DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. Evidence that claims 1-11 fail(s) to correspond in scope with that which the inventor or a joint inventor, or for pre-AIA  applications the applicant regards as the invention can be found in the specification at paragraph 12. In that paper, the inventor or a joint inventor, or for pre-AIA  applications the applicant has stated (with emphasis), “Aspects of the present disclosure can provide a cluster of hardware devices for provisioning endpoint devices with secrecy, integrity, access controller, high availability, minimal transaction time, and interactive transactions with multiple requests and responses within a session.”, and this statement indicates that the invention is different from what is defined in the claim(s) because claim 1, and consequently claims 2-11, indicate at the preamble (with emphasis), “A provisioning cluster of hardware devices or provisioning endpoint devices”. For the purpose of examination, this is understood to have been intended to refer to “…for provisioning…” instead of branching the claim into two separate concepts.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “first computing device” and “second computing device” in claim 1 and “memory device” and “processing device” in claim 18.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. See for example figure 1 and paragraph 14.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 10, and 12  is/are rejected under 35 U.S.C. 103 as being unpatentable over US20190281014 to Lin et al. in view of US9584509 to Hamburg et al. and US20180157521 to Arikatla et al.Referring to claim 1, Lin discloses a cluster of hardware devices “for” endpoint devices, the cluster comprising: a first computing device, wherein the first computing device is used, by the cluster, for a session with an endpoint device; and  a second computing device, wherein the second computing device is designated as a follower for the session, wherein the first computing device is to share context information of the session with the second computing device such that the second computing device resumes the session if the leader fails (Paragraph 30-31, “In operation, when computing assets initiate a communication session with a primary service instance, the primary service instance will cache connection information for the communication. In caching the connection information, the primary service instance will receive a packet using a first destination IP address that is unique to the primary instance. Once received at the primary instance, the primary instance will replace the destination IP address with a shared destination IP address that is shared with a backup instance for the service. The shared IP address may then be stored in at least one data structure with other information about the connection including the source IP address, source and destination ports, protocols, or some other similar connection information. After being stored at the primary instance, the connection information may be communicated to the backup instance in preparation for a failover event, e.g. such as a failure of the host at the first instance. Once a failover event occurs, the software defined networking processes of cloud service provider 550 will forward communications to the backup or failover instance instead of the primary instance. Specifically, when a data packet is identified by cloud service provider 550 with the shared IP address, the cloud service provider will forward the packet to the active backup service instance by translating the shared IP address to the unique IP address associated with failover service instance 530. Referring to the example in overview 500, data packet 510 is received by cloud service provider 550, wherein the packet is processed using cloud service provider translation operation 520. In processing the packet, cloud service provider translation operation 520 will identify shared address 540 in the packet and translate the packet to the active instance associated with the shared address. In the present implementation, because failover service instance 530 is active for the service, shared address 540 is translated to private address 541 associated with service instance 530 and forwarded to the virtual network interface of the service instance. Once the packet is received at a virtual network interface of service instance 530, service instance 530 will perform service network translation operation 522 to determine whether a connection has been previously established with the source computing asset.”).
Although Lin does not specifically disclose the cluster is for provisioning endpoints, this is known in the art. An example of this is shown by Hamburg, from the abstract, “The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.” It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to remotely provision a device because, as shown by Hamburg, from line 49 of column 3, “In the manufacturing of certain devices, software, codes, keys and other important assets may be embedded or installed in the hardware devices. Currently, these assets may be transported from the customer to a manufacturing site on a storage medium, such as stored on an optical disc. The management of these assets may be important to the security and revenues of the customer as it not entirely satisfactory in all respects. The embodiments described herein provide secure-asset management systems and technologies to securely provision assets to these hardware devices in untrusted environments. The secure-asset management system includes many components that cooperate to allow a customer to monitor and control the receipt and consumption of such assets during the manufacturing process performed by the third-party manufacturer. The system includes remote components installed at the third-party manufacturer and components used by the customer to communicate with and control these remote components. An asset may be digital data, such as a key or key set, a certificate, a unique device identifier, etc. which needs to be securely transferred to the consuming device before the device may be ready for sale to a consumer.”
	Further, although Lin does not specifically disclose the first computing device elected as a leader, this is known in the art. An example of this is shown by Arikatla from paragraph 83, “FIG. 3F illustrates an example virtualized file server that has recovered from failure of a FSVM by electing a new leader FSVM according to particular embodiments. When an FSVM-2 170b fails, e.g., because it has been brought down for maintenance, has crashed, the host machine on which it was executing has been powered off or crashed, network communication between the FSVM and other FSVMs has become inoperative, or other causes, then the CVM that was being used by the failed FSVM, the CVM's associated volume group(s), and the network address of the host machine on which the failed FSVM was executing may be taken over by another FSVM to provide continued availability of the file services that were being provided by the failed FSVM. In the example shown in FIG. 3F, FSVM-2 170b on Host-2 200b has failed. One or more other FSVMs, e.g., FSVM-1 170a or FSVM-3 170c, or other components located on one or more other host machines, may detect the failure of FSVM-2, e.g., by detecting a communication timeout or lack of response to a periodic status check message. When FSVM-2's failure is detected, an election may be held, e.g., using a distributed leader election process such as that provided by the centralized coordination service. The host machine that wins the election may become the new leader for the filesystem pools 366b, 367b for which the failed FSVM-2 was the leader. In this example, FSVM-1 170a wins the election and becomes the new leader for the pools 366b, 367b, FSVM-1 170a thus attaches to CVM-2 110b by creating file system 364b, 365c instances for the file server instances FS1 and FS2 using FS1-Pool-3 366b and FS2-Pool-4 367b, respectively. In this way, FSVM-1 takes over the filesystems and pools for CVM-2's volume groups, e.g., volume groups VG1 366b and VG2 367b of local storage 122b. Further, FSVM-1 takes over the IP address associated with FSVM-2, 10.1.1.2, so that storage access requests sent to FSVM-2 are received and processed by FSVM-1. Optionally, metadata used by FSVM-1, e.g., metadata associated with the filesystems, may be transferred to FSVM-3 so that the specific configuration and/or state of the filesystems may be re-created on FSVM-3. Host-2 200b may continue to operate, in which case CVM-2 110b may continue to execute on Host-2. When FSVM-2 again becomes available, e.g., after it has been re-started and has resumed operation, FSVM-2 may assert leadership and take back its IP address (10.1.1.2) and storage (FS1-Pool-3 366b and FS2-Pool-4 367b) from FSVM-1.” It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to elect a leader because, as shown by Arikatla above, it allows the failure of a particular machine to be recovered from, particularly where there is more than one candidate.

Referring to claim 10, although Lin does not specifically disclose the first computing device is to share the context information of the session with at least the second computing device by sending a signed message to the second computing device, the signed message comprising the context information, signing is known in the art. An example of this is shown by Hamburg, from line 18 of column 3, “Sequences may be digitally signed and/or carry other cryptographic demonstrations of validity (e.g. a MAC), which the CM Core can verify to confirm the original and validity of the sequences. This provides control over what data will be accepted (and which operations will be executed by) the CM Core, even if the communication channel used to deliver the sequences is untrusted.” It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to sign a message because, as shown by Hamburg, it allows information to be validated and verified for control of acceptance.

Referring to claim 12, see rejection of claim 1.

Claim(s) 2, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin, Hamburg, and Arikatla as applied to claim 1 above, and further in view of “Hardware Security Module” by Wikipedia.
	Referring to claim 2, 13, although Lin, Hamburg, and Arikatla does not specifically disclose the first computing device is a hardware security module (HSM) with a physical security perimeter, this is known in the art. An example of this is shown by Wikipedia, “A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. … HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection.[12] Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging.” It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use an HSM because, as shown by Wikipedia, it safeguards and manages digital keys for strong authentication and provides cryptoprocessing, which may be of particular use in a provisioning environment, such as Hamburg as combined above.

Claim(s) 3-5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin, Hamburg, and Arikatla as applied to claim 1 above, and further in view of US20170285982 to DeArment.
Referring to claim 3, although Lin, Hamburg, and Arikatla does not specifically disclose the first computing device is to use a consensus protocol to share the context information of the session with the provisioning cluster, using a consensus protocol to transfer information is very well known in the art. An example of this is shown by DeArment, from paragraph 38, “The cluster of hosts 102 can be configured with a replicated configuration system 106. In some embodiments, the replicated configuration system 106 stores and provides highly-available and fault-tolerant access to service configuration information for the services 104 installed on the hosts 102. In particular, the replicated configuration system 106 coordinates replication of data changes to the service configuration information between the hosts 102 in accordance with a consensus protocol that allows the hosts 102 to agree on an ordering for the changes even in circumstances where a host 102 in the cluster fails (e.g., crashes, suspends, hangs, or unexpectedly reboots).” It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use a consensus protocol to transfer information because, as shown by DeArment, it “coordinates replication of data changes to the service configuration information between the hosts 102 in accordance with a consensus protocol that allows the hosts 102 to agree on an ordering for the changes even in circumstances where a host 102 in the cluster fails (e.g., crashes, suspends, hangs, or unexpectedly reboots).”
Referring to claim 4, Lin, Hamburg, Arikatla, and DeArment discloses the consensus protocol is the Reliable, Replicated, Redundant, and Fault-Tolerant (RAFT) consensus protocol (DeArment, paragraph 51, “According to some embodiments, the consensus protocol is based on the known “Raft” consensus protocol. Additional information on the Raft consensus protocol can be found in the paper by Diego Ongaro and John Ousterhout, “In Search of an Understandable Consensus Algorithm (Extended Version),” Stanford University, May 20, 2014. While the Raft consensus protocol is used in some embodiments, other consensus protocols are used in other example embodiments. For example, another possible consensus protocol that can be used is the “Paxos” consensus protocol. Additional information on the Paxos consensus protocol can be found in the paper by Leslie Lamport, “The part-time parliament,” ACM Transactions on Computer Systems, 16(2):133-169, May 1998.”).
Referring to claim 5, Lin, Hamburg, Arikatla, and DeArment discloses the consensus protocol is the Paxos consensus protocol (DeArment, paragraph 51, “According to some embodiments, the consensus protocol is based on the known “Raft” consensus protocol. Additional information on the Raft consensus protocol can be found in the paper by Diego Ongaro and John Ousterhout, “In Search of an Understandable Consensus Algorithm (Extended Version),” Stanford University, May 20, 2014. While the Raft consensus protocol is used in some embodiments, other consensus protocols are used in other example embodiments. For example, another possible consensus protocol that can be used is the “Paxos” consensus protocol. Additional information on the Paxos consensus protocol can be found in the paper by Leslie Lamport, “The part-time parliament,” ACM Transactions on Computer Systems, 16(2):133-169, May 1998.”).Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Hamburg, Arikatla, and “Hardware Security Module” by Wikipedia. 	Referring to claim 18, see rejection of claims 1 and 2 above.

Allowable Subject Matter
Claims 6-9, 11, 14-17, 19, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Referring to claim 6, the prior art does not teach or fairly suggest  the first computing device is to: receive, in the session, a first message from the endpoint device; determine the context information of the session based on at least some information in the first message; use a consensus protocol to replicate the context information of the session with at least the second computing device; and send, in the session, a second message to the endpoint device, in the scope and context of claim 1, further pending resolution of 112 rejection above.
Referring to claims 7-9, the prior art does not teach or fairly suggest the first computing device is to: receive, in the session, a first message from the endpoint device; perform a first operation in connection with the first message to obtain a first result; generate a response with the first result; use a consensus protocol to replicate the context information of the session with at least the second computing device, wherein the context information comprises the first result; and send, in the session, a second message to the endpoint device, the second message comprising the response, in the scope and context of claim 1, further pending resolution of 112 rejection above.
Referring to claim 11, the prior art does not teach or fairly suggest the second computing device is to: detect that the first computing device has failed; initiate a leader election to elect a new leader of the provisioning cluster; change from the follower to the new leader; and send a first identifier and a first address of the first computing device to the endpoint device; and the second computing device is to send a second identifier and a second address of the second computing device to the endpoint device, responsive to the second computing device changing from the follower to the new leader, in the scope and context of claim 1, further pending resolution of 112 rejection above.
Referring to claims 14-17, 19, and 20, see claims 7-9, 11 above, in the context of claims 12 and 18.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See notice of references cited.
US20070038887, see paragraph 58.
US20200028683, see paragraph 12.
US7266715, see abstract.
US9141814, see abstract.
US20090037998, see abstract.
US20090193288, see abstract.
US20200034048, see abstract.




Any inquiry concerning this communication or earlier communications from the examiner should be directed to GABRIEL L CHU whose telephone number is (571)272-3656. The examiner can normally be reached weekdays 8 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matt Kim can be reached on (571)272-4182. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GABRIEL CHU/               Primary Examiner, Art Unit 2114