Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
The amendment filed 01/21/2021 has been entered and fully considered.  Applicant has amended claims 1, 8 and 14.  Applicant’s amendments to the claims have overcome the objections previously set forth in the Non-Final Office Action mailed 11/12/2020.   
Applicant’s arguments, see pp. 8-13, filed 01/21/2021, with respect to overcoming the prior art of the rejection of claims 1-20 under 35 U.S.C. § 103 have been fully considered and are persuasive.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
	Authorization for this examiner’s amendment was given in a telephone interview with Chad J. Hammerlind (Registration No. 67,565) on 03/26/2021.
Please replace the Claims as follows:
1.	(Currently Amended) A secure boot violation system, comprising:
a Basic Input/Output System (BIOS) including an authenticated variables hardware storage;
at least one authorization key included in the authenticated variables hardware storage; and
at least one signatures database included in the authenticated variables hardware storage, wherein the BIOS is configured to:
receive a first policy action entry for association with a first signature in the at least one signatures database, wherein the first signature is associated with a default policy action entry, and wherein the first policy action entry defines a first policy action to perform when a security violation is detected;
determine that the first policy action entry is signed with the at least one authorization key and, in response, associate the first policy action entry with the first signature in the at least one signatures database such that the first policy action entry is stored with the first signature in the at least one signatures database;
generate, as part of a boot process and subsequent to the associating the first policy action entry with the first signature, a second signature;
compare the second signature to the first signature and, in response, determine that a first secure boot violation has occurred; and
perform, in response to determining that the first secure boot violation has occurred, [[a]] the first policy action defined by the first policy action entry.
2.	(Previously presented) The system of claim 1, wherein the BIOS is configured to:
receive a second policy action entry for association with the first signature in the at least one signatures database;
determine that the second policy action entry is signed with the at least one authorization key and, in response, replace the first policy action entry associated with the first signature in the at least one signatures database with the second policy action entry;
generate, as part of the boot process and subsequent to associating the second policy action entry with the first signature, a third signature;
compare the second signature to the first signature and, in response, determine that a second secure boot violation has occurred; and
perform, in response to determining that the second secure boot violation has occurred, a second policy action defined by the second policy action entry.
3.	(Original) The system of claim 1, wherein the at least one authorization key includes a platform key and a key exchange key, and wherein the determining that the first policy action entry is signed with the at least one authorization key includes determining that the first policy action entry is signed with the key exchange key.
4.	(Previously presented) The system of claim 1, wherein the at least one signatures database includes an allowed signatures database and a disallowed signatures database, and wherein the determining that the first secure boot violation has occurred includes:
determining that the second signature does not match the first signature in the allowed signatures database.
5.	(Previously presented) The system of claim 1, wherein the at least one signatures database includes an allowed signatures database and a disallowed signatures database, and wherein the determining that the first secure boot violation has occurred includes:

6.	(Previously presented) The system of claim 1, wherein the first policy action includes one of:
performing, through a network, at least one recovery action that is configured to remedy the first secure boot violation; and
securely erasing a storage device coupled to the BIOS.
7.	(Previously presented) The system of claim 1, wherein the first policy action entry replaces the default policy action entry.
8.	(Currently Amended) An Information Handling System (IHS), comprising:
a chassis;
a secured storage system that is housed in the chassis;
a processing system that is housed in the chassis and that is coupled to the secured storage system; and
a memory system that is housed in the chassis, that is coupled to the processing system, and that includes instructions that, when executed by the processing system, cause the processing system to provide a Basic Input/Output System (BIOS) that is configured to:
receive a first policy action entry for association with a first signature in [[the ]]at least one signatures database provided in the secured storage system, wherein the first signature is associated with a default policy action entry, and wherein the first policy action entry defines a first policy action to perform when a security violation is detected;
determine that the first policy action entry is signed with [[the ]]at least one authorization key that is stored in the secured storage system and, in response, associate the first policy action entry with the first signature in the at least one signatures database in the secured storage system such that the first policy action entry is stored with the first signature in the at least one signatures database;
generate, as part of a boot process and subsequent to the associating the first policy action entry with the first signature, a second signature;
compare the second signature to the first signature and, in response, determine that a first security violation has occurred; and
perform, in response to determining that the first security violation has occurred, [[a ]]the first policy action defined by the first policy action entry.
9.	(Previously presented) The IHS of claim 8, wherein the BIOS is configured to:

determine that the second policy action entry is signed with the at least one authorization key that is stored in the secured storage system and, in response, replace the first policy action entry associated with the first signature in the at least one signatures database provided in the secured storage system with the second policy action entry;
generate, as part of the boot process and subsequent to associating the second policy action entry with the first signature, a third signature;
compare the second signature to the first signature and, in response, determine that a second security violation has occurred; and
perform, in response to the determining that the second security violation has occurred, a second policy action defined by the second policy action entry.
10.	(Original) The IHS of claim 8, wherein the at least one authorization key includes a platform key and a key exchange key, and wherein the determining that the first policy action entry is signed with the at least one authorization key includes determining that the first policy action entry is signed with the key exchange key.
11.	(Previously presented) The IHS of claim 8, wherein the at least one signatures database includes an allowed signatures database and a disallowed signatures database, and wherein the determining that the first security violation has occurred includes:
determining that the second signature does not match the first signature in the allowed signatures database.
12.	(Previously presented) The IHS of claim 8, wherein the at least one signatures database includes an allowed signatures database and a disallowed signatures database, and wherein the determining that the first security violation has occurred includes:
determining that the second signature matches the first signature in the disallowed signatures database.
13.	(Previously presented) The IHS of claim 8, wherein the first policy action entry replaces the default policy action entry.
14.	(Currently Amended) A method for providing a secure boot process, comprising:
receiving, by a Basic Input/Output System (BIOS), a first policy action entry for association with a first signature in at least one signatures database provided in a secured storage system, wherein the first , and wherein the first policy action entry defines a first policy action to perform when a security violation is detected;
determining, by the BIOS, that the first policy action entry is signed with at least one authorization key that is stored in the secured storage system and, in response, associate the first policy action entry with the first signature in the at least one signatures database provided in the secured storage system such that the first policy action entry is stored with the first signature in the at least one signatures database;
generate, by the BIOS as part of a boot process and subsequent to the associating the first policy action entry with the first signature, a second signature;
comparing, by the BIOS, the second signature to the first signature and, in response, determining that a first security violation has occurred; and
performing, by the BIOS in response to the determining that the first security violation has occurred, [[a]] the first policy action defined by the first policy action entry.
15.	(Previously presented) The method of claim 14, further comprising:
receiving, by the BIOS, a second policy action entry for association with the first signature in the at least one signatures database provided in the secured storage system;
determining, by the BIOS, that the second policy action entry is signed with the at least one authorization key that is stored in the secured storage system and, in response, replace the first policy action entry associated with the first signature in the at least one signatures database provided in the secured storage system with the second policy action entry;
generating, by the BIOS as part of the boot process and subsequent to the associating the second policy action entry with the first signature, a third signature;
comparing, by the BIOS, the second signature to the first signature and, in response, determining that a second security violation has occurred; and
performing, by the BIOS in response to the determining that the second security violation has occurred, a second policy action defined by the second policy action entry.
16.	(Original) The method of claim 14, wherein the at least one authorization key includes a platform key and a key exchange key, and wherein the determining that the first policy action entry is signed with the at least one authorization key includes determining that the first policy action entry is signed with the key exchange key.

determining, by the BIOS, that the second signature does not match the first signature in the allowed signatures database.
18.	(Previously presented) The method of claim 14, wherein the at least one signatures database includes an allowed signatures database and a disallowed signatures database, and wherein the determining that the first security violation has occurred includes:
determining, by the BIOS, that the second signature matches the first signature in the disallowed signatures database.
19.	(Previously presented) The method of claim 14, wherein the first policy action includes one of:
performing, through a network, at least one recovery action that is configured to remedy the first security violation; and
securely erasing a storage device coupled to the BIOS.
20.	(Previously presented) The method of claim 14, wherein the first policy action entry replaces the default policy action entry.
Allowable Subject Matter
Claims 1-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.  First, Applicant’s arguments with respect to the claim amendments traversing the prior art of record are persuasive.  In addition, based on an updated search and further consideration, the Examiner finds that the claimed invention is patentably distinct based on the following additional rationale.
  teaches a secure boot violation system, comprising: a Basic Input/Output System (BIOS) including an authenticated variables hardware storage; at least one authorization key included in the authenticated variables 
  teaches generate, as part of a boot process and subsequent to the associating the first policy action entry with the first signature, a second signature; compare the second signature to the first signature and, in response, determine that a first secure boot violation has occurred; and perform, in response to determining that the first secure boot violation has occurred, a first policy action defined by the first policy action entry.
The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention, within the context of the claimed invention as a whole, as recited in Claim 1.
Although Jacobs discloses a secure boot violation system, comprising: a Basic Input/Output System (BIOS) including an authenticated variables hardware storage; at least one authorization key included in the authenticated variables hardware storage; and at least one signatures database included in the authenticated variables hardware storage, wherein the BIOS is configured to: receive a first policy action entry for association with a first signature in the at least one signatures database, wherein the first signature is associated with a default policy action entry; determine that the first policy action entry is signed with the at least one authorization key and, in response, associate the first policy action entry with the first signature in the at least one signatures database such that the first policy action entry is Jacobs does not disclose  generate, as part of a boot process and subsequent to the associating the first policy action entry with the first signature, a second signature; compare the second signature to the first signature and, in response, determine that a first secure boot violation has occurred; and perform, in response to determining that the first secure boot violation has occurred, a first policy action defined by the first policy action entry.  Furthermore, the Examiner notes prior art teachings, such as Varadhan, which teaches generate, as part of a boot process and subsequent to the associating the first policy action entry with the first signature, a second signature; compare the second signature to the first signature and, in response, determine that a first secure boot violation has occurred; and perform, in response to determining that the first secure boot violation has occurred, a first policy action defined by the first policy action entry.  However, the Examiner notes that the prior art does not provide sufficient motivation to be modified and combined in such a way as to render obvious the claimed invention without the usage of impermissible hindsight reasoning.
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious the claimed invention as a whole, without the usage of impermissible hindsight reasoning.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491