DETAILED ACTION
This final office action is in response to claim’s arguments filed on 06/16/21. No claim is amended, added and cancelled. Claims 1-20 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 
Response to Arguments
Applicant’s arguments to claim 1, filed on 06/16/2021, with respect to claim rejection under 35 U.S.C 112 (indefinite) have been considered and they are persuasive, therefore the claim rejection has been withdrawn.
Applicant’s arguments to independent claim 1 and 20, filed on 06/16/2021, with respect to rejections under 35 U.S.C 103 have been considered and they are not persuasive. 
As provided in further detail below, applicant’s arguments regarding that the references fail to show certain features are unpersuasive in view of the grounds of rejection discussed in detail. Please note that during patent examination, the pending claims even when interpreted in view of the specification must be “given their broadest reasonable interpretation.” Phillips v. AWH Corp., 415 F.3d 1303, 1316, 75 USPQ2d 1321, 1329 (Fed. Cir. 2005), In re Am. Acad, of Sci. Tech. Ctr., 367 F.3d 1359, 1364, 70 USPQ2d 1827, 1830] (Fed. Cir. 2004). As such, although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.
Regarding the arguments on independent claim 1 on page 8, applicant argues that the storage array in Nahum could not be substituted for one of Peterka’s node and substituting the Nahum storage 
Applicant also argues that substituting Nahum’s storage array for Peterka’s access token server (38) does not work because the device-specific information is provided by the end user (39) and associated with communication device (10), whereas the claims recite a value that is uniquely associated with storage array”. Examiner carefully reviewed applicant’s arguments but respectfully disagree. First, Nahum’s storage array is used to substitute Peterka’s communication device (10). Because claim 1 does not recite where the boot image generator is located and Peterka’s access token generates a modified boot image for device (10) based on the device-specific information (could be chip serial number) of device (10) provided by end user, therefore Peterka’s access token is mapped for the boot image generator. 
Applicant further argues that “substituting Nahum’s storage array for Peterka’s end user device (39) does not work because the encrypted boot code (36) is for communication device (10) rather than end user device (39) and claims recite a modified boot image for the storage array. First, end user device is the communication device (10) in Peterka (Para. 0021: The device 10 can be any suitable end user communication device configured to receive, process, store, display and/or otherwise execute or consume content, including DRM-protected content and/or associated rights issuance information),  wherein (39) is end user, not a device (Para. 0035:  The system 30 also includes an access token server 38, which is configured to receive from an end user (shown as 39)….. a request to enable the JTAG interface in the communication device 10). Because the JTAG interface allows the use of a debugger on the processor embedded within the device, a modified and secure boot image is required while requesting enable JTAG interface (Para. 0004 and 0005). Although the claim recite a modified boot image for a storage array, because Peterka teaches a modified boot image for a device which can be used to store contents and Nahum teaches a storage array, combination of Peterka and Nahum teaches a modified boot image for storage array. 
Applicant further argues that “substituting Nahum’s storage array for Peterka’s communication device (10) does not work because Peterka use a token from the server to allow or prevent user access to a JTAG interface by booting JTAG boot code rather than allowing or preventing booting of communication device”. Examiner carefully reviewed applicant’s arguments but respectfully disagree. First, Peterka teaches generating a boot code image includes a unique device identifier (Peterka: Para. 0068) and the security processor (14) on device (10) validating the signed security processor boot code 110, if the unique device identifier in the security processor boot code image matches the unique device identifier of the communication device (10), the security processor boot code image is loaded in the security processor (14) (Peterka: Para. 0074), another word, Peterka teaches allowing or preventing booting of communication device. Therefore combination of Peterka and Nahum teaches a modified boot image for storage array. 
Applicant further argues that “the cited combination authenticates a user to use a feature rather than authenticating a storage to boot from a boot image….the cited combination would not prevent a boot image of communication device (10) from being used on some other communication 
Regarding the arguments on independent claim 20 on page 9, applicant argues that “"in response to an attempt to boot a hardware platform with a modified boot image." Peterka controls booting of the JTAG interface, not booting of the communication device”. Examiner carefully reviewed applicant’s arguments but respectfully disagree. As previous states, Peterka controls enabling JTAG interface. A modified boot image (including device-specific identifier, like chip serial number) for the device is needed in order to enable JTAG interface on the device (Peterka: P004, 005) and the updated boot image is loaded to the security processor of the device if validation is successful (Para. 0074).  One of ordinary skill in the art would know that boot image is for the device, not for the interface. Also Peterka teaches the method 70 validates the unique device identifier in the security processor boot code image matches the unique device identifier of the communication device, if match, the boot image is loaded into the security processor (Para. 0074). 
Applicant presents no further arguments.
For the above reasons, it is believed that the rejections should be sustained. 

Claim Interpretation

The following is a quotation of 35 U.S.C. 112(f): (FP 7.30.03) 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Claim limitations in the application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. (FP 7.30.05) 
This application includes one or more claim limitations that do not use the word “means” or “step” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation is:  “a boot image generator that” in claim 1.
Because this/these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
“a boot image generator that” in claim 1 invokes 112(f). However, a review in the specification shows that figure 2 details the operation of a boot image generator. The flow chart in figure 2 is interpreted as the corresponding structural support for the claimed function.

7.30.06)


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 12-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention
Regarding claim 12, it recites wherein the value is a stable system value and comprising retrieving and combining a plurality of stable system values. It’s not clear if the value is a stable system value or combination of a plurality of stable system values. 
Claim 13-19 are rejected for carrying same deficiencies as claim 12.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that 
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Peterka et al. (US20100217964, hereinafter Pet) in view of Nahum (US20070192466). 
Regarding claim 1, Pet teaches an apparatus comprising: a boot image generator that creates a modified boot image for the device, the modified boot image comprising authentication code that performs authentication on an attempted boot using a value that is uniquely associated with the device (Pet: Para. 0039: As part of the request to enable the JTAG interface of the communication device 10, the end user 39 enters or submits to the access token server 38 a set of device-specific information or parameters, e.g., information suitable to identify the specific communication device for which the enablement of its JTAG interface is being requested. For example, the information supplied as part of the enablement request can include the chip serial number 32 of the communication device 10, the digital certificate or public key for the communication device 10, and an unencrypted version of the boot code image, e.g., the security processor boot code image, of the communication device 10; Para. 0040: The method 40 includes a step 44 of the access token server 38 building a new boot code image with “JTAG=ON” information. In response to the end user providing sufficient device-specific information, the access token server 38 initiates a process of building a new boot code image that includes suitable information to be used by the communication device 10 to enable the JTAG interface, i.e., suitable JTAG=ON information. The access token server 38 then generates a digital signature over the full boot code image; Para. 0041: The method 40 includes a step 46 of the access token server 38 encrypting the new boot code image. Once the access token server 38 builds the new boot code image with suitable JTAG=ON information for enabling the JTAG interface, the access token server 38 encrypts it; Para. 0042: The method 40 includes a step 48 of the access token server 38 creating and signing an access token or access token object. Once the boot code signature and the new boot code image have been encrypted together, the resulting encrypted component is included in an access token object created and signed by the access token server 38. The access token also can include the chip serial number, which was supplied to the access token server 38 by the end user; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK; Para. 0068: the boot code image 110 includes a security processor boot code image 112 (with JTAG=ON information), a unique device identifier 116 attached to the security processor boot code image 112, and a digital signature 118 over the unique device identifier 116; Para. 0074: The method 70 includes a step 88 of the security processor 14 validating the signed security processor boot code 110. If the unique device identifier in the security processor boot code image matches the unique device identifier of the communication device 10, the security processor boot code image (including the JTAG=ON information) is loaded into the security processor 14 ) (examiner note: device request to turn on JTAG interface is equivalent to request a customized boot image).
Yet, Pet does not teach a storage array comprising a plurality of interconnected computing nodes that manage access to a plurality of data storage drives.
However, in the same field of endeavor, Nahum teaches a storage array comprising a plurality of interconnected computing nodes that manage access to a plurality of data storage drives (Nahum: Para. 0003: FIG. 1 is a diagram of a conventional background art Storage Area Network (SAN) 100 having an array of hosts H, with H=H[1,2,3, . . . , h], and multiple disk arrays DA, with DA=DA[1,2, . . . , d], coupled in a storage network configuration by a network switch 15. The hosts H are coupled to the disk arrays DA via the network switch 15 by communication links 17, such as Fiber Channel (FC) communication links; Para. 0125: the System Administrator SA will have to create and identify Virtual Volumes VVs, to be accessed via the SBS 35. The System Administrator SA operates the GUI from his System Administrator SAW, or from a remote workstation). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by Pet to include a storage array comprising a plurality of interconnected computing nodes that manage access to a plurality of data storage drives as disclosed by Nahum. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot for the devices in SAN using a device-specific boot image as suggested by Nahum (Nahum: Para. 0035 and Para. 0036). 
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Peterka in view of Nahum, and further in view of Mikhailov et al. (US20180211016, hereinafter Mik).
Regarding claim 2, combination of Pet and Nahum teaches the apparatus of claim 1. 
Yet, the combination does not teach wherein the value comprises a combination of stable system values.
the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include   wherein the value comprises a combination of stable system values as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003). 
Claim 3-6 are rejected under 35 U.S.C. 103 as being unpatentable over Peterka in view of Nahum and Mik, and further in view of Oh et al. (US20180089438, hereinafter Oh). 
Regarding claim 3, combination of Pet, Nahum and Mik teaches the apparatus of claim 2. In addition, Pet further teaches stable system value is serial number (Pet: Para. 0039: the information supplied as part of the enablement request can include the chip serial number 32 of the communication device 10). 
In addition, Oh further teaches a group comprising a UUID (universally unique identifier) and MAC address of the device (Oh: Para. 0021: Configuration information 152 related to the UUT 170 may include, for example, part number(s), serial number(s), a MAC (media access control) address of the UUT 170, a Universally Unique Identifier (UUID)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include a group comprising a UUID (universally unique identifier) and MAC address of the device as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).
Regarding claim 4, combination of Pet, Nahum and Mik teaches the apparatus of claim 2. In addition, Pet teaches the stable system values are persistently stored by the device, do not change, and, either alone or in combination, are uniquely associated with the device (Pet: Para. 0034: The communication device 10 includes a chip serial number 32, which is a unique serial number from one or more particular chips, e.g., processor chips, within the communication device 10. Also, before shipment, the communication device 10 is assumed to be preloaded with a private key 34 unique to the communication device 10). 
In addition, Nahum teaches the storage array (Nahum: Para. 0003: FIG. 1 is a diagram of a conventional background art Storage Area Network (SAN) 100 having an array of hosts H, with H=H[1,2,3, . . . , h], and multiple disk arrays DA, with DA=DA[1,2, . . . , d], coupled in a storage network configuration by a network switch 15. The hosts H are coupled to the disk arrays DA via the network switch 15 by communication links 17, such as Fiber Channel (FC) communication links). 
Regarding claim 5, combination of Pet, Nahum and Mik teaches the apparatus of claim 2. In addition, Mik further teaches wherein the stable system values are combined via concatenation (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein the stable system values are combined via concatenation as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Regarding claim 6, combination of Pet, Nahum and Mik teaches the apparatus of claim 5. 
In addition, Mik further teaches wherein concatenated stable system values are hashed (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes) + device_model(4 bytes) + batch_no (8 bytes) + serial_no (8 bytes)….. the device id token is a secure hash of S+ChipID (4 bytes)+IN (24 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein concatenated stable system values are hashed as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Claim 7-10 are rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Nahum, Mik and Oh, and further in view of Alsina et al. (US20190340385, hereinafter Als). 
Regarding claim 7, combination of Pet, Nahum, Mik and Oh teaches the apparatus of claim 6. 
 wherein a portion of the hash is used as a key.
However, in the same field of endeavor, Als teaches wherein a portion of the hash is used as a key (Als: Para. 0088: the encryption key is selected from a portion of the hash value derived from the item of personal information data. For example, if the SHA-256 secure hash function is utilized to generate the hash value, then the hash value has 256-bits of information. However, the encryption key may be smaller than the 256 bits of the hash value). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein a portion of the hash is used as a key as disclosed by Als. One of ordinary skill in the art would have been motivated to make this modification in order to select encryption key from the hash as suggested by Als (Als: Para. 0088).
Regarding claim 8, combination of Pet, Nahum, Mik, Oh and Als teaches the apparatus of claim 7.  In addition, Pet further teaches wherein the key provides access to a password (Pet: Para. 0006: Some conventional embedded processor platforms allow the JTAG interface to be enabled when the user provides a key or password unique to the end user communication device. A secure encrypted object can be used to securely deliver such a unique key or password. For example, access tokens ….can be used for this purpose; Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK). 
Regarding claim 9, combination of Pet, Nahum, Mik, Oh and Als teaches the apparatus of claim 8.  In addition, Oh further teaches wherein the modified boot image uses the stable system values to generate the key to obtain the password (Oh: Para. 0029: The boot image key pair 132 (e.g., an asymmetric cryptographic key pair that includes a private key and a public key) may be generated for inclusion into the boot image 130 based on a UUID of the UUT 170 that is included in the received configuration information 152. For example, the system 100 may utilize the UUID of the UUT 170 as a passphrase to a key generator to generate the boot image key pair 132, and then the system 100 may embed the boot image key pair 132 into the boot image 130). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein the modified boot image uses the stable system values to generate the key to obtain the password as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Regarding claim 10, combination of Pet, Nahum, Mik, Oh and Als teaches the apparatus of claim 9. In addition, Pet further teaches wherein the modified boot image performs authentication based on the password (Pet: Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Oh.
Regarding claim 11, Pet teaches creating a modified boot image for a storage array, comprising: inserting authentication code into a boot image for the storage array, the authentication code performing authentication on an attempted boot using the value (Pet: Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0021: The device 10 can be any suitable end user communication device configured to receive, process, store, display and/or otherwise execute or consume content, including DRM-protected content and/or associated rights issuance information. Typically, the device 10 is configured with an appropriate digital rights management (DRM) system that allows the device 10 to protect the content within the device 10 from external attempts to obtain, alter or otherwise compromise the protected content). 
Yet, Pet does not explicitly teach retrieving a value that is uniquely associated with the storage array.
However, in the same field of endeavor, Oh teaches retrieving a value that is uniquely associated with the storage array (Oh: Para. 0021: the MES 150 may push the information to the system 100, while in other instances, the system 100 may retrieve the information from the MES 150. Configuration information 152 related to the UUT 170 may include, for example, part number(s), serial number(s), a MAC (media access control) address of the UUT 170, a Universally Unique Identifier (UUID); Para. 0018: a UUT 170 may represent a customer equipment order presently being manufactured (e.g., a server, a storage system, a network device, or other electronic device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by Pet to include retrieving a value that is uniquely associated with the storage array as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Claim 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Oh, and further in view of Mik.  
Regarding claim 12, combination of Pet and Oh teaches the apparatus of claim 11. In addition, Pet teaches the value is a stable system value (Pet: The communication device 10 includes a chip serial number 32, which is a unique serial number from one or more particular chips, e.g., processor chips, within the communication device 10. Also, before shipment, the communication device 10 is assumed to be preloaded with a private key 34 unique to the communication device 10). 
Yet, the combination does not teach the value combines a plurality of stable system values.
the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include the value combines a plurality of stable system values as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Regarding claim 13, combination of Pet, Oh and Mik teaches the apparatus of claim 12. In addition, Mik further teaches combining the stable system values via concatenation (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include combining the stable system values via concatenation as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).
Regarding claim 14, combination of Pet, Oh and Mik teaches the apparatus of claim 13. 
In addition, Mik further teaches hashing the concatenated stable system values (Mik: Para. 0048: the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)….. the device id token is a secure hash of S+ChipID (4 bytes)+IN (24 bytes)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include .
Claim 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Oh and Mik, and further in view of Als. 
Regarding claim 15, combination of Pet, Mik and Oh teaches the apparatus of claim 14. 
Yet, the combination does not teach using a portion of the hash as a key.
However, in the same field of endeavor, Als teaches using a portion of the hash as a key (Als: Para. 0088: the encryption key is selected from a portion of the hash value derived from the item of personal information data. For example, if the SHA-256 secure hash function is utilized to generate the hash value, then the hash value has 256-bits of information. However, the encryption key may be smaller than the 256 bits of the hash value). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include using a portion of the hash as a key as disclosed by Als. One of ordinary skill in the art would have been motivated to make this modification in order to select encryption key from the hash as suggested by Als (Als: Para. 0088).
Regarding claim 16, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 15.  In addition, Pet further teaches encrypting a password with the key and inserting the encrypted password in the modified boot image (Pet: Para. 0026: A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK). 
Regarding claim 17, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 16.  In addition, Oh further teaches in response to an attempted boot from the modified boot image, retrieving the stable system values from the storage array (Oh: Para. 0016: In response to the UUT seeking to network boot, the test system detects the UUT MAC address and provides the unique boot image, and engages in key pair authentication with the UUT during the boot process; Para. 0028: By executing instructions 110, the processing resource 102 may create a network-bootable boot image 130 with a boot image key pair 132 generated based on the configuration information 152 received from the MES 150 via execution of the instructions 106; Para. 0021: the processing resource 102 may receive, from the MES 150, configuration information 152 related to a UUT 170. In some instances, the MES 150 may push the information to the system 100, while in other instances, the system 100 may retrieve the information from the MES 150. Configuration information 152 related to the UUT 170 may include, for example, part number(s), serial number(s), a MAC (media access control) address of the UUT 170, a Universally Unique Identifier (UUID)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include  in response to an attempted boot from the modified boot image, retrieving the stable system values from the storage array as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Regarding claim 18, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 17. In addition, Oh further teaches generating the key from the stable system values in response to an attempted boot from the modified boot image (Oh: Para. 0016: In response to the UUT seeking to network boot, the test system detects the UUT MAC address and provides the unique boot image, and engages in key pair authentication with the UUT during the boot process; Para. 0029: The boot image key pair 132 (e.g., an asymmetric cryptographic key pair that includes a private key and a public key) may be generated for inclusion into the boot image 130 based on a UUID of the UUT 170 that is included in the received configuration information 152. For example, the system 100 may utilize the UUID of the UUT 170 as a passphrase to a key generator to generate the boot image key pair 132, and then the system 100 may embed the boot image key pair 132 into the boot image 130). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include generating the key from the stable system values in response to an attempted boot from the modified boot image as disclosed by Oh. One of ordinary skill in the art would have been motivated to make this modification in order to build a custom boot image for a device using device parameters in the configuration as suggested by Oh (Oh: Para. 0014).
Regarding claim 19, combination of Pet, Mik, Oh and Als teaches the apparatus of claim 18. In addition, Pet further teaches decrypting the password with the key and using the password for authentication (Pet: Para. 0006: Some conventional embedded processor platforms allow the JTAG interface to be enabled when the user provides a key or password unique to the end user communication device. A secure encrypted object can be used to securely deliver such a unique key or password. For example, access tokens that contain debugging rights for a specific device or list of devices can be used for this purpose; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK). 
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Pet in view of Mik.
Regarding claim 20, Pet teaches in response to an attempt to boot a hardware platform with a modified boot image: obtaining a plurality of stable system values from the hardware platform (Pet: Para. 0039: As part of the request to enable the JTAG interface of the communication device 10, the end user 39 enters or submits to the access token server 38 a set of device-specific information or parameters, e.g., information suitable to identify the specific communication device for which the enablement of its JTAG interface is being requested. For example, the information supplied as part of the enablement request can include the chip serial number 32 of the communication device 10); using the value that is uniquely associated with the hardware platform to authenticate the boot attempt (Pet: Para. 0026: The boot process loads a boot code or boot code image into the system memory of the device 10. A portion of the boot code image may be allocated for storing authentication information, e.g., a password to protect unauthorized users from booting the system or accessing setup options, and/or authentication information to permit the installation and/or operation of software. The authentication information typically is encrypted. It should be understood that the authentication information may be encrypted using one or more suitable encryption schemes; Para. 0045: The method 40 includes a step 54 of validating and decrypting the access token received by the target communication device 10. Decryption of the access token includes using the private key of the communication device 10 to decrypt the (GEK-encrypted) new portion of the boot code (with JTAG=ON information) and the boot code signature, which, as discussed hereinabove, were previously encrypted and included as part of the access token. Validation of the access token includes verifying the digital signature included with the boot code in the access token. Validation of the access token also includes verifying that the chip serial number matches the chip serial number included with the access token. All or a portion of the validating and decrypting step 54 can be performed within the communication device 10; Para. 0052: In an alternative embodiment, the access token server 38 has a database of symmetric device-unique keys, such as the USK, and in the encrypting step 46, encrypts the access token using the USK rather than using the public key of the device. In the access token validating and encrypting step 54, the portion of the boot code with JTAG=ON information is decrypted using the USK; Para. 0074: The method 70 includes a step 88 of the security processor 14 validating the signed security processor boot code 110. If the unique device identifier in the security processor boot code image matches the unique device identifier of the communication device 10, the security processor boot code image (including the JTAG=ON information) is loaded into the security processor 14, and the security processor 14 validates the signed security processor boot code image 110, e.g., by verifying the code image signature 118. The confirmation step 86 and the validation step 88 can be executed in any suitable order).
Yet, Pet does not teach combining the stable system values to generate a value that is uniquely associated with the hardware platform.
 the serial number S is formed as the concatenation of a manufacturer_id(4 bytes)+device_model(4 bytes)+batch_no (8 bytes)+serial_no (8 bytes)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include combining the stable system values to generate a value that is uniquely associated with the hardware platform as disclosed by Mik. One of ordinary skill in the art would have been motivated to make this modification in order to provide secure boot using secret values burnt into hardware as suggested by Mik (Mik: Para. 0003).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Antony US9189609: using MAC or serial number of device as hash key
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN CHANG whose telephone number is (571)272-9998.  The examiner can normally be reached on Monday-Thursday 9AM-6PM EST Friday: Variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.



/L.C./Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438