DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-7 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanan et al. (U.S. PGPub. 2017/0075699), hereinafter Narayanan, in view of VAS et al. (U.S. PGPub. 2011/0314346), hereinafter Vas. 

	Regarding claim 1, Narayanan teaches A system comprising:
	a computing platform comprising a management system configured to perform one or more authentication processes (Narayanan, Paragraph [0005], see “…an information handling system (IHS) includes a booting subsystem; a trusted platform module that is coupled to the booting subsystem and that is configured to couple to a network operating system engine, wherein the trusted platform module is configured to receive and store current boot metric data that is generated when the booting subsystem and the network operating system engine perform a boot process; and a platform management controller that is coupled to the trusted platform module, wherein the platform management controller is configured to retrieve the current boot metric data from the trusted platform module in response to the booting subsystem and the network operating system engine performing the boot process, authenticate the trusted platform module, and compare the current boot metric data to previously stored boot metric data to determine whether to authenticate the network operating system engine”, where “platform management controller” is being read as a management system configured to perform one or more authentication processes);
	one or more hardware modules connected to the computing platform over a management interface and a data interface (Narayanan, Paragraph [0022], see “…The network operating system engine 308 is coupled to the platform management controller SoC 304 via a plurality of connections 310 that may include a power connection, a Network Controller Sideband Interface (NC-SI) connection, a Local Procedure Call (LPC) connection, a Management Data Input/Output (MDIO) connection, and/or other connections known in the art…”, where “network operating system engine 308” is being read as comprising one or more hardware modules connected to the computing platform), each hardware module comprising a field-replaceable unit (FRU) comprising (Narayanan, Paragraph [0017], see “…the FRU device 204 may be a circuit board, part, and/or assembly that is quickly connectable to and removable from the computing system 202 or other electronic component such that, for example, it may be quickly and easily replaced with another FRU device…the FRU device 204 may be the IHS 100 discussed above with reference to FIG. 1 and/or include some or all of the IHS components”):
		one or more components disposed on a printed circuit board (PCB) (Narayanan, Paragraph [0019], see “…The FRU device 300 includes a chassis 302 that, in the embodiments described below, is a circuit board that supports or provides each of the components of the FRU 300…”); and
		an identification component disposed on the PCB and configured to store a module-specific authentication certificate configured to bind the one or more components to the respective FRU (Narayanan, Paragraph [0033], see “…a trusted platform module private key (“TPM private key 610a”) may be created within the trusted platform module 306 and stored in the memory system 306b of the trusted platform module 306…the trusted platform module 306 may include an encrypted trusted platform module certificate 611…that may be generated at the instruction of the OEM and utilized to verify that the trusted platform module 306 is authentic”, where “trusted platform module 306” is being read as comprising an identification component);
	wherein the management system is communicatively coupled to the identification component of each of the hardware modules over the management interface and configured to perform an authentication process based on the module-specific authentication certificate (Narayanan, Paragraph [0039], see “…the embedded processing system 304a in the platform management controller SoC 304 may receive the trusted platform module certificate 611 and perform TPM certificate verification 906 by decrypting the trusted platform module certificate 611 (e.g., the AIK certificate) and analyzing the data in the decrypted TPM certificate to determine whether the trusted platform module 306 has been compromised using methods known in the art”), 
	Narayanan does not teach the following limitation(s) as taught by Vas: wherein the module-specific authentication certificate includes a list comprising a serial number for each of the one or more components disposed on the PCB during manufacturing of the hardware module (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware certificate 354 (e.g., validates the HCA signature 366) and compares the device ID 360 and/or serial number 362 contained in the hardware certificate 354 to device IDs 360 in the locally stored device list 368 when the hardware certificate 354 is valid. The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate 354 in the device list 368”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising of a module specific authentication certificate including a list comprising a serial number for each component disposed on the hardware during manufacturing, disclosed of Vas.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising of a module specific authentication certificate including a list comprising a serial number for each component disposed on the hardware during manufacturing. This allows for better security management by utilizing a certificate comprising a serial number for each component disposed on the hardware in order to properly verify each component. Vas is deemed as analogous art due to the art disclosing methods of utilizing a certificate comprising a serial number in order to verify the specific hardware module (Vas, Paragraph [0182]). 

Regarding claim 2, Narayanan teaches The system of claim 1, wherein authentication information maintained within the identification component comprises the module-specific authentication certificate (Narayanan, Paragraph [0033], see “…a trusted platform module private key (“TPM private key 610a”) may be created within the trusted platform module 306 and stored in the memory system 306b of the trusted platform module 306…the trusted platform module 306 may include an encrypted trusted platform module certificate 611…that may be generated at the instruction of the OEM and utilized to verify that the trusted platform module 306 is authentic”), and the management system is configured to:
retrieve the authentication information maintained within the identification component (Narayanan, Paragraph [0039], see “…the embedded processing system 304a in the platform management controller SoC 304 may receive the trusted platform module certificate 61…”, where “embedded processing system 304a” is being read as the management system and where “trusted platform module certificate 61” is being read as the authentication information maintained within the identification component); 
authenticate the hardware module using the authentication information (Narayanan, Paragraph [0039], see “…platform management controller SoC 304 may receive the trusted platform module certificate 611 and perform TPM certificate verification 906 by decrypting the trusted platform module certificate 611 (e.g., the AIK certificate) and analyzing the data in the decrypted TPM certificate to determine whether the trusted platform module 306 has been compromised using methods known in the art”);
if authentication of the hardware module is successful, flagging the hardware module as authentic (Narayanan, FIG. 5, see “512” and “514”, where platform management controller SoC authenticates network operating system engine and assigns authentication role(s) when the data is validated and the network operating system engine sends authentication message to platform management controller SoC, which is being read as flagging the hardware module as authentic); 

Narayanan does not teach the following limitation(s) as taught by Vas: providing an authenticated list of serial numbers to one or more applications of the computing platform (Vas, Paragraph [0145], see “The configuration data 230 may be utilized by any element of a dispersed storage network (DSN) to configure and operate in accordance with the registry entry. The configuration data 230 may include one or more of slice name range assignments, node internet protocol addresses, certificate authority addresses, authentication authorities addresses, vault identifiers, access control information, digital certificates, application software, driver software, verbal numbers…”, where “registry entry” is being read as comprising an authenticated list of serial numbers, which are provided to one or more applications of the computing platform) (Vas, Paragraph [0186], see “The method continues at step 390 where the processing module sends a certificate signing request (CSR) to the DS managing unit. The CSR includes one or more of a device identifier (ID), a serial number of a node associated with the processing module, the node public key, registration information, and a signature. The method continues at step 392 where the processing module receives a signed certificate from the DS managing unit. The signed certificate includes a signature from the DS managing unit…the processing module receives the hardware certificate from a DS unit during an initial installation”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising of providing an authenticated list of serial numbers to one or more applications of the computing platform, disclosed of Vas.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising of providing an authenticated list of serial numbers to one or more applications of the computing platform. This allows for better security management by providing an authenticated list of serial numbers to each node in the computing platform in order for the nodes to establish communication and authenticity between each other based on the updated list. Vas is deemed as analogous art due to the art disclosing methods of authenticating serial numbers of hardware modules (Vas, Paragraph [0145]). 

Regarding claim 3, Narayanan as modified by Vas teaches The system of claim 2, the management system further configured to:
if authentication of the hardware module is successful, generate a nonce key comprising a random value (Narayanan, Paragraph [0038], see “…the platform management controller 304 may send an attestation request 902 through the network operating system engine 308 to the trusted platform module 306…the attestation request 902 may include a first nonce (“nonce1”) and a request to retrieve current boot metric data from the platform configuration registers 702 in the memory system 306b of the trusted platform module 306”); and
write the nonce key to the register of the hardware module (Narayanan, Paragraph [0038], see “…In response to receiving the attestation request 902, the processing system 306a in the trusted platform module 306 retrieves the current boot metric data from the platform configuration registers 702 in the memory system 306b, signs the current boot metric data and the nonce1 with the TPM private key 610a to encrypt the signed current boot metric data/nonce1…and sends the encrypted TPM private key along with the trusted platform module certificate 611 as an attestation response 904 through the network operating system 308 to the platform management controller 304”, where “encrypted TPM private key” is being read as the nonce key, which is written to the register of the hardware module as seen in Narayanan, FIG. 6, see “610a TPM private key”, which is written in the register of the hardware module (Trusted Platform Module)).

Regarding claim 4, Narayanan does not teach the following limitation(s) as taught by Vas: The system of claim 1, the management system further configured to read a serial number for each component of the one or more components and compare each read serial number to the list included in the module-specific authentication certificate stored in the identification component (Vas, Paragraph [0179], see “The HCA 352 includes storage of a device list 368, the HCA public key 364, and a HCA private key 370. The device list 368 includes one or more device IDs 360 and one or more paired device serial numbers 362 associated with one or more nodes 350”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate in the device list 368”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising comparing each read serial number to the list included in the module-specific authentication certificate stored, disclosed of Vas.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising comparing each read serial number to the list included in the module-specific authentication certificate stored. This allows for better security management by comparing each read serial number to the list included in the certificate in order to properly verify each node connected within the computing arrangement to make sure the nodes have not been compromised. Vas is deemed as analogous art due to the art disclosing techniques of reading serial numbers in a list and comparing them to hardware module certificates (Vas, Paragraph [0179 – 0182]). 

Regarding claim 5, Narayanan does not teach the following limitation(s) as taught by Vas: The system of claim 4, wherein the one or more components include a machine-readable serial number and to read a serial number comprises the management system retrieving the machine-readable serial number of the one or more components disposed on the connected hardware module (Vas, Paragraph [0182], see “…the node 350 sends the hardware certificate 354 to the DS managing unit 18 when the node 350 desires to authenticate the hardware and join the DSN computing system. The DS managing unit 18 validates the hardware certificate 354 (e.g., validates the HCA signature 366) and compares the device ID 360 and/or serial number 362 contained in the hardware certificate 354 to device IDs 360 in the locally stored device list 368 when the hardware certificate 354 is valid…”, where “DS managing unit 18” comprises a computing core, therefore, the verifying of the serial numbers comprises processing the serial numbers in a computing core, which deems the serial numbers as machine-readable). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising the management system retrieving the machine-readable serial number of the one or more components disposed on the hardware module, disclosed of Vas.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising the management system retrieving the machine-readable serial number of the one or more components disposed on the hardware module. This allows for better security management by utilizing a serial number in authenticating hardware modules to verify the manufacturer and help deem the hardware module as uncompromised. Vas is deemed as analogous art due to the art disclosing methods of retrieving machine-readable serial numbers in order to authenticate the corresponding nodes associated with the serial numbers (Vas, Paragraph [0182]). 

Regarding claim 6, Narayanan does not teach the following limitation(s) as taught by Vas: The system of claim 4, wherein to read a serial number for each component of the one or more components comprises retrieving a verified list of serial numbers from a secure system (Vas, Paragraph [0179], see “The HCA 352 includes storage of a device list 368, the HCA public key 364, and a HCA private key 370. The device list 368 includes one or more device IDs 360 and one or more paired device serial numbers 362 associated with one or more nodes 350…The HCA 352 sends the device list 368 to the DS managing unit 18 from time to time or in response to a device list request from the DS managing unit 18…”, where “The HCA 352 sends the device list 368 to the DS managing unit 18 from time to time…” is analogous to the management system retrieving a verified list of serial numbers from a secure system, where “HCA 352” is being read as a secure system due to the storage of the system including an HCA private key). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising retrieving a verified list of serial numbers from a secure system, disclosed of Vas.      
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising retrieving a verified list of serial numbers from a secure system. This allows for better security management by retrieving a verified list of serial numbers from a secure system in order to determine which hardware components have been verified and are valid to stay connecting in the computing platform. Vas is deemed as analogous art due to the art disclosing methods of retrieving a list of serial numbers from a secure system in order to verify and/or authenticate the hardware modules tied to the serial numbers (Vas, Paragraph [0179]). 

Regarding claim 7, Narayanan as modified by Vas teaches The system of claim 1, the one or more components comprising one or more of registers, power management integrated circuits (PMICs), dual in-line memory modules (DIMMs) (Narayanan, Paragraph [0039], see “…If the TPM certificate is not verified at decision block 508, the platform management controller SoC 304 may determine that the current boot metric data is not valid and the method 500 may proceed to block 510, where the platform management controller SoC 304 ceases providing power to the network operating system engine…the embedded processing system 304a in the platform management controller SoC 304 may perform a host processing system power down 914 and cease the provisioning of power through at least one of the power connections 310 to the host processing system 308a in the network operating system engine 308”, where “the platform management controller SoC 304 ceases providing power to the network operating system engine” is being read as the one or more components comprising a power management integrated circuit) (Narayanan, FIG. 6, see “304b”, “306b”, “308b”, which are being read as registers comprised in the one or more components).

Regarding claim 16, Narayanan teaches A method comprising:
(Narayanan, Paragraph [0019], see “…The FRU device 300 includes a chassis 302 that, in the embodiments described below, is a circuit board that supports or provides each of the components of the FRU 300…”);

adding, by the manufacturing controller system, the module-specific authentication certificate to a certificate chain associated with the hardware module (Narayanan, Paragraph [0031], see “…the vendor of the platform management controller SoC 304 may sign the SoC public key 602a with a PMC private key to create a certificate 604…that is stored in the embedded non-volatile memory system 304b of the platform management controller SoC 304 and that may be used (e.g., by the OEM) to verify that the platform management controller SoC 304 is manufactured/provided by a particular platform management controller SoC vendor”) (Narayanan, Paragraph [0033], see “…the trusted platform module 306 may include an encrypted trusted platform module certificate 611…that may be generated at the instruction of the OEM and utilized to verify that the trusted platform module 306 is authentic”, where “trusted platform module certificate 611” is being read as a module-specific authentication certificate associated with the hardware module); and
storing, by the manufacturing controller system, the certificate chain on an identification component disposed on the hardware module (Narayanan, Paragraph [0033], see “…a trusted platform module private key (“TPM private key 610a”) may be created within the trusted platform module 306 and stored in the memory system 306b of the trusted platform module 306…the trusted platform module 306 may include an encrypted trusted platform module certificate 611…that may be generated at the instruction of the OEM and utilized to verify that the trusted platform module 306 is authentic”, where “trusted platform module 306” is being read as comprising an identification component);
wherein the module-specific authentication certificate binds each of the one or more components to the identification component of the hardware module to enable authentication by a computing platform of the one or more components of the hardware module (Narayanan, Paragraph [0019], see “…the different components of the FRU device 300 may be provided by different manufacturers, vendors, and/or component providers, and those components may be provided with a variety of authentication information that allows for their verification/authentication”) (Narayanan, Paragraph [0021], see “…the trusted platform module 306 may be provided by a trusted platform module manufacturer and/or vendor to an OEM that manufacturers or otherwise provides the FRU device 300, and thus may include authentication information that allows for its verification”).
Narayanan does not teach the following limitation(s) as taught by Vas: scanning, by a manufacturing controller system, a serial number (Vas, Paragraph [0007], see “Computers are known to communicate, process, and store data…a computing system generates data and/or manipulates data from one form into another. For instance, an image sensor of the computer system generates raw picture data and, using an image compression program, the computing system manipulates the raw picture data into a standardized compressed image”, where “an image sensor of the computer system generates raw picture data” is being read as the computing system analyzing the serial number through a scan) of each of one or more components to be disposed on a printed circuit board (PCB) of a hardware module;
generating, by the manufacturing controller system, a module-specific authentication certificate based on a list of one or more serial numbers scanned by the manufacturing controller system (Vas, Paragraph [0178], see “The node 350 includes storage of a hardware certificate 354, a node public key 356, and a node private key 358. The hardware certificate 354 includes a device identifier (ID) 360, a serial number 362, a HCA public key 364, a HCA private key 366…The serial number 362 indicates a unique permanent value associated with the hardware (e.g., determined at the time of manufacture)”) (Vas, Paragraph [0190], see “…The method continues at step 412 where the processing module generates a signed certificate and sends the signed certificate to the node…the processing module signs the certificate of the CSR by encrypting a portion of the signed certificate utilizing a private key associated with the processing module (e.g., of the DS managing unit) and including a public key associated with the processing module (e.g., of the DS managing unit) such that any node may subsequently validate the signed certificate”, where “signed certificate” is analogous to a module-specific authentication certificate that is generated based on a list of the serial numbers scanned by the manufacturing controller system). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising of acquiring serial numbers of each of one or more components of a hardware module and generating a module-specific authentication certificate based on a list of one or more serial numbers acquired by the system, disclosed of Vas.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising of acquiring serial numbers of each of one or more components of a hardware module and generating a module-specific authentication certificate based on a list of one or more serial numbers acquired by the system. This allows for better security management by utilizing a unique and permanent identifier for each component in a hardware module, in order to respectively authenticate each component separately. Vas is deemed as analogous art due to the art disclosing methods for generating a module-specific authentication certificate based on one or more serial numbers (Vas, Paragraph [0190]). 

Regarding claim 17, Narayanan does not teach the following limitation(s) as taught by Vas: The method of claim 16, wherein the serial number of each of the one or more components comprises a machine-readable serial number (Vas, Paragraph [0182], see “…the node 350 sends the hardware certificate 354 to the DS managing unit 18 when the node 350 desires to authenticate the hardware and join the DSN computing system. The DS managing unit 18 validates the hardware certificate 354 (e.g., validates the HCA signature 366) and compares the device ID 360 and/or serial number 362 contained in the hardware certificate 354 to device IDs 360 in the locally stored device list 368 when the hardware certificate 354 is valid…”, where “DS managing unit 18” comprises a computing core, therefore, the verifying of the serial numbers comprises processing the serial numbers in a computing core, which deems the serial numbers as machine-readable). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising the management system retrieving the machine-readable serial number of the one or more components disposed on the hardware module, disclosed of Vas.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising the management system retrieving the machine-readable serial number of the one or more components disposed on the hardware module. This allows for better security management by utilizing a serial number in authenticating hardware modules to verify the manufacturer and help deem the hardware module as uncompromised. Vas is deemed as analogous art due to the art disclosing methods of retrieving machine-readable serial numbers in order to authenticate the corresponding nodes associated with the serial numbers (Vas, Paragraph [0182]). 

Regarding claim 18, Narayanan does not teach the following limitation(s) as taught by Vas: The method of claim 16, wherein generating the module-specific authentication certificate comprises generating a plain text list of serial numbers (Vas, Paragraph [0179], see “The HCA 352 includes storage of a device list 368, the HCA public key 364, and a HCA private key 370. The device list 368 includes one or more device IDs 360 and one or more paired device serial numbers 362 associated with one or more nodes 350”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate in the device list 368”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware certificate 354 (e.g., validates the HCA signature 366) and compares the device ID 360 and/or serial number 362 contained in the hardware certificate 354 to device IDs 360 in the locally stored device list 368 when the hardware certificate 354 is valid. The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate 354 in the device list 368”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising of generating a plain text list of serial numbers when generating the module-specific authentication certificate, disclosed of Vas.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising of generating a plain text list of serial numbers when generating the module-specific authentication certificate. This allows for better security management by utilizing a certificate comprising a serial number for each component disposed on the hardware in order to properly verify each component. Vas is deemed as analogous art due to the art disclosing methods of utilizing a certificate comprising a serial number in order to verify the specific hardware module (Vas, Paragraph [0182]). 

Regarding claim 19, Narayanan does not teach the following limitation(s) as taught by Vas: The method of claim 16, wherein generating the module-specific authentication certificate comprises generating a hash value by applying a hash algorithm to a list of serial numbers comprising one or more scanned serial numbers (Vas, Paragraph [0180], see “The HCA 352 may produce a hardware certificate 354, wherein the hardware certificate 354 includes a device ID 360 and a paired serial number 362, the HCA public key 364, and a HCA signature 366. The HCA signature 366 may be produced by the HCA 352 by calculating a hash of the hardware certificate 354 and encrypting the hash utilizing the HCA private key 370. The HCA 352 sends the hardware certificate 354 to the node 350…the node 350 may validate the hardware certificate 354 prior to storing…The validation includes comparing a calculated hash of the hardware certificate 354 to a decrypted HCA signature utilizing the HCA public key 364 of the hardware certificate 354”)
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising generating a read hash value to a read list comprising one or more component serial numbers and determining if the read hash value matches the hash value of the module-specific authentication certificate, disclosed of Vas.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising generating a read hash value to a read list comprising one or more component serial numbers and determining if the read hash value matches the hash value of the module-specific authentication certificate. This allows for better security management by applying a hash function to corresponding serial numbers and comparing the serial numbers to the list included in the certificate in order to properly verify each node connected within the computing arrangement to make sure the nodes have not been compromised. Vas is deemed as analogous art due to the art disclosing techniques of reading serial numbers in a list, applying a hash function to them and comparing them to hardware module certificates (Vas, Paragraph [0180]). 

Regarding claim 20, Narayanan as modified by Vas teaches The method of claim 16, wherein the identification component is accessible by a computing platform over a first interface and a second interface (Narayanan, FIG. 3, see “306” which is being read as the identification component, which is accessible by two different interfaces). 


Claims 8-15 are rejected under 35 U.S.C. 103 as being unpatentable over Narayanan, in view of Vas, in further view of Hanna (U.S. PGPub. 2009/0041252). 

Regarding claim 8, Narayanan teaches A method comprising:
detecting, by a first device of a computing platform, a hardware module communicatively connected to the computing platform (Narayanan, Paragraph [0026], see “…the systems and methods of the present disclosure may be provided to authenticate hardware (e.g., by detecting and isolating/shutting down unauthorized/spurious hardware) in scenarios such as, for example, line module authentication by a route processor module, port extender authentication by a line module and/or controlling bridge/uplink module…”) (Narayanan, Paragraph [0027], see “…one of skill in the art in possession of the present disclosure will recognize that the 802.1X hardware authentication described herein provides a novel hardware detection mechanism to determine whether hardware is authentic/authorized”);
retrieving, by the first device, authentication information stored on an identification component of the hardware module over a first interface, the authentication information including a module-specific authentication certificate (Narayanan, Paragraph [0039], see “…the embedded processing system 304a in the platform management controller SoC 304 may receive the trusted platform module certificate 61…”, where “embedded processing system 304a” is being read as the management system and where “trusted platform module certificate 61” is being read as the authentication information maintained within the identification component);



if the first authentication is successful, writing, by the first device, a nonce key to a nonce register of the identification component of the hardware module (Narayanan, Paragraph [0038], see “…In response to receiving the attestation request 902, the processing system 306a in the trusted platform module 306 retrieves the current boot metric data from the platform configuration registers 702 in the memory system 306b, signs the current boot metric data and the nonce1 with the TPM private key 610a to encrypt the signed current boot metric data/nonce1…and sends the encrypted TPM private key along with the trusted platform module certificate 611 as an attestation response 904 through the network operating system 308 to the platform management controller 304”, where “encrypted TPM private key” is being read as the nonce key, which is written to the register of the hardware module as seen in Narayanan, FIG. 6, see “610a TPM private key”, which is written in the register of the hardware module (Trusted Platform Module));



if the identifier key matches the nonce key read from the nonce register, determining, by the second device, that the requested hardware module is the authentication hardware module (Narayanan, Paragraph [0042], see “…The platform management controller SoC 304 receives the encrypted FRU public key {nonce2} and may use the FRU private key 606 in the secure storage device 304c to decrypt the authentication message 706 and retrieve the nonce2. The embedded processing system 304a in the platform management controller SoC 304 may then return the nonce2 to the host processing system 308a in the network operating system engine 308 in an authentication response 920. If the nonce2 received by the network operating system engine 308 in the authentication response 920 does not match the nonce2 sent in the authentication message 918, the method 500 proceeds to block 518 where the network operating system engine 308 determines that the platform management controller SoC 304 is not authentic/authorized and shuts down…”, where “network operating engine 308” is being read as a second device, where “platform management controller SoC 304” is being read as a first device, where “nonce2 sent in the authentication message 918” is being read as the nonce key read from the nonce register and where “nonce2 received by the network operating system engine 308 in the authentication response 920” is being read as the identifier key) (Narayanan, Paragraph [0043], see “If the nonce2 received by the network operating system engine 308 in the authentication response 920 matches the nonce2 sent in the authentication message 918, the method 500 proceeds to block 520 where the network operating system engine 308 authenticates the platform management controller SoC 304, and may subsequently authenticate downstream devices coupled to the FRU device 300”); and
allowing, by the second device, access to the requested hardware module (Narayanan, Paragraph [0043], see “If the nonce2 received by the network operating system engine 308 in the authentication response 920 matches the nonce2 sent in the authentication message 918…the network operating system engine 308 authenticates the platform management controller SoC 304, and may subsequently authenticate downstream devices coupled to the FRU device 300”, where “authenticates the platform management controller SoC 304, and may subsequently authenticate downstream devices coupled to the FRU device 300” is being read as allowing access to the requested hardware module).
Narayanan does not teach the following limitation(s) as taught by Vas: determining, by the first device, a list of serial numbers including a serial number for each of one or more components of the hardware module (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware certificate 354 (e.g., validates the HCA signature 366) and compares the device ID 360 and/or serial number 362 contained in the hardware certificate 354 to device IDs 360 in the locally stored device list 368 when the hardware certificate 354 is valid. The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate 354 in the device list 368”);
reading, by the first device, a component serial number over the first interface (Vas, Paragraph [0179], see “The HCA 352 includes storage of a device list 368, the HCA public key 364, and a HCA private key 370. The device list 368 includes one or more device IDs 360 and one or more paired device serial numbers 362 associated with one or more nodes 350”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate in the device list 368”);
comparing, by the first device, the list of serial numbers and one or more component serial numbers read over the interface (Vas, Paragraph [0179], see “The HCA 352 includes storage of a device list 368, the HCA public key 364, and a HCA private key 370. The device list 368 includes one or more device IDs 360 and one or more paired device serial numbers 362 associated with one or more nodes 350”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate in the device list 368”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising comparing each read serial number to the list included in the module-specific authentication certificate stored, disclosed of Vas.    
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising comparing each read serial number to the list included in the module-specific authentication certificate stored. This allows for better security management by comparing each read serial number to the list included in the certificate in order to properly verify each node connected within the computing arrangement to make sure the nodes have not been compromised. Vas is deemed as analogous art due to the art disclosing techniques of reading serial numbers in a list and comparing them to hardware module certificates (Vas, Paragraph [0179 – 0182]). 
Narayanan as modified by Vas do not teach the following limitation(s) as taught by Hanna: receiving, by a second device, a request to access a requested hardware module from an application on the computing platform (Hanna, Paragraph [0066], see “…request reception module 40 in health evaluation module 26 receives NAC information that was provided to access control device 20 as an initial (first) communication of an access control handshake sequence…”, where “health evaluation module 26” is analogous to a second device which receives a request to access a requested hardware module), the request including an identifier key identifying the requested hardware module and an address to access (Hanna, Paragraph [0030], see “In order to obtain an IP address, endpoint device 4 may initiate a handshake sequence of the DHCP protocol…the handshake sequence of the DHCP protocol consists of…a “DHCP request” message from endpoint device 4 to DHCP server module 24”, where “IP address” is analogous to an address to access) (Hanna, Paragraph [0066], see “…This NAC information includes a digital signature based on a TPM value and a nonce value”, where “TPM value and a nonce value” is analogous to the request including an identifier key), wherein the request is received over a second interface (Hanna, Paragraph [0075], see “…connection detection module 84 in endpoint device 4 determines that network interface 82 is connected to a link layer network (140). After connection detection module 84 determines that network interface 82 is connected to a link layer network, DHCP module 86 retrieves the TPM value from TPM register 72…”),
reading, by the second device, a nonce key from a nonce register of the requested hardware module (Hanna, Paragraph [0036], see “After health evaluation module 26 has determined that access control device 20 has negotiated a set of nonce information with endpoint device 4 and has received a public key certificate associated with TPM chip 22, health evaluation module 26 may determine whether the nonce value in the NAC information is acceptable…health evaluation module 26 may determine that the nonce value in the NAC information is acceptable when the nonce value in the NAC information is equal to a value in the set of values”, where “value in the set of values” is analogous to reading a nonce key from a nonce register of the requested hardware module) (Hanna, Paragraph [0070], see “…Cache management module 42 may subsequently receive and store a set of nonce information and the public key certificate from endpoint device 4 received via quarantine network 12…Cache management module 42 may store the nonce information in nonce information cache 46 and the certificate in certificate cache 50”);
comparing, by the second device, the nonce key from the nonce register of the requested hardware module and the identifier key included within the request to access (Hanna, Paragraph [0036], see “…health evaluation module 26 may determine that the nonce value in the NAC information is acceptable when the nonce value in the NAC information is equal to a value in the set of values”) (Hanna, Paragraph [0072], see “…if nonce calculation module 48 determines that the received NAC information includes a nonce value, signature verification module 52 may use the public key certificate associated with TPM chip 22 to determine whether the digital signature in the received NAC information is valid given the received TPM value and the nonce value included in the received NAC information…if the received NAC information includes a nonce value, signature verification module 52 may generate a hash value based on the nonce value and the TPM value and compare this hash value to a decrypted version of the digital signature”);
allowing, by the second device, access to the requested hardware module at the address included in the request (Hanna, Paragraph [0040], see “…if health evaluation module 26 determines that endpoint device 4 has an acceptable configuration, that the nonce value is acceptable, and that the digital signature is valid, health evaluation module 26 may grant the request access rights to endpoint device 4…health evaluation module 26 may instruct DHCP server module 24 to lease to endpoint device 4 an IP address associated with resource network 14, thereby granting endpoint device 4 the right to access resource network 14”, where “IP address associated with resource network 14” is analogous to the address included in the request (i.e., handshake)). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, and techniques disclosed of Vas, by implementing techniques for exchange of network access control information, comprising receiving a request to access a module, the request including an identifier key and comparing the received identifier key with a stored nonce before granting access to the requested module, disclosed of Hanna.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising receiving a request to access a module, the request including an identifier key and comparing the received identifier key with a stored nonce before granting access to the requested module. This allows for better security management by utilizing a nonce in order to prevent replay attacks from occurring in the system. Hanna is deemed as analogous art due to the art disclosing techniques of utilizing a nonce before granting access to a resource (Hanna, Paragraphs [0070 – 0072]). 

Regarding claim 9, Narayanan as modified by Vas and further modified by Hanna teaches The method of claim 8, further comprising if the identifier key does not match the nonce key, determining, by the second device, that the requested hardware module at the address is not the authenticated hardware module (Narayanan, Paragraph [0042], see “If the nonce2 received by the network operating system engine 308 in the authentication response 920 does not match the nonce2 sent in the authentication message 918…the operating system engine 308 determines that the platform management controller SoC 304 is not authentic/authorized and shuts down or otherwise ceases communication and/or operation with the platform management controller SoC 304”).

Regarding claim 10, Narayanan as modified by Vas and further modified by Hanna teaches: The method of claim 9, further comprising flagging, by the second device, the requested hardware module at the address included in the request as a non-authenticated module (Narayanan, Paragraph [0042], see “…If the nonce2 received by the network operating system engine 308 in the authentication response 920 does not match the nonce2 sent in the authentication message 918…the network operating system engine 308 determines that the platform management controller SoC 304 is not authentic/authorized and shuts down or otherwise ceases communication and/or operation with the platform management controller SoC 304”, where “shuts down or otherwise ceases communication and/or operation…” is being read as flagging the hardware module as a non-authenticated module). 

Regarding claim 11, Narayanan as modified by Vas and further modified by Hanna teaches: The method of claim 10, wherein the first device is an management system of the computing platform (Narayanan, FIG. 6, see “304” which is being read as a first device), the second device is a memory controller of the computing platform (Narayanan, FIG. 6, see “308” which is being read as a second device being a memory controller of the computing platform), and the connected hardware module is a memory module (Narayanan, FIG. 6, see “306” which is being read as the connected hardware module being a memory module).

Regarding claim 12, Narayanan as further modified by Hanna do not teach the following limitation(s) as taught by Vas: The method of claim 8, wherein the module-specific authentication certificate comprises a plain text list of the list of serial numbers and comparing the list of serial numbers and one or more component serial numbers read over the first interface comprises comparing each of the one or more component serial numbers to the plain text list (Vas, Paragraph [0179], see “The HCA 352 includes storage of a device list 368, the HCA public key 364, and a HCA private key 370. The device list 368 includes one or more device IDs 360 and one or more paired device serial numbers 362 associated with one or more nodes 350”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate in the device list 368”) (Vas, Paragraph [0182], see “…The DS managing unit 18 validates the hardware certificate 354 (e.g., validates the HCA signature 366) and compares the device ID 360 and/or serial number 362 contained in the hardware certificate 354 to device IDs 360 in the locally stored device list 368 when the hardware certificate 354 is valid. The DS managing unit 18 validates the hardware when the DS managing unit 18 finds a matching device ID 360 and/or serial number 362 of the hardware certificate 354 in the device list 368”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, and techniques disclosed of Hanna, by implementing techniques for identifying a slice name information error, comprising of a module specific authentication certificate including a list comprising a serial number for each component disposed on the hardware during manufacturing, disclosed of Vas.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising of a module specific authentication certificate including a list comprising a serial number for each component disposed on the hardware during manufacturing. This allows for better security management by utilizing a certificate comprising a serial number for each component disposed on the hardware in order to properly verify each component. Vas is deemed as analogous art due to the art disclosing methods of utilizing a certificate comprising a serial number in order to verify the specific hardware module (Vas, Paragraph [0182]). 

Regarding claim 13, Narayanan as further modified by Hanna do not teach the following limitation(s) as taught by Vas: The method of claim 8, wherein the module-specific authentication certificate comprises a hash value generated by applying a hash algorithm to the list of serial numbers and comparing the list of serial numbers and one or more component serial numbers read over the first interface comprises (Vas, Paragraph [0180], see “The HCA 352 may produce a hardware certificate 354, wherein the hardware certificate 354 includes a device ID 360 and a paired serial number 362, the HCA public key 364, and a HCA signature 366. The HCA signature 366 may be produced by the HCA 352 by calculating a hash of the hardware certificate 354 and encrypting the hash utilizing the HCA private key 370. The HCA 352 sends the hardware certificate 354 to the node 350…the node 350 may validate the hardware certificate 354 prior to storing…The validation includes comparing a calculated hash of the hardware certificate 354 to a decrypted HCA signature utilizing the HCA public key 364 of the hardware certificate 354”):
generating, by the first device, a read hash value by applying the hash algorithm to a read list comprising the one or more component serial numbers (Vas, Paragraph [0180], see “…The HCA signature 366 may be produced by the HCA 352 by calculating a hash of the hardware certificate 354 and encrypting the hash utilizing the HCA private key 370”, where “calculating a hash of the hardware certificate 354” is analogous to generating a read hash value by applying the hash algorithm to a read list comprising the one or more component serial numbers, where the “hardware certificate 354” comprises the one or more serial numbers); and
determining, by the first device, if the read hash value matches the hash value of the module-specific authentication certificate (Vas, Paragraph [0180], see “…The validation includes comparing a calculated hash of the hardware certificate 354 to a decrypted HCA signature utilizing the HCA public key 364 of the hardware certificate 354. The node 350 validates that the hardware certificate 354 when the comparison indicates that they are substantially the same”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for a field replaceable unit authentication system, disclosed of Narayanan, by implementing techniques for identifying a slice name information error, comprising generating a read hash value to a read list comprising one or more component serial numbers and determining if the read hash value matches the hash value of the module-specific authentication certificate, disclosed of Vas.     
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for a field-replaceable unit (FRU) secure component binding, comprising generating a read hash value to a read list comprising one or more component serial numbers and determining if the read hash value matches the hash value of the module-specific authentication certificate. This allows for better security management by applying a hash function to corresponding serial numbers and comparing the serial numbers to the list included in the certificate in order to properly verify each node connected within the computing arrangement to make sure the nodes have not been compromised. Vas is deemed as analogous art due to the art disclosing techniques of reading serial numbers in a list, applying a hash function to them and comparing them to hardware module certificates (Vas, Paragraph [0180]). 

Regarding claim 14, Narayanan as modified by Vas and further modified by Hanna teaches The method of claim 8, wherein the one or more components of the hardware module can comprise one or more registers, power management integrated circuits (PMICs), dual in-line memory modules (DIMMS) (Narayanan, Paragraph [0039], see “…If the TPM certificate is not verified at decision block 508, the platform management controller SoC 304 may determine that the current boot metric data is not valid and the method 500 may proceed to block 510, where the platform management controller SoC 304 ceases providing power to the network operating system engine…the embedded processing system 304a in the platform management controller SoC 304 may perform a host processing system power down 914 and cease the provisioning of power through at least one of the power connections 310 to the host processing system 308a in the network operating system engine 308”, where “the platform management controller SoC 304 ceases providing power to the network operating system engine” is being read as the one or more components comprising a power management integrated circuit) (Narayanan, FIG. 6, see “304b”, “306b”, “308b”, which are being read as registers comprised in the one or more components).

Regarding claim 15, Narayanan as modified by Vas and further modified by Hanna teaches The method of claim 8, wherein the first interface is a management interface (Narayanan, Paragraph [0022], see “…The network operating system engine 308 is coupled to the platform management controller SoC 304 via a plurality of connections 310 that may include a power connection, a Network Controller Sideband Interface (NC-SI) connection, a Local Procedure Call (LPC) connection, a Management Data Input/Output (MDIO) connection, and/or other connections known in the art…”, where “network operating system engine 308” is being read as comprising one or more hardware modules connected to the computing platform) and the second interface is a memory interface (Narayanan, Paragraph [0015], see “…IHS 100, FIG. 1, includes a processor 102, which is connected to a bus 104. Bus 104 serves as a connection between processor 102 and other components of IHS 100”).









Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499