DETAILED ACTION


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 01/29/2020.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3,8-9,11-13,16 -17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kanakarajan et al US 10,038,591 in view of Leighton et al US 2016/0065589.


 	As per claim 1, Kanakarajan discloses a computing device comprising: 
 	at least one central processing unit( col 11, lines 5-9 ne processor 614 and a system memory 616. Processor 614 generally represents any type or form of processing unit capable of processing data ) : 
 	a management controller ( col 6, lines 58-59 , , i.e. the management controller,   and  col 11, lines 11-12  processor 614 may represent an application-specific integrated circuit (ASIC), i.e. a management controller, a system on a chip (e.g., a network processor), a hardware accelerator, a general purpose processor, and/or any other suitable processing element), separate from the at least one central processing unit, wherein the management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state(col 4, lines 54-57 network device 104 may obtain geo-location information 106 during a boot-up process executed in response to a power-on event. For example, a service technician may install a router and provide the router with electrical power, causing the router to execute a first-time boot sequence); and 

 	a security co-processor including a device unique data unique to the security co-processor (col 4, lines 14-19 the network device 104, i.e. the security co-processor, may obtain geo-location information 106, i.e. a device unique data unique, that identifies the current location of network device 104. Network device 104 may obtain geo-location information 106 in a variety of ways. The network device 104 may obtain geo-location information 106 from a geo-location device), 
 	wherein at a first time, the management controller receives the device unique data and stores a representation of the device unique data in a secure location ( col 4, lines 65-67, the network device 104 may receive a unique identifier of additional network device 302 and then provide the unique identifier and the signed geo-location information to remote management system 208), 
wherein at a later time(col 4, lines 35-40 geo-location information 106 may be calculated using time-difference-of-arrival methods that map a location based on signals from cell towers with known locations), as part of a validation sequence, the management controller receives endorsement information from an expected location of the security co-processor (col 4, lines 55-57  the network device 104.i.e.  the security co-processor may direct. i.e. receives encryption device 102, i.e. the management controller, to digitally sign geo-location information 106, i.e. endorsement information  and router 204 may obtain geo-location information 206 that identifies the current location and then direct a trusted platform module 202 to digitally sign geo-location information 206  and col 5, lines 40-45  the  encryption device 102 to verify, i.e. validation, the authenticity of the digital signatures by comparing the signatures to those generated by trusted endorsement keys and another way, col 6, lines 47-60  network device , i.e. remote device / device 104, may additionally direct encryption device 102 to sign time information, i.e. device unique data , that identifies the current time and/or provide the signed time information to remote management system 208. Remote management system 208 may utilize the time information in a variety of ways. In one embodiment, remote management system 208 may be configured to enforce certain time-based security policies. For example, remote management system 208 may reject requests for configuration profiles that occur outside of an expected window of time. The remote management system 208, i.e. the management controller,  may compare, i.e. validation,  the provided time information to geo-location information 106.), and
  wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information (col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated and then “burned” into an encryption device such that the encryption keys cannot be changed after the time of manufacture. Because the endorsement key, in this example, is generated during the manufacturing process, a management system may be able to store the endorsement key in a list that identifies trusted endorsement keys. ) and
wherein the management controller the stored representation of the device unique data ( col 5, lines 55-60 Network device 104 may provide the signed geo-location information, i.e. representation,  to a remote management system that manages, i.e. storing,  the configuration of network device 104. ).  
 Kanakarajan does explicitly not disclose wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information.
 However, Leighton does not explicitly disclose wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information (par 0027 the secure provisioning system,I.e. the management controller,  or component 406 may determine or perform processing to obtain the verified geo location data derived from this information. The secure provisioning system or component 406 may then transmit/set, at 407, the verified geo location data into the TPM, i.e. the management controller..,  of the hypervisor host 722.   And par 0032 the verified geographic data into a hypervisor host 750. Further, with regard to writing the verified geo location data, such data may be written, i.e. action of storing into the physical TPM PCRs of the hypervisor host, i.e. the computing device).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, because doing so would provide device authentication by the TPM.
 
As per claim 2. Kanakarajan in view of Leighton discloses the computing device of claim 1, Kanakarajan discloses wherein the action is to enable power to the computing device, the computing device further comprising: a multiplexor (col 3, lines 59-61, multiplexers,) that selectively connects the security co-processor to a controller hub or a bus interfacing with the management controller (col 5, lines 55-60, Multiplexers is providing the service between network device 104 and the encryption device 02 of the Trusted Platform Module ).  

As per claim 3, Kanakarajan in view of Leighton discloses the computing device of claim 2, Kanakarajan discloses wherein the management controller is to control the multiplexor via a control signal to select the security co-processor to communicate with the management controller during the part of the validation sequence(col 7, lines 57-65, the remote management system 208 manage and communicate with the both network device 302 and network device 104 via the network 212  and Moreover col 5, lines 55-60, Multiplexers is providing the service between network device 104).  

As per claim 8, Kanakarajan in view of Leighton discloses the computing device of claim 1, Leighton discloses wherein the stored representation is a hash of the device unique data (par 0042 verifying the current time may involve matching the geo or GPS acquired data/time compared against the time server to attest to accuracy of time within the tolerance x period for time regional determination. In another validation process, implementations may validate that the data was signed by the approved geographic data acquisition system. According to another validation process, implementations may validate that the signed data hash was performed by the public key assigned to the geo acquisition system involved.).  

As per claim 9, Kanakarajan in view of Leighton discloses the computing device of claim 1, Kanakarajan discloses wherein the endorsement information is a second device unique data and the analysis includes comparison of the representation of the device unique data ( col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated and then “burned” into an encryption device such that the encryption keys cannot be changed after the time of manufacture. Because the endorsement key, in this example, is generated during the manufacturing process, a management system may be able to store the endorsement key in a list that identifies trusted endorsement keys).

  As per claim 11, Kanakarajan disclose a non-transitory machine-readable storage medium storing instructions that, if executed by a physical processing element of a management controller (col 6, lines 58-59 , , i.e. the management controller,   and  col 11, lines 11-12  processor 614 may represent an application-specific integrated circuit (ASIC), i.e. a management controller, a system on a chip (e.g., a network processor), a hardware accelerator, a general purpose processor, and/or any other suitable processing element ), cause the management controller to:
  receive, at a first time, a device unique data from a security co-processor that is unique to the security co-processor of a computing device ( col 4, lines 14-19 the network device 104, i.e. the security co-processor, may obtain geo-location information 106, i.e. a device unique data unique, that identifies the current location of network device 104. Network device 104 may obtain geo-location information 106 in a variety of ways. The network device 104 may obtain geo-location information 106 from a geo-location device); 
 store a representation of the device unique data in a secure location, wherein the computing device includes the management controller, the security co-processor, and at least one central processing unit separate from the management controller ( col 4, lines 65-67, the network device 104 may receive a unique identifier of additional network device 302 and then provide the unique identifier and the signed geo-location information to remote management system 208), 
24Attorney Docket No.: 90812530 wherein the management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state, receive endorsement information from an expected location of the security co- processor at a later time as part of a validation sequence (col 4, lines 55-57  the network device 104.i.e.  the security co-processor may direct. i.e. receives encryption device 102, i.e. the management controller, to digitally sign geo-location information 106, i.e. endorsement information  and router 204 may obtain geo-location information 206 that identifies the current location and then direct a trusted platform module 202 to digitally sign geo-location information 206  and col 5, lines 40-45  the  encryption device 102 to verify, i.e. validation, the authenticity of the digital signatures by comparing the signatures to those generated by trusted endorsement keys and another way, col 6, lines 47-60  network device , i.e. remote device / device 104, may additionally direct encryption device 102 to sign time information, i.e. device unique data , that identifies the current time and/or provide the signed time information to remote management system 208. Remote management system 208 may utilize the time information in a variety of ways. In one embodiment, remote management system 208 may be configured to enforce certain time-based security policies. For example, remote management system 208 may reject requests for configuration profiles that occur outside of an expected window of time. The remote management system 208, i.e. the management controller,  may compare, i.e. validation,  the provided time information to geo-location information 106 ); 
determine whether to enable power of the computing device based on an analysis of the endorsement information and (col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated and then “burned” into an encryption device such that the encryption keys cannot be changed after the time of manufacture. Because the endorsement key, in this example, is generated during the manufacturing process, a management system may be able to store the endorsement key in a list that identifies trusted endorsement keys ) and;
the stored representation of the device unique data( col 5, lines 55-60 Network device 104 may provide the signed geo-location information, i.e. representation,  to a remote management system that manages, i.e. storing,  the configuration of network device 104. ).  
 Kanakarajan does explicitly not disclose wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information.
 However, Leighton does not explicitly disclose wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information (par 0027 the secure provisioning system,I.e. the management controller,  or component 406 may determine or perform processing to obtain the verified geo location data derived from this information. The secure provisioning system or component 406 may then transmit/set, at 407, the verified geo location data into the TPM, i.e. the management controller..,  of the hypervisor host 722.   And par 0032 the verified geographic data into a hypervisor host 750. Further, with regard to writing the verified geo location data, such data may be written, i.e. action of storing into the physical TPM PCRs of the hypervisor host, i.e. the computing device).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, because doing so would provide device authentication by the TPM.


As per claim 12, Kanakarajan in view of Leighton disclose the non-transitory machine-readable storage medium of claim 11, further comprising instructions that, if executed by the physical processing element, cause the management controller to: control a multiplexor ( col 3, lines 59-61, multiplexers) that selectively connects the security co-processor to a controller hub or a bus interfacing with the management controller via a control signal to select the security co-processor to communicate with the management controller during the part of the validation sequence (col 5, lines 55-60, Multiplexers is providing the service between network device 104 and the encryption device 02 of the Trusted Platform Module ); and control the multiplexor to select the controller hub to communicate with the security co-processor after the part of the validation sequence (col 7, lines 57-65, the remote management system 208 manage and communicate with the both network device 302 and network device 104 via the network 212  and Moreover col 5, lines 55-60, Multiplexers is providing the service between network device 104 ).  
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, because doing so would provide device authentication by the TPM.


As per claim 13, Kanakarajan in view of Leighton discloses the non-transitory machine-readable storage medium of claim 12, further comprising instructions that, if executed by the physical processing element, cause the management controller to:  
control a second multiplexor via the same control signal to cause another component to connect to another bus interfacing with the management controller (col 7, lines 57-65, the remote management system 208 manage and communicate with the both network device 302 and network device 104 via the network 212  and Moreover col 5, lines 55-60, Multiplexers is providing the service between network device 104 ); and 
 validate a firmware image of the other component as a second part of the validation sequence (par 0042 verifying the current time may involve matching the geo or GPS acquired data/time compared against the time server to attest to accuracy of time within the tolerance x period for time regional determination. In another validation process, implementations may validate that the data was signed by the approved geographic data acquisition system. According to another validation process, implementations may validate that the signed data hash, i.e. firmware image, was performed by the public key assigned to the geo acquisition system involved ).   


 	
 	As per claim 16, Kanakarajan discloses  A method comprising: 
receiving, by a management controller, at a first time, a device unique data from a security co-processor that is unique to the security co-processor of a computing device ( col 6, lines 58-59 , , i.e. the management controller,   and  col 11, lines 11-12  processor 614 may represent an application-specific integrated circuit (ASIC), i.e. a management controller, a system on a chip (e.g., a network processor and col 4, lines 14-19 the network device 104, i.e. the security co-processor, may obtain geo-location information 106, i.e. a device unique data unique, that identifies the current location of network device 104. Network device 104 may obtain geo-location information 106 in a variety of ways. The network device 104 may obtain geo-location information 106 from a geo-location device); 
 	storing, by the management controller, a representation of the device unique data in a secure location (col 4, lines 65-67, the network device 104 may receive a unique identifier of additional network device 302 and then provide the unique identifier and the signed geo-location information to remote management system 208 ), 
 	wherein the computing device includes the management controller, the security co-processor, and at least one central processing unit separate from the management controller ( col 4, lines 55-57  the network device 104.i.e.  the security co-processor may direct. i.e. receives encryption device 102, i.e. the management controller, to digitally sign geo-location information 106, i.e. endorsement information  and router 204 may obtain geo-location information 206 that identifies the current location and then direct a trusted platform module 202 to digitally sign geo-location information 206  and col 5, lines 40-45  the  encryption device 102 to verify, i.e. validation, the authenticity of the digital signatures by comparing the signatures to those generated by trusted endorsement keys and another way, col 6, lines 47-60  network device , i.e. remote device / device 104, may additionally direct encryption device 102 to sign time information, i.e. device unique data , that identifies the current time and/or provide the signed time information to remote management system 208. Remote management system 208 may utilize the time information in a variety of ways. In one embodiment, remote management system 208 may be configured to enforce certain time-based security policies. For example, remote management system 208 may reject requests for configuration profiles that occur outside of an expected window of time. The remote management system 208, i.e. the management controller,  may compare, i.e. validation,  the provided time information to geo-location information 106), 
 	wherein the management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state( col 4, lines 55-57  the network device 104.i.e.  the security co-processor may direct. i.e. receives encryption device 102, i.e. the management controller, to digitally sign geo-location information 106, i.e. endorsement information  and router 204 may obtain geo-location information 206 that identifies the current location and then direct a trusted platform module 202 to digitally sign geo-location information 206  and col 5, lines 40-45  the  encryption device 102 to verify, i.e. validation, the authenticity of the digital signatures by comparing the signatures to those generated by trusted endorsement keys and another way, col 6, lines 47-60  network device , i.e. remote device / device 104, may additionally direct encryption device 102 to sign time information, i.e. device unique data , that identifies the current time and/or provide the signed time information to remote management system 208. Remote management system 208 may utilize the time information in a variety of ways. In one embodiment, remote management system 208 may be configured to enforce certain time-based security policies. For example, remote management system 208 may reject requests for configuration profiles that occur outside of an expected window of time. The remote management system 208, i.e. the management controller,  may compare, i.e. validation,  the provided time information to geo-location information 106), 
 	 controlling a multiplexor that selectively connects the security co-processor to a controller hub or a bus interfacing with the management controller via a control signal to select the security co-processor to communicate with the management controller during a part of a validation sequence at a later time (col 6, lines 47-60  remote management system 208 may be configured to enforce certain time-based security policies. For example, remote management system 208 may reject requests for configuration profiles that occur outside of an expected window of time. The remote management system 208, i.e. the management controller,  may compare, i.e. validation,  the provided time information to geo-location information 106); 
 	receiving, by the management controller, endorsement information from an expected location of the security co-processor at the later time as part of the validation sequence(col 5, lines 55-60 Network device 104 may provide the signed geo-location information, i.e. representation,  to a remote management system that manages, i.e. storing,  the configuration of network device 104 ); 
 	determining, by the management controller, whether to enable power of the computing device based on an analysis of the endorsement information and the stored representation of the device unique data ( col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated and then “burned” into an encryption device such that the encryption keys cannot be changed after the time of manufacture. Because the endorsement key, in this example, is generated during the manufacturing process, a management system may be able to store the endorsement key in a list that identifies trusted endorsement keys).  
Kanakarajan does explicitly not disclose wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information.
 However, Leighton does not explicitly disclose wherein the management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information (par 0027 the secure provisioning system,I.e. the management controller,  or component 406 may determine or perform processing to obtain the verified geo location data derived from this information. The secure provisioning system or component 406 may then transmit/set, at 407, the verified geo location data into the TPM, i.e. the management controller..,  of the hypervisor host 722.   And par 0032 the verified geographic data into a hypervisor host 750. Further, with regard to writing the verified geo location data, such data may be written, i.e. action of storing into the physical TPM PCRs of the hypervisor host, i.e. the computing device).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, because doing so would provide device authentication by the TPM.

As per claim 17,Kanakarajan in view of Leighton discloses the method of claim 16, further comprising: , Kanakarajan discloses  controlling, wherein the management controller, the multiplexor to select the controller hub to communicate with the security co-processor after the part of the validation sequence(col 7, lines 57-65, the remote management system 208 manage and communicate with the both network device 302 and network device 104 via the network 212  and Moreover col 5, lines 55-60, Multiplexers is providing the service between network device 104).  

 	As per claim 19, Kanakarajan in view of Leighton discloses the method claim 16, Kanakarajan discloses wherein the endorsement information is a second device unique data and the analysis includes comparison of the representation of the device unique data( col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated and then “burned” into an encryption device such that the encryption keys cannot be changed after the time of manufacture. Because the endorsement key, in this example, is generated during the manufacturing process, a management system may be able to store the endorsement key in a list that identifies trusted endorsement keys).


claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Kanakarajan et al US 10,038,591 in view of Leighton et al US 2016/0065589 in view of Ryan et al US 9,189,378.

As per claim 4, Kanakarajan in view of Leighton discloses The computing device of claim 3, Kanakarajan discloses the combination fails to disclose wherein the management controller is to control the part of the validation sequence (col 6, lines 47-60  network device , i.e. remote device / device 104, may additionally direct encryption device 102 to sign time information, i.e. device unique data , that identifies the current time and/or provide the signed time information to remote management system 208. Remote management system 208 may utilize the time information in a variety of ways. In one embodiment, remote management system 208 may be configured to enforce certain time-based security policies. For example, remote management system 208 may reject requests for configuration profiles that occur outside of an expected window of time. The remote management system 208, i.e. the management controller,  may compare, i.e. validation,  the provided time information to geo-location information 106 ).  
 However, Ryan discloses wherein the management controller is to control the multiplexor to select the controller hub ( col 5, lines 23-28 a gateway (multiplexor) module 130 for routing data between the management server 140 and a one or more USB hubs  and col 5, lines 9-13 web (UI) module generally performs functions prior to connecting to the device comprising user authentication and routing connection parameters to the device 170). 
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of routing data by multiplexor between the management server and HUB of Ryan, because doing so would provide device authentication by the TPM.
 
As per claim 5, Kanakarajan in view of Leighton in view of Ryan discloses the computing device of claim 4, Ryan discloses wherein the management controller is to control another multiplexor via the same control signal to cause another component to connect to another bus interfacing with the management controller (col 5, lines 23-28 a gateway (multiplexor) module 130 for routing data between the management server 140 and a one or more USB hubs  and col 5, lines 9-13 web (UI) module generally performs functions prior to connecting to the device comprising user authentication and routing connection parameters to the device 170). 

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of routing data by multiplexor between the management server and HUB of Ryan, because doing so would provide device authentication by the TPM.
 

Claims 6 -7, 14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kanakarajan et al US 10,038,591 in view of Leighton et al US 2016/0065589 in view of Webster US 2018/0188986.

As per claim 6, Kanakarajan in view of Leighton discloses the computing device of claim 5, the combination fails to disclose wherein the management controller is to validate a firmware image of the other component as a second part of the validation sequence.  
 However, Webster discloses wherein the management controller is to validate a firmware image of the other component as a second part of the validation sequence ( par 0037 the controller 230 may use this ability of the storage drive 240 (to validate firmware images) to validate a firmware image of the data storage device 120 (e.g., a data storage device firmware image). This may allow the OTP memory to be removed from the controller 230 which may decrease the size, cost, and/or complexity of the controller 230).  
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of validating the firmware of Webster, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).

 	As per claim 7, Kanakarajan in view of Leighton in view of Webster discloses
 the computing device of claim 6, However, Webster discloses wherein the management controller is to validate initial startup code of the management controller, a firmware image of a remaining portion of the management controller using a root of trust, a boot firmware, and the component prior to enabling power to the computing device (par 0045 The memory 342 includes a firmware image 343. The firmware image 343 may be used to initiate operation of (e.g., boot) the storage drive 240. The firmware image 343 may also be used to operate the storage drive 240. For example, the firmware image 343 may allow the storage drive 240 to receive data access requests from the controller 230. The firmware image 343 may include firmware and/or one or more digital signatures.  And 0046  the processing device 341 may validate the firmware image 343. For example, the processing device 341 may validate the firmware image 343 before initiating operation of (e.g., booting) the storage drive 240 ).   

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of validating the firmware of Webster, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).

As per claim 14, Kanakarajan in view of Leighton discloses the non-transitory machine-readable storage medium of claim 13, However, Webster discloses further comprising instructions that, if executed by the physical processing element, cause the management controller to:  validate initial startup code of the management controller, an firmware image of a remaining portion of the management controller using a root of 25Attorney Docket No.: 90812530 trust, a boot firmware, and the component prior to enabling power to the computing device (par 0045 The memory 342 includes a firmware image 343. The firmware image 343 may be used to initiate operation of (e.g., boot) the storage drive 240. The firmware image 343 may also be used to operate the storage drive 240. For example, the firmware image 343 may allow the storage drive 240 to receive data access requests from the controller 230. The firmware image 343 may include firmware and/or one or more digital signatures.  And 0046  the processing device 341 may validate the firmware image 343. For example, the processing device 341 may validate the firmware image 343 before initiating operation of (e.g., booting) the storage drive 240 ).   

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of validating the firmware of Webster, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).

As per claim 18, Kanakarajan in view of  Leighton disclsoes  The method of claim 17, further comprising: , However, Webster discloses controlling, by the management controller a second multiplexor via the same control signal to cause another component to connect to another bus interfacing with the management controller; validating, by the management controller, a firmware image of the other component as a second part of the validation sequence; validating, by the management controller, the management controller's initial startup code, a firmware image of a remaining portion of the management controller using a root of trust, a boot firmware, and the component prior to enabling power to the computing device(par 0045 The memory 342 includes a firmware image 343. The firmware image 343 may be used to initiate operation of (e.g., boot) the storage drive 240. The firmware image 343 may also be used to operate the storage drive 240. For example, the firmware image 343 may allow the storage drive 240 to receive data access requests from the controller 230. The firmware image 343 may include firmware and/or one or more digital signatures.  And 0046  the processing device 341 may validate the firmware image 343. For example, the processing device 341 may validate the firmware image 343 before initiating operation of (e.g., booting) the storage drive 240 ).   

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of validating the firmware of Webster, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).


10. 	Claims 10, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kanakarajan et al US 10,038,591 in view of Leighton et al US 2016/0065589 in view of Pan et al US 2010/0332499.

As per claim 10, Kanakarajan in view of Leighton discloses the computing device of claim 1, Kanakarajan discloses wherein the endorsement information to encryption  ( col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated).
The combination fails to disclose the controller is an answer to an interrogation using the representation of the device unique data to the interrogation and the analysis includes answer with an expected answer.  
Pan discloses the controller is an answer to an interrogation using the representation of the device unique data to the interrogation and the analysis includes answer with an expected answer ( par 0032 the Question Analysis Module 210 may identify a type or classification of answer that is expected from a question. The classification of the answer expected may be determined from a question pattern itself. For example, interrogative words within a question pattern and/or Search Terms may be used to classify an answer for the Search Terms 206 (e.g. "Who" may indicate a person is expected as an answer, "When" may indicate a date is expected as an answer, "Where" may indicate that a location is expected as an answer). Similarly, adjectives may indicate an answer. By way of example, the adjectives after "how" may be used to classify the category of the numeric value (e.g. "much" may indicate a price or other amount is expected as an answer, "tall" and "high" may indicate a height is expected as answer, "large" and "big" may indicate a size is expected as answer). The nouns in a search query may indicate an answer (e.g. "time" after the word "what" may indicate a time is expected as an answer). Occupational words may be used to identify the type of answer expected (e.g. "president" may indicate a president is expected as an answer). Statistics may also be used to determine the answer expected from a set of Search Terms 206. A generic machine learning system, such as dbacl, may be used to determine the answer expected from a set of Search Terms 206. Those skilled in the art will recognize that there may be a variety of ways to identify an answer expected from a set of Search Terms 206.).  

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of Question Analysis module for interrogation of Pan, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).

As per claim 15, Kanakarajan in view of Leighton discloses the non-transitory machine-readable storage medium of claim 11, Kanakarajan discloses wherein the endorsement information( col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated).
The combination fails to disclose the controller is an answer to an interrogation using the representation of the device unique data to the interrogation and the analysis includes answer with an expected answer.  
Pan discloses the controller is an answer to an interrogation using the representation of the device unique data to the interrogation and the analysis includes answer with an expected answer ( par 0032 the Question Analysis Module 210 may identify a type or classification of answer that is expected from a question. The classification of the answer expected may be determined from a question pattern itself. For example, interrogative words within a question pattern and/or Search Terms may be used to classify an answer for the Search Terms 206 (e.g. "Who" may indicate a person is expected as an answer, "When" may indicate a date is expected as an answer, "Where" may indicate that a location is expected as an answer). Similarly, adjectives may indicate an answer. By way of example, the adjectives after "how" may be used to classify the category of the numeric value (e.g. "much" may indicate a price or other amount is expected as an answer, "tall" and "high" may indicate a height is expected as answer, "large" and "big" may indicate a size is expected as answer). The nouns in a search query may indicate an answer (e.g. "time" after the word "what" may indicate a time is expected as an answer). Occupational words may be used to identify the type of answer expected (e.g. "president" may indicate a president is expected as an answer). Statistics may also be used to determine the answer expected from a set of Search Terms 206. A generic machine learning system, such as dbacl, may be used to determine the answer expected from a set of Search Terms 206. Those skilled in the art will recognize that there may be a variety of ways to identify an answer expected from a set of Search Terms 206.).  

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of Question Analysis module for interrogation of Pan, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).


As per claim 20, Kanakarajan in view of Leighton discloses the method of claim 16, Kanakarajan discloses  wherein the endorsement information ( col 5, lines 25-34, encryption device 102 may use an endorsement key. An endorsement key may include and/or represent a paired public encryption key and private encryption key that are randomly generated).
The combination fails to disclose the controller is an answer to an interrogation using the representation of the device unique data to the interrogation and the analysis includes answer with an expected answer.  
Pan discloses the controller is an answer to an interrogation using the representation of the device unique data to the interrogation and the analysis includes answer with an expected answer ( par 0032 the Question Analysis Module 210 may identify a type or classification of answer that is expected from a question. The classification of the answer expected may be determined from a question pattern itself. For example, interrogative words within a question pattern and/or Search Terms may be used to classify an answer for the Search Terms 206 (e.g. "Who" may indicate a person is expected as an answer, "When" may indicate a date is expected as an answer, "Where" may indicate that a location is expected as an answer). Similarly, adjectives may indicate an answer. By way of example, the adjectives after "how" may be used to classify the category of the numeric value (e.g. "much" may indicate a price or other amount is expected as an answer, "tall" and "high" may indicate a height is expected as answer, "large" and "big" may indicate a size is expected as answer). The nouns in a search query may indicate an answer (e.g. "time" after the word "what" may indicate a time is expected as an answer). Occupational words may be used to identify the type of answer expected (e.g. "president" may indicate a president is expected as an answer). Statistics may also be used to determine the answer expected from a set of Search Terms 206. A generic machine learning system, such as dbacl, may be used to determine the answer expected from a set of Search Terms 206. Those skilled in the art will recognize that there may be a variety of ways to identify an answer expected from a set of Search Terms 206.).  

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending the unique data of the network device to the trusted platform module of the encryption device of Kanakarajan, based on the teaching of secure provisioning system or component may then transmit, the verified geo location data into the TPM of Leighton, based on the teaching of Question Analysis module for interrogation of Pan, because doing so would allow the controller  to operate more efficiently and/or perform other tasks, operations, functions(par 0037).




Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496