or from a USB or other removable media device connected to the host device 106.
[0034] The BMC 159 can include a specialized processor, chip, system-on-chip, or other hardware devices used for “remote” monitoring and management of the host device 106. The BMC 159 can be part of the motherboard or baseboard of the host device 106. In some examples, the BMC 159 can have a separate power supply that can enable the BMC 159 to remain operational even if the host device 106 is power cycled. The BMC 159 can be accessed using a network connection. The BMC 159 can access the installer server component using this network connection, although the BMC 159 can be considered part of the same host device 106 by being located on the motherboard.
It would have been obvious to a person of ordinary skill in the art before the effective filing of the invention to implement apply the concept of a separate power supply to the management controller as taught by Shah to provide a separate power to the security device of Sambamurthy/Shah. The reason for this modification would be to allow management function such as monitoring of the device even if the device is shutdown by unauthorized access.
Regarding claim 15 Gadi teaches wherein the motion analysis process is performed while a portion of the hardware resources are inoperable due to being unpowered(main host /device is shiwndown, ¶32).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tom Y. Chang whose telephone number is 571-270-5938. The examiner can normally be reached on Monday-Friday from 9am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise, can be reached on (571)272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/TOM Y CHANG/
Primary Examiner, Art Unit 2455