Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent
provisions.
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/27/2022 has been entered.
This office action is in response to the amendments filed on 06/27/2022. Claims 1, 10, and 20 – 22 have been amended. Claims 1, 3 – 6, 8 – 10, 12 – 13, 15 – 17, and 19 – 22 are pending for consideration.

Response to Arguments
Applicant's arguments in the Arguments/Remarks filed on 05/19/2022 (hereafter Remarks) have been fully considered but they are not persuasive. In addition, the arguments are moot in view of new ground of rejection.
On pp. 9, 10 of the Remarks Applicant focused on the issue of a separate connections of computing device and baseboard controller via the first and the second I/O to the multiplexer. On p. 10 Applicant refers to the amendments in claim 1 explicitly stating the separate, i.e. independent, controlled connections between interface and the first and the second inputs/outputs of the multiplexer, thus emphasizing the importance of elimination of any signal interaction between different multiplexer inputs and outputs as related to the invention. In this regard on p.10 Applicant further stated that this amendment clarifies that to make clear that the resources of the computing devices and the baseboard management controller are separately connected to the multiplexer via the first input/output and the second input/output, respectively, of the multiplexer. There is no teaching or suggestion of such an arrangement of the inputs/outputs of the Liguori multiplexer.
Examiner respectfully disagrees. On one hand, Applicant correctly focused on the importance of the connection control and separation related to different I/O channels in multiplexing system. On the other hand, the disputed limitation in claim 1 cannot be considered as novel, while being disclosed before, e.g. in the new ground of rejection, by Matelan (Matelan, in col.18, ll.40-43 discloses “The invention does include an open input/output architecture that is based on an established standard bus structure and protocol.”) The recited management control over multiplexer connection, is met by the connection control through the Lock Bus of Matelan using multiplexer (Matelan, in col.51, ll.38-42 discloses “When information from memory 451 is to be transferred over the Common Lock Bus, multiplexer 458 places this information in the interface to be sent over the Common Lock Bus under the control of the Arbiter Control 450.”)
In addition, the above arguments address the Applicant’s comments on pp.10, 11 related to the teaching of Cochin and Kramarczyk indicating that Liguori combined with Matelan, Cochin, and Kramarczyk teach the disputed limitations. 
Claims 10 and 20 have been amended similar to claim 1 and rejected for the same reasons. Claims 3 – 6, 8, 9, 12, 13, 15 – 17, and 21 – 22 are rejected as depended on respective base claims. Accordingly, rejection under 103 is maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3 – 6, 8 – 10, 12 – 13, 15 – 17, and 19 – 22 are rejected under 35 USC 103 as being unpatentable over Liguori et al. (US 2018/0165455 A1) (hereafter Liguori), in view of Matelan et al. (US 4870704) (hereafter Matelan), in view of Cochin et al. (US 2016/0179706) (hereafter Cochin), and in view of Kramarczyk (US 2017/0353441) (hereafter Kramarczyk).

Regarding claim 1 Liguori teaches: A method comprising: at a baseboard management controller of a computing device comprising an interface, memory, and at least one processor (Liguori, in Para. [0035] discloses “server 200 may include a second processor, such as a baseboard management controller (BMC) 240 for managing the operation of server 200 in accordance with, for example, the Intelligent Platform Management Interface (IPMI) standard. BMC 240 may be connected to a network through a network interface 250, such as an Ethernet connection.”):
maintaining a list of identifiers approved for permitting access to resources of the computing device (Examiner note: maintaining a list of permitted sources for access the resources is met by black/white list for access the relevant memory regions controlled by processor 510) (Liguori, in Para. [0057] discloses “Programmable security logic 560 may maintain a blacklist of protected regions or a whitelist of unprotected region in non-volatile memory 530, and may control the accessibility of different regions in non-volatile memory 530 by processor(s) 510”):
using a multiplexer to control connection between the interface and a first input/output and a second input/output of the multiplexer (Liguori, in Para. [0057] discloses “a switch 515 may be added on the communication data path between processor(s) 510 and BMC 520 (or other untrusted components) or on data paths between processors.” Liguori, in Para. [0057] further discloses “switch 515 may be implemented as a buffer or multiplexer (MUX).” Liguori, in Para. [0074] discloses “Programmable security logic 600 may include interfaces 620, such as pins, that can be used to connect the programmable security logic to various components of a server, such as server 500”),
[wherein the first input/output is operatively connected to the resources of the computing device, and wherein the second input/output is operatively connected to the baseboard management controller; controlling the multiplexer to control the connection between the interface and the first input/output to prevent access to the resources of the computing device via the interface by an external device that is separate from the computing device;] (Matelan)  
receiving, from the external device via the interface and the second input/output of the multiplexer, access information (Examiner note: access control over data receiving/transmitting in the network with multiplexers is met by the programmable security logic unit) (Liguori, in Para. [0041] discloses “In some implementations, network interface 280 may include hardware and/or software configured to implement a protocol for communicating with externally connected devices or functions.” Liguori, in Para. [0059] discloses “In some embodiments, switch 515 may be implemented as a buffer or multiplexer (MUX). Liguori, in Para. [0078] discloses “The interface to processor may be used to receive requests to read from and/or write to the non-volatile memory from a processor (e.g., processor(s) 510 of FIG. 5)” Liguori, in Para. [0092] discloses “At operation 850, the programmable security logic may set access control configuration in the programmable security logic for controlling access to some or all regions of the non-volatile memory, based on instructions from the adapter device.”).
 [determining that at least one of the identifiers matches the access information] (Cochin) 
[and in response to determining that the at least one of the identifiers matches the access information, controlling the multiplexer to permit access by the external device to the resources of the computing device via the interface and the first input/output of the multiplexer] (Kramarczyk)
Liguori fails to explicitly teach: wherein the first input/output is operatively connected to the resources of the computing device, and wherein the second input/output is operatively connected to the baseboard management controller; controlling the multiplexer to control the connection between the interface and the first input/output to prevent access to the resources of the computing device via the interface by an external device that is separate from the computing device;
Matelan from the analogous technical field teaches: wherein the first input/output is operatively connected to the resources of the computing device and wherein the second input/output is operatively connected to the baseboard management controller  (Matelan, in col.18, ll.40-43 discloses “The invention does include an open input/output architecture that is based on an established standard bus structure and protocol.” Matelan, in col.6, ll.32-35 discloses “the data processing system includes the first information bus with a first protocol and connected to several second information buses by several interface units.”) controlling the multiplexer to control the connection between the interface and the first input/output (Matelan, in col.51, ll.38-42 discloses “When information from memory 451 is to be transferred over the Common Lock Bus, multiplexer 458 places this information in the interface to be sent over the Common Lock Bus under the control of the Arbiter Control 450.”)
to prevent access to the resources of the computing device via the interface by an external device that is separate from the computing device (Examiner note: access control to the resources via interface by external device is met by programmed bus interface cards containing external interrupt devices to control access to computing resources) (Matelan, in col.3, ll.14-16 discloses “the shared memory, common lock and InterComputer Interrupt devices are contained within the bus interface cards”. Matelan, in col.7, ll.9-13 discloses “The computational units connected to the second buses are provided with means to control peripheral devices external to the data processing system by interfacing to several third information buses.” Matelan, in col.3, ll.31-33 discloses “the computer cards include an interface to a Peripheral Bus which is connectable to peripheral devices external to the system cabinet”. Matelan, in col.3, ll.61-66 discloses “the bus interface cards may be programmed to allow READ ONLY access to devices accessible via the Common Bus. Further, the bus interface cards may be programmed to prevent access to certain devices of the system.”) 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Liguori, in view of the teaching of Matelan which discloses management and control over multichannel communication using programmed bus interface cards containing external interrupt devices in order to improve communication security of the system (Matelan, [col.3, ll.14-16, col.3, ll.31-33, col.3, ll.61-66, col.7, ll.9-13, col.18, ll.40-43, col.51, ll.38-42]).
Liguori as modified by Matelan, fails to explicitly teach: determining that at least one of the identifiers matches the access information
Cochin from the analogous technical field teaches: determining that at least one of the identifiers matches the access information (Examiner note: granting (i.e. approval) or rejecting an access is met by the operations of a pairing module) (Cochin, in Para. [0011] discloses “The connection of the external device to the computer may be detected, and the type of device may be determined from the identifier provided by the external device.” Cochin, in Para. [0016] discloses “the pairing module 110 may detect connection of an external device, determine a type of the connected device, and generate a random user action associated with the device to complete a pairing between the computer 102 and the external device”) (Cochin, in Para. [0031] discloses “The pairing may include granting access to the resources of the computer 102 unavailable to the previously segregated device. If the random user action is not received (line 820), the pairing module 110 may reject the connected device (block 822) and continue to segregate the device from resources of the computer 102, such that the connected device is not paired with the computer 102.” Cochin, in Para. [0034] discloses “a device may include a memory storing firmware, a device identifier, or both.” Cochin, in Para. [0027] discloses “the pairing module 110 may be executable by one or more processors of the computer 102. Initially, the pairing module 110 may detect connection of a device (block 802).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Liguori, as modified by Matelan, in view of the teaching of Cochin which discloses an external device type detection/examination and granting/rejecting an access to the system in order to improve control and security of communication between host computer and external devices (Cochin, [0011, 0016, 0027, 0031, 0034]).
Liguori, as modified by Matelan and Cochin, fails to explicitly teach: and in response to determining that the at least one of the identifiers matches the access information, controlling the multiplexer to permit access by the external device to the resources of the computing device via the interface and the first input/output of the multiplexer
Kramarczyk from the analogous technical field teaches: and in response to determining that the at least one of the identifiers matches the access information, controlling the multiplexer to permit access by the external device to the resources of the computing device via the interface and the first input/output of the multiplexer (Examiner note: determination of identifier’s access eligibility is met by the authentication process comprising operations of the lockdown manager 60) (Kramarczyk, in Para. [0037] discloses “Authentication system 200 includes a secure lockdown manager 60 stored in program storage 48 and run by CPU 46. Secure lockdown manager 60 prevents any user from accessing the multiplexer 112, 114, 116, 118 or administrative computer 108 to retrieve data or to modify software unless and until the user seeking access has be authenticated, as will be described below. According to one embodiment, by default the secure lockdown manager 60 places the system in a secure lockdown mode where no access to data or modification of software is allowed.” Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to change Liguori, as modified by Matelan and Cochin, in view of the teaching of Kramarczyk which discloses an access control of remote users, i.e. external devices, to the network per multiplexers based on user authorization and operations of lockdown manager in order to improve efficiency and security of the access control to the network and/or system resources by exploring multiplexer capabilities (Kramarczyk, [0011, 0037, 0042]).

Regarding claim 3 Liguori, as modified by Matelan, Cochin, and Kramarczyk, teaches: The method of claim 1, wherein the external device is a universal serial bus (USB) compatible device (Liguori, in Para. [0081] discloses “programmable security logic 600 may also include circuits for controlling the switch(es) on the PCie, USB, or LPC data path between the processors (including the BMC) to connect or disconnect one processor (e.g., the BMC) and another processor”).

Regarding claim 4 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches:  The method of claim 1, wherein the access information comprises at least one of an identifier of the external device, power consumption information of the external device, and a type of the external device. (Cochin, in Para. [0011] discloses “The connection of the external device to the computer may be detected, and the type of device may be determined from the identifier provided by the external device.” Cochin, in Para. [0048] discloses “The display 1014 may also display various indicators to provide feedback to a user, such as power status, call status, memory status, network status etc.”).

Regarding claim 5 Liguori as modified by Matelan, Cochin and Kramarczyk teaches: The method of claim 1, further comprising determining, at the baseboard management controller, that the external device is physically-interfaced the interface of the computing device, and wherein receiving access information comprises receiving the access information via the multiplexer upon physical interface of the external device with the interface of the computing device (Examiner note: pairing module collects information about external devices interfaces which meets reception of access information) (Cochin, in Para. [0013] discloses “a system 100 illustrating a computer 102 and various external devices 104,106, and 108 that may be connected to the computer 102 via various interfaces.” Cochin, in Para. [0016] discloses “the pairing module 110 may be implemented in an operating system (OS) driver for an interface” Cochin, in Para. [0063] discloses “there is disclosed a method that includes detecting, by a processor, connection of an external device to a computer via a wired interface or a wireless interface and preventing, by the processor, the external device from accessing one or more resources of the computer.”).

Regarding claim 6 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches: The method of claim 1, wherein receiving access information comprises receiving an identifier of the external device via the multiplexer, and wherein the method further comprises determining whether the identifier of the external device is approved for permitting access by the external device to the resources of the computing device based on the determination that the at least one of the identifiers matches the access information (Examiner note: as noted above, determination of identifier’s access eligibility is met by the authentication process comprising operations of the lockdown manager 60) (Kramarczyk, in Para. [0037] discloses “Authentication system 200 includes a secure lockdown manager 60 stored in program storage 48 and run by CPU 46. Secure lockdown manager 60 prevents any user from accessing the multiplexer 112, 114, 116, 118 or administrative computer 108 to retrieve data or to modify software unless and until the user seeking access has be authenticated, as will be described below. According to one embodiment, by default the secure lockdown manager 60 places the system in a secure lockdown mode where no access to data or modification of software is allowed.” Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”)

Regarding claim 8 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches: The method of claim 1, further comprising controlling the multiplexer to prevent access to the resources of the computing device in response to determining that the at least one of the identifiers does not match the access information (Examiner note: as noted above, determination of identifier’s access eligibility is met by the authentication process comprising operations of the lockdown manager 60) (Kramarczyk, in Para. [0037] discloses “Authentication system 200 includes a secure lockdown manager 60 stored in program storage 48 and run by CPU 46. Secure lockdown manager 60 prevents any user from accessing the multiplexer 112, 114, 116, 118 or administrative computer 108 to retrieve data or to modify software unless and until the user seeking access has be authenticated, as will be described below. According to one embodiment, by default the secure lockdown manager 60 places the system in a secure lockdown mode where no access to data or modification of software is allowed.” Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”)

Regarding claim 9 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches: The method of claim 1, wherein the method further comprises: detecting, by a sensor, whether the external device is not connected to the interface (Liguori, in Para [0036] discloses “BMC 240 may include a processing logic that monitors the physical states of server 210 using sensors controlled by embedded controllers 260 and communicate with a system administrator using an independent network connection through network interface 250.”) and controlling the multiplexer to prevent access to the resources of the computing device via the interface in response to detecting that the external device is not connected to the interface (Liguori, in Para. [0057] discloses “a switch 515 may be added on the communication data path between processor(s) 510 and BMC 520 (or other untrusted components) or on data paths between processors.” Liguori, in Para. [0057] further discloses “switch 515 may be implemented as a buffer or multiplexer (MUX).” Liguori, in Para. [0074] discloses “Programmable security logic 600 may include interfaces 620, such as pins, that can be used to connect the programmable security logic to various components of a server, such as server 500”).  

Regarding claim 10 Liguori teaches: A system comprising: a computing device comprising an interface, memory, and at least one processor (Liguori, in Para. [0035] discloses “server 200 may include a second processor, such as a baseboard management controller (BMC) 240 for managing the operation of server 200 in accordance with, for example, the Intelligent Platform Management Interface (IPMI) standard. BMC 240 may be connected to a network through a network interface 250, such as an Ethernet connection.”);Page 3 of 12ATTORNEY REFERENCE NO.: XRPS920180155-US-NPPATENTApplication No.: 15/935,152 a multiplexer configured to control connection between the interface and a first input/output and a second input/output of the multiplexer (Liguori, in Para. [0057] discloses “a switch 515 may be added on the communication data path between processor(s) 510 and BMC 520 (or other untrusted components) or on data paths between processors.” Liguori, in Para. [0057] further discloses “switch 515 may be implemented as a buffer or multiplexer (MUX).” Liguori, in Para. [0074] discloses “Programmable security logic 600 may include interfaces 620, such as pins, that can be used to connect the programmable security logic to various components of a server, such as server 500”),
[wherein the first input/output is operatively connected to the resources of the computing device, and wherein the second input/output is operatively connected to the baseboard management controller;] (Matelan)
and a baseboard management controller configured to: maintain a list of identifiers approved for permitting access to resources of the computing device; (Examiner note: maintaining a list of permitted sources for access the resources is met by black/white list for access the relevant memory regions controlled by processor 510) (Liguori, in Para. [0057] discloses “Programmable security logic 560 may maintain a blacklist of protected regions or a whitelist of unprotected region in non-volatile memory 530, and may control the accessibility of different regions in non-volatile memory 530 by processor(s) 510” Liguori, in Para. [0038] discloses “Server 200 may also include a non-volatile memory 230, which may include non-transitory executable code, often referred to as firmware, which can be executed by processor(s) 220 to cause components of server 200 to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk drive, optical disc drive, and other hardware”),
[control the multiplexer to control the connection between the interface and the first input/output to prevent access to the resources of the computing device via the interface by an external device that is separate from the computing device;] (Matelan)  
receive, from the external device via the interface and the second input/output of the multiplexer, access information (Examiner note: access control over data receiving/transmitting in the network is met by the programmable security logic unit) (Liguori, in Para. [0041] discloses “In some implementations, network interface 280 may include hardware and/or software configured to implement a protocol for communicating with externally connected devices or functions.” Liguori, in Para. [0059] discloses “In some embodiments, switch 515 may be implemented as a buffer or multiplexer (MUX). Liguori, in Para. [0078] discloses “The interface to processor may be used to receive requests to read from and/or write to the non-volatile memory from a processor (e.g., processor(s) 510 of FIG. 5)” Liguori, in Para. [0092] discloses “At operation 850, the programmable security logic may set access control configuration in the programmable security logic for controlling access to some or all regions of the non-volatile memory, based on instructions from the adapter device.”); 
[determine that at least one of the identifiers matches the access information;] (Cochin)
[and control the multiplexer to permit access by the external device to the resources of the computing device via the interface and the first input/output of the multiplexer in response to determining that the at least one of the identifiers matches the access information.] (Kramarczyk)
Liguori fails to explicitly teach: wherein the first input/output is operatively connected to the resources of the computing device, and wherein the second input/output is operatively connected to the baseboard management controller;
control the multiplexer to control the connection between the interface and the first input/output to prevent access to the resources of the computing device via the interface by an external device that is separate from the computing device;
Matelan from the analogous technical field teaches: wherein the first input/output is operatively connected to the resources of the computing device (Matelan, in Para. [0010] discloses “Each test multiplexer is configured to couple a different I/O pad to the on-chip star network.”)
and wherein the second input/output is operatively connected to the baseboard management controller (Matelan, in col.6, ll.32-35 discloses “the data processing system includes the first information bus with a first protocol and connected to several second information buses by several interface units.” Matelan, in col.18, ll.57-60 discloses “Using the physical structure of the Applicant's invention, the user can combine several computers, local memories, or input/output devices in varied architectures to meet specific user applications.”) control the multiplexer to control the connection between the interface and the first input/output (Matelan, in col.51, ll.38-42 discloses “When information from memory 451 is to be transferred over the Common Lock Bus, multiplexer 458 places this information in the interface to be sent over the Common Lock Bus under the control of the Arbiter Control 450.”)
to prevent access to the resources of the computing device via the interface by an external device that is separate from the computing device (Examiner note: access control to the resources via interface by external device is met by programmed bus interface cards containing external interrupt devices to control access to computing resources) (Matelan, in col.3, ll.14-16 discloses “the shared memory, common lock and InterComputer Interrupt devices are contained within the bus interface cards”. Matelan, in col.7, ll.9-13 discloses “The computational units connected to the second buses are provided with means to control peripheral devices external to the data processing system by interfacing to several third information buses.” Matelan, in col.3, ll.31-33 discloses “the computer cards include an interface to a Peripheral Bus which is connectable to peripheral devices external to the system cabinet”. Matelan, in col.3, ll.61-66 discloses “the bus interface cards may be programmed to allow READ ONLY access to devices accessible via the Common Bus. Further, the bus interface cards may be programmed to prevent access to certain devices of the system.”) 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Liguori, in view of the teaching of Matelan which discloses management and control over multichannel communication using programmed bus interface cards containing external interrupt devices in order to improve communication security of the system (Matelan, [col.3, ll.14-16, col.3, ll.31-33, col.3, ll.61-66, col.7, ll.9-13, col.18, ll.40-43, col.51, ll.38-42]).

Liguori as modified by Matelan, fails to explicitly teach: receive, from the external device via the interface and the second input/output of the multiplexer, access information; determine that at least one of the identifiers matches the access information;
Cochin from the analogous technical field teaches: determine that at least one of the identifiers matches the access information; (Examiner note: granting (i.e. approval) or rejecting an access is met by the operations of a pairing module) (Cochin, in Para. [0011] discloses “The connection of the external device to the computer may be detected, and the type of device may be determined from the identifier provided by the external device.” Cochin, in Para. [0016] discloses “the pairing module 110 may detect connection of an external device, determine a type of the connected device, and generate a random user action associated with the device to complete a pairing between the computer 102 and the external device”) (Cochin, in Para. [0031] discloses “The pairing may include granting access to the resources of the computer 102 unavailable to the previously segregated device. If the random user action is not received (line 820), the pairing module 110 may reject the connected device (block 822) and continue to segregate the device from resources of the computer 102, such that the connected device is not paired with the computer 102.” Cochin, in Para. [0034] discloses “a device may include a memory storing firmware, a device identifier, or both.” Cochin, in Para. [0027] discloses “the pairing module 110 may be executable by one or more processors of the computer 102. Initially, the pairing module 110 may detect connection of a device (block 802).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Liguori, as modified by Matelan, in view of the teaching of Cochin which discloses an external device type detection/examination and granting/rejecting an access to the system in order to improve control and security of communication between host computer and external devices (Cochin, [0011, 0016, 0027, 0031, 0034]).
Liguori, as modified by Matelan and Cochin, fails to explicitly teach: and control the multiplexer to permit access by the external device to the resources of the computing device via the interface and the first input/output of the multiplexer in response to determining that the at least one of the identifiers matches the access information
Kramarczyk from the analogous technical field teaches: and control the multiplexer to permit access by the external device to the resources of the computing device via the interface and the first input/output of the multiplexer in response to determining that the at least one of the identifiers matches the access information (Examiner note: determination of identifier’s access eligibility is met by the authentication process comprising operations of the lockdown manager 60) (Kramarczyk, in Para. [0037] discloses “Authentication system 200 includes a secure lockdown manager 60 stored in program storage 48 and run by CPU 46. Secure lockdown manager 60 prevents any user from accessing the multiplexer 112, 114, 116, 118 or administrative computer 108 to retrieve data or to modify software unless and until the user seeking access has be authenticated, as will be described below. According to one embodiment, by default the secure lockdown manager 60 places the system in a secure lockdown mode where no access to data or modification of software is allowed.” Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to change Liguori, as modified by Matelan and Cochin, in view of the teaching of Kramarczyk which discloses an access control of remote users, i.e. external devices, to the network per multiplexers based on user authorization and operations of lockdown manager in order to improve efficiency and security of the access control to the network and/or system resources by exploring multiplexer capabilities (Kramarczyk, [0011, 0037, 0042]).

Regarding claim 12, claim 12 depended on claim 10 discloses a system that is substantially equivalent to the method of claim 3 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 12 and rejected for the same reasons.

Regarding claim 13, claim 13 depended on claim 10 discloses a system that is substantially equivalent to the method of claim 4 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 4 are equally applicable to claim 13 and rejected for the same reasons.

Regarding claim 15 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches: The system of claim 10, wherein the multiplexer (Liguori, in Para. [0059] discloses “In some embodiments, switch 515 may be implemented as a buffer or multiplexer (MUX).”), is configured to be controlled by the baseboard management controller (Liguori, in Para. [0093] discloses “the programmable security logic may disable communications between processor(s) 510 and BMC 520 by turning on or off, for example, one or more switches, buffers, or multiplexers”) to: control the multiplexer to prevent the access to the resources of the computing device; controllably connect the external device to the resources of the computing device; receive the information from the external device; and communicate the information to the baseboard management controller (Liguori, in Para. [0143] discloses “In some implementations, the network device 1224 is a peripheral device, such as a PCI-based device. In these implementations, the network device 1224 includes a PCI interface for communicating with a host device.” Liguori, in Para. [0056] discloses “adapter device 570 may communicate as a standard bridge component for facilitating access between various physical and emulated components of server 500 and a network fabric”).

Regarding claim 16, claim 16 depended on claim 10 discloses a system that is substantially equivalent to the method of claim 5 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 16 and rejected for the same reasons. 

Regarding claim 17 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches: The system of claim 10, wherein the baseboard management controller is configured to: receive an identifier of the external device, and determine whether the identifier of the external device is approved for permitting access by the external device to the resources of the computing device (Examiner note: as noted above, determination of identifier’s access eligibility is met by the authentication process comprising operations of the lockdown manager 60) (Kramarczyk, in Para. [0037] discloses “Authentication system 200 includes a secure lockdown manager 60 stored in program storage 48 and run by CPU 46. Secure lockdown manager 60 prevents any user from accessing the multiplexer 112, 114, 116, 118 or administrative computer 108 to retrieve data or to modify software unless and until the user seeking access has be authenticated, as will be described below. According to one embodiment, by default the secure lockdown manager 60 places the system in a secure lockdown mode where no access to data or modification of software is allowed.” Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”).

Regarding claim 19, claim 19 depended on claim 10 discloses a system that is substantially equivalent to the method of claim 9 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 9 are equally applicable to claim 19 and rejected for the same reasons.

Regarding claim 20 Liguori teaches: A system comprising: a universal serial bus (USB) interface to a computing device comprising an interface, Page 5 of 12ATTORNEY REFERENCE NO.: XRPS920180155-US-NPPATENT Application No.: 15/935,152 memory, and at least one processor (Liguori, in Para. [0035] discloses “server 200 may include a second processor, such as a baseboard management controller (BMC) 240 for managing the operation of server 200 in accordance with, for example, the Intelligent Platform Management Interface (IPMI) standard. BMC 240 may be connected to a network through a network interface 250, such as an Ethernet connection.”);
a multiplexer configured to control connection between the USB interface and a first input/output and a second input/output of the multiplexer (Liguori, in Para. [0057] discloses “a switch 515 may be added on the communication data path between processor(s) 510 and BMC 520 (or other untrusted components) or on data paths between processors.” Liguori, in Para. [0057] further discloses “switch 515 may be implemented as a buffer or multiplexer (MUX).” Liguori, in Para. [0074] discloses “Programmable security logic 600 may include interfaces 620, such as pins, that can be used to connect the programmable security logic to various components of a server, such as server 500”),
[wherein the first input/output is operatively connected to the resources of the computing device, and wherein the second input/output is operatively connected to the baseboard management controller;] (Matelan) 
a baseboard management controller configured to: maintain a list of identifiers approved for permitting access to resources of the computing device; (Examiner note: maintaining a list of permitted sources for access the resources is met by black/white list for access the relevant memory regions controlled by processor 510) (Liguori, in Para. [0057] discloses “Programmable security logic 560 may maintain a blacklist of protected regions or a whitelist of unprotected region in non-volatile memory 530, and may control the accessibility of different regions in non-volatile memory 530 by processor(s) 510” Liguori, in Para. [0038] discloses “Server 200 may also include a non-volatile memory 230, which may include non-transitory executable code, often referred to as firmware, which can be executed by processor(s) 220 to cause components of server 200 to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk drive, optical disc drive, and other hardware”),
[control the multiplexer to control the connection between the USB interface and the first input/output to prevent access to the resources of the computing device via the USB interface by an external USB compatible device;] (Matelan)  
receive, via the USB interface and the second input/output of the multiplexer, a serial number and an indication of a type of the external device from the external USB compatible device (Examiner note: access control over data receiving/transmitting in the network is met by the programmable security logic unit) (Liguori, in Para. [0041] discloses “In some implementations, network interface 280 may include hardware and/or software configured to implement a protocol for communicating with externally connected devices or functions.” Liguori, in Para. [0059] discloses “In some embodiments, switch 515 may be implemented as a buffer or multiplexer (MUX). Liguori, in Para. [0078] discloses “The interface to processor may be used to receive requests to read from and/or write to the non-volatile memory from a processor (e.g., processor(s) 510 of FIG. 5)” Liguori, in Para. [0092] discloses “At operation 850, the programmable security logic may set access control configuration in the programmable security logic for controlling access to some or all regions of the non-volatile memory, based on instructions from the adapter device.”);
[determining that at least one of the identifiers matches the serial number or the indication of a type of the external device;] (Cochin)
[and control the multiplexer to permit access by the external USB compatible device to the resources of the computing device via the USB interface and the first input/output of the multiplexer in response to determining that at least one of the identifiers matches the serial number or the indication of a type of the external device.] (Kramarczyk) 
Liguori fails to explicitly teach: wherein the first input/output is operatively connected to the resources of the computing device, and wherein the second input/output is operatively connected to the baseboard management controller;
control the multiplexer to control the connection between the USB interface and the first input/output to prevent access to the resources of the computing device via the USB interface by an external USB compatible device;
Matelan from the analogous technical field teaches: wherein the first input/output is operatively connected to the resources of the computing device (Matelan, in col.18, ll.40-43 discloses “The invention does include an open input/output architecture that is based on an established standard bus structure and protocol.”)
and wherein the second input/output is operatively connected to the baseboard management controller (Matelan, in col.6, ll.32-35 discloses “the data processing system includes the first information bus with a first protocol and connected to several second information buses by several interface units.” Matelan, in col.18, ll.57-60 discloses “Using the physical structure of the Applicant's invention, the user can combine several computers, local memories, or input/output devices in varied architectures to meet specific user applications.”);
control the multiplexer to control the connection between the USB interface and the first input/output (Matelan, in col.51, ll.38-42 discloses “When information from memory 451 is to be transferred over the Common Lock Bus, multiplexer 458 places this information in the interface to be sent over the Common Lock Bus under the control of the Arbiter Control 450.”)
to prevent access to the resources of the computing device via the USB interface by an external USB compatible device (Examiner note: access control to the resources via interface by external device is met by programmed bus interface cards containing external interrupt devices to control access to computing resources) (Matelan, in col.3, ll.14-16 discloses “the shared memory, common lock and InterComputer Interrupt devices are contained within the bus interface cards”. Matelan, in col.7, ll.9-13 discloses “The computational units connected to the second buses are provided with means to control peripheral devices external to the data processing system by interfacing to several third information buses.” Matelan, in col.3, ll.31-33 discloses “the computer cards include an interface to a Peripheral Bus which is connectable to peripheral devices external to the system cabinet”. Matelan, in col.3, ll.61-66 discloses “the bus interface cards may be programmed to allow READ ONLY access to devices accessible via the Common Bus. Further, the bus interface cards may be programmed to prevent access to certain devices of the system.”) 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Liguori, in view of the teaching of Matelan which discloses management and control over multichannel communication using programmed bus interface cards containing external interrupt devices in order to improve communication security of the system (Matelan, [col.3, ll.14-16, col.3, ll.31-33, col.3, ll.61-66, col.6, ll.32-35, col.7, ll.9-13, col.18, ll.40-43, col.51, ll.38-42]).
Liguori as modified by Matelan, fails to explicitly teach: receive, via the USB interface and the second input/output of the multiplexer, a serial number and an indication of a type of the external device from the external USB compatible device; determining that at least one of the identifiers matches the serial number or the indication of a type of the external device;
Cochin from the analogous technical field teaches: determining that at least one of the identifiers matches the serial number or the indication of a type of the external device (Examiner note: granting (i.e. approval) or rejecting an access is met by the operations of a pairing module) (Cochin, in Para. [0011] discloses “The connection of the external device to the computer may be detected, and the type of device may be determined from the identifier provided by the external device.” Cochin, in Para. [0016] discloses “the pairing module 110 may detect connection of an external device, determine a type of the connected device, and generate a random user action associated with the device to complete a pairing between the computer 102 and the external device”) (Cochin, in Para. [0031] discloses “The pairing may include granting access to the resources of the computer 102 unavailable to the previously segregated device. If the random user action is not received (line 820), the pairing module 110 may reject the connected device (block 822) and continue to segregate the device from resources of the computer 102, such that the connected device is not paired with the computer 102.” Cochin, in Para. [0034] discloses “a device may include a memory storing firmware, a device identifier, or both.” Cochin, in Para. [0027] discloses “the pairing module 110 may be executable by one or more processors of the computer 102. Initially, the pairing module 110 may detect connection of a device (block 802).”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Liguori, as modified by Matelan, in view of the teaching of Cochin which discloses an external device type detection/examination and granting/rejecting an access to the system in order to improve control and security of communication between host computer and external devices (Cochin, [0011, 0016, 0027, 0031, 0034]).
Liguori, as modified by Matelan and Cochin, fails to explicitly teach: and control the multiplexer to permit access by the external USB compatible device to the resources of the computing device via the USB interface and the first input/output of the multiplexer in response to determining that at least one of the identifiers matches the serial number or the indication of a type of the external device.
Kramarczyk from the analogous technical field teaches: and control the multiplexer to permit access by the external USB compatible device to the resources of the computing device via the USB interface and the first input/output of the multiplexer in response to determining that at least one of the identifiers matches the serial number or the indication of a type of the external device (Examiner note: as noted above, determination of identifier’s access eligibility is met by the authentication process comprising operations of the lockdown manager 60) (Kramarczyk, in Para. [0037] discloses “Authentication system 200 includes a secure lockdown manager 60 stored in program storage 48 and run by CPU 46. Secure lockdown manager 60 prevents any user from accessing the multiplexer 112, 114, 116, 118 or administrative computer 108 to retrieve data or to modify software unless and until the user seeking access has be authenticated, as will be described below. According to one embodiment, by default the secure lockdown manager 60 places the system in a secure lockdown mode where no access to data or modification of software is allowed.” Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to change Liguori, as modified by Matelan and Cochin, in view of the teaching of Kramarczyk which discloses an access control of remote users, i.e. external devices, to the network per multiplexers based on user authorization and operations of lockdown manager in order to improve efficiency and security of the access control to the network and/or system resources by exploring multiplexer capabilities (Kramarczyk, [0011, 0037, 0042]).

Regarding claim 21 Liguori, as modified by Matelan, Cochin and Kramarczyk, teaches: The method of claim 1, further comprising: using a current sensor to detect whether the external device is drawing current from the USB interface (Examiner note; detection of drawing current from the interface is met by detection of power status of external devices) (Cochin, in Para. [0011] discloses “The connection of the external device to the computer may be detected, and the type of device may be determined from the identifier provided by the external device.” Cochin, in Para. [0048] discloses “The display 1014 may also display various indicators to provide feedback to a user, such as power status, call status, memory status, network status etc.”) and controlling the multiplexer to prevent access to the resources of the computing device via the USB interface in response to detecting that the external device is not drawing current from the USB interface (Kramarczyk, in Para. [0042] discloses “CPU 302 may be the same as CPU 46 described above with respect to system 200. In which case, CPU 302 both controls the multiplexer 300 and authenticates users accessing the network. Alternatively, multiplexer 300 may include a separate system authentication device 200 with its own CPU” Kramarczyk, in Para. [0011] discloses “The multiplexers include an authentication device that is physically connected with the multiplexer.”).

Regarding claim 22, claim 22 depended on claim 10 discloses a system that is substantially equivalent to the method of claim 21 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 22 and rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure Wang (US 20130212671), Guim (20210144517), E. K. Hamed, J. K. Hmood, M. A. Munshid, Minimizing modes interaction based on time interleaving method in mode division multiplexing systems, Optics Communications, v. 501, p. 127392 (Year: 2021), Shaikh  (20170045575)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431 

/TRANG T DOAN/Primary Examiner, Art Unit 2431