Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is the initial office action has been issued in response to patent application, 16/395985, filed on 26 April 2019.  Claims 1-20, as preliminary amended, are currently pending and have been considered below.  

Information Disclosure Statement
The information disclosure statement filed 09/06/2019 and 07/23/2020 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 9, and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and 
Claim 1, 9, and 13 recite “at least one artifact purportedly associated with a root for trust system” is vague and unclear. 

Claims 5, 10, and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 5, 10, and 17 recites the limitation "whether a root of trust system”.  It is unclear whether root of trust system is that of independent claims 1, 9, and 13 and if so there is insufficient antecedent basis for this limitation in the claim.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-5, 7-10, 12-17, 19, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shivanna et al. (US2018/0330093 A1, file date 05/12/2017). (on Applicant’s IDS filed 07/23/2020)

Claims 1, 13:
With respect to claims 1, 13, Shivanna et al. discloses a method/system (computing environment for performing an action based on a pre-boot measurement of a firmware image, Figure 1) comprising:
an attestation service (an attestation service engine 120, Figure 1);
an attestation client configured to sending artifacts (include artifacts that may be used to authenticate a firmware component.  These artifacts may include, for example, certificates, passwords and encryption keys, 0021), including at least one artifact purportedly associated with a root of trust system corresponding to a device, to an attestation service (attestation service engine 126 may receive or retrieve a measurement of a firmware image from a virtual PCR in TPM emulator engine, 0030) (Figure 1), wherein the at least one artifact comprises at least one policy attribute related to payload security in a data center (the action may relate to firmware component 102, system 100, and/or the firmware image.  In an example, the action may be defined in a user-defined policy, 0030); and 
acceptable (In response to a determination by attestation service engine that the measurement of the firmware image matches with the pre-determined measurement of the firmware image, system 100 may be allowed to boot.  In response to a determination by attestation service engine 126 that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, attestation service engine 126 may perform an action: a user-defined policy may specify disabling power on system 100 and booting to UEFI/OS if the measurement and the pre-determined measurement of the firmware image do not match, disabling an I/O card on system if the measurement and the pre-determined measurement of the  firmware image for the I/O card do not match,  auto-recovery of the firmware image to a known good version if the measurement and the pre-determined measurement of the firmware image do not match, 0030).

Claims 2, 14:
With respect to claims 2, 14, Shivanna et al. discloses further comprising the attestation service indicating to a certificate authority a result of the determining step (roots of trust engine 126 may include a root certificate, which may be a public key certificate that identifies a root certificate authority (CA), 0026)



Claims 3, 15:
With respect to claims 3, 15, Shivanna et al. discloses further comprising the certificate authority denying a machine certificate to the device if the result of the determining step deems the at least one policy attribute unacceptable (disabling power on system 100 and booting to UEFI/OS if the measurement and the pre-determined measurement of the firmware image do not match, disabling an I/O card on system if the measurement and the pre-determined measurement of the firmware image for the I/O card do not match,  auto-recovery of the firmware image to a known good version if the measurement and the pre-determined measurement of the firmware image do not match, 0030).

Claims 4, 16:
With respect to claims 4, 16, Shivanna et al. discloses further comprising the certificate authority issuing a machine certificate to the device if the result of the determining step deems the at least one policy attribute is acceptable, wherein the machine certificate is double-sealed to first measurements from a root of trust system and second measurements from a trusted platform module (roots of trust engine 126 may include a root certificate, which may be a public key certificate that identifies a root certificate authority (CA), After validating itself, roots of trust engine 126 may validate the first piece of code in the chain of trust, 0026).



Claims 5, 10, 17:
With respect to claims 5, 10, 17, Shivanna et al. discloses wherein the at least one policy attribute relates to whether a root of trust system is associated with the device/host (the measurement may be performed by TPM emulator engine 124, beginning from a hardware root of trust boot block, 0022) (Roots of trust engine 126, 0025) (roots of trust engine 126 may include a root certificate, which may be a public key certificate that identifies a root certificate authority (CA).  Roots of trust engine 126 may determine that the initial code is what the manufacturer intended, before execution.  After validating itself, roots of trust engine 126 may validate the first piece of code in the chain of trust, 0026).

Claims 7, 12, 19:
With respect to claims 7, 12, 19, Shivanna et al. discloses wherein the at least one policy attribute comprises firmware measurements (performing an action based on a pre-boot measurement of a firmware image, 0009) (the pre-determined measurement of a firmware image may include a reference measurement(s) of the firmware image, 0029) (attestation service engine 126 may receive or retrieve a measurement of a firmware image, policy, 0030).

Claims 8, 20:
With respect to claims 8, 20, Shivanna et al. discloses wherein the device comprises one of, or any combination of, a motherboard, a central processing unit, a baseboard management controller, a graphics processing unit, a field programmable gate array (FPGA), an FPGA instance, a complex programmable logic device, a rack controller, a chassis controller, a power supply unit controller, a solid-state drive, a hard disk drive, or a networking device (A hardware-based TPM may include a tamper-resistant integrated circuit built into a motherboard of a system, 0021).

Claim 9:
With respect to claim 9, Shivanna et al. discloses wherein a method (computing environment for performing an action based on a pre-boot measurement of a firmware image, Figure 1) comprising:
an attestation client sending artifacts (an attestation service engine 120, clients, Figure 1), including at least one artifact (include artifacts that may be used to authenticate a firmware component.  These artifacts may include, for example, certificates, passwords and encryption keys, 0021) purportedly associated with a root of trust system corresponding to a host, to a certificate authority (attestation service engine 126 may receive or retrieve a measurement of a firmware image from a virtual PCR in TPM emulator engine, 0030) (Figure 1), wherein the at least one artifact comprises at least one policy attribute related to payload security in  a data center (the action may relate to firmware component 102, system 100, and/or the firmware image.  In an example, the action may be defined in a user-defined policy, 0030); and the certificate authority: (1) extracting attestation data from the at least one artifact, (2) interacting with an attestation service to determine whether the at least one policy attribute is acceptable, and (3) denying a machine certificate to the host if the result of the determining step deems the at least one policy attribute unacceptable (In response to a determination by attestation service engine that the measurement of the firmware image matches with the pre-determined measurement of the firmware image, system 100 may be allowed to boot.  In response to a determination by attestation service engine 126 that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, attestation service engine 126 may perform an action: a user-defined policy may specify disabling power on system 100 and booting to UEFI/OS if the measurement and the pre-determined measurement of the firmware image do not match, disabling an I/O card on system if the measurement and the pre-determined measurement of the  firmware image for the I/O card do not match,  auto-recovery of the firmware image to a known good version if the measurement and the pre-determined measurement of the firmware image do not match, 0030).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 6, 11, 18 are is rejected under 35 U.S.C. 103 as being unpatentable over Shivanna et al. (US2018/0330093 A1, file date 05/12/2017) in view of Steshenko et al. (US2018/0286093 A1, publish date 10/05/2017). (on Applicant’s IDS filed 07/23/2020)

Claims 6, 11, 18:
With respect to claims 6, 11, 18, Shivanna et al. discloses the limitations of claims 1, 9, 13, as addressed. 

Shivanna et al. does not disclose wherein the at least one policy attribute comprises a firmware manifest associated with the device/host, and wherein the determining whether the at least one policy attribute is acceptable comprises determining whether a version associated with the firmware manifest is acceptable as claimed.

However, Steshenko et al. teaches a payment service system may include a server that manages firmware updates for payment devices such as payment readers, access a 
firmware manifest including a listing of current firmware assets stored at the payment reader, and send the firmware manifest to the server (Abstract), wherein the at least one policy attribute comprises a firmware manifest associated with the device/host, and wherein the determining whether the at least one policy attribute is acceptable comprises determining whether a version associated with the firmware manifest is acceptable (The payment service system may use this firmware manifest to determine which firmware versions need to be updated at the payment reader, and whether the update is a blocking update or a non-blocking update, 0014).

Shivanna et al. and Steshenko et al. are analogous art because they are from the same field of endeavor of firmware attestations.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Steshenko et al. in Shivanna et al. for wherein the at least one policy attribute comprises a firmware manifest associated with the device/host, and wherein the determining whether the at least one policy attribute is acceptable comprises determining whether a version associated with the firmware manifest is acceptable as claimed to enhance security, implement additional functionality, and fix bugs (see Steshenko et al. 0003)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/Examiner, Art Unit 2433                

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433