DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-6 and 17-19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kumar et al. (US 20240160431).
Regarding claim 1, Kumar teaches
An Information Handling System (IHS), comprising:
a controller, wherein the controller comprises firmware that, upon execution by a processing core, causes the processing core to instantiate an orchestrator; and a plurality of devices coupled to the controller, wherein each device comprises firmware that, upon execution by a corresponding processing core, causes the corresponding processing core to instantiate a node as part of a firmware framework, and ([0016], “a CPU or processor in a server platform or network interface device to boot from boot code by loading boot code from memory of a management controller, instead of loading the boot code from a flash memory. FIG. 2 depicts an example of boot image loading from a memory of a management controller by a system.”, [0018], “boot controller 203 can be implemented using a CPU core or a thread of a multi-threaded core. Boot controller 203 can load boot firmware image 222 from memory 212 of management controller 210.”, [0017], “Management controller 210 can perform management and monitoring capabilities for system administrators to monitor operation at least of host 200 and devices connected thereto, such as, network interface device 250 and storage device 260, using channels, including channels that can communicate data (e.g., in-band channels) and out-of-band channels. … management controller 210 can be implemented as one or more of: Board Management Controller (BMC), Intel® Management or Manageability Engine (ME), or other devices.” And [0031], “Boot firmware image server 400 can be connected to servers 410-1 to 410-X, where X is an integer, via a network. Boot firmware image server 400 can communicate with servers 410-1 to 410-X in a secure manner (e.g., encrypted communications).)
wherein a given node is configured to communicate with the orchestrator, at least in part, using a security service of the firmware framework without any involvement by any Operating System (OS) of the IHS. ([0031], “Boot firmware image server 400 can be connected to servers 410-1 to 410-X, where X is an integer, via a network. Boot firmware image server 400 can communicate with servers 410-1 to 410-X in a secure manner (e.g., encrypted communications). … For example, boot firmware image server 400 can configure one or more of management controllers 412-0 to 412-X so that loading of boot firmware 402 by a boot controller occurs from a memory of management controller.”, [0044], “the SMM code injection capsule (e.g., a driver) along with meta-data can be provided by an administrator or orchestrator to management controller. Management controller can verify the meta-data associated with the SMM code injection capsule … to verify the SMM code injection capsule is to be written to the target platform. If verified, the management controller can copy the SMM code injection capsule to the processor-executed SMM through Memory-Mapped BMC Interface (MMBI), input/output (I/O), or memory interface and trigger an SMI. The SMM can be implemented as a processor-executed operating mode for handling system operations including power management, hardware control, or proprietary designed code.” [0022], “UEFI can support remote diagnostics and repair of computers, even with no operating system installed. A boot loader can be written for UEFI and can be instructions that a boot code firmware can execute”, claim 9, “first boot firmware code comprises one or more of: microcode, Basic Input/Output System (BIOS), Universal Extensible Firmware Interface (UEFI), a boot loader” and [0038], “an OS agent is not used to update microcode (either update or rollback)”)
Regarding claim 2, Kumar teaches wherein the controller comprises an Embedded Controller (EC) or Baseband Management Controller (BMC). ([0017], “management controller 210 can be implemented as one or more of: Board Management Controller (BMC), Intel® Management or Manageability Engine (ME)”)
Regarding claim 3, Kumar teaches wherein the plurality of devices comprises at least one of: a sensor, a sensor hub, a Central Processing Unit (CPU), a Graphical Processing Unit (GPU), an audio Digital Signal Processor (aDSP), a Neural Processing Unit (NPU), a Tensor Processing Unit (TSU), a Neural Network Processor (NNP), an Intelligence Processing Unit (IPU), an Image Signal Processor (ISP), or a Video Processing Unit (VPU), a camera controller, an audio controller, a memory, a Universal Serial Bus (USB) device, a Peripheral Component Interconnect express (PCIe) device, or a Trusted Platform Module (TPM). (Fig. 9, [0054], “Processor 910 can include any type of microprocessor, central processing unit (CPU), graphics processing unit (GPU), XPU, processing core, or other processing hardware to provide processing for system 900, or a combination of processors. An XPU can include one or more of: a CPU, a graphics processing unit (GPU), general purpose GPU (GPGPU), and/or other processing units (e.g., accelerators or programmable or fixed function FPGAs).”)
Regarding claim 4, Kumar teaches wherein at least one of the plurality of devices is coupled to the controller via at least one of: a Systems-on-Chip (SoC) interconnect, a Peripheral Component Interconnect Express (PCIe) bus, or a Universal Serial Bus (USB) port. ([0018], “ Interface 230 can provide communication using one or more of the following protocols: Improved Inter Integrated Circuit (I3C), Universal Serial Bus Type-C (USB-C), serial peripheral interface (SPI), enhanced SPI (eSPI), System Management Bus (SMBus), I2C, MIPI I3C®, Peripheral Component Interconnect Express (PCIe), Compute Express Link (CXL).”)
Regarding claim 5, Kumar teaches wherein the SoC interconnect comprises at least one of: an Advanced Microcontroller Bus Architecture (AMBA) bus, a QuickPath Interconnect (QPI) bus, or a HyperTransport (HT) bus. ([0065], “system 900 can be implemented using interconnected compute sleds of processors, memories, storages, network interfaces, and other components. High speed interconnects can be used based on: Ethernet (IEEE 802.3), remote direct memory access (RDMA), InfiniBand, Internet Wide Area RDMA Protocol (iWARP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), quick UDP Internet Connections (QUIC), RDMA over Converged Ethernet (RoCE), Peripheral Component Interconnect express (PCIe), Intel QuickPath Interconnect (QPI), Intel Ultra Path Interconnect (UPI), Intel On-Chip System Fabric (IOSF), Omni-Path, Compute Express Link (CXL), high-speed fabric, NVLink, Advanced Microcontroller Bus Architecture (AMBA) interconnect, OpenCAPI, Gen-Z, Infinity Fabric (IF), Cache Coherent Interconnect for Accelerators (CCIX), 3GPP Long Term Evolution (LTE) (4G), 3GPP 5G, and variations thereof. Data can be copied or stored to virtualized storage nodes or accessed using a protocol such as NVMe over Fabrics (NVMe-oF) or NVMe (e.g., a non-volatile memory express (NVMe) device can operate in a manner consistent with the Non-Volatile Memory Express (NVMe) Specification, revision 1.3c, published on May 24, 2018 (“NVMe specification”) or derivatives or variations thereof).”)
Regarding claim 6, Kumar teaches wherein the security service is configured to perform a firmware verification of the given node prior to the communication. ([0031], “Boot firmware image server 400 can communicate with servers 410-1 to 410-X in a secure manner (e.g., encrypted communications). In some examples, server 400 can transmit image 402 as a multipart HTTP Push request in accordance with section 7.2 (The Multipart Content-Type), RFC 1341 (1992). For example, boot firmware image server 400 can configure one or more of management controllers 412-0 to 412-X so that loading of boot firmware 402 by a boot controller occurs from a memory of management controller.” And [0043-44], “In operation 1, an administrator or orchestrator can provide microcode capsule along with meta-data to the management controller. The management controller can authenticate the meta-data (e.g., target platform information, family, models, versions, etc.) to verify the microcode capsule is to be written to the target platform. … Management controller can verify the meta-data associated with the SMM code injection capsule … to verify the SMM code injection capsule is to be written to the target platform. If verified, the management controller can copy the SMM code injection capsule to the processor-executed SMM)
As to claim 17, Kumar teaches this claim according to the reasoning provided in claim 1.
As to claim 18, Kumar teaches this claim according to the reasoning provided in claim 6.
As to claim 19, Kumar teaches this claim according to the reasoning provided in claims 1 and 6.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 7-16 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Smith (US 10313134).
Regarding claim 7, Kumar does not teach but Smith teaches wherein the firmware verification is based, at least in part, upon a digital certificate provided by the given node in connection with a discovery operation prior to the communication. (col. 40, lines 52-60, “Public certificates and/or public keys that may be utilized to decrypt a message are most likely never delivered with the message. That is, the receiver in one embodiment must have previously received and authenticated the public certificates and/or public keys from a trusted source. Public keys and certificates may be targeted to specific relationships where practical or considered valuable, such as between a pair defined by the device 110 and the cloud 130 and a pair defined by the device 110 and the SCM 120”, col. 42, “the device 110 may generate one or more self-signed digital certificates to establish the identity of the device 110, as opposed to just generating an asymmetric private/public key pair.” col. 79, lines 38-41, “ the communications channel between the device 110 and the cloud 130 may be secured, such as by using TLS 1.2 or greater with server-side (cloud) authentication based on certificates” and col. 58, lines 22-26, “The Device-SCM-Session-Key key may be a symmetric key used to secure communications between a pairing defined between a particular device 110 and an SCM 120 (or a device/SCM pair) after at least one of the pair has been authenticated” where discovery is interpreted as authenticating at least one of a pair before communicating information)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches using providing digital certificates prior to secure communication in connection with a discovery operation. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to establish secure communication using a certificate in connection with a discovery operation. Furthermore, being able to establish secure communication in connection with a discovery operation improves on Kumar by being able to provide better security for the system to prevent unauthorized accesses. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 8, Kumar does not teach but Smith teaches wherein the security service is configured to perform the firmware verification subject to a policy and in response to contextual information. (col. 71, lines 27-29 and 45-55, “The device 110 and the SCM 120 may perform various system-level operations in the background, communicating with one another via the secure communications channel.” And “Example background operations include microlocation services, GPS/INS services, status information, logging, background/maintenance processing, power mode changes, and configuration updates. … For example, an authorization for a device 110 for a SCM 120 may be required to transition into the trusted communications phase (i.e., authorizations may contain both authentication information and authorization criteria).” Where the policy is interpreted as requiring an authorization for a device and contextual information is information that requires a power mode change, for example)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches performing firmware verification using a policy and contextual information. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to perform firmware verification using a policy and contextual information. Furthermore, being able to perform firmware verification using a policy and contextual information which is able to an authorization to enter a trusted communication phase. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 9, Kumar does not teach but Smith teaches wherein the contextual information comprises an indication of at least one of: a location of the IHS, a network bandwidth, an IHS component’s utilization, or an IHS component’s power state.
(col. 71, lines 27-29 and 45-55, “The device 110 and the SCM 120 may perform various system-level operations in the background, communicating with one another via the secure communications channel.” And “Example background operations include microlocation services, GPS/INS services, status information, logging, background/maintenance processing, power mode changes, and configuration updates. … For example, an authorization for a device 110 for a SCM 120 may be required to transition into the trusted communications phase (i.e., authorizations may contain both authentication information and authorization criteria).” Where the policy is interpreted as requiring an authorization for a device and contextual information is information that requires a power mode change, for example)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches performing firmware verification using a policy and contextual information. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to perform firmware verification using a policy and contextual information. Furthermore, being able to perform firmware verification using a policy and contextual information which is able to an authorization to enter a trusted communication phase. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 10, Kumar teaches wherein the security service is configured to establish secure communications between the given node and at least one of: the orchestrator, or another node. ([0044], “ the SMM code injection capsule (e.g., a driver) along with meta-data can be provided by an administrator or orchestrator to management controller. Management controller can verify the meta-data associated with the SMM code injection capsule (e.g., target platform information, family, models, versions, etc.) to verify the SMM code injection capsule is to be written to the target platform. If verified, the management controller can copy the SMM code injection capsule to the processor-executed SMM through Memory-Mapped BMC Interface (MMBI), input/output (I/O), or memory interface and trigger an SMI.”)
Kumar teaches establishing communication between the security service and the orchestrator or node but does not teach establishing secure communication.
Smith teaches establish secure communications (col. 39 lines 37-52, “ Encryption in one sense may provide only a certain degree of confidentiality. An encrypted message or cipher-text may only be viewed or decrypted by an entity with the proper key. The key may be a shared secret or key, or the key may be part of an asymmetric pair defined by a public key and a private key. To verify the integrity of a message, or that the message has not been altered, a secure (cryptographic) hash may be stored within the encrypted message. To verify the authenticity of a message, originator-identifying information may be stored within the encrypted message. Message integrity and authenticity may be simultaneously verified, by including in (or with) the encrypted message, with symmetric cryptography, a message authentication code (MAC), or with asymmetric cryptography (e.g., public-key cryptography), a digital signature.”)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches using providing public and private keys to encrypt and decrypt messages sent between devices. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to establish secure communication via the use of public and private keys. Furthermore, being able to establish secure communication improves on Kumar by being able to provide better security for the system to prevent unauthorized accesses. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 11, Kumar does not teach but Smith teaches wherein the security service is configured to provide a first public key corresponding to a first private key of the given node to the other node, wherein the given node is configured to encrypt a first outgoing message to the other node using the first private key, and wherein the other node is configured to decrypt a first incoming message from the given node using the first public key. (col. 39 lines 37-52, “ Encryption in one sense may provide only a certain degree of confidentiality. An encrypted message or cipher-text may only be viewed or decrypted by an entity with the proper key. The key may be a shared secret or key, or the key may be part of an asymmetric pair defined by a public key and a private key. To verify the integrity of a message, or that the message has not been altered, a secure (cryptographic) hash may be stored within the encrypted message. To verify the authenticity of a message, originator-identifying information may be stored within the encrypted message. Message integrity and authenticity may be simultaneously verified, by including in (or with) the encrypted message, with symmetric cryptography, a message authentication code (MAC), or with asymmetric cryptography (e.g., public-key cryptography), a digital signature.”)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches using providing public and private keys to encrypt and decrypt messages sent between devices. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to establish secure communication via the use of public and private keys. Furthermore, being able to establish secure communication improves on Kumar by being able to provide better security for the system to prevent unauthorized accesses. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 12, Kumar does not teach but Smith teaches wherein the security service is configured to provide a second public key corresponding to a second private key of the other node to the given node, wherein the other node is configured to encrypt a second outgoing message to the given node using the second private key, and wherein the given node is configured to decrypt a second incoming message from the other node using the second public key. (col. 39 lines 37-52, “ Encryption in one sense may provide only a certain degree of confidentiality. An encrypted message or cipher-text may only be viewed or decrypted by an entity with the proper key. The key may be a shared secret or key, or the key may be part of an asymmetric pair defined by a public key and a private key. To verify the integrity of a message, or that the message has not been altered, a secure (cryptographic) hash may be stored within the encrypted message. To verify the authenticity of a message, originator-identifying information may be stored within the encrypted message. Message integrity and authenticity may be simultaneously verified, by including in (or with) the encrypted message, with symmetric cryptography, a message authentication code (MAC), or with asymmetric cryptography (e.g., public-key cryptography), a digital signature.”)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches using providing public and private keys to encrypt and decrypt messages sent between devices. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to establish secure communication via the use of public and private keys. Furthermore, being able to establish secure communication improves on Kumar by being able to provide better security for the system to prevent unauthorized accesses. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 13, Kumar does not teach but Smith teaches wherein the security service is configured to provide a session key to the given node, and wherein the given node and the other node are configured to verify authenticity of the session key upon decryption of the first or second incoming messages. (col. 58, lines 22-26, “The Device-SCM-Session-Key key may be a symmetric key used to secure communications between a pairing defined between a particular device 110 and an SCM 120 (or a device/SCM pair) after at least one of the pair has been authenticated” and col. 73, lines 23-27, “During the third (trusted) phase, both the device 110 and the SCM 120 may possess session keys (Device-SCM-Session-Key) that have been verified, and both the device 110 and the SCM 120 have been determined to be authentic. Step 1403.”)
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches using providing session keys to the devices. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to use session keys to provide additional security. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Regarding claim 16, Kumar does not teach but Smith teaches wherein to establish the secure communications, the security service is configured to determine whether to refresh, invalidate, or revoke one or more keys based, at least in part, upon a policy and contextual information. (col. , lines “the session key may be cycled by invalidating the stored session key and then disconnecting and re-establishing the session key during the unknown phase. In one embodiment, the device 110 may initiate session key cycling. At the start of Step 1402, the device 110 may send either a request to the SCM 120 to verify that the session key (Device-SCM-Session-Key) is valid (verifying that the channel is operational) or to verify both the validity of the channel and authenticity of the SCM 120. Steps 1416, 1418. Validity and authenticity of the SCM 120 may be verified if an existing session key was used, e.g., the prior phase was not recently executed. Step 1418.”
Kumar and Smith teach a similar concept of security in an electronic system. Smith teaches using providing session keys to the devices. Based on Smith, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Kumar to use session keys to provide additional security. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification “to facilitate one or more of the following: authenticate system components, securely transport messages between system components, establish a secure communications channel over a constrained link, authenticate message content”, col. 9, lines 35-39
Claims 14-15 are also rejected as incorporating the deficiencies of the claims that they are dependent upon.
As to claim 20, Kumar and Smith teaches these claims according to the reasoning provided in claim 10 and 11.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468. The examiner can normally be reached Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached at 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHERI L HARRINGTON/Examiner, Art Unit 2176 March 5, 2026
/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2176