DETAILED ACTION
This office action is a response to a communication made on 11/12/2021.
Claims 1, 6-7, 12-14, and 19-20 are currently amended.
Claims 1-20 are pending for this application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments

Applicant’s arguments, see remarks on page 12-16, filed 11/12/2021, with respect to the rejection(s) of claim(s) 1 under 103 have been fully considered and regarding the amended feature of “at least one first Input/Output (I/O) module that is configured to provide a network management domain for the MCM group with at least one second I/O module housed in the second chasis” are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Shetty et al. (US 2018/0255020) in view of Chang et al. (US 2013/0064102) in view of Rahardjo et al. (US 2018/0053004), and further in view of Taylor et al. (US 2005/0144434).

 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shetty et al. (US 2018/0255020), hereinafter “Shetty” in view of Chang et al. (US 2013/0064102), hereinafter “Chang” in view of Rahardjo et al. (US 2018/0053004), hereinafter “Rahardjo”, and further in view of Taylor et al. (US 2005/0144434), hereinafter “Taylor”.

With respect to claim 1, Shetty discloses a secured network management domain access system, comprising:
a Multi-Chassis Management (MCM) group that includes a first chassis and a second chassis that are each part of a system management domain that is managed by one of a first computing system provided in the first chassis and a second computing system provided in the second chassis (¶0016, i.e. a system 100 comprising multiple system chassis 101 each with multiple modular information handling systems 102,  wherein multiple modular are first computing system in first chassis and second computing system in second chassis ¶0020, i.e. monitor and/or manage system 100 (e.g., to diagnose problems that may have caused failure) via chassis management controller 112. In the same or alternative embodiments, chassis management controller 112 may allow an administrator to remotely manage one or more parameters associated with operation of system 100 and its various information handling resources, see ¶0030),
wherein the a first chassis houses (¶0029, i.e. each chassis 101 has detected the presence of other chassis 101, and one of the chassis 101 may be nominated as the “lead” chassis 101, wherein lead chassis would be the first chassis housing):

a first management module that is coupled to each of the at least one first I/O module ((see Fig. 1, i.e. information handling system 102 is a first management module and coupled with each of the chassis (i.e. i/o) module, ¶0013);
transmit the master I/O module secured access information to a second management service housed in the second chassis (¶0030, i.e. the nominated lead chassis 101 may be able to initiate the handshake registration process by communicating a message to a client chassis 101. As used herein, a “client chassis” refers to a chassis 101 not nominated as the lead chassis 101, see Fig. 1, i.e. information handling system 102 is a first management module and coupled with each of the chassis (i.e. i/o) module),

Shetty teaches a first management service (¶0020, i.e. controller 112 include a management service as first management service) that is coupled to the controller via a second communication channel (¶0020, i.e. controller 112 are communicated via a management channel as second communication channel), Shetty also teaches communications to and from chassis management controller 112 are communicated via a management channel physically isolated from an “in-band” communication channel of chassis 101 for which non-management communication may take place, wherein in-band communication channel is the first communication channel, see ¶0020. Shetty also teaches using the master I/O module secured access information because the nominated lead chassis 101 may be able to initiate the handshake registration process by communicating a message to a client chassis 101. As used herein, a “client chassis” refers to a chassis 101 not nominated as the lead chassis 101, see ¶0030. However, Shetty remain silent on wherein the first management module includes: a 

Chang discloses wherein the first management module includes: 
a first management service (¶0068, i.e. virtual chassis functionality Service (i.e. management service))  that is coupled to first enclosure controller (¶0067, i.e. a processing module 266 is enclosure controller) via a second communication channel and to each of the at least one first I/O module via a third communication channel (¶0067-¶0068, i.e. Element and network management Control protocol state machines interface to the virtual chassis functionality Service (i.e. management service) interfaces with other software Coordination of the virtual chassis components, and the VCM 400 may request VLAN Manager to configure a VFL member port as a member of the control VLAN in order to allow the set-up of an inter-process communication channel (i.e. inter process communication channel is third communication channel) between the network nodes 110 in the virtual chassis system 100, see ¶0053), and  perform validation via third communication channel (¶0068, i.e. the VCM 400 may request VLAN Manager to configure a VFL member port as a member of the control VLAN in order to allow the set-up of an inter-process communication channel (i.e. inter process communication channel is third communication channel) between the network nodes 110 in the virtual chassis system 100, ¶0082, i.e. the virtual chassis manager 400 confirms (i.e. perform validation) that the VC setup module 460 (vcsetup.cfg) includes valid virtual-chassis configurations (e.g, a valid chassis ID), see ¶0077).

Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Shetty’s system with a first management service that is coupled to the enclosure controller via a second communication channel and to each of the at least one I/O module via a third communication channel, and perform validation via third communication channel of Chang, in order to management service to be modified and to perform communication with the enclosure controller through a third communication channel (Chang).

Shetty teaches one of the chassis 101 may be nominated as the “lead” chassis (i.e. master i/o module) 101 which may serve as a user's single point of management of system 100, see ¶0029.  Also Chang teaches the virtual chassis manager module 400 also interfaces with the VLAN Manager Application module 410, and the VCM 400 may request VLAN Manager to configure a VFL member port as a member of the control VLAN in order to allow the set-up of an inter-process communication channel (i.e. third communication channel) between the network nodes 110 in the virtual chassis system 100, see ¶0068. Shetty also teaches using the master I/O module secured access information because 

Rahardjo discloses wherein the first management module includes:  first enclosure controller (¶0019, crytoprocessor is an enclosure controller) that is coupled to each of the at least one first I/O module via a first communication channel (¶0024, i.e. one or more other information handling systems via an in-band management network, wherein in band is first communication channel, ¶0031, i.e.  PCH 110 may be coupled to cryptoprocessor 116 in the manner defined by the specification via an LPC or SPI bus, while otherwise unused input/output pins of cryptoprocessor 116 may be used as the interface port for management controller 112), 
retrieve master I/O module secured access information from the master I/O module via the first communication channel (¶0024, i.e. one or more other information handling systems via an in-band management network, wherein in band is first communication channel, ¶0028, i.e. processor 113 may be communicatively coupled to processor 103. Such coupling may be via a Universal Serial Bus (USB), System Management Bus (SMBus), and/or one or more other communications channels, ¶0031, i.e. unused input/output pins of cryptoprocessor 116 may be used as the interface port for management 
wherein the first management service is configured to:
retrieve the master I/O module secured access information from the first enclosure controller via the second communication channel (¶0033-¶0034, i.e. cryptoprocessor 116 may serve as a cross-domain resource accessible to a domain of host system 98 (e.g., via PCH 110) and a domain management controller 112 (i.e. management service), and may serve as a secure bridge between the two domains, and a trusted secure channel (i.e. second channel)  may be formed between host system 98 and management controller 112 via cryptoprocessor 116A (i.e. enclosure controller) allowing for the exchange of secure information between host system 98 and management controller);
perform, first validation operations with the master I/O module via the communication channel such that the first management service may securely access the network management domain via the master I/O module (¶0024, i.e. one or more other information handling systems via an in-band management network, wherein in band is first communication channel, ¶0033, i.e. cryptoprocessor 116 may serve as a cross-domain resource accessible to a domain of host system 98 (e.g., via PCH 110) and a domain management controller 112 (i.e. management service), and may serve as a secure bridge between the two domains…management of a host system-owned cryptoprocessor via a side-band (i.e. wherein side band is a communication channel or third communication channel)  interface of management controller 112, ¶0034, i.e. such trusted secured channel (i.e. second channel) may be authenticated by a measurement, such as by a verification of data in PCR 202 associated with host system 98 and/or management controller 112. For example, data in shared secure memory 204 may be accessible only when both a PCR associated with BIOS 105 (e.g., BIOS hash_extend) and a PCR associated with management controller 112 (e.g., BMC hash_extend) match a value used during a 

Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Shetty’s system with retrieve the master I/O module secured access information from the enclosure controller via the second communication channel and perform validation operations with the master I/O module via the communication channel of Rahardjo, in order to allow the exchange of secure information between host system and management controller, such trusted secured channel may be authenticated by a measurement, such as by a verification of data in PCR  associated with host system and/or management controller and serve as a secure bridge between the two domains wherein security information authorizes to securely access management domain (Rahardjo).
However, Shetty in view of Chang, and further in view of Rahardjo remain silent on at least one first Input/Output (I/O) module that is configured to provide a network management domain for the MCM group with at least one second I/O module housed in the second chasis.

Taylor discloses at least one first Input/Output (I/O) module (¶0034, i.e. The system 100 includes one or more I/O devices that is configured to provide a network management domain for the MCM group with at least one second I/O module housed in the second chasis (¶0034, i.e. The single-instance I/O devices 108 are connected to the I/O controller hub 104 while the multi-instance I/O devices 110 are connected to the server I/O hub 132 of their respective domains, ¶0097, i.e. Each chassis includes multiple system modules connected together by an IPMB).





With respect to claims 2, 8 and 15, Shetty in view of Chang, and further in view of Rahardjo discloses the system of claim 1, wherein the first communication channel is provided via a secure hardware bus communication channel (Shetty, ¶0013, i.e. The information handling system may also include one or more buses operable to transmit communication between the various hardware components, see ¶0020).

With respect to claims 3, 9 and 16, Shetty in view of Chang, and further in view of Rahardjo discloses the system of claim 1, wherein the second communication channel is provided via an Open Authorization (OAuth)-based secured communication channel (Rahardjo, ¶0034, i.e. a trusted secure channel may be formed between host system 98 and management controller 112 via cryptoprocessor 116A allowing for the exchange of secure information between host system 98 and management controller 112. In some embodiments, such trusted secured channel may be authenticated by a measurement,  Shetty, ¶0030, i.e. initiate a secure handshake process (e.g., based on OAuth) to verify the identities of the other chassis 101).




With respect to claims 5, 11 and 18, Shetty in view of Chang, and further in view of Rahardjo discloses the system of claim 1, wherein the master I/O module is configured to:
broadcast an announcement that includes master I/O module metadata (Shetty, ¶0028, i.e. the advertisement (i.e. an announcement) originates (e.g., which information a chassis management controller 112 may obtain from its metadata 118)., and wherein the first management service is configured to: receive the announcement (Shetty, ¶0028, i.e. such advertisement may include information regarding the identity of the chassis 101 and/or chassis management controller 112); and
request, using the master I/O module metadata, the master I/O module secured access information from the enclosure controller (Rahardjo, ¶0033, i.e. cryptoprocessor 116 may serve as a cross-domain resource accessible to a domain of host system 98 (e.g., via PCH 110) and a domain management controller 112, and may serve as a secure bridge between the two domains, ).

With respect to claims 6, 13 and 20, Shetty in view of Chang, and further in view of Rahardjo discloses the system of claim 1, wherein one of the at least one second I/O module housed in the second chasis is configured to transition to operate as the master I/O module in place of the at least one first 

For claim 7, it is a IHS system claim corresponding to the secured network management domain access system of claim 1. Therefore claim 6 is rejected under the same ground as claim 1. 

With respect to claim 12, Shetty in view of Chang, and further in view of Rahardjo discloses the IHS of claim 7, further comprising:
the first chassis that houses the first management module (Shetty, see Fig. 1).

For claim 14, it is a method claim corresponding to the secured network management domain access system of claim 1. Therefore claim 6 is rejected under the same ground as claim 1. 

With respect to claim 19, Shetty in view of Chang, and further in view of Rahardjo discloses the method of claim 14, wherein the first management service, and the enclosure controller, are housed in the first chassis (Shetty, see Fig, 1, ¶0020, chassis management controller 112 may include a management services module, wherein management service module is a first management service, see ¶0016, Chang, ¶0045).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GOLAM MAHMUD whose telephone number is (571)270-0385.  The examiner can normally be reached on Mon-Fri 8.00-5.00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on 5712723980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/GOLAM MAHMUD/Examiner, Art Unit 2458                                                                                                                                                                                                        /KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458