DETAILED ACTION
	This Office Action is in response to the Amendment filed on 06/28/2021.
	Authorization for this Examiner’s Amendment was given by the attorney of record, Mr. Robert Thaden on 07/28/2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

			             EXAMINER’S AMENDMENTS
		Amend claims 1, 3-8, 10, 12-13 AND 15-20 as follows:
Claim 1: 
A method comprising: 
generating an unified extension firmware interface (UEFI) protocol database;
 receiving, from a protocol publisher, a first request to install a first protocol at the UEFI protocol database, the first request including a first global unique identifier (GUID) and a first protocol pointer; 
storing the first GUID and the first protocol pointer at an entry  of the UEFI protocol database; 
receiving, from the protocol publisher, a first root key; 
storing the first root key at the entry  of the UEFI protocol database; 
receiving, from a first protocol consumer, a second request including the first GUID; 
providing a first random number to the first protocol consumer in response to the second request; 
generating a second GUID  using a one-way function on the first random number and the first root key; 
UEFI protocol database, 
receiving, from the first protocol consumer, a third request including the second GUID, the second GUID generated by the first protocol consumer  using the one-way function on the first random number and the first root key; and 
providing the first protocol pointer to the first protocol consumer in response to the third request, 
wherein a second protocol consumer without access to the first root key is unable to generate the second GUID to access the first protocol pointer; and
preventing the UEFI protocol database from unauthorized access by deleting at least the first random number and the second GUID from the entry of the UEFI protocol database.  

Claim 3: cancelled.

Claim 4: 
The method of claim  1, further comprising: 
receiving, from the first protocol consumer, a fourth request including the first GUID; 
providing a second random number to the first protocol consumer in response to the fourth request; 
generating a third GUID  using the one-way function on the second random number and the first root key; and 
storing the third GUID at the entry of the UEFI protocol database.

Claim 5: 

receiving, from the first protocol consumer, a fifth request including the third GUID, the third GUID generated by the first protocol consumer  using the one-way function on the second random number and the first root key; and 
providing the first protocol pointer to the first protocol consumer in response to the fifth request.

Claim 6: cancelled.
Claim 7: cancelled.

Claim 8: 
The method of claim 1, further comprising: 
receiving, from a third protocol consumer, a fourth request including the first GUID; 
providing a second random number to the second protocol consumer in response to the fourth request; 
generating a third GUID  using the one-way function on the second random number and the first root key; and 
storing the second random number and the third GUID at a second entry of the UEFI protocol database.


Claim 10: 
An information handling system comprising: 

a firmware image stored at the memory device, the firmware image providing a protocol access controller (PAC) to: 
generate an unified extension firmware interface (UEFI) protocol database; 
receive, from a protocol publisher, a first request to install a first protocol at the UEFI protocol database, the first request including a first global unique identifier (GUID) and a first protocol pointer; 
store the first GUID and the first protocol pointer at an entry  of the protocol database; 
receive a first root key; 
store the first root key at the entry  of the protocol database;
receive, from a first protocol consumer, a second request including the first GUID; 
provide a first random number to the first protocol consumer in response to the second request; 
generate a second GUID  using a one-way function on the first random number and the first root key; and 
store the second GUID at the entry of the UEFI protocol database, 
receive, from the first protocol consumer, a third request including the second GUID, the second GUID generated by the first protocol consumer  using the one-way function on the first random number and the first root key; and 

wherein a second protocol consumer without access to the first root key is unable to generate the second GUID to access the first protocol pointer; and
preventing the UEFI protocol database from unauthorized access by deleting at least the first random number and the second GUID from the entry of the UEFI protocol database.  


Claim 12: (Cancelled).

Claim 13: 
The information handling system of claim  10, wherein the PAC is further to: 
receive, from the first protocol consumer, a fourth request including the first GUID; 
provide a second random number to the first protocol consumer in response to the fourth request; 
generate a third GUID  using the one-way function on the second random number and the first root key; and 
store the third GUID at the entry of the UEFI protocol database.


Claim 15: (Cancelled).
Claim 16: (Cancelled).


 
A method comprising:
installing, by a protocol publisher, a first protocol at an entry at an unified extension firmware interface (UEFI)  protocol database, the first protocol identified by a first global unique identifier (GUID); 
providing, by the protocol publisher, a first root key to the protocol database, the first root key associated with the first protocol; 
generating, at a protocol access controller, a second GUID  using a one-way function on the first root key and the first GUID; 
storing the second GUID at the entry  of the protocol database; 
generating the second GUID at a first protocol consumer  using the one-way function on the first GUID and first root key;  
receiving a first protocol pointer at the first protocol consumer in response to a request by the first protocol consumer, the request including the second GUID;
wherein a second protocol consumer without access to the first root key is unable to generate the second GUID to access the first protocol pointer; and
preventing the UEFI protocol database from unauthorized access by deleting at least the second GUID from the entry of the UEFI protocol database.  


Claim 18: (Cancelled).
Claim 19: (Cancelled).



 
The method of claim 17, further comprising: 
providing the first root key to a third protocol consumer; 
generating the second GUID at the second third protocol consumer  using the one-way function on the first GUID and the first root key; and 
receiving the first protocol pointer at the third protocol consumer in response to a request by the third protocol consumer, the request including the second GUID.

			ALLOWABLE SUBJECT MATTER
Claims 1, 4-5, 8-10, 13-14, 17 and 20 are allowed, while claims 2-3, 6-7, 11-12, 15-16 and 18-19 are cancelled.
The following is an examiner’s statement for reasons for allowance:
The present invention is directed to methods and system for providing Unified Extensible Firmware Interface (UEFI) protocol access control.  
The closest prior arts cited are generally directed to various aspects of providing UEFI access control.  However, none of the cited arts found alone or in combination teaches or suggests installing a first global unique identifier (GUID) at an entry at an unified extension firmware interface (UEFI)  protocol database, providing, a first root key to the protocol database, the first root key associated with the first protocol; 
generating, a second GUID using a one-way function on the first root key and the first GUID; storing the second GUID at the entry of the protocol database; then when a consumer wants to access the UEFI database, the consumer generating the second GUID using the one-way function on the first GUID and first root key; receiving a first 

				        PERTINENT ARTS
1) Chaiken et al. (US 2015/0235030 A1)- A Unified Extensible Firmware Interface (UEFI)protocol installer utilizes and modifies a list of global unique identifiers corresponding to UEFI protocol to determine whether to install a UEFI protocol.

2) Polyudov (US 2008/0028200 A1)-A device handle database is created for storing data identifying the protocols that have been installed on one or more device handles.

3) Yao et al. (US 2018/0341774 A1-Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments.  During initialization of a processing device, verification microcode incorporated into a processor component thereof may serve as an initial portion of a chain of trust. The verification microcode and/or a verification routine that is verified by the verification microcode may attempt to authenticate a firmware as trustworthy. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317.  The examiner can normally be reached on Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.