DETAILED ACTION
Claims 1-20 are presented for examination.
The present application is being examined under the AIA  (America Invents Act) First Inventor to File.
This Office Action is Non-Final.
Claims 1, 11 and 16 are independent claims. Claims 2-10, 12-15, 17-20 are dependent claims. 
This action is responsive to the following communication: corresponding claims filed on 02-03-2020.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02-03-2020 is in compliance with the provisions of 37 CFR 1.97


Claim Interpretation 
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claim 11 in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “basic input/output system” in claim 11.

 

Action May Be Required By Applicants 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may do one of the following:  
(1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function). 
(2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claims Objections
Claim 16 is objected to because the claims contain the terms “if” , of which, under the broadest reasonable interpretation (BRI) standard make the expression following the term as optional limitation under the plain and ordinary meaning of the term, thereby not narrowing the claim limitations following the term since they can be omitted.  Indeed, google dictionary defines the term “if” as a “conditional clause”. Similarly, the following terms also found to be deficient are: may, might, can, could, potentially, possible ….etc. In re Johnston, 77 USPQ2d 1788. & ex parte Schulhauser,  MPEP 2111.04 (II)

Therefore, provided applicant does intend to have this/these limitations to have patentable weight, the claims above must positively recite the claim limitation without invoking optional language. Once such term that courts have found to positively recite a  Ex

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5, 9, 11, 14-16, 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. 2014/0365755 by Liu et al. 

As per claim 1, Bulygin et al. discloses a method comprising:
downloading, by a processor of an information handling system, driver for a virtual1 advanced configuration and power interface device, (Fig. 2 illustrates a host device comprising “processing components”. According to abstract section, the system is configured in identifying security vulnerabilities associated with “firmware” ¶ [0030] that includes “Advanced Configuration and Power Interface”. Because of security vulnerabilities the system is capable of “selectively distribute/coordinate updates of the firmware on the host devices”. ¶ [0044] )
configuration of security mechanisms built-in to hardware and/or firmware by manufacturers of the hardware/firmware”. Furthermore, the system is further able to collect a list of information associated with the firmware that indicates the “firmware vendor, 
release dates, system and device manufacturers and models, etc” ¶ [0030] , “ new UEFI variables due to the system being outside of a predetermined area” ¶ [0041], “indicators” [0042] . Therefore, based on the a list of specific firmware information collected, the system may detect potential firmware threats ¶ [0040] )
determining whether the information handling system is compromised based on the list of identifiers of compromised information handling systems; and (detecting any changes in firmware information between scans.  As an example, firmware may be tampered with when a device is carried outside of a secured area (e.g., when a user travels with a device).  As another example, a UEFI implant may install new malicious UEFI executables or create new UEFI variables.  Changes in firmware information may 
indicate potential security risks, such as those described above, enabling a system administrator to recognize the security risk before other symptoms of the security risk (e.g., firmware/hardware implant) are detected ¶ [0041] Alternatively, ¶s [0041] –[0044] )

in response to the determining that the information handling system is compromised, executing the code for the security feature. (the analytics service may detect versions of particular firmware on the host devices of an organization, discover 
Bulygin et al. does not distinctly disclose securing information such that the information is signed.
However, Liu et al. discloses securing information such that the information is signed. ( Abstract of Liu states that the “firmware authentication in Information Handling Systems (IHSs) are disclosed.  In some embodiments, an IHS may include a controller having a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files.  The IHS 
may also include a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature.  In another embodiment, a method may include creating a firmware volume, adding a plurality of firmware files to the firmware volume, and creating a digital signature based upon at least one of the plurality of firmware files, where the digital signature, upon being authenticated, allows a 
BIOS to load any of the plurality of firmware files” ) 
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Bulygin et al. and Liu et al. because both references are in the same field of endeavor. Liu’s teaching of securing information would enhance 
As per claim 11, Bulygin as modified discloses the subject matter already shown for claim 1. Additionally, Bulygin et al. discloses a basic input/output system that includes a virtual advanced configuration and power interface device. (Bulygin et al. ; ¶ ¶ [0022] & ¶ [0030]) , (¶ [0038]  of Liu states that “boot services 302 to support other specifications 309.  Examples of other supported specifications 309 include, but are not limited to, Advanced Configuration and Power Management Interface (ACPI), System Management BIOS (SMBIOS) Additionally, claims 1-2 ) 

As per claim 16, Bulygin et al. discloses a method comprising: 
receiving, at the information handling system, an update for an advanced configuration and power interface device driver associated with the advanced configuration and power interface device, , (Fig. 2 illustrates a host device comprising “processing components”. According to abstract section, the system is configured in identifying security vulnerabilities associated with “firmware”. ¶ [0030] identifies the firmware as BIOS having “Advanced Configuration and Power Interface”. Because of security vulnerabilities the system is capable of “selectively distribute/coordinate updates of the firmware on the host devices”. ¶ [0044] )
wherein the update includes a file with a list of compromised information handling systems; and ((¶ [0044] states that the system is operable in “accessing a state and configuration of security mechanisms built-in to hardware and/or firmware by manufacturers of the hardware/firmware”. Furthermore, the system is further able to 
if the information handling system is compromised based on the list of compromised information handling systems, ((detecting any changes in firmware information between scans.  As an example, firmware may be tampered with when a device is carried outside of a secured area (e.g., when a user travels with a device).  As another example, a UEFI implant may install new malicious UEFI executables or create new UEFI variables.  Changes in firmware information may indicate potential security risks, such as those described above, enabling a system administrator to recognize the security risk before other symptoms of the security risk (e.g., firmware/hardware implant) are detected ¶ [0041] Alternatively, ¶s [0041] –[0044] )

 then installing the advanced configuration and power interface device driver that includes a code to apply a security feature (the analytics service may detect versions of particular firmware on the host devices of an organization, discover latest firmware updates from associated hardware vendors, and selectively distribute/coordinate updates of the firmware on the host devices with out-of-date firmware (e.g., firmware with different versions than a latest or latest stable update; ¶ [0044]).

Bulygin et al. does not distinctly disclose the following: 

 securing information such that the information is signed; and 
security feature selected by an owner of the information handling system and applying the security feature.
However, Liu et al. discloses the following:

adding, by a processor while booting an information handling system, an advanced configuration and power interface device to a basic input/output system of the information handling system; (Claim 16 of Liu states “load the two or more binary firmware files during a booting process”. Examples of these firmware are “Advanced Configuration and Power Management Interface (ACPI), System Management BIOS (SMBIOS); ¶ [0038], [0044]  )
securing information such that the information is signed. ( Abstract of Liu states that the “firmware authentication in Information Handling Systems (IHSs) are disclosed.  In some embodiments, an IHS may include a controller having a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files.  The IHS may also include a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature.  In another embodiment, a method may include 
BIOS to load any of the plurality of firmware files” ) 
security feature selected by an owner of the information handling system and applying the security feature. ( ¶ [0059] states that the “the user adds one or more firmware files (e.g., 402-A through 402-N) to the firmware volume” and the “user creates digital signature” ¶ [0060]) 

It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Bulygin et al. and Liu et al. because both references are in the same field of endeavor. Liu’s teaching of securing information would enhance Bulygin's system by allowing the information from being tampered for malicious intent, thus improving system security.
As per claim 2, Bulygin as modified discloses wherein the security feature is selected by an owner of the information handling system. (Liu et al; ( ¶ [0059] states that the “the user adds one or more firmware files (e.g., 402-A through 402-N) to the firmware volume” and the “user creates digital signature” ¶ [0060]) 
As per claim 5, Bulygin as modified discloses wherein the security feature is one of a plurality of security features that can be selected by an owner of the information handling system. (¶ [0061] states “ at block 704, the user may embed the FV within a header file and add the signature to the header file” or “user creates a digital signature 
algorithm (e.g., SHA-256, etc.),¶ [0060] ”)  
	As per claim 9, Bulygin as modified discloses wherein the virtual advanced configuration and power interface device is added to a basic input/output system. (the system is capable of “selectively distribute/coordinate updates of the firmware on the host devices”. ¶ [0044] Furthermore, ¶ [0013] discloses that addressing security flaws for firmware for system that support “virtual embodiments”. )
	As per claim 14, Bulygin as modified discloses wherein the virtual advanced configuration and power interface device is added during manufacture of the information handling system.( ¶ [0030] discloses firmware bios having “Advanced Configuration and Power Interface”. Furthermore ¶ [0044] discloses that “the method includes accessing a state and configuration of security mechanisms built-in to hardware and/or firmware by manufacturers of the hardware/firmware”. Thus, to a PHOSITA this means that the firmware bios having acpi is installed during manufacturing. 

As per claim 15, Bulygin as modified discloses wherein the execution of the code for the security feature is performed during device driver runtime.(¶ [0051] of Liu discloses that during a post procedure initializing a the bmc a controller. This phase is considered as the claimed driver runtime. During this phase, Fig. 5 of Liu et al. illustrates a step in which the system is “calculating hash”, which is the claimed security code) 

plurality of firmware volumes including a plurality of firmware files.  The IHS may also include a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature………………..upon being authenticated, allows a BIOS to load any of the plurality of firmware files; abstract) 

Claims 3 , 17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. 2014/0365755 by Liu et al. and further view of U.S. Patent No. 7,809,583 by Rusman et al. 
As per claims 3, 17 Bulygin as modified discloses further comprising executing the security feature ((Liu et al; ( ¶ [0059] states that the “the user adds one or more firmware files (e.g., 402-A through 402-N) to the firmware volume” and the “user creates digital signature” ¶ [0060])
Bulygin as modified does not distinctly disclose:
sending a notification to a manufacturer of the information handling system. 
Rusman et al. discloses sending a notification to a manufacturer of the information handling system.( The system specific service tag is used as the basis 
for reporting event information back to the manufacturer; col 5 lines 17-20)
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Bulygin as modified and Rusman et al. because the references are in the same field of endeavor. Rusman’s teaching of reporting status information back to manufacturer would enhance Bulygin's as modified system by allowing the manufacturer be aware of the status of the computer system without needing to push further updates, thus enhancing system update for the system.
Claims 4, 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. 2014/0365755 by Liu et al. and further view of U.S. Patent No. 7,809,583 by Rusman et al. and further view of Publication No. 20150220308 by Condon et al. 

As per claims 4, 18 Bulygin as modified discloses comprising subsequent to the sending the notification, (Rusman; col 5 lines 17-20) , device driver (Liu et al; a firmware driver, ¶ [007] 
Bulygin as modified does not distinctly discloses: 

incrementing a version of a firmware. 
However, Condon et al. discloses incrementing a version of a firmware.( ¶ [0169] ) 

.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. 2014/0365755 by Liu et al. and further view of U.S. Publication No. 2014/0040605  by Futral et al.
As per claim 8, Bulygin as modified discloses comprising to the executing the code for the security feature selected by an owner of the information handling system. (Liu et al.; ( ¶ [0059] states that the “the user adds one or more firmware files (e.g., 402-A through 402-N) to the firmware volume” and the “user creates digital signature” ¶ [0060])
Bulygin as modified does not distinctly discloses executing a second code associated a second security.
However, Futral et al. discloses discloses executing a second code associated a second security. (¶ [0026] states that “the rollback BIOS authenticates the public key embedded in the new BIOS.  Next, the rollback BIOS uses the (authenticated) public key to decrypt the digital signature and extract the embedded hash of the new BIOS”.) 

. 
Claims 10, 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. 2014/0365755 by Liu et al. and further view of U.S. Publication No. 2018/0054456  by Futral et al.

As per claims 10, 19 Bulygin as modified does not distinctly discloses comprising integrating a security library of the device driver to a hardware component of the information handling system. 
However, Ground et al. discloses discloses comprising integrating a security library of the device driver to a hardware component of the information handling system. (providing one or more security tracking modules, such as security libraries, as part of, for instance, a website's framework, it is possible to readily update the website's security code with the most up-to-date security tracking modules to, for instance, address newly uncovered type of security attacks or, for instance, to collect new or additional event-specific information internal to a website relating to a type of suspicious event.¶s [0019], [0061]
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Bulygin as modified and Ground et al. because the .
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. 2014/0365755 by Liu et al. and further view of U.S. Publication No. 2020/0026505 by Olderdissen et al. 
As per claim 12, Bulygin as modified discloses virtual advanced configuration and power interface device (Bulygin; ¶ [0013]
Bulygin as modified does not distinctly disclose a relationship association with firmware.
However, Olderdissen et al. discloses a child relationship association with firmware. (Each parent table can have a one-to-many relationship with a child table.  ¶[0088, Fig 3c)
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Bulygin as modified and Olderdissen et al. because the references are in the same field of endeavor. Olderdissen’s teaching of disclosing relationship association would enhance Bulygin's as modified system by allowing the system to track evolution of different firmware version allows the system to default to an earlier working version in the event of a failure of the current firmware. 
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2020/0074086 by Bulygin et al. in view of U.S. Publication No. .
As per claim 13, Bulygin as modified discloses wherein the particular virtual advanced configuration and power interface device is added of the basic input/output system. (the system is capable of “selectively distribute/coordinate updates of the firmware on the host devices”. ¶ [0044])
Bulygin as modified does not distinctly discloses firmware is added during power on self-test.
However, Gafken et al. discloses firmware is added during power on self-test. (FIG. 4 illustrates a method 400 of updating firmware during the POST phase of FIG. 3; col 4 lines 27-28)
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Bulygin as modified and Gafken et al. because the references are in the same field of endeavor. Gafken’s teaching of updating firmware during POST would enhance Bulygin's as modified system improves system security by providing firmware updated before giving control to the OS as OS is more susceptible to malicious events.

Allowable Subject Matter
Claims 6-7 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion

With respect to any newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims. See MPEP §714.02 and § 2163.06. For example, when responding to this office action, applicants are advised to provide the examiner with the line numbers and page numbers in the application and/or references cited to assist the examiner in locating appropriate paragraphs.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUREL PRIFTI whose telephone number is (571)270-1743.  The examiner can normally be reached on M-F 8 a.m.- 6 p.m..
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Ngoc Huynh can be reached on 571-272-4147.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/AUREL PRIFTI/Primary Examiner, Art Unit 2186                                                                                                                                                                                                        

Aurel Prifti     
 Primary Examiner
Art Unit 2186
Tel. (571) 270-1743
Fax (571) 270-2743

aurel.prifti@uspto.gov




	
	
	
	
	
	

	
	
	
	
	
	
	
	
	
	
	




    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 ¶ [0013] discloses that addressing security flaws for firmware for system that support “virtual embodiments”.