Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Jacobs (United States Patent Application Publication US 2022/0004640), hereinafter Jacobs, in view of Rothman et al. (United States Patent Application Publication US 2007/0234029), hereinafter Rothman.

(Fig. 1 18b “PROCESSOR”) the BIOS comprising: a protocol notification manager configured to: receive a protocol notification registration from a consumer driver of the plurality of protocol drivers; ([0020] “At OS runtime, OS 42 may, using BIOS services, update the white and black lists to change which drivers ( e.g., OS loaders, etc.) BIOS 26 will allow.” [0025] “Using this implementation, memory 20c in baseboard management controller 24a can be used to store the UEFI secure boot variables (e.g., white list 34a, black list 36a, and platform key 38a) in the form of a monolithic signed blob, which may be populated into baseboard management controller 24a at server (e.g., managed server 24a) provisioning time. This can enable management server 12 to modify these lists per deployment requirements (e.g., OS supported, driver revision blacklisting, etc.). The blob may be read from baseboard management controller 24a when BIOS 26 boots up early in a power on self-test (POST).” [0037] “At 406, during the power on self-test, the BIOS requests a platform key, key exchange key list, white list, and black list from a baseboard management controller. In an example, the platform key, key exchange key list, white list and black list are included in a blob of data sent to the BIOS from the baseboard management controller.” [0039] “At 506, a driver in a managed server requests to be loaded and ran. At 508, a BIOS in a managed server accesses a white list and a black list to determine if the driver should be loaded and run.” As a request to load and run the driver is received from the driver, a BIOS receives a blob of data including the platform key, key exchange key list, white list and black list, which is interpreted as a protocol notification registration from a consumer driver of the plurality of protocol drivers. A function of BIOS to receive a protocol notification registration from a consumer driver, which is a portion or one functions of BIOS, is interpreted as a protocol notification manager.)
receive a unique key associated with the consumer driver; ([0019] “platform key 38a may facilitate authentication of the lists. The lists can be used by BIOS 26 to authenticate loading of BIOS (UEFI) drivers such as an OS loader (e.g., WINDOWS® 8), and third-party UEFI I/O device drivers (formerly known as Option ROMS) as a tool to prevent injection of non-authentic code into BIOS 26. Non-authentic code in BIOS 26 can execute a Denial of Service (DoS) attack, capture control of BIOS 26 and inject root kit code, or other malicious activity.” ).” [0037] “At 406, during the power on self-test, the BIOS requests a platform key, key exchange key list, white list, and black list from a baseboard management controller. In an example, the platform key, key exchange key list, white list and black list are included in a blob of data sent to the BIOS from the baseboard management controller.” [0039] “At 506, a driver in a managed server requests to be loaded and ran. At 508, a BIOS in a managed server accesses a white list and a black list to determine if the driver should be loaded and run.” BIOS receives the list including a platform key, key exchange key list, white list, and black list. A platform key included in the blob is used to authenticate loading of BIOS (UEFI) drivers, and third-party UEFI I/O device loaders, which is interpreted as a unique key associated with the consumer driver.)
receive a pre-authorized list from a producer driver of the plurality of protocol drivers, ([0020] “the lists are created at BIOS 26 during build time in a factory setting, and, at that time, a static structure of the lists is injected into the BIOS image.” [0027] “Baseboard management controller 24a can make the blob of data available to BIOS 26 through a secure channel 44 established across chipset 22 when requested by BIOS 26. When BIOS 26 boots, BIOS 26 can request the blob of data from baseboard management controller 24a and then use the contents of the blob to populate white list 34b, black list 36b, platform key 38b, and key exchange key list 40b in memory 20d. BIOS 26 may then utilizes these variables locally during runtime (per UEFI 2.3.lc specification) to authenticate UEFI drivers and OS loader execution.” BIOS receives the list including a whitelist.)
the pre-authorized list comprising one or more signed consumer identifiers, ([0028] “the contents of white list 34b and black list 36b to control what BIOS 26 allows and disallows on subsequent boot cycles.” [0039] “At 506, a driver in a managed server requests to be loaded and ran. At 508, a BIOS in a managed server accesses a white list and a black list to determine if the driver should be loaded and run… if the driver is included in the white list, then the driver is loaded and allowed run.” A whitelist is used to authenticate BIOS drivers, and third-party UEFI I/O device drivers. Thus, a whitelist includes a list of drivers, which is interpreted as one or more signed consumer identifier.)
each of the one or more signed consumer identifiers identifying a respective one of the plurality of protocol drivers authorized to receive a protocol notification from the producer driver; (Fig. 4 406 Fig. 5 502-504. Drivers in the white list are used to identify or determine if the drivers are authenticated to be loaded or updated. The request to load or update for drivers is interpreted a protocol notification from the producer driver. Furthermore, only the driver included in the white list is loaded and allowed to run, which is interpreted as identifying a respective one of the plurality of protocol drivers authorized to receive a protocol notification from the producer driver.)
determine if the unique key successfully decrypts a signed consumer identifier associated with the consumer driver; (Fig. 5 508. As discussed above, the platform key and the key exchange key list are used to authenticate the list, which includes a signed consumer identifier associated with the consumer driver. Authentication using the key is interpreted as determine if the unique key successfully decrypts a signed consumer identifier.) and 
perform access control of protocol notification from the producer driver to the consumer driver based on whether the unique key successfully decrypts the signed (Fig. 5 508. Based on the successful authentication, drivers are loaded and run.)
However, Jacobs does not teach a basic input/output system (BIOS) embodied in non- transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state, the BIOS comprising a plurality of protocol drivers.
Rothman teaches a basic input/output system (BIOS) embodied in non-transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state, the BIOS comprising a plurality of protocol drivers. (Fig. 2 208 “NONVOLATILE MEMORY” 220 “FIRMWARE/BIOS” 218 “DRIVER X, DRIVER Y, DRIVER Z” [0016] “The firmware/BIOS 220 contains the instructions needed to initialize the computer or server and to instantiate the context sensitive component dispatch functionality. The firmware/BIOS 220 includes a plurality of drivers 218 that interact with particular devices in the system. Each driver 218 includes associated DEPEXs 214.” Firmware/BIOS in nonvolatile memory to initialize the computer and to instantiate the context sensitive component dispatch functionality is interpreted as a BIOS embodied in non-transitory computer-readable media and configure to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state. Furthermore, as shown in Fig. 2, BIOS includes DRIVERs X, Y, and Z.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jacobs by incorporating the teaching of Rothman of a BIOS embodied in non-transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system in to a known state and comprising a plurality of drivers. They are all directed toward controlling a BIOS. As disclosed in Rothman, it is well known in the art that the BIOS is the first software/firmware to search for devices required for the booting process, such as drivers before loading an OS. ([0002]) Furthermore, as recognized by Rothman and as well known in the art, in order for BIOS to initiate the computer, the drivers in the BIOS or BIOS drivers are required to communicate with the hardware during booting process. ([0002]-[0004]) However, since the OS has not been loaded during the initial boot process by BIOS, the BIOS are required to include drivers to communicate with hardware during the booting process until the OS is loaded. ([0003], [0004]) Therefore, it is well known in the art that the BIOS embodied in non-transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted 

Regarding claim 2, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control comprises allowing protocol notification from the producer driver to the consumer driver if the unique key successfully decrypts the signed consumer identifier associated with the consumer driver. (Fig. 7 706, 708 [0019] “platform key 38a may facilitate authentication of the lists. The lists can be used by BIOS 26 to authenticate loading of BIOS (UEFI) drivers such as an OS loader (e.g., WINDOWS® 8), and third-party UEFI I/O device drivers (formerly known as OptionROMS) as a tool to prevent injection of non-authentic code into BIOS 26. Non-authentic code in BIOS 26 can execute a Denial of Service (DoS) attack, capture control of BIOS 26 and inject root kit code, or other malicious activity.” The list including the white list of drivers are authenticated by the platform key. Based on the authentication, the list is changed or updated.)

Regarding claim 3, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control comprises denying protocol notification from the producer driver to the consumer driver if the unique key is unsuccessful in decrypting the signed consumer identifier associated with the consumer driver. ([0040] “If the OS loader cannot be authenticated, then the BIOS registers the failure to authenticate the OS loader, as in 612.” [0041] “If the OS does not have a valid encryption key, then the BIOS registers the failed request by the OS to change the white list and/or the black list, as in 712.” The failure of authentication with the platform key does not allow to change or update the list, which does not allow the request.)

Regarding claim 4, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 3, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control further comprises logging information regarding denial of protocol notification. ([0041] “If the OS does not have a valid encryption key, then the BIOS registers the failed request by the OS to change the white list and/or the black list, as in 712. At 714, the registered failure is sent to a baseboard management controller. At 716, the registered failure is sent to a management controller. In an example, the failure is sent to the management server by the baseboard management controller.” The failure of authentication is registered in the BIOS, a baseboard management controller, and a management server.)

Regarding claim 5, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein the unique key and pre-authorized list are securely bound during build of the BIOS. ([0020] “the lists are created at BIOS 26 during build time in a factory setting, and, at that time, a static structure of the lists is injected into the BIOS image.”)

Regarding claim 6, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above. 
Jacobs, as modified above, further teaches wherein the BIOS comprises a Unified Extensible Firmware Interface. ([0019] “platform key 38a may facilitate authentication of the lists. The lists can be used by BIOS 26 to authenticate loading of BIOS (UEFI) drivers such as an OS loader (e.g., WINDOWS® 8), and third-party UEFI I/O device drivers (formerly known as OptionROMS) as a tool to prevent injection of non-authentic code into BIOS 26. Non-authentic code in BIOS 26 can execute a Denial of Service (DoS) attack, capture control of BIOS 26 and inject root kit code, or other malicious activity.”)

Regarding claim 7, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control comprises determining whether the unique key in combination with a system public key successfully decrypts the signed consumer identifier associated with the consumer driver. ([0028] “During OS runtime, BIOS 26 can accommodate updates to white list 34b and black list 36b by authenticated OS accesses (e.g., using platform key 38b or key exchange key list 40b). This enables OS 42 to change the contents of white list 34b and black list 36b to control what BIOS 26 allows and disallows on subsequent boot cycles, as per UEFI specifications. Because BIOS 26 may be updated asynchronously and without notification, to retain these updates, BIOS 26 can communicate, during runtime, any changes to these lists back to baseboard management controller 24a, across secure channel 44, to securely store the changed lists.” [0015] “Key exchange key lists 40a and 40b may each contain cryptographic keys to facilitate the exchange of cryptographic data.” [0032] “A key exchange key variable contained in key exchange key list 40a may be used to update the lists (e.g., signature database) and can be used either to update a current list or to sign binaries for valid execution.” [0041] “the BIOS may use a key exchange key list (e.g., key exchange key list 40b) to determine if the OS has a valid encryption key.”)

	Regarding claims 8-14, the claims 8-14 are the method claims of the apparatus claims 1-7. The claims 8-14 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Jacobs in view of Rothman teaches all the limitations of the claims 8-14.

Regarding claims 15-21, the claims 15-21 are an article of manufacture comprising: a non-transitory computer readable medium and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to execute the instructions of the method claims 8-14. The claims 15-21 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Jacobs in view of Rothman teaches all the limitations of the claims 15-21.
	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Wotherspoon (United States Patent Application Publication US 2019/0121982) teaches BIOS/UEFI to detect a new hard disk and verify identifier of the HD on a whitelist.
DASAR et al. (United States Patent Application Publication US 2016/0180094) teaches method for optimizing boot time of information for the BIOS performing an authentication check of drivers during an initial boot process and storing the results of the authentication check along with an UEFI image for each driver in an authentication results data structure.
WESTERN et al. (United States Patent Application Publication US 2013/0104188) teaches secure Option ROM control to take different actions for different types of detected expansion card or other devices due to the security characteristics of Option ROM drivers associated with the expansion card or device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/H.K./Examiner, Art Unit 2187             

/JAWEED A ABBASZADEH/Supervisory Patent Examiner, Art Unit 2187