DETAILED ACTION

1.	
This is in reply to an application filed on 02/16/2021. Claims 1-20 are pending examination.

2. 
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

3. Note no prior arts reads on the limitations of claims 1, 10 and 19

4.
Claim Objection
A)

Claims 3, 6, 12, and 15 are objected to, because one or more limitations of these claims lack an antecedent basis in the claim. The examiner suggests the following correction:
Claims 3 and 12:
Replacement of “the updated session token is included in the next request” with “the updated session token is included in a next request”.
Claim 6:
Replacement of “provide from the platform firmware the calling entity with a public half of an asymmetric key pair, the private half of the asymmetric key pair” with “provide from the platform firmware the calling entity with a public half of an asymmetric key pair, a private half of the asymmetric key pair”.

Claim 15:
Replacement of “providing from the platform firmware the calling entity with a public half of an asymmetric key pair, the private half of the asymmetric key pair” with “providing from the platform firmware the calling entity with a public half of an asymmetric key pair, a private half of the asymmetric key pair”.

2)
Claims 1, 6, 10, 13, 15 and 19 are objected to, because these claims have typographical errors. The examiner suggests the following correction: 
Claims 1, 10 and 19:
Replacement of “the calling entity and platform firmware” with “the calling entity and the platform firmware”.
Replacement of “and decrypting the firmware function call parameters and data” with “and decrypting the firmware function call parameters and the data”.

Claim 6:
Replacement of “perform requested firmware services” with “perform the requested firmware services”.
Replacement of “decrypting the firmware function call parameters and data” with “decrypting the firmware function call parameters and the data”.

Claim 13:
Replacement of “wherein the firmware function call parameters and data are exchanged via one or more communication buffers” with “wherein the firmware function call parameters and the data are exchanged via one or more communication buffers”.

Claim 15:
Replacement of “performing requested firmware services” with “perform the requested firmware services”.
Replacement of “decrypting the firmware function call parameters and data” with “decrypting the firmware function call parameters and the data”.

5.
Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 
Claims 1-5, 10-14, and 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
1)
It is unclear to which one of the “one or more requested firmware services”, the phrase “the calling entity and platform firmware exchanging firmware function call parameters and data related to the requested firmware services” referred to. Examiner suggests amending claims to resolve this issue such as adding the phrase “one or more” before the phrase “requested firmware services” in claims 1, 10, and 19.
2)
	Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention, it is unclear whether the symmetric key will be generated or not (i.e. using uncertain language for example “may be”). Examiner interpreted the claims to the best of his knowledge.

6.
Claim Rejections - 35 USC § 103
 In the event the determination of the status of the application as subject to AIA  35   U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 6-9 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Righi et al. US 9,734,311 (hereinafter Righi), in view of Silis et al. US 9,699,655 (hereinafter Silis).

Regarding claim 6 Righi teaches a non-transitory medium holding executable instructions for securing firmware function calls, the instructions when executed on at least one computing platform equipped with platform firmware and at least one processor, causing the computing platform to: receive with the platform firmware an initial request for firmware services from a calling entity; perform requested firmware services, the calling entity and platform firmware exchanging firmware function call parameters and data related to the requested firmware services (Righi teaches upon receiving a request to perform one or more operations, an access service in a firmware execution environment may be used to invoke firmware functions (col. 3, lin. 49- col. 4, lin. 1-11), fig. 1, and fig. 5). Righi does not teach provide from an entity the calling entity with a public half of an asymmetric key pair, the private half of the asymmetric key pair also known to the entity; receive with the entity an encrypted copy of a randomly generated symmetric key from the calling entity, the randomly generated symmetric key encrypted using the public half of the asymmetric key pair; decrypt the copy of the randomly generated symmetric key using the private half of the asymmetric key pair; and, the calling entity and the entity respectively encrypting and decrypting the plurality of communication data using the randomly generated symmetric key or the copy of the randomly generated symmetric key. Silis substantially teaches an action performed by the device and the provider, comprises exchanging one or more session keys. The session keys may be randomly generated symmetric keys, which are used for subsequent communications between the device and the provider. The session keys may be generated and provided by either the device or the provider. If the device generates the session keys, the device encrypts the session keys using the public key of the provider and transmits the encrypted session keys to the provider. The provider decrypts the session keys using the private key of the provider. If the provider generates the session keys, the provider encrypts the session keys using the public key of the device and transmits the encrypted session keys to the device. The device decrypts the session keys using the private key of the device, wherein the one or more session keys may be used by both the device and the provider to encrypt and decrypt exchanged data (col. 6, lin. 43-64). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Righi such that the invention further includes provide from an entity the calling entity with a public half of an asymmetric key pair, the private half of the asymmetric key pair also known to the entity; receive with the entity an encrypted copy of a randomly generated symmetric key from the calling entity, the randomly generated symmetric key encrypted using the public half of the asymmetric key pair; decrypt the copy of the randomly generated symmetric key using the private half of the asymmetric key pair; and, the calling entity and the entity respectively encrypting and decrypting the plurality of communication data using the randomly generated symmetric key or the copy of the randomly generated symmetric key. One would have been motivated to do so to make the system securer (i.e. to protect the confidentiality of data exchanged between the two entities from malicious actions such as eavesdropping attack).

Regarding claim 7 Righi as modified teaches the medium of claim 6 wherein the initial request for firmware services includes a request to establish a session between the calling entity and the platform firmware (Righi teaches a firmware environment may receive a request with many variables, to perform one or more operations (col. 3, lin. 15-35 and fig. 1).  

Regarding claim 8 Righi as modified teaches the medium of claim 7 wherein the requested firmware services are performed within a session established following the initial request (Righi teaches using a session handle in subsequent requests to perform one or more operations (col. 3, lin. 15-35, col. 4, lin. 29-62 and fig. 1).  

Regarding claim 9 Righi as modified teaches the medium of claim 6 wherein the randomly generated symmetric key is generated, used or both, within a secure enclave created by a Central Processing Unit (CPU) in the computing platform (Silis teaches a device may include a plurality of components such as a CPU (col. 7, lin. 59-62 and fig. 5), wherein a session key may be generated by the device (col. 5, lin. 6-17)).  


In response to Claim 15: Rejected for the same reason as claim 6
In response to Claim 16: Rejected for the same reason as claim 7
In response to Claim 17: Rejected for the same reason as claim 8
In response to Claim 18: Rejected for the same reason as claim 9








Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541.  The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AYOUB ALATA/Primary Examiner, Art Unit 2494