DETAILED ACTION
Claims 1-20 are presented for examination.
The present application is being examined under the AIA  (America Invents Act) First Inventor to File.
This Office Action is Non-Final.
This action is responsive to the following communication: corresponding claims filed on 07-01-2020.

Claims Objections
Claims 4, 6, 14, 20 are objected to because of the following informalities:  The use of acronyms without first defining them, for example, ACPI, ACPI NV. An acronym must be first defined before using it as the meaning of the acronym may change with time or depending on the context in which is used.

Claim Interpretation
Claims 13 recites the limitation directed to “computer storage media”. Applicant’s specification includes language that defines the limitation in exclusionary proviso. In particular, ¶ [0044] states that the computer storage media “does not include signals or carrier waves”. 
Therefore, since the claimed terms expressly excludes signals per se, the Office submits that a rejection under a 35 USC § 101 is not warranted for the above claims.
Claims 14-17 are dependent from claim 13, as such, are interpreted in the same manner for the reason described above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6-10, 15-18, 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2021/0182078 (hereinafter Rietschin) in view of U.S. Publication No. 2016/0217282 (hereinafter Vecera) 
As per claims 1, 13, 18, 1Rietschin discloses a method for analyzing firmware, the method comprising: 
during pre-boot, accessing firmware stored in one or more regions of memory; (¶ [0023] states “exemplary system 201 shown therein illustrates an exemplary initiation of a booting”. According to Fig. 2, storage media 111 includes container OS image 212 that includes various firmware noted by labels 220, 230, 240, 280, 290 ) 
storing the firmware in one or more separate regions of memory that remain accessible at runtime; (Fig. 2c illustrates exemplary firmware 230 being stored in composite device 250 as indicated by the action “249”)
during runtime, accessing the firmware that is stored in the one or more separate regions of memory; and (¶ [0044] states that “a hypervisor, such as based on instructions and/or parameters provided by container manager processes, can instantiate firmware to execute within the container instance” . 

Rietschin does not distinctly disclose accessible to an antivirus solution to thereby enable the antivirus solution to perform a statistical analysis on the one or more files to detect a compromise in the firmware.
However, Vecera explicitly discloses accessible to an antivirus solution to thereby enable the antivirus solution to perform a statistical analysis on the one or more files to detect a compromise in the firmware. (¶ [0017] states that “example, the operating system 104 runs the anti-malware application 106 during a boot process” .  Further still, ¶ [0018] states that “ Anti-malware application 106 is structured to determine hash codes corresponding to files.  Hash codes may be determined by analyzing files using algorithms such SHA or MD5.  The anti-malware application 106 may include a data store that is structured to store hash codes associated with files.  The anti-malware application is structured to compare hash codes of files with one 
or more hash codes stored in the data store to detect matches.  A hash code 
match may identify that the file is approved for the particular operation.  For 
example, if the detected operation is a file execution, a match between the 
file's hash code and one of the stored hash codes may identify that the file is 
approved for execution.  Inability to locate a match for a file's hash code in 
the data store may trigger additional actions.  Additional actions may include, 
for example, contacting a server 110 to receive malware-related information 
regarding the file.” 


As per claim 2, Rietschin as modified discloses wherein the one or more regions of memory comprise at least one memory region that stores dynamic firmware. ( Rietschin ; The information and executable instructions stored in a container operating system image, such as the exemplary container operating system image 212, can be can be “dynamic” ; ¶ [0023]) 

As per claims 3, 15, 19, Rietschin as modified discloses wherein the dynamic firmware includes firmware configuration settings. (Rietschin; boot configuration data; Fig 2e )

As per claim 6, Rietschin as modified discloses wherein storing the firmware in the one or more separate regions of memory comprises storing the firmware in an ACPI NV region of memory. (¶ [0056] of Rietschin states” The computing device 600 also typically includes computer readable media, which can include any available media that can be accessed by computing device 600 and includes both volatile” )
As per claim 7, Rietschin as modified discloses wherein accessing the firmware that is stored in the one or more separate regions of memory comprises reading the firmware from the ACPI NV region of memory. (¶ [0056] of Rietschin states” The 
As per claims 8, 16, Rietschin as modified discloses wherein the firmware comprises multiple portions of firmware, and wherein storing the firmware in the file comprises storing each portion of firmware as a separate file in the file system. (Rietschin; primary file system and secondary file system; Fig 2e) 
As per claim 9, Rietschin as modified discloses further comprising: accessing the file system to analyze the firmware. (¶ [0017] states that “example, the operating system 104 runs the anti-malware application 106 during a boot process” .  Further still, ¶ [0018] states that “ Anti-malware application 106 is structured to determine hash codes corresponding to files.  Hash codes may be determined by analyzing files using algorithms such SHA or MD5.  The anti-malware application 106 may include a data store that is structured to store hash codes associated with files.  The anti-malware application is structured to compare hash codes of files with one or more hash codes stored in the data store to detect matches.  A hash code match may identify that the file is approved for the particular operation.  For example, if the detected operation is a file execution, a match between the file's hash code and one of the stored hash codes may identify that the file is approved for execution.  Inability to locate a match for a file's hash code in the data store may trigger additional actions.  Additional actions may include, 
for example, contacting a server 110 to receive malware-related information 
regarding the file.”

file's hash code and one of the stored hash codes may identify that the file is 
approved for execution.  Inability to locate a match for a file's hash code in 
the data store may trigger additional actions.  Additional actions may include, 
for example, contacting a server 110 to receive malware-related information regarding the file.”

Claims 4- 5, 14, 20 rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2021/0182078 (hereinafter Rietschin) in view of U.S. Publication No. 2016/0217282 (hereinafter Vecera) and further view of U.S. Publication No. 2016/0364243 (hereinafter Puhillathe) 

As per claim 4, Rietschin as modified discloses wherein storing the firmware in the one or more separate regions of memory comprises tables. (Rietschin’s ¶ [0050] 
or data structures” ) 
Rietschin as modified does not distinctly disclose wherein storing the firmware in the one or more separate regions of memory comprises storing the firmware in one or more ACPI tables. 
However, Puhillathe discloses wherein storing the firmware in the one or more separate regions of memory comprises storing the firmware in one or more ACPI tables. (¶ [0040] states “ACPI firmware 204 within BIOS/UEFI 202 adds ACPI tables” ) 
It would have been obvious before the effective filing date of the claimed invention to modify the teachings of Rietschin as modified and Puhillathe because all references are in the same field of endeavor. Puhillathe’s teaching of acpi tables would enhance Rietschin's as modified system because it allows address translation while using small digital footprint and thus enhancing preservation of available memory for the computer system.  

As per claim 5, Rietschin as modified discloses wherein accessing the firmware that is stored in the one or more separate regions of memory comprises reading the firmware from the one or more ACPI tables. (¶ [0040] states “ACPI firmware 204 within BIOS/UEFI 202 adds ACPI tables” )

As per claims 14, 20Rietschin as modified discloses wherein storing the one or more portions of firmware in memory in a manner that causes the one or more portion 
Allowable Subject Matter
Claims 11-12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Relevant Prior Art
Pertinent prior art for the instant application is U.S. Publication No. 2018/0032734 by Gunti et al. which discloses the invention directed to a computer system is securely booted by executing a boot firmware to locate a boot loader and verify the boot loader using a first key that is associated with the boot firmware.  Upon verifying the boot loader, computer system executes the boot loader to verify a system software kernel and a secure boot verifier using a second key that is associated with the boot loader.  The secure boot verifier is then executed to verify the remaining 
of the computer system.


Conclusion

With respect to any newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims. See MPEP §714.02 and § 2163.06. For example, when responding to this office action, applicants are advised to provide the examiner with the line numbers and page numbers in the application and/or references cited to assist the examiner in locating appropriate paragraphs.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUREL PRIFTI whose telephone number is (571)270-1743.  The examiner can normally be reached on M-F 8 a.m.- 6 p.m..
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Ngoc Huynh can be reached on 571-272-4147.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/AUREL PRIFTI/Primary Examiner, Art Unit 2186                                                                                                                                                                                                        

Aurel Prifti     
 Primary Examiner
Art Unit 2186
Tel. (571) 270-1743
Fax (571) 270-2743

aurel.prifti@uspto.gov




	
	
	
	
	
	

	
	
	
	
	
	
	
	
	
	
	

	



    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 As per claim 18, Rietschin discloses the claimed “pre-boot agent” (“boot manager”; Fig 2d)