DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Specification
Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.

The abstract of the disclosure is objected to because it contains more than just a concise statement of the technical disclosure of the patent. The abstract of the disclosure should only contain a single paragraph within the range of 50 to 150 words in length.

Appropriate correction is required.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 5-12 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over LEWIS (U.S. PGPub. 2015/0089238), hereinafter Lewis, in view of Masone (U.S. PGPub. 2012/0011358). 

	Regarding claim 1, Lewis teaches A computing device comprising:
	a memory accessible at startup of the computing device (Lewis, Paragraph [0002], see “Computing devices are initialized by firmware included within the device and this firmware provides a range of software services which facilitate the boot of the operating system (OS) as well as providing a smaller subset of these services that continue to be available after the operating system has booted…”), the memory to store a configuration setting for the computing device (Lewis, Paragraph [0039], see “…in order to change a system firmware configuration setting using UEFI variables, the operating system application asks for the input of the system firmware password, creates the hash as described above, and then clears the system firmware password from memory…Also, in another embodiment specific passwords are required for specific configuration settings stored in UEFI variables…”), the configuration setting configurable by application of a change request (Lewis, Paragraph [0006], see “…Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable…The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password…”, where “a request from an operating system-based application to change a UEFI authenticated variable” is being read as the configuration setting configurable by application of a change request), the memory further to store a first public key (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware”) 
	a buffer to store change requests submitted by a remote entity (Lewis, Paragraphs [0021 – 0025], see “…following the authentication header, is a SHA-256 hash of a buffer containing the following data…The string pointed to by the VariableName parameter of SetVariable( )…The GUID pointed by the VendorGuid parameter…The DataSize bytes pointed to by Data…such as a system firmware password…”) (Lewis, Paragraph [0026], see “During the processing of the SetVariable( ) function call by the firmware, the following sequence of steps may be used by an embodiment of the present invention to verify that the calling operating system application is authorized to change the variable…”), the change requests including a first change request to make a first setting change (Lewis, Paragraph [0016], see “…The sequence begins with the operating system sending a signed request to alter a UEFI authenticated variable to the system firmware…”) (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware”), (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware”), 
	a set of instructions to:
		retrieve the first change request or the second change request from the buffer (Lewis, Paragraph [0008], see “...The computing device also includes system firmware stored in Read Only Memory. The system firmware is configured to receive a request from the operating system-based application to alter a UEFI authenticated variable and examine the request…”) (Lewis, Paragraphs [0021 – 0025], see “…following the authentication header, is a SHA-256 hash of a buffer containing the following data…The string pointed to by the VariableName parameter of SetVariable( )…The GUID pointed by the VendorGuid parameter…The DataSize bytes pointed to by Data…such as a system firmware password…”) (Lewis, Paragraph [0026], see “During the processing of the SetVariable( ) function call by the firmware, the following sequence of steps may be used by an embodiment of the present invention to verify that the calling operating system application is authorized to change the variable…”);
		determine whether the retrieved change request is authenticated by the first public key or the second public key (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware. The request is received by the system firmware (step 102) and the data in the request is decrypted using the stored public key in the firmware’s key database (step 104). Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…”, where a determination is made that the retrieved change request is properly authenticated by a first public key), and
		in response to determining that the retrieved change request is authenticated, apply the retrieved change request to the configuration setting (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware. The request is received by the system firmware (step 102) and the data in the request is decrypted using the stored public key in the firmware’s key database (step 104). Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…”, where “Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…” is being read as applying the retrieved change request to the configuration setting in response to a successful authentication). 
	Lewis does not teach the following limitation(s) as taught by Masone: the memory further to store a first public key and a second public key (Masone, Paragraph [0041], see “…the server 140 may store public keys corresponding with the user’s private key 112 and the administrator’s private key 132. The server 140 may use those public keys when authenticating an administrator…The server 140 may then use the user’s public key half (that corresponds with the private key 112) to verify the proxy certificate 134 was generated using the private key 112…data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132…”, where the public keys corresponding with the user and administrator’s private keys are stored);
	the change requests including a first change request to make a first setting change and a second change request to make a second setting change (Masone, Paragraph [0043], see “…the control panel 200 of FIG. 2 may eb used to set system settings for one or more computing devices and also set user account preferences for a user’s cloud-based computing account…”) (Masone, Paragraph [0044], see “In contrast to system settings, user preferences (or user account preferences) are settings that are specific to a particular user, regardless of what computer the user is logged into…”, where “system settings” is being read as a first setting change and where “user preferences” is being read as a second setting change) (Masone, Paragraph [0046], see “In the control panel 200, the Network button 201 may allow a user or remote administrator to setup a network connection and make configuration changes for a given computing device…The keyboard button 208 may allow an administrator to setup and keyboard layouts and settings such as the functionality of control keys…The Mouse button 209 may allow an administrator to setup mouse user preferences such as sensitivity and single/double click parameters…”), the first change request signed by a first private key, the second change request signed by a second private key (Masone, Paragraph [0041], see “…In other embodiments, data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132…”, where “data sent to the server 140 from the administrator device 130…may be encrypted with the administrator’s private key 132” is being read as a second change request being signed by a second private key (administrator’s private key), the first private key corresponding to the first public key, the second private key corresponding to the second public key (Masone, Paragraph [0041], see “…the server 140 may store public keys corresponding with the user’s private key 112 and the administrator’s private key 132. The server 140 may use those public keys when authenticating an administrator…the administrator device 130 may send the proxy certificate 134 to the server 140 as part of a request to perform remote administration task for the use. The server 140 may then use the user’s public key half (that corresponds with the private key 112) to verify the proxy certificate 134 was generated using the private key 112…data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132. Successful decryption by the server 140 may act as authentication of the remote administrator…”, where the first private key corresponds to the first public key and the second private key corresponds to the second public key). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key, disclosed of Masone. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key. This allows for better security management by associating each change request with a different public/private key pair. Masone is deemed as analogous art due to the art disclosing multiple change requests, each utilizing different public/private key pairs (Masone, Paragraph [0041]). 

	Regarding claim 2, Lewis as modified by Masone teaches The computing device of claim 1, wherein the retrieved change request includes a change command block and a signature block (Lewis, Paragraphs [0021 – 0025], see “…following the authentication header, is a SHA-256 hash of a buffer containing the following data…The string pointed to by the VariableName parameter of SetVariable( )…The GUID pointed to by the VendorGUID parameter of SetVariable( )…The DataSize bytes pointed to by Data…Data shall point to a Unicode string consisting of a password…”, where “The string pointed to by the VariableName parameter of SetVariable( )” is being read as a change command block and where “DataSize bytes pointed to by Data” is being read as comprising a signature block), the change command block including a setting identifier to identify the configuration setting to be changed by the retrieved change request and a value identifier to identify a value to which the configuration setting is to be set (Lewis, Paragraph [0018], see “The UEFI specification defines the SetVariable( ) function as part of its runtime services…This function changes UEFI configuration settings stored in “variables”. Each variable consists of a GUID, a name, a variable-length block of data and a few attributes describing when it can be accessed, where it should be stored and what type of security should be used…”, where “Each variable consists of a GUID, a name, a variable-length block of data and a few attributes describing when it can be accessed…” is being read as a change command block including a setting identifier to identify the configuration setting to be changed and a value identifier to identify a value to which the configuration setting is to be set), the signature block including a signature generated by signing of the change command block using the first private key or the second private key (Lewis, Paragraph [0016], see “…That is, the data, or hash of the data, or portion of the data, is signed by a private key for which the corresponding public key is located in the system firmware…”) (Lewis, Paragraph [0026], see “During the processing of the SetVariable( ) function call by the firmware, the following sequence of steps may be used by an embodiment of the present invention to verify that the calling operating system application is authorized to change the variable…Compare the resulting new hash with the hash which immediately follows the authentication descriptor in the request. If they do not match, the calling application is not authorized to change the UEFI variable…other combinations of data in combination with the password may also be used by the operating system application and the firmware to create the hashes described herein…”, where “hash which immediately follows the authentication descriptor in the request” is being read as a signature block that includes a signature generated by signing of the change command block using the corresponding private key). 

	Regarding claim 3, Lewis as modified by Masone teaches The computing device of claim 2, wherein the signature block of the retrieved change request is readable as a string (Lewis, Paragraph [0025], see “The DataSize bytes pointed to by Data…Data shall point to a Unicode string consisting of a password, such as system firmware password...”, where “DataSize bytes pointed to by Data” is being read as comprising a signature block readable as a string), and the set of instructions is further to use the signature block as a password to authenticate the retrieved change request (Lewis, Paragraph [0016], see “…That is, the data, or hash of the data, or portion of the data, is signed by a private key for which the corresponding public key is located in the system firmware…”) (Lewis, Paragraph [0026], see “During the processing of the SetVariable( ) function call by the firmware, the following sequence of steps may be used by an embodiment of the present invention to verify that the calling operating system application is authorized to change the variable…Compare the resulting new hash with the hash which immediately follows the authentication descriptor in the request. If they do not match, the calling application is not authorized to change the UEFI variable…other combinations of data in combination with the password may also be used by the operating system application and the firmware to create the hashes described herein…”, where “hash which immediately follows the authentication descriptor in the request” is being read as a signature block that includes a signature generated by signing of the change command block using the corresponding private key).

	Regarding claim 5, Lewis does not teach the following limitation(s) as taught by Masone: The computing device of claim 2, wherein the signature block includes an administrative role identifier to identify an administrative role of an issuer of the retrieved change request (Masone, Paragraph [0040], see “…the administrator device 130 may include an administrator’s private key 132, which the administrator device 130 may use in a process of authenticating the administrator on the server 140 to perform remote administration tasks…the administrator device 130 may include a proxy certificate 134 that may be used to authenticate the administrator on the server 140 to perform remote administration tasks…”, where “proxy certificate 134” is analogous to an administrative role identifier), and the set of instructions is further to evaluate the administrative role identifier to authenticate the retrieved change request (Masone, Paragraph [0041], see “…The server 140 may use those public keys when authenticating an administrator…the administrator device 130 may send the proxy certificate 134 to the server 140 as part of a request to perform remote administration task for the user….data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132. Successful decryption by the server 140 may act as authentication of the remote administrator…”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising a data block in the request including an administrative role identifier, which is then evaluated to authenticate the change request, disclosed of Masone.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a data block in the request including an administrative role identifier, which is then evaluated to authenticate the change request. This allows for better security management by allowing a remote entity, such as an administrator device to initiate the change requests on the computing device, based on identifying and evaluating that the administrator device is properly authenticated. Masone is deemed as analogous art due to the art disclosing authenticating an administrator device based on the administrator device’s identifier (Masone, Paragraphs [0040 – 0041]). 

Regarding claim 6, Lewis as modified by Masone teaches The computing device of claim 2, wherein the signature block includes a target computing device identifier to identify the computing device (Lewis, Paragraph [0006], see “…Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware…”, where “pre-determined GUID” is being read as a target computing device identifier), and the set of instructions is further to evaluate the target computing device identifier to authenticate the retrieved change request (Lewis, Paragraph [0006], see “…The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable…”). 

Regarding claim 7, Lewis as modified by Masone teaches The computing device of claim 1, wherein the set of instructions is further to:
prior to determining whether the retrieved change request is authenticated by the first public key or the second public key, determine whether the retrieved change request is signed (Lewis, Paragraph [0016], see “The UEFI specification defines another means of establishing trust by requiring that data related to a change in a UEFI variable be signed by a key that can be attested to by one of the certificates in the system firmware’s key database…”, where a determination is made whether the retrieved change request is signed before authentication is granted);
in response to determining that the retrieved change request is not signed, determine whether the retrieved change request includes a password to authenticate the retrieved change request (Lewis, Paragraph [0017], see “Embodiments of the present invention provide an alternative mechanism to establish trust that does not require the operating system application to maintain or access any private keys. Instead security relies on a secret such as a password that is shared between the user and the system firmware…”);
in response to determining that the retrieved change request includes a password, determining whether the password authenticates the retrieved change request (Lewis, Paragraph [0017], see “…Embodiments of the present invention thus take advantage of a user’s knowledge of a secret, for example the system firmware password or other password, that is shared with the firmware in order to authorize updates to system firmware configuration settings stored in UEFI authenticated variables”) (Lewis, Paragraph [0037], see “…the GUID pointed to by the VendorGuid parameter of SetVariable( ) the TimeStamp structure and the system firmware password if that was the input data used by the operating system application in creating the original hash…The new hash is compared to the hash included in the request received from the operating system application…”); and
in response to determining that the password authenticates the retrieved change request, apply the retrieved change request to the configuration setting of the computing device (Lewis, paragraph [0037], see “…A determination is made as to whether the hashes match…If the hashes match, the UEFI authenticated variable may be changed as requested…”). 

Regarding claim 8, Lewis does not teach the following limitation(s) as taught by Masone: The computing device of claim 1, wherein the first private key and the second private key are securely stored remotely from the computing device and the remote entity at a centralized management server (Masone, Paragraph [0041], see “…the server 140 may store public keys corresponding with the user’s private key 112 and the administrator’s private key 132…”, where “server 140” is analogous to a centralized management server). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising the first and second private keys being securely stored remotely from the computing device at a centralized management server, disclosed of Masone. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising the first and second private keys being securely stored remotely from the computing device at a centralized management server. This allows for better security management by storing the private keys in a management server to keep the private keys more secure in case the computing device gets compromised by an unauthorized party. Masone is deemed as analogous art due to the art disclosing a server separate from the computing device, which is used to store the private keys (Masone, Paragraph [0041]).  

	Regarding claim 9, Lewis as modified by Masone teaches The computing device of claim 1, wherein the configuration setting comprises a firmware configuration setting (Lewis, Paragraph [0006], see “Embodiments of the present invention provide a mechanism for certifying that an operating system-based application…has authorization to change a UEFI authenticated variable held in the system firmware…”). 

	Regarding claim 10, Lewis teaches A non-transitory computer-readable medium comprising instructions that when executed cause a processor of a computing device to (Lewis, Paragraph [0042], see “Portions or all of the embodiments of the present invention may be provided as one or more computer-readable programs or code embodied on or in one or more non-transitory mediums…”):
	retrieve a first change request to change a first configuration setting for a target computing device (Lewis, Paragraph [0008], see “...The computing device also includes system firmware stored in Read Only Memory. The system firmware is configured to receive a request from the operating system-based application to alter a UEFI authenticated variable and examine the request…”) (Lewis, Paragraph [0026], see “During the processing of the SetVariable( ) function call by the firmware, the following sequence of steps may be used by an embodiment of the present invention to verify that the calling operating system application is authorized to change the variable…”), the first change request including a signature generated using a first private key selected (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware. The request is received by the system firmware (step 102) and the data in the request is decrypted using the stored public key in the firmware’s key database (step 104). Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…”, where the change request is signed by a first private key);
	determine whether the first change request is authenticated by a first public key stored on the target computing device (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware. The request is received by the system firmware (step 102) and the data in the request is decrypted using the stored public key in the firmware’s key database (step 104). Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…”, where a determination is made that the retrieved change request is properly authenticated by a first public key), the first public key corresponding to the first private key (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware”); and
	in response to determining that the first change request is authenticated, apply the first change request to change the first configuration setting of the target computing device (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware. The request is received by the system firmware (step 102) and the data in the request is decrypted using the stored public key in the firmware’s key database (step 104). Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…”, where “Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…” is being read as applying the retrieved change request to the configuration setting in response to a successful authentication). 
	Lewis does not teach the following limitation(s) as taught by Masone: the first change request including a signature generated using a first private key selected from a plurality of private keys (Masone, Paragraph [0041], see “…the server 140 may store public keys corresponding with the user’s private key 112 and the administrator’s private key 132. The server 140 may use those public keys when authenticating an administrator…the administrator device 130 may send the proxy certificate 134 to the server 140 as part of a request to perform remote administration task for the use. The server 140 may then use the user’s public key half (that corresponds with the private key 112) to verify the proxy certificate 134 was generated using the private key 112…data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132. Successful decryption by the server 140 may act as authentication of the remote administrator…”, where the first private key corresponds to the first public key and the second private key corresponds to the second public key, clearly indicating a plurality of private keys).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key, disclosed of Masone. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key. This allows for better security management by associating each change request with a different public/private key pair. Masone is deemed as analogous art due to the art disclosing multiple change requests, each utilizing different public/private key pairs (Masone, Paragraph [0041]). 

	Regarding claim 11, Lewis does not teach the following limitation(s) as taught by Masone: The non-transitory computer-readable medium of claim 10, wherein the instructions are further to:
	retrieve a second change request to change a second configuration setting for a target computing device (Masone, Paragraph [0043], see “…the control panel 200 of FIG. 2 may be used to set system settings for one or more computing devices and also set user account preferences for a user’s cloud-based computing account…”) (Masone, Paragraph [0044], see “In contrast to system settings, user preferences (or user account preferences) are settings that are specific to a particular user, regardless of what computer the user is logged into…”, where “system settings” is being read as a first setting change and where “user preferences” is being read as a second setting change) (Masone, Paragraph [0046], see “In the control panel 200, the Network button 201 may allow a user or remote administrator to setup a network connection and make configuration changes for a given computing device…The keyboard button 208 may allow an administrator to setup and keyboard layouts and settings such as the functionality of control keys…The Mouse button 209 may allow an administrator to setup mouse user preferences such as sensitivity and single/double click parameters…”), the second change request including a signature generated using a second private key selected from the plurality of private keys (Masone, Paragraph [0041], see “…In other embodiments, data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132…”, where “data sent to the server 140 from the administrator device 130…may be encrypted with the administrator’s private key 132” is being read as a second change request being signed by a second private key (administrator’s private key);
	determine whether the second change request is authenticated by a second public key stored on the target computing device, the second public key corresponding to the second private key (Masone, Paragraph [0041], see “…the server 140 may store public keys corresponding with the user’s private key 112 and the administrator’s private key 132. The server 140 may use those public keys when authenticating an administrator…The server 140 may then use the user’s public key half (that corresponds with the private key 112) to verify the proxy certificate 134 was generated using the private key 112…data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132…”, where the second change request utilizing the administrator’s private key is authenticated with the administrator’s (second) public key); and
	in response to determining that the second change request is authenticated, apply the second change request to change the second configuration setting of the target computing device (Masone, paragraph [0073], see “…The method 800 includes, at block 810, encrypting, by an administrator computing device using an administrator private key, a changed user preference and a changed system setting…the method 800 includes decrypting, by the server using a public key corresponding with the administrator’s name, the changed user preference and the changed user setting…the method 800 includes updating, by the server in a one or more database records, user preferences for a user account based on the changed user preference and system settings for a user computing device based on the changed system setting…proper decryption of the changed user preference and the changed user setting may serve to authenticate the administrator…”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key, disclosed of Masone. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key. This allows for better security management by associating each change request with a different public/private key pair. Masone is deemed as analogous art due to the art disclosing multiple change requests, each utilizing different public/private key pairs (Masone, Paragraph [0041]). 

	Regarding claim 12, Lewis teaches The non-transitory computer-readable medium of claim 11, wherein:
	the first change request includes a first administrative role identifier to identify a first administrative role of a first issuer of the first change request (Lewis, Abstract, see “…Embodiments of the present invention receive with the system firmware a request from an operation system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware”, where “password” is being read as identifying a firm administrative role issuing the change request);
	
	the instructions are further to:
		evaluate the first administrative role identifier to authenticate the first change request (Lewis, Abstract, see “…The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable…”); 
		
	Lewis does not teach the following limitation(s) as taught by Masone: the second change request includes a second administrative role identifier to identify a second administrative role of a second issuer of the second change request, the second administrative role identifier different from the first administrative role identifier (Masone, Paragraph [0040], see “…the administrator device 130 may include an administrator’s private key 132, which the administrator device 130 may use in a process of authenticating the administrator on the server 140 to perform remote administration tasks…the administrator device 130 may include a proxy certificate 134 that may be used to authenticate the administrator on the server 140 to perform remote administration tasks…”, where “proxy certificate 134” is analogous to an administrative role identifier and where the second administrative role identifier is different from the first, the first being the user’s public/private key pair); and
	evaluate the second administrative role identifier to authenticate the second change request (Masone, Paragraph [0041], see “…The server 140 may use those public keys when authenticating an administrator…the administrator device 130 may send the proxy certificate 134 to the server 140 as part of a request to perform remote administration task for the user….data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132. Successful decryption by the server 140 may act as authentication of the remote administrator…”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising a data block in the request including an administrative role identifier, which is then evaluated to authenticate the change request, disclosed of Masone.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a data block in the request including an administrative role identifier, which is then evaluated to authenticate the change request. This allows for better security management by allowing a remote entity, such as an administrator device to initiate the change requests on the computing device, based on identifying and evaluating that the administrator device is properly authenticated. Masone is deemed as analogous art due to the art disclosing authenticating an administrator device based on the administrator device’s identifier (Masone, Paragraphs [0040 – 0041]). 

	Regarding claim 14, Lewis teaches A non-transitory computer-readable medium comprising instructions that when executed cause a processor of a computing device to (Lewis, Paragraph [0042], see “Portions or all of the embodiments of the present invention may be provided as one or more computer-readable programs or code embodied on or in one or more non-transitory mediums…”):
	access a private key (Lewis, Paragraph [0015], see “…the operating system application itself is signed by a private key and the operating system application is verified by the firmware using the corresponding public key…”) (Lewis, Paragraph [0016], see “The UEFI specification defines another means of establishing trust by requiring that data related to a change in a UEFI variable be signed by a key that can be attested to by one of the certificates in the system firmware’s key database. That is, the data, or hash of the data, or portion of the data, is signed by a private key for which the corresponding public key is located in the system firmware”);
	generate a change command to change a configuration setting of a target computing device (Lewis, Paragraph [0016], see “…The sequence begins with the operating system sending a signed request to alter a UEFI authenticated variable to the system firmware…”, where the OS needs to generate the command before sending it);
	sign the change command using the private key to generate a signature (Lewis, Paragraph [0016], see “…In this request, the data is signed by a private key whose corresponding public key is stored in the system firmware…”);
	assemble the change command and the signature into a change request (Lewis, Paragraph [0016], see “That is, the data, or hash of the data, or portion of the data, is signed by a private key…The sequence begins with the operating system sending a signed request to alter a UEFI authenticated variable to the system firmware…In this request, the data is signed by a private key…The request is received by the system firmware and the data in the request is decrypted…”, where the change request is assembled to include the alteration command and the signature); and
	transmit the change request to the target computing device for the target computing device to apply the change request to change the configuration setting of the target computing device if authenticated using the public key (Lewis, Paragraph [0016], see “…The request is received by the system firmware and the data in the request is decrypted using the stored public key in the firmware’s key database…Once the request is decrypted, the request is processed and the UEFI authenticated variable is altered as requested…”).
	Lewis does not teach the following limitation(s) as taught by Masone: access a private key from a plurality of private keys (Masone, Paragraph [0041], see “…the server 140 may store public keys corresponding with the user’s private key 112 and the administrator’s private key 132. The server 140 may use those public keys when authenticating an administrator…the administrator device 130 may send the proxy certificate 134 to the server 140 as part of a request to perform remote administration task for the use. The server 140 may then use the user’s public key half (that corresponds with the private key 112) to verify the proxy certificate 134 was generated using the private key 112…data sent to the server 140 from the administrator device 130 during remote administration may be encrypted with the administrator’s private key 132, which the server 140 may decrypt using the corresponding public key half of the administrator’s private key 132. Successful decryption by the server 140 may act as authentication of the remote administrator…”, where the first private key corresponds to the first public key and the second private key corresponds to the second public key, clearly indicating a plurality of private keys).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, by implementing techniques for remote administration and delegation rights in a cloud-based computing device, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key, disclosed of Masone. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a second change request to make a second setting change, the second change request signed by a second private key and the second private key corresponding to the second public key. This allows for better security management by associating each change request with a different public/private key pair. Masone is deemed as analogous art due to the art disclosing multiple change requests, each utilizing different public/private key pairs (Masone, Paragraph [0041]). 



Claims 4, 13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Lewis, in view of Masone, in further view of Marr et al. (U.S. PGPub. 2015/0199519), hereinafter Marr.  

	Regarding claim 4, Lewis as modified by Masone do not teach the following limitation(s) as taught by Marr: The computing device of claim 2, wherein the signature block includes a counter to be incremented with each submission of a change request by the remote entity (Marr, Paragraph [0039], see “…at least one secure counter or other monotonic counting hardware mechanism can be implemented to track a number of changes and/or attempted changes to configuration information, such as firmware, in a hardware device. Such a counter can be used to verify that changes have not been made since last known “good” or verified state, such as by using standard cryptographic techniques including hashing and signing state information…”) (Marr, Paragraph [0043], see “…The value of the counter can be incremented automatically each time a user, application, or other source updates or otherwise attempts to write the firmware or other configuration information. A value of the counter can be stored each time the state of the firmware is validated or updated by an authorized source…”, where “The value of the counter can be incremented automatically each time a user, application, or other source updates or otherwise attempts to write the firmware or other configuration information” is analogous to a counter to be incremented with each submission of a change request by the remote entity), and the set of instructions is further to evaluate the counter to authenticate the retrieved change request (Marr, Abstract, see “Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware…”, where the counter is evaluated in order to authenticate the retrieved change request, due to if the counter is not matched, the system will prevent access to the firmware to conduct any changes/alterations). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, and techniques disclosed of Masone, by implementing techniques for managing firmware update attempts, comprising a counter to be incremented with each submission of a change request and evaluate the counter to authenticate the change request, disclosed of Marr.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a counter to be incremented with each submission of a change request and evaluate the counter to authenticate the change request. This allows for better security management by utilizing a counter to make sure the firmware is not in an unexpected state. Marr is deemed as analogous art due to the art disclosing the utilization of a counter to authenticate a firmware updates (Marr, Abstract). 

	Regarding claim 13, Lewis as modified by Masone do not teach the following limitation(s) as taught by Marr: The non-transitory computer-readable medium of claim 10, wherein the instructions are further to:
	identify a counter in the signature of the first change request (Marr, Paragraph [0039], see “…at least one secure counter or other monotonic counting hardware mechanism can be implemented to track a number of changes and/or attempted changes to configuration information, such as firmware, in a hardware device. Such a counter can be used to verify that changes have not been made since last known “good” or verified state, such as by using standard cryptographic techniques including hashing and signing state information…”) (Marr, Paragraph [0043], see “…The value of the counter can be incremented automatically each time a user, application, or other source updates or otherwise attempts to write the firmware or other configuration information. A value of the counter can be stored each time the state of the firmware is validated or updated by an authorized source…”, where “The value of the counter can be incremented automatically each time a user, application, or other source updates or otherwise attempts to write the firmware or other configuration information” is analogous to a counter to be incremented with each submission of a change request by the remote entity); and
	prior to applying the first change request to change the first configuration setting of the target computing device, evaluate the counter to authenticate the first change request (Marr, Abstract, see “Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware…”, where the counter is evaluated in order to authenticate the retrieved change request, due to if the counter is not matched, the system will prevent access to the firmware to conduct any changes/alterations). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, and techniques disclosed of Masone, by implementing techniques for managing firmware update attempts, comprising a counter to be incremented with each submission of a change request and evaluate the counter to authenticate the change request, disclosed of Marr.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a counter to be incremented with each submission of a change request and evaluate the counter to authenticate the change request. This allows for better security management by utilizing a counter to make sure the firmware is not in an unexpected state. Marr is deemed as analogous art due to the art disclosing the utilization of a counter to authenticate a firmware updates (Marr, Abstract). 

	Regarding claim 15, Lewis as modified by Masone do not teach the following limitation(s) as taught by Marr: The non-transitory computer-readable medium of claim 14, wherein the instructions are further to:
	increment a counter upon generation of the change request, the counter to be evaluated by the target computing device to authenticate the change request (Marr, Abstract, see “Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware…”, where the counter is evaluated in order to authenticate the retrieved change request, due to if the counter is not matched, the system will prevent access to the firmware to conduct any changes/alterations); and
	include the counter in the change request (Marr, Paragraph [0040], see “…In some cases where there is a segregation or separation of read and write requests, the counter can be configured to only update upon write requests (or similar requests to attempt to modify the firmware)…Thus, when an guest operating system (OS) is loaded on the host machine 404…any attempt to access and or modify the firmware will…be received through the PCI connector of the NIC, and thus will cause the counter 416 to adjust the count value accordingly…”, where each time a request to modify firmware is sent (change request) the counter is adjusted accordingly) (Marr, Paragraph [0051], see “…a counter is configured to increment or otherwise update state upon an update to firmware or other such action as described herein 602. This can take the form of physically installing the counter along the appropriate path between components, installing the counter in one of the components, programming a virtual counter stored in memory, or any other such action…Upon flashing of the firmware, a current value of the counter can be determined 606 and the current value can be stored as an expected value to a secure location 608…this can be a location internal or external to the hardware device and/or host machine. At a subsequent time, such as during an initial phase of a boot process or at any other appropriate time, the actual value of the counter can be determined 610…”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for verifying changes to UEFI authenticated variables, disclosed of Lewis, and techniques disclosed of Masone, by implementing techniques for managing firmware update attempts, comprising a counter to be incremented with each submission of a change request and evaluate the counter to authenticate the change request, disclosed of Marr.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for signed change requests to remotely configure settings, comprising a counter to be incremented with each submission of a change request and evaluate the counter to authenticate the change request. This allows for better security management by utilizing a counter to make sure the firmware is not in an unexpected state. Marr is deemed as analogous art due to the art disclosing the utilization of a counter to authenticate a firmware updates (Marr, Abstract). 




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499