DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on July 2, 2020.  The application contains 20 claims.  Claims 1-20 are directed to a method, a system, and a computer program product for authentication between a cluster master and a new node.  Claims 1-20 are pending.

Claim Objections
3.	Claims 1, 3, 5, 10, 13-14, 17, and 19-20 are objected to because of the following informalities:
Referring to claims 1, 17:
	Claim recites:
	“verifying at the cluster manager that the node serial number is listed in the white list and, if so, adding the new node to a cluster manager trust store; … verifying at the new node that the manager serial number is validated and, if so, adding the cluster manager to a node trust store.”
	The limitations use conditional statement ‘if’. However, the limitations do not contain the ‘else’ portion of the statement associated with the ‘if’ condition statement.  Therefore Claim 1 is objected for using incomplete if conditional statement.  Examiner proposes to replace ‘if’ conditional statement with ‘when’ conditional statement to resolve the issue.
	Claim 17 recites similar limitations as the above limitation in claim 1, and is therefore objected for the same rationale.
Referring to claim 10:
	Claim 10 recites ‘ID’, which needs to be spelled out to be meaningful.
Referring to claim 14:
the hash using public key of the new node.”, where the underlined ‘the’ is unnecessary.
Referring to claims 1, 3, 5, 13, 17, 19, 20:
	Claims 1, 3, 5, 13, 17, and 19-20 recite ‘cluster manager’, and merely use ‘manager’ to refer to items associated with ‘cluster manager’, such as ‘manager serial number’, ‘manager hash’, etc.  Terms used in the claims should be consistent in order to be clear.  Examiner proposes to replace them with ‘cluster manager serial number’, ‘cluster manager hash’, etc. 

Claim Rejections - 35 USC § 112
4.	Claims 5-9, 13-14, and 20  are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Referring to claims 5-9:
	Claim 5 recites:
          “wherein establishing secure communication comprises the steps of: 
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
           b. sending the manager hash to the new node and at the new node verifying the hash using manager public key; 
           c. generating a node hash at the cluster manager and signing the node hash using node private key; 
           d. sending the node hash to the cluster manager and at the cluster manager verifying the hash using node public key.”
	Claim 5 recites cluster manager sending the manager hash to the new node, wherein the new node verifying the manager hash with manager public key, and 
	However, the specification discloses:
	“FIG. 5 illustrates an embodiment for establishing trust between a node and the cluster manager. In this example the process starts by the cluster manager generating a hash of a previous handshake message. It then sends the hash to the iSM to be signed, and the iSM forwards the hash to iDRAC to be signed. The iDRAC signs the hash using server private key and provides the signature to iSM, which forwards it to the cluster manager application. The cluster manager application sends the signed message to the node. Using the public key of the cluster manager, the node application verifies the digital signature received from the cluster manager. If verified, the node application generates a hash of previous handshake message and asks the iSM to sign the handshake message. The iSM forwards the request to the iDRAC, which uses the node's private key to sign the message, and sends the digital signature to the iSM. The iSM provides the digital signature to the node application, which sends it to the cluster manager. The cluster manager application then verifies the signature using the public key of the new node.” (see spec. pub. [0029])
	Therefore, according fig. 5, and specification [0029]:
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
           b. sending the manager digital signature to the new node and at the new node verifying the digital signature using manager public key (see fig. 5, item 3a); 
           c. generating a node hash at the cluster manager and signing the node hash using node private key; 
           d. sending the node digital signature to the cluster manager and at the cluster manager verifying the digital signature using node public key. (see fig. 5, item 3b)
	Therefore, fig. 5, and specification [0029] specify cluster manager sending the manager digital signature to the new node, wherein the new node verifying the manager digital signature with manager public key, and the new node sending the node digital signature to the cluster manager, wherein the cluster manager verifying the node digital signature with node public key.

	Because what is claimed in Claim 5 is not disclosed in the specification and the drawing, Claim 5 is rejected for failing to comply with the written description requirement.
	Claims 6-9 are dependent from Claim 5, and are therefore rejected based on the same rationale.
Referring to claim 13:
	Claim 13 recites “generate a hash of prior handshake message; sign the hash using manager private key; and, send the hash to the new node.”.  
	However, fig. 5 discloses sending the digital signature to the new node.
          Therefore, Claim 13 is rejected for being failing to comply with the written description requirement, based on the same rational applied to Claim 5 above.
	Claim 14 is dependent from Claim 13, and is therefore rejected based on the same rationale.
Referring to claim 20:
	Claim 20 recites “sending the master hash”, “sending the node hash”.
	However, fig. 5 discloses sending the digital signature of the cluster master, and discloses sending the node digital signature.
           Therefore, Claim 20 is rejected for being failing to comply with the written description requirement, based on the same rationale applied to Claim 5 above.

           5.      Claims 5-9, 13-14, and 20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention.
Referring to claims 5-9:
	Claim 5 recites:

           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
           b. sending the manager hash to the new node and at the new node verifying the hash using manager public key; 
           c. generating a node hash at the cluster manager and signing the node hash using node private key; 
           d. sending the node hash to the cluster manager and at the cluster manager verifying the hash using node public key.”
	Claim 5 recites cluster manager sending the manager hash to the new node, wherein the new node verifying the manager hash with manager public key, and the new node sending the node hash to the cluster manager, wherein the cluster manager verifying the node hash with node public key.
	However, the specification discloses:
	“FIG. 5 illustrates an embodiment for establishing trust between a node and the cluster manager. In this example the process starts by the cluster manager generating a hash of a previous handshake message. It then sends the hash to the iSM to be signed, and the iSM forwards the hash to iDRAC to be signed. The iDRAC signs the hash using server private key and provides the signature to iSM, which forwards it to the cluster manager application. The cluster manager application sends the signed message to the node. Using the public key of the cluster manager, the node application verifies the digital signature received from the cluster manager. If verified, the node application generates a hash of previous handshake message and asks the iSM to sign the handshake message. The iSM forwards the request to the iDRAC, which uses the node's private key to sign the message, and sends the digital signature to the iSM. The iSM provides the digital signature to the node application, which sends it to the cluster manager. The cluster manager application then verifies the signature using the public key of the new node.” (see spec. pub. [0029])
	Therefore, according fig. 5, and specification [0029]:
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
sending the manager digital signature to the new node and at the new node verifying the digital signature using manager public key (see fig. 5, item 3a); 
           c. generating a node hash at the cluster manager and signing the node hash using node private key; 
           d. sending the node digital signature to the cluster manager and at the cluster manager verifying the digital signature using node public key. (see fig. 5, item 3b)
	Therefore, fig. 5, and specification [0029] specifies cluster manager sending the manager digital signature to the new node, wherein the new node verifying the manager digital signature with manager public key, and the new node sending the node digital signature to the cluster manager, wherein the cluster manager verifying the node digital signature with node public key.
	Fig. 5, and specification [0029] further discloses that the hash, and the digital signature are two separate, distinct data items; that a public key is used to verify the digital signature signed by a corresponding private key; and that the public key is not used for verifying the hash (which is generated by a hash key). 
	Because what is described in Claim 5 is different with what is disclosed in the specification, one skilled in the art would not be enabled to make and use the claimed invention as described in Claim 5. For example, one skilled in the art would not be enabled to use a public key to verify a hash value which generated by a hash key, as claimed in Claim 5.  Therefore Claim 5 is rejected for failing to comply with the enablement requirement.
	Claims 6-9 are dependent from Claim 5, and are therefore rejected based on the same rationale.
Referring to claim 13:
	Claim 13 recites “generate a hash of prior handshake message; sign the hash using manager private key; and, send the hash to the new node.”.  
	However, fig. 5 discloses sending the digital signature to the new node.
          Therefore, Claim 13 is rejected for being failing to comply with the enablement requirement, based on the same rational applied to Claim 5 above.
	Claim 14 is dependent from Claim 13, and is therefore rejected based on the same rationale.
Referring to claim 20:
	Claim 20 recites “sending the master hash”, “sending the node hash”.
	However, fig. 5 discloses sending the digital signature of the cluster master, and discloses sending the node digital signature.
           Therefore, Claim 20 is rejected for being failing to comply with the enablement requirement, based on the same rationale applied to Claim 5 above.

6.	Claims 5-9, 13-14, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Referring to claims 5-9:
	Claim 5 recites:
          “wherein establishing secure communication comprises the steps of: 
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
           b. sending the manager hash to the new node and at the new node verifying the hash using manager public key; 
           c. generating a node hash at the cluster manager and signing the node hash using node private key; 
           d. sending the node hash to the cluster manager and at the cluster manager verifying the hash using node public key.”
	Claim 5 recites cluster manager sending the manager hash to the new node, wherein the new node verifying the manager hash with manager public key, and the new node sending the node hash to the cluster manager, wherein the cluster manager verifying the node hash with node public key.
	However, the specification discloses:
	“FIG. 5 illustrates an embodiment for establishing trust between a node and the cluster manager. In this example the process starts by the cluster manager generating a hash of a previous handshake message. It then sends the hash to the iSM to be signed, 
	Therefore, according fig. 5, and the specification [0029]:
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
           b. sending the manager digital signature to the new node and at the new node verifying the digital signature using manager public key (see fig. 5, item 3a); 
           c. generating a node hash at the cluster manager and signing the node hash using node private key; 
           d. sending the node digital signature to the cluster manager and at the cluster manager verifying the digital signature using node public key. (see fig. 5, item 3b)
	Therefore, fig. 5, and the specification [0029] specifies cluster manager sending the manager digital signature to the new node, wherein the new node verifying the manager digital signature with manager public key, and the new node sending the node digital signature to the cluster manager, wherein the cluster manager verifying the node digital signature with node public key.
	Fig. 5, and specification [0029] further discloses that the hash, and the digital signature are two separate, distinct data items; that a public key is used to verify the digital signature signed by a corresponding private key; and that the public key is not used for verifying the hash (which is generated by a hash key).
MPEP further states:
indefinite when a conflict or inconsistency between the claimed subject matter and the specification disclosure renders the scope of the claim uncertain as inconsistency with the specification disclosure or prior art teachings may make an otherwise definite claim take on an unreasonable degree of uncertainty.” (see MPEP § 2173.03) 
	Because what is described in Claim 5 is inconsistent with what is disclosed in the specification and the drawing, Claim 5 is rejected for being indefinite, according to MPEP § 2173.03.
	Claims 6-9 are dependent from Claim 5, and are therefore rejected based on the same rationale.
Referring to claim 13:
	Claim 13 recites “generate a hash of prior handshake message; sign the hash using manager private key; and, send the hash to the new node.”.  
	However, fig. 5 discloses sending the digital signature to the new node.
          Therefore, Claim 13 is rejected for being indefinite, based on the same rational applied to Claim 5 above.
	Claim 14 is dependent from Claim 13, and is therefore rejected based on the same rationale.
Referring to claim 20:
	Claim 20 recites “sending the master hash”, “sending the node hash”.
	However, fig. 5 discloses sending the digital signature of the cluster master, and discloses sending the node digital signature.
           Therefore, Claim 20 is rejected for being indefinite, based on the same rationale applied to Claim 5 above.

Claim Rejections - 35 USC § 103

7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person 

8.	Claims 1-6, 8-14, and 16-20  are rejected under 35 U.S.C. 103 as being unpatentable over Giassa et al. (U.S. 2021/0136147 A1), hereinafter “Giassa”, in view of Innes et al. (U.S. 2018/0007059 A1), hereinafter “Innes”.
Referring to claim 1:
	 	Giassa teaches:
                      In a computing cluster comprising a cluster manager and a plurality of nodes, each node comprising a management platform, an application, and a host operating system (OS), a method of mutual authentication for joining a new node to the cluster, comprising (see Giassa, fig. 1, 102 ‘master node’, 104 ‘cluster controller’, 106 ‘data storage’, 110, 112, 114, 116 [i.e., worker nodes], [0054] ‘a handshake or authentication process [i.e., mutual authentication for joining a new node to the cluster ]’): 
           adding node serial number of the new node to the cluster manager (see Giassa, [0023] ‘user 118 may provide configuration information to cluster node 102’; [0054] ‘as part of a handshake or authentication process, …serial number’); 
           adding IP address of the cluster manager on the new node (see Giassa, [0052] ‘worker node 300 may send… request message for requesting an IP address’); 
           authenticating the new node to the cluster manager by: sending a request to join the cluster from the new node to the cluster manager, the request including the node serial number (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the cluster manager that the node serial number is valid and, if so, adding the new node to a cluster manager trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 
           authenticating the cluster manager to the new node by: sending from the cluster manager the manager information to the new node (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the new node that the manager information is validated and, if so, adding the cluster manager to a node trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding cluster manager to trust store ].’; [0021] ‘repository’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node.
However, Giassa does not disclose whitelist. 
	Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager 
		Innes discloses the whitelist (see Innes, [0193] ‘whitelist of machines trusted’).
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process.
 Referring to claims 2-3, 18-19:
		Giassa and Innes further disclose:
		wherein sending a request to join the cluster comprises sending a node certificate embedded in the new node, wherein the node certificate includes the node serial number (see Gisssa, [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’. And, Innes, [0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use certificates. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because certificates are strong credential which can be used for authentication. 
Referring to claim 4:
		Giassa and Innes further disclose:
		establishing secure communication between the new node and the cluster manager (see Innes, [0162] ‘TLS or SSL’; [0170] ‘secure communications’).

Referring to claims 5, 20:
		Giassa and Innes further disclose:
	wherein establishing secure communication comprises the steps of: 
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key (see Giassa, fig. 1, 102 master node, 110 worker node.  And. Innes, [0138] ‘signing…signature… private key… hashing data… digest… signature verification’);
            b. sending the manager hash to the new node and at the new node verifying the hash using manager public key (see Innes, [0137]  ‘public key’; [0138] ‘signing…signature… private key… hashing data… digest… signature verification’); 
            c. generating a node hash at the cluster manager and signing the node hash using node private key (see Giassa, fig. 1, 102 master node, 110 worker node.  And. Innes, [0138] ‘signing…signature… private key… hashing data… digest… signature verification’); 
            d. sending the node hash to the cluster manager and at the cluster manager verifying the hash using node public key (see Innes, [0137]  ‘public key’; [0138] ‘signing…signature… private key… hashing data… digest… signature verification’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key for signing, and a corresponding public key for signature verification. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager 
Referring to claim 6:
		Giassa and Innes further disclose:
		sending a request to the cluster manager to sign application certificate (see Giassa, [0059] ‘a worker node 300 may request … from master node 102’. And, Innes, [0138] ‘signing’ ;[0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to sign a service certificate. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because signature verification can ensure data integrity.
Referring to claims 8, 11:
Giassa and Innes further disclose:
		sending a request for cluster manager’s root certificate authority certificate and adding the root certificate authority certificate to a trust store of the new node (see Innes, [0223] ‘root or subordinate root certificates, into a protected data store’; [0228] ‘a certificate authority’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a root certificate authority certificate. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a root certificate authority certificate can enhance security.
Referring to claims 9, 16:
Giassa and Innes further disclose:
		adding the new node to the cluster after signing the application certificate (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding cluster manager to trust store ].’). 
Referring to claim 10:
		Giassa teaches:
		A system comprising: 
           a computing cluster having one or more processors and a cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’); and 
           a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to: 
           receive a request from a new node to join the computing cluster (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); 
           verify that an ID sent by the new node matches an ID stored in the cluster manager (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0054] ‘serial number [i.e., ID ]’); 
           when the ID matches, add the new node to trust store of the cluster manager (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0054] ‘serial number [i.e., ID ]’; [0081] ‘the new node can be added to the cluster’); and, 
            send a configuration to the new node (see Giassa, [0057] ‘master node 102 may provide a configuration image… to worker node 300’).
	However, Giassa does not disclose the whitelist, the server certificate.

           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted, and certificates. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process, and certificates are strong credential which can be used for authentication.
 Referring to claim 12:
		Giassa and Innes further disclose: challenge/response protocol (see Innes, [0190] ‘challenge/response credentials’)
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use challenge/response protocol.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because challenge/response protocol is well-known and popular authentication method for client sever architecture.
Referring to claim 13:
	Giassa and Innes further disclose:
          generate a hash of prior handshake message; sign the hash using manager private key; and, send the hash to the new node (see Giassa, [0025] ‘handshake’. And, Innes, [0138] ‘signing… private key… hashing data’)
          It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key to sign a hash.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication 
 Referring to claim 14:
	Giassa and Innes further disclose:
	verifying the signed hash with public key (see Innes, [0138] ‘signing… private key… hashing data’; [0216] ‘a public key PKCS7 authentication’). 
Referring to claim 17:
		Giassa teaches:
	A computer program product comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein to be executed by one or more processors, the program code operating in a computing cluster and including instructions to (see Giassa, fig. 1, 102 ‘master node’, 104 ‘cluster controller’, 106 ‘data storage’, 110, 112, 114, 116 [i.e., worker nodes], [0054] ‘a handshake or authentication process [i.e., mutual authentication for joining a new node to the cluster ]’): 
          authenticating a new node to a cluster manager by: 
          sending a request to join the computing cluster from the new node to the cluster manager, the request including a node serial number (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the cluster manager that the node serial number is valid and, if so, adding the new node to a cluster manager trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’; [0081] ‘the new node can be added to the cluster’); 
           authenticating the cluster manager to the new node by: 
303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
            verifying at the new node that the manager information is validated and, if so, adding the cluster manager to a node trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node.
However, Giassa does not disclose whitelist. 
	Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.

		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process.

9.	Claims 7, and 15  are rejected under 35 U.S.C. 103 as being unpatentable over Giassa et al. (U.S. 2021/0136147 A1), in view of Innes et al. (U.S. 2018/0007059 A1), further in view of Pecen et al. (U.S. 2013/0078947 A1), hereinafter “Pecen”.
Referring to claims 7, 15:
		Giassa and Innes further disclose: send a certificate signing request (see Innes, [0200] ‘send a certificate signing request’), root certificate (see Innes, [0223] ‘root or subordinate root certificates’), and the certificate authority (see Innes, [0220] ‘certificate authority’).
		However, they do not disclose an application certificate. 
		Pecen disclose the application certificate (see Pecen, [0031] ‘the cryptographic certificate can be used to sign the mobile device application…root certificate authority’; [0156] ‘Prior to receiving the authentication request a digital certificate that includes the application identifier is generated [i.e., creating a certificate signing request ].’)
            It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Pecen into the system of Giassa to sign an application certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial . 
 
Conclusion

10.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Sole; Pablo German et al. (US 11134058 B1) disclose Network traffic inspection;
(b)	NEGINHAL; Srinivas et al. (US 20210141660 A1) disclose methods and systems for securely and efficiently clustering distributed processes using a consistent database;
(c)	ZENG; Yu et al. (US 20210135867 A1) disclose blockchain multi-party shared-governance-based system for maintaining domain name information;
(d)	YADHAV; Vinay et al. (US 20200382375 A1) disclose methods and nodes for cluster formation;
(e)	Finkelstein; Adam James et al. (US 10742716 B1) disclose Distributed processing for content personalization;
(f)	KRUKAR; RICHARD H. et al. (US 20190373137 A1) disclose blockchannel scanner systems and methods;
(g)	Qiu; Honglin (US 20190036711 A1) disclose method, apparatus, and electronic device for communication between blockchain nodes, and method, apparatus, and electronic device for blockchain-based certificate management.

 	11.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/
Examiner, Art Unit 2492


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492