DETAILED ACTION
This non-final office action is in response to claims 1-20 filed on 07/08/2019 for examination. Claims 1-20 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
No information disclosure statement (IDS) was submitted. 

Drawings
The drawings filed on 07/08/2019 have been accepted. 

Claim Interpretation

The following is a quotation of 35 U.S.C. 112(f): (FP 7.30.03) 
(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
7.30.05) 
This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function.  Such claim limitation is:  “a boot image generator that” in claim 1.
Because this/these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. (FP 7.30.06)


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):



The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1-10 and 12-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention
Regarding claim 1, claim limitation “a boot image generator” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification is devoid of adequate or tangible structure to perform the claimed function. In particular, the specification states the claimed function of each module. There is no disclosure of any particular structure, either explicitly or inherently to perform these functions. As would be recognized by those of ordinary skill in the art, these functions can be performed in any number of ways in hardware, software or a combination of the two. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
Claim 2-10 are rejected for carrying same deficiencies as claim 1.
Regarding claim 12, it recites wherein the value is a stable system value and comprising retrieving and combining a plurality of stable system values. It’s not clear if the value is a stable system value or combination of a plurality of stable system values. 
Claim 13-19 are rejected for carrying same deficiencies as claim 12.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that 
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Peterka et al. (US20100217964, hereinafter Pet) in view of Nahum (US20070192466). 
Regarding claim 1, Pet teaches an apparatus comprising: a boot image generator that creates a modified boot image for the device, the modified boot image comprising authentication code that performs authentication on an attempted boot using a value that is uniquely associated with the device (Pet: Para. 0039: As part of the request to enable the JTAG interface of the communication device 10, the end user 39 enters or submits to the access token server 38 a set of device-specific information or parameters, e.g., information suitable to identify the specific communication device for which the enablement of its JTAG interface is being requested. For example, the information supplied as part of the enablement request can include the chip serial number 32 of the communication device 10, the digital certificate or public key for the communication device 10, and an unencrypted version of the boot code image, e.g., the security processor boot code image, of the communication device 10; Para. 0040: The method 40 includes a step 44 of the access token server 38 building a new boot code image with “JTAG=ON” information. In response to the end user providing sufficient device-specific information, the access token server 38 initiates a process of building a new boot code image that includes suitable information to be used by the communication device 10 to enable the JTAG interface, i.e., suitable JTAG=ON information. The access token server 38 then generates a digital signature over the full boot code image; Para. 0041: The method 40 includes a step 46 of the access token server 38 encrypting the new boot code image. Once the access token server 38 builds the new boot code image with suitable JTAG=ON information for enabling the JTAG interface, the access token server 38 encrypts it; Para. 0042: The method 40 includes a step 48 of the access token server 38 creating and signing an access token or access token object. Once the boot code signature and the new boot code image have been encrypted together, the resulting encrypted component is included in an access token object created and signed by the access token server 38. The access token also can include the chip serial number, which was supplied to the access token server 38 by the end user; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK) (examiner note: device request to turn on JTAG interface is equivalent to request a customized boot image).
Yet, Pet does not teach a storage array comprising a plurality of interconnected computing nodes that manage access to a plurality of data storage drives.
However, in the same field of endeavor, Nahum teaches a storage array comprising a plurality of interconnected computing nodes that manage access to a plurality of data storage drives (Nahum: Para. 0003: FIG. 1 is a diagram of a conventional background art Storage Area Network (SAN) 100 having an array of hosts H, with H=H[1,2,3, . . . , h], and multiple disk arrays DA, with DA=DA[1,2, . . . , d], coupled in a storage network configuration by a network switch 15. The hosts H are coupled to the disk arrays DA via the network switch 15 by communication links 17, such as Fiber Channel (FC) communication links; Para. 0125: the System Administrator SA will have to create and identify Virtual Volumes VVs, to be accessed via the SBS 35. The System Administrator SA operates the GUI from his System Administrator SAW, or from a remote workstation). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by Pet to include a storage array comprising a plurality of interconnected computing nodes that manage access to a plurality of data storage drives as disclosed by Nahum. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot for the devices in SAN using a device-specific boot image as suggested by Nahum (Nahum: Para. 0035 and Para. 0036). 
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Peterka in view of Nahum, and further in view of Mikhailov et al. (US20180211016, hereinafter Mik).
Regarding claim 2, combination of Pet and Nahum teaches the apparatus of claim 1. 
Yet, the combination does not teach wherein the value comprises a combination of stable system values.
However, in the same field of endeavor, Mik teaches wherein the value comprises a combination of stable system values (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include   wherein the value comprises a combination of stable system values as disclosed by Mik. One of ordinary . 
Claim 3-6 are rejected under 35 U.S.C. 103 as being unpatentable over Peterka in view of Nahum and Mik, and further in view of Oh et al. (US20180089438, hereinafter Oh). 
Regarding claim 3, combination of Pet, Nahum and Mik teaches the apparatus of claim 2. In addition, Pet further teaches stable system value is serial number (Pet: Para. 0039: the information supplied as part of the enablement request can include the chip serial number 32 of the communication device 10). 
In addition, Oh further teaches a group comprising a UUID (universally unique identifier) and MAC address of the device (Oh: Para. 0021: Configuration information 152 related to the UUT 170 may include, for example, part number(s), serial number(s), a MAC (media access control) address of the UUT 170, a Universally Unique Identifier (UUID)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include a group comprising a UUID (universally unique identifier) and MAC address of the device as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014)(examiner note: Claim 3 recites “the group comprising: a UUID (universally unique identifier), storage array serial number, MAC address, and guest container name”. This describes parameters included in the group. However, some of the recited parameters not processed or used to carry out any steps or functions that rely on these particular parameters recited in the claims. Therefore, these claim recites nonfunctional descriptive material. When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).
Regarding claim 4, combination of Pet, Nahum and Mik teaches the apparatus of claim 2. In addition, Pet teaches the stable system values are persistently stored by the device, do not change, and, either alone or in combination, are uniquely associated with the device (Pet: Para. 0034: The communication device 10 includes a chip serial number 32, which is a unique serial number from one or more particular chips, e.g., processor chips, within the communication device 10. Also, before shipment, the communication device 10 is assumed to be preloaded with a private key 34 unique to the communication device 10). 
In addition, Nahum teaches the storage array (Nahum: Para. 0003: FIG. 1 is a diagram of a conventional background art Storage Area Network (SAN) 100 having an array of hosts H, with H=H[1,2,3, . . . , h], and multiple disk arrays DA, with DA=DA[1,2, . . . , d], coupled in a storage network configuration by a network switch 15. The hosts H are coupled to the disk arrays DA via the network switch 15 by communication links 17, such as Fiber Channel (FC) communication links). 
Regarding claim 5, combination of Pet, Nahum and Mik teaches the apparatus of claim 2. In addition, Mik further teaches wherein the stable system values are combined via concatenation (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include 
Regarding claim 6, combination of Pet, Nahum and Mik teaches the apparatus of claim 5. 
In addition, Mik further teaches wherein concatenated stable system values are hashed (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes) + device_model(4 bytes) + batch_no (8 bytes) + serial_no (8 bytes)….. the device id token is a secure hash of S+ChipID (4 bytes)+IN (24 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein concatenated stable system values are hashed as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Claim 7-10 are rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Nahum, Mik and Oh, and further in view of Alsina et al. (US20190340385, hereinafter Als). 
Regarding claim 7, combination of Pet, Nahum, Mik and Oh teaches the apparatus of claim 6. 
Yet, the combination does not teach wherein a portion of the hash is used as a key.
However, in the same field of endeavor, Als teaches wherein a portion of the hash is used as a key (Als: Para. 0088: the encryption key is selected from a portion of the hash value derived from the item of personal information data. For example, if the SHA-256 secure hash function is utilized to generate the hash value, then the hash value has 256-bits of information. However, the encryption key may be smaller than the 256 bits of the hash value). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include 
Regarding claim 8, combination of Pet, Nahum, Mik, Oh and Als teaches the apparatus of claim 7.  In addition, Pet further teaches wherein the key provides access to a password (Pet: Para. 0006: Some conventional embedded processor platforms allow the JTAG interface to be enabled when the user provides a key or password unique to the end user communication device. A secure encrypted object can be used to securely deliver such a unique key or password. For example, access tokens ….can be used for this purpose; Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK). 
Regarding claim 9, combination of Pet, Nahum, Mik, Oh and Als teaches the apparatus of claim 8.  In addition, Oh further teaches wherein the modified boot image uses the stable system values to generate the key to obtain the password (Oh: Para. 0029: The boot image key pair 132 (e.g., an asymmetric cryptographic key pair that includes a private key and a public key) may be generated for inclusion into the boot image 130 based on a UUID of the UUT 170 that is included in the received configuration information 152. For example, the system 100 may utilize the UUID of the UUT 170 as a passphrase to a key generator to generate the boot image key pair 132, and then the system 100 may embed the boot image key pair 132 into the boot image 130). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein the modified boot image uses the stable system values to generate the key to obtain the password as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Regarding claim 10, combination of Pet, Nahum, Mik, Oh and Als teaches the apparatus of claim 9. In addition, Pet further teaches wherein the modified boot image performs authentication based on the password (Pet: Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Oh.
Regarding claim 11, Pet teaches creating a modified boot image for a storage array, comprising: inserting authentication code into a boot image for the storage array, the authentication code performing authentication on an attempted boot using the value (Pet: Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0021: The device 10 can be any suitable end user communication device configured to receive, process, store, display and/or otherwise execute or consume content, including DRM-protected content and/or associated rights issuance information. Typically, the device 10 is configured with an appropriate digital rights management (DRM) system that allows the device 10 to protect the content within the device 10 from external attempts to obtain, alter or otherwise compromise the protected content). 
Yet, Pet does not explicitly teach retrieving a value that is uniquely associated with the storage array.
However, in the same field of endeavor, Oh teaches retrieving a value that is uniquely associated with the storage array (Oh: Para. 0021: the MES 150 may push the information to the system 100, while in other instances, the system 100 may retrieve the information from the MES 150. Configuration information 152 related to the UUT 170 may include, for example, part number(s), serial number(s), a MAC (media access control) address of the UUT 170, a Universally Unique Identifier (UUID); Para. 0018: a UUT 170 may represent a customer equipment order presently being manufactured (e.g., a server, a storage system, a network device, or other electronic device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by Pet to include retrieving a value that is uniquely associated with the storage array as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Claim 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Oh, and further in view of Mik.  
Regarding claim 12, combination of Pet and Oh teaches the apparatus of claim 11. In addition, Pet teaches the value is a stable system value (Pet: The communication device 10 includes a chip serial number 32, which is a unique serial number from one or more particular chips, e.g., processor chips, within the communication device 10. Also, before shipment, the communication device 10 is assumed to be preloaded with a private key 34 unique to the communication device 10). 
Yet, the combination does not teach the value combines a plurality of stable system values.
However, in the same field of endeavor, Mik teaches the value combines a plurality of stable system values (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include the value combines a plurality of stable system values as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Regarding claim 13, combination of Pet, Oh and Mik teaches the apparatus of claim 12. In addition, Mik further teaches combining the stable system values via concatenation (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include combining the stable system values via concatenation as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Regarding claim 14, combination of Pet, Oh and Mik teaches the apparatus of claim 13. 
In addition, Mik further teaches hashing the concatenated stable system values (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)….. the device id token is a secure hash of S+ChipID (4 bytes)+IN (24 bytes)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include hashing the concatenated stable system values as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Claim 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Oh and Mik, and further in view of Als. 
Regarding claim 15, combination of Pet, Mik and Oh teaches the apparatus of claim 14. 
Yet, the combination does not teach using a portion of the hash as a key.
the encryption key is selected from a portion of the hash value derived from the item of personal information data. For example, if the SHA-256 secure hash function is utilized to generate the hash value, then the hash value has 256-bits of information. However, the encryption key may be smaller than the 256 bits of the hash value). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include using a portion of the hash as a key as disclosed by Als. One of ordinary skill in the art would have been motivated to make this modification in order to select encryption key from the hash as suggested by Als (Als: Para. 0088).
Regarding claim 16, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 15.  In addition, Pet further teaches encrypting a password with the key and inserting the encrypted password in the modified boot image (Pet: Para. 0026: A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK). 
Regarding claim 17, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 16.  In addition, Oh further teaches in response to an attempted boot from the modified boot image, retrieving In response to the UUT seeking to network boot, the test system detects the UUT MAC address and provides the unique boot image, and engages in key pair authentication with the UUT during the boot process; Para. 0028: By executing instructions 110, the processing resource 102 may create a network-bootable boot image 130 with a boot image key pair 132 generated based on the configuration information 152 received from the MES 150 via execution of the instructions 106; Para. 0021: the processing resource 102 may receive, from the MES 150, configuration information 152 related to a UUT 170. In some instances, the MES 150 may push the information to the system 100, while in other instances, the system 100 may retrieve the information from the MES 150. Configuration information 152 related to the UUT 170 may include, for example, part number(s), serial number(s), a MAC (media access control) address of the UUT 170, a Universally Unique Identifier (UUID)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include  in response to an attempted boot from the modified boot image, retrieving the stable system values from the storage array as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Regarding claim 18, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 17. In addition, Oh further teaches generating the key from the stable system values in response to an attempted boot from the modified boot image (Oh: Para. 0016: In response to the UUT seeking to network boot, the test system detects the UUT MAC address and provides the unique boot image, and engages in key pair authentication with the UUT during the boot process; Para. 0029: The boot image key pair 132 (e.g., an asymmetric cryptographic key pair that includes a private key and a public key) may be generated for inclusion into the boot image 130 based on a UUID of the UUT 170 that is included in the received configuration information 152. For example, the system 100 may utilize the UUID of the UUT 170 as a passphrase to a key generator to generate the boot image key pair 132, and then the system 100 may embed the boot image key pair 132 into the boot image 130). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include generating the key from the stable system values in response to an attempted boot from the modified boot image as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Regarding claim 19, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 18. In addition, Pet further teaches decrypting the password with the key and using the password for authentication (Pet: Para. 0006: Some conventional embedded processor platforms allow the JTAG interface to be enabled when the user provides a key or password unique to the end user communication device. A secure encrypted object can be used to securely deliver such a unique key or password. For example, access tokens that contain debugging rights for a specific device or list of devices can be used for this purpose; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK). 
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Mik.
Regarding claim 20, Pet teaches in response to an attempt to boot a hardware platform with a modified boot image: obtaining a plurality of stable system values from the hardware platform (Pet: Para. 0039: As part of the request to enable the JTAG interface of the communication device 10, the end user 39 enters or submits to the access token server 38 a set of device-specific information or parameters, e.g., information suitable to identify the specific communication device for which the enablement of its JTAG interface is being requested. For example, the information supplied as part of the enablement request can include the chip serial number 32 of the communication device 10); using the value that is uniquely associated with the hardware platform to authenticate the boot attempt (Pet: Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK).
Yet, Pet does not teach combining the stable system values to generate a value that is uniquely associated with the hardware platform.
However, in the same field of endeavor, Mik teaches combining the stable system values to generate a value that is uniquely associated with the hardware platform (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include combining the stable system values to generate a value that is uniquely associated with the hardware platform as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Antony US9189609: using MAC or serial number of device as hash key
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN CHANG whose telephone number is (571)272-9998.  The examiner can normally be reached on Monday-Thursday 9AM-6PM EST Friday: Variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/L.C./Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438