Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The IDS of 9/18/2020 was received and considered.
Claims 1-21 are pending.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 15-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because claims 15-21 are directed to an “article of manufacture” comprising “a computer readable medium”.  However, the specification discloses that the claimed “medium” can include communications media (specification, p. 9), which does not fall within at least one of the four categories of patent eligible subject matter.
	
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 6-9, 13-16 and 20-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2019/0018966 A1 to Khatri et al. (Khatri).
Regarding claim 1, Khatri discloses an information handling system comprising: a processor (Fig. 1, 102); and a basic input/output system communicatively coupled to the processor and embodied by executable instructions embodied in non-transitory computer readable media (BIOS/UEFI, Fig. 1, 139, 140 including BMC, Fig. 1, 144), the instructions configured to, when executed by the processor: identify, for a firmware image (particular UEFI image, ¶45), a secure boot certificate (retrieve certificate from db or dbx, ¶45); identify, for the secure boot certificate, a certificate use policy (determine type of image the certificate may be used to authenticate, ¶45); determine whether the certificate use policy permits verification of the firmware image using the secure boot certificate (determine if the type matches the certificate, ¶45); and allow the firmware image to be verified with the secure boot certificate if the certificate use policy permits verification of the firmware image using the secure boot certificate (UEFI image is authenticated using the certificate, ¶45; see also Fig. 6).
Regarding claim 8, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.
Regarding claim 15, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.
Regarding claims 2, 9 and 16, Khatri discloses wherein the basic input/output system is further configured to disallow the firmware image to be verified with the secure boot certificate if the certificate use policy does not permit verification of the firmware image using the secure boot certificate (if the type of the UEFI image does not match the particular type, system sequentially checks each entry in the UEFI signature database for a subsequent certificate that was used to sign the image, ¶45).
Regarding claims 6, 13 and 20, Khatri discloses wherein the certificate use policy is integrated with the secure boot certificate (verification entries database 346 is integrated with the certificate on the system, ¶46; see also Fig. 3B).
Regarding claims 7, 14 and 21, Khatri discloses wherein the certificate use policy is a default policy associated with the information handling system (as per verification entries database 346, ¶46).  Note that the Khatri reference teaches requiring a validated certificate, which itself could be considered a default policy applicable to a given certificate.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3-4, 10-11 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Khatri, as applied to claims 1, 8 and 15 above, in view of US 2008/0104401 A1 to Miyamoto et al. (Miyamoto).
Regarding claims 3-4, 10-11 and 17-18, Khatri teaches storing a policy defining the use of the certificate in a verification entries database and hence lacks wherein the certificate use policy is embedded in the secure boot certificate.  However, Miyamoto teaches that it was known to embed a certificate policy in the extension fields which defines the purpose and use of the certificate (¶40).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Khatri to embed information related to the verification entries in the certificate itself.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize a known method of constraining certificates, as taught by Miyamoto. 

Allowable Subject Matter
Claims 5, 12 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claims 5, 12 and 19, the prior art teaches both embedding policy in a certificate and maintaining validation policies within the same information handling system, but the prior art lacks – alone or in a reasonable combination – the certificate use policy integrated with the certificate and embedded in the secure boot certificate, where the integrated policy overrides attributes of the embedded policy, in combination with the claims as a whole.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
May 25, 2022