DETAILED ACTION

Currently pending claims are 1 – 20.


Claim Objection

Claim 1 is objected to because of the following informalities (and Examiner respectfully request to correct as follows): “a processor” should be replaced with “a hardware processor (or a processor device)” – Examiner notes this is because a computer processor could be a software processor (e.g. a Microsoft WORD processor).  Appropriate correction(s) is (are) required.  // “A computer processor” may include the “software processor” (e.g. a word processor) //

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4 – 10, 13, 14 and 16 – 19 are rejected under 35 U.S.C.103 as being unpatentable over DMTF-SPDM Specification (Document Version 0.99.0a of the Distributed Management Task Force – Security Policy Data model Specification), in view of Johansson et al. (U.S. Patent 7,333,482).  
1 & 10, DMTF-SPDM teaches a system for data processing, comprising:
a management controller operating on a processor and configured to load and execute one or more algorithms (see below) that provide the function of transmitting a request to a managed device using a Security Protocol and Data Model (SPDM) protocol and to receive a response from the managed device (DMTF-SPDM: Figure 1, Figure 2, Figure 7 & Sec. 4.1 Line 1 – 4, Sec. 4.3 Term (see: device and endpoint), Sec 4.6 / 2nd Para and Sec. 4.7 Line 1 – 2: 
providing a message exchange mechanism between two devices (each as a physical entity of a network device (Sec. 4.3 Term & Sec. 4.1 Line 1 – 4)) to manage the device authentications over a pair of end-to-end transport layer endpoints (each as a logical protocol entity of transport layer (Sec. 4.3 Term)), wherein 
the two endpoints (logical modules) of each of the two physical network device has a role as either a Requester or a Responder device (Sec 4.6 / 2nd Para & Sec. 4.7 Line 1 – 2) and 
Examiner notes a Requester network device that can perform verification of device identities (e.g. certificate(s)) for a Responder device and the associated measurement(s) (e.g. signature(s)) according to the authentication / authorization policies constitutes one type of management controllers (or device managers) – i.e. performing by a management device a verification of device identities (e.g. certificate(s)) and the associated measurement(s) (e.g. signature(s)) for a correspondanr responder device according to the authentication / authorization policies).
However, DMTF-SPDM does not disclose expressly a management controller operating on a processor and configured to load and execute one or more algorithms.
	Johansson (& DMTF-SPDM) teaches a management controller operating on a processor and configured to load and execute one or more algorithms (Johansson: Col. 19 Line 54 – 57, Col. 7 Line 48 – 51 and Col. 6 Line 26 – 33: as per mobile data communications, implementing a mobile device manager / authenticator to perform authenticity and integrity check for another correspondant mobile device over the network (Col. 19 Line 54 – 57, Col. 7 Line 48 – 51) by executing associated security algorithms on a digital microprocessor and/or one or more digital signaling processor (DSP) (Col. 6 Line 26 – 33)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of operating a management controller on a processor and configured to load and execute one or more algorithms because Johansson teaches to systematically implement a mobile device manager / authenticator to perform authenticity and integrity check for another correspondant mobile device over the network by executing associated security algorithms on a digital microprocessor and/or one or more digital signaling processor (see above) within the DMTF-SPDM’s system of performing by a management device a verification of device identities (e.g. certificate(s)) and the associated measurement(s) (e.g. signature(s)) for a correspondanr responder device according to the authentication / authorization policies (see above).
a system management bus and security policy system operating on the processor and configured to execute one or more algorithms to process the response from the managed device to apply an SPDM security policy to the response (see above: Johansson & DMTF-SPDM).  

As per claim 4 – 6, 13 – 14 and 16, DMTF-SPDM as modified teaches to determine whether the managed device has provided a certificate signed by a predetermined certificate authority (DMTF-SPDM: Sec. 4.9.2 / Item #4: to verify identity of a signature of a certificate (X.509 containing a public key) for identity authentication on the Responder device).  
As per claim 7 and 17, DMTF-SPDM as modified teaches to implement a system management bus address resolution protocol discovery process to read device security capabilities of the managed device (DMTF-SPDM: Sec. 4.9.2 / Item #4: reading the certificate (X.509 containing a public key) for security verification on a Responder device constitutes reading device security capabilities of a managed device) || (Johansson: Col. 14 Line 63 – 67 and Col. 19 Line 54 – 57: a mobile node (e.g. a mobile devie manager) can (a) detect a correspondent node (e.g. a managed device) on a subnetwork by using an address resolution protocol discovery process and (b) read the on-line certificate status protocol (RFC 2560) (i.e. security capability) of a managed device to determine, at least, whether the certificate has been revoked).  

As per claim 8 and 18, DMTF-SPDM as modified teaches to implement a system management bus address resolution protocol discovery process to read a certificate status of the managed device (DMTF-SPDM: Sec. 4.9.2 / Item #4: reading the certificate (X.509 containing a public key) for security verification on a Responder device constitutes reading device security capabilities of a managed device) || (Johansson: Col. 14 Line 63 – 67 and Col. 19 Line 54 – 57: a mobile node (e.g. a mobile devie manager) can (a) detect a correspondent node (e.g. a managed device) on a subnetwork by using an address resolution protocol discovery process and (b) read the on-line certificate status protocol (RFC 2560) of a managed device to determine, at least, whether the certificate has been revoked).  

As per claim 9 and 19, DMTF-SPDM as modified teaches to implement platform level data model functions to read device security protocols of a managed device (DMTF-SPDM: Sec. 4.9.2 / Item #4: reading the certificate (X.509 containing a public key) for security verification on a Responder device constitutes reading device security protocols of a managed device). 
Claims 2 – 3 and 11 – 12 are rejected under 35 U.S.C.103 as being unpatentable over DMTF-SPDM Specification (Document Version 0.99.0a of the Distributed Management Task Force – Security Policy Data model Specification), in view of Johansson et al. (U.S. Patent 7,333,482), and in view of Tripathi et al. (U.S. Patent 8,181,245).  

As per claim 2 and 11, Tripathi (& DMTF-SPDM) teaches to suspend application of the SPDM security policy (Tripathi: Col. 4 Line 25 – 28 and Col. 15 Line 4 – 11: (a) providing a security policy to mitigate potential threats caused by computer virus attack when files are transferred across the network, wherein (b) a management device can suspend virus scanning applications on a network device in response to exceeding a load threshold of a scanning engine).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of  suspending application of the SPDM security policy because Tripathi teaches to alternatively, effectively and securely provide a security policy to mitigate potential threats caused by computer virus attack when files are transferred across the network, wherein a management device can suspend virus scanning applications on a network device in response to exceeding a load threshold of a scanning engine (see above) within the DMTF-SPDM’s system of performing security verification by a management device based on the security policy for a correspondanr responder device according to the authentication / authorization policies such as the validity of device identities (e.g. certificate(s)) and the associated measurement(s) (e.g. signature(s)) (see above).

As per claim 3 and 12, Tripathi (& DMTF-SPDM) teaches to quarantine the managed device if it fails to comply with the SPDM security policy (Tripathi: see above & Col. 1 Line 37 – 42: enabling the virus scanning software to cleanse (quarantine) documents that are both downloaded and uploaded into a network device). See the same rationale of combination applied herein as above in rejecting the claim 2.

Claim 15 is rejected under 35 U.S.C.103 as being unpatentable over DMTF-SPDM Specification (Document Version 0.99.0a of the Distributed Management Task Force – Security Policy Data model Specification), in view of Johansson et al. (U.S. Patent 7,333,482), and in view of Dewan et al. (U.S. Patent 2019/0305973).  

As per claim 15, Dewan (& DMTF-SPDM) teaches quarantining the managed device if it is determined that the managed device has failed to provide the certificate (Dewan: Para [0065]: in reponse to determining a certificate private key has been compromised (i.e. an invalid certificate), the certificate would be revoked and the target device would be quarantined accordingly).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of  quarantining the managed device if it is determined that the managed device has failed to provide the certificate because Dewan teaches to alternatively, effectively and securely quarantine the target device and revoke the certificate in reponse to determining a certificate private key has been compromised (i.e. an invalid certificate) (see above) within the DMTF-SPDM’s system of performing security verification by a management device based on the security policy for a correspondanr responder device according to the authentication / authorization policies such as the validity of device identities (e.g. certificate(s)) and the associated measurement(s) (e.g. signature(s)) (see above).

Claim 20 is rejected under 35 U.S.C.103 as being unpatentable over DMTF-SPDM Specification (Document Version 0.99.0a of the Distributed Management Task Force – Security Policy Data model Specification), in view of Johansson et al. (U.S. Patent 7,333,482), and in view of Schmidt et al. (U.S. Patent 2011/0010543).  

As per claim 20, Schmidt (& DMTF-SPDM) teaches placing the managed device on a black list if it is determined that the managed device has failed to provide the certificate (Schmidt: Para [0344]: upon determining a failure of device authentication due to certificate revocation (i.e. an invalid certificate), the target device would be added into a device blacklist).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of  placing the managed device on a black list if it is determined that the managed device has failed to provide the certificate because Schmidt teaches to alternatively, effectively and securely add a target device into a device blacklist upon determining a failure of device authentication due to certificate revocation (i.e. invalid certificate) (see above) within the DMTF-SPDM’s system of performing security verification by a management device based on the security policy for a correspondanr responder device according to the authentication / authorization policies such as the validity of device identities (e.g. certificate(s)) and the associated measurement(s) (e.g. signature(s)) (see above).


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2318 – 2021
---------------------------------------------------