Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 01/21/2021. Claims 1-20 are pending. Claims 1, 8, and 15 is/are independent.

Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 01/21/2021 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.
	

Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1, 5-6, 8, 12-13, 15, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mueller et al. U.S. Publication 20170237560 (hereinafter “Mueller”) in view of Zimny et al. U.S. Publication 20190103966 (hereinafter “Zimny”).
As per claim 1, Mueller discloses 
A system [cloud computing system, Mueller, para. 23], comprising: 
at least one computing device; and 
at least one data store comprising instructions executable in the at least one computing device, wherein the instructions, when executed by at least one processor, cause the at least one computing device to at least: 
(
at least one computing device= SSIS 124, [Mueller para. 36]
at least one computing device can be disclosed by Computing device 900, as an example of implementation for SSIS [Mueller 0085]
at least one data store can be disclosed by media, [Mueller para. 91]
)
Mueller [0023]
FIG. 1 ….. cloud computing environment 100 depicts only a portion of an entire cloud computing system1   
 [0036] SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. In sealing the volume encryption key to the TPM of server 104, the selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. Such embodiments can effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values. 
Mueller [0085] FIG. 9 … an illustrative operating environment for implementing embodiments of the present disclosure is shown and designated generally as computing device 900. Computing device 900 is but one example of a suitable computing environment 
Mueller [0091] Memory 912 includes computer storage media in the form of volatile and/or nonvolatile memory. As depicted, memory 912 includes instructions 924. Instructions 924, when executed by processor(s) 914 are configured to cause the computing device to perform any of the operations described herein

generate, by a management service, a volume encryption key for a device;
generate, by the management service, a sealing authorization policy based on a predetermined platform configuration register (PCR) mask and expected PCR values; and 
(
management service= SSIS [Mueller 0037]
device = server 104  [Mueller 0036]
platform configuration register (PCR) mask is not unambiguously defined in the specification but it can be a predetermined set of PCRs measured for sealing and unsealing the encrypted key [Applicant’s specification, para. 26]
generate, by the management service, a sealing authorization policy can be disclosed by When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image. [Mueller 0037]
generate, by the management service, a sealing authorization policy can also be disclosed by SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. [Mueller 0036]
Causing server 104 to utilize selected PCR values is disclosing generating a sealing authorization policy because the selected PCR values determine how the volume encryption key is sealed and unsealed
predetermined platform configuration register (PCR) mask = selected PCR registers [Mueller para. 36, 37]
 expected PCR values = selected PCR values [Mueller para. 36]
)
Mueller [0036] SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. In sealing the volume encryption key to the TPM of server 104, the selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. Such embodiments can effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values. 
Mueller Para. [0037] When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image... Because PCR[7] measurements are expected to be substantially independent of the particular firmware version of the server on which it is measured, under normal circumstances recording of PCR[7] can be a one-time process per hardware component. 
Mueller [0034]
Such a volume encryption key can be generated at the SSIS. Security of the volume encryption key can be important to maintaining security of the encrypted OS volume because a symmetric key can be utilized for both encryption of data and decryption of data encrypted with the symmetric key.
)

transmit, from the management service to the device, a command to seal the volume encryption key in a non-volatile memory of a trusted platform module (TPM) of the device based on the predetermined PCR mask and the expected PCR values.  
 (See Mueller 
transmit, from the management service to the device, a command to seal the volume encryption key can be disclosed by SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. [Mueller Para. 36]
based on the predetermined PCR mask and the expected PCR values = effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values; [Mueller Para. 36] and
Para. 26 of applicant’s published specification states that “The predetermined PCR mask can be a predetermined set of PCRs 150 that are measured for sealing and unsealing the volume encryption key 163.” meaning that the mask can be a set of PCRs
predetermined platform configuration register (PCR) mask = selected PCR registers [Mueller para. 37]
)
Mueller Para. [0036] SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. In sealing the volume encryption key to the TPM of server 104, the selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. Such embodiments can effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values. 
Mueller Para. [0037] When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image 
Mueller [0087]
With reference to FIG. 9, computing device 900 includes a bus 910 that directly or indirectly couples the following devices: memory 912, 
[0089] Computer storage media include volatile and nonvolatile, …CD-ROM, digital versatile disks (DVD) or other optical disk storage, ….. which can be used to store the desired information. 
)

	However, Mueller does not expressly disclose 
generate, by a management service, a volume encryption key for a gateway device;
transmit, from the management service to the gateway device, a command to seal the volume encryption key in a non-volatile memory of a trusted platform module (TPM) of the gateway device based on the predetermined PCR mask and the expected PCR values.  

Zimny discloses  device management server creating an encryption key for a gateway device and issuing a command to the gateway device 
(See Zimny Para.  42, 56, 78, 82, 125, 162
Zimny discloses for a gateway device because the gateway device is a device node receiving a key from device management server [Zimny para. 125])
Zimny [0056] the device management server transmits to a gateway the commands included in its corresponding command queue. 
Zimny [0125] The device management server 806 may dynamically create a group emergency encryption key 814 when a user (e.g., an administrator) creates a new grouping of device nodes. ….Alternatively, the device management server 806 may generate a new group emergency encryption key 814 for the group and deliver the new public encryption key of the new group emergency encryption key to each device node remaining in the group.
Zimny [0162] FIG. 18 also depicts a block diagram of one of a computing device 1807 of the computing environment 1800. ….. Disk storage 1820 provides non-volatile storage for one or more instruction sets 1822 (e.g., an operating system) and data 1824 used to implement various aspects described herein. 
Zimny [0082] gateway 300 itself may include, …. memory
Zimny [0078] The security logic 340 of the low-power controller 322 corresponds to the instructions that control the manner in which the gateway 300 secures the communications (if at all) between access devices, other device nodes of the network, and the device management server. The security logic 340, in this example, includes respective sets of instructions that each correspond to a particular security mode… The security logic 340 stored at the memory of the low-power controller 322 may include one or more keys associated with the gateway device node 300 used to encrypt the content 
Zimny [0042] A device node as used herein refers to one of the devices of a local network of interconnected devices. A gateway device node as used herein refers to a device of a local network of interconnected devices that is configured for communicating via a wide area network (WAN)—such as the Internet and/or a cellular network—and for communicating with another one of the device nodes of the network.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mueller with the technique for a device management server dynamically creating an encryption key and issuing a command to a gateway device of Zimny to include 
generate, by a management service, a volume encryption key for a gateway device;
transmit, from the management service to the gateway device, a command to seal the volume encryption key in a non-volatile memory of a trusted platform module (TPM) of the gateway device based on the predetermined PCR mask and the expected PCR values.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to have a server generate and send encryption keys and send commands to a gateway device, so that the gateway device can be remotely managed and secured, and the gateway device can provide network services. The system of the primary reference can be modified so that server 104 can be modified to be a gateway device and the secure server imaging sevice 124 can be modified to implement the techniques for generating encryption key for a gateway device and send a command to the gateway device, as taught in the Zimny reference.

As per claim 5, the rejection of claim 1 is incorporated herein. 
Mueller discloses wherein the expected PCR values are associated with an untampered state of the device.  
(See Mueller Para. 37 describes determining the expected values for the PCR registers at the time of generating the OS image, which is the untampered state of the device, and also updating the PCR values as components are added, which also represents the untampered state of the device.  
)
[0037] When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image. …. Expected register values can be stored in a secure store (e.g., PCR Data Store 836 of FIG. 8) and may need to be updated each time a new hardware component gets introduced to the cloud computing system. 
However, Mueller does not expressly disclose wherein the expected PCR values are associated with an untampered state of the gateway device.  
Zimny discloses  gateway device managed by a server.  
(See Zimny Para. [0056] the device management server transmits to a gateway the commands included in its corresponding command queue. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mueller with the gateway device of Zimny to include wherein the expected PCR values are associated with an untampered state of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to determine the untampered state of the gateway device and store PCR values for the untampered state, so that any tampering of the gateway device may be detected. The system of the primary reference, e.g., server 104, can be modified to determine the expected PCR values of the untampered gateway device.

As per claim 6, the rejection of claim 1 is incorporated herein. 
Mueller discloses wherein the predetermined PCR mask comprises a plurality of PCRs, the plurality of PCRs comprising a PCR associated with a measurement of extractor code [instructions, Mueller para. 91] of the device.  
(Mueller wherein the predetermined PCR mask comprises a plurality of PCRs, is disclosed by selected PCR registers [Para. 36, 37].  
wherein the predetermined PCR mask comprises a plurality of PCRs is disclosed because para. 36 describes that multiple PCRs store measurements
 a PCR associated with a measurement of extractor code [instructions, para. 91] of the device is disclosed because the decryption of the sealed key by TPM is described [Mueller para. 35, 36, 71],  para. 93 discloses functions performed by entities may be carried out by firmware (such functions should include decryption) and para. 36 describes measuring key components such as firmware for storage as the PCR values [Mueller Para. 37].  That is, TPM can be measured as firmware.
)
Mueller [0035] In addition to the above considerations, server 104 needs to be able to access the volume encryption key utilized in producing the encrypted OS volume in order to decrypt the encrypted OS volume. 
Mueller [0036] In some embodiments, however, binding the volume encryption key to the TPM of server 104 by itself may not provide sufficient security. This is because an attacker with physical access to server 104 could use the TPM to decrypt the volume encryption key and gain access to the encrypted OS volume. An extra capability provided by a TPM is to measure key components such as executed firmware, firmware configuration, and an OS boot loader of server 104 and store these measurements into Platform Configuration Registers (PCRs) of the TPM. In some embodiments, to provide for additional security, the volume encryption key can be sealed to the TPM of server 104. To accomplish this, SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. In sealing the volume encryption key to the TPM of server 104, the selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. Such embodiments can effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values. 
Mueller [0093] Various functions described herein as being performed by one or more entities may be carried out by hardware, firmware, and/or software. 
Mueller [0071] If, on the other hand, the data volumes are currently protected by a disk encryption mechanism, the OS provisioning agent can request the encrypted keys from the management service, decrypt the encrypted keys using the server's TPM, and mount the volumes.
Mueller [0037] When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image. …a reference server that is similarly configured to server 104, at least with respect to any components measured for the selected PCR registers (e.g., UEFI firmware, boot loader, etc.), may be utilized to determine the expected PCR values. … These expected register values can be stored in a secure store (e.g., PCR Data Store 836 of FIG. 8) and may need to be updated each time a new hardware component gets introduced to the cloud computing system. 
Mueller Para. 
[0091] Memory 912 includes computer storage media in the form of volatile and/or nonvolatile memory. As depicted, memory 912 includes instructions 924. Instructions 924, when executed by processor(s) 914 are configured to cause the computing device to perform any of the operations described herein

However, Mueller does not expressly disclose wherein the predetermined PCR mask comprises a plurality of PCRs, the plurality of PCRs comprising a PCR associated with a measurement of extractor code of the gateway device.  
Zimny discloses gateway device managed by a server.  
(See Zimny para. 56, 78, 82 gateway 300
).
Para. [0056] the device management server transmits to a gateway the commands included in its corresponding command queue.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mueller with the gateway device of Zimny to include wherein the predetermined PCR mask comprises a plurality of PCRs, the plurality of PCRs comprising a PCR associated with a measurement of extractor code of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to store the PCR values of important components of the gateway device, such as PCR values of code used to decrypt the volume encryption key. The system of the primary reference can be modified to measure, at the gateway device, the code for extracting the volume decryption encryption key and store the measured values in a PCR.


As per claim 8, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 8 also recites A method performed by instructions executed by at least one computing device, the method comprising:
Mueller discloses A method performed by instructions executed by at least one computing device, the method comprising:
(
at least one computing device= SSIS 124 [Mueller para. 36]
at least one computing device can be disclosed by Computing device 900, as an example of implementation for SSIS [Mueller 0085]
)
Mueller [0003] Embodiments described herein include methods, computer-storage media, and systems for securely provisioning servers in a cloud computing environment 
Mueller [0091] Memory 912 includes computer storage media in the form of volatile and/or nonvolatile memory. As depicted, memory 912 includes instructions 924. Instructions 924, when executed by processor(s) 914 are configured to cause the computing device to perform any of the operations described herein

As per claim 13, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.

As per claim 15, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 15 also recites A non-transitory computer-readable medium comprising instructions executable by at least one computing device, wherein the instructions, when executed by at least one processor, cause the at least one computing device to at least:
Mueller discloses A non-transitory computer-readable medium comprising instructions executable by at least one computing device, wherein the instructions, when executed by at least one processor, cause the at least one computing device to at least:
(
at least one computing device= SSIS 124 [Mueller para. 36]
at least one computing device can be disclosed by Computing device 900, as an example of implementation for SSIS [Mueller 0085]
)
Mueller [0003] Embodiments described herein include methods, computer-storage media, and systems for securely provisioning servers in a cloud computing environment 
Mueller [0091] Memory 912 includes computer storage media in the form of volatile and/or nonvolatile memory. As depicted, memory 912 includes instructions 924. Instructions 924, when executed by processor(s) 914 are configured to cause the computing device to perform any of the operations described herein… The memory may be … solid-state memory, hard drives, optical-disc drives, etc
As per claim 12, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.
As per claim 19, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.
As per claim 20, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.



Claims 2, 4, 9, 11, 16, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mueller in view of Zimny, further in view of Liguori et al. U.S. Publication 20180004539 (hereinafter “Liguori”).
As per claim 2, the rejection of claim 1 is incorporated herein. 
Mueller discloses 
unseal, by extractor code of the device, the volume encryption key, the volume encryption key being unsealed based on the predetermined PCR mask and measured PCR values that are measured during a process of the device.  
(
extractor = TPM
unseal, by extractor code = use the TPM to decrypt the volume encryption key [Mueller para. 36, 71]
predetermined platform configuration register (PCR) mask = selected PCR registers [Mueller para. 36, 37]
unsealing based on the measured PCR values is disclosed at [Mueller para. 36]
unsealing based on the predetermined PCR mask is disclosed because the measured PCR values are stored in the selected PCR registers [Mueller para. 36]
).
Mueller [0071] decrypt the encrypted keys using the server's TPM, and mount the volumes.
Mueller [0068] One mitigation to the above vulnerability is to store the decryption keys for the data volumes outside the OS itself. As such, in some embodiments an architecture is provided in which the server can retrieve the corresponding decryption key of the data volumes from a secure service (e.g., SSMS 116 of FIG. 1 or management service 304 of FIG. 3) 
Mueller [0066] when the newly created OS image boots, it can utilize the decryption keys to unlock the data volumes 
Mueller [0036] could use the TPM to decrypt the volume encryption key and gain access to the encrypted OS volume…
extra capability provided by a TPM is to measure key components such as executed firmware, firmware configuration, and an OS boot loader of server 104 and store these measurements into Platform Configuration Registers (PCRs) of the TPM.
… In sealing the volume encryption key to the TPM of server 104, the selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. Such embodiments can effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values.
Mueller [0035] In addition to the above considerations, server 104 needs to be able to access the volume encryption key utilized in producing the encrypted OS volume in order to decrypt the encrypted OS volume.
Mueller [0037]
When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image.
Mueller [0071] decrypt the encrypted keys using the server's TPM, and mount the volumes.
Mueller [0091] Memory 912 includes computer storage media in the form of volatile and/or nonvolatile memory. As depicted, memory 912 includes instructions 924. Instructions 924, when executed by processor(s) 914 are configured to cause the computing device to perform any of the operations described herein


However, Mueller does not expressly disclose unseal, by extractor code of the gateway device, the volume encryption key, the volume encryption key being unsealed based on the predetermined PCR mask and measured PCR values that are measured during a boot process of the gateway device.  

Zimny discloses gateway device managed by a server.  
(See Zimny para. 56, 78, 82 gateway 300
).
Para. [0056] the device management server transmits to a gateway the commands included in its corresponding command queue.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mueller with the gateway device of Zimny to include 
unseal, by extractor code of the gateway device, the volume encryption key, the volume encryption key being unsealed based on the predetermined PCR mask and measured PCR values that are measured during a boot process of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to unseal the volume encryption key in order to decrypt encrypted storage volumes of the gateway device using the volume encryption key. The system of the primary reference (e.g., server 104) can be modified to perform the unsealing and measuring for the gateway device serving as server 104.

However, the combination of Mueller and Zimny does not expressly disclose 
unseal, by extractor code of the gateway device, the volume encryption key, the volume encryption key being unsealed based on the predetermined PCR mask and measured PCR values that are measured during a boot process of the gateway device.  
Liguori discloses measuring PCR values during a boot process
Liguori Para. [0066] Vmin may then generate an encryption key … This key may then be sealed at the TPM using the current contents of the PCRs (which at this point comprise hash values generated during the phases of the boot process mentioned in element 604) (element 613).
Liguori [0035] If the first phase succeeds, a second phase of the boot procedure may be initiated in various embodiments, during which various firmware/software programs may be “measured” using a security module ... One of the functions supported by the TPM may be to store evidence of software/firmware states (and state changes) using hash values stored in a set of processor control registers (PCRs). … During this second “measuring” phase of the boot procedure, evidence of the exact versions of firmware/software being loaded may thus be stored in one or more of the TPM's PCRs in various embodiments. 
Liguori [0060] During the second phase, which is referred to as the measured boot phase 506 in FIG. 5, one or more of the firmware/software programs executed or launched may be used to extend a security module's PCR (or several PCRs) as shown in element 509, thereby leaving precise (and hard to forge) evidence of the programs. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Mueller and Zimny with the technique for measuring components of a computing system to determine PCR values during a boot process of Liguori to include 
unseal, by extractor code of the gateway device, the volume encryption key, the volume encryption key being unsealed based on the predetermined PCR mask and measured PCR values that are measured during a boot process of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to obtain the correct PCR values during a boot process, as the boot process the values have not been tampered with is less likely that the components have been tampered with since the earlier the PCR measurements are made, the less likelihood of tempering by malicious software. The system of the primary reference (e.g., server 104) can be modified to measure the PCR values during the boot process, as taught in the Liguori reference
	
As per claim 4, the rejection of claim 2 is incorporated herein. 
Mueller discloses wherein the measured PCR values match the expected PCR values.  
(expected PCR values can be disclosed by selected PCR values [0036], also sometimes described as designated PCR values [0036]
)
Mueller [0036] SSIS 124 can establish a remote session with the TPM of server 104 and can utilize this session to cause the TPM of server 104 to remotely seal the volume encryption key based on selected PCR values. In sealing the volume encryption key to the TPM of server 104, the selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. Such embodiments can effectively prevent access of the encrypted OS volume unless PCR values of the TPM of server 104 match the designated PCR values. 
As per claim 9, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.
As per claim 11, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.
As per claim 16, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.
As per claim 18, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.


Claims 3, 10, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mueller in view of Zimny, in view of Liguori, further in view of Liu et al. Chinese application CN 108959943 A (machine translation) (hereinafter “Liu”).
As per claim 3, the rejection of claim 2 is incorporated herein. 
Mueller discloses load, by the extractor code of the device, the volume encryption key to the device to enable decryption of a storage volume of the device.  
( load, by the extractor code of the device can be disclosed by TPM code of the device loading [Mueller para. 36, 37] volume encryption key to enable decryption of a storage volume of the device, shown across multiple paragraphs 35-36, 66, 68, 71. computer readable media can be used to store the loaded volume encryption key information [Mueller para. 89]
)
Mueller [0071] decrypt the encrypted keys using the server's TPM, and mount the volumes.
Mueller [0068] One mitigation to the above vulnerability is to store the decryption keys for the data volumes outside the OS itself. As such, in some embodiments an architecture is provided in which the server can retrieve the corresponding decryption key of the data volumes from a secure service (e.g., SSMS 116 of FIG. 1 or management service 304 of FIG. 3) 
Mueller [0066] when the newly created OS image boots, it can utilize the decryption keys to unlock the data volumes 
Mueller [0036] could use the TPM to decrypt the volume encryption key and gain access to the encrypted OS volume. … selected PCR values act as a condition for decrypting the volume encryption key in order to load the encrypted OS volume. 
Mueller [0035] In addition to the above considerations, server 104 needs to be able to access the volume encryption key utilized in producing the encrypted OS volume in order to decrypt the encrypted OS volume.
Mueller [0089] Computer storage media include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. …, or any other medium which can be used to store the desired information

However, Mueller does not expressly disclose 
load, by the extractor code of the gateway device, the volume encryption key to a kernel of the gateway device to enable decryption of a storage volume of the gateway device.  
Zimny discloses gateway device managed by a server.  
(See Zimny para. 56, 78, 82 gateway 300
).
Para. [0056] the device management server transmits to a gateway the commands included in its corresponding command queue.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mueller with the gateway device of Zimny to include 
load, by the extractor code of the gateway device, the volume encryption key to the gateway device to enable decryption of a storage volume of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to decrypt encrypted storage volumes of the gateway device using the volume encryption key. The system of the primary reference (e.g., server 104) can be modified to load the volume encryption key to the gateway device to facilitate decrypting storage volumes.

	However, the combination of Mueller, Zimny, and Liguori does not expressly disclose 
load, by the extractor code of the gateway device, the volume encryption key to a kernel of the gateway device to enable decryption of a storage volume of the gateway device.  
Liu discloses loading an encryption key to a kernel of a device to enable decryption
Liu page 2, 9th paragraph
The kernel domain of security system loads the encrypted ciphertext of one or more encryption keys
Liu page 2, 10th paragraph
a kind of device for managing encrypted key in the security system is provided.It should Device includes: kernel domain encryption handling unit, is configured to respond to start the security system, from the use of the security system
The encrypted close of one or more encryption keys is loaded to the kernel domain of the security system
Liu Page 3, 10th paragraph encryption key can be stored in the storage device of user domain ….. although safeguard measure (such as user name, password authentification) can be set for particular memory region, It is in contrast still to be more easily damaged or stolen by malicious user.
Liu Page 3, 11th paragraph safety management of encryption key is realized by kernel domain.
Liu Page 3, bottom paragraph Kernel domain 120 is usually construed as belonging to a part of operating system, 
Liu Page 4, 3rd paragraph kernel domain 120 can load the encrypted ciphertext of encryption key, … The plaintext of key is only buffered in the kernel domain storage 122 of kernel domain 120, and is used for when encrypting and decrypting function is called 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Mueller, Zimny, and Liguori with the technique for loading an encryption key to a kernel of a device to enable decryption of Liu to include 
load, by the extractor code of the gateway device, the volume encryption key to a kernel of the gateway device to enable decryption of a storage volume of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to prevent malicious 3rd parties from gaining access to or tampering with the encryption key since the kernel domain of operating system is more secure than the user  domain. The system of the modified primary reference (server 104) can be further modified to load the volume encryption key to a kernel domain of the gateway device.
As per claim 10, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.
As per claim 17, the claim(s) is/are directed to a non-transitory computer-readable medium with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.


Claims 7 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mueller in view of Zimny, further in view of Leggette et al. U.S. Publication 20110225451 (hereinafter “Leggette”).
As per claim 7, the rejection of claim 1 is incorporated herein. 
Mueller discloses wherein the predetermined PCR mask is included in extractor code of the device.  
(predetermined platform configuration register (PCR) mask = selected PCR registers [Mueller para. 36, 37]
the device= server 104[Mueller para. 36]
predetermined PCR mask is included in extractor code of the device is disclosed because the Mueller server 104 has the TPM [Mueller para.  71] and the TPM is programmed to access the selected  PCRs that store the measured PCR values [Mueller para. 36, 37], and the TPM can perform extracting of the sealed encryption key [Mueller para. 71]
extractor = TPM [Mueller para. 36, 71]
)
[0071] If, on the other hand, the data volumes are currently protected by a disk encryption mechanism, the OS provisioning agent can request the encrypted keys from the management service, decrypt the encrypted keys using the server's TPM, and mount the volumes.
Mueller [0036] extra capability provided by a TPM is to measure key components such as executed firmware, firmware configuration, and an OS boot loader of server 104 and store these measurements into Platform Configuration Registers (PCRs) of the TPM. 
[0037]
When sealing the volume encryption key, the expected values for the selected PCR registers would be designated by SSIS 124 at the time of generating the OS image.
Mueller [0091] Memory 912 includes computer storage media in the form of volatile and/or nonvolatile memory. As depicted, memory 912 includes instructions 924. Instructions 924, when executed by processor(s) 914 are configured to cause the computing device to perform any of the operations described herein

However, Mueller does not expressly disclose 
wherein the predetermined PCR mask is included in each of the management service and extractor code of the gateway device.  
Zimny discloses gateway device managed by a server.  
(See Zimny para. 56, 78, 82 gateway 300
).
Para. [0056] the device management server transmits to a gateway the commands included in its corresponding command queue.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Mueller with the gateway device of Zimny to include wherein the predetermined PCR mask is included in extractor code of the gateway device.   
One of ordinary skill in the art would have made this modification to improve the ability of the system to include the selected PCRs on the gateway device, so that the gateway device can be monitored for tampering. The system of the primary reference can be modified so that the server 104 is a gateway device. The system of the primary reference can be modified to store the selected PCRs in a gateway device, to improve the ability of the system to utilize a gateway device to perform the TPM operations as taught in the Zimny reference. Utilizing a gateway device as server 104 will provide the benefits of the capabilities of a gateway device while managing the gateway device efficiently as taught in the Mueller reference. 

	However, the combination of Mueller and Zimny does not expressly disclose 
wherein the predetermined PCR mask is included in each of the management service and extractor code of the gateway device.  Leggette discloses a technique for storing an extra copy of standard or sensitive information for a management unit
(See Leggette para. 137, where the managing unit includes a redundant copy of standard information and sensitive information
).
 Para. [0137] In an operational scenario example, a first DS managing unit stores a redundant copy of the standard information 240 as a first set of encoded data slices in the DSN memory and stores a redundant copy of the sensitive information 242 as a second set of encoded data slices in the DSN memory. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Mueller and Zimny with the technique for storing an extra copy of standard or sensitive information for a management unit of Leggette to include 
wherein the predetermined PCR mask is included in each of the management service and extractor code of the gateway device.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to retain redundant copies of critical information, such as the information regarding PCRs that store PCR values, so that the managing unit can obtain such information as needed. The system of the primary reference can be modified so that the SSIS stores a copy of the selected PCRs.
As per claim 14, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 7, and is/are rejected for the reasons detailed with respect to claim 7.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Emphasis is additional throughout.