Prosecution Insights
Last updated: July 17, 2026
Application No. 18/783,970

Trusted Port Based Communication Queues for Secure Runtime Device Specific Execution

Non-Final OA §103§112
Filed
Jul 25, 2024
Examiner
MARTINEZ, TOMMY NMN
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
3 (Non-Final)
14%
Grant Probability
At Risk
3-4
OA Rounds
4m
Est. Remaining
-6%
With Interview

Examiner Intelligence

Grants only 14% of cases
14%
Career Allowance Rate
1 granted / 7 resolved
-43.7% vs TC avg
Minimal -20% lift
Without
With
+-20.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
24 currently pending
Career history
39
Total Applications
across all art units

Statute-Specific Performance

§103
97.8%
+57.8% vs TC avg
§102
1.4%
-38.6% vs TC avg
§112
0.7%
-39.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 7 resolved cases

Office Action

§103 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on June 18, 2026 has been entered. Response to Arguments Applicant's arguments filed June 18, 2026 have been fully considered but they are not persuasive. Applicant states that claims 1-20 were previously rejected under 35 U.S.C. 112 as indefinite and non-descriptive, and amends the claims to traverse the rejections. Examiner states that the claims have been amended to remove issues presented under 112, and as a result, Examiner withdraws the rejections for claims 1-20 under 112. Applicant states that claims 1-20 were previously rejected under 35 U.S.C. § 103 as unpatentable over Suryanarayana et al., U.S. Patent Publication No. 20200394303 (Suryanarayana, “Suryana”) and Terpstra et al., U.S. Patent Publication No. 20230229778 (Terpstra). Applicant states that in regard to the limitation of “enumerating a trusted port via a trusted queue management operation”, Applicant states that the trusted queue management operation as disclosed and claimed is patentably distinct from the authenticating and provisioning devices disclosed by Terpstra. Furthermore, the Applicant is stated that nowhere within Terpstra, taken alone or in combination is there any disclosure or suggestion of “enumerating a trusted port via a trusted queue management operation, the trusted queue management operation generating and managing a trusted work queue, the trusted work queue being protected from a malicious attack, the trusted port being implemented to process trusted transaction requests, the trusted transaction requests being secured following verification, the trusted port being recognized and listed by an operating system during runtime, the trusted port being inaccessible by a System Memory Interconnect (SMI) handler at default”, as required by claims 1, 7 and 13. Examiner states that Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. In particular, in page 1 of the remarks, Applicant states that the reference of Terpstra does not suggest the limitations of amended claims 1, 7, and 13, including “enumerating a trusted port […]”, as well as the remaining aspects that are recited in the amended claims, without any further description of how the limitations are not suggested by the references used by the Examiner. Furthermore, Examiner states that Terpstra suggests the limitations of “the trusted port being implemented to process trusted transaction requests, the trusted transaction requests being secured following verification, the trusted port being recognized and listed by an operating system during runtime, the trusted port being inaccessible by a System Memory Interconnect (SMI) handler at default” as described in independent claim 1 and similar claims, as described in the statements of “in paragraphs [0108]-[0112], a package is sent to an edge computing device after being signed using a signed certificate, with the computing device calculating an MD5 hash of the package, and then perform either a signed "confirm" or "deny" response for the package. [0124] MPSZTP enables IO port control, with edge computing devices being set to a default "deny" setting, with the ports enabled only when required, with MPSZTP corresponding to the SMI handler”. Furthermore, Applicant’s arguments with respect to claims 6, 12, and 18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument, as the aforementioned claims are now rejected under Suryana in view of Terpstra, and now further in view of Sheng et al. (US 20240069975 A1), hereinafter Sheng. As a result, Examiner now rejects claims 1-5, 7-11, 13-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Suryana in view of Terpstra. Claims 6, 12, and 18 are now rejected under Suryana in view of Terpstra, and further in view of Sheng. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 7-11, 13-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Suryana in view of Terpstra et al. (US 20230229778 A1), hereinafter Terpstra. Regarding claim 1, Suryana discloses ‘a computer-implementable method for performing a firmware management operation, comprising: providing an information handling system with a distributed BIOS, the distributed BIOS being implemented to function with any of a plurality of processor environments’ ([0028] Fig. 4, blocks 401 and 402. Paragraph [0018] describes the firmware as being configurable, corresponding to a distributed BIOS of the Applicant. [0014] Platform security processor (PSP) 174 (associated with AMD x86 processors) and/or a management engine (ME) 176 (associated with Intel x86 processors) operate independently of core processors at CPU 102, and execute firmware prior to execution of BIOS by a primary CPU core processor, which allows a distributed BIOS to be implemented to function with a plurality of processor environments.); ‘identifying a device event handler associated with a device of the information handling system’ ([0028] Fig. 4, block 403, a non-volatile storage media is identified, and the storage media is associated with a device of the information handling system ("IHS") 100. Furthermore, an ACPI runtime service accesses NVMe firmware interface table (FIT) 320, which spawns runtime system firmware handler 321, as shown in Fig. 3.); ‘the trusted queue management operation generating and managing a trusted work queue, the trusted work queue being protected from a malicious attack’ ([0027] Successfully authenticated firmware images, such as images 332 and 333, are each stored at System Firmware at NVMe Namespace 330, as shown in Fig. 3, wherein it is described as a protected System Firmware. Runtime services, including runtime authentication of firmware images, utilizes protected memory space at memory 104 associated with the IHS 100, corresponds to a trusted work queue protected from malicious attacks, as [0027] further states that normal runtime programs cannot access protected memory space at memory 104, where a traditional UEFI capsule update method has been vulnerable to various malicious attacks as described in paragraph [0021].); ‘and, authorizing device specific communication, the device specific communication using a device-specific buffer handling operation’ ([0028] When firmware image is authenticated, the identified NVMe stores the firmware image, which the NVMe is identified by firmware interface table (FIT) 320, accessed by an Advanced Configuration and Power Interface (ACPI) runtime service, which also has handler events 301 triggered by executing a firmware update package, stated by [0026]. [0027] Successfully authenticated firmware images, such as images 332 and 333, are each stored at System Firmware at NVMe Namespace 330, as shown in Fig. 3.). Suryana does not appear to teach, but Terpstra teaches ‘enumerating a trusted port via a trusted queue management operation, the trusted port being implemented to process trusted transaction requests, the trusted transaction requests being secured following verification, the trusted port being recognized and listed by an operating system during runtime, the trusted port being inaccessible by a System Memory Interconnect (SMI) handler at default’ ([0147] Fig. 19, devices are registered to SDO service, find owner location, and devices are authenticated, shown in steps 3-5. Each device authenticated and provisioned corresponds to enumerating a trusted port via a trusted queue management operation. [0122] Fig. 11, onboarding server 1116 maintains queue for communications sequence of responses and replies until a final required action has been completed between control plane 1101 and edge device(s) 1103. In paragraphs [0108]-[0112], a package is sent to an edge computing device after being signed using a signed certificate, with the computing device calculating an MD5 hash of the package, and then perform either a signed "confirm" or "deny" response for the package. [0124] MPSZTP enables IO port control, with edge computing devices being set to a default "deny" setting, with the ports enabled only when required, with MPSZTP corresponding to the SMI handler.); and ‘authorizing device specific communication via the trusted port, the device specific communication’ ([0052] Fig. 2, step 202, system update handler handles provisioning of a secured runtime OS on the at least one processing device. In paragraph [0054], an authenticated device can receive one or more payloads that are deployed and/or processed, and there can be a delay of time between receipt of a given payload and deployment of another payload, which acts as a buffer handling operation.); Therefore, one of ordinary skill in the art would have been capable of applying this known method of ‘enumerating a trusted port via trusted queue management operation’ and ‘authorizing device specific communication via the trusted port’ in an information handling system for firmware management operation and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to ensure that devices are trusted in a zero-trust environment to provision devices in the multi-phase secure zero touch provisioning (MPSZTP) to be securely onboarded for provisioning of edge devices (Terpstra, [0058]). Regarding claim 2, Suryana in view of Terpstra teach the method of claim 1 as recited above. Suryana further discloses ‘wherein: the information handling system includes an embedded controller, the embedded controller being implemented to enable a BIOS root of trust, the BIOS root of trust acting as a primary security manager to ensure secure memory interconnect calls are routed exclusively through trusted ports’ ([0014] EC 190 provides aspects of a hardware root of trust, which ensures that firmware and other software necessary for operation of an IHS is operating as intended. The EC can also be a baseboard management controller that provides out-of-band access to devices at the IHS, which refers to operations performed without support of CPU 102, where the devices at the IHS correspond to trusted ports routed through SMI calls.). Regarding claim 3, Suryana in view of Terpstra teach the method of claim 1 as recited above. Suryana does not appear to teach, but Terpstra teaches ‘wherein: the trusted port is generated via a secure enclave protocol’ ([0058] Multi-phase secure zero touch provisioning ("MPSZTP") enables computing devices to be securely on-boarded and provisioned in a zero-trust environment. Performs this by establishing and maintaining a known trusted state for each edge computing device.); ‘and, the secure enclave protocol uses the BIOS root of trust when generating the trusted port’ ([0038] Such provisioning includes digitally signing the image of secured runtime OS utilizing hardware-based root of trust of the edge device.). Therefore, one of ordinary skill in the art would have been capable of applying this known method of generating a trusted port via a secure enclave protocol, which uses the BIOS root of trust to manage firmware in an information handling system and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to utilize multi-phase secure zero touch provisioning (MPSZTP) and recovery, with MPSZTP processes used for onboarding of edge computing devices located at various sites, with onboarding enabled via installation of a firmware-based tool to provision edge devices with firmware (Terpstra, [0058]). Regarding claim 4, Suryana in view of Terpstra teach the method of claim 1 as recited above. Suryana in view of Terpstra teach the method of claim 3 recited above, and Suryana further discloses ‘wherein: a device specific buffer handling protocol is used to generate a dedicated protected queue, the dedicated protected queue being associated with the device event handler of the device of the information handling system’ ([0028] Non-volatile device provides temporary storage of the new image(s) to be used in a subsequent boot sequence to update corresponding device images. [0027] Successfully authenticated firmware images, such as images 332 and 333, are each stored at System Firmware at NVMe Namespace 330, as shown in Fig. 3, wherein it is described as a protected System Firmware. Runtime services, including runtime authentication of firmware images, utilizes protected memory space at memory 104 associated with the IHS 100, corresponds to a dedicated protected queue of the Applicant.). Regarding claim 5, Suryana in view of Terpstra teach the method of claim 1 as recited above. Suryana does not appear to teach, but Terpstra teaches ‘wherein: runtime device-specific communications use a secure, zero trust runtime secure enclave’ ([0031] MPSZTP logic facilitates provisioning though secure communication with control plane 120 as the management computing site 102. [0058] MPSZTP process described can provision devices in a zero-trust environment, MPSZTP corresponding to a secure, zero trust runtime secure enclave.). Therefore, one of ordinary skill in the art would have been capable of applying this known method of establishing runtime device-specific communications that use a secure, zero trust runtime secure enclave to assist in managing firmware in an information handling system and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to ensure that network transport operations take place over a secured connection, such as a Virtual Private Network (VPN), Internet Protocol Security (IPsec), but the preferred approach for a zero trust environment utilizes encrypted Virtual Local Area Network (VLAN), with network connections also uses session-level encryption, including but not limited to Secure Shell (SSH), Transport Layer Security (TLS), and other types of encryption connections (Terpstra [0106]). Regarding claim 7, Suryana in view of Terpstra teach similar limitations also present in independent claim 1, and Suryana also discloses ‘system comprising: a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for’ ([0015] Fig. 1, CPU 102 can be coupled to NVMe 190 that is interfaced via ATA bus 122. ATA corresponds to a data bus as it couples the two components together. [0036] Computer-readable medium includes any medium capable of storing a set of instructions executable by a processor to perform any one or more methods or operations disclosed in Suryana.). Regarding claim 8, Suryana in view of Terpstra teach the system of claim 7 as recited above. Suryana also discloses similar limitations present in dependent claim 2 above. Regarding claim 9, Suryana in view of Terpstra teach the system of claim 7 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 3 recited above. Regarding claim 10, Suryana in view of Terpstra teach the system of claim 7 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 4 recited above. Regarding claim 11, Suryana in view of Terpstra teach the system of claim 7 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 5 recited above. Regarding claim 13, Suryana in view of Terpstra teach similar limitations also present in independent claim 1, and Suryana also discloses ‘a non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for’ ([0036] Computer-readable medium includes any medium capable of storing a set of instructions executable by a processor to perform any one or more methods or operations disclosed in Suryana.). Regarding claim 14, Suryana in view of Terpstra teach the non-transitory, computer-readable storage medium of claim 7 as recited above. Suryana also discloses similar limitations present in dependent claim 2 above. Regarding claim 15, Suryana in view of Terpstra teach the non-transitory, computer-readable storage medium of claim 13 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 3 recited above. Regarding claim 16, Suryana in view of Terpstra teach the non-transitory, computer-readable storage medium of claim 13 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 4 recited above. Regarding claim 17, Suryana in view of Terpstra teach the non-transitory, computer-readable storage medium of claim 13 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 5 recited above. Regarding claim 19, Suryana in view of Terpstra teach the computer-readable storage medium of claim 13 as recited above. Suryana does not fully disclose, but Terpstra teaches ‘wherein: the computer executable instructions are deployable to a client system from a server system at a remote location’ ([0127] MPSZTP processing provides ability to deploy, attest, and provision computing devices remotely.). Therefore, one of ordinary skill in the art would have been capable of applying this known method of using computer executable instructions that are deployable to a client system from a server system at a remote location to assist in managing firmware and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to provide processing of MPSZTP logic to lower customer costs though elimination of System Integration overheads, with no IT staff needing to be present while the process is running, as well as self-healing of deployed devices being available (Terpstra [0127]). Regarding claim 20, Suryana in view of Terpstra teach the computer-readable storage medium of claim 13 as recited above. Suryana does not fully disclose, but Terpstra teaches ‘wherein: the computer executable instructions are provided by a service provider to a user on an on-demand basis’ ([0121] Fig. 11, Upon request from edge device(s) 1103, Onboarding server 1116 and provisioning system 1112 provide a REST API-based service to the edge device(s).). Therefore, one of ordinary skill in the art would have been capable of applying this known method of using computer executable instructions are provided by a service provider to a user on an on-demand basis to assist in managing firmware and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to utilize firmware agents in edge devices to provide functionality for processing requests from a control plane, located remotely in a server, to call home to deliver current status updates, and receive further update bundles of software and/or instructions (Terpstra [0116]), and having a server implementing a REST API-based service to receive and process incoming requests from edge devices (Terpstra [0118]). Claims 6, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Suryana in view of Terpstra as applied to claims 5, 11, and 17 above, and further in view of Sheng et al. (US 20240069975 A1), hereinafter Sheng. Regarding claim 6, Suryana in view of Terpstra teach the method of claim 1 as recited above. Suryana in view of Terpstra teach the method of claim 5 recited above, and Suryana further discloses ‘wherein: the runtime enclave protects a low memory region of memory of the information handling system’ ([0027] Runtime services utilize protected memory space at memory 104 in IHS 100, protected memory space is not accessible by normal runtime programs.). Suryana does not fully disclose, but Terpstra teaches a ‘the secure, zero trust runtime secure enclave’ ([0123] MPSZTP processing conforms to Zero Trust Architecture as defined by NIST SP-800-207. [0041] Memory implements at least a portion of the functionality of MPSZTP logic 122 and 142 in Control Plane 120 and Edge Device(s) 140, respectively.). Therefore, one of ordinary skill in the art would have been capable of applying this known method of establishing secure, zero trust runtime secure enclave to assist in managing firmware with regards to a runtime enclave protecting a low memory region of memory portion of memory in an information handling system and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to maintain a hardware-based root of trust, such as through firmware-based onboarding and deployment, having the ability to sign trusted OS images with a hardware secure key for pre-boot time OS attestation and validation (Terpstra [0125]), and implements a portion of memory to functionality of MPSZTP logic (Terpstra [0041]). Suryana in view of Terpstra does not appear to suggest, but Sheng teaches the limitation of “the low memory region of memory being located within a region of memory from 1 megabyte (MB) to 1 gigabyte (GB) of the memory of the information handling system” ([0044] Memory configuration instance #6 is stated to be a low memory configuration that consists of 512 MB, which is utilized for a microservice.); Therefore, one of ordinary skill in the art would have been capable of applying this known method of "the low memory region of memory being located within a region of memory from 1 megabyte (MB) to 1 gigabyte (GB) of the memory of the information handling system" in an information handling system and the results would have been predictable to one of ordinary skill in the art. The one of ordinary skill in the art would have been motivated to allow instance resources to operate within different constraints to conserve resources for the main system, which is useful for microservices that do not require much memory to operate in the low memory environment, such as half a gigabyte of RAM (Sheng [0044]). Regarding claim 12, Suryana in view of Terpstra teach the system of claim 7 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 6 recited above. Regarding claim 18, Suryana in view of Terpstra teach the non-transitory, computer-readable storage medium of claim 13 as recited above. Suryana in view of Terpstra teach the limitations also present in dependent claim 6 recited above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Radhakrishnan et al. (US 20180293187 A1, "SYSTEMS AND DEVICES HAVING A SCALABLE BASIC INPUT/OUTPUT SYSTEM (BIOS) FOOTPRINT AND ASSOCIATED METHODS") Jeong et al. (US 20200249969 A1, "ELECTRONIC DEVICE HAVING MULTI-OPERATING SYSTEM AND METHOD FOR MANAGING DYNAMIC MEMORY FOR SAME") Swanson et al. (US 20120036308 A1, "SUPPORTING A SECURE READABLE MEMORY REGION FOR PRE-BOOT AND SECURE MODE OPERATIONS") Samuel et al. (US 20180004502 A1, "BASIC INPUT/OUTPUT SYSTEM (BIOS) UPDATE CONTROL") Khalid et al. (NPL, "Enhancing Data Protection in Dynamic Consent Management Systems: Formalizing Privacy and Security Definitions with Differential Privacy, Decentralization, and Zero-Knowledge Proofs", 2023) Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOMMY MARTINEZ whose telephone number is (703)756-5651. The examiner can normally be reached Monday thru Friday 8AM-4PM ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571) 272-7624 on Monday thru Friday 7AM-7PM ET. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /T.M./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Jul 25, 2024
Application Filed
Nov 20, 2025
Non-Final Rejection mailed — §103, §112
Feb 20, 2026
Response Filed
Mar 18, 2026
Final Rejection mailed — §103, §112
May 18, 2026
Response after Non-Final Action
Jun 18, 2026
Request for Continued Examination
Jun 23, 2026
Response after Non-Final Action
Jul 10, 2026
Non-Final Rejection mailed — §103, §112 (current)

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
14%
Grant Probability
-6%
With Interview (-20.0%)
2y 4m (~4m remaining)
Median Time to Grant
High
PTA Risk
Based on 7 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month