DETAILED ACTION
The following claims are pending in this office action: 1-19
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 04/23/2020 are accepted.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/23/2020 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 04/23/2020 is attached to the instant Office action. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-3, 8-10, and 15-17 are rejected under 35 USC § 102 (a)(1) as being anticipated by Raj et al. (US Pub. 2013/0054948) (hereinafter “Raj”). 

As per claim 1, Raj teaches a method for establishing and maintaining a secure computing infrastructure, the method comprising: upon an attestation event, checking trustworthiness of a component to be added or activated in the secure computing environment; and ([Raj, Fig. 1; para. 0017] a method for securely booting [adding/activating] a boot server [a component] to maintain a Trusted Computing Base for a cloud service provider [secure computing infrastructure] is described.  [Para. 0061] An attestation protocol [event] checks to determine whether the operation mode of the boot server is in a clean mode. [Para. 0025] if it is determined the operation mode of the boot server is in a clean mode, the boot server is clean and free of malicious software [checking the trustworthiness of the component]) 
if the checking indicates that the component is not trustworthy, applying one or more security restrictions to the component. ([Raj, para. 0061; para. 0024]; if the attestation protocol checks and determines the boot server has booted in a dirty mode, the boot server is in a state where there is a possibility that it has been compromised [the component is not trustworthy].  [Para. 0066-0067] if the boot server is booted in dirty mode, the attestation protocol ensures that the server cannot receive the MAC from the secure co-processor, which ensures that connectivity is denied to the boot server [applying one or more security restrictions to the component])

As per claim 2, Raj teaches claim 1.  
Raj also teaches wherein applying the one or more security restrictions includes refusing to add or use the component in the secure computing infrastructure; and ([Raj, para. 0024; para. 0066-0067] if the boot server is in a dirty mode, the attestation protocol ensures that the boot server cannot receive the MAC from the secure co-processor, which ensures that connectivity is denied to the boot server [one or more security restrictions].  [Para. 0061] at step 504, the network connection between the boot server and the rest of the network is disabled, isolating the boot server from the rest of the environment])
sending a message to a user that the component cannot be installed into the secure computing infrastructure. ([Raj, para. 0077] in the event that the boot server becomes compromised with malicious malware, and network cannot be established, after a certain predetermined period of time, the production server sends an alert message to a human operator [user] indicating that there is a problem with the boot server [the boot server cannot be installed]) 

As per claim 3, Raj teaches claim 1.  
Raj also teaches wherein applying the one or more security restrictions includes allowing the component to perform operations that do not involve encryption or decryption.  ([Raj, para. 0061-0062] at step 508 after the attestation protocol determines that the boot server is in a dirty mode, the boot server is allowed to perform operations to initialize the virtual machine [operations that do not involve encryption or decryption].  [Para. 0067; para. 0069] the boot server may not decrypt and retrieve the MAC from the secure co-processor when booted in dirty mode [may not perform operations that involve encryption or decryption])

As per claim 8, Raj teaches a plurality of servers, the plurality of servers including one or more virtual machines; ([Raj, para. 0030] although Fig. 2 depicts a single boot server, another embodiment includes more than on [a plurality of] boot servers)
a plurality of networks coupled to the servers, the plurality of networks including a storage network; and ([Raj, Fig. 2; para. 0027; para. 0031] a plurality of networks is connected to the boot servers including networks for storage devices [storage networks])
a plurality of storage components coupled to the storage network; ([Raj, Fig. 2; para. 0031] storage devices [components] include devices depicted including the boot servers and storage devices, such as guest VMs within the boot servers [a plurality of storage components])
wherein when a storage component or a virtual machine is added or used the first time, an application running in the system performs a method comprising: ([Raj, para. 0004]  when a guest VM offering storage and networking capabilities [see para. 0021] is initialized [booted for the first time] on the boot server, and the method described performs the steps below)
upon an attestation event, checking trustworthiness of a component to be added or activated in the secure computing infrastructure; and ([Raj, Fig. 1; para. 0017] a method for securely booting [adding/activating] a boot server [a component] to maintain a Trusted Computing Base for a cloud service provider [secure computing infrastructure] is described.  [Para. 0061] An attestation protocol [event] checks to determine whether the operation mode of the boot server is in a clean mode. [Para. 0025] if it is determined the operation mode of the boot server is in a clean mode, the boot server is clean and free of malicious software [checking the trustworthiness of the component])
if the checking indicates that the component is not trustworthy, applying one or more security restrictions to the component. ([Raj, para. 0061; para. 0024]; if the attestation protocol checks and determines the boot server has booted in a dirty mode, the boot server is in a state where there is a possibility that it has been compromised [the component is not trustworthy].  [Para. 0066-0067] if the boot server is booted in dirty mode, the attestation protocol ensures that the server cannot receive the MAC from the secure co-processor, which ensures that connectivity is denied to the boot server [applying one or more security restrictions to the component])
	
As per claim 9, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 10, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

([Raj, para. 0039] methods described are implementable in non-transmission mediums used to store computer readable instructions.  [Para. 0033] the instruction are executable in the processing unit 302 of the computing device 300 which represents a boot server [see para. 0035])
The method performs the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  

As per claim 16, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 17, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Raj in view of Fitzgerald et al. (US Pub. 2008/0134175) (hereinafter “Fitzgerald”).

As per claim 4, Raj teaches claim 1.  
Raj does not explicitly teach wherein applying the one or more security restrictions include accepting the component into the secure computing infrastructure; preventing the component from interacting with other components in the secure computing infrastructure; and sending an alert message to a user of the secure computing infrastructure that the component is accepted but not usable. (However, see Raj, para. 0066-0067, where network connectivity is disabled, and the boot server is prevented from interacting with other components in the secure computing environment)
However, Fitzgerald teaches applying the one or more security restrictions include accepting the component into the secure computing infrastructure; ([Fitzgerald, para. 0029; para. 0049; para. 0057] described is a method for security management [applying a security restriction] in admission control of physical execution platforms of virtual machines [component] that will be used in an enterprise safe [secure – see para. 0039] managed systems [computer infrastructure].  [Para. 0057] the VMs first undergo a registration [accepting] step into the host computing environment where the physical name of the VM is registered.   [Fig. 4; para. 0245] following the registration [accepting] process 600, the execution process 403 allowing interaction in the environment may be prevented by a remedial action [see para. 0251, and para. 0285]) 
preventing the component from interacting with other components in the secure computing infrastructure; and ([Fitzgerald, para. 0285] the VM execution is prevented where the VM is placed into a condition with no network connectivity, i.e. in a sandbox [preventing the component from interacting with other components])
([Fitzgerald, para. 0285] in the case of execution being prevented, an alert/event [alert message] with details about why the execution was prevented [component accepted but not usable] is sent to an operator console [user of the secure computing infrastructure])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Raj with the teachings of Fitzgerald to include wherein applying the one or more security restrictions include accepting the component into the secure computing infrastructure; preventing the component from interacting with other components in the secure computing infrastructure; and sending an alert message to a user of the secure computing infrastructure that the component is accepted but not usable.  One of ordinary skill in the art would have been motivated to make this modification because placing the physical execution environment of the VM in a sandbox and sending an alert to the operator allows the operator to perform problem isolation, recreation and/or remediation of the VM.  (Fitzgerald, para. 0285)

As per claim 11, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

As per claim 18, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

Claims 5-7, 12-14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Raj in view of Cucinotta et al. (US Pub. 2015/0089589) (hereinafter “Cucinotta”).

As per claim 5, Raj teaches claim 1.  

However, Cucinotta teaches wherein applying the one or more security restriction includes: encrypting data transferred to or through the component; ([Cucinotta, Fig. 1; para. 0007] the method disclosed allows for isolation [applies a security restriction] of untrusted virtual machines such as those found in cloud computing infrastructures. [Fig. 1; para. 0065] all data transferred to or through the untrusted domain 80 [the untrusted VM/ untrusted component] must pass through the encryption hardware 40B which is hardwired to forcibly encrypt the data before)
and decrypting data received from the component.  ([Cucinotta, Fig. 1; para. 0064] all incoming communications received from the untrusted domain 80 [the untrusted VM/the untrusted component] must pass through the decryption hardware 40A which is hardwired to decrypt the received data)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Raj with the teachings of Cucinotta to include wherein applying the one or more security restriction includes: encrypting data transferred to or through the component; and decrypting data received from the component.  One of ordinary skill in the art would have been motivated to make this modification because this prevent access to data within the trusted domain that is not intended to be provided to the component, prevents any unencrypted data from exiting the trusted domain, and preserves integrity of the data.  (Cucinotta, para. 0013-0015)

As per claim 6, Raj in view of Cucinotta teaches claim 5.  
Raj does not teach wherein encrypting and decrypting the data is performed with the aid of a security module.
However, Cucinotta teaches wherein encrypting and decrypting the data is performed with the aid of a security module. ([Cucinotta, Fig. 1; para. 0063-0065] the encrypting and decrypting is performed by the trusted cryptographic hardware unit, a security module, which includes the decryption and encryption hardware)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Raj with the teachings of Cucinotta to include encrypting and decrypting the data is performed with the aid of a security module.  One of ordinary skill in the art would have been motivated to make this modification because using a hardware security module allows the trusted domain to avoid malicious software overriding or reprogramming functions of the devices in the trusted domain.  (Cucinotta, para. 0015)

As per claim 7, Raj in view of Cucinotta teaches claim 6.  
Raj does not teach wherein the security module is a trusted platform module.
However, Cucinotta teaches wherein the security module is a trusted platform module. ([Cucinotta, para. 0072] the private key used for the encryption/decryption process is injected into the cryptographic unit and stored in a trusted platform module, making the generic trusted cryptographic hardware unit a trusted platform module)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Raj with the teachings of Cucinotta to include wherein the security module is a trusted platform module.  One of ordinary skill in the art would have been motivated to make this modification because such a technique allows the cryptographic chip to be protected against sophisticated physical attacks to the hardware by utilizing tamper-proof manufacturing that’s a feature of trusted platform modules.  (Cucinotta, para. 0069)

As per claim 12, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.

As per claim 13, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.

As per claim 14, the claim language is identical or substantially similar to that of claim 7. Therefore, it is rejected under the same rationale applied to claim 7.

As per claim 19, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Canillas et al.  (US Pub. 2021/0152353) discloses using a TPM to encrypt/decrypt data to ensure integrity of received data.  Takayama et al.  (US Pub. 2010/0185845) discloses a boot control unit that provides a terminal that prevents improper activity by checking the module’s certificate version and ensuring no issues with the certificate/module by means of a TPM.  Shah et al. (US Pub. 2017/0364685) discloses a TPM chip that verifies the integrity of virtual machines and provides remediation measures if the integrity of such VMs are compromised.  Shaw et al. (US Pub. 2019/0245853) discloses a security device for encryption and decryption of data to ensure integrity of stored data.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493              
                                                                                                                                                                                          
/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        11/17/2021