DETAILED ACTION
This Action is in consideration of the Applicant’s response on March 24, 2022.  Claims 1 – 3, and 7 are amended by the Applicant.  Claims 1 – 20, where Claims 1, 9, and 17 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
	Applicant’s arguments filed March 24, 2022 have been fully considered but they are not persuasive.  Applicant argued:
a)	Regarding Claims 1, 9, and 17, Liguori does not disclose or suggest of “a firmware update to the component…cause the component to enter a recover mode…forces the component to accept and install the firmware update.”
b)	Regarding Claim 16, Liguori does not disclose or suggest of “generat[ing] an attestation binary large object reporting the firmware status of the component.”
The Office respectfully disagrees with Applicant’s assertions.
1.	With regards to a), the Office reminds the Applicant that the pending claims must be "given the broadest reasonable interpretation consistent with the specification" [In re Prater, 162 USPQ 541 (CCPA 1969)] and "consistent with the interpretation that those skilled in the art would reach" [In re Cortright, 49 USPQ2d 1464 (Fed. Cir. 1999)].  Furthermore, the Applicant is reminded that although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPTQ2d 1057 (Fed. Cir. 1993).
	Foremost, Liguori initiating and maintaining a power reset to various components (e.g., processor) of the server does not prevent an update to the various components.  The Applicant appears to opine that an update to firmware in non-volatile memory does not update the processor, and is a distinct component from the non-volatile memory [See Remarks, Pg. 13].
	As indicated by the Applicant, the programmable security logic may make the firmware replacement or update…while holding processor(s) 510 and BMC 520 in power reset [See Remarks, Pg. 13].  However, holding the processor(s) and BMC in power reset is what “forces the component to accept and install the firmware update” for the processor(s) or BMC because this prevents malicious code run by the processor(s) or BMC from changing the contents of the non-volatile memory [See Liguori, Para. 0089, cited by Applicant].  The processor(s) or BMC then boot using the corresponding updated firmware in the non-volatile memory [See Liguori, Para. 0066, 0090-91].  In other words, updating the firmware in the non-volatile memory updates the processor(s) and/or BMC because they run the updated firmware when the reset signal is released.  Therefore Liguori discloses the claimed limitation.
2.	With regards to b), the limitation “attestation binary large object” is not specifically described in the claim other than that it reports the firmware status of the component.  Liguori discloses that firmware verification is performed using a public key to verify the signature of the read firmware [Para. 0062].  The Applicant attempts to oversimplify or ignore other portions of the cited paragraph that are regarding the verification of the firmware; verifying that the firmware read back from non-volatile memory has been signed with correct digital keys; digital meaning binary data.  Without further clarification and detail, the claim limitation is not distinguishable over the cited art.

	Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by PGPub. 2018/0165455 (hereinafter “Liguori”).
3.	Regarding Claim 1, Liguori discloses of a trusted device for causing a component of a computing device to accept a firmware update [Fig. 5, item 560; Fig. 7; Para. 0057, adapter device], comprising:
a management interface configured to receive a command that authorizes a firmware update to the component [Figs. 1, 5 and 7; Para. 0018, 0035, 0056, 0062, 0065; adapter device controlled by management service via network interface to reboot the server for a new customer];
a recovery device logic that is configured to generate, in response to the command, a signal configured to cause the component to enter a recovery mode [Figs. 5 and 7; Para. 0085; control logic that sends a signal to place processing units in a power reset state]; and
an interface of the trusted device that is configured to pass the signal to the component to cause the component to enter the recovery mode [Fig. 5 and 7; Para. 0085; GPIO to send reset signal], wherein the recovery mode forces the component to accept and install the firmware update provided to the component [Figs. 5, 7, and 9; Para. 0062, 0065, 0088-89; if an update is necessary, firmware is updated while execution components are in reset state].
4.	Regarding Claim 2, Liguori discloses all the limitations of Claim 1.  Liguori further discloses of:
a recovery interface portion of the interface of the trusted device [Fig. 5 and 7; Para. 0085; network interface comprises GPIO bus connection]; and
a recovery bus configured to be connected between the recovery interface and an interface of the component [Fig. 5; Para. 0058, 0085, GPIO bus connects adapter device to reset controller and various components, such as the processors and BMC];
wherein passing a portion of the signal to the interface of the component causes the component to enter the recovery mode [Fig. 5; Para. 0064].
5.	Regarding Claim 3, Liguori discloses all the limitations of Claim 2.  Liguori further discloses that the trusted device further comprises:
an enable register portion of the interface of the trusted device [Fig. 11; Para. 0121-122; configuration registers in adapter device];
a switch configured to be connected between the recovery bus and an interface of the component [Fig. 5, e.g., item 515; Para. 0058]; and
an enable line configured to be connected between the enable register and the switch [Fig. 5 and 7; Para. 0085; GPIO pins],
wherein a portion of the signal is configured to activate the switch to pass the signal to the interface of the component [Fig. 5; Para. 0085].
6.	Regarding Claim 4, Liguori discloses all the limitations of Claim 1.  Liguori further discloses that the management interface is an ethernet interface to a network segment that is (i) segregated from other network segments and (ii) associated with an infrastructure management system [Figs. 2 and 5; Para. 0041; network interface of adapter device can comprise of Ethernet for communicating with external network and management service].
7.	Regarding Claim 5, Liguori discloses all the limitations of Claim 1.  Liguori further discloses that the recovery device logic is configured to identify the component from a set of one or more components of a computing device as a destination for the signal [Figs. 5, 7, and 9; Para. 0059, 0062-63, 0065, 0085-86, 0098].
8.	Regarding Claim 6, Liguori discloses all the limitations of Claim 5.  Liguori further discloses that the recovery device logic receives the command among a set of commands delivered through the management interface in the appropriate order in which to send the signal to the component from among a set of one or more other signals intended for other components of the set of one or more components [Figs. 5, 7, and 9; Para. 0059, 0062-63, 0065, 0085-86, 0098].
9.	Regarding Claim 7, Liguori discloses all the limitations of Claim 1.  Liguori further discloses that the trusted device further comprises:
an enable register portion of the interface of the trusted device [Fig. 11; Para. 0121-122; configuration registers in adapter device] configured to be connected to a switch connected to an interface of the component, wherein sending an switch activation portion of the signal to the switch enables access through the switch to the interface of the component [Fig. 5 and 7; Para. 0085; GPIO pins of adapter device toggles a switch that allows access to various components of the server];
a recovery interface portion of the interface of the device configured to be connected through the switch to the interface of the component, wherein sending a recovery mode portion of the signal to the interface of the component causes the component to enter the recovery mode [Fig. 5 and 7; Para. 0064, 0085; network interface comprises GPIO bus connection that toggles the switch and places components in reset mode];
wherein the recovery device logic is configured to (i) identify the component from a set of one or more components of a computing device as a destination for the signal, (ii) send the switch activation portion of the signal for the component among the set of one or more components, and (iii) send the recovery mode portion of the signal through the switch to the component, and prevent the passage of the recovery mode signal to other components of the set of one or more components [Figs. 5, 7, and 9; Para. 0059, 0062-63, 0065, 0085-86, 0098].
10.	Regarding Claim 8, Liguori discloses all the limitations of Claim 1.  Liguori further discloses that the recovery device logic comprises instructions stored on a non-transitory computer readable medium [Fig. 7; Para. 0085-86, 0120].
11.	Regarding Claim 9, Liguori discloses a system for applying a firmware update to a set of one or more computing devices [Abstract; Fig. 1], comprising:
a trusted device installed in each computing device of the set, wherein the trusted device includes a device recovery interface, an enable register interface, a management interface, and a recovery bus that is connected to the device recovery interface [Fig. 5 and 7; Para. 0058, 0085, GPIO bus connects adapter device to reset controller and various components, such as the processors and BMC, and the programmable security logic];
a component of a first type installed in each computing device of the set [Figs. 1, 2, and 5; can be processor, BMC, etc.], wherein the component includes a sideband component interface, and a switch connected between the sideband component interface and the recovery bus, wherein the switch includes a set of activation pins connected by an enable line to the enable register interface [Fig. 5; Para. 0059; GPIO bus activates switches that are between the communication data path of the processors and BMC]; and
an infrastructure manager that is connected to the management interface of each trusted device installed in each of the computing devices of the set [Fig. 1, 2, and 5; Para. 0026, 0040; management service connected to the various servers through the network interface for each of the included adapter devices]:
wherein the trusted device is configured to, in response to receiving a command from the infrastructure manager [Figs. 1, 5 and 7; Para. 0018, 0035, 0056, 0062, 0065; adapter device controlled by management service via network interface to reboot the server for a new customer],
(i) generate and send an activation signal from the enable register interface through the enable lines to the activation pins of the switch to enable signals to pass from the recovery bus through the switch to the sideband component interface [Fig. 5 and 7; Para. 0085; GPIO pins of adapter device toggles a switch that allows access to various components of the server and also sends a reset signal to the components],
(ii) generate and send a recovery signal from the sideband device interface through the recovery bus to the sideband component interface, where the recovery signal is configured to cause the component to enter a recovery mode [Fig. 5 and 7; Para. 0064, 0085; network interface comprises GPIO bus connection that sends a reset signal to place components in reset mode], and
(iii) provide a firmware update to the component, where the recovery mode forces the component to accept and install the firmware update [Figs. 5, 7, and 9; Para. 0062, 0065, 0088-89; if an update is necessary, firmware is updated while execution components are in reset state].
12.	Regarding Claim 10, Liguori discloses all the limitations of Claim 9.  Liguori further discloses of:
a second component of a second type installed with a second switch in each computing device of the set, wherein sending the activation signal to the switch, but not to the second switch causes the recovery signal to be received by the component, and not received by the second component [Para. 0068, 0103; multiple processors and/or BMC may be disconnected from each other utilizing a switch].
13. 	Regarding Claim 11, Liguori discloses all the limitations of Claim 9.  Liguori further discloses that the trusted device is in a same power domain as the component [Fig. 2; Para. 0064, 0097].
14. 	Regarding Claim 13, Liguori discloses all the limitations of Claim 9.  Liguori further discloses that the trusted device is a card installed in the computing device [Fig. 2; Para. 0040].
15. 	Regarding Claim 13, Liguori discloses all the limitations of Claim 9.  Liguori further discloses that the trusted device is integrated with a motherboard of the computing device [Fig. 2; Para. 0040]. 
16. 	Regarding Claim 14, Liguori discloses all the limitations of Claim 9.  Liguori further discloses that the trusted device is configured to provide the firmware update to the component device through a main-band interface of the device that is connected to a motherboard of the computing device [Fig. 5; Para. 0057, 0065, 0097-98].
17. 	Regarding Claim 15, Liguori discloses all the limitations of Claim 9.  Liguori further discloses that the trusted device is configured to provide the firmware update to the component through the device recovery interface [Fig. 5; Para. 0057, 0065, 0097-98].
18.	Regarding Claim 16, Liguori discloses all the limitations of Claim 9.  Liguori further discloses that the trusted computing device:
generates an attestation binary large object reporting the firmware status of the component [Para. 0062; firmware verification can be performed by a remote network-based external key management or security authentication service by reading the firmware through the adapter device]; and
transmits the attestation binary large object through the management interface to a management server [Para. 0062; firmware verification can be performed by a remote network-based external key management or security authentication service by reading the firmware through the adapter device].
19.	Regarding Claim 17, Liguori discloses a method for securely updating firmware [Abstract; Fig. 9], comprising:
receiving a command by a trusted device, wherein the command authorizes a firmware update for a component of a computing device [Figs. 1, 5, and 7; Para. 0018, 0035, 0056, 0062, 0065; adapter device controlled by management service via network interface to reboot the server for a new customer]; 
in response to receiving the command, generating a recovery mode signal configured to cause the component to enter a recovery mode in which the component is configured to accept the firmware update [Figs. 5 and 7; Para. 0085; control logic that sends a signal to place processing units in a power reset state];
transmitting the recovery mode signal from the trusted device to the component causing the component to enter the recovery mode [Fig. 5 and 7; Para. 0085; GPIO to send reset signal]; and
updating the firmware of the component while in the recovery mode by installing the firmware update [Figs. 5, 7, and 9; Para. 0062, 0065, 0088-89; if an update is necessary, firmware is updated while execution components are in reset state].
20.	Regarding Claim 18, Liguori discloses all the limitations of Claim 17.  Liguori further discloses of:
sending an activation signal to a switch connected to the component, wherein the activation signal is configured to activate a switch to allow signals to pass through the switch to the component [Fig. 5; Para. 0060, 0103]; 
while the activation signal is being sent to the switch, transmitting the recovery mode signal configured to cause the component to enter the recovery mode [Fig. 5 and 7; Para. 0064, 0085; network interface comprises GPIO bus connection that toggles the switch and places components in reset mode];
while the component is in the recovery mode, transmitting the firmware update to the component [Figs. 5, 7, and 9; Para. 0062, 0065, 0088-89; if an update is necessary, firmware is updated while execution components are in reset state];
receiving an indication that the firmware update has completed [Para. 0065-66]; and
terminating the activation signal following the completion of the update [Para. 0065-66].
21.	Regarding Claim 19, Liguori discloses all the limitations of Claim 18.  Liguori further discloses of authenticating the firmware update before transmitting the firmware update to the component [Fig. 5; Para. 0065; performed only if performed from trusted source].
22.	Regarding Claim 20, Liguori discloses all the limitations of Claim 18.  Liguori further discloses of transmitting the firmware update to the component from the trusted device through a sideband interface of the component [Fig. 5; Para. 0065].
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496