Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Oath/Declaration
3.    Applicant’s Oath was filed on 01/10/2020.

Drawings
4.    Applicant’s drawings filed on 01/10/2020 has been inspected and is in compliance with MPEP 608.01.
Specification
5.    Applicant’s specification filed on 01/10/2020 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
6.    NO objections warranted at initial time of filing for patent.

Remarks
7.	Examiner request Applicant review relevant prior art under the conclusion of this office action.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
8.	Claims 1-3, 8-10, and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 7975034 hereinafter Chandra.

As per claim 1, Chandra discloses:
An information handling system (para Col. 1 Lines 42-44 “A method to secure data and hardware associated with a computing device is described.”) comprising: 
a processor; a management controller communicatively coupled to the processor and configured to provide management of the information handling system via management traffic communicated between the management Figs. 1 and 2, Col. 2 Lines 8-18 “A computer system that is configured to secure data and hardware associated with the computer system is also described. The computer system may include a processor configured to implement a primary operating system and a secondary operating system through virtualization. The computer system may also include a verification module implemented in a basic input/output system (BIOS) layer of the computer system. The verification module may also be implemented by the secondary operating system. In one embodiment, the verification module implements a verification process in the BIOS layer.”); 
a primary memory for storing a primary executable code image associated with the management controller; a secondary memory for storing a backup image to the primary executable code image (Fig. 3, Col. 5 Lines 3-17 “FIG. 3 is a block diagram illustrating a further embodiment of a client 302. As previously mentioned, the client 302 may include a partition 310 that separates a primary operating system 304 from a secondary operating system 306. The partition 310 may be referred to as a Service Operating System (SOS). In one embodiment, the SOS partition 310 isolates the secondary operating system 306 from the primary operating system 304. A user of the client 302 may access applications, programs, etc. through the primary operating system 304. In one embodiment, a reporting program 308 runs on the secondary operating system 306. Because the secondary operating system 306 (and the reporting program) are hidden and 
and a cryptoprocessor communicatively coupled to the management controller (Fig. 2, Col. 4 Lines 4-7) and configured to: 
upon powering up of the management controller, preventing the management controller from booting from either of the primary executable code image and the backup image (Col. 5 Lines 44-58 “ For example, when the client 302 is powered on, the verification module 336 may verify whether or not the SOS partition 310 has been tampered with. In addition, the verification module 336 may verify whether the reporting program 308 has been tampered with. For example, the verification module 336 may verify whether or not a user has attempted to circumvent or disable the reporting program 308. In one embodiment, the verification module 336 may take hashes of the SOS partition 310 and/or the reporting program 308. These hash values may be stored in a non-volatile storage. In one embodiment, the hash values may also be encrypted. During a boot-up process, new hashes may be generated and compared to the stored hash values in order to verify the integrity of the SOS partition 310 and the integrity of the reporting program 308.”);  
attempt to authenticate the primary executable code image and the backup image (Col. 5 Lines 44-58 “For example, when the client 302 is powered on, the verification module 336 may verify whether or not the SOS partition 310 has been tampered with. In addition, the verification module 336 may verify whether the reporting program 308 has been tampered with. For example, the 
and responsive to at least one of the primary executable code image and the backup image being authenticated, allow the management controller to execute an authenticated image comprising one of the primary executable code image and the backup image (Col. 5 Line 59 – Col. 6 Line 9 “If the partition 310 has not been tampered with, the secondary operating system 306 may be booted up. For example, the client 302 may be powered up and the BIOS 340 process may begin. In one embodiment, the verification module 336 may verify the integrity of the secondary partition 310. If the integrity is verified, the secondary operating system 306 may boot up. The reporting program 308 may perform the activities and any additional integrity checks as previously described in FIG. 2. If the integrity checks are verified, the primary operating system 304 may also boot up. Booting up the primary operating system 304 after the secondary operating system 306 may allow the secondary operating system 306 to establish communications with a server 114 via the reporting program 308 before the primary operating system 304 boots up. 

As per claim 2, Chandra discloses:
The information handling system of Claim 1, wherein the cryptoprocessor is further configured to, responsive to one of the primary executable code image and the backup image failing authentication, prevent the management controller from accessing a memory comprising one of the primary memory and the secondary memory having stored thereon the one of the primary executable code image and the backup image that failed authentication (Figs. 4 and 5, Col. 4 Lines 55 – Col. 5 Line 2 “In one embodiment, the server 214 may transmit security commands 222 to the client 102 via the reporting program 208. The security commands 222 may instruct the reporting program 208 to disable one or more functions of the client 102. For example, the security commands 222 may instruct the reporting program 208 to lock down the client 102 so that data is inaccessible to a user. For example, a thief may steal the client 102. A user may notify the server 214 that the client 102 has been stolen. The server 214 may then transmit the security commands 222 to the client 102 via the reporting program 208 over the internet connection 212. Alternatively, a malicious program may be detected on the client 102. The server 214 may transmit the security commands 222 to disable the client 102 in order to prevent sensitive data from being accessed by the malicious program.” Col. 6 Lines 10-16 “ If the SOS Col. 6 Lines 52-59 “However, if it is determined 404 that the partition which includes the reporting program 108 is not verified (i.e., the partition has been tampered with), a boot up process for the primary operating system and the secondary operating system may be disabled 410. In other words, if it is determined that the integrity of the partition 110 is compromised, the primary operating system 104 and the secondary operating system 106 may not be booted up.”).  

As per claim 3, Chandra discloses:
The information handling system of Claim 1, wherein the cryptoprocessor is further configured to, responsive to one of the primary executable code image and the backup image failing authentication, communicate an indication to the management controller of such failed authentication (Col. 6 Lines 10-22 “If the SOS partition 310 or the reporting program 308 have been tampered with, or if security commands 222 are received from the server 114, the booting up process for the primary operating system 304 and the secondary operating system 306 may be terminated. In other words, data stored in the client 302 may be inaccessible to a user. The termination of the booting up process may be 

As per claim 8, the implementation of the information handling system of claim 1 will execute the method of claim 8. The claim is analyzed with respect to claim 1.

As per claim 9, the claim is analyzed with respect to claim 2. 

As per claim 10, the claim is analyzed with respect to claim 3. 

As per claim 15, the implementation of the information handling system of claim 1 will execute the cryptoprocessor of claim 15. The claim is analyzed with respect to claim 1.

As per claim 16, the claim is analyzed with respect to claim 2. 

As per claim 17, the claim is analyzed with respect to claim 3. 


Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
9.	Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra in view of U.S. Patent No. 9195831 hereinafter Condra.

As per claim 4, Chandra discloses:
The information handling system of Claim 3, wherein, responsive to the indication, the management controller is configured to request the cryptoprocessor to allow the management controller to access a memory comprising one of the primary memory and the secondary memory having stored thereon the one of primary executable code image and the backup image (Figs. 4 and 5, Col. 4 Lines 55 – Col. 5 Line 17 and Col. 5 Line 59 – Col. 6 Line 9).  

Chandra does not disclose:
allow the management controller to access a memory comprising one of the primary memory and the secondary memory having stored thereon the one of primary executable code image and the backup image that failed authentication, to allow the management controller to recover the one of the primary executable code image and the backup image that failed authentication

	Condra discloses:
allow the management controller to access a memory comprising one of the primary memory and the secondary memory having stored thereon the one of primary executable code image and the backup image that failed authentication, to allow the management controller to recover the one of the primary executable code image and the backup image that failed authentication (Col. 3 Lines 39-61 “A hash of the boot image may be compared to the one or more keys in the keystore. If the keystore and boot image hash match, then the computing device may continue to boot into a runtime environment at 399. If, however, the keystore and the boot image do not match, the computing device may warn the user that the device is unverified at 335 and boot into a recovery mode at 398. The instructions for the recovery mode may be stored on a separate partition of the computing device and the recover partition may be verified according to, for example, the processes shown in FIG. 3. The recovery mode may limit what action can be taken by a user and may not load one or more core libraries, services, etc. for the operating system or runtime environment. For 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method to secure data and hardware associated with a computing device of Chandra to include the allow the management controller to access a memory comprising one of the primary memory and the secondary memory having stored thereon the one of primary executable code image and the backup image that failed authentication, to allow the management controller to recover the one of the primary executable code image and the backup image that failed authentication, as taught by Condra.
The motivation would have been to allow access to recover an image when failed authentication in order to properly assess or correct issues with the failed image.

As per claim 11, the claim is analyzed with respect to claim 4. 

As per claim 18, the claim is analyzed with respect to claim 4. 

9.	Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra in view of U.S. Publication No. 20110289180 hereinafter Sonnier.

As per claim 5, Chandra discloses:
The information handling system of Claim 1, wherein the cryptoprocessor is further configured to, responsive to both of the primary executable code image and the backup image being authenticated (Figs. 4 and 5, Col. 4 Lines 55 – Col. 5 Line 17 and Col. 5 Line 59 – Col. 6 Line 9), 

	Chandra does not disclose:
prevent a management controller from accessing a secondary memory during runtime of the management controller in absence of an authenticated sideband request to the secondary memory
	
	Sonnier discloses:
prevent a management controller from accessing a secondary memory during runtime of the management controller in absence of an authenticated sideband request to the secondary memory (para 0049 “ At step 424, if the received sideband signal is a "proceed" signal, for example if the valid bit and the proceed bit of the sideband signal are set, then processing of the speculative read request continues to step 426. If, at step 424 the received sideband signal is 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method to secure data and hardware associated with a computing device of Chandra to include prevent a management controller from accessing a secondary memory during runtime of the management controller in absence of an authenticated sideband request to the secondary memory, as taught by Sonnier.
The motivation would have been to provide memory access control.

As per claim 12, the claim is analyzed with respect to claim 5. 

As per claim 19, the claim is analyzed with respect to claim 5. 

9.	Claims 6, 7, 13, 14, 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra in view of U.S. Publication No. 20190073478 hereinafter Khessib.

As per claim 6, Chandra discloses:
The information handling system of Claim 1, wherein the management controller (Figs. 1-3) comprises a baseboard management controller.  

Chandra does not disclose:
a baseboard management controller

	Khessib discloses:
a baseboard management controller (Fig. 3, para 0019 “ During platform power-on, a master RoT may coordinate the delivery of power to host CPUs, Chipset, Baseboard Management Controller and peripherals to ensure the verification of all firmware prior to firmware execution. The power-on sequence may include attestation challenges exchanged between the master RoT and slave RoTs that are local to devices which they protect. The attestation challenges may inform the platform power-on sequence and may also facilitate secure firmware updates.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method to secure data and hardware associated with a computing device of Chandra to include a baseboard management controller, as taught by Khessib.
The motivation would have been to include proper components to verify and control access to boot images.

As per claim 7, Chandra discloses:
The information handling system of Claim 1, wherein the primary executable code image (Figs. 1-3)  

Chandra does not disclose:
a bootloader of the management controller

	Khessib discloses:
a bootloader of the management controller (Fig. 3, para 0049 “As described with respect to S210, power is applied to the platform at S405. Next, at S410, master RoT 320 powers on and securely loads and decompresses its internal firmware stored in its ROM bootloader. In the meantime, all other active devices remain in a standby or off state. The ROM bootloader authenticates the flash of RoT 320 at S415. Authentication may comprise by verifying the firmware integrity against an RSA asymmetric key-signed signature as will be described below with respect to FIGS. 5 and 6”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method to secure data and hardware associated with a computing device of Chandra to include a bootloader of the management controller, as taught by Khessib.
The motivation would have been to include proper components to verify and control access to boot images.

As per claim 13, the claim is analyzed with respect to claim 6. 

As per claim 14, the claim is analyzed with respect to claim 7. 

As per claim 20, the claim is analyzed with respect to claim 6. 

As per claim 21, the claim is analyzed with respect to claim 7. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
 U.S. Publication No. 20180267598 discloses “At step 510, the SoC 110 is powered up. For example, the PMIC controller 128 may turn on the power supply rails that were collapsed in the RBSp state. The PMIC 120 turns on these rails without disturbing the rails that were kept on in the RBSp state. The PMIC controller 128 may also input a power reset signal RESIN to the SoC. In response, SoC may start boot up by executing the primary boot loader from ROM. The primary boot loader may then load and authenticate the secondary boot loader, as discussed above. The primary boot load may authenticate the secondary boot loader using any of the authentication techniques discussed above, or another authentication technique.”


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2491