Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.

 Claim Interpretation
The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. For example, assume a method claim requires step A if a first condition happens and step B if a second condition happens. If the claimed invention may be practiced without either the first or second condition happening, then neither step A or B is required by the broadest reasonable interpretation of the claim. If the claimed invention requires the first condition to occur, then the broadest reasonable interpretation of the claim requires step A. If the claimed invention requires both the first and second conditions to occur, then the broadest reasonable interpretation of the claim requires both steps A and B (MPEP 2111.04). 

Claims 5-16 recite method claims, where claim 5 recites conditional limitations “in response to determining no event has occurred” and claim 14 recites “in response to determining the event occurred”. These are mutually exclusive conditions and the BRI of the method claims require one method step to occur. Claims 14 and 15 are not part of BRI when the condition “no event has occurred” is performed. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-5, 7-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown et al (US Patent Application Publication 2015/0149757), further in view of Anson et al (US Patent Application Publication 2014/0208090).

For claim 1, Brown et al teach the following limitations: A secure boot process system, comprising: one or more non-transitory machine-readable media for storing computer-readable program code; and at least one processor in communication with the one or more non-transitory machine-readable media ([0066]-[0067] mentions about executable instructions implemented with systems and computer program products), the at least one processor being operative with the computer- readable program code to perform steps ([0066] – executable instructions require a processor to execute) including  (ii) in response to determining no event has occurred (Fig 2 and Fig 4; step 215 in Fig 2 checks whether any validity events occur), successively loading the boot software components according to the boot sequence in an uninterrupted boot process (Fig 2 and Fig 4 mention that boot components are loaded and executed when found valid in an uninterrupted process), and (ii) in response to determining end of the boot sequence is reached (445 is the end , loading the operating system (450 in Fig 4). 

Brown et al does not explicitly mention the following limitations: 
configuring, via a secure boot management module implemented in an operating system, at least one user authentication mechanism that protects one or more boot software components in a boot sequence 

Anson et al mention the following limitations:
configuring, via a secure boot management module (107 in Fig 1) implemented in an operating system (107 is implemented in 106; that is OS), at least one user authentication mechanism (set up of BIOS setup flag 114 in Fig 1; [0027]-[0032] mentions how the flag is set, which requires configuring user authentication mechanism such as matching user credentials, digitally sign credentials to send to BIOS 108, digitally sign BIOS setup flag; validating the digital signature by the BIOS setup program)  that protects one or more boot software components in a boot sequence  (BIOS setup is invoked during reboot based on BIOS setup flag 114 and BIOS setup program validate the digital signature of the flag 114 during reboot [0020] and [0032]; [0007]; [0020]; [0027]-[0028] mention that a securely managed OS utility configures the BIOS; [0021] mentions that BIOS broadly refers to any system that provides initialization functionality during boot)



For claim 2, Brown teaches that the boot components are bootloader ([0005]). 

For claim 3, Anson teaches the user authentication for the boot components via the secure boot management in OS (enabling of bios flag mentioned in [0031]). 

For claim 4, Brown, Fig 5 and [0052] mention that administrator has been notified and administrator obtain a replacement. An administrator typically has the administrative password.    

For claim 5, Brown et al teach the following limitations: A secure boot process, comprising:  (ii) in response to determining no event has occurred (Fig 2 and Fig 4;  successively loading the boot software components according to the boot sequence in an uninterrupted boot process (Fig 2 and Fig 4 mention that boot components are loaded and executed when found valid in an uninterrupted process), and (ii) in response to determining end of the boot sequence is reached (445 is the end of boot sequence when OS validity is determined), loading the operating system (450 in Fig 4). 

Brown et al does not explicitly mention the following limitations: 
configuring, via a secure boot management module implemented in an operating system, at least one user authentication mechanism that protects one or more boot software components in a boot sequence 

Anson et al mention the following limitations:
configuring, via a secure boot management module (107 in Fig 1) implemented in an operating system (107 is implemented in 106; that is OS), at least one user authentication mechanism (set up of BIOS setup flag 114 in Fig 1; [0027]-[0032] mentions how the flag is set, which requires configuring user authentication mechanism such as matching user credentials, digitally sign credentials to send to BIOS 108, digitally sign BIOS setup flag; validating the digital signature by the BIOS setup program)  that protects one or more boot software components in a boot sequence  (BIOS setup is invoked during reboot based on BIOS setup flag 114 and BIOS setup program validate the digital signature of the flag 114 during reboot [0020] and [0032]; [0007]; [0020]; [0027]-[0028] mention 

It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Brown and Anson to configure the validity credentials via OS configuration module. Brown teaches the validity components in [0047]-[0049] as secure keys, hash, and signature and RSA algorithms. These well-known operations are used to create the validity certificate by OS application during OS execution time because of the performance issues. Anson mentions that this also reduces the problems associated with invoking BIOS setup utility ([0005]). With the combined teachings, the user can safely performs the various authentication process of the booting. Since Aston shows how to authenticate by OS implemented boot module and pass to BIOS ([0030]), this can be used to include the various authentication mechanisms disclosed in Brown. This will provide safer operation. 

For claim 7, Anson teaches password ([0027]). 

For claim 8, Anson teaches enabling the user authentication ([0027]-[0031]). 

For claim 9, Brown, [0052] mentions boot loader including IP stack to connect remotely from another remote place. Anson, [0021] mentions UEFI. PXE is known in the art as part of bootloader/UEFI. 



For claim 11, the boot sequences are defined by the machine because credentials are executed before the module (Brown, Fig 4). 

For claim 12, Brown, Fig 4 shows the power up signal detection and loading the first boot component. 

For claim 13, Fig 4, Brown mention invalidity as the event, which includes action by host such as matching mentioned in [0048]. 

For claim 14, Brown, Fig 5 and [0052] mention that administrator has been notified and administrator obtain a replacement. An administrator typically has the administrative password (i.e., user authentication).    

For claim 15, Brown mentions about restarting the boot ([0052]), but does not explicitly mention about responsive to failure of user authentication. It is known that the authentication utility provides multiple chances for authentication. Therefore, the first failure provides a second chance for the administrator for rebooting. It would have been obvious for one ordinary skill in the art before the effective filing date of the application to 

For claim 16, Brown teaches that the boot components are bootloader ([0005]). 

4.	Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brown et al (US Patent Application Publication 2015/0149757), further in view of Anson et al (US Patent Application Publication 2014/0208090), in view of Rizos (US Patent Application Publication 20200302062).

For claim 6, Anson teaches the user authentication for the boot components via the secure boot management in OS (enabling of bios flag mentioned in [0031]). Anson does not explicitly mention blocking host with multiple failed authentication attempts during the boot sequence. Rizos teaches limiting the number of attempts for post authentication failure operation ([0198]). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Brown, Anson and Rizos to limit the failure attempts by blocking the host since this is safer. Anson teaches validation during booting ([0032]). If not provided correct credential, the system should block further attempt for further security. 

5.	Claim 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Anson  (US Patent Application Publication 2014/0208090) in view of  Brown et al (US Patent Application Publication 2015/0149757)

For claim 17, Anson et al teaches the following limitations: One or more non-transitory machine-readable media embodying a program of instructions executable by machine ([0040]) to perform steps comprising: (i) in response to determining an event has occurred (202 in Fig 2), performing user authentication (Step 204 to 210 in Fig 2) wherein the event comprises a predefined user interaction ([0027]; user invokes the application 107); (ii) in response to determining no event has occurred, successively loading boot software components according to a boot sequence ([0030]; when flag is not set, BIOS executed normally); and (iii) in response to determining end of the boot sequence is reached, loading the operating system ([0030]; OS loaded and executed without BIOS setup).

For the limitation “perform rebooting in response to determining an event has occurred” Anson teaches: performing rebooting ([0020] mention that set flag 114 cause invocation of BIOS setup upon subsequent reboot; thus a reboot is performed)  after determining an event has occurred ([0020]; [0022]-[0023] mention that BIOS set up flag is set first and then reboot is performed). Since reboot is performed after setting up the flag this can be equated with “in response to set the flag” or “in response to determining the event” user configures the BIOS based on flag ([0031]). For further clarification, Examiner cites Brown that teach the following limitations: 

 (i) in response to determining an event has occurred (A in Fig 4 represents an invalid operation and Fig 5 mentions the action corresponds to an event 470 is the , performing user action and performing rebooting ([0052] mention about rebooting by the administrator by pushing new replacement software component); (ii) in response to determining no event has occurred (Fig 2 and Fig 4; step 215 in Fig 2 checks whether any validity events occur), successively loading boot software components according to a boot sequence (Fig 2 and Fig 4 mention that boot components are loaded and executed when found valid in an uninterrupted process); and (ii) in response to determining end of the boot sequence is reached (445 is the end of boot sequence when OS validity is determined), loading the operating system  (450 in Fig 4). 

It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of Anson and Brown. As Anson describes a BIOS set up invocation when a flag set, Anson teaches configuring the BIOS during the subsequent reboot ([0030]) – which can be equated with “in response to determining event has occurred, perform rebooting” because it is the setting up flag event that leads to the configuration of BIOS. Without the event of setting the flag, the configuration of BIOS would not take place. The secondary reference Brown clearly mention how the administrator gets a new set of software components during set up and therefore, the new software components can be loaded during BIOS configuration and a complete rebooting can take place with newly configured BIOS. Such elaborate set up option provides more flexibility to users. 

For claim 18, Anson teaches configuring, via a secure boot management module (107 in Fig 1) implemented in an operating system (107 is implemented in 106; that is OS), boot software components (set up of BIOS setup flag 114 in Fig 1; [0027]-[0032] mentions how the flag is set, which requires configuring user authentication mechanism such as matching user credentials, digitally sign credentials to send to BIOS 108, digitally sign BIOS setup flag; validating the digital signature by the BIOS setup program; BIOS setup is invoked during reboot based on BIOS setup flag 114 and BIOS setup program validate the digital signature of the flag 114 during reboot [0020] and [0032]; [0007]; [0020]; [0027]-[0028] mention that a securely managed OS utility configures the BIOS)

For claim 19, Anson teaches configuring, via a secure boot management module (107 in Fig 1) implemented in an operating system (107 is implemented in 106; that is OS), at least one user authentication mechanism (set up of BIOS setup flag 114 in Fig 1; [0027]-[0032] mentions how the flag is set, which requires configuring user authentication mechanism such as matching user credentials, digitally sign credentials to send to BIOS 108, digitally sign BIOS setup flag; validating the digital signature by the BIOS setup program)  that protects one or more boot software components in a boot sequence  (BIOS setup is invoked during reboot based on BIOS setup flag 114 and BIOS setup program validate the digital signature of the flag 114 during reboot [0020] and [0032]; [0007]; [0020]; [0027]-[0028] mention that a securely managed OS utility configures the BIOS; [0021] mentions that BIOS broadly refers to any system that provides initialization functionality during boot)

For claim 20, the boot sequences are defined by the machine because credentials are executed before the module (Brown, Fig 4). 

Response to Arguments
Applicant's arguments have been fully considered but they are not persuasive.

Applicant argues that Anson only validates the user credentials while operating system is executing and such user credential do not protect the boot software components during a boot sequence.  According to applicant, BIOS settings are configured only during boot prior to loading OS. Therefore, Anson does not teach “configuring, via a secure boot management module implemented in an operating system, a user authentication mechanism that protects one or more boot software components during a boot sequence”. 

Examiner disagrees. Anson validates the user credential and at the same time configure the user credentials that protects the boot software components during boot sequence. Anson [0007] mention that  determining by BIOS during OS execution if BIOS credential is valid based on user provided credential and setting up a flag to be invoked in next reboot. Anson [0032] mention that set up flag is digitally signed and BIOS set up program validate the digital signature upon subsequent reboot. 

BIOS setup flag 114 may be validated as originating from a trusted source and/or creator and may thus be digitally signed or encrypted (e.g., using an appropriate key of a key pair for which the other key of the key pair may be used by a BIOS setup application to facilitate verification of the digital signature or decryption). For example, OS integration module 112 may digitally sign BIOS setup flag 114, and the BIOS setup program may validate such digital signature upon a subsequent boot. 
Therefore, seting up the flag requires configuring, via a boot management module implemented in OS, the user authentication mechanism that protects boot software components during a boot sequence. 

Arguments regarding claim 6 and claim 17 are moot in view of new grounds of rejections. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FAHMIDA RAHMAN whose telephone number is (571)272-8159.  The examiner can normally be reached on Monday - Friday 10 AM - 7 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Huynh can be reached on 571-272-4147.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHMIDA RAHMAN/Primary Examiner, Art Unit 2186