DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rao et al (US 20170085383) in view of Rhee et al. (US 20190121984)
Regarding claim 1, Rao teaches
A BIOS management system, comprising: 
at least one memory (Fig. 1, (152 – secure storage and 114a – Flash memory)) storing a computer program, and original basic-input-output-system (BIOS) information (Fig. 1 (Backup BIOS Image-156)) used as original information of BIOS information referred to by an information processing device (Fig.1,(Host processor-112a and 
at least one processor configured to execute the computer program to: 
compare a first result of the operation processing executed on the BIOS information with a second result of the operation processing executed on the original BIOS information; and (Fig. 1 and 3, [0027], “BMC 112a encrypts the current BIOS hash value and compares the current BIOS hash value to the encrypted BIOS hash value 150. If the hash values are not identical, BIOS/UEFI 122 is not authenticated and can be deemed corrupted or compromised.” And [0037], “In response to determining that the hash values do not match in decision block 312, then method 300 includes recovering corrupted BIOS image from a backed-up copy in BMC (block 316).”)
when the first and second results match each other, control the information processing device in such a way as to complete activation by executing the BIOS information. (Fig. 3, [0037], “BMC determines whether there is a match between the current hash value and the trusted hash value (decision block 312). In response to the hash values matching in decision block 312, then method 300 includes continuing booting of the IHS (block 314).”)
Rao does not teaches generating a hash and an encryption/decryption key but does not teach that these vary each time.  Rhee teaches varying encryption keys and hashes using random numbers at booting time.
execute, on the BIOS information and the original BIOS information, operation processing that varies each time the information processing device is activated; (Figs.  100, the TPM 160 may generate an encryption key by using the hash value for the OS kernel image and a random value generated by the TPM 160 and store the generated encryption key in a predetermined area of the TPM 160. In addition, the TPM 160 may generate an encryption key by using one of an electronic signature value generated by the TPM 160 and unique device information.”)
Rao and Rhee are analogous art. Rhee is cited to teach a similar concept of electronic device security.  Based on Rhee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Rao to use a random number generator to create and vary an encryption key and hash at boot time.  Furthermore, being able to vary the encryption key and hash improves on Rao by being able to create a more secure system. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “to form a security chain between a boot, a kernel, and a file system and thereby provide a stronger security function than that of the IMA.”, [0059]
Regarding claim 2, Rao teaches wherein the processor is configured then execute encryption on the BIOS information and the original BIOS information by using the encryption key being generated, and execute decryption on the BIOS information being encrypted and the original BIOS information being encrypted by using the decryption key. ([0006], “(b) access a trusted encrypted hash value and the unique key from a secure storage; (c) decrypt the trusted encrypted hash value using the unique 
Rao does not teach but Rhee teaches to execute the computer program to generate an encryption key and a decryption key that vary each time the information processing device is activated, ([0058], “the TPM 160 may generate an encryption key by using the hash value for the OS kernel image and a random value generated by the TPM 160 and store the generated encryption key in a predetermined area of the TPM 160.” And [0083], “the image forming apparatus 100 may determine whether the hash value set during the booting time is changed, by newly obtaining a hash value for the execution file using the stored encryption key.” Where the encryption key varies because a random value is used to generate it at every boot time)
Rao and Rhee are analogous art. Rhee is cited to teach a similar concept of electronic device security.  Based on Rhee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Rao to use a random number generator to create and vary an encryption key and hash at boot time.  Furthermore, being able to vary the encryption key and hash improves on Rao by being able to create a more secure system. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “to form a security chain between a boot, a kernel, and a file system and thereby provide a stronger security function than that of the IMA.”, [0059]

112a encrypts the current BIOS hash value and compares the current BIOS hash value to the encrypted BIOS hash value 150. If the hash values are not identical, BIOS/UEFI 122 is not authenticated and can be deemed corrupted or compromised.” [0006], “(b) access a trusted encrypted hash value and the unique key from a secure storage; (c) decrypt the trusted encrypted hash value using the unique key to obtain a trusted hash value; (d) determine whether the current hash value is identical to the trusted hash value;”)
Rao does not teach but Rhee teaches wherein the processor is configured to execute the computer program to generate a hash function that varies each time the information processing device is activated, and ([0058], “the TPM 160 may generate an encryption key by using the hash value for the OS kernel image and a random value generated by the TPM 160 and store the generated encryption key in a predetermined area of the TPM 160.” Where the hash value varies because a random value is used when generating it at boot time)
Rao and Rhee are analogous art. Rhee is cited to teach a similar concept of electronic device security.  Based on Rhee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Rao to use a random number generator to create and vary an encryption key and hash at boot time.  Furthermore, being able to vary the encryption key and hash improves on Rao by being able to create a more secure system. To one of ordinary skill in the art before the effective filing data of the 
Regarding claim 4, Rao does not teach but Rhee teaches wherein the processor is configured to execute the computer program to generate a random number based on a time when the information processing device is activated, and execute the operation processing that uses the random number being generated. ([0079], “the image forming apparatus 100 may generate an encryption key by using a hash value for an OS kernel image and a random value generated by the TPM 160 during a booting time of the image forming apparatus 100 in operation S910.”)
Rao and Rhee are analogous art. Rhee is cited to teach a similar concept of electronic device security.  Based on Rhee, it would have been obvious before the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Rao to use a random number generator to create and vary an encryption key and hash at boot time.  Furthermore, being able to vary the encryption key and hash improves on Rao by being able to create a more secure system. To one of ordinary skill in the art before the effective filing data of the invention it would have been advantageous to make this modification because “to form a security chain between a boot, a kernel, and a file system and thereby provide a stronger security function than that of the IMA.”, [0059]
Regarding claim 5, Rao teaches wherein the processor is configured to execute the computer program to, when the first and second results do not match each other, stop the activation of the information processing device. (Figs. 1 and 3, [0027], 112a encrypts the current BIOS hash value and compares the current BIOS hash value to the encrypted BIOS hash value 150. If the hash values are not identical, BIOS/UEFI 122 is not authenticated and can be deemed corrupted or compromised. BMC 112b can execute a BIOS authentication failure handling module 154 according to a policy. For example, the BIOS authentication failure handling module 154”, where executing a BIOS authentication failure handling module is interpreted as stopping the activation of the information processing device)
Regarding claim 6, Rao teaches wherein the processor is configured to execute the computer program to, when the first and second results do not match each other, update the BIOS information to be the original BIOS information stored in the memory, and then control the information processing device in such a way as to execute the BIOS information being updated. ([0037], “In response to determining that the hash values do not match in decision block 312, then method 300 includes recovering corrupted BIOS image from a backed-up copy in BMC (block 316).”)
Regarding claim 8, Rao teaches wherein the processor is configured to execute the computer program to control the information processing device in such a way as to execute the operation processing on the BIOS information, and the information processing device inputs, into the processor, a result acquired by executing the operation processing. ([0027], “BMC 112b executes a hash function module 146 to obtain a hash value for the BIOS/UEFI 122. BMC 112b encrypts the hash value with the unique key 144 using an encryption module 148. BMC 112b stores the encrypted BIOS hash value 150 of the BIOS/UEFI in a secure storage 152 accessible to BMC 112b. The BMC 112b can then authenticate the BIOS/UEFI 122 before a boot operation by 122 as currently provisioned in the flash memory module 114a. … BMC 112b executes a hash function module 146 to obtain a hash value for the BIOS/UEFI 122. BMC 112b encrypts the hash value with the unique key 144 using an encryption module 148. BMC 112b stores the encrypted BIOS hash value 150 of the BIOS/UEFI in a secure storage 152 accessible to BMC 112b. The BMC 112b can then authenticate the BIOS/UEFI 122 before a boot operation by determining another hash value for the BIOS/UEFI 122 as currently provisioned in the flash memory module 114a.”)
As to claims 7 and 9-10, Rao and Rhee teach these claims according to the reasoning provided in claim 1.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERI L. HARRINGTON whose telephone number is (571)270-0468.  The examiner can normally be reached on Generally, M-F, 7:30a-4p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/CHERI L HARRINGTON/Examiner, Art Unit 2187                                                                                                                                                                                                        July 26, 2021

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187