Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The IDS dated 12/10/2020 was received and considered.
Claims 1-20 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 10-14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Australian Patent Publication AU 2018100055 A4 to Hack et al. (Hack), published 2/21/2019 in view of WIPO Publication WO 2021/216030 A1 to McMillan et al. (McMillan), filed 4/20/2020.
Regarding claim 1, Hack discloses a non-volatile data storage drive (storage device 105, 107, ¶22, ¶34); a pre-boot operating system (first and second bootloaders, ¶45, ¶52) stored in an encrypted form according to a first key (first bootloader is encrypted with a first key, ¶47; second bootloader is encrypted with a second key, ¶53) on a first portion of the non-volatile data storage drive (¶47, ¶52); a main operating system stored in an encrypted form (operating system kernel is encrypted with key, ¶59, ¶61) according to a second key (encrypted with second key, ¶61) on a second portion of the non-volatile data storage drive (kernel located on storage device, ¶60); and a system built in operating system (BIOS) chip, the system BIOS chip (BIOS initiates access to bootloaders, ¶67) is configured to, obtain the first key (decrypt first bootloader with first key, ¶48), load and decrypt the pre-boot operating system (decrypt first bootloader with first key, ¶48) into dynamic memory (load into RAM, ¶48), and cause the pre-boot operating system to run from dynamic memory (execute first bootloader, ¶49).  Hack lacks the BIOS chip initiating a first authentication process and obtaining the key after successful completion of the first authentication process.  However, McMillan teaches a BIOS firmware requesting configuration (¶18, ¶44) by authenticating, via a certificate, to a VPN server (¶27, ¶47), in response to successful completion of the authentication process, obtaining a key to decrypt a BIOS bootloader (¶28, ¶49).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hack to include the BIOS chip initiating a first authentication process and obtaining the key after successful completion of the first authentication process.  One of ordinary skill in the art would have been motivated to perform such a modification to enable authentication of a device prior to booting, as taught by McMillan (¶11).
Regarding claim 10, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.
Regarding claim 19, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.
Regarding claims 2 and 11, Hack, as modified above, teaches wherein the first authentication process comprises providing identification information to a remote authentication server (providing certificate to VPN server, as modified above by McMillan, ¶27, ¶47).
Regarding claims 3 and 12, Hack, as modified above, teaches wherein the identification information is a certificate (providing certificate to VPN server, as modified above by McMillan, ¶27, ¶47).
Regarding claims 4 and 13, Hack, as modified above, teaches wherein the first key is obtained from the remote authentication server (key is obtained from authentication server, ¶28).
Regarding claims 5 and 14, Hack, as modified above, lacks wherein the first authentication process comprises providing a user prompt to enter a password and verifying that a user entered password is correct.  However, McMillan teaches that PIN entry and verification can be utilized in place of certificate authentication (¶27) and were known to be substitutes by a skilled artisan.  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hack, as modified above, such that the first authentication process comprises providing a user prompt to enter a password and verifying that a user entered password is correct.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize PIN authentication as a known method of authenticating a user to a device, as taught by McMillan.

Claims 6-9, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hack and McMillan, as applied to claims 1, 10 and 20 above, in view of US 10,154,023 B1 to Nossik et al. (Nossik).
Regarding claims 6 and 15, Hack, as modified above, discloses loading and decrypting the main operating system into dynamic memory, and causing the main operating system to run from dynamic memory (¶¶48-49), but lacks wherein the pre-boot operating system is configured to initiate a second authentication process and obtain the second key after a successful completion of the second authentication process.  However, Nossik teaches that it was known to executed a pre-boot execution environment that would authenticate itself to a remote entity and retrieve a secret, where the secret would be used to decrypt an operating system (Fig. 9, col. 6, lines 36-49) to enable a cloud-based instantiation of the operating system (col. 1, lines 39-47).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hack, as modified above, such that the pre-boot operating system is configured to initiate a second authentication process and obtain the second key after a successful completion of the second authentication process (obtain a key to decrypt the OS after the bootloader authenticates).  One of ordinary skill in the art would have been motivated to perform such a modification to enable a cloud-based operating system instantiation, as taught by Nossik.
Regarding claims 7 and 16, Hack, as modified above, teaches wherein the second authentication process comprises providing identification information to a remote authentication server (as modified above by Hack, col. 6, lines 36-49, where the execution environment can authenticate with an authentication service).
Regarding claims 8 and 17, Hack, as modified above, teaches wherein the second key is obtained from the remote authentication server (as modified above by Hack, receiving a secret for decryption of the operating system, Fig. 9 and col. 6, lines 28-31).  
Regarding claims 9 and 18, Hack, as modified, lacks wherein the second authentication process comprises providing a user prompt to enter a password and verifying that a user entered password is correct.  However, Nossik teaches that it was known to require a password to authenticate an execution environment prior to decryption of an operating system (claim 1, col. 4, lines 4-13).  Note that Nossik further describes authenticating via a one-time password generator (col. 6, lines 46-47).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hack, as modified above, such that the second authentication process comprises providing a user prompt to enter a password and verifying that a user entered password is correct.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize a known method of authentication, as taught by Nossik.
Regarding claim 20, Hack, as modified, teaches wherein the secure location (for the first key) is a remote authentication server (as modified above by McMillan) and teaches wherein the identification information comprises a certificate, and wherein the first authentication process comprises: forwarding the certificate to the remote authentication server (as modified above by McMillan, ¶27, ¶47); and obtaining the first key in response to successful authentication of the certificate (¶44), but lacks wherein the secure location (for the second key) is a remote location.  However, Nossik teaches that it was known to executed a pre-boot execution environment that would authenticate itself to a remote entity and retrieve a secret, where the secret would be used to decrypt an operating system (Fig. 9, col. 6, lines 36-49) to enable a cloud-based instantiation of the operating system (col. 1, lines 39-47).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hack, as modified above, such that the pre-boot operating system is configured to initiate a second authentication process and obtain the second key after a successful completion of the second authentication process (obtain a key to decrypt the OS after the bootloader authenticates).  One of ordinary skill in the art would have been motivated to perform such a modification to enable a cloud-based operating system instantiation, as taught by Nossik.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
July 22, 2022