Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  5/13/2021. The instant application has claims 1-20 pending. The system, method and medium for using an controller to verify the key received before downloading decrypting the encrypted image. There a total of 20 claims.

Allowable Subject Matter
Claims 4-8, 14-18, are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

These dependent claims further refines by specifying the allowable configurations and using configuration tables among other features. 

Claims 19-20 are allowed. Claim 19 recites in an detailed and narrow manner of determining the encrypted image is safe to download and verifying the received encrypted key. Specifically, the claim recites “ determining, by the controller, that the received encrypted image is safe to download to the storage device connected to the controller based on verifying that a proposed storage device configuration corresponding to the received encrypted image matches an allowable configuration of the storage device” 

Information Disclosure Statement
The information disclosure statement (IDS) submitted is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawing filed on 5/13/2021 has been accepted and in compliance of 37 CFR 1.83 & 37 CFR 1.84.
Specification
The disclosure filed on 5/13/2021 is accepted.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 9-13,  is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent 9165143 to Sanders in view of US Patent Pub 2012/0072734 to Wishman.

Regarding claim 1, 13, Sanders discloses  A method comprising: receiving, at a controller, an encrypted key via a network to generate a received encrypted key(Fig. 8 item 850 & Col 12 Ln 4-18, the partition is loaded and certificates are checked) ; determining, by the controller, that the received encrypted key is valid by using a private key available to the controller(Abstract & Fig. 9 item 905 & Fig. 16B item 1631 & Col 8 Ln 41-49, authenticate the FBSL & key); receiving, at the controller, an encrypted image via the network to generate a received encrypted image(Col n12 Ln 47-54, the encrypted image);  receiving, at the storage device via the network, an assigned key to decrypt the received encrypted image(Col 12 LN 55-61, the decrypting of encrypted image); and decrypting, by the storage device, the received encrypted image with the assigned key(Col 13 Ln 48-51, the decryption of image).  

But Saunders does not disclose downloading, by the controller, the received encrypted image to a storage device connected to the controller.

In the same field of endeavor as the claimed invention, Wishman discloses downloading, by the controller, the received encrypted image to a storage device connected to the controller(Fig. 1 item 124, 136 & Fig. 3A-3B item 304, 312 & Par. 0034-00335, the firmware is written to firmware storage).
 .

It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify   Saunders invention to incorporate downloading, by the controller, the received encrypted image to a storage device connected to the controller for the advantage of  having an separate unit for firmware as taught in Wishman see Par. 0043.

Regarding claim 2. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses  The method of claim 1 wherein the encrypted key, the encrypted image, and the assigned key are received at the controller from a server via Ethernet(Fig. 8 & Col 4 Ln 1-19)  .  

Regarding claim 3. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses  The method of claim 1, wherein the controller downloads the received encrypted image to the storage device based on determining that the received encrypted image is safe to download to the storage device connected to the controller(Col 8 Ln 41-49, the integrity, and confidentiality is ensured by AES and HMAC engines)

Regarding claim 9. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses The method of claim 1, wherein the downloading further comprises: saving the received encrypted image at one or more flash memories of the storage device( Col 11 Ln 47-50, the flash memories).  

Regarding claim 10. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses The method of claim 9, wherein decrypting the received encrypted image comprises: retrieving, by the storage device, the received encrypted image from the one or more flash memories of the storage device, wherein the one or more flash memories of the storage device are NOT-AND (NAND) flash memories(Col 11 Ln 47-50, the flash memories).  

Regarding claim 11. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses The method of claim 1, wherein the storage device is a field programmable gate array (FPGA) solid state drive (SSD), the controller is a baseband management controller (BMC), and the network is Ethernet (Fig. 8 & Col 4 Ln 1-19).

Regarding claim 12. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses The method of claim 1, further comprising: accessing, by a server via the controller, data stored at the storage device (Fig. 10 item 902 & 904, storing data in OCM); transferring, by the controller, the data stored at the storage device to the server(Fig. 10 item 918, the image is loaded); encrypting the data and storing the encrypted data to one or more flash memories of the storage device by the controller(Col 16 Ln 1-16, the image is encrypted) ; and decrypting, by the controller, the encrypted data(Fig. 10 item 908, decrypt the image).

Regarding claim 17. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses The method of claim 13, further comprising: accessing, by a server via the controller, data stored at the storage device(Fig. 10 item 902 & 904, storing data in OCM); transferring, by the controller, the data stored at the storage device to the server(Fig. 10 item 918, the image is loaded); encrypting the data and storing the encrypted data to one or more flash memories of the storage device by the controller( Col 16 Ln 1-16, the image is encrypted); and decrypting, by the controller, the encrypted data, wherein: the downloading further comprises saving the received encrypted image at the one or more flash memories of the storage device(Fig. 10 item 908, decrypt the image); and the decrypting the received encrypted image comprises retrieving, by the storage device, the received encrypted image from the one or more flash memories of the storage device, wherein the one or more flash memories of the storage device are NOT-AND (NAND) flash memories(Fig. 10 item 908, decrypt the image).  

Regarding claim 18. the combined method/system/medium of Saunders  and Wishman,  Saunders discloses The method of claim 17, wherein the storage device is a field programmable gate array (FPGA) solid state drive (SSD), the controller is a baseband management controller (BMC), and the network is Ethernet (Fig. 8 & Col 4 Ln 1-19).



	Conclusion	

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

US Patent Pub 2005/0027994 to Sai, which discloses the private key using the memory

US Patent 9930051 to Potapally which discloses the baseband controller for providing security functions 

US Patent Pub 2019/0102539 to Durham which discloses the image being loaded.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool, i.e. Microsoft Teams. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at https://www.uspto.gov/interviewpractice.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov