Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


2.	Claim(s) 1-6, 8-13 and 15-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ghetie et al (US Patent 2018/0096151).

For claim 1, Ghetie et al teach the following limitations: An information handling system (Fig 1) comprising: a processor (Fig 1; CPUs; [0024]); a platform controller hub (I/O hub 125 in Fig 1 includes platform hub [0024]) communicatively coupled to 5the processor (Fig 1); a basic input/output system comprising a program of instructions executable by the processor  (Fig 2 and Fig 3; [0033]-[0034] mentions/shows BIOS) and configured to cause the processor to initialize one or more information handling resources of the information handling system ([0033]-[0037]; [0039] – normal boot is completed); and 10a management controller (security circuitry 105 in Fig 1; security circuitry 701 in Fig 7) communicatively coupled to the processor and the platform controller hub (Fig 1)  and configured to provide out-of-band management of the information handling system ([0046] mention about , the management controller further configured to ([0030]; [0032]; [0036]; [0041]-[0044] mention that pre-boot mode controlled by security circuitry 105), responsive to a power event associated with the information 15handling system (step 401 in Fig 4): intercept the power event (step 403 in Fig 4 is in response to power event; [0072] mentions that security circuit performs the pre-boot operations)) and hold the platform controller hub from completing the power event  to prevent execution of code of the basic input/output system (step 503 in Fig 5; [0036] and [0041] mention that 125 is kept in reset or complete rest; thus 125 is held from completing the event to prevent execution of BIOS; [0030] mention that 125 accesses flash during normal boot and 105 accesses during pre-boot; Fig 5 is the pre-boot executed by security circuitry [0041]; thus, 125 is prevented to execute BIOS); 20attempt to verify image integrity of the basic input/output system (Fig 5 shows that validity of active and recovery partition has been checked; Fig 2 and Fig 3 show that partition includes BIOS; [0042]-[0045]); and allow the platform controller hub to complete the power event to allow execution of the code of the basic input/output system responsive to successful 25verification of the image integrity of the basic input/output system (Step 407 in Fig 4 and step 515 in Fig 5; [0029]-[0030], [0039] mention that 125 is enabled via DC power (hub to complete power event), booted as normal and  accesses flash during normal boot (allow 

For claim 2, [0042] mention that the firmware signature is calculated to determine validity. step 513 in Fig 5 and [0045] mention that the restoration is performed from the recovery partition when the active partition (i.e., BIOS) is invalid. 

For claim 3, Step 409 in Fig 4 and [0040] mention that golden image is moved to active partition and a reboot to the pre-boot stage has been performed. The golden image is the recovery image ([0033]) and the pre-boot stage is in step 403, which performs firmware verification in step 505 and 515 as the active partition now includes the golden image. Golden image must be verified ([0044]). Therefore, the restored image is transferred to active partition and the verification is performed again. 

For claim 4, Step 409 in Fig 4 and [0040] mention that golden image is moved to active partition and a reboot to the pre-boot stage has been performed. The golden image is the recovery image ([0033]) and the pre-boot stage is in step 403, which performs firmware verification in step 505 and 515 as the active partition now includes the golden image. Therefore, the restored image is transferred to active partition and the verification is performed again. Fig 5 and Fig 4 show the loop to determine when the verification is successful. For successful verification of BIOS, step 407 has been performed as normal boot. Step 407 in Fig 4 and step 515 in Fig 5; [0029]-[0030], [0039] mention that 125 is enabled via DC power (hub to complete power event), booted as normal and  accesses 

For claim 5, For unsuccessful verification of BIOS, step 513 causes step 403 to execute again ([0040]).  Therefore 405 and 407 cannot be executed unless the verification is successful. As mentioned in [0037], checkpoint failure causes pre-boot operations to be performed at 403. Therefore, hub 125 is held from completing the power event to prevent execution of BIOS code. booted as normal and  accesses flash during normal boot (allow execution of BIOS code); these are in response to step 511 and 404; thus responsive to successful verification of BIOS image. 

For claim 6, [0024] mentions that I/O hub 125 includes south bridge and peripheral control hub, which is a management engine. The hub 125 is held at reset in step 503 (i.e., part of step 403), powered on in step 405 of Fig 4 and complete boot in step 407 in Fig 4. The steps of 405 and 407 do not execute until firmware is successfully verified in step 403. 

For claim 8, Ghetie et al teach the following limitations: A method comprising, responsive to a power event (step 401 in Fig 4) associated with an information handling system (Fig 1): intercepting the power event (step 403 in Fig 4 is in response to power event; [0072] mentions that security circuit performs the pre-boot operations)) and holding a platform controller hub (125 in Fig 1) from completing the power event  to prevent execution of code of the basic input/output system (step 503 in Fig 5; [0036] and [0041] mention that 125 is kept in reset or complete rest; thus 125 is held from 20attempting to verify image integrity of the basic input/output system (Fig 5 shows that validity of active and recovery partition has been checked; Fig 2 and Fig 3 show that partition includes BIOS; [0042]-[0045]); and allowing the platform controller hub to complete the power event to allow execution of the code of the basic input/output system responsive to successful 25verification of the image integrity of the basic input/output system (Step 407 in Fig 4 and step 515 in Fig 5; [0029]-[0030], [0039] mention that 125 is enabled via DC power (hub to complete power event), booted as normal and  accesses flash during normal boot (allow execution of BIOS code); these are in response to step 511 and 404; thus responsive to successful verification of BIOS image).

For claim 9, [0042] mention that the firmware signature is calculated to determine validity. step 513 in Fig 5 and [0045] mention that the restoration is performed from the recovery partition when the active partition (i.e., BIOS) is invalid. 

For claim 10, Step 409 in Fig 4 and [0040] mention that golden image is moved to active partition and a reboot to the pre-boot stage has been performed. The golden image is the recovery image ([0033]) and the pre-boot stage is in step 403, which performs firmware verification in step 505 and 515 as the active partition now includes the golden image. Golden image must be verified ([0044]). Therefore, the restored image is transferred to active partition and the verification is performed again. 



For claim 12, For unsuccessful verification of BIOS, step 513 causes step 403 to execute again ([0040]).  Therefore 405 and 407 cannot be executed unless the verification is successful. As mentioned in [0037], checkpoint failure causes pre-boot operations to be performed at 403. Therefore, hub 125 is held from completing the power event to prevent execution of BIOS code. booted as normal and  accesses flash during normal boot (allow execution of BIOS code); these are in response to step 511 and 404; thus responsive to successful verification of BIOS image. 

For claim 13, [0024] mentions that I/O hub 125 includes south bridge and peripheral control hub, which is a management engine. The hub 125 is held at reset in step 503 (i.e., part of step 403), powered on in step 405 of Fig 4 and complete boot in step 407 in Fig 4. 

For claim 15, Ghetie et al teach the following limitations: An article of manufacture comprising: a non-transitory computer-readable medium; and computer-executable instructions carried on the computer-readable medium ([0125]-[0127] mention about CRM implementation), the instructions readable by a 5processor, the instructions, when read and executed (“when read by a machine”; [0125]), for causing the processor to: responsive to a power event  (step 401 in Fig 4) associated with an information handling system (Fig 1): intercept the power event (step 403 in Fig 4 is in response to power event; [0072] mentions that security circuit performs the pre-boot operations)) and holding the platform controller hub from completing the power event  to prevent execution of code of the basic input/output system (step 503 in Fig 5; [0036] and [0041] mention that 125 is kept in reset or complete rest; thus 125 is held from completing the event to prevent execution of BIOS; [0030] mention that 125 accesses flash during normal boot and 105 accesses during pre-boot; Fig 5 is the pre-boot executed by security circuitry [0041]; thus, 125 is prevented to execute BIOS); 20attempt to verify image integrity of the basic input/output system (Fig 5 shows that validity of active and recovery partition has been checked; Fig 2 and Fig 3 show that partition includes BIOS; [0042]-[0045]); and allow the platform controller hub to complete the power event to allow execution of the code of the basic input/output system responsive to successful 25verification of the image integrity of the basic input/output system (Step 407 in Fig 4 and step 515 in Fig 5; [0029]-[0030], [0039] 

For claim 16, [0042] mention that the firmware signature is calculated to determine validity. step 513 in Fig 5 and [0045] mention that the restoration is performed from the recovery partition when the active partition (i.e., BIOS) is invalid. 

For claim 17, Step 409 in Fig 4 and [0040] mention that golden image is moved to active partition and a reboot to the pre-boot stage has been performed. The golden image is the recovery image ([0033]) and the pre-boot stage is in step 403, which performs firmware verification in step 505 and 515 as the active partition now includes the golden image. Golden image must be verified ([0044]). Therefore, the restored image is transferred to active partition and the verification is performed again. 

For claim 18, Step 409 in Fig 4 and [0040] mention that golden image is moved to active partition and a reboot to the pre-boot stage has been performed. The golden image is the recovery image ([0033]) and the pre-boot stage is in step 403, which performs firmware verification in step 505 and 515 as the active partition now includes the golden image. Therefore, the restored image is transferred to active partition and the verification is performed again. Fig 5 and Fig 4 show the loop to determine when the verification is successful. For successful verification of BIOS, step 407 has been performed as normal boot. Step 407 in Fig 4 and step 515 in Fig 5; [0029]-[0030], [0039] mention that 125 is 

For claim 19, For unsuccessful verification of BIOS, step 513 causes step 403 to execute again ([0040]).  Therefore 405 and 407 cannot be executed unless the verification is successful. As mentioned in [0037], checkpoint failure causes pre-boot operations to be performed at 403. Therefore, hub 125 is held from completing the power event to prevent execution of BIOS code. booted as normal and  accesses flash during normal boot (allow execution of BIOS code); these are in response to step 511 and 404; thus responsive to successful verification of BIOS image. 

For claim 20, [0024] mentions that I/O hub 125 includes south bridge and peripheral control hub, which is a management engine. The hub 125 is held at reset in step 503 (i.e., part of step 403), powered on in step 405 of Fig 4 and complete boot in step 407 in Fig 4. The steps of 405 and 407 do not execute until firmware is successfully verified in step 403. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

3.	Claims 7, 14 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ghetie et al (US Patent 2018/0096151)

For claim 7, Fig 1 shows that the system has two processor and only one is powered on in step 501. [0072] further mentions that powering down DC power to any hardware processor in operation during secure pre-boot. Therefore, the other processor (i.e., host system) is prevented to execute BIOS code until signature validation is performed in step 403 and 404. Ghetie does not explicitly mention about receiving DC power event. Ghetie mentions powering down DC power during secure pre-boot ([0072]). Therefore, it is likely that DC power event has been received. Ghetie’s system can be implemented with laptop, PDA ([0106]), which are typically operated with reception of DC power (i.e, DC power event). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to include a DC power storage and provide a DC power event to the system, since DC power is used in wide varieties of data processing system more efficiently, such as PDAs, laptops and cell phones. DC is cheaper and can be used more efficiently into these systems. 

For claim 14, Fig 1 shows that the system has two processor and only one is powered on in step 501. [0072] further mentions that powering down DC power to any hardware processor in operation during secure pre-boot. Therefore, the other processor (i.e., host system) is prevented to execute BIOS code until signature validation is performed in step 403 and 404. Ghetie mentions powering down DC power during secure pre-boot ([0072]). 

For claim 21, Fig 1 shows that the system has two processor and only one is powered on in step 501. [0072] further mentions that powering down DC power to any hardware processor in operation during secure pre-boot. Therefore, the other processor (i.e., host system) is prevented to execute BIOS code until signature validation is performed in step 403 and 404. Ghetie mentions powering down DC power during secure pre-boot ([0072]). Therefore, it is likely that DC power event has been received. Ghetie does not explicitly mention about receiving DC power. However, Ghetie’s system can be implemented with laptop, PDA ([0106]), which are typically operated with DC power. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to include a DC power storage and provide a DC power event, since DC power is used in wide varieties of data processing system more efficiently, such as PDAs, laptops and cell phones. DC is cheaper and can be used more efficiently into these systems. 



Conclusion
PTO-892 cites additional reference Jarmay that teaches a system for firmware validation and protection (Fig 3). 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FAHMIDA RAHMAN whose telephone number is (571)272-8159. The examiner can normally be reached Monday - Friday 10 AM - 7 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Huynh can be reached on 571-272-4147. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance 





/FAHMIDA RAHMAN/Primary Examiner, Art Unit 2186