Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 



DETAILED ACTION
This action is in response to the communication filed on 10/28/2019.
Claims 28-48 are under examination.
The Information Disclosure Statements filed on 01/05/2021 has been entered and considered.



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 46-48 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 46 recites “a computer-readable storage medium.”  The broadest reasonable interpretation of “a computer-readable storage medium” covers forms of both non-transitory tangible media and transitory propagating signals per se.  See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007); Subject Matter Eligibility of Computer Readable Media, Jan. 26, 2010; p. 1. The specification fails to limit expressly the term “computer-readable per se, claim 46 is rejected under 35 U.S.C. § 101 as being directed towards non-statutory subject matter.
Claims 47-48 depend on claim 46, and are therefore rejected for the same reasons as claim 46, and incorporated herein.  
The Examiner suggests inserting "non-transitory" before the phrase “computer-readable storage medium.”


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 47 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.


Claim 47 recites the limitation "the domain credential".  There is insufficient antecedent basis for this limitation in the claim.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.

Claims 28, 37 and 46-47 are rejected under pre-AIA  35 U.S.C. 102b as being clearly anticipated by Iwamoto et al. (US 20030167336 A1).
Regarding claim 28, Iwamoto et al. discloses A computer-implemented method comprising: identifying, by a computer, a resource of the computer to be accessed; and obtaining, by the computer, access to the resource based on a policy that is stored on a server that is remote from the computer [par. 0031, “an access controller configured to control user access to services/features available on the device 6 and an authenticator configured to authenticate a user and for storing user and device configuration information on a directory service… directory service contains such information as user account information and access policy information… a domain controller”, par. 0040-42, the authenticator 48 has authenticated the user based on information stored in the directory service 47, access controller 49 determines whether the user is authorized to access the device services/features available on the device 6 based on the access policy information stored in directory service 47].
Regarding claim 37, it recites limitations similar to claim 28. The reason for the rejection of claim 28 is incorporated herein.
Regarding claim 46, it recites limitations similar to claim 28. The reason for the rejection of claim 28 is incorporated herein.
Regarding claim 47, the rejection of claim 46 is incorporated.
Iwamoto et al. further discloses the domain credential comprises at least one of a credential for a user of the computer and a credential for a secure partition of the computer [par. 0010, authentication of the user].



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 29-30, 32-33, 36, 38-39, 41-42, 45 and 48 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Iwamoto et al. (US 20030167336 A1) as applied to claim 28, 37 and 46-47 above, and further in view of Hunt et al. (US 2005/0246771 A1).
Regarding claim 29, the rejection of claim 28 is incorporated.
Iwamoto et al. discloses the server is a domain controller; authenticating the domain credential with the domain controller [par. 0011, “The user supplies authentication information to a device… The server authenticates a user and performs a first-level check to determine the level of access of a user based on access policy information for the user”, par. 0031, “the storage of authentication and access control information is discussed with reference to a directory service, any means of storing this information can be used with the present invention, including but not limited to a domain controller”];
Iwamoto et al. do not explicitly disclose obtaining a domain credential for the computer prior to loading an operating system for the computer; and using the domain credential to unlock the resource of the computer prior to loading the operating system for the computer.
However Hunt et al. teaches obtaining a domain credential for the computer prior to loading an operating system for the computer [par. 0180, “The deployment operating system authentication segment 1008 authenticates the computing device within the production network at the deployment operating system level”, par. 0182, “The PXE authentication segment 1012 authenticates the computing device within the production network at the PXE level. The resource for which access is being requested in PXE authentication segment 1012 is a PXE boot loader and operating system. The PXE authentication segment 1012 includes operation 1040 in which the computing device broadcasts the preboot execution boot request. In operation 1042, the boot server validates the PXE boot request. The PXE authentication segment 1012 continues to operation 1044 in which the boot server returns the PXE boot response to the computing device. In operation 1046, the computing device downloads the PXE boot loader and a staging operating system from the boot server”, par. 0042, “The authentication server 108 authenticates the computing devices 105 using the security domain controller 115”]; and using the domain credential to unlock the resource of the computer prior to loading the operating system for the computer [par. 0180, “The authentication server validates the computing device identity using public and private key challenge-response with the SIPA as shown in FIG. 7 over the communication channel through the switch to the network boot firmware on the computing device. In operation 1025, the authentication server instructs the switch to enable port access of the computing device to the restricted production VLAN”, par. 0182, “The PXE authentication segment 1012 authenticates the computing device within the production network at the PXE level. The resource for which access is being requested in PXE authentication segment 1012 is a PXE boot loader and operating system... In operation 1046, the computing device downloads the PXE boot loader and a staging operating system from the boot server”].
At the time of the invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Hunt et al. into the teaching of Iwamoto et al. with the motivation of providing a secure bootstrap program to provide or update an operating system, and/or securely joining a security domain as taught by Hunt et al. [Hunt et al.: par. 0022].
Regarding claim 30, the rejection of claim 29 is incorporated.
[par. 0010, authentication of the user].
Regarding claim 32, the rejection of claim 29 is incorporated.
Iwamoto et al. further discloses identifying the resource of the computer comprises reviewing an access policy for the computer maintained by the domain controller [par. 0035, “Directory service 47 contains user access policy information and other information such as user authorization information. Access policy information refers to access control information (e.g., rules) that has been defined at an enterprise level concerning user access to services/features available on the networked peripheral device”].
Regarding claim 33, the rejection of claim 29 is incorporated.
Iwamoto et al. further discloses establishing a secure communication session between the server and the resource to unlock the resource of the computer [par. 0052, “The communication between the device 6 and the server 8 is preferably conducted via a secure communication channel that uses a secure transport protocol such as secure socket layer (SSL), transport layer security (TLS) to minimize chances of unauthorized access to the device by hackers”].
Regarding claim 36, the rejection of claim 29 is incorporated.
Hunt et al. further teaches the resource comprises at least one of an ATA device and a chipset-controlled resource [par. 0061, “The SIPA 106 may be implemented on the motherboard of the computing device 105 in the form of, for example, a dedicated chip or a baseboard management controller”, par. 0133, the computing device stores its operating system in a chip attached to the motherboard or the motherboard itself].
At the time of the invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Hunt et al. into the teaching of Iwamoto et al. with the motivation of providing a secure bootstrap program to provide or update an operating system, and/or securely joining a security domain as taught by Hunt et al. [Hunt et al.: par. 0022].
Regarding claim 38, it recites limitations similar to claim 29. The reason for the rejection of claim 29 is incorporated herein.
Regarding claim 39, it recites limitations similar to claim 30. The reason for the rejection of claim 30 is incorporated herein.
Regarding claim 41, it recites limitations similar to claim 32. The reason for the rejection of claim 32 is incorporated herein.
Regarding claim 42, it recites limitations similar to claim 33. The reason for the rejection of claim 33 is incorporated herein.
Regarding claim 45, it recites limitations similar to claim 36. The reason for the rejection of claim 36 is incorporated herein.
Regarding claim 48, it recites limitations similar to claim 29. The reason for the rejection of claim 29 is incorporated herein.

Claims 31 and 40 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Iwamoto et al. (US 20030167336 A1) and Hunt et al. (US 2005/0246771 A1) as applied to claims 29-30, 32-33, 36, 38-39, 41-42, 45 and 48 above, and further in view of Schnell (US 2009/0327702 A1).
Regarding claim 31, the rejection of claim 29 is incorporated.
Iwamoto et al. and Hunt et al. disclose authenticating the domain credential with the domain controller.
They do not explicitly disclose using the domain credential to obtain a key to decrypt data stored on the resource; and using the key to decrypt the data stored on the resource.  
However, Schnell teaches using the domain credential to obtain a key to decrypt data stored on the resource; and using the key to decrypt the data stored on the resource [par. 0041, The escrow service domain controller 146 can authenticate the new media device based on DRM properties received as part of the domain certificate from the new device, par. 0051, “the key escrow service 144 receives the DRM license, device certificate, and/or domain certificate from an additional media device that requests the content key to decrypt the protected media content 120 that has been acquired from the first media device”, par. 0053].
At the time of the invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Schnell into the teaching of Iwamoto et al. and Hunt et al. with the motivation for security and to protect it from unauthorized sharing, copying, and/or distribution of the media content as taught by Schnell [Schnell: abs, par. 0003].
Regarding claim 40, it recites limitations similar to claim 31. The reason for the rejection of claim 31 is incorporated herein.

Claims 34 and 43 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Iwamoto et al. (US 20030167336 A1) and Hunt et al. (US 2005/0246771 A1) as applied to claims 29-30, 32-33, 36, 38-39, 41-42, 45 and 48 above, and further in view of Zimmer et al. (US 2006/0230280 A1).
Regarding claim 34, the rejection of claim 29 is incorporated.
Iwamoto et al. and Hunt et al. disclose using the domain credential to unlock the resource.
They do not explicitly disclose providing power to the resource to unlock the resource.  
However, Zimmer et al. teaches providing power to the resource to unlock the resource [par. 0016, “computing device 100 is adapted such that, it may be powered on remotely (e.g. "powering on" computing device 100, through a network interface having a power saving, never off, "sleep" mode of operation). At power-on, a power-on or start-up signal is provided to management controller 116 as well as to processor 102. As will be described in more detail below, management controller 116 is adapted to perform a number of user authentication operations, and provides processor 102 with a "user authenticated" signal, on successful authentication of the user causing the start-up. Processor 102 is adapted to wait for the "user authenticated" signal before performing the conventional start up of operating system 122”].
At the time of the invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Zimmer et al. into the teaching of Iwamoto et al. and Hunt et al. with the motivation to facilitate remote configuration and/or management of a system, independent of its operating system such as “powering on” remotely as taught by Zimmer et al. [Zimmer et al.: abs, par. 0016].
Regarding claim 43, it recites limitations similar to claim 34. The reason for the rejection of claim 34 is incorporated herein.

Claims 35 and 44 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Iwamoto et al. (US 20030167336 A1) and Hunt et al. (US 2005/0246771 A1) as applied to claims 29-30, 32-33, 36, 38-39, 41-42, 45 and 48 above, and further in view of Jaber et al. (US 2011/0083003 A1).
Regarding claim 35, the rejection of claim 29 is incorporated.
Iwamoto et al. and Hunt et al. disclose using the domain credential to unlock the resource.
They do not explicitly disclose providing power to the resource to unlock the resource.  
However, Jaber et al. teaches providing power to the resource to unlock the resource [par. 0018, “a token that the service processor applies to unlock boot is made available if authentication is successful”].
At the time of the invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Jaber et al. into the teaching of Iwamoto et al. and Hunt et al. with the motivation for securing a boot with third party authentication as taught by Jaber et al. [Jaber et al.: abs, par. 0018].
Regarding claim 44, it recites limitations similar to claim 35. The reason for the rejection of claim 35 is incorporated herein.

 
 
Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20080104705 A1		SETTING GROUP POLICY BY DEVICE OWNERSHIP
US 20080148339 A1		GROUP POLICY FOR UNIQUE CLASS IDENTIFIER DEVICES
US 20070136581 A1		Secure authentication facility
US 6834351 B1		Secure information handling system
US 8543799 B2		Client authentication during network boot
US 20050138423 A1		Remote provisioning of secure systems for mandatory control
US 7774824 B2		Multifactor device authentication
US 20110283104 A1		Domain Access System
US 8468591 B2		Client authentication and data management system

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/JASON CHIANG/Primary Examiner, Art Unit 2431