DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is response to communication:  response to amendments/arguments filed on 05/06/2022.
Claims 1-5, 7-18, and 21-23 are currently pending in this application.  Claims 1, 19, and 20 have been cancelled.  Claims 21-23 are new. 
No new IDS has been filed for this application.
	
Response to Arguments
Applicant’s arguments concerning the 103 rejections have been fully considered but are moot in view of new grounds of rejection.  See amended rejection below. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 7-13, 22, and 23 are rejected under 35 U.S.C. 103 as being unpatentable Ndu et al. US Patent Application Publication 2019/0384918 (Nud), in view of Ishaya et. al US Patent Applciation Publication 2014/0282889 (Ishaya), and further in view of Tsirkin et al US Patent Application Publication 2021/0240839 (Tsirkin)

As per claim 1, Ndu teaches a management controller comprising (paragraph 13 and Figure 1 with device 120) to: a communication interface to communicate with a computing device, wherein the management controller is separate from a processor of the computing device, and a management processor to: perform a validation of program codes of virtual entities of the computing device (Figure 1 with device 120, separate from main processor 130; see also paragraph 13; see paragraph 26 wherein scanning engine scans kernel; see paragraph 35-36 wherein kernel may include clusters of entities; see also paragraph 32 with multiple kernel spaces in memory).
	Although Ndu teaches validating codes, Ndu does not explicitly teach in locking access of the configuration data in the memory prior to validation, and in response to the validation of the program codes, unlock access of configuration data which is useable to configure the virtual entities.  However, this would have been obvious.  For example, see Ishaya (paragraph 35 with plurality of virtual machines; see claim 1 with authentication manager controls access by the virtual machine to resource/configuration information; after authentication, virtual machine instance may access resource; see paragarph 191 for authentication by authentication manager; see paragraph 175 with controlling access to resources based on identity; access may be allowed or blocked based on identity based authentication).
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Ndu with Ishaya.  One of ordinary skill in the art would have been motivated to perform such an addition to authenticate newly instantiated virtual machine instances based on their identity (paragraph 9).
	Although the Ndu combination teaches providing access to data after validation, Ndu does not explicitly teach the use of blocking access to an encrypted version of configuration data and sending a decryption key for decrypting the information. However, this would have been obvious.  Tsirkin teaches a memory to store an encrypted version of data for virtual entities in a computing device (paragraph 17 with second computer system receives and stores encrypted virtual disk image); block access of the encrypted version of the data in the memory prior to the validation by preventing communication of a decryption key to the computing device (paragraph 17 wherein first computer system does not send access key for encrypted virtual disk image until VM is validated); and in response to the validation, unlock access of the encrypted version of the data by sending the decryption key to the computing device, the decryption key useable by the program codes in decrypting the encrypted version of the data to produce decrypted data for the virtual entity (paragraph 17 with after validating VM, the computer system sends access key for encrypted virtual disk mage to second computer system; second computer system uses key to decrypt disk image).
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Ndu combination with Tsirkin.  One of ordinary skill in the art would have been motivated to perform such an addition to provide security in virtual machine systems (paragraph 17 of Tsirkin).

	As per claim 3, it would have been obvious over the Ndu combination wherein the virtual entities comprise virtual machines, and wherein the validation of the program codes comprises validation of codes of the virtual machines in the computing device (Ishaya abstract, claim 1, and throughout with validation of the identities/codes of the virtual machines).
	As per claim 4, it would have been obvious over the Ndu combination wherein the memory is to further store the decryption key (Tsirkin paragraph 40 wherein data store may store access key; see paragraph 17 wherein the access key is the decryption key).
	As per claim 5, it would have been obvious over the Ndu combination wherein the configuration data defines functions of the virtual entities (obvious over Tsirkin; see throughout reference, such as paragraph 61 wherein virtual disk image includes debug logs, which tracks actions and transactions )
	As per claim 7, it would have bee obvios over the Ndu combination wherein the validation of the program codes of the virtual entities is based on use of encryption keys to decrypt the program codes (obvious over Tsirkin; see paragraph 17 with validation measurements, which require digital signatures or cryptographic signatures, which utilize encryption/decryption).
	As per claim 8, it would have been obvious over the Ndu combination wherein the memory in the management controller is to store an authentication key, and wherein the management processor is to, in response to the validation of the program codes, unlock access of the authentication key to allow access of the authentication key by the virtual entities to perform authentication (Tsirkin teaches in response to validation of program codes, unlocking access of keys (paragraph 17 wherein after validation of virtual machine, access key may be unlocked); see Ishaya, paragraph 100, with stored authentication key and key may be used for authentication for particular resources such as particular machines) ). 
	
	As per claim 9, it would have been obvious over the Ndu combination wherein the validation is based on computing a hash value of each of the program codes (Ishaya paragraph 181-182 with utilizing hash value to authenticate virtual machine).
	As per claim 10, it would have been obvious over the Ndu combination further comprising a communciationn interface to communicate with a remote entity as part of management of the computing device (Ishaya Figure 1 and Figure 2 with connecting to networks).
	As per claim 11, it would have been obvious over the Ndu combination wherein the management controller is a baseboard management controller (Ndu paragraph 6 and Figure 5).
	 As per claim 12, it would have been obvious over the Ndu combination to further validate other program codes of the computing device, prior to the validatin of the program codes of the virtual entities, wherein the other program codes include a boot code and an operating system (Ishaya paragraph 16-18 with authenticating/verifying the boot process and measurement driver; see paragraph 34 wherein OS is loaded as part of the boot process, and thus verified). .
	As per claim 13, it would have been obvious over the Ndu combination wherein the authentication key is for use by the virtual entities in authenticating one another (Ishaya, paragraph 100, with stored authentication key and key may be used for authentication for particular resources such as particular machines; further, such limitations are intended use and hold no patentable weight)
	Claim 22 is rejected using the same basis of arguments used to reject claim 1 above. 
	Claim 23 is rejected using the same basis of arguments used to reject claim 8 above. 

Claims 2 is rejected under 35 U.S.C. 103 as being unpatentable over the Ndu combination as applied above, and further in view of Gupta et al. US Patent Application Publication 2018/0349610 (Gupta)
As per claim 2, the Ndu combination teaches the validation of the program codes in the computing device (see Ishaya abstract, claim 1 and throughout), but does not explicitly teach wherein the virtual entities comprise containers.  However, this would have been obvious.  For example, see Gupta (abstract, paragraph 16, and throughout with authenticating containers).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Ndu combination with Gupta.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by providing trusted deployment of application containers (paragraph 1 of Gupta)

Claims 14, 17, 18, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over the Ndu combination as applied above, and further in view of Brandwine et al. US Patent No. 9,626,512 (Brandwine)
Claim 14 is rejected using the same basis of arguments used to reject claim 1 above. Although the Ndu combination teaches management controller separate from the computing device, the combination does not explicitly teach an auxiliary power supply.  However, utilizing a separate power supply for a security component is well known in the art.  For example, see Brandwine (col. 16 line 55 to col. 17 line 8 with separate power supply on offload device).
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Ndu combination with Brandwine.  One of ordinary skill in the art would have been motivated to perform such an addition to provide more security by providing a trusted platform module (col. 2 lines 14-43).
	Claim 17 is rejected using the same basis of arguments used to reject claim 4 above. 
Claim 18 is rejected using the same basis of arguments used to reject claim 5 above.
Claim 21 is rejected using the same basis of arguments used to reject claim 8 above. 
	
Claims 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over the Ndu combination as applied above, and further in view of Gupta et al. US Patent Application Publication 2018/0349610 (Gupta)

As per claim 15, the Ndu combination does not explicitly teach wherein the cluster of virtual entities comprises a master virtual entity and a worker virtual entity.  This would have been obvious.  For example, see Gupta (paragraph 16 with container manager and vrtm as master and containerized images are workers).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Ndu combination with Gupta.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by providing trusted deployment of application containers (paragraph 1 of Gupta)
	As per claim 16, the Ndu combination teaches wherein the master virtual entity coprises processes of a master node, and the worker virtual entity comprises processes of a worker node (paragraph 16 with management and authentication processes of master node and application processes from application containers).
	
	 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495