DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on January 24, 2019.  The application contains 20 claims.  Claims 1-20 are directed to a method, a system for redundant device locking key management.  Claims 1-20 are pending.

Claim Objections
3.	Claim 6 is objected to because of the following informalities:   
Referring to claim 6:
	Claim 6 recites “The system of claim 1, wherein the first remote access controller device is configured to:…wherein the smart contract is configured to execute in response to the second blockchain transaction to transmit the encrypted device locking key to the remote access controller device.”, wherein the two hi-lighted terms are not consistent. 

Claim Rejections - 35 USC § 103

4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1-20  are rejected under 35 U.S.C. 103 as being unpatentable over Kahler et al. (U.S. 2012/0233455 A1), hereinafter “Kahler”, in view of Acar et al. (U.S. 9,634,831 B2), hereinafter “Acar”, in view of Dobrek et al. (U.S. 10,320,843 B1), hereinafter “Dobrek”.
Referring to claims 1, 14:

                      A redundant key management system, comprising (see Kahler, fig. 1):
           a network (see Kahler, fig. 1, 28 ‘network’); 
           a key management system that is coupled to the network and configured to generate a device locking key and transmit that key through the network (see Kahler, fig. 1, 20a, 20b ‘key server’); and 
                      a first server device that is coupled to the network, wherein the first server device includes (see Kahler, fig. 1, 2 ‘storage subsystem’): 
                                 a managed device (see Kahler, fig. 1, 4 ‘storage [i.e., the managed device ]’); and 
                     a first remote access controller device that is coupled to the managed device and configured to (see Kahler, fig. 1, 14 ‘storage encryption manager’; [0020] ‘a storage encryption manager 14 for managing the key repository 30, managing the acquisition of the encryption key from one of the key servers, and using the encryption key to unlock the user disks.’): 
                                       receive, through the network from the key management system, a device locking key (see Kahler, fig. 4, 104 ‘obtain the encryption key’); 
                            lock, using the device locking key, the managed device (see Kahler, [0018] ‘an encryption key (EK) 10 that is used to lock and unlock the storage 4.’); 
                            encrypt the device locking key to provide an encrypted device locking key (see Kahler, fig. 6, 158 ‘Generate a wrapped encryption key by encrypting the encryption key (EK) with a public key of the storage manager (Ks) to produce (EK)ks’);  
                            erase, subsequent to a power cycle event the device locking key, the encrypted device locking key (see Kahler, [0020] ‘the encryption key (EK) 10 is maintained in a transient or volatile memory, such as memory 6, and is unavailable after a power cycle event [i.e., the encryption key (EK) erased after a power cycle event ].’); 
                            transmit, subsequent to erasing the device locking key, a request to retrieve the encrypted device locking key (see Kahler, [0020] ‘The encryption key (EK) 10 is retrieved after the power-on or initialization.’); 
retrieved from a key server 20a, 20b and is indirectly used to unlock the encrypted storage 4.’; [0020] ‘The encryption key (EK) 10 is retrieved after the power-on or initialization.’);	
                                      decrypt the encrypted device locking key to provide the device locking key (see Kahler, fig. 6, 164 ‘Decrypt encryption key (EK)ks with storage encryption manager private key (Js)’ ); and 
                           use the device locking key to unlock the managed device (see Kahler, [0018] ‘an encryption key (EK) 10 that is used to lock and unlock the storage 4.’).
	Kahler further disclose a plurality of second remote access controller devices (see Kahler, [0021] ‘storage systems’).  However, Kahler does not disclose                             broadcast, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key.
ii.	Acar disclose sending, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key (see Acar, fig. 3, 306, 308, 310 server nodes; [0079] ‘At 1112, the server node replicates the created or updated key, group, and/or policy with one or more other server nodes [i.e., a plurality of second remote access controller devices ].’)
iii.	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Acar into the system of Kahler to send, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Acar’s teaching could enhance the system of Kahler, because Acar teaches “Replication of newly created or updated keys, groups, and policies to a small subset of the storage nodes provides sufficient levels of data integrity” (see Acar, [0026]).
broadcasting the Channel X encryption key encrypted with the public key on the distributed ledger as a transaction.’)
	v.	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Dobrek into the system of Kahler to use broadcasting.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Dobrek’s teaching could enhance the system of Kahler, because Dobrek teaches “one or more encrypted transactions can be broadcasted to all nodes on a distributed ledger system or network.” (see Dobrek, col. 15, line 10). 
Referring to claims 2, 8, 15:
		Kahler, Acar, and Dobrek further disclose:
           broadcast, through the network to the plurality of second remote access controller devices, a request to store the encrypted device locking key (see Dobrek, col. 24, line 19 ‘the encryption key for Channel X can be sent to Node C through the network, for example by encrypting the Channel X encryption key with a public key of a participant registered on Node C and then broadcasting the Channel X encryption key encrypted with the public key on the distributed ledger as a transaction.’); 
           receive, through the network from at least one of the plurality of second remote access controller devices, an acceptance to store the encrypted device locking key; and transmit, through the network to the at least one of the plurality of second remote access controller devices in response to receiving the acceptance to the store the encrypted device locking key, the encrypted device locking key (see Acar, [0024] ‘upon receipt of confirmation from the other storage node’), 
          wherein the request to retrieve the encrypted device locking key is transmitted to the at least one of the plurality of second remote access controller devices to which the encrypted device locking key was transmitted (see Acar, fig. 3, 306, 308, 310 server nodes; [0043] ‘server node 310 successfully locates the requested DKM key in its local store’).

            It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Dobrek into the system of Kahler to use broadcasting.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Dobrek’s teaching could enhance the system of Kahler, because Dobrek teaches “one or more encrypted transactions can be broadcasted to all nodes on a distributed ledger system or network.” (see Dobrek, col. 15, line 10). 
Referring to claims 3, 9, 16:
		Kahler, Acar, and Dobrek further disclose:
           provide the encrypted device locking key along with a first remote access controller device identifier as part of a key bundle (see Kahler, fig. 2 ‘key store entry’, fig. 3 ‘key package [i.e., the key bundle ]’); and 
           transmit, through the network to the at least one of the plurality of second remote access controller devices in response to receiving the acceptance to the store the encrypted device locking key, the key bundle (see Kahler, fig. 2 ‘key store entry’, fig. 3 ‘key package [i.e., the key bundle ]’).
Referring to claims 4, 10, 17:
		Kahler, Acar, and Dobrek further disclose:
           transmit first remote access controller device identification information along with the request to retrieve the encrypted device locking key, and wherein each of the at least one of the second remote access controller devices is configured to (see Acar, [0047] ‘Storage nodes 406 and 410 receive the synchronization requests and verify the 
          determine that the first remote access controller device identification information matches the first remote access controller device identifier and, in response, transmit the encrypted device locking key to the first remote access controller device (see Acar, [0047] ‘Verifying the query includes verifying the identity of the storage node 404 [i.e., the first remote access controller device identifier ] (such as by using a public key, such as a TPM public key and comparing [i.e., determining a match ] it to a signed server list)’; [0049] ‘Upon verifying the query, the storage node 410 checks its local key list and, because the requested DKM key is stored therein, the storage node sends the requested DKM key to the storage node 404.’).
          It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Acar into the system of Kahler to send, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Acar’s teaching could enhance the system of Kahler, because Acar teaches “Replication of newly created or updated keys, groups, and policies to a small subset of the storage nodes provides sufficient levels of data integrity” (see Acar, [0026]).
Referring to claims 5, 11, 18:
		Kahler, Acar, and Dobrek further disclose:
           receive, through the network the at least one of the plurality of second remote access controller devices in response to transmitting the key bundle, respective second remote access controller device identifiers (see Acar, fig. 8, 618 ‘signed server list’); 
           store the respective second remote access controller device identifiers (see Acar, fig. 8, 618 ‘signed server list’); 

           transmit, using the respective second remote access controller device identifiers, the request to retrieve the encrypted device locking key to second remote access controller devices identified by the second remote access controller device identifiers (see Acar, [0041] ‘the server node 306 selects one or more other server nodes from which to request the DKM key.’).
            It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Acar into the system of Kahler to send, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Acar’s teaching could enhance the system of Kahler, because Acar teaches “Replication of newly created or updated keys, groups, and policies to a small subset of the storage nodes provides sufficient levels of data integrity” (see Acar, [0026]).
Referring to claims 6, 12, 19:
		Kahler, Acar, and Dobrek further disclose:
wherein the first remote access controller device is configured to: 
           broadcast the encrypted device locking key as part of a first blockchain transaction that is directed to a blockchain address that is associated with a smart contract, wherein the smart contract is configured to execute in response to the first blockchain transaction to store the encrypted device locking key on a blockchain that is maintained by the first remote access controller device and the plurality of second remote access controller devices (see Dobrek, col. 6, line 38 ‘encrypt data and/or transaction using an encryption key and publish and/or store the encrypted data on a distributed ledger, such as a blockchain.’; col. 8, line 8 ‘smart-contract’), 
           wherein the request to retrieve the device locking key is transmitted as part of a second blockchain transaction that is directed to the blockchain address that transaction using an encryption key and publish and/or store the encrypted data on a distributed ledger, such as a blockchain.’; col. 8, line 8 ‘smart-contract’).
            It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Dobrek into the system of Kahler to use a blockchain for recording transactions.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Dobrek’s teaching could enhance the system of Kahler, because Dobrek teaches “one or more encrypted transactions can be broadcasted to all nodes on a distributed ledger system or network.” (see Dobrek, col. 15, line 10). 
Referring to claim 7:
	i.	Kahler teaches:
                      An Information Handling System (IHS), comprising (see Kahler, fig. 1, 2 ‘storage subsystem’):
                      a processing system (see Kahler, fig. 1, 14 ‘storage encryption manager’); and 
                      a memory system that is coupled to the processing system and that includes instructions that, when executed by the processing system, cause the processing system to provide a remote access controller engine that is configured to:
                             receive, through the network from the key management system, a device locking key (see Kahler, fig. 4, 104 ‘obtain the encryption key’); 
                  lock, using the device locking key, a managed device (see Kahler, [0018] ‘an encryption key (EK) 10 that is used to lock and unlock the storage 4.’); 
                   encrypt the device locking key to provide an encrypted device locking key (see Kahler, fig. 6, 158 ‘Generate a wrapped encryption key by encrypting the encryption kehy (EK) with a ploublic key of the storage manager (Ks) to produce (EK)ks’);  
is unavailable after a power cycle event [i.e., the encryption key (EK) erased after a power cycle event ].’); 
                    transmit, subsequent to erasing the device locking key, a request to retrieve the encrypted device locking key (see Kahler, [0020] ‘The encryption key (EK) 10 is retrieved after the power-on or initialization.’); 
                     receive, through the network from the at least one of the plurality of key management system in response to transmitting the request to retrieve the device locking key, the encrypted device locking key (see Kahler, [0018] ‘On storage 4 initialization, the encryption key 10 is retrieved from a key server 20a, 20b and is indirectly used to unlock the encrypted storage 4.’; [0020] ‘The encryption key (EK) 10 is retrieved after the power-on or initialization.’);	
                                decrypt the encrypted device locking key to provide the device locking key (see Kahler, fig. 6, 164 ‘Decrypt encryption key (EK)ks with storage encryption manager private key (Js)’ ); and 
                     use the device locking key to unlock the managed device (see Kahler, [0018] ‘an encryption key (EK) 10 that is used to lock and unlock the storage 4.’).
	Kahler further disclose a plurality of second remote access controller devices (see Kahler, [0021] ‘storage systems’).  However, Kahler does not disclose                             broadcast, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key.
ii.	Acar disclose sending, through the network to a plurality of second remote access controller devices provided in respective second server devices, the encrypted device locking key (see Acar, fig. 3, 306, 308, 310 server nodes; [0079] ‘At 1112, the server node replicates the created or updated key, group, and/or policy with one or more other server nodes [i.e., a plurality of second remote access controller devices ].’)
iii.	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Acar into the system of Kahler to send, through the network to a plurality of second remote access 
iv.	Dobrek disclose broadcasting (see Dobrek, col. 24, line 19 ‘the encryption key for Channel X can be sent to Node C through the network, for example by encrypting the Channel X encryption key with a public key of a participant registered on Node C and then broadcasting the Channel X encryption key encrypted with the public key on the distributed ledger as a transaction.’)
	v.	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Dobrek into the system of Kahler to use broadcasting.  Kahler teaches "method for a redundant key server encryption environment.” (see Kahler, [0002]).  Therefore, Dobrek’s teaching could enhance the system of Kahler, because Dobrek teaches “one or more encrypted transactions can be broadcasted to all nodes on a distributed ledger system or network.” (see Dobrek, col. 15, line 10). 
Referring to claims 13, 20:
		Kahler, Acar, and Dobrek further disclose:
           wherein the smart contract is configured to store, on the blockchain, information about the transmission of the encrypted locking key to the remote access controller engine (see Dobrek, col. 8, line 8 ‘smart-contract’; col. 12, line 66 ‘one or more encrypted transactions can be broadcasted to all nodes on a distributed ledger system or network.  These encrypted transactions can be written/stored on the distributed log by each and every node on the distributed ledger in some embodiments.’).
 
Conclusion

6.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.

(b)	Ogawa; Shugo et al. (US 20080052331 A1) disclose Data arrangement management system, method, and program;
(c)	Sahita; Ravi et al. (US 20110277038 A1) disclose information flow tracking and protection;
(d)	Rudzitis; Aleksandrs J. et al. (US 20190342079 A1) disclose key management system and method;
(e)	Przykucki; Robert et al. (US 8266433 B1) disclose Method and system for automatically migrating encryption keys between key managers in a network storage system;
(f)	Noll; Landon Curt et al. (US 20090092252 A1) disclose Method and System for Identifying and Managing Keys;
(g)	Zhang; Minda et al. (US 20200186342 A1) disclose Self-Encryption Drive (SED).

 	   7.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
            If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the 


/PEILIANG PAN/
Examiner, Art Unit 2492



 
/TAE K KIM/Primary Examiner, Art Unit 2492