DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The amendment filed 10/13/2022 has been entered. Claims 1-2, 4-5, 7, 9-11, 13-14, 16, 18-20 are currently amended. Claims 1-20 are pending in the application.
The objection of claims 2, 4-5, 7, 9, 11, 13-14, 16, 18-20 due to informalities has been withdrawn in light of applicant’s amendment to the claims. 
Response to Arguments
The Applicant's argument, see pages 9-16 of the Remarks filed on 10/13/2022 with respect to claim rejection under 35 USC 103 over prior arts of records have been fully considered but asserted not persuasive due to following reason. 
Examiner acknowledges applicant amended claim 1 (similarly for claims 10, 19) by replacing “traffic” with “a communication path”. Applicant’s argument can be understood to suggest Harriman does not teach the “blocking” action as recited in claim 1, especially a communication path. Therefore, applicant concluded that the combination of Sathyanarayana and Harriman does not teach all the features of amended claim 1, similarly for claim 10. Examiner acknowledged applicant’s perspective however respectively disagrees.
Sathyanarayana reference is used to teach the main concept of the claimed invention, by authenticating endpoint device and based on the result of authentication, performing action of either registering the endpoint device (for internal bus) or logging the endpoint device as unmanageable. Logging as unmanageable may mean that the endpoint device will not be owned by the bus controller in the internal bus (i.e. communication link or path). Harriman further suggests that controlling access request to first data from communication device (i.e. endpoint) over link (i.e. communication path) is based on an authentication state of the communication device and a protection state of the link, see para. [129]. Para. [130] and [137] further provide examples of blocking, denying the access from the communication device to the first data when the condition of protection state is not satisfied. In another words, what is needed from Harriman’s teachings is the blocking action that Sathyanarayana does not specifically teaches. 
Above discussion regarding claim 1 also applies to claim 19 which recites limitations similarly to claim 1 but with more features.
Applicant’s further argument regarding dependent claims are also not persuasive since the argument is based on assumption that their respective independent claims are allowable. 
Therefore, the claim rejection under 35 USC 103 is maintained. Applicant is suggested to further incorporate innovative features into independent claims to advance the case.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 10 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana et al (US10242176B1, hereinafter, “Sathyanarayana”), in view of Harriman et al (US20190220617A1, hereinafter, “Harriman”).
Regarding claim 1, Sathyanarayana teaches:
A computer-implemented method (Sathyanarayana, discloses method of authenticating PCI endpoints by BMC over internal bus for controlling access communication, see [Abstract] and [Title]) comprising: 
authenticating, by a controller, an endpoint discovered during an endpoint discovery process [within a rack server system] (Sathyanarayana, referring to Fig. 6 which shows operations of a challenge-response authentication mechanism between a controller and an endpoint, [Col. 7 lines 4-11] With reference to FIG. 6, there is an illustration of communications 600 between BMC 120 (i.e. controller) and an endpoint device 150 as representative of any the endpoint devices shown in FIG. 1, according to an embodiment... Initially, at 610, BMC 120 initiates a discovery of endpoint device 150 by transmitting a challenge request message to endpoint device 150. Also referring to Fig. 12, [Col. 10 lines 51-56] At 1230, BMC 120 attempts to authenticate the endpoint device based on the computational value included in the response to the discovery message. At 1240, BMC 120 determines whether endpoint device was successfully authenticated, and, if so, operations proceed to 1260); 
monitoring, the rack server system by the controller, for a response from the endpoint (Sathyanarayana, Fig. 6 steps 630-640, [Col. 7 lines 17-19] At 630, endpoint device 150 sends a challenge response message including the generated computational value to BMC 120. At 640, BMC 120 receives (i.e. monitoring) the challenge response message from endpoint device 120…); 
and based at least in part on one of (i) no response being received or (ii) receiving the response and content of the response, [blocking], by the controller, a communication path for the endpoint (Sathyanarayana, referring to the teachings of challenge response message including the generated computational value shown above, where the value is content of the response. Also see e.g. fig. 12 step 1250, and [Col. 10 lines 56-58] Otherwise, at 1250, BMC 120 sends a failure message to endpoint device and logs endpoint device as being unmanageable) (see below Harriman’s teachings of blocking access to first data in a link).  
	Sathyanarayana teaches the main concept of authenticating endpoints with BMC controller based on computational value but does not explicitly teach within a rack server system and teaches logs endpoint devices as unmanageable but does not explicitly teach blocking the communication path for the endpoint, Harriman in the same field of endeavor teaches:
[authenticating, by a controller, an endpoint discovered during an endpoint discovery process] (see Sathyanarayana shown above) within a rack server system (Harriman, discloses control access to data based on authentication sate of communication device and protection state of link, see [Abstract]. And [0095] In another example, the devices may communicate within a server computing system (e.g., a rack server, …)), 
blocking, by the controller, a communication path for the endpoint (Harriman, referring to Fig. 9, and [0092] 904 includes receiving a request for the first data from a communication device (e.g., any suitable computing device operable to communicate data with another computing device) over a link (i.e. communication path) established with a communication device. 906 includes controlling access to the first data to the communication device based on an authentication state of the communication device (i.e. endpoint) and a protection state of the link. And [0130] Example 2 may include the subject matter of example 1, wherein the access control engine is to block access to the first data to the communication device responsive to a determination that the protection state of the link indicates that one or more of confidentiality, replay, and integrity protections are not enabled for the link). Examiner notes: controlling access of the communication device includes blocking the access of the communication device over the link.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Harriman in the controlled access communication between BMC and endpoints of Sathyanarayana by blocking link to endpoints based on authentication state of communication device and protection state of the link. This would have been obvious because the person having ordinary skill in the art would have been motivated to protect confidentiality, replay and integrity of the communication link and data (Harriman, [Abstract], [0048], [0130]).

Regarding claim 10, claim 10 is a computer-readable media claim that encompasses limitations that are similar to those of computer-implemented method claim 1. Therefore, claim 10 is rejected with the same rationale and motivation as applied against claim 1. In addition, Sathyanarayana teaches one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform actions (Sathyanarayana, discloses method of authenticating PCI endpoints by BMC over internal bus for controlling access communication, see [Abstract] and [Title]. And see Fig. 2, Processor 210, memory 220 may include one or more tangible (non-transitory) computer readable storage media).

Claims 2, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana-Harriman as applied above to claim 1, 10 respectively, further in view of Belz et al (US20100115592A1, hereinafter, “Belz”).
Regarding claim 2, similarly claim 11, Sathyanarayana-Harriman combination teaches the computer-implemented method of claim 1, the one or more non-transitory computer-readable media of claim 10, 
Sathyanarayana  further teaches: wherein the monitoring is based at least in part on a first request sent by the controller to the endpoint in response to a user action (Sathyanarayana, [Col. 3 lines 11-16] According to an embodiment, host processor 140 may receive, via interface 170, one or more commands (i.e. user action) and/or data issued from BMC 120 and forward, via interface 142, the one or more commands and/or data to one or more endpoints 150(1)-150(N) over bus 160(N)) and the method further comprises: 
While the combination of Sathyanarayana-Harriman does not specifically teach the following limitation(s), in the same field of endeavor Belz teaches:
based at least in part on no response to the first request being received after a predetermined amount of time, sending, by the controller, a second request to the endpoint in response to the user action (Belt, discloses control access to multimedia content with authentication request-response to communicating devices, see [Abstract]. And [0032] In particular embodiments, the set top box 202 (i.e. controller) transmits a second authorization-request message 272 via the network 230 to a second destination address when a predetermined amount of time has elapsed after transmitting the first authorization-request message 272 to the first destination address without receiving a response message 274 from the first destination address), 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Belz in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman by transmitting a second authorization request if control device do not receive response to the first authorization request within a predetermined amount of time. This would have been obvious because the person having ordinary skill in the art would have been motivated to repeat the authentication request after the predetermined amount of time (Belz, [Abstract], [0032]);
The combination of Sathyanarayana-Harriman-Belt further teaches: wherein the blocking, by the controller, the communication path for the endpoint is further based at least in part on no response to the second request being received by the controller (Sathyanarayana-Harriman-Belt, the blocking of traffic in response to first request shown above for claim 1 can also apply to the second request).  

Claims 3-4, 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana-Harriman-Belz, further in view of Lee et al (US20060146862A1, hereinafter, “Lee”).
Regarding claim 3, similarly claim 12, Sathyanarayana-Harriman-Belz combination teaches the computer-implemented method of claim 2, the one or more non-transitory computer-readable media of claim 11, 
Belz further teaches: wherein the predetermined amount of time is [in a range of 3 to 7 seconds] (Belz, [0021] The predetermined amount of time may be a few seconds or…); 
While the combination of Sathyanarayana-Harriman-Belz teaches the predetermined amount of time may be a few seconds but does not specifically teach the time is in a range of 3 to 7 seconds, in the similar field of endeavor Lee teaches:
wherein the predetermined amount of time is in a range of 3 to 7 seconds (Lee, discloses method for effectively establishing packet data protocol context of a mobile terminal by setting a response time period, [Abstract]. And [0008] If the predetermined response time lapses without receiving the authentication message, the mobile terminal 10 re-transmits the request message for requesting activation of the PDP context. And [0027] when the mobile terminal 10 determines the maximum number of transmissions for re-requesting the activation of the PDP context is set at five times, the mobile terminal 10 can set the amount of time that must be waited for a re-request message (waiting response time period) as 30 seconds for a first re-request message, as 20 seconds for a second re-request message, as 10 seconds for a third re-request message, as 5 seconds for a fourth re-request message, …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman-Belz by specifying the predetermined amount of time of lapsed time being 5 seconds. This would have been obvious because the person having ordinary skill in the art would have been motivated to control the amount of time period that must be waited before another re-request message can be transmitted (Lee, [Abstract], [0026-0027]).

Regarding claim 4, similarly claim 13, Sathyanarayana-Harriman-Belz combination teaches the computer-implemented method of claim 2, the one or more non-transitory computer-readable media of claim 11,
While the combination of Sathyanarayana-Harriman-Belz does not specifically teach the following limitation(s), in the similar field of endeavor Lee teaches:
further comprising: based at least in part on no response being received to the second request after the predetermined amount of time, sending, by the controller, a third request to the endpoint in response to the user action (Lee, discloses method for effectively establishing packet data protocol context of a mobile terminal by setting a response time period, [Abstract]. And [0008] If the predetermined response time lapses without receiving the authentication message, the mobile terminal 10 re-transmits the request message for requesting activation of the PDP context. And [0027] when the mobile terminal 10 determines the maximum number of transmissions for re-requesting the activation of the PDP context is set at five times, the mobile terminal 10 can set the amount of time that must be waited for a re-request message (waiting response time period) as 30 seconds for a first re-request message, as 20 seconds for a second re-request message, as 10 seconds for a third re-request message,…), 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman-Belz by re-transmitting request message multiple times such as five times. This would have been obvious because the person having ordinary skill in the art would have been motivated to control the maximum number of transmissions for re-requesting for effectively establishing mobile communication (Lee, [Abstract], [0026-0027]).
The combination of Sathyanarayana-Harriman-Belt further teaches: wherein the blocking, by the controller, the communication path for the endpoint is further based at least in part on no response to the third request being received by the controller (Sathyanarayana-Harriman-Belt, It is obvious to one ordinary skilled in the art that the teachings of Sathyanarayana-Harriman-Belz for blocking the traffic in response to the second response as shown above to claim 2 can apply similarly to the third request).  

Claims 5, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana-Harriman as applied above to claim 1, 10 respectively, further in view of Ward et al (US20160207323A1, hereinafter, “Ward”).
Regarding claim 5, similarly claim 14, Sathyanarayana-Harriman combination teaches the computer-implemented method of claim 1, the one or more non-transitory computer-readable media of claim 10, 
Harriman further teaches: wherein the monitoring is based at least in part on a first request for one or more measurements sent by the controller to the endpoint and the method further comprises:24Atty Docket No. C237-0164US Client Docket No. 1028375-US.01receiving the response from the endpoint, wherein the content of the response comprises values related to the one or more measurements (Harriman, [0089] FIG. 8 illustrates a flow for device authentication in accordance with certain embodiments. A second device 805 (which may have any characteristics of second device 502B or 704), such as a PCIe device, may be connected to a first device 810 (which may have any characteristics of first device 502A or 704) (e.g., via a port). Before granting access to certain host resources (e.g., data 508), the first device may first utilize an authentication architecture to ensure that the second device is of a particular type, from a particular manufacture, has particular characteristics, is certified, endorsed, or owned by a particular organization, …, the first device 810 can query the second device 805's firmware version through a firmware measurement); 
While the combination of Sathyanarayana-Harriman does not specifically teach the following limitation(s), in the similar field of endeavor Ward teaches:
and comparing, by the controller, the values related to the one or more measurements with stored values stored in a table at the controller (Ward, discloses timing challenge and authentication of cartridge by providing response, [Abstract]. And [0024] the authentication algorithm 126 determines correct or expected values for the challenge response 130 by issuing the cryptographic timing challenge 128 to dedicated reference logic 136 (i.e. table in the controller) on the host device controller 106… In response to the timing challenge 128, the reference logic 136 completes the challenge and provides a reference response in a reference time… If the challenge response 130 matches the reference response and the challenge response time 131 falls within the reference response time window, the algorithm 126 determines that the supply device 104 is an authentic device), 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Ward in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman by using authentication algorithm with matching reference response within time window. This would have been obvious because the person having ordinary skill in the art would have been motivated to determine the supply device being an authentic device (Ward, [Abstract], [0024]).
Harriman further teaches: wherein the blocking, by the controller, the communication path for the endpoint is based at least in part on one or more values related to the one or more measurements not matching corresponding stored values stored in the table (Harriman, [0089] device firmware measurement may be utilized in connection with device authentication to enable the trustworthiness of the device authentication. And [0130] Example 2 may include the subject matter of example 1, wherein the access control engine is to block access to the first data to the communication device responsive to a determination that the protection state of the link indicates that one or more of confidentiality, replay, and integrity protections are not enabled for the link.).  

Claims 6, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana-Harriman-Ward as applied above to claim 5, 14 respectively, further in view of Bartok et al (US20140317409A1, hereinafter, “Bartok”).
Regarding claim 6, similarly claim 15, Sathyanarayana-Harriman-Ward combination teaches the computer-implemented method of claim 5, the one or more non-transitory computer-readable media of claim 14,
While the combination of Sathyanarayana-Harriman-Ward does not specifically teach the following limitation(s), in the same field of endeavor Bartok teaches:
further comprising: generating, by the controller, the table during the endpoint discovery process (Bartok, discloses managing cryptographic keys and trust relationship in SSH environment by mapping server, etc. see [Abstract]. And [0073] The host computer 570, on which the system is implemented, first discovers and identifies the servers (i.e. endpoint) and generates a server table 580 (i.e. the table) that includes the identity 585 of each server and the identity and the type of key found 590. In the example, two SSH servers have been discovered, identified as System1 and System3 and Server Public Keys 1S and 3S stored for subsequent reference).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Bartok in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman-Ward by generating a server table including identity of each server. This would have been obvious because the person having ordinary skill in the art would have been motivated to enable effective management of SSH keys by mapping servers with server table (Bartok, [Abstract], [0073]).

Claims 7, 9, 16, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana-Harriman-Ward as applied above, further in view of Belz et al (US20100115592A1, hereinafter, “Belz”).
Regarding claim 7, similarly claim 16, Sathyanarayana-Harriman-Ward combination teaches the computer-implemented method of claim 5, the one or more non-transitory computer-readable media of claim 14, 
The combination of Sathyanarayana-Harriman-Ward further teaches: wherein the response is a first response, the one or more values are one or more first values, and the method further comprises: based at least in part on the one or more first values related to the one or more measurements not matching corresponding stored values stored in the table, sending, by the controller, [a second request to the endpoint] for the one or more measurements after a predetermined amount of time; [receiving a second response from the endpoint], wherein content of the second response comprises second values related to the one or more measurements; and comparing, by the controller, the second values related to the one or more measurements with the stored values stored in the table, wherein the blocking, by the controller, the communication path for the endpoint is based at least in part on one or more second values related to the one or more measurements not matching corresponding stored values stored in the table (See the teachings of Harriman and Ward for comparing first, second value related to measurement as applied to claim 5 above and combination of Sathyanarayana, Harriman for blocking traffic to endpoints as applied to claim 1). (See Belt below for teaching of second request to the endpoint)
The combination of Sathyanarayana-Harriman-Ward does not specifically teach the second request based on first response does not meet request within predetermined time, in the same field of endeavor Belz teaches:
a second request to the endpoint (Belt, discloses control access to multimedia content with authentication request-response to communicating devices, see [Abstract]. And [0032] the set top box 202 (i.e. controller) transmits a second authorization-request message 272 via the network 230 to a second destination address when a predetermined amount of time has elapsed after transmitting the first authorization-request message 272 to the first destination address without receiving a response message 274 from the first destination address), 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Belz in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman-Ward by transmitting a second authorization request if control device do not receive response to the first authorization request within a predetermined amount of time. This would have been obvious because the person having ordinary skill in the art would have been motivated to repeat the authentication request after the predetermined amount of time (Belz, [Abstract], [0032]).

Regarding claim 9, similarly claim 18, Sathyanarayana-Harriman-Ward-Belz combination teaches the computer-implemented method of claim 7, the one or more non-transitory computer-readable media of claim 16,
The combination of Sathyanarayana-Harriman-Ward-Belz further teaches: further comprising: based at least in part on the one or more second values related to the one or more measurements not matching corresponding stored values stored in the table, sending, by the controller, a third request to the endpoint for the one or more measurements after the predetermined amount of time;25Atty Docket No. C237-0164US Client Docket No. 1028375-US.01receiving a third response from the endpoint, wherein content of the third response comprises third values related to the one or more measurements: and comparing, by the controller, the third values related to the one or more measurements with the stored values stored in the table, wherein the blocking, by the controller, the communication path for the endpoint is based at least in part on one or more third values related to the one or more measurements not matching corresponding stored values stored in the table (Sathyanarayana-Harriman-Ward-Belz, It is obvious to one ordinary skilled in the art that the teachings of Sathyanarayana-Harriman-Ward-Belz for blocking the traffic in response to the second response can apply similarly to the third response with third values related to measurement).  

Claims 8, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana-Harriman-Ward-Belz as applied above to claim 7, 16 respectively, further in view of Lee et al (US20060146862A1, hereinafter, “Lee”).
Regarding claim 8, similarly claim 17, Sathyanarayana-Harriman-Ward-Belz combination teaches the computer-implemented method of claim 7, the one or more non-transitory computer-readable media of claim 16, 
While the combination of Sathyanarayana-Harriman-Ward-Belz does not specifically teach the time is in a range of 3 to 7 seconds, in the similar field of endeavor Lee teaches:
wherein the predetermined amount of time is in a range of 3 to 7 seconds (Lee, discloses method for effectively establishing packet data protocol context of a mobile terminal by setting a response time period, [Abstract]. And [0008] If the predetermined response time lapses without receiving the authentication message, the mobile terminal 10 re-transmits the request message for requesting activation of the PDP context. And [0027] when the mobile terminal 10 determines the maximum number of transmissions for re-requesting the activation of the PDP context is set at five times, the mobile terminal 10 can set the amount of time that must be waited for a re-request message (waiting response time period) as 30 seconds for a first re-request message, as 20 seconds for a second re-request message, as 10 seconds for a third re-request message, as 5 seconds for a fourth re-request message, …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman-Ward-Belz by specifying the predetermined amount of time of lapsed time being 5 seconds. This would have been obvious because the person having ordinary skill in the art would have been motivated to control the amount of time period that must be waited before another re-request message can be transmitted (Lee, [Abstract], [0026-0027]).  

Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sathyanarayana et al (US10242176B1, hereinafter, “Sathyanarayana”), in view of Harriman et al (US20190220617A1, hereinafter, “Harriman”), further in view of Belz et al (US20100115592A1, hereinafter, “Belz”) and Lee et al (US20060146862A1, hereinafter, “Lee”).
Regarding claim 19, Sathyanarayana teaches:
A computer-implemented method (Sathyanarayana, discloses method of authenticating PCI endpoints by BMC over internal bus for controlling access communication, see [Abstract] and [Title]) comprising: 
authenticating, by a controller, an endpoint discovered during an endpoint discovery process [within a rack server system] (Sathyanarayana, referring to Fig. 6 which shows operations of a challenge-response authentication mechanism between a controller and an endpoint, [Col. 7 lines 4-11] With reference to FIG. 6, there is an illustration of communications 600 between BMC 120 and an endpoint device 150 as representative of any the endpoint devices shown in FIG. 1, according to an embodiment... Initially, at 610, BMC 120 initiates a discovery of endpoint device 150 by transmitting a challenge request message to endpoint device 150. Also referring to Fig. 12, [Col. 10 lines 51-56] At 1230, BMC 120 attempts to authenticate the endpoint device based on the computational value included in the response to the discovery message. At 1240, BMC 120 determines whether endpoint device was successfully authenticated, and, if so, operations proceed to 1260); 
based at least in part on a first request sent by the controller to the endpoint in response to a user action, monitoring, the rack server system by the controller, for a response from the endpoint (Sathyanarayana, [Col. 3 lines 11-16] host processor 140 may receive, via interface 170, one or more commands and/or data issued from BMC 120 and forward, via interface 142, the one or more commands and/or data to one or more endpoints 150(1)-150(N) over bus 160(N). Also Fig. 6 step 630, [Col. 7 lines 17-19] At 630, endpoint device 150 sends a challenge response message including the generated computational value to BMC 120); 
based at least in part on one of (i) no response being received or (ii) content of the response, [blocking], by the controller, a communication path for the endpoint (Sathyanarayana, see e.g. fig. 12 step 1250, [Col. 10 lines 56-58] Otherwise, at 1250, BMC 120 sends a failure message to endpoint device and logs endpoint device as being unmanageable) (see Harriman’s teachings below for limitation(s) in bracket); 
Sathyanarayana teaches the main concept of authenticating endpoints with BMC controller based on computational value but does not explicitly teach within a rack server system and teaches logs endpoint devices as unmanageable but does not explicitly teach blocking the traffic for endpoint, Harriman in the same field of endeavor teaches:
[authenticating, by a controller, an endpoint discovered during an endpoint discovery process] (see Sathyanarayana shown above for the teachings of limitation in bracket) within a rack server system (Harriman, discloses control access to data based on authentication sate of communication device, see [Abstract]. And [0095] In another example, the devices may communicate within a server computing system (e.g., a rack server, blade server, tower server, rack scale server architecture or other disaggregated server architecture), …), 
blocking, by the controller, a communication path for the endpoint (Harriman, referring to Fig. 9, [0092] 904 includes receiving a request for the first data from a communication device (e.g., any suitable computing device operable to communicate data with another computing device) over a link established with a communication device. 906 includes controlling access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link. And [0130] Example 2 may include the subject matter of example 1, wherein the access control engine is to block access to the first data to the communication device responsive to a determination that the protection state of the link indicates that one or more of confidentiality, replay, and integrity protections are not enabled for the link).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Harriman in the controlled access communication between BMC and endpoints of Sathyanarayana by blocking traffic to endpoints based on authentication state of communication device. This would have been obvious because the person having ordinary skill in the art would have been motivated to protect confidentiality, replay and integrity of the communication link and data (Harriman, [Abstract], [0048], [0130]).
While the combination of Sathyanarayana-Harriman does not specifically teach the following limitation(s), in the same field of endeavor Belz teaches:
and based at least in part on no response to the first request being received after a predetermined amount of time, sending, by the controller, a second request to the endpoint in response to the user action (Belt, discloses control access to multimedia content with authentication request-response to communicating devices, see [Abstract]. And [0032] In particular embodiments, the set top box 202 (i.e. controller) transmits a second authorization-request message 272 via the network 230 to a second destination address when a predetermined amount of time has elapsed after transmitting the first authorization-request message 272 to the first destination address without receiving a response message 274 from the first destination address), 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Belz in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman by transmitting a second authorization request if control device do not receive response to the first authorization request within a predetermined amount of time. This would have been obvious because the person having ordinary skill in the art would have been motivated to repeat the authentication request after the predetermined amount of time (Belz, [Abstract], [0032]).
While the combination of Sathyanarayana-Harriman-Belz teaches the predetermined amount of time may be a few seconds but does not specifically teach the time is in a range of 3 to 7 seconds, in the similar field of endeavor Lee teaches:
wherein the predetermined amount of time is in a range of 3 to 7 seconds (Lee, discloses method for effectively establishing packet data protocol context of a mobile terminal by setting a response time period, [Abstract]. And [0008] If the predetermined response time lapses without receiving the authentication message, the mobile terminal 10 re-transmits the request message for requesting activation of the PDP context. And [0027] when the mobile terminal 10 determines the maximum number of transmissions for re-requesting the activation of the PDP context is set at five times, the mobile terminal 10 can set the amount of time that must be waited for a re-request message (waiting response time period) as 30 seconds for a first re-request message, as 20 seconds for a second re-request message, as 10 seconds for a third re-request message, as 5 seconds for a fourth re-request message, …),
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Lee in the controlled access communication between BMC and endpoints of Sathyanarayana-Harriman-Belz by specifying the predetermined amount of time of lapsed time being 5 seconds. This would have been obvious because the person having ordinary skill in the art would have been motivated to control the amount of time period that must be waited before another re-request message can be transmitted (Lee, [Abstract], [0026-0027]).
The combination of Sathyanarayana-Harriman-Belt further teaches: and wherein the blocking, by the controller, the communication path for the endpoint is further based at least in part on no response to the second request being received by the controller (Sathyanarayana-Harriman-Belt, the blocking of traffic in response to first request shown above can also apply to the second request).  

Regarding claim 20, Sathyanarayana-Harriman-Belz-Lee combination teaches the computer-implemented method of claim 19, 
The combination of Sathyanarayana-Harriman-Belz-Lee further teaches: further comprising: based at least in part on no response being received to the second request after the predetermined amount of time, sending, by the controller, a third request to the endpoint in response to the user action, wherein the blocking, by the controller, the communication path for the endpoint is further based at least in part on no response to the third request being received by the controller (Sathyanarayana-Harriman-Belz-Lee, It is obvious to one ordinary skilled in the art that the teachings of Sathyanarayana-Harriman-Belz-Lee for blocking the traffic in response to the second response as shown above to claim 19 can apply similarly to the third request).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Jreij et al (US20200137079A1) discloses methods and systems for detecting rogue endpoints on a device management bus with a communications controller initiating discovery of managed devices coupled to the bus.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436  
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436