DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-9 and 11-22 are pending.
The claim objections have been withdrawn in view of the claim amendment. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/13/22 has been entered.

Response to Arguments
Applicant's arguments filed on 04/13/22 have been fully considered. Although there might be differences between Applicant’s invention and the cited prior art, the current claims have not successfully captured these differences to render the claims clearly distinguishable from the cited prior art as explained in more detail below.
In response to Applicant’s argument regarding claims 13 and 18 (page 7 of Remarks), Examiner acknowledged Applicant’s perspective but these claims are obvious in view of the combination of Kitagawa and Zhu as seen in the rejection below.
In response to Applicant’s argument regarding claims 15-17 and 20-22 (page 7 of Remarks), Examiner acknowledged Applicant’s perspective but these claims are obvious in view of the combination of Kitagawa, Zhu, and Montero as seen in the rejection below.
In response to Applicant’s argument regarding claims 1-2 and 4-9 (page 8 of Remarks), Examiner acknowledged Applicant’s perspective but these claims are still unallowable because (a) only the of claim 10 was incorporated into the independent claims while the limitations of the intervening claims 2-9 were not incorporated into the independent claims and (b) in view of newly found prior art Yau as seen in the rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2 are rejected under 35 U.S.C. 103 as being unpatentable over Oncale (US 20210240831) in view of Lin (US 10997297) in view of Zhu (US 20200310774) and further in view of Yau (US 10219135).

Claim 1, Oncale discloses An apparatus to facilitate firmware resiliency in a computer system platform, comprising: 
a first non-volatile memory to store primary firmware for a computer system platform; (e.g. fig. 1, ¶34, 39: primary firmware image (e.g., stored in primary firmware ROM 126))
a second non-volatile memory to store a firmware copy of the primary firmware; and (e.g. fig. 1, ¶35, 39:  secondary firmware image (e.g., stored in secondary firmware ROM 128))
a processor including resiliency hardware to restore the primary firmware stored in the first non-volatile memory with the firmware copy; and a controller coupled to the second non-volatile memory via interface (e.g. fig. 1, ¶39: If management controller 112 executes its secondary firmware image as a result of the primary firmware image failing verification, management controller 112 may execute a "normal" recovery process to recover its primary firmware image (e.g., overwrite the primary firmware image stored in primary firmware ROM 126 with the contents of the secondary firmware image).)
Although Oncale discloses a processor including resiliency hardware to restore the primary firmware stored in the first non-volatile memory with the firmware copy (see above), Oncale does not appear to explicitly disclose but Lin discloses a cryptographic processor (e.g. figs. 3, 6,  col. 14, ll. 13-17, col. 18, ll. 9-16, 58-67: cryptographic controller 600) including resiliency hardware to detect unauthorized access to the primary firmware (e.g. col. 12, ll. 22-32: the controller 600 determines or suspects that a current firmware image 320 is compromised).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Lin into the invention of Oncale for the purpose of securely initiating a downloading of a firmware image update (Lin, col. 19, ll. 40-44) and enabling the compromised firmware to be replaced (Lin, col. 12, ll. 30-32).
Oncale-Lin does not appear to explicitly disclose but Zhu discloses the primary firmware comprises security firmware that provides a root of trust for verification of the computer system platform (e.g. ¶30: a security (SEC) phase 210…SEC 210 is the first phase of a UEFI boot process on the information handling system that operates to set up a pre-verifier 212 that handles all restart events on the information handling system, and temporarily allocates a portion of memory for use during the other boot phases. Pre-verifier 212 is executed out of the firmware resident on the information handling system, and so serves as a root of trust for the system).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Zhu into the invention of Oncale-Lin for the purpose of handling all restart events on the information handling system, and temporarily allocating a portion of memory for use during the other boot phases (Zhu, ¶30).
Although Oncale discloses a controller coupled to the second non-volatile memory via interface (see above), Oncale does not appear to explicitly disclose but Yau discloses a Wireless Credentials Exchange (WCE) controller coupled to the second non-volatile memory via a radio frequency (RF) interface to prevent unauthorized access to the firmware copy. (e.g. figs. 1, 7, 8, col. 1, ll. 28-57, col. 2, ll. 22-37, col. 6, ll. 34-52, col. 7, ll. 15-20, 43-col. 8, ll. 14, col. 11, ll. 41-47, 59-63, col. 12, ll. 1-11, 28-34: The technologies disclosed herein provide functionality for utilizing near field communication ("NFC") to improve the security, performance, configuration, and potentially safety, of various types of computing systems…An NFC reader in the server computer can read credentials from an NFC card or an NFC-equipped mobile device. The credentials can be provided to the EC, which can compare the received credentials to the credentials previously defined and stored in the NVRAM to determine if the credentials read from the NFC reader are permitted to power on the server computer. If so, the EC can provide a power on signal to a power controller in the server computer in order to power on the server computer. A similar mechanism can be utilized to securely power off the server computer utilizing NFC. This mechanism can be utilized to improve the security of an NFC-equipped server computer by enabling only authorized users to power on or power off the server computer…FIG. 7 is a block diagram showing aspects of a server computer 102 disclosed herein that can utilize NFC to initiate…recovery of a firmware 104 executing in the server computer 102…As shown in FIG. 7, the server computer 102 can read an NFC tag 702 from an NFC card 116 or an NFC-equipped mobile device 122 during booting of the server computer 102…The update application 706 is configured to…recover the firmware 104 of the NFC-equipped server computer 102 from a firmware image 708 stored…on the NFC card 116 or an NFC-equipped mobile device…Once the server computer 102 has been rebooted, the update application 706 can…recover the firmware using the firmware image 708. This can include copying the firmware image 708 to the non-volatile memory 106 to replace the existing firmware 104. As also discussed above, the firmware image 708 can be stored on…the NFC card 116, an NFC-equipped mobile device 122)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Yau into the invention of Oncale-Lin-Zhu for the purpose of utilizing near field communication to improve the security, performance, configuration, and potentially safety, of various types of computing systems and enabling only authorized users to power on and off the system (Yau, col. 1, ll. 28-31, 54-57).

Claim 2, Oncale-Lin-Zhu-Yau discloses The apparatus of claim 1, wherein the second non-volatile memory is isolated from first non-volatile memory.  (Oncale, e.g. fig. 1, ¶34-35)

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Oncale (US 20210240831) in view of Lin (US 10997297) in view of Zhu (US 20200310774) in view of Yau (US 10219135) and further in view of Montero (US 20200201714).

Claim 3, Oncale-Lin-Zhu-Yau discloses The apparatus of claim 2, wherein the resiliency hardware is coupled to the first non-volatile memory via a system fabric and coupled to the second non-volatile memory via an side channel (Oncale, e.g. fig. 1, ¶34-35, 39) and does not appear to explicitly disclose but Montero discloses an out of band side channel.  (e.g. ¶47-49, 56) 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Montero into the invention of Oncale-Lin-Zhu-Yau for the purpose of enabling firmware recovery before the CPU is fully up and running (Montero, ¶56).


Claims 4-9 are rejected under 35 U.S.C. 103 as being unpatentable over Oncale (US 20210240831) in view of Lin (US 10997297) in view of Zhu (US 20200310774) in view of Yau (US 10219135) in view of Montero (US 20200201714) and further in view of Samuel (US 20200097658).

Claim 4, Oncale-Lin-Zhu-Yau-Montero discloses The apparatus of claim 3, wherein the resiliency hardware detects the unauthorized access to the primary firmware (Lin, e.g. col. 12, ll. 22-32).  Same motivation as in claim 1 would apply.
Oncale-Lin-Zhu-Yau-Montero does not appear to explicitly disclose but Samuel discloses during a boot process.  (e.g. fig. 6, ¶59, 62)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Samuel into the invention of Oncale-Lin-Zhu-Yau-Montero for the purpose of stopping the boot process or preventing the computing device from booting (Samuel, ¶62).

Claim 5, Oncale-Lin-Zhu-Yau-Montero-Samuel discloses The apparatus of claim 4, wherein the resiliency hardware initiates a recovery of the primary firmware upon detecting the unauthorized access to the primary firmware. (Lin, e.g. col. 12, ll. 22-32).  Same motivation as in claim 1 would apply.

Claim 6, Oncale-Lin-Zhu-Yau-Montero-Samuel discloses The apparatus of claim 5, wherein the resiliency hardware performs the recovery of the primary firmware by retrieving the firmware copy from the second non-volatile memory via the side channel. (Oncale, e.g. fig. 1, ¶39).
Although Oncale-Lin-Zhu-Yau-Samuel discloses a side channel (see above), the combination does not appear to explicitly disclose but Montero discloses an out of band side channel (Montero, e.g. ¶47-49, 56).  Same motivation as in claim 3 would apply.

Claim 7, Oncale-Lin-Zhu-Yau-Montero-Samuel discloses The apparatus of claim 6, wherein the resiliency hardware further performs the recovery of the primary firmware by overwriting the primary firmware with the firmware copy via the system fabric.  (Oncale, e.g. ¶39)

Claim 8, Oncale-Lin-Zhu-Yau-Montero-Samuel discloses The apparatus of claim 7, wherein the resiliency hardware further performs the recovery of the primary firmware by authenticating the firmware copy prior to overwriting the primary firmware.  (Oncale, e.g. ¶37, 39)

Claim 9, Oncale-Lin-Zhu-Yau-Montero-Samuel discloses The apparatus of claim 8, wherein the firmware copy is repaired upon not being able to authenticate the firmware copy. (Oncale, e.g. ¶37, 39)


Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Oncale (US 20210240831) in view of Lin (US 10997297) in view of Zhu (US 20200310774) in view of Yau (US 10219135) and further in view of Hale (US 20100115576).

Claim 11, Oncale-Lin-Zhu-Yau discloses The apparatus of claim 1, wherein the WCE controller repairs the firmware copy via the RF interface based on a configuration policy. (Hale, e.g. ¶24, 40).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hale into the invention of Oncale-Lin-Zhu-Yau for the purpose of ensuring that only correct firmware copy is used in the recovery process.

Claim 12, Oncale-Lin-Zhu-Yau-Hale discloses The apparatus of claim 11, wherein the configuration policy comprises the WCE controller selecting a replacement firmware copy source from a source external to the computer system platform.  (Hale, e.g. ¶24, 40).  Same motivation as in claim 11 would apply.


Claims 13-14 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kitagawa (US 20180039553) in view of Zhu (US 20200310774).

Claim 13, Kitagawa discloses At least one non-transitory computer readable medium having instructions stored thereon, which when executed by one or more processors, cause the one or more processors to: 
authenticate primary firmware stored in a first non-volatile memory in a computer system platform to determine whether the primary firmware has been corrupted, (e.g. fig. 1, ¶37, 44-45, 57, 65, 74-75: performing diagnosis for a first BIOS stored in a BIOS flash ROM 16-1 (a first storage device) to determine whether the first BIOS has been corrupted) wherein the primary firmware comprises security firmware including a code region and a data region; detect a corruption of the primary firmware, including: detecting whether the code region of the primary firmware has been corrupted; and detecting whether the data region of the primary firmware has been corrupted; and (e.g. ¶66-71, 74-75, 125: The diagnosis unit 101 performs diagnosis for the BIOS flash ROM 16 in a step-wise manner (three phases) in the order of (a1) flash operation area, (a2) CAR operation area, and (a3) memory operation area depending on the operation location of the BIOS described above. The (a1) flash operation area is an area in which data (BIOS data, BIOS program, and modules) to be read in the EFI phase is stored in the BIOS flash ROM 16. Hereinafter, the flash operation area may be referred to as a first area. In the BIOS flash ROM 16, the area in which the BIOS data to be executed by the CPU 10 in the above-described first period is stored corresponds to the first area. The (a2) CAR operation area is an area in which data (BIOS program, modules) to be read is stored until the memory 14 becomes available after the CAR is enabled. Hereinafter, the CAR operation area may be referred to as a second area. In the BIOS flash ROM 16, the area in which the BIOS data to be executed by the CPU 10 in the above-described second period is stored corresponds to the second area. The (a3) memory operation area is an area, in the BIOS flash ROM 16, in which data (BIOS program, modules) to be read after the memory 14 becomes available is stored. In the BIOS flash ROM 16, the area in which the BIOS data to be executed by the CPU 10 in the above-described third period is stored corresponds to the third area.)
initiate a recovery of the primary firmware upon detecting the corruption of the primary firmware, including: restoring the code region of the primary firmware with code stored in a firmware copy stored in a second non-volatile memory in the computer system platform upon detecting that the code region of the primary firmware has been corrupted; and restoring the data region of the primary firmware with data stored in the firmware copy stored in the second non-volatile memory upon detecting that the data region of the primary firmware has been corrupted. (e.g. ¶81, 83, 85-90: The recovery unit 103 restores (recovers) the data of the BIOS flash ROM 16 (hereinafter, referred to as an abnormal BIOS flash ROM 16 or a BIOS flash ROM 16 to be restored) in which an abnormality is detected by the diagnosis unit 101…Specifically, the recovery unit 103 identifies an address (abnormality-occurred address) of a point (abnormality-occurred point) where an abnormality is detected by the diagnosis unit 101 in the abnormal BIOS flash ROM 16…The recovery unit 103 determines a predetermined address range including the abnormality-occurred address as a restoration target range. The recovery unit 103 extracts the BIOS data from the portion corresponding to the restoration range of the abnormal BIOS flash ROM 16, in the other BIOS flash ROM 16 where no abnormality is detected. As described above, in the present embodiment, the BIOS flash ROM 16-1 and the BIOS flash ROM 16-2 are provided with the same data structure, and the same BIOS data is stored at the same address position. Therefore, the recovery unit 103 extracts data (BIOS data) in the same address range as the restoration target range determined as described above as restoration data from the other BIOS flash ROM 16 where no abnormality is detected. Then, the recovery unit 103 overwrites the data of the restoration target range including the abnormality-occurred point in the abnormal BIOS flash ROM 16 with the data (restoration data) extracted from the other BIOS flash ROM 16. In other words, in a plurality of redundant BIOS flash ROMs 16, the recovery unit 103 overwrites and updates the data of the restoration target range including the abnormality-occurred point in one BIOS flash ROM 16 with the data (restoration data) read from the same address range of the other BIOS flash ROM 16 where no abnormality is detected.)
Although Kitagawa discloses security firmware including a code region and a data region (see above), Kitagawa does not appear to explicitly disclose but Zhu discloses security firmware that provides a root of trust for verification for the computer system platform (e.g. ¶30: a security (SEC) phase 210…SEC 210 is the first phase of a UEFI boot process on the information handling system that operates to set up a pre-verifier 212 that handles all restart events on the information handling system, and temporarily allocates a portion of memory for use during the other boot phases. Pre-verifier 212 is executed out of the firmware resident on the information handling system, and so serves as a root of trust for the system).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Zhu into the invention of Kitgawa for the purpose of handling all restart events on the information handling system, and temporarily allocating a portion of memory for use during the other boot phases (Zhu, ¶30).

Claim 14, Kitagawa-Zhu discloses The computer readable medium of claim 13, wherein the second non-volatile memory is isolated from first non-volatile memory. (Kitagawa, e.g. fig. 1, ¶37).

Claim 18, this claim is rejected for similar reasons as in claim 13.

Claim 19, this claim is rejected for similar reasons as in claim 14.


Claims 15-17 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Kitagawa (US 20180039553) in view of Zhu (US 20200310774) and further in view of Montero (US 20200201714).

Claim 15, Kitagawa-Zhu discloses The computer readable medium of claim 14, wherein the recovery of the primary firmware further comprises retrieving the firmware copy from the second non-volatile memory via a side channel (Kitagawa, e.g. fig. 1, ¶81, 86-87, 89) and does not appear to explicitly disclose but Montero discloses an out of band side channel. (e.g. fig. 1, ¶15-16, 47-49, 56).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Montero into the invention of Kitagawa-Zhu for the purpose of enabling firmware recovery before the CPU is fully up and running (Montero, ¶56).

Claim 16, Kitagawa-Zhu-Montero discloses The computer readable medium of claim 15, wherein the recovery of the primary firmware further comprises overwriting the primary firmware with the firmware copy via a system fabric. (Kitagawa, e.g. fig. 1, ¶89).

Claim 17, Kitagawa-Zhu-Montero discloses The computer readable medium of claim 16, wherein the recovery of the primary firmware further comprises authenticating the firmware copy prior to overwriting the primary firmware. (Kitagawa, e.g. ¶77, 86, 89)

Claim 20, this claim is rejected for similar reasons as in claim 15.

Claim 21, this claim is rejected for similar reasons as in claim 16.

Claim 22, this claim is rejected for similar reasons as in claim 17.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20170222815 discloses the processor 602 boots from a NAND flash 606 having operating firmware thereon. However, on timeout of the watchdog timer, (for example due to detecting an anomaly in the operation of the client device, e.g. due to malware being detected on the device or an incorrect firmware being loaded into the NAND flash 606), communication with the server 604 may be lost, such that the crypto-watchdog 605 may perform a response action whereby the processor 602 is instructed to boot from the SPI flash 608 which has a different firmware thereon…the recovery mode enables communication between the client device 601 and the server 604 (e.g. over WiFi, BLE, ZigBee etc.), such that the client device 601 can provide a status update to the server 604 identifying the anomaly. On receiving the status update, the server 604 is configured to provide firmware to the client device 601 as previously described. On receiving the firmware update from the server 604, the firmware update is used to reflash the NAND flash 606, whereby the crypto-watchdog 605 instructs the processor 602 to boot from the NAND flash 606.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436