DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office Action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on November 15, 2022 has been entered. 
 
 3.	Applicant’s response filed on November 15, 2022 have been considered.  Claims 1-3, 5, 10, 13-14, 17, and 20 have been amended.  Claims 1-20 are pending.

Claim Rejections - 35 USC § 112
4.	Claims 10-16 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Referring to claims 10-16:
		The amended claim 10 recites:
		“A system comprising: 
            a computing cluster having one or more processors and a cluster manager; and 
             a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
           receive, at a remote access controller of the system, a request from a new node to join the computing cluster, wherein the remote access controller is external to the new node and the cluster manager; 
                       verify that a new node identifier (ID) sent by the new node matches an ID stored in a white list of the cluster manager, wherein the new node ID comprises a node serial number; 
             when the new node ID match the ID stored in the white list, add the new node to a trust store of the cluster manager; and, 
               send, by the remote access controller of the system, a server certificate to the new node when a cluster manager serial number of the cluster manager is validated at the new node.”
		(i)  Claim 10 recites a receiving step, a verifying step, an adding step, and a sending step.  Claim 10 further specifies that the remote access controller performs the receiving step, and the sending step. However, Claim 10 is not clear as to which entity performs the verifying step, and the adding step. Further clarification is needed.
		(ii) Claim 10 recites “send, by the remote access controller of the system, a server certificate to the new node when a cluster manager serial number of the cluster manager is validated at the new node”.
		Therefore, according claim 10, the server certificate is being sent to the new node, by the remote access controller of the system, when a cluster manager serial number is validated at the new node.
		However, specification, [0026] discloses:
		“The appliance application then requests a server certificate from the iSM. The iSM sends a request for iDRAC certificate to the iDRAC. The iDRAC forwards the iDRAC certificate to iSM and iSM relays the certificate to the application on the new node.”. 
            Figure 4 of the application further illustrates the process of sending the server certificate, by the remote access controller of the system, to the new node.
		Therefore, according the specification, the server certificate is being sent to the new node, by the remote access controller of the system, when the new node sends a request for a server certificate to the remote access controller of the system.  However, the specification does not disclose that the server certificate is being sent to the new node, by the remote access controller of the system, when a cluster manager serial number is validated at the new node.
	Thus, claim 10 is rejected for failing to comply with the written description requirement.
	Claims 11-16 are dependent from claim 10, and are therefore rejected based on the same rationale. 

Claim Rejections - 35 USC § 103

5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-6, 8-14, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Giassa et al. (U.S. 2021/0136147 A1), hereinafter “Giassa”, in view of Innes et al. (U.S. 2018/0007059 A1), hereinafter “Innes”, further in view of Hunt et al. (U.S. 2005/0268151 A1), hereinafter “Hunt”.
Referring to claim 1:
	 	Giassa teaches:
                      In a computing cluster comprising a cluster manager and a plurality of nodes, each node comprising a management platform, an application, and a host operating system (OS), a method of mutual authentication for joining a new node to the cluster, comprising (see Giassa, fig. 1, 102 ‘master node [i.e. a cluster manager ]’, 104 ‘cluster controller’, 106 ‘data storage’, 110, 112, 114, 116 [i.e., worker nodes], [0054] ‘a handshake [i.e., mutual authentication for joining a new node to the cluster ] or authentication process’): 
           adding node serial number of the new node to the cluster manager (see Giassa, [0023] ‘user 118 may provide configuration information to cluster node 102’; [0054] ‘as part of a handshake or authentication process, …serial number’); 
           adding an Internet protocol (IP) address of the cluster manager on the new node (see Giassa, fig. 1 disclosing cluster 100 comprising a master node 102, and work node 110, 112, 114, 116; [0045] ‘each service may be assigned a unique IP address (also called clusterIP) [i.e., the IP address of the cluster manager ]’; [0023] ‘User 118 may be any entity… for selecting, viewing, and/or configuring various aspects associated with master node 102 or cluster 100 [i.e., user 118 configures cluster 110, where cluster 110 comprising master node 108, and work nodes 110, 112, 114, 116, where the cluster configuration information comprise the IP address of the cluster manager. ]. For example, user 118 may provide configuration information to master node 102 [i.e., user 118 may provide cluster configuration information to the master node, as well as to the work nodes ]’); 
           authenticating the new node to the cluster manager by: sending a request to join the cluster from the new node to the cluster manager, the request including the node serial number from the new node (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the cluster manager that the node serial number from the new node is valid and, upon verification, adding the new node to a cluster manager trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’; [0081] ‘the new node can be added to the cluster’); 
           authenticating the cluster manager to the new node by: sending from the cluster manager the manager information to the new node (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the new node that the manager information is validated and, upon validation, adding the cluster manager to a node trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding cluster manager to trust store ].’; [0021] ‘repository’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node.
	Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.
However, Giassa does not disclose the whitelist.
           Giassa does not disclose the certificate.
Gisssa does not dsclose adding the IP address of the cluster manager.
		Innes discloses the whitelist (see Innes, [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’).
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process.
		Hunt discloses the certificate (see Hunt, [0102] ‘when the cluster master receives a client's (network device) "join request" message. This "join request" message may include an authentication certificate, or the like, obtained from a valid certificate authority, as well as connectivity information about the sender network device.’; [0103]). 
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Hunt into the system of Giassa to use a certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Hunt’s teaching could enhance the system of Giassa, because Hunt discloses “when the cluster master receives the "join request" message, it validates the sender network device's authentication information by, in part, checking the certificate against a list of valid certificates.” (see Hunt, [0103]).
 Referring to claims 2-3, 18-19:
		Giassa, Innes, and Hunt further disclose:
		wherein sending a request to join the cluster comprises sending a node certificate embedded in the new node, wherein the node certificate includes the node serial number, wherein the node certificate is from the remote access controller upon request (see Gisssa, [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’. And, Hunt, [0102] ‘Authentication certificate... obtained from a valid certificate authority’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Hunt into the system of Giassa to use a certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Hunt’s teaching could enhance the system of Giassa, because Hunt discloses “when the cluster master receives the "join request" message, it validates the sender network device's authentication information by, in part, checking the certificate against a list of valid certificates.” (see Hunt, [0103]).
Referring to claim 4:
		Giassa, Innes, and Hunt further disclose:
		establishing secure communication between the new node and the cluster manager (see Innes, [0162] ‘TLS or SSL’; [0170] ‘secure communications’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use secure communications between the new node and the cluster manager. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because secure communications ensure data security between communications between cluster appliances.
Referring to claims 5, 20:
		Giassa, Innes, and Hunt further disclose:
	wherein establishing secure communication comprises the steps of: 
           a. generating a manager hash at the cluster manager and signing the manager hash using manager private key into a cluster manger digital certificatge (see Giassa, fig. 1, 102 master node, 110 worker node.  And. Innes, [0138] ‘signing…signature… private key… hashing data… digest… signature verification’);
            b. sending the manager digital signature to the new node and at the new node verifying the cluster manger digital signature using manager public key (see Innes, [0137]  ‘public key’; [0138] ‘signing…signature… private key… hashing data… digest… signature verification’); 
            c. generating a node hash at the cluster manager and signing the node hash using node private key into a new node digital signature(see Giassa, fig. 1, 102 master node, 110 worker node.  And. Innes, [0138] ‘signing…signature… private key… hashing data… digest… signature verification’); 
            d. sending the new ode digital signature to the cluster manager and at the cluster manager verifying the new node digital signature using node public key (see Innes, [0137]  ‘public key’; [0138] ‘signing…signature… private key… hashing data… digest… signature verification’).
            It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key for signing, and a corresponding public key for signature verification. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because signature verification can ensure data integrity.
Referring to claim 6:
		Giassa, Innes, and Hunt further disclose:
		sending a request to the cluster manager to sign application certificate (see Giassa, [0059] ‘a worker node 300 may request … from master node 102’. And, Innes, [0138] ‘signing’ ;[0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to sign a service certificate. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because signature verification can ensure data integrity.
Referring to claims 8, 11:
Giassa, Innes, and Hunt further disclose:
		sending a request for cluster manager’s root certificate authority certificate and adding the root certificate authority certificate to a trust store of the new node (see Innes, [0223] ‘root or subordinate root certificates, into a protected data store’; [0228] ‘a certificate authority’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a root certificate authority certificate. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a root certificate authority certificate can enhance security.
Referring to claims 9, 16:
Giassa, Innes, and Hunt further disclose:
		adding the new node to the cluster after signing the application certificate (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding cluster manager to trust store ].’). 
Referring to claim 10:
		Giassa teaches:
		A system comprising: 
           a computing cluster having one or more processors and a cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’); and 
           a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to: 
           receive a request from a new node to join the computing cluster (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); 
           verify that a node identifier (ID) sent by the new node matches a manager ID stored in the cluster manager (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0054] ‘serial number [i.e., ID ]’); 
           when the ID matches, add the new node to trust store of the cluster manager (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0054] ‘serial number [i.e., ID ]’; [0081] ‘the new node can be added to the cluster’); and, 
            send a configuration to the new node (see Giassa, [0057] ‘master node 102 may provide a configuration image… to worker node 300’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node.
            Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.
	However, Giassa does not disclose the whitelist.
Giassa does not disclose the certificate.
	           Innes disclose the whitelist (see Innes, [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’); [0084] ‘Authentication services 558 may use certificates’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers trusted. Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process, and certificates are strong credential which can be used for authentication.
Hunt discloses certificate (see Hunt, [0102] ‘when the cluster master receives a client's (network device) "join request" message. This "join request" message may include an authentication certificate, or the like, obtained from a valid certificate authority, as well as connectivity information about the sender network device.’; [0103]).
            Hunt discloses the certificate (see Hunt, [0102] ‘when the cluster master receives a client's (network device) "join request" message. This "join request" message may include an authentication certificate, or the like, obtained from a valid certificate authority, as well as connectivity information about the sender network device.’; [0103]).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Hunt into the system of Giassa to use the certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Hunt’s teaching could enhance the system of Giassa, because Hunt discloses “when the cluster master receives the "join request" message, it validates the sender network device's authentication information by, in part, checking the certificate against a list of valid certificates.” (see Hunt, [0103]).
 Referring to claim 12:
		Giassa, Innes, and Hunt further disclose: challenge/response protocol (see Innes, [0190] ‘challenge/response credentials’)
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use challenge/response protocol.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because challenge/response protocol is well-known and popular authentication method for client sever architecture.
Referring to claim 13:
	Giassa, Innes, and Hunt further disclose:
          generate a hash of a prior handshake message; sign the hash using manager private key into a manger digital signature; and, send the manager digital signature to the new node (see Giassa, [0025] ‘handshake’. And, Innes, [0138] ‘signing… private key… hashing data’)
          It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key to sign a hash.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a private key to sign a hash can enhance data integrity.
 Referring to claim 14:
	Giassa, Innes, and Hunt further disclose:
	verifying the node digital signature with public key (see Innes, [0138] ‘signing… private key… hashing data’; [0216] ‘a public key PKCS7 authentication’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a private key to sign a hash.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a private key to sign a hash can enhance data integrity.
Referring to claim 17:
		Giassa teaches:
	A computer program product comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein to be executed by one or more processors, the program code operating in a computing cluster and including instructions to (see Giassa, fig. 1, 102 ‘master node’, 104 ‘cluster controller’, 106 ‘data storage’, 110, 112, 114, 116 [i.e., worker nodes], [0054] ‘a handshake or authentication process [i.e., mutual authentication for joining a new node to the cluster ]’): 
          authenticating a new node to a cluster manager by: 
          sending a request to join the computing cluster from the new node to the cluster manager, the request including a node serial number (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
           verifying at the cluster manager that the node serial number is valid and, upon validation, adding the new node to a cluster manager trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’; [0081] ‘the new node can be added to the cluster’); 
           authenticating the cluster manager to the new node by: 
           sending from the cluster manager the manager information to the new node (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication [i.e., where handshake and authentication indicates that it’s a mutual authentication between cluster manager and the new node ] process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’); and, 
            verifying at the new node that the manager information is validated and, upon validation, adding the cluster manager to a node trust store (see Giassa, [0025] ‘an authentication [i.e., verifying ]  process (e.g., a handshake process) between master node 102 and each of worker nodes 110-116 may be performed, e.g., when cabled to or otherwise connected to master node 102 and prior to being configured for cluster 100 [i.e., adding new node to trust store ].’; [0021] ‘repository’).
           However, Giassa does not explicitly disclose sending the cluster manager serial number to the new node. 
	Giassa discloses the handshake between the new node and the cluster manager, and discloses or suggests authenticating the new node by sending the node serial number to the cluster manager (see Giassa, fig. 1, 102 ‘master node’, 110 ‘worker node’; [0054] ‘In step 303, e.g., as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.’).  
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Giassa into the system of Giassa to send cluster manager serial number to the new node for authentication.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, sending cluster manager serial number to the new node for authenticating the cluster manager would enhance Giassa’s handshake or authentication between the new node and the cluster manager.
However, Giassa does not disclose the whitelist.
Giassa does not disclose the certificate.
		Innes discloses the whitelist (see Innes, [0193] ‘authenticate to the credential mapper 1229, such as using … a device certificate [i.e., a device serial number ].  If it uses a machine level authentication, the credential mapper 1229 may implement a whitelist of machines trusted’); [0084] ‘Authentication services 558 may use certificates’).
		It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Innes into the system of Giassa to use a whitelist of trusted entities, such as a whitelist of serial numbers treusted.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Innes’s teaching could enhance the system of Giassa, because using a whitelist could facilitate authentication process.
            Hunt discloses the certificate (see Hunt, [0102] ‘when the cluster master receives a client's (network device) "join request" message. This "join request" message may include an authentication certificate, or the like, obtained from a valid certificate authority, as well as connectivity information about the sender network device.’; [0103]).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Hunt into the system of Giassa to use the certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Hunt’s teaching could enhance the system of Giassa, because Hunt discloses “when the cluster master receives the "join request" message, it validates the sender network device's authentication information by, in part, checking the certificate against a list of valid certificates.” (see Hunt, [0103]).

7.	Claims 7, and 15  are rejected under 35 U.S.C. 103 as being unpatentable over Giassa et al. (U.S. 2021/0136147 A1), in view of Innes et al. (U.S. 2018/0007059 A1), in view of Hunt et al. (U.S. 2005/0268151 A1), further in view of Pecen et al. (U.S. 2013/0078947 A1), hereinafter “Pecen”.
Referring to claims 7, 15:
		Giassa, Innes, and Hunt further disclose: send a certificate signing request (see Innes, [0200] ‘send a certificate signing request’), root certificate (see Innes, [0223] ‘root or subordinate root certificates’), and the certificate authority (see Innes, [0220] ‘certificate authority’).
		However, they do not disclose an application certificate. 
		Pecen disclose the application certificate (see Pecen, [0031] ‘the cryptographic certificate can be used to sign the mobile device application…root certificate authority’; [0156] ‘Prior to receiving the authentication request a digital certificate that includes the application identifier is generated [i.e., creating a certificate signing request ].’)
            It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Pecen into the system of Giassa to sign an application certificate.  Giassa teaches a system “for self-replicating cluster appliances” (see Giassa, [0005]), where a handshake or authentication between a new node and cluster manager is performed via verifying the new node serial number.  Therefore, Pecen’s teaching could enhance the system of Giassa, because “integrity of the mobile device application can be verified” (see Pecen, [0031]).

Response to Arguments
8.	Applicant's arguments filed on November 15, 2022 have been fully considered. Independent claims have been amended to include new limitations. However, upon further consideration, a new grounds of rejection is being made in view of Hunt.  
         Applicant’s arguments related to the new limitations are moot due to the new grounds of rejection.
 (a)	Applicant submits:
 “Furthermore, Giassa fails to disclose or suggest “verifying at the new node that the cluster manager serial number sent from the cluster manager matches the cluster manager serial number added with the IP address, and, upon verification, adding the cluster manager to a node trust store.”” (see page 10, last par.)
Examiner maintains:
Giassa discloses: 
fig. 1 disclosing cluster 100 comprising a master node 102, and work node 110, 112, 114, 116; 
 [0045] ‘each service may be assigned a unique IP address (also called clusterIP) [i.e., the IP address of the cluster manager ]’;
[0023] ‘User 118 may be any entity… for selecting, viewing, and/or configuring various aspects associated with master node 102 or cluster 100 [i.e., user 118 configures cluster 110, where cluster 110 comprising master node 108, and work nodes 110, 112, 114, 116, where the cluster configuration information comprise the IP address of the cluster manager. ]. For example, user 118 may provide configuration information to master node 102 [i.e., user 118 may provide cluster configuration information to the master node, as well as to the work nodes ]’; 
   [0054] “as part of a handshake or authentication process, master node 102 may request node information (e.g., hardware component, system IDs and/or serial numbers, etc.) from worker node 300.”.
 Therefore, Giassa discloses or suggests:
 (i) each cluster manger is assigned a unique IP address;
 (ii) the user may configure the cluster, which comprises a cluster manager and work nodes, and provide the cluster configuration information to the cluster manager, as well as to the work nodes in the cluster, wherein the cluster configuration information comprises the IP address of the cluster manager;
 (iii) The cluster manger and the work node perform a handshake process (mutual authentication), wherein the cluster manager sends the cluster manager serial number to the work node, wherein the work node verifies the cluster manager serial number via the cluster configuration information, thereby authenticating the cluster manager. 
Therefore, the reference discloses or suggests “verifying at the new node that the cluster manager serial number sent from the cluster manager matches the cluster manager serial number added with the IP address, and, upon verification, adding the cluster manager to a node trust store.” 
(b)	Applicant submits:
“In view of the above, Giassa and Innes do not teach or suggest “wherein the request is associated with a certificate from a remote access controller external to the new node and the cluster manager” and “verifying at the new node that the cluster manager serial number sent from the cluster manager matches the cluster manager serial number added with the IP address, and, upon verification, adding the cluster manager to a node trust store” as recited in claim 1 (emphasis added).” (see page 11, last par.)
Examiner maintains:
The first argument related to the new limitations, and is therefore moot due to the new grounds of rejection.
The reference discloses or suggests “verifying at the new node that the cluster manager serial number sent from the cluster manager matches the cluster manager serial number added with the IP address, and, upon verification, adding the cluster manager to a node trust store.” (see (a) above).

Conclusion

9.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	DAIDONE; Roberta et al. (US 20180367521 A1) disclose a method and apparatus for trust based authentication in sdn clustering;
(b)	Matthews; Oliver (US 20160344717 A1) disclose communicating between a cluster and a node external to the cluster;
(c)	KNOTWELL; Bradley P. et al. (US 20210058388 A1) disclose dedicated network authentication and allocation for dedicated virtual machine host clusters;
(d)	DANILCHENKO; Victor et al. (US 20210250415 A1) disclose distributed standards registry for cloud computing environments;
(e)	Vadapalli; Ravi Kumar et al. (US 20200162330 A1) disclose extending center cluster membership to additional compute resources;
(f)	Everhart; Craig Fulmer et al. (US 20140082365 A1) disclose group management of authenticated entities;
 
 10.      Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                                        




/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492