Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. This Office Action is responsive to the communication filed 4/16/2026.
Claim Status
2. Claims 1, 7, and 13 have currently been amended.
Response to Arguments
3. The applicant’s arguments filed 4/16/2026 have been taken into consideration, but are moot in view of new grounds of rejection.
In response to the applicant’s argument (disclosed on pg. 1-2 of the remarks segment) that prior art reference Fang et al fails to teach or suggest a low-severity level associated with accelerometer events or a high-severity level associated with chassis opening sensor events:
Regarding the recitation of the claim limitation and the broadly-implemented language of the term “associated with”, the examiner maintains that the determined security risk levels, including low, medium, and high risk, corresponding to a plurality of physical operations that may be performed on a device, such as a laptop or mobile phone (as disclosed in fig. 1A, fig. 3, fig. 6, and par [0121-0124] of Fang et al), such as opening a door/cover of the device (which one of ordinary skill in the art would consider obvious in light of a chassis opening sensor event because one of the sensors, disclosed in par [0078]and [0096] of Fang et al, would be required to determine a breach/opening of a device cover) or a security level corresponding to a detected usual or abnormal rate/speed in which the device has been moved or accessed in the event of a biometric authentication attempt, measured by an accelerometer embedded on the device (as disclosed in fig. 6B, par [0079], and par [0097] of Fang et al) are obvious in light of the claimed limitations.
The examiner recommends amending the claim language to add more clarity to the term “severity level associated with”.
Claim Rejections – 35 USC 103
4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
5. Claims 1-3, 5-9, 11-15, and 17-18 are rejected under 35 USC 103 as being unpatentable over Sinha et al (US 2022/0398597) in view of Swierk et al (US 2018/0253569), in view of Fang et al (US 2024/0095329), further in view of Magyar et al (US 2017/0032658).
Regarding claim 1, Sinha et al an information handling system (fig. 1, ‘110) comprising:
at least one processor (fig. 4, ‘402);
a plurality of physical sensors including at least one sensor selected from the group comprising vibration sensors, accelerometers (par [0025], line 15), temperature sensors (par [0031], lines 10-12), chassis opening sensors, and tilt sensors;
a firmware having instructions coded thereon (par [0028-0029]) that are executable by the at least one processor; and
performing a remedial action based on the determined severity level (par [0100], lines 1-10 and par [0121], which disclose performing corrective actions once intrusion and anomalous activity have been detected).
Sinha et al does not explicitly teach detecting, based on one or more of the physical sensors, an unauthorized tampering event associated with the information handling system; transmitting data regarding the tampering event to a central monitoring system; triggering an alert in response to detecting the unauthorized tampering event; and wherein the transmitted data comprises the alert.
However, Swierk et al teaches detecting, based on one or more of the physical sensors, an unauthorized tampering event associated with the information handling system (par [0146], which discloses using tampering sensors for tamper detection in an IHS environment); transmitting data regarding the tampering event to a central monitoring system (par [0119], lines 1-3, “monitor hardware intrusion detection”); receiving data regarding a plurality of tampering events from a plurality of information handling systems (par [0005], lines 6-12, which discloses information handling systems being implemented to disclose events indicative of physical tampering);
triggering an alert in response to detecting the unauthorized tampering event (par [0123], lines 7-8, “alerting whenever any unauthorized, physical tampering is detected”); and
wherein the transmitted data comprises the alert (par [0139], lines 8-10, “send an alert via alerts and notification component”).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Swierk et al within the teachings of Sinha et al in order to provide the predictive result of improving recognizing and detection of potential threats and hazards within a remote monitoring environment by providing remote anomaly alerts and notification in the event that anomalous events are detected (as disclosed in par [0139] and par [0146] of Swierk et al) because this feature would further prevent malicious threats from occurring within the embodiments of Sinha et al by providing the anomalous notifications before each potential threat has been fully executed.
Sinha et al and Swierk et al do not explicitly teach wherein the central monitoring system is configured to: determine a severity level from a group of severity levels for each of the plurality of tampering events, wherein the group of severity levels includes a low-severity level associated with accelerometer events and a high-severity level associated with chassis opening sensor events.
However, Fang et al teaches wherein the central monitoring system is configured to:
determine a severity level from a group of severity levels for each of the plurality of tampering events (par [0121], which discloses risk levels associated with different operations), wherein the group of severity levels includes a low-severity level associated with accelerometer events (fig. 3, ‘180F, par [0078], par [0097], lines 1-10, and par [0123], lines 1-10, which disclose a determined low security risk level corresponding to operations detected by various sensors, including an acceleration sensor) and a high-severity level associated with chassis opening sensor events (par [0122], which discloses a high security risk level associated with the operation of opening a door).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Fang et al within the teachings of Sinha et al and Swierk et al in order to provide the predictive result of improving security and reliability of the authentication result, and avoid a problem that security of the authentication result is low by using multiple devices to obtain authentication results (as disclosed in par [0017] of Fan et al) because using a single device is limited by hardware or an authentication capability and an acquisition capability are insufficient.
Sinha et al, Swierk et al, and Fang et al do not explicitly teach continuously monitoring the plurality of physical sensors.
However, Magyar et al teaches continuously monitoring the plurality of physical sensors (par [0013] & par [0020], lines 1-5, which disclose a device control continuously monitoring a plurality of sensors during an armed state).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Magyar et al within the teachings of Sinha et al, Swierk et al, and Fang et al in order to provide the predictive result of providing more precise sensing of anomalous events or potential tampering of components in a physical device by using continuity sensors to detect and prevent attempts by unauthorized parties to block signals transmitted by sensors that expose the potential threats or tampering (as disclosed in par [0022] of Magyar et al).
Regarding claim 2, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 1.
Sinha et al further teaches wherein the information handling system is a portion of a hyper-converged infrastructure (HCI) system (par [0026], line 12).
Regarding claim 3, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 1.
Sinha et al further teaches wherein the information handling system is an edge node of the HCI system (par [0026], line 12).
Regarding claim 5, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 1.
Sinha et al further teaches at least one tamper-evident mechanism (par [0099], lines 5-6).
Regarding claim 6, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 1.
Sinha et al further teaches wherein the tamper-evident mechanism is selected from the group consisting of seals and intrusion detection systems (par [0039], “detect changes to the components”).
Regarding claim 7, Sinha et al a method comprising:
an information handling system (fig. 1, ‘110) wherein the plurality of physical sensors including at least one sensor selected from the group consisting of vibration sensors, accelerometers (par [0025], line 15), temperature sensors (par [0031], lines 10-12), chassis opening sensors, and tilt sensors;
the information handling system transmitting, via a firmware thereof (par [0028-0029]), data regarding the tampering event (par [0039-0040], which discloses detecting and providing change event data correspond to the monitored components); and
performing a remedial action based on the determined severity level (par [0100], lines 1-10 and par [0121], which disclose performing corrective actions once intrusion and anomalous activity have been detected).
Sinha et al does not explicitly teach the information handling system detecting, via the plurality physical sensors thereof, an unauthorized tampering event associated with the information handling system; transmitting data regarding the tampering event to a central monitoring system; the information handling system triggering an alert in response to detecting the unauthorized tampering event; and wherein the transmitted data comprises the alert.
However, Swierk et al teaches detecting, via a plurality physical sensors thereof, an unauthorized tampering event associated with the information handling system (par [0146], which discloses using tampering sensors for tamper detection in an IHS environment); transmitting data regarding the tampering event to a central monitoring system (par [0119], lines 1-3, “monitor hardware intrusion detection”); receive data regarding a plurality of tampering events from a plurality of information handling systems (par [0005], lines 6-12, which discloses information handling systems being implemented to disclose events indicative of physical tampering);
the information handling system triggering an alert in response to detecting the unauthorized tampering event (par [0123], lines 7-8, “alerting whenever any unauthorized, physical tampering is detected”); and
wherein the transmitted data comprises the alert (par [0139], lines 8-10, “send an alert via alerts and notification component”).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Swierk et al within the teachings of Sinha et al in order to provide the predictive result of improving recognizing and detection of potential threats and hazards within a remote monitoring environment by providing remote anomaly alerts and notification in the event that anomalous events are detected (as disclosed in par [0139] and par [0146] of Swierk et al) because this feature would further prevent malicious threats from occurring within the embodiments of Sinha et al by providing the anomalous notifications before each potential threat has been fully executed.
Sinha et al and Swierk et al do not explicitly teach wherein the central monitoring system is configured to: determine a severity level from a group of severity levels for each of the plurality of tampering events, wherein the group of severity levels includes a low-severity level associated with accelerometer events and a high-severity level associated with chassis opening sensor events.
However, Fang et al teaches wherein the central monitoring system is configured to:
determine a severity level from a group of severity levels for each of the plurality of tampering events (par [0121], which discloses risk levels associated with different operations), wherein the group of severity levels includes a low-severity level associated with accelerometer events (fig. 3, ‘180F, par [0078], par [0097], lines 1-10, and par [0123], lines 1-10, which disclose a determined low security risk level corresponding to operations detected by various sensors, including an acceleration sensor) and a high-severity level associated with chassis opening sensor events (par [0122], which discloses a high security risk level associated with the operation of opening a door).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Fang et al within the teachings of Sinha et al and Swierk et al in order to provide the predictive result of improving security and reliability of the authentication result, and avoid a problem that security of the authentication result is low by using multiple devices to obtain authentication results (as disclosed in par [0017] of Fan et al) because using a single device is limited by hardware or an authentication capability and an acquisition capability are insufficient.
Sinha et al, Swierk et al, and Fang et al do not explicitly teach continuously monitoring the plurality of physical sensors.
However, Magyar et al teaches continuously monitoring the plurality of physical sensors (par [0013] & par [0020], lines 1-5, which disclose a device control continuously monitoring a plurality of sensors during an armed state).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Magyar et al within the teachings of Sinha et al, Swierk et al, and Fang et al in order to provide the predictive result of providing more precise sensing of anomalous events or potential tampering of components in a physical device by using continuity sensors to detect and prevent attempts by unauthorized parties to block signals transmitted by sensors that expose the potential threats or tampering (as disclosed in par [0022] of Magyar et al).
Regarding claim 8, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 7.
Sinha et al further teaches wherein the information handling system is a portion of a hyper-converged infrastructure (HCI) system (par [0026], line 12).
Regarding claim 9, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 7.
Sinha et al further teaches wherein the information handling system is an edge node of the HCI system (par [0026], line 12).
Regarding claim 11, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 7.
Sinha et al further teaches at least one tamper-evident mechanism (par [0099], lines 5-6).
Regarding claim 12, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 7.
Sinha et al further teaches wherein the tamper-evident mechanism is selected from the group consisting of seals and intrusion detection systems (par [0039], “detect changes to the components”).
Regarding claim 13, Sinha et al an article of manufacture comprising a non-transitory, computer-readable medium (par [0003], lines 1-3) having computer-executable instructions thereon that are executable by a processor (fig. 4, ‘402) of an information handling system (fig. 1, ‘110) for:
a plurality of physical sensors of the information handling system (par [0025], line 15), and wherein the plurality of physical sensors include at least one sensor selected from the group comprising vibration sensors, accelerometers (par [0025], line 15), temperature sensors (par [0031], lines 10-12), chassis opening sensors, and tilt sensors;
transmitting, via a firmware thereof (par [0028-0029]), data regarding the tampering event (par [0039-0040], which discloses detecting and providing change event data correspond to the monitored components); and
performing a remedial action based on the determined severity level (par [0100], lines 1-10 and par [0121], which disclose performing corrective actions once intrusion and anomalous activity have been detected).
Sinha et al does not explicitly teach detecting, via the plurality physical sensors, an unauthorized tampering event associated with the information handling system; and transmitting, via the firmware, data regarding the tampering event to a central monitoring system; and wherein the transmitted data comprises the alert.
However, Swierk et al teaches detecting, via the plurality physical sensors, an unauthorized tampering event associated with the information handling system (par [0146], which discloses using tampering sensors for tamper detection in an IHS environment); transmitting data regarding the tampering event to a central monitoring system (par [0119], lines 1-3, “monitor hardware intrusion detection”);
receive data regarding a plurality of tampering events from a plurality of information handling systems (par [0005], lines 6-12, which discloses information handling systems being implemented to disclose events indicative of physical tampering); and
wherein the transmitted data comprises the alert (par [0139], lines 8-10, “send an alert via alerts and notification component”).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Swierk et al within the teachings of Sinha et al in order to provide the predictive result of improving recognizing and detection of potential threats and hazards within a remote monitoring environment by providing remote anomaly alerts and notification in the event that anomalous events are detected (as disclosed in par [0139] and par [0146] of Swierk et al) because this feature would further prevent malicious threats from occurring within the embodiments of Sinha et al by providing the anomalous notifications before each potential threat has been fully executed.
Sinha et al and Swierk et al do not explicitly teach wherein the central monitoring system is configured to: determine a severity level from a group of severity levels for each of the plurality of tampering events, wherein the group of severity levels includes a low-severity level associated with accelerometer events and a high-severity level associated with chassis opening sensor events.
However, Fang et al teaches wherein the central monitoring system is configured to:
determine a severity level from a group of severity levels for each of the plurality of tampering events (par [0121], which discloses risk levels associated with different operations), wherein the group of severity levels includes a low-severity level associated with accelerometer events (fig. 3, ‘180F, par [0078], par [0097], lines 1-10, and par [0123], lines 1-10, which disclose a determined low security risk level corresponding to operations detected by various sensors, including an acceleration sensor) and a high-severity level associated with chassis opening sensor events (par [0122], which discloses a high security risk level associated with the operation of opening a door).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Fang et al within the teachings of Sinha et al and Swierk et al in order to provide the predictive result of improving security and reliability of the authentication result, and avoid a problem that security of the authentication result is low by using multiple devices to obtain authentication results (as disclosed in par [0017] of Fan et al) because using a single device is limited by hardware or an authentication capability and an acquisition capability are insufficient.
Sinha et al, Swierk et al, and Fang et al do not explicitly teach continuously monitoring the plurality of physical sensors of the information handling system.
However, Magyar et al teaches continuously monitoring the plurality of physical sensors of the information handling system (par [0013] & par [0020], lines 1-5, which disclose a device control continuously monitoring a plurality of sensors during an armed state).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to be motivated to combine the teachings of Magyar et al within the teachings of Sinha et al, Swierk et al, and Fang et al in order to provide the predictive result of providing more precise sensing of anomalous events or potential tampering of components in a physical device by using continuity sensors to detect and prevent attempts by unauthorized parties to block signals transmitted by sensors that expose the potential threats or tampering (as disclosed in par [0022] of Magyar et al).
Regarding claim 14, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 13.
Sinha et al further teaches wherein the information handling system is a portion of a hyper-converged infrastructure (HCI) system (par [0026], line 12).
Regarding claim 15, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 13.
Sinha et al further teaches wherein the information handling system is an edge node of the HCI system (par [0026], line 12).
Regarding claim 17, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 13.
Sinha et al further teaches at least one tamper-evident mechanism (par [0099], lines 5-6).
Regarding claim 18, Sinha et al, Swierk et al, Fang et al, and Magyar et al teach the limitations of claim 13.
Sinha et al further teaches wherein the tamper-evident mechanism is selected from the group consisting of seals and intrusion detection systems (par [0039], “detect changes to the components”).
Conclusion
Applicant's amendment necessitated the new grounds of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RANDY A SCOTT/Primary Examiner, Art Unit 2439 20260503
Prosecution Insights