Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are pending.

Claim Objections
Applicant is advised that should claim 9 be found allowable, claim 10 will be objected to under 37 CFR 1.75 as being a substantial duplicate thereof. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 3, 7-8, 12, 14 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2016/0162689 A1 to Martinez et al. (Martinez).
Regarding claim 1, Martinez discloses an information handling system comprising: a display device (display, ¶27); and a basic input/output system (BIOS) (¶28) configured to: determine a configuration of one or more BIOS settings identified as influencing security at the information handling system (security indicator, Fig. 2A, based on BIOS settings, ¶20, ¶31); determine a security risk score based on the configuration (Fig. 2A, Fig. 2B); generate a security gauge image providing a visual indication of the security risk score (Figs. 2A-2B, ¶31); and display the security gauge image at the display device during BIOS initialization at the information handling system (Figs. 2A-2B, ¶31).
Regarding claim 12, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.  
Regarding claims 3 and 14, Martinez discloses wherein determining the security risk score further comprises identifying a threat priority (weighted security values, ¶31) associated with the configuration of each of the one or more BIOS settings (weight associated with each setting, ¶31).  
Regarding claims 7 and 18, Martinez discloses wherein a first setting of the one or more BIOS settings comprises a configuration of a Secure Boot protocol (p. 4, Table 2).
Regarding claim 8, Martinez discloses wherein a first setting of the one or more BIOS settings comprises a configuration of a removable storage device (USB, p. 4, Table 2).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez, as applied to claims 1 and 12 above, in view of US 2019/0207969 A1 to Brown.
Regarding claims 2 and 13, Martinez lacks wherein the BIOS is further to: receive an event log identifying system events identified as influencing security at the information handling system; and determine the security risk score further based on the system events.  However, Brown teaches that it was known to analyze event logs to determine a security score (¶76, ¶77, ¶210) indicative of a malware (¶20).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez such that the BIOS is further to: receive an event log identifying system events identified as influencing security at the information handling system; and determine the security risk score further based on the system events.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize system events to detect a risk, as taught by Brown.

Claims 4, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez, as applied to claims 1 and 12 above, in view of US 2019/0222597 A1 to Crabtree et al. (Crabtree).
Regarding claims 4, 15 and 20, Martinez lacks wherein the BIOS is further to: determine that a user interacted with the security gauge image displayed during BIOS initialization; and in response to the determining, display information identifying the configuration of the one or more BIOS settings contributing to the risk score.  However, Crabtree teaches that it was known to provide a visual .

Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez, as applied to claims 1 and 12 above, in view of Crabtree and US 2005/0235360 A1 to Pearson.
Regarding claims 5 and 16, Martinez discloses wherein the BIOS is further to: provide an interface to adjust a value of the configuration of the one or more BIOS settings (¶17), but lacks determine that a user interacted with the security gauge image displayed during BIOS initialization; and in response to the determining, providing the interface.  However, Crabtree teaches that it was known to provide a visual indication of a risk score to a user (Fig. 25) and further determine that a user interacted with the visual indication and in response to the determining, display information identifying the factors contributing to the risk score (Fig. 25, ¶82).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez such that the BIOS is further to: determine that a user interacted with the security gauge image displayed during BIOS initialization; and in response to the determining, display information identifying the configuration of the one or more BIOS settings contributing to the risk score.  One of ordinary skill in the art would have been motivated to perform such a modification to enable the user to .

Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez, as applied to claims 1 and 12 above, in view of US 2008/0148387 A1 to Madina et al. (Madina).
Regarding claims 6 and 17, Martinez lacks wherein a first setting of the one or more BIOS settings comprises a configuration of a trusted platform module.  However, Madina teaches that it was known to include a TPM enable/disable option in a BIOS configuration (¶¶12-13).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez such that a first setting of the one or more BIOS settings comprises a configuration of a trusted platform module.  One of ordinary skill in the art would have been motivated to perform such a modification to include, as a security option in the BIOS, enabling a trusted platform module, as taught by Madina.

Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez, as applied to claims 1 and 12 above, in view of US 2019/0306182 A1 to Fry et al. (Fry).
Regarding claims 9 and 10, Martinez lacks wherein a first setting of the one or more BIOS settings comprises a prior or pending BIOS image update event.  However, Fry teaches notifying a user .

Claims 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez, as applied to claims 1 and 12 above, in view of US 2014/0359777 A1 to Lam et al. (Lam).
Regarding claims 11 and 19, Martinez discloses a security risk score (Figs. 2A-2B), but lacks wherein the BIOS is further configured to transmit an alert to a remote administration service in response to determining that a threat level indicated by the security risk score exceeds a predetermined threshold.  However, Lam teaches that it was known to compare an asset risk score to a threshold and alert an administrator if the threshold is exceeded (¶46).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez such that the BIOS is further configured to transmit an alert to a remote administration service in response to determining that a threat level indicated by the security risk score exceeds a predetermined threshold.  One of ordinary skill in the art would have been motivated to perform such a modification to notify a user of BIOS settings indicating a security risk, as taught by Lam.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841.  The examiner can normally be reached on Monday - Friday, 7:00-3:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
July 20, 2021