Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/31/2018 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 900 is missing.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
The disclosure is objected to because of the following informalities:
to someone else to use, further exacerbating the opportunity for security vulnerabilities.”
Section [0025] recites “Moreover, the implementation of the firmware security profiling operation on the information handling system 100 improves the functionality of the information handling system 100 and provides a useful and concrete result of improving the identification of malware and other security vulnerabilities in when performing firmware security profiling operations.” And should recite “Moreover, the implementation of the firmware security profiling operation on the information handling system 100 improves the functionality of the information handling system 100 and provides a useful and concrete result of improving the identification of malware and other security vulnerabilities  when performing firmware security profiling operations.” 
Section [0037] recites “In certain embodiments, the data the trusted service processor 222 may provide to a node may include firmware source code, compiled firmware code, firmware update code, or a combination thereof.”  And should recite “In certain embodiments, the data the trusted service processor 232 may provide to a node may include firmware source code, compiled firmware code, firmware update code, or a combination thereof.”
Section [0038] recites “In certain embodiments, the trusted host 222 may include a host operating system (OS) scanner 304,” and should recite “In certain embodiments, the trusted host 222 may include a host operating system (OS) security scanner 304,”
Section [0060] recites “In these embodiments, the determination of whether to run the security scanner 702 application within the OS of the trusted host 22,”  It should recite “In these embodiments, 222,”  
Appropriate correction is required.

Claim Objections
Claims 3, 4 and 9 are objected to because of the following informalities:  The claims appear to be missing periods at the end.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 7 and 13 recite “the information handling system”. There is insufficient antecedent basis for this limitation in the claims.
Claim 1 recites the limitation "the information handling system" in line 8.  Claim 7 recites the limitation "the information handling system" in line 14.  Claim 13 recites the limitation "the information handling system" in line 9.
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

Claims 1-3, 6, 7-9, 12, 13-15 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hu (2016/0267267) in view of Repasi (2007/0277241) in view of Nachenberg (2004/0083366).

Regarding claim 1, Hu teaches 
a computer-implementable method for performing a security vulnerability detection operation, comprising:  
configuring a … security profiling environment (Hu, [0023] an application installation interface function in the package management service will be called, in the present embodiment, by modifying the specific implementation flow in the existing application installation interface function, the application can be performed virus scan before executing installation operation for the application, so as to avoid an application carrying a virus to be installed in a terminal equipment.)
receiving a … update file via the … processor;  (Hu, [0021] In FIG. 1, in S100, when an Android operating system needs to install an application, identification information of the application that needs to be installed is transmitted from a framework layer to an application layer.)
using the … security detection operation to identify a security vulnerability within the … update file; and,  (Hu, [0029] In S110, at the application layer, a virus scanner application is activated on the basis of the identification information of the application to allow the virus scanner application to run virus scan on the application that needs to be installed. 
[0030] Specifically, at the application layer, the application installation listening interface function can provide the identification information of the application to the virus scanner application in the terminal equipment (the virus scanner application can also be referred to as the security management application such as the existing virus killing application) and trigger the virus scanner 
installing the  … update file to the information handling system only when no security vulnerability is identified…  the installing being performed by the … host (Hu [0033] As a specific example, after completing the virus scan operation, the security management application calls the application installation resuming class function or the application installation terminating class function in the application layer and sets input parameters of the application installation resuming class function or the application installation terminating class function in the application layer on the basis of the virus scan result. The application installation resuming class function or the application installation terminating class function in the application layer then calls an application installation resuming class function or an application installation terminating class function provided by the service of the framework layer, to notify the framework layer of whether or not to execute the installation operation for the application.)
Hu teaches an application virus check but does not explicitly teach a firmware virus check, so Hu does not explicitly teach a firmware update file.
However Repasi teaches a firmware update file and firmware security profiling (Repasi, [0081] Referring now to FIG. 2A, a block diagram is shown representing an example system 200 to scan firmware of a processing system 100 for malware. [0062] an analysis module to analyse the copy of the firmware to determine if the firmware has been modified by malware.) and identify a security vulnerability within the firmware (Repasi [0099] The pattern matching module 226 of the analysis module is configured to search the copies of the firmware for particular patterns of strings or instructions which are indicative of malware. The pattern matching module 226 may operate in combination with the disassembly module 228 of the analysis module 220. The disassembly module 228 is configured to disassemble the binary code stored of the firmware such that disassembly module 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Repasi’s firmware check with Hu’s application check because doing so improves malware detection (Repasi, [0008] Firmware is software that is embedded in a hardware device of the processing system. [0018] Therefore, there exists a need for a method, system, computer readable medium of instructions, and/or a computer program product to scan firmware of a processing system for malware which addresses or at least ameliorates problems inherent in the prior art.)
Hu does not teach a trusted host and a trusted service processor.
However Nachenberg teaches a trusted host and a trusted service processor (Nachenberg [0020] In one embodiment, the developer system 112 contains a trusted computing platform and is utilized by a developer to develop computer programs (sometimes referred to as "software" or "code") for execution on the end-user system 114. [0023] The end-user computer system 114 includes functionality for verifying a signature in the software received from the developer system 112. [0010] The developer computer system (112) includes a trusted computing platform having a protected area (222) in storage (208) and a protected area (226) in memory (206). [0026] In one embodiment, the processor 202 includes special-purpose functionality for supporting the trusted computing platform, such as instructions allowing creation of and interfacing with protected storage areas and instructions for executing programs in a " trusted" mode that cannot be interrupted or compromised.)  EN: Nachenberg’s trusted system is the developers system. Trusted host and trusted service processor are interpreted in light of specification section [0034], where it is disclosed the items be implemented individually or in combination in an information handling system. 
 to have applied Nachenberg’s trusted platform to Hu’s virus scanning platform because doing so improves security by controlling access  (Nachenberg, [0010] Only authorized modules can access these areas.)

Regarding claim 12, Hu, Repasi and Nachenberg teach
the method of claim 1, wherein:  
the firmware update file is used to update a sub-system of the information handling system (Repasi, [0087] Example firmware devices of the processing system 100 which can populate the list can comprise a BIOS chip, a video card, an optical storage device, a mobile phone in data communication with the processing system 100, a scanner, an MP3 player, a USB device, a digital camera, or any other device which comprises EEPROM which could be susceptible to a malware attack.

Regarding claim 13, Hu, Repasi and Nachenberg teach
the method of claim 1, wherein:  
tthe firmware update file is received via an externally provided firmware update package (Hu, [0021] In FIG. 1, in S100, when an Android operating system needs to install an application, identification information of the application that needs to be installed is transmitted from a framework layer to an application layer [0024] In the present embodiment, the pre-installation package detection interface function can be provided at the starting position of the application installation interface function [0061] In the case that the resumeOrAbortInstall ( ) provided by the network security service of the framework layer determines that the installation operation)

Regarding claim 6, Hu, Repasi and Nachenberg teach
the method of claim 1, further comprising: 
mapping the firmware update file to a memory-mapped device contained within the trusted service processor (Repasi, [0087] The copy module 210 is configured to determine one or more firmware devices of the processing system 100. The copy module 210 can initiate the firmware device detection module 213 which generates a list of the one or more firmware devices of the processing system 100. The firmware device detection module 213 may call a device manager of the specific operating system used on the processing system 100 to populate the list. Example firmware devices of the processing system 100 which can populate the list can comprise a BIOS chip, a video card, an optical storage device, a mobile phone in data communication with the processing system 100, a scanner, an MP3 player, a USB device, a digital camera, or any other device which comprises EEPROM which could be susceptible to a malware attack.)

Claims 7-9 and 12 are system claims for the method claims 1-3 and 6 and are rejected for the same reasons as claims 1-3 and 6.

Claims 13-15 and 18 are medium claims for the method claims 1-3 and 6 and are rejected for the same reasons as claims 1-3 and 6.


Claims 4, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hu (2016/0267267) in view of Repasi (2007/0277241) in view of Nachenberg (2004/0083366) in view of Viljoen (8,234,709).

Regarding claim 14, Hu, Repasi and Nachenberg teach
the method of claim 1, wherein: 
the identifying the security vulnerabilities comprises using a … and a digital signature (Nachenberg, [0020] In one embodiment, the developer system 112 communicates with the CA 110 to obtain certificates and uses the certificates to "sign" software developed on the system. The signing happens in a secure area of the trusted computing platform in order to prevent malicious code from compromising the signature.)
Hu teaches application scanning but does not teach a malware scanning application file
However Viljoen teaches a malware scanning application file (Viljoen, Col 3 line 634 to Col 4, line 1. Through this network connection, signature update server 110 can provide signature definition file updates to client computers 120(1)-(M),)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Viljoen’s malware scanning updates with Hu’s application check because doing so improves quick updates to virus’ detection (Viljoen, Col 3, lines 49-52, In this manner, anti-malware clients incorporating embodiments of the present invention can receive signature definition updates in a manner of minutes after certification of new malware signatures.)

Claim 10 is a system claim for the method claim 4 and is rejected for the same reasons as claim 4.

Claim 16 is a medium claim for the method claim 4 and is rejected for the same reasons as claim 4.

Claims 5, 11, 17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hu (2016/0267267) in view of Repasi (2007/0277241) in view of Nachenberg (2004/0083366) in view of Viljoen (8,234,709) in view of Gschwind (2015/0248283).

Regarding claim 15, Hu, Repasi, Nachenberg and Viljoen teach
the method of claim 4, wherein: 
the digital signature are provided by the trusted host (Nachenberg, [0020] In one embodiment, the developer system 112 communicates with the CA 110 to obtain certificates and uses the certificates to "sign" software developed on the system. The signing happens in a secure area of the trusted computing platform in order to prevent malicious code from compromising the signature.) malware scanning application file (Viljoen, Col 3 line 634 to Col 4, line 1. Through this network connection, signature update server 110 can provide signature definition file updates to client computers 120(1)-(M),).
Hu does not teach provided by the trusted host.
However Gschwind teaches provided by the trusted host (Gschwind, [0023] In the example of FIG. 1, memory 110 can be loaded with software including instructions for implementing methods for initiating communication between user trusted device 10 and a network 165. [0067] In embodiments, the method further includes: transferring data, a user trusted device firmware update, from the server to the user trusted device; storing the transferred data on a memory, preferably a persistent memory, of the user trusted device; and updating software of the user trusted device according to the transferred data as stored on the memory of the user trusted device.)  EN: Gschwind teaches a trusted device receiving data and updates.  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have applied Gschwind’s updates to trusted devices to Hu-Repasi-

Claim 11 is a system claim for the method claim 5 and is rejected for the same reasons as claim 5.

Claim 17 is a medium claim for the method claim 5 and is rejected for the same reasons as claim 5.

Regarding claim 19, Hu, Repasi, Nachenberg, Viljoen and Gschwind teach
the non-transitory, computer-readable storage medium of claim 13, wherein: 
the computer executable instructions are deployable to a client system from a server 3system at a remote location (Gschwind, [0023] In the example of FIG. 1, memory 110 can be loaded with software including instructions for implementing methods for initiating communication between user trusted device 10 and a network 165. [0093] Step S8d, the transfer of the update from the server to the client is completed and the update is stored on a memory (persistent or not) of device 10.)  EN: Gschwind teaches network updates.

Regarding claim 20, Hu, Repasi, Nachenberg, Viljoen and Gschwind teach
the non-transitory, computer-readable storage medium of claim 13, wherein: 
the computer executable instructions are provided by a service provider to a user on an on-demand basis (Gschwind, [0026] Network 165 can be an IP-based network for communication between computer 101 and any external server, client and the like via a broadband connection. Network 165 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Sussman (2016/0188879) teaches detection of malware in firmware.
Marr (2015/0199519) teaches secure firmware updates.
Rao (2017/0085383) teaches trusted support processor for BIOS authentication.
Mahaffey (2015/0163121) teaches monitoring information associated with firmware and a trusted execution environment. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315.  The examiner can normally be reached on 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/BRUCE S ASHLEY/Examiner, Art Unit 2494                                                                                                                                                                                                        
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494