DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	Applicant’s response filed on May 18, 2022 have been considered.  Claims 1, 3, 5, 10, 12, 14, 17, and 19-20 have been amended.  Claims 1-20 are pending.

Drawings
3.	Figure 5 is objected, because in figure 5:
(i)	item “Generate a hash of previous handshake messages (in plural form)” (on Cluster Manager side). However, specification [0029] discloses “the cluster manager generating a hash of a previous handshake message (in singular form).”.  Therefore, figure 5 is not consistent with specification. 
(ii)	item ‘Sign the message using Server private key’ (on Cluster Master side) should be ‘Sign the handshake messages using Cluster Manager private key’, because terms used in figure 5 need to be consistent;
(iii)	item ‘Sign the message using Server private key’ (on New Node side) is incorrect, and should be ‘Sign the handshake messages using New Node private key’, because specification [0029] discloses the new node signs the handshake message using new node private key, not ‘server private key’.

Claim Rejections - 35 USC § 112
4.	Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Referring to claims 1, 17:
	The amended claim 1 recites:
	“verifying at the new node that the cluster manager serial number is validated against the white list,”.  The specification [0018], and fig. 4 disclose the new node validates the cluster manager serial number. However, the specification [0018], and fig. 4 do not disclose that the new node validates cluster manager serial number against a whitelist. 
	Therefore, the amended claim 1 is rejected for failing to comply with the written description requirement.
	Amended Claim 17 recites the similar limitation as claim 1, and is therefore rejected based on the same rationale. 
Referring to claim 5:
	The amended Claim 5 recites:
          	“wherein establishing secure communication comprises the steps of: 
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key; 
           b. sending the signed manager hash to the new node and at the new node verifying the hash using manager public key; 
           c. generating a node hash at the new node and signing the node hash using node private key; 
           d. sending the signed node hash to the cluster manager and at the cluster manager verifying the hash using node public key.”
	Claim 5 recites cluster manager sending the signed manager hash to the new node, wherein the new node verifying the signed manager hash with manager public key, and the new node sending the signed node hash to the cluster manager, wherein the cluster manager verifying the signed node hash with node public key.
	However, the specification discloses:
	“FIG. 5 illustrates an embodiment for establishing trust between a node and the cluster manager. In this example the process starts by the cluster manager generating a hash of a previous handshake message. It then sends the hash to the iSM to be signed, and the iSM forwards the hash to iDRAC to be signed. The iDRAC signs the hash using server private key and provides the signature to iSM, which forwards it to the cluster manager application. The cluster manager application sends the signed message to the node. Using the public key of the cluster manager, the node application verifies the digital signature received from the cluster manager. If verified, the node application generates a hash of previous handshake message and asks the iSM to sign the handshake message. The iSM forwards the request to the iDRAC, which uses the node's private key to sign the message, and sends the digital signature to the iSM. The iSM provides the digital signature to the node application, which sends it to the cluster manager. The cluster manager application then verifies the signature using the public key of the new node.” (see spec. pub. [0029]) 
         	Therefore, according specification [0029]: 
           On the Cluster Master:
           (i)    application generating a hash of a previous handshake message;
           (ii)    application sending the hash to the iSM;
           (iii)   iSM forwarding the hash to iDRAC;
           (iv)   iDRAC signs the hash with Cluster Manager private key to generate a digital signature;
           (v)    iDRAC providing the digital signature to iSM;
           (vi)    iSM forwarding the digital signature to application;
           (vii)   the application sends the signed message to the node.
	Therefore, the specification discloses sending a signed message, but not sending a signed hash, such as claimed.
	On the new node:
	specification [0029] discloses the node sending a digital signature to the cluster manager.
           Therefore, amended claim 5 is rejected for failing to comply with the written description requirement.
	Examiner suggests: (i) change “the cluster manger signed hash” to “the cluster manager digital signature”; and (ii) change “the new node signed hash” to “the new node digital signature”, in order to resolve the 112(a) issue.
Referring to claim 10:
The amended claim 10 recites:
“receive a request from a new node to join the computing cluster;   
            verify that a node identifier (ID) sent by the new node matches a manager ID stored in a white list of the cluster manager, wherein the node ID comprises a node serial number; 
             when the two IDs match, add the new node to a trust store of the cluster manager; and, 
             send a server certificate to the new node when a cluster manager serial number of the cluster manager is validated at the new node.”.
	(i)    However, specification [0029] discloses a node identifier sent by the new node matches the node identifier stored in a white list of the cluster manager (see fig. 3, fig. 4); and
	(ii)	However, the specification does not disclose “send a server certificate to the new node when a cluster manager serial number of the cluster manager is validated at the new node”. The amended limitation can be interpreted “when a cluster manager serial number of the cluster manager is validated at the new node” as a condition, or requirement, for sending a server certificate to the new node.
	(iii)	“a node ID” should be “a new node ID”, and “a manager ID” should be “a cluster manager ID”.
 Referring to claims 13-14:
 	The amended claim 13 recites:                                  
 	“generate a hash of prior handshake message;      
  	sign the hash using manager private key; and, 
  	send the hash to the new node.”; and 
  	The amended 14 recites:
  	“receive a signed hash from the new node; and,
  	 verify the signed hash using public key of the new node.”.
             	 (i)	However, “send the hash”, and “verify the signed hash” are not supported by the specification (see claim 5 rejection above);
	  	 (ii)	“public key of the new node” should be “public key of the cluster manager”;
 	   	(iii)    “send the hash”, “verify the signed hash” are not consistent; and
 	   	(iv)    “manager private key” should be “a cluster manager private key”.
Referring to claim 20:
	Amended Claim 20 recites:
		“a. generating a manager hash at the cluster manager and signing the manager hash using a manager private key; 
            b. sending the signed manager hash to the new node and at the new node verifying the signed manager hash using a manager public key; 
            c. generating a node hash at the new node and signing the node hash using a node private key; and; 
            d. sending the signed node hash to the cluster manager and at the cluster manager verifying the signed node hash using a node public key.”
	However, according to specification [0029]:
	(i)	sending “the signed manager hash”, and sending the “signed node hash” are not supported by the specification (see claim 5 rejection above)
	(ii)	“manager” should be “cluster manager”, and “node” should be “new node”, in order to be consistent with terms used in the claim tree.
Referring to claims 2-4, 6-9, 12, 15-16, and 18-19:
		Claims 2-4, 6-9, 12, 15-16, and 18-19 are rejected because they are dependent from claims 1, 10, and 17 respectively.

Claim Rejections - 35 USC § 103

5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-6, 8-14, and 16-20  are rejected under 35 U.S.C. 103 as being unpatentable over Giassa et al. (U.S. 2021/0136147 A1), hereinafter “Giassa”, in view of Innes et al. (U.S. 2018/0007059 A1), hereinafter “Innes”.
Referring to claim 1:
	 	Giassa teaches:
                      In a computing cluster comprising a cluster manager and a plurality of nodes, each node comprising a management platform, an application, and a host operating system (OS), a method of mutual authentication for joining a new node to the cluster, comprising (see Giassa, fig. 1, 102 ‘master node [i.e. a cluster manager ]’, 104 ‘cluster controller’, 106 ‘data storage’, 110, 112, 114, 116 [i.e., worker nodes], [0054] ‘a handshake [i.e., mutual authentication for joining a new node to the cluster ] or authentication process’): 
           adding node serial number of the new node to the cluster manager (see Giassa, [0023] ‘user 118 may provide configuration information to cluster node 102’; [0054] ‘as part of a handshake or authentication process, …serial number’); 
           adding an Internet protocol (IP) address of the cluster manager on the new node (see Giassa, [0052] ‘worker node 300 may send… request message for requesting an IP address’); 
           authenticating the new node to the cluster manager by: sending a request to join the cluster from the new node to the cluster manager, the request including the node serial number (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the cluster manager that the node serial number is valid and, upon verification, adding the new node to a cluster manager trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’; [0081] ‘the new node can be added to the cluster’); 
           authenticating the cluster manager to the new node by: sending from the cluster manager the manager information to the new node (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the new node that the manager information is validated and, upon validation, adding the cluster manager to a node trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding cluster manager to trust store ].’; [0021] ‘repository’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node.
	Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.
However, Giassa does not disclose whitelist.
		Innes discloses the whitelist (see Innes, [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’).
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process.
 Referring to claims 2-3, 18-19:
		Giassa and Innes further disclose:
		wherein sending a request to join the cluster comprises sending a node certificate embedded in the new node, wherein the node certificate includes the node serial number (see Gisssa, [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’. And, Innes, [0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use certificates. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because certificates are strong credential which can be used for authentication. 
Referring to claim 4:
		Giassa and Innes further disclose:
		establishing secure communication between the new node and the cluster manager (see Innes, [0162] ‘TLS or SSL’; [0170] ‘secure communications’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use secure communications between the new node and the cluster manager. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because secure communications ensure data security between communications between cluster appliances.
Referring to claims 5, 20:
		Giassa and Innes further disclose:
	wherein establishing secure communication comprises the steps of: 
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key (see Giassa, fig. 1, 102 master node, 110 worker node.  And. Innes, [0138] ‘signing…signature… private key… hashing data… digest… signature verification’);
            b. sending the signed manager hash to the new node and at the new node verifying the signed manager hash using manager public key (see Innes, [0137]  ‘public key’; [0138] ‘signing…signature… private key… hashing data… digest… signature verification’); 
            c. generating a node hash at the cluster manager and signing the node hash using node private key (see Giassa, fig. 1, 102 master node, 110 worker node.  And. Innes, [0138] ‘signing…signature… private key… hashing data… digest… signature verification’); 
            d. sending the signed node hash to the cluster manager and at the cluster manager verifying the signed node hash using node public key (see Innes, [0137]  ‘public key’; [0138] ‘signing…signature… private key… hashing data… digest… signature verification’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key for signing, and a corresponding public key for signature verification. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because signature verification can ensure data integrity.
Referring to claim 6:
		Giassa and Innes further disclose:
		sending a request to the cluster manager to sign application certificate (see Giassa, [0059] ‘a worker node 300 may request … from master node 102’. And, Innes, [0138] ‘signing’ ;[0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to sign a service certificate. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because signature verification can ensure data integrity.
Referring to claims 8, 11:
Giassa and Innes further disclose:
		sending a request for cluster manager’s root certificate authority certificate and adding the root certificate authority certificate to a trust store of the new node (see Innes, [0223] ‘root or subordinate root certificates, into a protected data store’; [0228] ‘a certificate authority’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a root certificate authority certificate. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a root certificate authority certificate can enhance security.
Referring to claims 9, 16:
Giassa and Innes further disclose:
		adding the new node to the cluster after signing the application certificate (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding cluster manager to trust store ].’). 
Referring to claim 10:
		Giassa teaches:
		A system comprising: 
           a computing cluster having one or more processors and a cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’); and 
           a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to: 
           receive a request from a new node to join the computing cluster (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); 
           verify that a node identifier (ID) sent by the new node matches a manager ID stored in the cluster manager (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0054] ‘serial number [i.e., ID ]’); 
           when the ID matches, add the new node to trust store of the cluster manager (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0054] ‘serial number [i.e., ID ]’; [0081] ‘the new node can be added to the cluster’); and, 
            send a configuration to the new node (see Giassa, [0057] ‘master node 102 may provide a configuration image… to worker node 300’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node.
            Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.
	However, Giassa does not disclose the whitelist, the server certificate.
	           Innes disclose the whitelist, and the server certificate (see Innes, [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’); [0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers trusted, and certificates. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process, and certificates are strong credential which can be used for authentication.
 Referring to claim 12:
		Giassa and Innes further disclose: challenge/response protocol (see Innes, [0190] ‘challenge/response credentials’)
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use challenge/response protocol.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because challenge/response protocol is well-known and popular authentication method for client sever architecture.
Referring to claim 13:
	Giassa and Innes further disclose:
          generate a hash of prior handshake message; sign the hash using manager private key; and, send the hash to the new node (see Giassa, [0025] ‘handshake’. And, Innes, [0138] ‘signing… private key… hashing data’)
          It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key to sign a hash.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a private key to sign a hash can enhance data integrity.
 Referring to claim 14:
	Giassa and Innes further disclose:
	verifying the signed hash with public key (see Innes, [0138] ‘signing… private key… hashing data’; [0216] ‘a public key PKCS7 authentication’). 
Referring to claim 17:
		Giassa teaches:
	A computer program product comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein to be executed by one or more processors, the program code operating in a computing cluster and including instructions to (see Giassa, fig. 1, 102 ‘master node’, 104 ‘cluster controller’, 106 ‘data storage’, 110, 112, 114, 116 [i.e., worker nodes], [0054] ‘a handshake or authentication process [i.e., mutual authentication for joining a new node to the cluster ]’): 
          authenticating a new node to a cluster manager by: 
          sending a request to join the computing cluster from the new node to the cluster manager, the request including a node serial number (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the cluster manager that the node serial number is valid and, upon validation, adding the new node to a cluster manager trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’; [0081] ‘the new node can be added to the cluster’); 
           authenticating the cluster manager to the new node by: 
           sending from the cluster manager the manager information to the new node (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
            verifying at the new node that the manager information is validated and, upon validation, adding the cluster manager to a node trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node. 
	Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.
However, Giassa does not disclose whitelist.
		Innes discloses the whitelist (see Innes, [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’); [0084] ‘Authentication services 558 may use certificates’).
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process.

7.	Claims 7, and 15  are rejected under 35 U.S.C. 103 as being unpatentable over Giassa et al. (U.S. 2021/0136147 A1), in view of Innes et al. (U.S. 2018/0007059 A1), further in view of Pecen et al. (U.S. 2013/0078947 A1), hereinafter “Pecen”.
Referring to claims 7, 15:
		Giassa and Innes further disclose: send a certificate signing request (see Innes, [0200] ‘send a certificate signing request’), root certificate (see Innes, [0223] ‘root or subordinate root certificates’), and the certificate authority (see Innes, [0220] ‘certificate authority’).
		However, they do not disclose an application certificate. 
		Pecen disclose the application certificate (see Pecen, [0031] ‘the cryptographic certificate can be used to sign the mobile device application…root certificate authority’; [0156] ‘Prior to receiving the authentication request a digital certificate that includes the application identifier is generated [i.e., creating a certificate signing request ].’)
            It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Pecen into the system of Giassa to sign an application certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Pecen’s teaching could enhance the system of Giassa, because “integrity of the mobile device application can be verified” (see Pecen, [0031]).

Response to Arguments
8.	Applicant's arguments filed on May 18, 2022 have been fully considered but they are not persuasive.
(a)	Applicant submits:
“Therefore, claim 5 fully complies with all requirements of Section 112, including the written description requirement, enablement requirement, and definiteness requirement.” (see page 9, last par)
Examiner maintains:
The amended claim 5 is rejected under 35 U.S.C.112(b) (see 112(b) rejection above)
(b)	Applicant submits:
“Applicant submits that neither Giassa nor Innes discloses or suggests at least “verifying at the new node that the cluster manager serial number is validated against the white list” as recited in claim 1.” (see page 10, middle)
Examiner maintains:
Giassa discloses: fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  Therefore, Giassa discloses the handshake (a mutual authentication process) between the new node and the cluster manager, wherein the new node sending the node serial number to the cluster manager for authentication.
It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s “handshake or authentication process” between the new node and the cluster manager.
Innes discloses: [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’.  Therefore, Innes discloses using a whitelist of machines trusted for authentication.
Therefore, the combination of references disclose or suggest the claimed limitation.
(c)	Applicant submits:
“In view of the above, Giassa and Innes do not teach or suggest “verifying at the new node that the cluster manager serial number is validated against the white list” as recited in claim 1 (emphasis added).” (see page 11, 3rd par)
Examiner maintains:
The combination of references disclose or suggest the claimed limitation (see (b) above). 
 
Conclusion

9.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Moore; Larry et al. (US 20090289776 A1) disclose composite multiple rfid tag facility;
(b)	Mats; Leonid et al. (US 20150130593 A1) disclose EXTERNAL ACCESS TO MEMORY ON AN RFID TAG;
(c)	Butler; Timothy P. et al. (US 20160048709 A1) disclose INFORMATION RFID TAGGING FACILITIES; 
(d)	Srivastava; Sunil K. (US 7260716 B1) disclose Method for overcoming the single point of failure of the central group controller in a binary tree group key exchange approach;
(e)	Puleston; David et al. (US 20130176115 A1) disclose RFID DRIVE MANAGEMENT FACILITY;
(f)	Kanekar; Tushar (US 20100325419 A1) disclose SYSTEMS AND METHODS FOR ENCODING THE CORE IDENTIFIER IN THE SESSION IDENTIFIER.
 
 10.       THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
           A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
                       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492