DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 07/28/2022 wherein claims 1 – 20 are pending and ready for examination.

Response to Arguments
Applicant's arguments filed 07/28/2020 have been fully considered but they are not persuasive. 

35 USC 112(b) Rejection
	Claim 5Applicant Asserts:  Claim 5 is rejected under 35 U.S.C. § 112(b) or 35 U.S.C. 112 (pre-
AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or joint inventor (or for applications subject to pre-
AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 5 cites... selecting a set of code of a plurality of sets of code. The Examiner finds indefinite the phrase ‘set of code' because the phrase implies there is but one code and one code in the one set. If so, conveyance of a single code set would be preferable for clarity. Otherwise, the claim may be "selecting a set of code(s) which would imply the selection is from a plurality of codes in one set.
Further, the 'code of a plurality of sets of code’ is better understood when phrased 'code from a plurality of sets of codes’. The Examiner will consider claim 5 to cite selecting a set of codes from a plurality sets of codes.
Office Action, pp. 2 and 3. Applicant respectfully submits that the Office Action fails to
set forth a prima facie case of indefiniteness for claim 5. More specifically, it appears
that the basis for the § 112(b) rejection is that the claim language implies that there is a
single "code" in the set. A "code" may, however, contain multiple executable
instructions. Submitted concurrently herewith is the definition of "code" from Merriam-
Webster.com Dictionary, Merriam-Webster, https://www.merriam-
webster.com/dictionary/code (accessed July 22, 2022). As can be seen, “code” refers ta
“instructions for a computer (as within a piece of software).” As such, one of ordinary
skill in the art would understand that a4 “cade set" refers to a set of restrictions and not


Examiner Response:  The Examiner thanks applicant representative for the detailed response to the non-final rejection Office Action of 05/30/2022.  Respectfully, the Examiner will maintain the 112(b) rejection of claim 5 as being indefinite, not withstanding the well-written and understood position of applicant representative.  The Examiner repeats the earlier contention that the claimed ‘set of code’ to this Examiner remains unclear.  Applicant reference to a Webster definition appears to support the Examiner’s basis for Claim 5 and is reproduced here for ease of reference:

    PNG
    media_image1.png
    606
    785
    media_image1.png
    Greyscale

Here, in the three definitions they all begin with “a” as in a system.  If the code is a system then a set of code is a set of system?  If a code is a systematic statement then a set of code must be  a set of a systematic statement.  The Examiner is compelled to ensure the claims are understood by those of ordinary skill in the art if a patent is to be issued such that after expiration of the patent the inventio is able to be created.  The language of Claim 5 can be interpreted in at least the above three ways which renders the interpretation of the claim as indefinite.  The Examiner maintains the rejection of claim 5 under 35 USC 112(b) as being indefinite.

	Claim 17
Applicant Asserts:  Office Action, p. 3. The basis for the § 112 rejection of claim 17 appears to be the scope, or breadth, of the language, "respond to the request to emulate a response of the physical security device to the request." Claim breadth, however, is not to be equated with
indefiniteness. M.P.E.P. § 2173.04; Jn re Miller, 441 F2d 689, 169 USPQ 597 (CCPA
1971). Moreover, even if the claim language is not precise, that fact does not
automatically make the claim indefinite under 35 U.S.C. § 112,92. See Seattle Box Co.,
v. Industrial Crating & Packing, Inc., 731 F.2d 818 (Fed. Cir. 1984). Acceptability of
the claim language depends on whether one of ordinary skill in the art would understand
what is claimed, in light of the specification. The Supreme Court of the United States
held in Nautilus “that a patent is invalid for indefiniteness if its claims, read in light of the
specification delineating the patent, and the prosecution history, fail to inform, with
reasonable certainty, those skilled in the art about the scope of the invention.” Nautilus,
Inc. v. Biosig Instruments, Inc. (June 2, 2014); see also In re Moore, 439 F.2d 1232, 1235
(CCPA 1971) (“[One] determine[s] whether the claims do, in fact, set out and circumscribe a particular area with a reasonable degree of precision and particularity. It
is here where the definiteness of the language employed must be analyzed - not in a
vacuum, but always in light of the teachings of the prior art and of the particular
application disclosure as it would be interpreted by one possessing the ordinary level of
skill in the pertinent art.”).

The Office Action cites paragraph number [0014] of the Specification of the
instant application and contends that "it is the physical security interposer device that is
emulated and not the response of the device." However, contrary to the conclusion
drawn by the Office Action, the Specification is replete with discussions of emulating a
response of a physical security device or a physical security interposer device to a
request. For example, as discussed in paragraph number [0026], "the security service
request may be intended to be handled by a physical security interpose device, such as a
device that is physically interposed between the BMC 130 and the memory 168." "If a
requesting device sends a security request that 1s intended to be handled by a physical
security interposer device (which is not present), then the requesting device expects a
result or transformation that would otherwise be provided if the physical security
interposer device was present; and for this example, the BMC 130, instead of a physical
security interposer device, provides the expected result or transformation." Specification,
para. no. [0026]. In other words, the BMC 130 emulates the response of the physical
security interposer device. As discussed in paragraph number [0019], "the execution of
the firmware by the security processor allows a specific security solution of a superset of
security solutions to be selected and to be used for the computer system." "In this
manner, through the execution of trusted firmware instructions, the security processor
may emulate responses to security service API calls that are intended to be serviced by a
physical interposer device." Specification, para. no. [0019].
As discussed in paragraph number [0027] of the Specification, "in accordance
with example implementations, a security service request may be directed to a first
security solution that is associated with a physical security interposer device; the BMC
130 receives the request but is not the physical interposer device; the BMC 130 emulates
the response of the physical security interposer device to provide the first security
solution; and the BMC 130 provides the same result that the physical security interposer would provide." "Therefore, as the BMC 130 is in the path of communications and
therefore is in position to receive security service requests they are intended for a
physical interposer device and emulate the responses of the physical interposer device to
the security service request." Specification, para. no. [0033]. In paragraph number
[0033], the Specification discusses a security processor 142 of the BMC and the
execution of a security API layer 220. "The security API layer 220 provides the
abstraction to, based on the parameters of the request 224, determine the cryptographic
primitive(s) to perform; the security layer 218 performs the cryptographic primitive(s);
and the security API layer 220 provides an emulated response 254 of the physical
security interposer device." Specification, para. no. [0035]. In paragraph number [0045],
the Specification discusses the secure enclave of the BMC and states, "for this security
solution, the firmware for the secure enclave 140 is configured to emulate the response of
the physical security interposer device to security service requests."
Therefore, for at least the foregoing reasons, Applicant respectfully requests
withdrawal of the § 112(b) rejection of claim 17.

Examiner Response:  Respectfully, notwithstanding the wordsmithing here, but the Examiner cited three locations in the instant specification citing different functions relating to a security device as the basis for the rejection.  Applicant’s response does not actually address the apparent disconnects between disclosures at [0008], [0014], and [0019] regarding and respond to the request to emulate a response of the physical security device to the request.  It is not the breath of the claim language or its depth.  Rather, it is the conflicting or confusing functions ascribed to the “security device” by way of “a security interposer device”.   Applicant in response, references locations in the instant specification such as [0026], [0027], [0034] but as can be discerned, at these locations disclose a security interposer device.  A security interposer device is not the same as the claim’s security device according to the instant specification at [0012] ... The security interposer device mat be located between a bus that stores a firmware stack for the BMD and firmware for the server platform.  Turning to the instant drawings, Figure 2 depicts a interposer device 250 between a server and device memory.  Instant specification at location [0026] distinguishes the BMC from the security interposer device and avoids the confusion because there is no mention of the claimed “security device” but applicant uses this as evidence of clarity.  It is at least for this reason the Examiner maintains the 112(b) rejection of claim 17 as being indefinite.  
Claim Rejections - 35 USC § 102Applicant Asserts:  Wentz, 35:38-42. Wentz fails to, however, whether in these cited passages, or otherwise, discuss a BMC receiving a request for a security function to be performed, where the request is directed to a physical security device other than the BMC. First, Wentz fails to
disclose a BMC receiving a request. Instead, as discussed in paragraph number [0035] of
Wentz, the software monitor receives the command. Wentz fails to disclose the software
monitor being part of or being provided by the BMC. Wentz states, "originating processor 128 may be designed and configured to load a local software monitor." Wentz,
26:54-56. It is noted that Wentz does not discuss a BMC performing all of the functions
of the originating processor 128, but rather, Wentz is specific as to the function that may
be performed by a BMC: "enforcement of keyed access to the boot code, and/or loading
of local software monitor." Wentz, 31:62-63. Moreover, Wentz discusses execution of
the local software monitor on the originating processor 128, and this execution does not
involve a BMC. "As a non-limiting example of the former, local software monitor may
operate in a privilege mode of a processor above an operating system and hypervisor,
such as an originating processor 128 as described above, such as without limitation
machine mode in the non-limiting example of the RISC-V processor ISA." Wentz,
26:58-64.

Examiner Response: 
Request v Command:  Respectfully, the Examiner does not agree that Wentz does not receive a request but instead receives a command.  Under a broad yet reasonable interpretation the Examiner finds a request here is akin to a command in that a security request is a command to perform a particular action.
Executing Local Software Monitor:  Not claimed.  Applicant raises the point “Moreover, Wentz discusses execution of the local software monitor on the originating processor 128, and this execution does not involve a BMC”.  Wentz teaches the BMC may be originating processor 128 and the fact that a local software monitor may be executed thereon is not a subject of the claims with respect to the BMC.

 	Claim Rejections - 35 USC § 103
		Claim 12
Applicant Asserts: Even assuming, arguendo, that Wentz's system inherently includes a processor 51-to-processor 53 interface, Wentz fails to disclose or render obvious the interface receiving a request, where the request is directed to a security function that is intended to be handled by a physical security interposer between the second bus and a memory. Applicant notes that the missing elements are not inherently disclosed by Zimmer, as no reasoning has been advanced by the Office Action to explain why the missing elements necessarily flow from Zimmer. Ex parte Levy, 17 U.S.P.Q.2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (holding that in order for a missing claim limitation to be inherently disclosed in a reference, the missing claim limitation must necessarily flow from the teachings of the reference).

Examiner Response:  Respectfully, the Examiner fails to understand what elements are missed in the Claim 12 rejection.  The claimed ‘security function’ was identified as taught by Zimmer as ‘registering keys’ that is performed by the interposer device.  

	Bridge between first and 2nd bus
Applicant Asserts:  ... Moreover, the alleged bridge is an assumed processor-to-processor
interface. The Office Action fails to advance any plausible reason to explain why this assumed processor-to-processor interface would receive the expressly-recited request or
"perform the security function to respond to the request," as also expressly-recited in
claim 12.

Examiner Response:  The Examiner cited Zimmer as teaching receiving a request over the first bus and the request being a query.  Applicant representative refers to missing elements in claim 12.  The examiner mapped all elements in Claim 12 and therefore maintains the rejection of claim 12 in view of Zimmer.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 5 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 5 cites … selecting a set of code of a plurality of sets of code.  The Examiner finds indefinite the phrase ‘set of code’ because the phrase implies there is but one code and one code in the one set.  If so, conveyance of a single code set would be preferable for clarity.  Otherwise, the claim may be citing “selecting a set of code(s) which would imply the selection is from a plurality of codes in one set.  Further, the ‘code of a plurality of sets of code’ is better understood when phrased ‘code from a plurality of sets of codes’.  The Examiner will consider claim 5 to cite selecting a set of codes from a plurality sets of codes.

Claim 17 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 17 cites in part …  and respond to the request to emulate a response of the physical security device to the request.  The Examiner cannot discern what is being claimed here as the wording invites confusion because it is not clear what is meant by “emulate a response of the security device”.  The instant specification is not clear.  For example, at location [0008] Figure 7 illustrates a secure enclave having a security core to emulate a response of a physical security device.  However, at instant location [0014] it is the physical security interposer device that is emulated and not the response of the device.  Yet at instant location [0019] a security processor emulates responses from API calls.   The Examiner will consider the limitation as being responsive to a request from a security device to emulate a response.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-2 and 9-11 are rejected under 35 U.S.C. 102(a)(1) (a)(2) as being anticipated by Wentz; Christian et al, US 10742421 B1, August 11, 2020, hereafter referred to as Wentz.

           As to claim 1, Scarlata teaches a method – Scarlata [column 35, lines 4-5] a method 300 of attested computing at originating device 104 is illustrated in Fig. 3) comprising:
           a baseboard management controller – Wentz [column 31, lines 62-67 and column 32, line 1] … where originating processor 128 is a microcontroller or CPU, enforcement of keyed access to the boot code, and/or loading of local software monitor, may be performed via a hardware or software defined security element, such as in nonlimiting example trusted platform module (TPM), Platform Controller Hub, Baseboard Management Controller (BMC);
            receiving, from a requestor, a request for a security function to be performed – Wentz [column 35, lines 6-8] … At step 305, local software monitor receives at least a command to execute at least a program on originating device 104. At least a command may include information directing local software monitor as to which program to execute on originating device 104.  Here, the claimed ‘requestor’ is taught by Wentz as ‘local software monitor’ whereas the claimed ‘request’ is taught by Wentz as ‘monitor execution’ which would be a security function that ensures the attested resource), wherein the request is directed to a physical security device other than the baseboard management controller – Wentz [column 35, lines 38-40] With continued reference to FIG. 3, at step 315 local software monitor digitally signs the at least a first cryptographic hash of the at least a command; and the baseboard management controller responding to the request to emulate a response of the security device to the request – Wentz [column 36, lines 13-17] at step 320 local software monitor executes the at least a program. Executing as used herein includes running the at least a program on originating device 104. Running may include loading and/or starting the at least a program).

           As to claim 2, Wentz teaches the method of claim 1, wherein:
          the baseboard management controller is part of a server - Wentz [column 31, lines 55-59] With continued reference to FIG. 1, originating processor 128 may include and/or be configured to utilize any number of components that may be incorporated in a computing device as described herein, including without limitation a server); and
          receiving the request comprises receiving the request from an application of the server or an entity outside of the server - Wentz [column 38, lines 45-53] …  FIG. 4, at step 415 remote software monitor 136 signs the at least a first cryptographic hash of the at least a program; this may be performed using any form of digital signature usable for first software monitor to sign a cryptographic hash as described above, including by generation of a modified signature set based on a signature set generated by first software monitor, which may be generated by remote software monitor as described above. with the remote software monitor key.  Here, the claimed ‘application’ is taught by Wentz as ‘at least a program’ whereas the claimed ‘entity outside of the server’ is taught by Wentz as ‘remote software monitor 136’ which would be a security function that ensures the attested resource).

              As to claim 9, the combination of Wentz and Zimmer teaches the method of claim 1, wherein the baseboard management controller responding to the request comprise the baseboard management controller emulating loading of reference measurement hashes into a memory of the physical security device  - Wentz [column 32, lines 10-20] boot code and/or local software monitor may be stored in memory with some means of access control, such as a flash memory chip or Read Only Memory (ROM), where access from originating processor 128 to memory may be mediated directly or indirectly by the security element. In nonlimiting example, where originating processor 128 is or includes a programmable logic device such as an FPGA or CPLD, an additional step may include loading of hardware description bitfile. Such loading may be secured via similar keyed hash or hash process.

              As to claim 10, the combination of Wentz and Zimmer teaches the method of claim 1, wherein the baseboard management controller responding to the request comprises the baseboard management controller constructing at least part of a root of trust measurement chain - Wentz [column 28, lines 15-23] Still referring to FIG. 1, attested boot processes as described above may be performed to load and/or initialize a trusted system in which a trusted software infrastructure signs and/or initializes a software monitor and/or a software object and/or application; trusted software infrastructure may be generated from a hardware root of trust such as a secure computing module 112 and/or component thereof as described above, acting as a remote and/or local software monitor).

            As to claim 11, the combination of Wentz and Zimmer teaches the method of claim 1, wherein the baseboard management controller responding to the request comprises the baseboard management controller performing key management - Wentz [column 25, lines 9-15] Still viewing FIG. 1, device identifier circuit 124 may be configured to perform a direct anonymous attestation (DAA) protocol. In an embodiment, DAA is an anonymous digital signature scheme, which instead of reliance on a certificate authority to link a particular private key to a particular party, uses reference to a group public key or to multiple public keys to verify an anonymous signature).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 3-8, 12 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Wentz; Christian. et al, US 10742421 B1, August 11, 2011, hereafter referred to as Wentz in view of    Zimmer, Vincent J., US 20040073806 A1, April 15,2004 hereafter referred to as Zimmer.

           As to claim 3, - Wentz teaches the method of claim 1.  WENTZ DOES NOT TEACH  
           wherein the baseboard management controller comprises a secure enclave, the method further comprising:
           executing firmware inside the secure enclave to respond to the request, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR ZIMMER TEACHES
          wherein the baseboard management controller comprises a secure enclave – Zimmer [0009 and 0015] since at ‘15… a server management baseboard controller, such as the IPMI (Intel Platform Management Interface) compliant Baseboard Management Controller 56 (BMC 56) in an Intel Standard High-Volume (SHV) server motherboard with the capabilities required by a TCPA (Trusted Computer Platform Architecture--www.trustedpc- .org) 1.0-compliant system can be augmented with a trusted platform module 58 (TPM 58) as firmware executing on the BMC 56 to support cryptographic services.  Here, the claimed secure enclave is taught by Zimmer as ‘TPM 58’ but at location [0009] Zimmer teaches a single processor embodiment of Figure 1 whereby the claimed ‘’enclave’ is taught as ‘Service Module 16’), the method further comprising:
            executing firmware inside the secure enclave to respond to the request – Zimmer [0019] The TPM 58 executing in an IPMI compliant environment such as described can guarantee security since execution is hidden and storage shrouded from the main microprocessor complex (IA32 or IPF family SMP. Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique of including a secure enclave within a baseboard management controller as taught by Zimmer to originating processor 128 of Wentz would have yielded predicable results and resulted in an improved processor, namely, a processor that would positively benefit computing environment 102 provided by the technique of embedding the secure enclave of Zimmer in originating processor 128 of Wentz).

              As to claim 4, the combination of Wentz and Zimmer teaches the method of claim 3, wherein the baseboard management controller comprises a processing core outside of the secure enclave  - Zimmer [0015] … a server management baseboard controller, such as the IPMI (Intel Platform Management Interface) compliant Baseboard Management Controller 56 (BMC 56) in an Intel Standard High-Volume (SHV) server motherboard with the capabilities required by a TCPA (Trusted Computer Platform Architecture--www.trustedpc- .org) 1.0-compliant system can be augmented with a trusted platform module 58 (TPM 58) as firmware executing on the BMC 56 to support cryptographic services), the method further comprising:
the processing core generating a second security request; and executing the firmware inside the secure enclave in response in the second security request - Zimmer [0022] Fig.4 specifically illustrates a general process 70 for implementing a cryptographic service module in a baseboard management controller system. …  Assuming success, the boot block descriptor is tested (80) to see if it forms a part of a secure (trusted system). If it is, the boot block is read into the TPM (82), and hashing or other cryptographic services are performed to verify BIOS integrity (86).  Here, under BRI the Examiner finds that general process 70 tests procedures are inquires and are broadly interpreted to function as requests because method steps 74, 80 and 88 are decision points that request information.  Hence, the claimed ‘second security request/inquiry’ is taught by Zimmer as ‘tested (80)’ whereas the claimed ‘executing the firmware’ is taught by Zimmer as ‘hashing’ because this service is being performed inside of the controller.  The rationale for Wentz consideration of Zimmer’s BMC features in claim 3 apply here in claim 4.

            As to claim 5, the combination of Wentz and Zimmer teaches the method of claim 3, wherein executing the firmware comprises:
           selecting a set of code of a plurality of sets of code - Zimmer [0012] … a complex, multi-board set in an enterprise-class server can use multiple management controllers for monitoring the different subsystems such as redundant power supply monitoring and control, RAID, expansion I/O, etc. In operation, the baseboard management controller 14 functions as policy agency that decides which processor to apply power-on reset to, when to assert INIT and NMI, etc.  Here, the claimed ‘selecting’ is taught by Zimmer as ‘monitoring’ because prior to monitoring a selection is made of which of the multi-board set of systems whereby the claimed ‘plurality sets of code’ is taught by Zimmer as ‘different subsystems’ because the systems would be identified by codes), wherein the selected set of code corresponds to the physical security device - Zimmer [0013] … In operation, the baseboard management controller 14 functions as policy agency that decides which processor to apply power-on reset to, when to assert INIT and NMI, etc), the physical security device corresponds to a first security solution and another set of code of the plurality of sets corresponds to a second security solution other than the first security solution - Zimmer [0012] … The usual inputs to effect policy decisions include measurement of physical integrity of hardware (i.e., error detection, BIST failures, key press data, non-responsive CPU's, etc) and state regarding earlier boots. The cryptographic module provides an additional policy variable, namely the cryptographic integrity the computing platform.  Here, the claimed ‘first security solution’ is taught by Zimmer as measurement …physical security’ whereas the claimed ‘second security solution’ is taught by Zimmer as ‘non-responsive CPU's’ whereby the claimed ‘set of code’ is taught by Zimmer as ‘usual inputs’ which are commands in the form of codes.  The rationale for Wentz considering Zimmer BMC with an embedded enclave in claim 3 applies here in claim 5 as all of the operations are based on the Zimmer configuration contributing to the Wentz BMC).

               As to claim 6, the combination of Wentz and Zimmer teaches the method of claim 5, wherein the second security solution corresponds to the baseboard management controller or another physical security device other than the baseboard management controller – Zimmer [0022] The BMC is the primary agent here in that it controls the power-on reset signaling to the main CPU complex, so it can perform this authenticate process of the boot-block even prior to the first code-fetch from the main CPU (i.e., don't take main CPU's out of reset until authenticate logic done in the slower BMC/TPM microprocessor. The rationale for Wentz considering Zimmer BMC with an embedded enclave in claim 3 applies here in claim 6 as all of the operations are based on the Zimmer configuration contributing to the Wentz BMC).


            As to claim 7, the combination of Wentz and Zimmer teaches the method of claim 3, further comprising:
            using a hardware root of trust inside the secure enclave to validate the firmware and load the firmware after validation into a memory of the secure enclave - Wentz [column 28, lines 15-23] … attested boot processes as described above may be performed to load and/or initialize a trusted system in which a trusted software infrastructure signs and/or initializes a software monitor and/or a software object and/or application; trusted software infrastructure may be generated from a hardware root of trust such as a secure computing module 112 and/or component thereof as described above, acting as a remote and/or local software monitor). 

             As to claim 8, the combination of Wentz and Zimmer teaches the method of claim 1, wherein the baseboard management controller responding to the request comprises the baseboard management controller providing a platform cryptographic identity - Zimmer [0010] The baseboard management controller has isolated execution and memory with respect to the main processor; and communicates cryptographic information between the baseboard management controller and the main processor to verify BIOS integrity. This allows enhanced protection of computing platform security through a more secure boot process that binds a segment of BIOS code to its platform and current configuration (e.g., hardware configuration within the platform. The rationale for Wentz considering Zimmer BMC with an embedded enclave in claim 3 applies here in claim 8 as all of the operations are based on the Zimmer configuration contributing to the Wentz BMC)..                     

            As to claim 12, Wentz teaches a computer system – [column 5, lines 9-10] Wentz FIG. 1, an exemplary embodiment of a system 100 of anonymous hardware attestation is illustrated comprising:
            a memory to store a firmware image – Wentz [column 6, lines 39-41] FIG. 1, originating device 104 may include and/or be communicatively connected to at least a memory 108. WENZ DOES NOT EXPLICTLY TEACH
            a first bus; 
            a second bus; and
            a bridge between the first bus and the second bus , wherein the bridge
to:
            receive a request communicated over the first bus
wherein the request is directed to a security function intended to be handled by a physical security interposer coupled between the second bus and the memory
and perform the security function to respond to the request HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR ZIMMER TEACHES
            a first bus; 
            a second bus; and
            a bridge between the first bus and the second bus 

    PNG
    media_image2.png
    651
    642
    media_image2.png
    Greyscale



wherein the bridge to: – Zimmer [0018] … The BMC 56 manages the interface between system management software and the platform management hardware, provides autonomous monitoring, event logging, and recovery control, and serves as the gateway between system management software and the IPMB and any other bus systems commonly available (e.g. Intelligent Chassis Management Bus (ICMB)). IPMI supports the extension of platform management by connecting additional management controllers to the system using the IPMB. The IPMB is an I.sub.2C-based serial bus that is routed between major system modules. It is used for communication to and between management controllers.  Here, the claimed ‘first bridge’ is illustrated by Zimmer as ‘Processor 51 to Processor 53 interface’.  The claimed ‘second bridge is illustrated by Zimmer as ‘Processor 52 to Processor 54 interface’), 
            receive a request communicated over the first bus – Zimmer [0003] In typical power-on operation in compliance with the standard, a separate hardware module (using cryptographic hashing techniques) queries the BIOS to determine if it can be trusted, and the BIOS queries the user to ensure that user is authorized to use the platform.  Here, the claimed ‘request’ is taught by Zimmer as ‘queries’), wherein the request is directed to a security function intended to be handled by a physical security interposer coupled between the second bus and the memory – Zimmer [0016] As will be understood, IPMI compliant systems typically use Intelligent Platform Management (IPM) for autonomous monitoring and recovery features implemented directly in platform management hardware and firmware);  Here, the claimed ‘physical security interposer’ is taught by Zimmer as ‘IPM’.  The claimed ‘memory’ is also taught by Zimmer as ‘IPM’ which includes a memory which by design of Figure 3 is interposed between the second bus); and perform the security function to respond to the request – Zimmer [0016] … The key characteristic of Intelligent Platform Management is that inventory, monitoring, logging, and recovery control functions are available independent of the main processors, BIOS, and operating system.  Here, the claimed ‘security function’ is taught by Scarlata as ‘register …key’). Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique of including a secure enclave within a baseboard management controller as taught by Zimmer to originating processor 128 of Wentz would have yielded predicable results and resulted in an improved processor, namely, a processor that would positively benefit computing environment 102 provided by the technique of embedding the secure enclave of Zimmer in originating processor 128 of Wentz).         

          As to claim 17, Wentz teaches a baseboard management controller – Wentz [column 31, lines 62-67] … where originating processor 128 is a microcontroller or CPU, enforcement of keyed access to the boot code, and/or loading of local software monitor, may be performed via a hardware or software defined security element, such as in nonlimiting example trusted platform module (TPM), Platform Controller Hub, Baseboard Management Controller (BMC). WENTZ DOES NOT TEACH  a baseboard management controller comprising a security core to: receive a request from a requestor), wherein the request corresponds to a security function to be handled by a physical security device other than the baseboard management controller; and respond to the request to emulate a response of the physical security device to the request; and a processing core outside the secure enclave to execute instructions to perform system management functions for a computer system HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR ZIMMER TEACHES a baseboard management controller comprising a security core to: receive a request from a requestor -Zimmer [0009] The baseboard management controller 14 also includes memory and/or logic supporting an internal cryptographic service module 16.  Here, the claimed ‘secure enclave’ is taught by Zimmer as ‘cryptographic service module 16’), wherein the request corresponds to a security function to be handled by a physical security device other than the baseboard management controller – Zimmer [0018] …  A complex, multi-board set in an enterprise-class server can use multiple management controllers for monitoring the different subsystems such as redundant power supply monitoring and control, RAID, expansion I/O, etc.  While an entry-level system can have all management functions integrated into the BMC. Here, the claimed ‘security function’ is taught by Zimmer as ‘power supply monitoring’); and respond to the request to emulate a response of the physical security device to the request – Zimmer [0018] …  IPMI also includes `low-level` I.sub.2C access commands that can be used to access `non-intelligent` I.sub.2C devices (devices that don't handle IPMI commands) on the LPC or other private busses accessed via a baseboard management controller); and a processing core outside the secure enclave to execute instructions to perform system management functions for a computer system) wherein the request corresponds to a security function to be handled by a physical security device other than the baseboard management controller – Zimmer [0019] …  In effect the private memory and hardware resources of a TPM 58 module supported by the BMC 56 precludes viruses, errant drivers, and other untrusted code executing on the main microprocessor complex from compromising secrets of the TPM. Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique of including a secure enclave within a baseboard management controller as taught by Zimmer to originating processor 128 of Wentz would have yielded predicable results and resulted in an improved processor, namely, a processor that would positively benefit computing environment 102 provided by the technique of embedding the secure enclave of Zimmer in originating processor 128 of Wentz).

Claims 13-14, 16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wentz and Zimmer, in view of Scarlata; Vincent R et al, US 20170366359 A1, December 21, 2017 hereafter referred to as Scarlata.

           As to claim 13, the combination of Wentz and Zimmer teaches the computer system of claim 12.  THE COMBINATION OF WENTZ AND ZIMMER DO NOT TEACH wherein the bridge comprises a baseboard management controller, and the baseboard management controller comprises:
           a first bus interface coupled to the first bus;
           a second bus interface coupled to the second bus and;
 
           a secure enclave to respond to the request to perform the security function, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SCARLATA TEACHES wherein the bridge comprises a baseboard management controller – Scarlata [0053] The platform 902 can communicate with the registration service 910 via in-band connection. For example, host management stack can detect new manifests or package add requests. Software can contact the registration service 910 through a network connection. In some embodiments, the connectivity can be out of band. For example, a node manager or baseboard management controller (BMC) can detect a new manifest or package add message.  Here, the claimed ‘bridge’ is taught by Scarlata as ‘through a network connection’ as the connection is a bridge not necessarily a bus bridge), and the baseboard management controller comprises:
           a first bus interface coupled to the first bus - Scarlata [0080] Chipset 1490 may be in communication with a bus 1420 via an interface circuit 1496);
           a second bus interface coupled to the second bus - Scarlata [0080] … Via a bus 1410, bus bridge 1418 may be in communication with other devices such as a keyboard/mouse 1412); and 
            a secure enclave to respond to the request to perform the security function - Scarlata [0036] … The attestation service can query its collection of processor certificates to verify that the public key was signed by (the provisioning attestation key of) a reputable platform to conclude that data (e.g., quotes) signed by the quoting enclave (e.g., using the private key of the attestation key pair) are likewise to be trusted). Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique whereby the bridge comprises a baseboard management controller as taught by Scarlata to the design of Wentz would have yielded predicable results and resulted in an improved system, namely, a system that places the in the bridge BMC that would positively benefit computational burden etc. provided by the “technique” of Scarlata.  Wentz teaches at [column 30, lines 60-64] placement of the BMC and other devices can be configured in any manner to carry out the embodiments which are simply a design choice). 

           As to claim 14, the combination of Wenz, Zimmer, and Scarlata teaches the computer system of claim 13, wherein the secure enclave comprises:
           a security core layer to execute firmware to perform a plurality of security functions associated with the physical security interposer, including the security function to which the request is directed - Scarlata [0032] Turning to FIG. 4, in some platforms, a single quoting enclave is provided and interface directly with a provisioning enclave suite. Here, the claimed ‘security core layer’ is taught by Scarlata as ‘a single quoting enclave’ whereas the claimed ‘security function’ is taught by Scarlata as ‘provisioning’ because the quoting enclave requests that the provisioning enclave attest to a key); and
         a security application programming interface (API) layer to respond to the request cause the security core layer to perform the security function to which the request is directed - Scarlata [0030] For instance, one or more provisioning enclaves 250 can be provided to interface with a corresponding provisioning system to obtain attestation keys for use by a quoting enclave 255 and/or application enclave.  The rationale for Wentz to consider the features of Scarlata in claim 13 applies here in claim 14.
             
              As to claim 16, The combination of Wentz and Zimmer teaches the computer system of claim 12.  THE COMBINATION OF WENTZ AND ZIMMER DO NOT TEACH Scarlata teaches the computer system of claim 12, wherein the security function comprises a function to provide a cryptographic identity, store a cryptographic key, validate a content of the memory, store a measurement hash, load a reference measurement or retrieve a cryptographic key, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SCARLATA TEACHES wherein the security function comprises a function to provide a cryptographic identity, store a cryptographic key, validate a content of the memory, store a measurement hash, load a reference measurement or retrieve a cryptographic key – Scarlata [0108] Example 17 is a method that includes storing a device certificate received from a key generation facility; receiving a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validating the processor using a stored device certificate.  Here, the claimed ‘cryptographic identity’ is taught by Scarlata as ‘validating the processor’ because the validation identifies a processor.  The rationale for Wentz to consider the features of Scarlata in claim 13 applies here in claim 16.   

             As to claim 18, the combination of Wentz and Zimmer teaches the baseboard management controller of claim 17, wherein: the secure enclave further comprises a hardware root of trust and a memory; the root of trust validates firmware and loads the firmware after validation into the memory; and the security core executes the firmware to process the request - Wentz [column 28, lines 15-23]  … attested boot processes as described above may be performed to load and/or initialize a trusted system in which a trusted software infrastructure signs and/or initializes a software monitor and/or a software object and/or application; trusted software infrastructure may be generated from a hardware root of trust such as a secure computing module 112 and/or component thereof as described above, acting as a remote and/or local software monitor). .

               As to claim 19, the combination of Wentz and Zimmer teaches the baseboard management controller of claim 17, wherein the request originates with an entity of the computer system external to the baseboard management controller, or an entity external to the computer system – Wentz [column 35, lines 6-8] …  At step 305, local software monitor receives at least a command to execute at least a program on originating device 104. At least a command may include information directing local software monitor as to which program to execute on originating device 104. Here, the claimed ‘external to the controller’ is taught by Wentz as ‘local monitor’ which is outside of the controller).

            As to claim 20, is a baseboard management controller that is directed to the method of claim 16.  Therefore, claim 20 is rejected for the reasons as set forth in claim 16.

Allowable Subject Matter
Claim15 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249111/6/2022
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491