DETAILED ACTION
1.
This is in reply to an application filed on 10/31/2024. Claims 21-40 are pending examination.
2.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
3.
Claim Objection
Claims 22, 33, 37 and 39 are objected to, because these claims have typographical errors. The examiner suggests the following correction:
Claim 22:
Replacement of “a fire wall between the management plane and the security” with “a fire wall between the management plane and the security plane”.
Claim 33:
Replacement of “a response to the request to the proxy” with “a response to the request to the host proxy”.
Claim 37:
Replacement of “responsive to the communications” with “responsive to the communication”.
Claim 39:
Replacement of “main hardware security processor” with “main hardware processor”.
4.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 25-26 and 32-36 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
For claims 25-26:
The claims recite “by the secure enclave”. However, there is insufficient antecedent basis for this limitation in the claims. The examiner suggests the Replacement of “by the secure enclave” with “by a secure enclave”.
For claim 32 and 34:
It is unclear whether the phrase “the host” refers to “with a management entity to manage a host of a computer platform”, “managing a secret for a host of the computer platform” or “receiving, by a host proxy of the management plane” as recited in claim 32. Applicant should address these issues. Examiner interpreted the claims to the best of his knowledge.
5.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21, 23-24, and 28-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2, 4, 9, and 10-17 of U.S. Patent No. 12,105,859 in view of Loureiro and Ahad as mentioned below, wherein the claims of the patent No. 12,105,859 do not recite: a firm ware to manage an entity, however Jacquin substantially teaches a firmware running on the computing platform may use commands to retrieve and store data that is secured by the trusted platform module, wherein the data such as a cryptographic key, or password [0018], [0025], [0040] and fig. 4.
6.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 21, 27-31, 37 and 39-40 are rejected under 35 U.S.C. 103 as being unpatentable over Jacquin et al,. US 2020/0097657 (hereinafter Jacquin), in view of the background of the instant application (hereinafter Admitted prior art (APA)).
Regarding claim 21 Jacquin teaches an apparatus comprising:
a host [0013] and fig. 1; and a baseboard management controller comprising a semiconductor package, wherein the semiconductor package comprises: a management plane comprising a first hardware processor, wherein the first hardware processor to execute a firmware management stack (Jacquin teaches a computing platform for security processing, wherein the computing platform includes a plurality of components such as a processor, a security co-processor and a memory [0013-0014] and fig. 1-2, wherein in response to receiving a command, a firmware running on the computing platform may use commands to manage data such as retrieving and storing data that is secured by the trusted platform module, wherein the data such as a cryptographic key, or a password [0018], [0025], [0040] and fig. 4); and
a security plane isolated from the management plane, wherein the security plane comprises a second hardware processor and a memory, and wherein the second hardware processor to manage a storage of a secret of the host in the memory (Jacquin teaches a security co-processor to store an encryption key in a secure memory in a secure manner, so unauthorized user cannot access the key [0012], [0017] and fig. 2). Note according to the specification of the instant application, entities can be considered isolated from each other, even if they are mounted on one motherboard or attached to one entity (see [0031] and fig. 1). Thus, Jacquin teaches that the components mounted on the computing platform are isolated. Jacquin does not teach responsive to communications with a remote management, manage the host. APA substantially teaches a computer platform (e.g., a server) may include a specialized service processor, called a "baseboard management controller," or "BMC," which monitors the physical state of the computer platform. The BMC may communicate with a remote management server through a management network for purposes of reporting information about the computer platform to the remote management server and allowing the remote management server to control actions that are performed by the BMC [0001].
It would have been obvious to one of ordinary skill in the art before the effective
filing date of the claimed invention to modify Jacquin such that the invention further
includes responsive to communications with a remote management, manage the host.
One would have been motivated to do so to report information about a computer
platform to the remote management server and allowing the remote management
server to control actions that are performed by the BMC (APA: [0001]).
Regarding claim 27 Jacquin as modified teaches the apparatus of claim 21, wherein the first hardware processor comprises a plurality of processing cores (Jacquin:[0013]).
Regarding claim 28 Jacquin as modified teaches the apparatus of claim 21, wherein: the memory comprises terminals to communicate data, address and control signals with the memory; and none of the terminals are exposed outside of the semiconductor package (Jacquin teaches a security co-processor such as trusted platform module may comprise a memory, wherein the memory may be used to store and retrieve secret data [0013-0014], [0025], [0054], and fig. 2-3).
Regarding claim 29 Jacquin as modified teaches the apparatus of claim 21, wherein the secret comprises a cryptographic key, a certificate or a password (Jacquin: [0017]).
Regarding claim 30 Jacquin as modified teaches the apparatus of claim 21, wherein: the security plane further comprises a secure enclave having an associated cryptographic boundary; the second hardware processor and the memory are inside the cryptographic boundary; and the first hardware processor is outside of the cryptographic boundary (Jacquin: fig. 1-2).
Regarding claim 31 Jacquin as modified teaches the apparatus of claim 21, wherein the first hardware processor to further perform at least one of controlling a system power state of the host, controlling a boot path of the host, performing thermal management of the host, managing a use of a virtual media by the host, controlling a boot of the host, performing security checks for the host, performing fault checks for the host, validating firmware executed by the first hardware processor, validating firmware executed by the second processor, performing fault recovery of the host, or providing a remote console for a remote management server (Jacquin teaches verifying that a requester is authorized by the authorization policy to access a secured data [0035], and further APA teaches the BMC may monitor sensors (e.g., temperature
sensors, cooling fan speed sensors); monitor an operating system status; monitor
power statuses; log computer system events; perform remotely-controlled computer
platform functions (e.g., powering up and powering down the computer platform);
and so forth [0001]).
Regarding claim 37 Jacquin as modified teaches a management controller comprising:
a semiconductor package comprising a main hardware processor and a secure enclave, wherein the secure enclave comprises a secure memory and a hardware security processor (Jacquin teaches a computing platform for security processing, wherein the computing platform includes a processor, a security co-processor and a memory [0013-0014] and fig. 1-2);
a communication interface; wherein the main hardware processor to manage a host of a computer platform; and wherein the hardware security processor to provide an application programming interface (API) to manage a secret stored in the secure memory (Jacquin teaches software may include the various computer programs running on the computing platform, from the computer applications used to run communication networks in large datacenters down to the apps on a smartphone and desktop applications on a personal computer [0016]. A security co-processor to store an encryption key in a secure memory in a secure manner, so unauthorized user cannot access the key [0012], [0017]). Jacquin does not teach communicating with a remote management server and responsive to the communications, manage an entity. APA substantially teaches a computer platform (e.g., a server) may include a specialized service processor, called a "baseboard management controller," or "BMC," which monitors the physical state of the computer platform. The BMC may communicate with a remote management server through a management network for purposes of reporting information about the computer platform to the remote management server and allowing the remote management server to control actions that are performed by the BMC [0001].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jacquin such that the invention further includes communicating with a remote management server and responsive to the communications, manage an entity. One would have been motivated to do so to report information about a computer platform to the remote management server and allowing the remote management server to control actions that are performed by the BMC (APA: [0001]).
Regarding claim 39 Jacquin as modified teaches the management controller of claim 37, wherein the semiconductor package further comprises: a first die comprising the secure memory (Jacquin: fig. 1-2);a second die comprising the hardware security processor and the main hardware security processor (Jacquin: fig. 1); and an interconnect to couple the first die and the second die (Jacquin teaches a security co-processor to store an encryption key in a secure memory in a secure manner, so unauthorized user cannot access the key [0012], [0017], fig. 2-3).
Regarding claim 40 Jacquin as modified teaches the management controller of claim 37, wherein: the secure enclave has an associated cryptographic boundary; the hardware security processor and the secure memory are inside the cryptographic boundary; and the main hardware processor is outside of the cryptographic boundary (Jacquin: fig. 1-2).
7.
Claims 23-26, 32-36 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Jacquin and APA as mentioned above, and further in view of Goel et al. US 2022/0179674 (hereinafter Goel).
Regarding claim 23 Jacquin as modified teaches the apparatus of claim 21, wherein the first hardware processor to further a requestor of the host, communicate with the security plane to manage the storage of the secret in the memory (Jacquin teaches a computing platform for security processing, wherein the computing platform includes a processor, a security co-processor and a memory [0013-0014] and fig. 1-2. Verifying that a requester is authorized by the authorization policy to access a secured data [0035]). The combination of Jacquin and APA does not teach a proxy entity to receive data from an entity and forward the data to another entity. Goel substantially teaches a key management agent (i.e. proxy) may provide encryption keys to be stored in a key vault provided by the BMC and forward the retrieved encryption keys from the key vault to requesting VM [0046-0047], and fig. 4 and 7A-7C).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jacquin and APA such that the invention further includes a proxy entity to receive data from an entity and forward the data to another entity. One would have been motivated to do so to monitor traffic flows between internal and external entities.
Regarding claim 24 Jacquin as modified teaches the apparatus of claim 23, wherein: the management plane proxy to receive, from the requestor, a request to manage the storage of the secret in the memory; the management plane proxy to forward the request to the security plane; the security plane to provide, to the management plane proxy, a response to the request; and the management plane proxy to forward the response to the requestor (Jacquin teaches a computing platform for security processing, wherein the computing platform includes a processor, a security co-processor and a memory [0013-0014] and fig. 1-2), and further Goel teaches a key management agent may provide encryption keys to be stored in a key vault provided by the BMC and forward the retrieved encryption keys from the key vault to requesting VM [0046-0047], and fig. 4 and 7A-7C).
Regarding claim 25 Jacquin as modified teaches the apparatus of claim 24, wherein: the security plane further comprises a bridge; and the bridge to: verify a credential of the requestor; and regulate processing of the request, by the secure enclave, based on a result of the verification (Jacquin teaches verifying that a requester is authorized by the authorization policy to access a secured data, wherein an a policy engine may verify the signature using a public key in the authorization policy, and wherein if the verification is successful, the requester may be authorized to access the secured data [0035]).
Regarding claim 26 Jacquin as modified teaches the apparatus of claim 24, wherein: the request is associated with an action to be taken in association with the secret; and the second hardware processor to further: determine whether the requestor has an access privilege to allow the action; and regulate processing of the request, by the secure enclave, based on a result of the determination (Jacquin teaches verifying that a requester is authorized by the authorization policy to access a secured data [0035]).
In response to Claim 32: Rejected for the same reason as claim 26
In response to Claim 33: Rejected for the same reason as claim 24
In response to Claim 34: Rejected for the same reason as claim 31
Regarding claim 35 Jacquin as modified teaches the method of claim 32, wherein:
managing the secret further comprises executing, by a security hardware processor of the security plane, instructions associated with an application programming interface (API) (Jacquin: [0016]); and
executing the instructions comprises the security hardware processor performing at least one of storing a cryptographic key in the secure memory, storing a key encrypting key in the secure memory, storing a cryptographic key created by the security plane in the secure memory, storing a certificate in the secure memory, storing a certificate in the secure memory, deleting a certificate from the secure memory or updating a certificate stored in the secure memory (Jacquin teaches a security co-processor to store an encryption key in a secure manner, so unauthorized user cannot access the key [0012], [0017-0018]).
Regarding claim 36 Jacquin as modified teaches the method of claim 32, wherein: the security plane further comprises a security hardware processor; and managing the secret further comprises managing storage of the secret inside a cryptographic boundary containing the security hardware processor and the secure memory (Jacquin: fig. 1-2).
Regarding claim 38 Jacquin as modified teaches the management controller of claim 37, wherein: the secret comprises a first secret of the host; the main hardware processor to serve as a proxy for the hardware security processor for a first request from the host directed to managing the first secret; and the main hardware processor to submit a second request to the hardware security processor directed to managing a second secret associated with the management controller (Jacquin teaches a computing platform for security processing, wherein the computing platform includes a processor, a security co-processor and a memory [0013-0014] and fig. 1-2, and further Goel teaches a key management may provide encryption keys to be stored in a key vault provided by the BMC and forward the retrieved encryption keys from the key vault to [0046-0047], and fig. 4 and 7A-7C).
8.
Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Jacquin and APA as mentioned above, and further in view of Nishikata et al. US 2019/0281012 (hereinafter Nishikata).
Regarding claim 22 Jacquin as modified teaches the apparatus of claim 21, further comprising: a fire wall between the management plane and the security, wherein the second hardware processor to further provide an application programming interface (API) (Jacquin teaches software may include the various computer programs running on the computing platform, from the computer applications used to run communication networks in large datacenters down to the apps on a smartphone and desktop applications on a personal computer [0016]). The combination of Jacquin and APA does not a firewall to control communication between two entities. Nishikata substantially teaches a firewall of BMC [0144].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jacquin and APA such that the invention further includes a firewall to control communication between two entities. One would have been motivated to do so to limit and restrict communication between entities based on specific conditions.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541. The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AYOUB ALATA/Primary Examiner, Art Unit 2494