Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant’s Request for Continued Examination filed 9/9/2021 has been entered.  Claims 1, 4, 7, 10, 13 and 16 were amended.  Claims 1-20 are presented for examination.

Response to Arguments
Applicant’s arguments with respect to claims 1, 7 and 13 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  The new grounds of rejection rely on Raghuram (2017/0177873).
Applicant’s arguments with respect to claims 4, 10 and 16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  The new grounds of rejection rely on Niemela (2011/016725).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6, 7-9, 12, 13-15 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hu (2016/0267267) in view of Repasi (2007/0277241) in view of Raghuram (2017/0177873).

Regarding claim 1, Hu teaches 
a computer-implementable method for performing a security vulnerability detection operation, comprising:  
configuring a … security profiling environment (Hu, [0023] an application installation interface function in the package management service will be called, in the present embodiment, by modifying the specific implementation flow in the existing application installation interface function, the application can be performed virus scan before executing installation operation for the application, so as to avoid an application carrying a virus to be installed in a terminal equipment.)
receiving a … update file via the … processor;  (Hu, [0021] In FIG. 1, in S100, when an Android operating system needs to install an application, identification information of the application that needs to be installed is transmitted from a framework layer to an application layer.)
using the … security detection operation to identify a security vulnerability within the … update file; and,  (Hu, [0029] In S110, at the application layer, a virus scanner application is activated on the basis of the identification information of the application to allow the virus scanner application to run virus scan on the application that needs to be installed. 
[0030] Specifically, at the application layer, the application installation listening interface function can provide the identification information of the application to the virus scanner application in the terminal equipment (the virus scanner application can also be referred to as the security management application such as the existing virus killing application) and trigger the virus scanner application to run the virus scan on the application corresponding to the identification information of the application )
installing the  … update file to the information handling system only when no security vulnerability is identified…  the installing being performed by the … host (Hu [0033] As a specific example, after completing the virus scan operation, the security management application calls the application installation resuming class function or the application installation terminating class function in the application layer and sets input parameters of the application installation resuming class function or the application installation terminating class function in the application layer on the basis of the virus scan result. The application installation resuming class function or the application installation terminating class function in the application layer then calls an application installation resuming class function or an application installation terminating class function provided by the service of the framework layer, to notify the framework layer of whether or not to execute the installation operation for the application.)
Hu teaches an application virus check but does not explicitly teach a firmware virus check, so Hu does not explicitly teach a firmware update file.
However Repasi teaches a firmware update file and firmware security profiling (Repasi, [0081] Referring now to FIG. 2A, a block diagram is shown representing an example system 200 to scan firmware of a processing system 100 for malware. [0062] an analysis module to analyse the copy of the firmware to determine if the firmware has been modified by malware.) and identify a security vulnerability within the firmware (Repasi [0099] The pattern matching module 226 of the analysis module is configured to search the copies of the firmware for particular patterns of strings or instructions which are indicative of malware. The pattern matching module 226 may operate in combination with the disassembly module 228 of the analysis module 220. The disassembly module 228 is configured to disassemble the binary code stored of the firmware such that disassembly module determines processing system instructions of the firmware. The processing system instructions of the 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Repasi’s firmware check with Hu’s application check because doing so improves malware detection (Repasi, [0008] Firmware is software that is embedded in a hardware device of the processing system. [0018] Therefore, there exists a need for a method, system, computer readable medium of instructions, and/or a computer program product to scan firmware of a processing system for malware which addresses or at least ameliorates problems inherent in the prior art.)
Hu does not teach a trusted host and a trusted service processor.
However Raghuram teaches 
the trusted host comprising a host system configured to provide a trust boundary for data the trusted host provides to an associated sub-system, (Raghuram, [0019] As used herein, a “cloudlet” may refer to a computing resources (e.g., memory, processor, and networking devices) contained in a single housing (or small number of housings) to provide data storage, processing, and/or distribution functionality.  [0021] The cloudlet 102 may include multiple security components. For example, the cloudlet 102 may include a Manageability Engine (ME) 108. … In some embodiments, a trusted execution environment may be a secure area of the secure processor 126 in the cloudlet 102, and code executing in the trusted execution environment may be safe from tampering by code executing in the host OS/VMM 128. [0023] The cloudlet 102 may include an Innovation Engine (IE) 112)  
the trusted service processor being configured to provide a trust boundary for data the trusted service processor provides an information handling system (Raghuram, [0021] The cloudlet 102 may include multiple security components. For example, the cloudlet 102 may include a Manageability Engine (ME) 108. … In some embodiments, a trusted execution environment may be a secure area of the 
[0022] In some embodiments, the ME 108 may be a secure service processor that runs a manufacturer-trusted and host-independent OS.  …
[0023] The cloudlet 102 may include an Innovation Engine (IE) 112. The IE 112 may be in communication with the ME 108, and may be a separate independent trusted execution environment. … In particular, the IE 112 may act as the root-of-trust for an operator (the platform owner) of the cloudlet 102 (e.g., a Telco Equipment Manufacturer (TEM)). The IE 112 may be provisioned per the operator's specific firmware. In some embodiments, the IE 112 may include a secure out-of-band (OOB) service processor that runs a host-independent OS trusted by the operator...) (Examiner Note: IE satisfies the service processor)
the trusted service processor comprising an out of band management controller, (Raghuram, [0037] When the host OS or applications running on the cloudlet 102 are to be updated, remote management and telemetry circuitry in the cloudlet management center 106 may use a dedicated out-of-band mechanism to communicate with the cloudlet 102. For example, one port of the NICs/switches 120 may be assigned to operate as this out-of-band mechanism and may provide a secure and reliable channel between the cloudlet 102 and the cloudlet management center 106. A new image including the updates may be pushed down to the cloudlet 102 by the cloudlet management center 106, and the IE 112 may invoke the OROM 124 to provide access by the IE 112 to the SES 156 in the main storage 152 for storing the new image. While a new image is pushed down to the cloudlet 102 via the out-of-band mechanism … ) the trusted service processor being configured to provide a trust boundary for data the trusted service processor provides an information handling system; (Raghuram, [0021] In some embodiments, a trusted execution environment may be a secure area of the secure processor 
receiving a firmware update file via the out of band management controller of the trusted service processor, (Raghuram, [0037] A new image including the updates may be pushed down to the cloudlet 102 by the cloudlet management center 106, and the IE 112 may invoke the OROM 124 to provide access by the IE 112 to the SES 156 in the main storage 152 for storing the new image. While a new image is pushed down to the cloudlet 102 via the out-of-band mechanism, the host OS/VMM 128 may continue to run, thus minimizing the downtime incurred by updates.  [0090] Example 17 may include the subject matter of any of Examples 11-16, and may further specify that the trusted execution environment is to receive an update image from the cloudlet management center while an operating system of the cloudlet continues to execute.)  the firmware update file including an associated digital signature attesting to validity of the firmware update file (Raghuram [0035] The secure storage of the cloudlet 102 may be used to store platform firmware, the OS bootloader, and/or OS-identifying information that may be used to check that the correct versions are in place. Examples of such OS-identifying information include versions, security versions, the composition of the OS (e.g., the Openstack image, storage, and networking services), authorized signers, and authenticated variables, among others.  … An “authenticated variable” may refer to a security signature database variable, such as a signing key, an authorization database, a key hierarchy, update logs, etc.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have applied Raghuram’s trusted platform to Hu’s virus scanning platform because objects in the secure environment have improved protection from unintended modification (tamper resistance) (Raghuram, [0014] Disclosed herein are methods and apparatus to provide tamper-resistant or tamper-proof security for cloudlets in environments where physical security cannot be assured. The cloudlets disclosed herein may provide a “cloud system in a box” that offers 

Regarding claim 2, Hu, Repasi and Raghuram teach
the method of claim 1, wherein:  
the firmware update file is used to update a sub-system of the information handling system (Repasi, [0087] Example firmware devices of the processing system 100 which can populate the list can comprise a BIOS chip, a video card, an optical storage device, a mobile phone in data communication with the processing system 100, a scanner, an MP3 player, a USB device, a digital camera, or any other device which comprises EEPROM which could be susceptible to a malware attack.)

Regarding claim 3, Hu, Repasi and Raghuram teach
the method of claim 1, wherein:  
tthe firmware update file is received via an externally provided firmware update package (Hu, [0021] In FIG. 1, in S100, when an Android operating system needs to install an application, identification information of the application that needs to be installed is transmitted from a framework layer to an application layer [0024] In the present embodiment, the pre-installation package detection interface function can be provided at the starting position of the application installation interface function [0061] In the case that the resumeOrAbortInstall ( ) provided by the network security service of the framework layer determines that the installation operation)

Regarding claim 6, Hu, Repasi and Raghuram teach
the method of claim 1, further comprising: 
mapping the firmware update file to a memory-mapped device contained within the trusted service processor (Repasi, [0087] The copy module 210 is configured to determine one or more firmware devices of the processing system 100. The copy module 210 can initiate the firmware device detection module 213 which generates a list of the one or more firmware devices of the processing system 100. The firmware device detection module 213 may call a device manager of the specific operating system used on the processing system 100 to populate the list. Example firmware devices of the processing system 100 which can populate the list can comprise a BIOS chip, a video card, an optical storage device, a mobile phone in data communication with the processing system 100, a scanner, an MP3 player, a USB device, a digital camera, or any other device which comprises EEPROM which could be susceptible to a malware attack.)

Claims 7-9 and 12 are system claims for the method claims 1-3 and 6 and are rejected for the same reasons as claims 1-3 and 6.

Claims 13-15 and 18 are medium claims for the method claims 1-3 and 6 and are rejected for the same reasons as claims 1-3 and 6.


Claims 4, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hu (2016/0267267) in view of Repasi (2007/0277241) in view of Raghuram (2017/0177873) in view of Niemela (2011/0167275).

Regarding claim 4, Hu, Repasi and Raghuram teach
the method of claim 1, wherein: 
malware scanning application file and digital signature.
However Niemela teaches the identifying the security vulnerabilities comprises using a malware scanning application file and the digital signature (Niemela, [0040] S11. If the file, or a catalog listing the file, does not have a valid digital signature, or the public key used for the signature is not that of a trusted source, then the file will be scanned for malware using for example conventional scanning techniques based on malware signatures and heuristics. ) the identifying determining whether the digital signature deceptively attests to validity of the firmware update file (Niemela, [0026] The method involves making use of the presence of the digital signatures of a software supplier to confirm, within a device, that a file is from a trustworthy source and that the file has not been tampered with.  [0037] S8. If a file has been identified as being associated with a valid digital signature, either by way of an embedded/attached digital signature or by having the files hash value listed in a catalog file that itself has a valid digital signature, then the malware detection unit 104 retrieves the public key from the associated digital certificate. … the malware detection unit 104 checks the public key against the database of public keys stored in the memory 102. If the public key is not found within the database then it does not belong to a trusted source and the process proceeds to step S11.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Niemela’s malware scanning and file signatures with Hu’s application check because doing so reduces the processing burden (Niemela, [0006] In order to reduce this processing burden, some anti-virus solutions provide for lists of trusted files that are highly unlikely to be a source of malware. These trusted files are those files published or authored by trusted sources. For example, those files that make up a piece of software distributed by a reputable software provider could be considered to be trustworthy such that, provided such files have not been modified since their publication/release, these files need not be scanned for malware.)

Claim 10 is a system claim for the method claim 4 and is rejected for the same reasons as claim 4.

Claim 16 is a medium claim for the method claim 4 and is rejected for the same reasons as claim 4.

Claims 5, 11, 17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hu (2016/0267267) in view of Repasi (2007/0277241) in view of Raghuram (2017/0177873) in view of Niemela (2011/0167275) in view of Gschwind (2015/0248283).

Regarding claim 5, Hu, Repasi, Raghuram and Niemela teach
the method of claim 4, wherein: 
malware scanning application file and the digital signature (Niemela, [0040] S11. If the file, or a catalog listing the file, does not have a valid digital signature, or the public key used for the signature is not that of a trusted source, then the file will be scanned for malware using for example conventional scanning techniques based on malware signatures and heuristics.)
Hu does not teach provided by the trusted host.
However Gschwind teaches are provided by the trusted host (Gschwind, [0023] In the example of FIG. 1, memory 110 can be loaded with software including instructions for implementing methods for initiating communication between user trusted device 10 and a network 165. [0067] In embodiments, the method further includes: transferring data, a user trusted device firmware update, from the server to the user trusted device; storing the transferred data on a memory, preferably a persistent memory, of the user trusted device; and updating software of the user trusted device according to the transferred 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have applied Gschwind’s updates to trusted devices to Hu-Repasi-Raghuram-Niemela’s firmware update system because doing so improves updates security (Gschwind, [0058] However, updates or changes of functionality can still be performed securely even though it can partly rely on an otherwise insecure SD card (as discussed in reference to some embodiments below).

Claim 11 is a system claim for the method claim 5 and is rejected for the same reasons as claim 5.

Claim 17 is a medium claim for the method claim 5 and is rejected for the same reasons as claim 5.

Regarding claim 19, Hu, Repasi, Raghuram, Niemela and Gschwind teach
the non-transitory, computer-readable storage medium of claim 13, wherein: 
the computer executable instructions are deployable to a client system from a server system at a remote location (Gschwind, [0023] In the example of FIG. 1, memory 110 can be loaded with software including instructions for implementing methods for initiating communication between user trusted device 10 and a network 165. [0093] Step S8d, the transfer of the update from the server to the client is completed and the update is stored on a memory (persistent or not) of device 10.)  Examiner Note: Gschwind teaches network updates.

Regarding claim 20, Hu, Repasi, Raghuram, Niemela and Gschwind teach
the non-transitory, computer-readable storage medium of claim 13, wherein: 
the computer executable instructions are provided by a service provider to a user on an on-demand basis (Gschwind, [0026] Network 165 can be an IP-based network for communication between computer 101 and any external server, client and the like via a broadband connection. Network 165 transmits and receives data between computer 101 and external systems, e.g., a server 30. In exemplary embodiments, network 165 can be a managed IP network administered by a service provider. [0081] Then, the updater interacts with the BIOS to use the network card of the computer, in order to establish a secure network connection to a server and retrieve updates.)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Hars (2006/0005046) teaches secure firmware update procedure with digital signatures.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/BRUCE S ASHLEY/Examiner, Art Unit 2494