Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Niraj P. Patel Reg. No. 57,365 on 02/25/2022.

The application has been amended as follows: 

1.	(Currently amended) A computer program product for providing notifications to a user of an intrusion into system management module (SMM) firmware comprising:
non-transitory computer readable medium comprising computer usable program code embodied therewith to, when executed by a processor, detect intrusion to the SMM firmware of a computing system while an operating system is running;
perform different actions in response to the intrusion and based on a severity of the intrusion as determined on a user input, including:
responsive to an intrusion that results in changes to the SMM firmware, automatically reboot the computing system; and
responsive to an intrusion that does not result in changes to the SMM firmware, provide a notification to a user regarding the intrusion.

2.	(Previously presented) The computer program product of claim 1, comprising computer usable program code to, when executed by the processor, provide a second notification via a user interface to the user when attempted or successful changes to the firmware are detected or when an attempt is made to execute code from an area of the computer readable memory where authorization has not been provided to execute code therefrom.

3.	(Previously presented) The computer program product of claim 2, wherein the computer usable program code is to, when executed by the processor, provide the second notification to the user via an operating system event viewer log, an immediate user notification, a boot notification, or combinations thereof.

4.	(Previously presented) The computer program product of claim 1, comprising computer usable program code to, when executed by the processor, execute a system center configuration manager (SCCM) agent to receive a number of policy settings from the user of the computing system.

5.	(Original) The computer program product of claim 4, wherein the policy settings comprise enablement of a restart procedure of the computing system upon detection of an intrusion; enablement of runtime notifications to be presented to the user; enablement of a third notification presenting to a user options on how to address the intrusion, or combinations thereof.

6.	(Original) The computer program product of claim 3, wherein the operating system event viewer log accumulates a plurality of event logs by synchronizing them with an audit log when the computing system boots up, when the computing system is resumed from a hibernation system is resumed from a sleep state, when notified via a WMI event of a new log entry, or combinations thereof. 

7.	(Cancelled).

8.	(Currently amended) A method for logging events and providing notification of intrusions to system management mode (SMM) firmware on a computing device during runtime, comprising:
storing an event data structure describing intrusions to SMM firmware on a computing device during runtime in a non-volatile memory in a computing system;
performing different actions in response to an intrusion and based on a severity of the intrusion as determined on a user input, including:
responsive to an intrusion that results in changes to the SMM firmware, automatically rebooting the computing device; and
responsive to an intrusion that does not result in changes to the SMM firmware, providing a notification to a user regarding the intrusion.

9.	(Previously presented) The method of claim 8, further comprising causing a Windows Management Instrumentation (WMI) to present to the user of the computing system a notification of an intrusion event.

10.	(Previously presented) The method of claim 9, wherein the notification of the intrusion event is a result of a real-time intrusion into a firmware of the computing system.



12.	(Currently amended) A computer user interface comprising:
	a first window indicating a notice that an intrusion into system management mode (SMM) firmware of a computing system has occurred, the notice generated responsive to a severity of the intrusion meeting a user-specified standard under which an intrusion relating in changes to the SMM firmware provokes an automatic reboot of the computing system and an intrusion not resulting in changes to the SMM firmware provokes a notification to a user; and
an indicator describing how the user is to obtain more details on the intrusion indicated in the first window.

13.	(Previously presented) The computer user interface of claim 12, comprising an event viewer associated with the first window wherein the event viewer comprises a number of events describing intrusions into the SMM firmware of the computing system.

14.	(Original) The computer user interface of claim 13, wherein each of the number of events comprises a timestamp of when the event occurred.

15.	(Original) The computer user interface of claim 14, wherein each of the number of events comprises an event identification indicating what type of event had occurred during the intrusion of the SMM firmware.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior art of record (in particular, the combination of Jeansonne et al. US Pub. No.: 2016/0063255 A1, in view of  Held et al. US Pub. No.: 2013/0013905 A1does not disclose, with respect to independent claims 1, 8 and 12performing different actions in response to an intrusion and based on a severity of the intrusion as determined on a user input, including: responsive to an intrusion that results in changes to the SMM firmware, automatically rebooting the computing device; and responsive to an intrusion that does not result in changes to the SMM firmware, providing a notification to a user regarding the intrusion. Rather, Jeansonne discloses event data structure to store event data.  Similarly, Held discloses BIOS flash attack protection and notification.  Accordingly, claims 1-6 and 8-15 are allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/NEGA WOLDEMARIAM/               Examiner, Art Unit 2433       

/JEFFREY C PWU/               Supervisory Patent Examiner, Art Unit 2433