Detail Action
 	Claims 1, 3, 5-6, 8-17, and 19-24 are pending. Claims 2, 4, 7, and 18 are canceled. Claims 21-24 are new.  This is in response to Applicant’s arguments and amendments filed on April 1, 2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
 	Objections to Claims 15 and 16 are withdrawn in view of the amendments to the claims.
	Rejection under U.S.C 101 to claims 1-3, 7-12 and 19-20 are withdrawn in view of the amendments to the claims.
 	Applicant’s arguments with respect to claims 1, 19 and 20 have been considered but are moot in view of the amendments to the claims which necessitate new grounds of rejection.
 	This action is Final.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3, 5-6, 8-10, 15, 19-23 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by PG Pub 20200097658 (hereinafter Samuel)
 	Regarding claim 1, Samuel discloses a method comprising:
 	configuring one or more measurement objects in a startup process in a security chip (Fig. 6 and par. [0058]-[0060] discloses “…a secure boot that includes extending a root of trust of the BIOS 112 to each of the firmware 110 of the components… At 606, the firmware of the component may be read and a measurement (e.g., a hash value) associated with the firmware determined…”);
 	restarting the one or more measurement objects in an order of chains of trust;
measuring characteristic values of the one or more measurement objects, the
characteristic values including hash values (par. [0060]-[0062] discloses if a component hash value does not match then an updated value obtained from a server which then is verified again); 
 	matching the characteristic values with pre-stored trusted reference characteristic
values (par. [0061] discloses if a firmware hash is matched the booting process continues by either reading more components if there are more to read or performing the boot process); and
 	performing a corresponding operation according to a matching result (par. [0060]-[0062] discloses whether a has value is matched or not). wherein
performing the corresponding operation according to the matching result comprises:
triggering a system alarm in response to determining that a characteristic value of a current measurement object does not match with a corresponding pre-stored trusted reference characteristic value in the security chip (par. [0062] discloses “If a determination is made, at 618, that the hash of the firmware of the component fails to match the stored hash in the updated table, then the process may proceed to 620, where one or more actions may be performed based on a policy. For example, the one or more actions may include: (1) notifying, at 622, a system administrator and/or a user”);
 		receiving feedback information of the system alarm; and
 		updating the corresponding pre-stored trusted reference characteristic value in the security chip with a measured characteristic value of the current measurement object in response to the feedback information indicating that the current measurement object is updated by a system administrator's operation (see updated hash table; see also Fig. 7 and related paragraphs for how a new updated hash value is obtained).

 	Regarding claims 3 and 21, Samuel discloses wherein measuring the characteristic values of the one or more measurement objects comprises measuring the characteristic values of the one or more measurement objects one by one (Fig. 6 and par. [0060] discloses measurement for each component one at a time).

 	Regarding claims 5-6 and 22, Samuel discloses wherein configuring the one
or more measurement objects in the startup process in the security chip comprises:
configuring a trusted reference hash value of a first measurement object of the
one or more measurement objects; and storing the trusted reference hash value of the first measurement object in a storage space of the security chip wherein the storage space comprises a non-volatile storage space. (Fig. 1 and par. [0030]-[0031] disclose the hash table stored in NVRAM).

 	Regarding claims 8-9, Samuel discloses wherein measuring the
characteristic values of the one or more measurement objects comprises measuring
the hash values of the one or more measurement objects wherein matching the
characteristic values with pre-stored trusted reference characteristic values comprises
matching the hash values with pre-stored trusted reference hash values. See claim 1 rejection.

 	Regarding claim 10, Samuel discloses wherein performing the corresponding operation according to the matching result further comprises:
 	determining that the hash values of the one or more measurement objects are different from the pre-stored trusted reference hash values; determining that a verification fails. See claim 1 rejection.

 	Regarding claims 15 and 23, Samuel discloses wherein: triggering the system alarm comprises notifying the system administrator whether the current measurement object is actively updated (Fig. 6, step 614 and 622 suggest after requesting the updated hash if the updated value failed it will notify an administrator).

	Claims 19-20 are rejected in view of claim1 rejection.
 	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Samuel in view of PG Pub 20190363894 (hereinafter Kumar)
 	 Regarding claim 11, Samuel discloses blocking a starting (Fig. 6, steps 628-630); and
 	Samuel does not explicitly disclose entering a privilege enforcement mode. However, Kumar teaches that OEM may shut down the system or enter a repair
code when boot integrity checks fail (par. [0033] discloses if boot integrity checks fail a restricted repair mode can be taken). Samuel and Kumar are analogous art to the claimed invention because they are in the same field of secure boot. Therefore, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to modify Samuel with the teaching of Kumar to incorporate steps to take when boot verification fails.
 	
	Claims 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Samuel in view of PG Pub 20190050234 (hereinafter Segal)
 	Regarding claim 12, Samuel discloses wherein performing the corresponding operation according to the matching result further comprises:
 	determining that the hash values of the one or more measurement objects are the same as the pre-stored trusted reference hash values (see claim 1 rejection);
 	Samuel does not expressly disclose monitoring the one or more measurement objects; and performing a system restart monitoring operation. Segal discloses a firmware component is measured at boot time and even after the CPU has emerged from reset corresponding to pre-boot activities of the component, while other actions and performance characteristics are monitored using CPU- and/or software-based measuring tools (par. [0032]). Samuel and Segal are analogous art to the claimed invention because they are in the same field of secure boot. Therefore, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to modify Samuel with the teaching of Segal to incorporate steps to take during booting to improve some shortcomings disclosed by Segal (Segal, par. [0012]-[0014]).

 	Regarding claim 13, Samuel discloses wherein monitoring the one or
more measurement objects comprises:
 	marking a hash value of the current measurement object as a first value;
reading a trusted reference hash value of the current measurement object stored in
the security chip to obtain a second value; determining that the first value is equal to the second value; determining that a verification succeeds (see claim 1 rejection); and
 	performing a verification process for a measurement object next to the current
measurement object (there are more than one component to be verified during a boot process. See Fig. 6 of Samuel).

 	Regarding claim 14, Samuel discloses wherein monitoring the one or more measurement objects comprises:
 	marking a hash value of the current measurement object as a first value;
reading a trusted reference hash value of the current measurement object stored in
the security chip to obtain a second value, wherein the system alarm is triggered in response to determining that the first value is not equal to the second value (see claim 1 rejection, particularly Fig. 6 at step 622 and par. [0062]).

 	Claim 16 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Samuel in view of PG Pub 20170308704 (hereinafter Ray)
	Regarding claims 16 and 24, Samuel discloses wherein: performing the corresponding operation according to the matching result further comprises:
 	restoring an originally unchanged measurement object (Fig. 6, step 624 discloses downloading current firmware));
  	determining that a malicious attack occurs in response to the feedback information indicating that the current measurement object is not updated by the system administrator's operation (when a hash value is not matched, it is an indication of a possible attack); 
 	Samuel does not expressly disclose performing an intrusion detection operation. Ray discloses executing a program to remediate against a threat, i.e., an intrusion detection, when a threat is detected (par. [0061]). Samuel and Ray are analogous art to the claimed invention because they are in the same field of secure boot. Therefore, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to modify Samuel with the teaching of Ray to implement various remedial actions during a secure boot.
 	
 	Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Samuel in view of "reboot()- UNIX, Linux System Call" by Tutorialspoint (hereinafter Linux)
 	Regarding claim 17, Samuel discloses wherein performing the system restart monitoring operation comprises: 
 	 marking a hash value of the current measurement object as a first value;  reading a trusted reference hash value of the current measurement object stored in the security chip to obtain a second value; determining whether the first value is equal to the second value; and in response to determining that the first value is equal to the second value, determining that a verification succeeds; or in response to determining that the first value is not equal to the second value, determining that the verification fails and triggering the system alarm, wherein the system alarm comprises notifying a system administrator of whether the current measurement object is actively updated (see claim 1 rejection).
	However, Samuel does not expressly disclose starting system restart monitoring when entering a system call layer and calling a restart system call interface. Linux discloses a system call command to reboot or restart a Linux system (first line: "reboot()"). The system call command would be entered through the system call layer and the system call interfaced is called. Samuel and Linux are analogous art to the claimed invention because they are in the same field of system reboot. Therefore, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to modify Samuel with the teaching of Linux to start a reboot of a system such as Linux system.



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRI M TRAN/Primary Examiner, Art Unit 2432