DETAILED ACTION
Claims 1-20 are presented for examination.
The present application is being examined under the AIA  (America Invents Act) First Inventor to File.
This Office Action is Non-Final.
Claims 1, 9 and 13 are independent claims. Claims 2-8, 10-12, 14-20 are dependent claims. 
This action is responsive to the following communication: corresponding claims filed on 05-14-2019.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05-28-2019 is in compliance with the provisions of 37 CFR 1.97 

Claim Objections
Claim 1 recites to “boot into operating system stored in the memory” but that expression is indefinite because it is unclear to a PHOSTA to determine how booting into (emphasis added) a software be accomplished. For examination purposes that expression will be interpreted as boot an OS stored on the memory.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 7,  9, 13, 10, 11, 16, 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2018/0004502 by Samuel et al. in view of U.S. Publication No. 2019/0179628 by Bulusu et al. 

As per claims 1, 9, 13,  Samuel et al. discloses an information handling system comprising: 
at least one processor; a memory coupled to the at least one processor; and an information handling resource including a firmware; (¶ [005] states that “an information handling system may comprise a memory and a processor coupled to the memory, wherein the processor has access to the BIOS, wherein the BIOS includes one or more instructions stored in the memory and executable by the processor”. 
wherein the information handling system is configured to: 
boot into an operating system stored on the memory; (¶ [0021] states a “memory 130 stores operating system 132, which may represent instructions executable by 
processor subsystem 120 to operate information handling system 100 after booting of the BIOS firmware 192.”

store information regarding [[ BIOS update]] in a storage location accessible to a preboot environment of the information handling system, (¶ [0036] states that “one or more values associated with automatic updating of the BIOS firmware 192 are populated in the ESRT 250” and [Figs 1, 2] It is apparent to PHOSITA that BIOS is a firmware that is accessible in a preboot environment. Indeed, ¶ [0029] further acknowledges that by stating “pre-boot applications”. 
Samuel et al. does not distinctly disclose the following:
receiving a BIOS update based on “vulnerability”; and 
based on a security policy, determine a resolution for mitigation of the vulnerability; 
store information regarding the resolution in a storage location accessible to a preboot environment of the information handling system; and
wherein the preboot environment is configured to apply the resolution upon a subsequent boot of the information handling system. 
However, Bulusu et al. discloses the following: 

to be updated from time to time to address issues relating to various functions of the computing system, such as, for example, security related fixes.  Typically, the update may be performed by writing a patch or corrective code to a firmware image such as, for example, a BIOS image ¶ [0002]
based on a security policy, determine a resolution for mitigation of the vulnerability; (“The firmware may have to be updated from time to time to address issues relating to various functions of the computing system, such as, for example, security related fixes.  Typically, the update may be performed by writing a patch or corrective code to a firmware image such as, for example, a BIOS image ¶ [0002]
store information regarding the resolution in a storage location accessible to a preboot environment of the information handling system; and [updated BIOS firmware may be written either in a primary or secondary memory [Fig 3] 
wherein the preboot environment is configured to apply the resolution upon a subsequent boot of the information handling system. (apply the BIOS updates by performing a “warm reboot” [Fig 3 (step 310) or alternative hard reboot [Fig 4(step 410)] 

It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Samuel et al. and Bulusu et al. because both references are in the same field of endeavor. Belusus’ teaching of updating BIOS because of patching security fixes would enhance Samuel's system by allowing securing the system with the latest security updates thus enhancing system security from any security attacks. 
the update may be performed by writing a patch or corrective code to a firmware image such as, for example, a BIOS image ¶ [0002]) , (Samuel et al.;  ¶ [0028] states that “once an information handling system 100 is booted to the OS, a connection with a BIOS update service server 210 may be established.  An automatic update to one or more firmware components or devices, such as BIOS firmware 192, may occur”
As per claims 7, 19 Samuel as modified discloses wherein the receiving, determining, and storing are carried out by a software agent executing on the operating system.  [Samuel et al.; ¶ [0031] states that “An OS 240 for an information handling system 100 identifies the BIOS firmware 192 (for example, UEFI BIOS firmware) of the information handling system 100 as a device object by enumerating an entry of the ESRT 250.  The specific firmware of information handling system 100 is identified by a GUID of the ESRT 250.  The OS 240 may receive BIOS update information that a BIOS update 220 has been published at the BIOS update service server 210”.) 
As per claims 10, Samuel as modified discloses further comprising the information handling system requesting the information regarding the [bios update] (Samuel; the OS 240 may query the BIOS update service 230 for BIOS update information related to available BIOS updates 220; ¶ 0031] Whereas, BULUSU discloses the information about “vulnerability.” (“The firmware may have to be updated from time to time to address issues relating to various functions of the computing security related fixes.  Typically, the update may be performed by writing a patch or corrective code to a firmware image such as, for example, a BIOS image ¶ [0002]
As per claim 11, Samuel as modified discloses further comprising the information handling system receiving the information regarding the vulnerability without requesting such information. (Samuel; The OS 240 may receive BIOS update information that a BIOS update 220 has been published at the BIOS update service server 210 ¶ [0031] Which to a PHOSITA this means “A basic input/output system (BIOS) may be automatically updated by a BIOS distribution service” [abstract] 
Claims 2-3, 5, 8, 12, 14-15, 17, 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2018/0004502 by Samuel et al. in view of U.S. Publication No. 2019/0179628 by Bulusu et al. and further view of U.S. Publication No. 2016/0180094 by Dasar et al. 
As per claims 2, 14 Samuel as modified does not distinctly disclose wherein the resolution includes preventing loading a driver associated with the information handling resource that includes the firmware. 
However, Dasar et al. explicitly discloses wherein the resolution includes preventing loading a driver associated with the information handling resource that includes the firmware. (¶ [0030] states that “Secure boot module 236 is a software and/or firmware module that secures the boot process by preventing the loading of UEFI images 205 that are not signed with an acceptable digital signature or certificate. ”


As per claims 3, 15 Samuel as modified discloses  wherein the driver is a Unified Extensible Firmware Interface (UEFI) driver. (¶ [0030] Dasar et al. states that “Secure boot module 236 is a software and/or firmware module that secures the boot process by preventing the loading of UEFI images 205 that are not signed with an acceptable digital signature or certificate.  “ 
As per claim 5, 12 , 17 Samuel as modified discloses wherein the resolution includes disabling a particular feature of the information handling resource that includes the firmware. (¶ [0030] Dasar et al. states that “Secure boot module 236 is a software and/or firmware module that secures the boot process by preventing the loading of UEFI images 205 that are not signed with an acceptable digital signature or certificate” This means a UEFI image from the plurality of UEFI images (e.g., feature) that is not signed is prevented from being loaded. 
As per claims 8, 20 Samuel as modified discloses wherein the security policy is a cryptographically signed security policy included in the information regarding the vulnerability. (Dasar discloses the following: ¶ [006] states that “During start-up of the information handling system, the firmware checks the signature of each piece of boot software, including firmware, software and the operating system” and ¶ [007] states that “With a conventional boot operation, a reboot of the information handling 
system is automatically triggered whenever a secure boot policy is changed 
during the boot device selection phase of the boot process.  A system reboot is 
required to check the integrity of all the BIOS/UEFI images or drivers in the 
driver execution phase using the secure boot policy” . Additionally, ¶ [0028] Therefore, Basar discloses a “secure boot policy” that when is changed must be authenticated. That authentication is at least disclosed as noted above by ¶s [006] and [0028] )
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Samuel as modified and Dasar et al. because all references are in the same field of endeavor. Dasar’s teaching of secure boot policy would enhance Samuel's as modified system by preventing vulnerabilities to system security policy by making changes to a booting process by non-authorized entities.  

Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2018/0004502 by Samuel et al. in view of U.S. Publication No. 2019/0179628 by Bulusu et al. and further view of U.S. Publication No. 2018/0276000 by Roszak et al. 

As per claims 6 and 18, Samuel as modified discloses wherein storing the information regarding the resolution in the storage location accessible to the preboot environment includes: (Samuel discloses storage device 190 storing BIOS.[Fig 1] It is apparent to firmware may perform various tasks including initializing and testing of various components of the computing system, power management, loading of an Operating System (OS) of the computing system, etc. In case of a cloud server, once the OS is loaded, Virtual Machines (VMs) may also be initialized and control of the system may be passed on to the OS.” ¶ [0001]
the operating system of the information handling system executing a persistent agent that has been presented to the operating system; and (Samul’s ¶ [0029] states that “the BIOS firmware 192 of information handling system 100 may be UEFI compatible firmware.  The UEFI specification defines an interface between an operating system (OS) 240 of an information handling system 100 and firmware, such as BIOS firmware 192.  The interface of the UEFI comprises data tables that contain platform information (information related to the specific information handling system 100), boot and runtime service calls that are available to the OS and the associated OS loader.” Therefore, the disclosed teachings of “interface” like BIOS , “ESRT” or “boot and runtime calls” is similar to the claimed “persistent agent”. ) , (Bulusus discloses that the “Computing systems generally include a firmware, such as, for example, Basic Input/Output System (BIOS) firmware, which may be executed by a controller for performing certain specific tasks pertaining to a computing system.  For example, the firmware may perform various tasks including initializing and testing of various components of the computing system, power management, loading of an Operating System (OS) of the computing system, etc. In case of a cloud server, once the OS is loaded, Virtual Machines (VMs) may also be initialized and control of the system may be passed on to the OS.” ¶ [0001]

the persistent agent storing the information regarding the resolution in a designated storage space accessible to the preboot environment. (¶ [0030] states “For example, the one or more values may be populated based, at least in part, 
on the BIOS version control policy 260.  The one or more values or ESRT value 
may comprise a unique identifier, such as a globally unique identifier (GUID), 
indicative of the firmware component of the information handling system 100 
that may be updated via update capsule.  This unique identifier is passed into 
the UEFI update capsule run-time service as a parameter.  An ESRT value may 
comprise a firmware type that identifies the type of firmware resource of 
information handling system 100, for example, unknown, system firmware, device 
firmware, UEFI driver, or any other type of firmware resource.  An ESRT value 
may comprise the current firmware version, such as the current version of the 
BIOS firmware 192 for the information handling system 100” Thus, ESRT values are used to resolute whether a BIOS update should occur based on driver, version type…etc)( Belusu’s ¶  [0002]  stetes that “The firmware may have to be updated from time to time to address issues relating to various functions of the computing system, , security related fixes.  Typically, the update may be performed by writing a patch or corrective code to a firmware image such as, for example, a BIOS 
image.  Because the ability to write to the firmware is a controlled mechanism, 
the firmware update is typically handled by firmware interfaces.  Therefore, the firmware interface is responsible for resolving updates directed to security fixtures.)
Samuel as modified does not distinctly discloses using a Windows Platform Binary Table (WPBT) channel.
However, Roszak et al. using a Windows Platform Binary Table (WPBT) channel. (The bootstrap loader installs an enroller that identifies a management 
agent.  This can include downloading the management agent from a management 
server.  The enroller can find or contact the management server by contacting an address provided in a WINDOWS Platform Binary Table (WPBT).  The management 
agent is installed prior to the user logging into the operating system to 
prevent circumvention of management policies.; [abstract] )
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Samuel as modified and Roszak et al. because all references are in the same field of endeavor. Roszaks’ teaching of WPBT table would enhance Samuel's as modified system by allowing the system with a path to management agent that an administrator can inject multiple functionality based on various polices before loading the OS, thus improving system configurability. 


Conclusion

With respect to any newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims. See MPEP §714.02 and § 2163.06. For example, when responding to this office action, applicants are advised to provide the examiner with the line numbers and page numbers in the application and/or references cited to assist the examiner in locating appropriate paragraphs.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUREL PRIFTI whose telephone number is (571)270-1743.  The examiner can normally be reached on M-F 8 a.m.- 6 p.m..
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Ngoc Huynh can be reached on 571-272-4147.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/AUREL PRIFTI/Primary Examiner, Art Unit 2186                                                                                                                                                                                                        

Aurel Prifti     
 Primary Examiner
Art Unit 2186
Tel. (571) 270-1743
Fax (571) 270-2743

aurel.prifti@uspto.gov