DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.	
Claims 1, 2, 6-22, now renumbered as claims 1-19, have been examined. 

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Mr. Luiz von Paumgartten on 07/29/2021.
Claims 1, 19 and 20 have been amended as follows:
1. (Currently Amended) An Information Handling System (IHS), comprising:
a processor; and
a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to:
monitor a chain of Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) configuration changes comprising at least an indication of a first configuration change having a first timestamp 
compare, against an Indication of Attack (IoA) comprising at least an indication of a third configuration change followed by a fourth configuration change after a time interval
report an alert in response to a determination that: (i) the first configuration change is equal to the third configuration change, (ii) the second configuration change is equal to the fourth configuration change, and (iii) a difference between the second timestamp and the first timestamp is equal to or less than the time interval.

19. (Currently Amended) A hardware memory device having program instructions stored thereon that, upon execution by a processor of an Information Handling System (IHS), cause the IHS to:
monitor a chain of Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) configuration changes comprising at least an indication of a first configuration change having a first timestamp followed by a second configuration change having a second timestamp;
compare, against an Indication of Attack (IoA) comprising at least an indication of a third configuration change followed by a fourth configuration change after a time interval
report an alert in response to a determination that: (i) the first configuration change is equal to the third configuration change, (ii) the second configuration change is equal to the fourth configuration change, and (iii) a difference between the second timestamp and the first timestamp is equal to or less than the time interval.

20. (Currently Amended) A method, comprising:
monitoring a chain of Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) configuration changes comprising at least an indication of a first configuration change having a first timestamp followed by a second configuration change having a second timestamp;
comparing, against an Indication of Attack (IoA) comprising at least at least an indication of a third configuration change followed by a fourth configuration change after a time interval
reporting an alert in response to a determination that: (i) the first configuration change is equal to the third configuration change, (ii) the second configuration change is equal to the fourth configuration change, and (iii) a difference between the second timestamp and the first timestamp is equal to or less than the time interval.

Allowable Subject Matter
Claims 1, 2 and 6-22 are allowed over prior art of record.

Response to Arguments
Applicant’s arguments, see Remarks filed 07/13/2021, have been fully considered and are persuasive.  

Examiner's Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Independent claims 1, 19 and 20 are allowed in view of the examiner’s amendment and for reasons presented by the applicant in the Remarks. Claims 2, 6-18, 21 and 22 depend on one of the above independent claims and are therefore, allowed by virtue of their dependency.
Prior art of record Bobzin teaches: In a computing device, each authenticated variable or a combination of authenticated variables is hashed to generate a first hash. The first hash is stored in non-volatile memory. When the computing device is booted, the authenticated variables are hashed to generate a new hash. The new hash and the previously stored hash are compared by the device’s firmware. When the hashes don’t match, the firmware determines that an unauthorized change has occurred and alerts the user to compromised authenticated variables. Prior art of record Kim teaches: When a software interrupt event is detected, state information of a CPU register corresponding to the time of the software interrupt event is extracted. A change in the vector value corresponding to the software interrupt vector is monitored and a threat to the virtual machine boot process is determined based on CPU register state information and a monitored result.
However, Bobzin and Kim fail to teach: “report an alert in response to a determination that: (i) the first configuration change is equal to the third configuration change, (ii) the second configuration change is equal to the fourth configuration change, and (iii) a difference between the second timestamp and the first timestamp is equal to or less than the time interval”, i.e., the prior arts teach a timestamp associated with a configuration change and alerting a user when unauthorized changes to authenticated variables are detected based on comparing a previously stored hash and a newly generated hash of the authenticated variables but fail to teach when a time difference between a first change and a second change is equal to or less than the stored time interval.
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
BIOS Chronomancy: Fixing the Core Root of Trust for Measurement: In this paper we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn’t meet the requirements set forth by either the Trusted Platform Module (TPM) PC client specification or NIST 800-155 guidance. We show how novel tick malware, a 51 byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how flea malware can survive attempts to reflash infected firmware with a clean image. To fix the untrustworthy CRTM we ported an open source “TPM-timing-based attestation” implementation from running in the Windows kernel, to running in an OEM’s BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system “BIOS Chronomancy”, and we show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.
	
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359.  The examiner can normally be reached on 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438