Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
          DETAILED ACTION
This office action is in response to the communication filed on 08/29/2019. Claims 1-20 are pending in the application. Claims 7-9, 15, 17 and 20 are objected. Claims 1-6, 10-14, 16 and 18-19 have been rejected. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-2, 4 and 18-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by 2018/0260568 A1 (hereinafter Cisneros et al) 
Regarding claim 1, Cisneros et al teaches a cross authentication method for verifying a baseboard management controller (BMC) (note figure 2.102: BMC) of a computer system to be implemented by a host central processing unit (CPU) module (note figure 2.104: processor) of the computer system, the verification method comprising steps of:
sending a request for BMC signature to the BMC (note para. [0032], [0039]); 

upon receiving the BMC signature data, determining whether the BMC signature data thus received is authentic based on a BMC public key stored in a CPU boot storage of the host CPU module (note para. [0032], [0039]); and
when it is determined that the BMC signature data is authentic, allowing the BMC to access the CPU boot storage, and enabling the host CPU module to respond to an operational request received from the BMC (note para. [0032], [0039]: If request is properly signed, processor allows modification of service OS)
Regarding claim 2, Cisneros et al teaches the cross authentication method of claim 1, wherein:
the step of receiving BMC signature data is to receive the BMC signature data including a BMC digital Signature and BMC plaintext data that are associated with a fragment of a BMC firmware of the BMC, the BMC digital signature being generated by performing a hash function on the fragment of the BMC firmware to obtain a check code and then encrypting the check code with  a BMC private key that is paired with the BMC public key to obtain the BMC digital signature (note para [0026], [0032], [0039]: signature generation and verification); and the step of determining whether the BMC signature data is authentic includes sub-steps of:

obtaining a second check code by decrypting, with the BMC public key, the BMC digital signature contained in the BMC signature data thus received (note para. [0026], [0039]); and
determining whether the BMC signature data is authentic by determining whether the first and second check codes match each other (note para. [0026], [0039]: processor verifying signature if hash values are equal)
Regarding claim 4, Cisneros et al teaches the cross authentication method of claim 1, the host CPU module including a CPU control switch electrically connected between the CPU boot storage and a BMC processor of the BMC, the verification method further comprising a step of:
when it is determined that the BMC signature data is authentic (note para. [0026], [0039]: processor verifying signature if hash values are equal), turning on the CPU control switch to allow the BMC to access the CPU boot storage, and enabling the host CPU module to respond to the operational request received from the BMC (note para. [0034], [0039]-[0040]: BMC to modify/ decrypt bootloader upon signature verification by the processor)              
Regarding claim 18, Cisneros et al teaches a host central processing unit (CPU) module to be electrically connected to a baseboard management controller (BMC) (note figure 2.102: BMC), said host CPU module comprising:
a main processor (note figure 6.610: processor; para. [0060]); and
a CPU boot storage (note figure 2.202: bootloader) electrically connected to said main processor and storing a BMC public key associated with the BMC, said CPU boot storage having instructions that, when executed by said main processor, cause said main processor to 
send a request for BMC signature to the BMC (note para. [0032], [0039]); 
receive BMC signature data transmitted from the BMC in response to the request for BMC signature (note para. 039: processor receiving bootloader/ BMC signature); 
upon receiving the BMC signature data,  determine whether the BMC signature data thus received is authentic based on the BMC public key (note para. [0032], [0039]); and 
when it is determined that the BMC signature data is authentic, allow the BMC to access said CPU boot storage, and  enable the host CPU module to respond to an operational request received from the BMC (note para. [0032], [0039], [0060]: If request is properly signed, processor allows modification of service OS)
Regarding claim 19, Cisneros et al teaches the host CPU module of claim 18, the BMC including a BMC processor, said host CPU module further comprising:
a CPU control switch (note figure 6.610: processor; para. [0060]) electrically connected between said CFU boot storage and the BMC processor (note figure 2.104: processor), wherein the instructions stored in said CPU boot storage further cause, when executed by said main processor, said main processor to when it is determined that the BMC signature data is authentic (note para. [0026], [0069], [0071]: verifying signature if hash values are equal), turn on said CPU control switch to allow the BMC to access said CPU boot storage (note para. [0022], [0031], [0071]: BMC verifying OS/ processor signature; BMC may allow a requestor to modify non-volatile storage upon signature verification)

                                      Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over US Cisneros et al.
Regarding claim 3, Cisneros et al fails to teach expressly the cross authentication method wherein the hash function is an MD5 message-digest algorithm.
However, examiner takes an official notice on that at the time of effective filing of the claimed invention, using an MD5 message-digest type hash function/ algorithm for generating signature/ integrity value was well-known in the art. Therefore, at the time of effective filing of the claimed invention, it would have been obvious to ordinary skill in the art to implement an authentication method further including the features of wherein the hash function is an MD5 message-digest algorithm in order to provide users with an efficient and well-known cryptographic method for generating signature/ integrity values ( as further evidenced  by US 2020/0235917 A1, Davenport et al, para. [0012], [0017], [0023])

Claims 10-14 and 16  are rejected under 35 U.S.C. 103 as being unpatentable over US Cisneros et al  in view of US 9,147,086 B1 (hereinafter Potlapally et al)
Regarding claim 10, Cisneros et al teaches a cross authentication method for verifying a host central processing unit (CPU) module (note figure 2.104: processor) of a computer system to be implemented by a baseboard management controller (BMC) (note figure 2.102: BMC) of the computer system, the verification method comprising steps of: 
receiving CPU signature data from the host CPU 20 module 
upon receiving the CPU signature data, determining whether the CPU signature data thus received is authentic based on a CPU public key stored in a BMC boot storage of the BMC (note para. [0022], [0031], [0069]); and 
 when it is determined that the CPU signature data is authentic, allowing the host CPU module to access the BMC boot storage, and enabling the BMC to respond an operational request received from the host CPU module (note para. [0022], [0031], [0071]: BMC verifying OS/ processor signature; BMC may allow a requestor to modify non-volatile storage upon signature verification)
Cisneros et al fails to teach expressly sending a request for CPU signature to the host CPU module; and receiving CPU signature data from the host CPU module in response to the request for CPU signature.
However, Potlapally et al teaches sending a request for CPU signature to the host CPU module (note column 5, starts at line 30; column 10, starts at line 47); and receiving CPU signature data from the host CPU module in response to the request for CPU signature (note column 5, starts at line 30; column 10, starts at line 47: steps of mutual authentication between BMC and host device)
Potlapally et al and Cisneros et al are analogous art because they are from the same field of endeavor of authenticating secure data related to baseboard management controller (BMC). Therefore, at the time of effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Cisneros et al   method to further include the features of sending a request for CPU signature to the host CPU module; and receiving CPU signature data from the host CPU module in response to the request for CPU signature taught by Potlapally et al since such arrangements would provide users with an efficient mechanism for exchanging authentication information between the host processor and BMC.
Regarding claim 11, Cisneros et al teaches the cross authentication method of claim 10, wherein: 
the step of receiving CPU signature data is to receive the CPU signature data including a CPU digital Signature and CPU plaintext data that are associated with a fragment of a basic input/output system (BIOS) of the host CPU module, the CPU digital signature being generated by performing a hash function on the fragment of the BIOS to obtain a check code and then encrypting the check code with a CPU private key that is paired with the CPU public key toc obtain the CPU digital signature (note para [0026], [0032], [0069]: signature generation and verification); and 
the step of determining whether the CPU signature data is authentic includes sub-steps of: 
obtaining a first check code by performing the hash function on the CPU plaintext data contained in the CPU signature data thus received (note para. [0026], [0069], [0071]); 
obtaining a second check code by decrypting, with the CPU public key, the CPU digital signature contained in the CPU signature data thus received (note para. [0026], [0069], [0071]); and 
determining whether the CPU signature data is  authentic by determining whether the first and second check codes match each other (note para. [0026], [0069], [0071]: verifying signature if hash values are equal)
Regarding claim 12, Cisneros et al fails to teach expressly cross authentication method of claim 11, wherein the hash function is an MD5 message-digest algorithm.
However, examiner takes an official notice on that at the time of effective filing of the claimed invention, using an MD5 message-digest type hash function/ algorithm for generating signature/ integrity value was well-known in the art. Therefore, at the time of effective filing of the claimed invention, it would have been obvious to ordinary skill in the art to implement an authentication method further including the features of wherein the hash function is an MD5 message-digest algorithm in order to provide users with an efficient and well-known cryptographic method for generating signature/ integrity values ( as further evidenced  by US 2020/0235917 A1, Davenport et al, para. [0012], [0017], [0023])
Regarding claim 13, Cisneros et al teaches the cross authentication method of claim 10, the BMC including a BMC control switch (note figure 2.206: verification unit) electrically connected between the BMC boot storage and a main processor of the CPU module, the verification method further comprising a step of:
when it is determined that the CPU signature data is authentic (note para. [0026], [0069], [0071]: verifying signature if hash values are equal), turning on the BMC control switch to allow the host CPU module to access the BMC boot storage, and enabling the BMC to respond the operational request received from the host CPU module (note para. [0022], [0031], [0071]: BMC verifying OS/ processor signature; BMC may allow a requestor to modify non-volatile storage upon signature verification)
Regarding claim 14, Cisneros et al teaches the cross authentication method of claim 10, further comprising steps of:
receiving a request for BMC signature from the host CPU module (note para. [0032], [0039]);
sending BMC signature data to the host CPU module in response to the request for BMC  signature (note para. 039: processor receiving bootloader/ BMC signature);
receiving a BMC-authentication signal that is transmitted from the host CPU module when the host CPU module determines that the BMC signature data is authentic (note para. [0032], [0039]);
gaining access to the host CPU module upon receiving the BMC-authentication signal  (note para. [0032], [0039]: If request is properly signed, processor allows modification of service OS)
Regarding claim 16, Cisneros et al teaches the cross authentication method of claim 10, wherein the step of sending BMC signature data is to send the BMC signature data that includes a BMC digital Signature of the BMC and that includes BMC plaintext data associated with a fragment of a BMC firmware of the BMC (note para. [0026], [0039]), the BMC digital signature being generated by performing a hash function on the fragment of the BMC firmware to obtain a check code (note para [0026], [0032], [0039]: signature generation and verification) and then encrypting the check code with a BMC private key (note para. [0026], [0039]: processor verifying signature if hash values are equal)

Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over US Cisneros et al. in view of US 2017/0085383 A1 (hereinafter Rao et al)
Regarding claim 5, Cisneros et al teaches the cross authentication method of claim 1, further comprising a step of:
when it is determined that the BMC signature data is authentic (note para. [0024], [0026], [0039]), the BMC is allowed to access the CPU boot storage, and enabling the host CPU module to respond to the operational request received from the BMC (note para. [0034], [0039]-[0040])
Cisneros et al fails to each expressly sending a BMC-authentication signal to the BMC to notify the BMC that the BMC signature data is authentic.
However, Rao et al teaches sending a BMC-authentication signal to the BMC to notify the BMC that the BMC signature data is authentic (note para. [0029], [0035]: processor/ BIOS sending indication to BMC regarding signature verification/ authentication failure)
Rao et al and Cisneros et al are analogous art because they are from the same field of endeavor of authenticating secure data related to baseboard management controller (BMC). Therefore, at the time of effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in art to modify Cisneros et al   method to further include the features of sending a BMC-authentication signal to the BMC to notify the BMC that the BMC signature data is authentic taught by Rao et al since such arrangements would provide users with performing an essential communication step between the host processor and BMC regarding up to date authentication status (Rao et al, para. [0015], [0029])

Regarding claim 6, Cisneros et al teaches the cross authentication method of claim 5, further comprising steps of:
receiving a request for CPU signature from the BMC after sending the BMC-authentication signal to the BMC (note para. [0022], [0052], [0069]);
sending CPU signature data to the BMC in response to the request for CPU signature (note para.[0022], [0052],  [0069]: request including processor/ OS signature); 
receiving a CPU-authentication signal that is  transmitted from the BMC when the BMC determines that the CPU signature data is authentic (note para. [0022], [0031], [0069]); and
 upon receiving the CPU-authentication signal, gaining access to a BMC boot storage of the BMC (note para. [0022], [0031], [0071]: BMC verifying OS/ processor signature; BMC may allow a requestor to modify non-volatile storage upon signature verification)

Allowable Subject Matter
Claims 7-9, 15, 17 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

           Conclusion
A shortened statutory period for response to this action is set to expire in 3 (Three) months and 0 (Zero) days from the mailing date of this letter. Failure to respond within the period for response will result in ABANDOMENT of the application (see 35 U.S.C 133, M.P.E.P 710.02(b)). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHANTO ABEDIN whose telephone number is 571-272-3551.  The examiner can normally be reached on M-F from 8:30 AM to 6:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jung (Jay) Kim, can be reached on 571-272-3804. The RightFax number for faxing directly to the examiner is 571-273-3551. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http:// www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/SHANTO ABEDIN/Primary Examiner, Art Unit 2494