DETAILED ACTION
Claims 1-9 and 11-20 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 4-9, 11-15 and 18-20 are in condition for allowance. Examiner notes that remain rejected claims that need to be resolved.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 and 2 are rejected under 35 U.S.C. 103 as being unpatentable over Aziz et al. (WO 2011/139135 A1) [hereinafter “Aziz”] in view of Campagna et al. (CA 3004189 C) [hereinafter “Campagna”] in further view of Fenner et al. (US PGPUB No. 2017/0302459) [hereinafter “Fenner”] in further view of Larson (US PGPUB No. 2013/0014246).

As per claim 1, Aziz teaches a system, comprising: a plurality of information handling systems (IHSs), each having a unique system information that uniquely identifies the IHS ([0034], when generating an EK certificate, the trusted platform information is required and sent to the CA, i.e. information identifying the underlying trusted platform which is associated with the vTPM identifier) and a trusted platform module (TPM) configured to store a private Endorsement Key (EK), an EK certificate containing a public EK, a public signing key and a private signing key ([0034], the vTPM like standard TPM’s stores a public/private EK key pair as well as signing keys see also [0032], vTPM certificate request is signed using a variant of the EK private key); and a first system configured to store an entitlement database for the plurality of IHSs, wherein for each IHS, the entitlement database associates the unique system information specified for the IHS with the EK certificate and the public signing key stored within the TPM of the IHS ([0008], [0011]-[0012] and [0024], secure storage used to store vTPM certificates and associated keys, i.e. signing keys); and a second remote system communicatively coupled, via a network, to the first remote system and to the plurality of IHSs, wherein the second remote system comprises a second computer readable medium configured to store verification software and a processing device ([0006]-[0007], CA can be software or hardware), wherein upon receiving a verification request to verify an identity of an HIS, the processing device of the second remote system is configured to execute the verification software to: to communicate with the first system over the network to retrieve an EK certificate corresponding to the first IHS from the entitlement database ([0012], retrieving EK certificate from secure storage, i.e. entitlement database) and communicate with the first IHS over the network to cryptographically verify the identity of the first IHS using the EK certificate retrieved from the entitlement database ([0012], verifying validity of the vTPM identity using the EK certificate).
	Aziz does not explicitly teach the system information is a unique system identifier that uniquely identifies the IHS. Campagna teaches the system information is a unique system identifier that uniquely identifies the IHS ([0025], identity key pair from the l-sys that can uniquely identify the device along with a dedicated TPM see [0033]) furthermore ([0026], each host gets an ID as well as possible virtual machine ID’s running on the host both tied to a dedicated TPM).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz with the teachings of Campagna, the system information is a unique system identifier that uniquely identifies the IHS, to allow specific naming and sorting conventions that can be customized by an admin or user.
	The combination of Aziz and Campagna does not explicitly teach the TPM configured to store keys and certificates. Fenner teaches the TPM configured to store keys and certificates ([0003] and [0018], TPM storing keys and certificates as well as EK certificates see also [0007], certificates are stored by CA as well). 
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz and Campagna with the teachings of Fenner, the TPM configured to store keys and certificates, to provide flexibility in implementing the location of the various functionalities of the TPM system.
	The combination of Aziz, Campagna and Fenner does not explicitly teach that the entitlement database can reside on a remote first system. Larson teaches that the entitlement database can reside on a remote first system ([0060], secure online repository for certificates for devices).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz, Campagna and Fenner with the teachings of Larson, that the entitlement database can reside on a remote first system, to provide flexibility in implementing the location of the various functionalities of the TPM system.

As per claim 2, Aziz, Campagna, Fenner and Larson teaches the system as recited in claim 1, wherein the second remote system is configured to: receive a unique system identifier specified for the IHS along with the verification request (Aziz; [0009] and [0011], secure storage stores EK certificate associated with vTPM ID see [0020]); and retrieve the EK certificate and the public signing key associated with the unique system identifier from the entitlement database stored within the first remote system (Aziz; [0020], retrieving and signing EK certificate after verifying vTPM ID using a EK public key, i.e. public signing key) see also ([0034], when generating an EK certificate, the trusted platform information is required and sent to the CA, i.e. information identifying the underlying trusted platform which is associated with the vTPM identifier) see also ([0008], communication channels are secured, i.e. encrypted).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Aziz, Campagna, Fenner and Larson in further view of Block et al. (US PGPUB No. 2020/0097661) [hereinafter “Block”].

As per claim 3, the combination of Aziz, Campagna and Fenner teaches the system as recited in claim 2, along with the retrieving from the entitlement database ([0008], retrieving certificates from secure storage).
The combination of Aziz, Campagna and Fenner does not explicitly teach wherein the processing device of the second remote system is further configured to execute the verification software to: generate a nonce; encrypt the nonce with a public EK obtained from the EK certificate; and transmit the encrypted nonce to the first IHS. Block teaches wherein the processing device of the second remote system is further configured to execute the verification software to: generate a nonce ([0133], master computer node, i.e. remote system, generates the nonce); encrypt the nonce with a public EK obtained from the EK certificate ([0132], the master node encrypting nonce-based challenge with public part of the EK see also Fig. 6B); and transmit the encrypted nonce to the first IHS ([0132], then issues the encrypted nonce to the slave TPM). 
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz, Campagna and Fenner with the teachings of Block, wherein the processing device of the second remote system is further configured to execute the verification software to: generate a nonce; encrypt the nonce with a public EK obtained from the EK certificate; and transmit the encrypted nonce to the first IHS, to set up secure channels of communication between master node and slaves to maintain trust and efficient system flow.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Aziz and Campagna.

As per claim 16,  method performed by a remote system to verify an identity of an information handling system (IHS) ([0034], when generating an EK certificate, the trusted platform information is required and sent to the CA, i.e. information identifying the underlying trusted platform which is associated with the vTPM identifier), the method comprising: receiving a verification request to verify the identity of the IHS, along with a unique information specified for the IHS, wherein the verification request is transmitted from the IHS and received by the remote system over a network ([0012], request to verify the vTPM by the COA or local COA); using the unique system identifier to retrieve an Endorsement Key (EK) certificate and a public signing key associated with the unique information from an entitlement database stored within another remote system, which is coupled to the remote system via the network ([0035], verifying validity of the vTPM identity using the EK certificate which includes and uses the public key and vTPM ID see also [0008]), wherein the EK certificate, the public signing key and the unique information are stored together within the entitlement database before the verification request is received ([0035], validating a EK certificate by Third Party PCA which includes using the public key and ID which inherently means it is present prior to the verification request) see also ([0008], secure storage stores associated vTPM certificates and its related data which includes keys and identifiers); and communicating with the IHS over the network to cryptographically verify the identity of the IHS using the EK certificate retrieved from the entitlement database ([0012], communications between the COA, secure storage and vTPM to verify vTPM).
	Aziz does not explicitly teach the system information is a unique system identifier that uniquely identifies the IHS. Campagna teaches the system information is a unique system identifier that uniquely identifies the IHS ([0025], identity key pair from the l-sys that can uniquely identify the device along with a dedicated TPM see [0033]) furthermore ([0026], each host gets an ID as well as possible virtual machine ID’s running on the host both tied to a dedicated TPM).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz with the teachings of Campagna, the system information is a unique system identifier that uniquely identifies the IHS, to allow specific naming and sorting conventions that can be customized by an admin or user.

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Aziz and Campagna in further view of Block.

As per claim 17, Aziz teaches a method performed by a remote system to verify an identity of an information handling system (IHS), the method comprising: receiving a verification request to verify the identity of the IHS, along with a unique system identifier specified for the IHS ([0034], when a request for generating an EK certificate is received, the trusted platform information is required and sent to the CA, i.e. information identifying the underlying trusted platform which is associated with the vTPM identifier see also Abstract where request for EK certificate involves first a verification step); using the unique system identifier to retrieve an Endorsement Key (EK) certificate and a public signing key associated with the unique system identifier from an entitlement database stored within another remote system ([0008], [0011]-[0012] and [0024], secure storage used to store vTPM certificates and associated keys, i.e. signing keys) wherein the EK certificate, the public signing key and the unique system identifier are stored together within the entitlement database before the verification request is received ([0035], validating a EK certificate by Third Party PCA which includes using the public key and ID which inherently means it is present prior to the verification request) see also ([0008], secure storage stores associated vTPM certificates and its related data which includes keys and identifiers); and communicating with the IHS over the network to cryptographically verify the identity of the IHS using the EK certificate retrieved from the entitlement database ([0012], verifying vTPM using EK certificate from secure storage).
	Aziz does not explicitly teach the system information is a unique system identifier that uniquely identifies the IHS. Campagna teaches the system information is a unique system identifier that uniquely identifies the IHS ([0025], identity key pair from the l-sys that can uniquely identify the device along with a dedicated TPM see [0033]) furthermore ([0026], each host gets an ID as well as possible virtual machine ID’s running on the host both tied to a dedicated TPM).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz with the teachings of Campagna, the system information is a unique system identifier that uniquely identifies the IHS, to allow specific naming and sorting conventions that can be customized by an admin or user.
The combination of Aziz and Campagna does not explicitly teach wherein the processing device of the second remote system is further configured to execute the verification software to: generate a nonce; encrypt the nonce with a public EK obtained from the EK certificate; and transmit the encrypted nonce to the IHS. Block teaches wherein the processing device of the second remote system is further configured to execute the verification software to: generate a nonce ([0133], master computer node, i.e. remote system, generates the nonce); encrypt the nonce with a public EK obtained from the EK certificate ([0132], the master node encrypting nonce-based challenge with public part of the EK see also Fig. 6B); and transmit the encrypted nonce to the IHS ([0132], then issues the encrypted nonce to the slave TPM). 
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Aziz and Campagna with the teachings of Block, wherein the processing device of the second remote system is further configured to execute the verification software to: generate a nonce; encrypt the nonce with a public EK obtained from the EK certificate; and transmit the encrypted nonce to the IHS, to set up secure channels of communication between master node and slaves to maintain trust and efficient system flow.

Response to Arguments
Applicant's arguments with respect to the rejection of claim 1-3, 16 and 17 under 35 U.S.C. 103 have been fully considered but are not persuasive.

As per claim 1, Applicant argues that it would not have been obvious to combine the newly cited reference, Fenner, with primary reference Aziz to teach “two different remote systems connected to each other and the TPM via a local and public network”. Examiner submits that this argument is moot in light of the newly introduced reference, Larson.
As per claims 16 and 17, Applicant argues that the cited prior art reference, Aziz, does not teach using a unique system identifier to retrieve an EK certificate and a public signing key from an entitlement database stored within another remote system. Applicant reasons that in Aziz a EK certificate is created and subsequently stored within the secure storage of the third party COA. Examiner submits that while [0034] of Aziz outlines the creation and storage of the EK certificate in the secure storage, Aziz also describes an alternative embodiment where the secure storage resides externally and stores the related certificates and data to the vTPM which includes the EK certificates. See Aziz at [0008]. Applicant further argues that Aziz fails to provide teaching or suggestion for “communicating with the IHS over the network to cryptographically verify the identity of the IHS using the EK certificate retrieved from the entitlement database”. Applicant first reasons that the local CA does not communicate the vTPM over a network. Examiner submits that the local CA is an extension of the third party PCA which is communicating with the vTPM and TPM via a network. Furthermore, the vTPM in Aziz does also get verified by the Third Party PCA using its EK certificate when it is requesting an AIK key. See Aziz [0036]. Applicant further reason that in Aziz, the EK certificate, public signing key and unique system identifier are not stored together in a database. Examiner submits that the Third Party PCA uses the secure storage to verify a EK certificate of a vTPM which includes using the public key and ID which inherently means it is present prior to the verification request. See [0035]. Furthermore, the secure storage in Aziz stores vTPM certificates and its related data which includes keys and identifiers. See [0008].
In conclusion, claims 1-3, 16 and 17 remain rejected with all other claims in condition for allowance.

To expedite prosecution, Examiner is open to conducting an interview to discuss claim amendments to overcome the rejection of claims 1-3, 16 and 17 and/or place in condition for allowance. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Scarlata et al. (US-20060256107-A1), Norazah et al. (WO-2013081441-A1), Huscroft et al. (WO-2022046074-A1), Li et al. (CN-102685092-A), Fongen et al., "The Integration of Trusted Platform Modules into a Tactical Identity Management System," MILCOM 2013 - 2013 IEEE Military Communications Conference, 2013, pp. 1808-1813, doi: 10.1109/MILCOM.2013.305) and Wentao et al. ("Trusted remote attestation scheme based on property," 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), 2010, pp. V5-52-V5-57, doi: 10.1109/ICCASM.2010.5619358) disclose various aspects of remote attestation of TPM using certificates and public keys.

Applicant's amendment necessitated any new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        September 17, 2022, 2022