Notice of Pre-AIA  or AIA  Status
      The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
    Claims 1- 18 are presented for examination.

DETAILED ACTION
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1-18 are   rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
  
  Claims 1, 7, 13  recites the limitation " offloading the plurality of individual integrity verifications processing to an application processor in non-block mode in early driver execution environment phase of a basic input/output system. The terminology “non-block mode”  is   unclear and the use of this phrase which renders the claim indefinite because  it is not clear whether “ non-block mode” is verifying one firmware volume of the secondary firmware image in each boot session[ page 21, lines 15-22 of the specification document)] or performing a plurality of  individual integrity verifications wherein each of the plurality of individual integrity verifications is performed on a respective portion of the secondary firmware image in a manner that minimizes a boot time for the information handling system[Page 5 lines 25-30 of the specification document]. Specifically it is not clear whether the non-block mode is verifying a firmware volume in a boot session or performing plurality of verifications on the respective portions of the secondary firmware image in a boot session.

 Examiner interprets as “plurality of individual integrity verifications is performed on a respective portion of the secondary firmware image in a manner that minimizes a boot time for the information handling system” [Page 5 lines 25-30 of the specification document].
        The dependent claims 2-6, 8-12,14-18 are rejected on the same basis.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1,3, 6, 7, 9, 12, 13, 15, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Laredo et.al. (U.S Patent 9,519,786; hereinafter “Laredo”; Reference cited as prior art in previous office action) in view of Prakash et.al. (U.S Patent Application Publication 2011/0131447; hereinafter “Prakash”; Reference cited as prior art in previous office action) further in view of Jreij et.al. (U.S Patent Application Publication 2019/0042754; hereinafter “Jreij”)


Regarding claims 1, 7, 13, Laredo discloses, an information handling system comprising: 
a processor[“processor 124”; Fig.2] ; and 
a program of instructions embodied on non-transitory computer readable media, the instructions, when read and executed, for causing the processor to perform integrity verification of a secondary firmware image that serves as a backup to a primary firmware image of an information handling resource by[“For instance, memory/storage 126 stores information accessible by processor 124, including instructions 128 that may be executed by the processor 124 and data 130 that may be retrieved, manipulated or stored by the processor 124.”, col 4 lines 24-40; Each client device 102, 110 includes a microcontroller 136 that stores a image 138 in read-only memory such that the image 138 cannot be tampered with or otherwise modified…”, ; The image 138 stored in the microcontroller 136 corresponds to a firmware version that is known to be an accurate representation due to, for example, the lack of user access to modify the image 138.  Before the firmware 134 is executed to boot the client devices 102, 110, the microcontroller 136 communicates with the flash chip 132 to determine if the firmware 134 stored on the flash chip 132 is an accurate representation of the boot software for the client devices 102, 110.  There may be many reasons that the boot software is incorrect, e.g., a virus, hacker tampering, outdated boot software, etc. The microcontroller 136 determines whether the firmware 134 is correct by comparing the firmware 134 to the image 138 which is known to correspond to an accurate representation of the firmware.  While the entire image may be compared against the firmware, this is not required. ..”, col 6 lines 27-44 ( i.e the image stored in the flashchip corresponds to the secondary firmware image and the image stored in the microcontroller is the primary firmware image) ].
determining that integrity verification of the secondary firmware image failed and initiating recovery of the secondary firmware image if one of the plurality of individual integrity verifications fails [“The client device includes a flash chip for storing firmware and a microcontroller for storing an image in read-only memory.  The image provides an accurate representation of the firmware.  .. For instance, the process may also include checking the cryptographic hash of the image to see if it was signed in a way that could be verified against a known good public key.  This may be performed in block 415.  “, col 7 lines 27-45; col 7 lines 59-65; “In the event that the firmware 134 stored on the flash chip 132 does not correspond to the image 138 stored on the microcontroller 136, the client devices 102, 110 are not booted.  The microcontroller 136 may correct the errors in the firmware 134 by flashing the firmware 134 using the image 138.  The firmware 134 is flashed by loading the contents of the image 138 onto the bus 140 such that the firmware 134 is overwritten with the image 138.  After the firmware 134 is flashed, the client devices 102, 110 may then be booted using the firmware 134 that is now an accurate representation.  ..”, col 6 lines 45-69; col 8 lines 29-38] 
However Laredo does not expressly disclose performing a plurality of individual integrity verifications wherein each of the plurality of individual integrity verifications is performed on a respective portion of the secondary firmware image in a manner that minimizes a boot time for the information handling system by offloading the plurality of individual integrity verifications processing to an application processor in non-block mode in early driver execution environment phase of a basic input/output system.

In the same field of endeavor (e.g. an automated modular and secure boot firmware update to replace one original boot firmware code module rather than requiring download and update of an entire boot firmware monolithic image) Prakash teaches ,
    performing a plurality of individual integrity verifications wherein each of the plurality of individual integrity verifications is performed on a respective portion of the secondary firmware image in a manner that minimizes a boot time for the information handling system [“..Boot firmware code modules.. ”, 0014;” The method may include confirming the integrity of the updated boot firmware module prior to writing the updated boot firmware module to the update partition of the firmware volume”, 0015; 0028; 0030; out-of-band communication channel 171 is used to transfer updated boot firmware code modules to platform 100. In the embodiment shown, enterprise services 170 has an enterprise data repository 172 to store information such as versions of boot firmware code modules installed on the host system,..“, 0039; “..boot firmware modular update manager 240 verifies the integrity of the boot firmware update by calculating a signature from the updated code module/driver content .. “, 0043; If the integrity of the updated code module/driver was confirmed in action 3.3, boot firmware modular update manager 240 updates a firmware volume with the updated code module/driver in action 3.4.  In one embodiment, updated code modules/drivers are placed into a separate dedicated partition of the firmware volume to facilitate the modular update, whereas the monolithic image of the original boot firmware code modules resides in a different partition of the firmware volume”, 0044; Fig.3; “Loading of updated boot firmware code modules/drivers in accordance with the present invention occurs during the driver execution environment (DXE) phase 430 under control of a boot firmware modular update dispatcher”, 0051; ( i.e. the update/ firmware  code modules corresponds to the portions of a firmware image. The plurality of update code modules/ drivers are verified for their integrity individually before storing in a dedicated  Firmware volume partition. Hence plurality of individual integrity verifications are performed on the update code modules/ drivers. );   “The boot firmware modular update mechanism described herein enables individual boot firmware code modules to be updated rather than requiring download and update of an entire boot firmware monolithic image.., since the user is not required to reboot his or her system to receive a modular boot firmware update 0063 (i.e Further Prakash teaches the update process is not required to reboot the system to receive a modular boot firmware update. Hence minimizing the boot time of the system)] by offloading the plurality of individual integrity verifications processing to an application processor in non-block mode[ “ a manageability engine (ME) 130, which may be implemented as an embedded microprocessor that operates independently of host processor 110, to manage the configuration and operation of platform 100. ", 0023; 0043;0052;  Boot firmware modular update dispatcher 610 operates during pre-boot to schedule drivers for execution. In one embodiment, boot firmware modular update dispatcher 610 provides dispatch services to load and execute DXE drivers from the firmware volume; ..", 0062-0063;  ( i.e . during   pre-boot  the offloading  the integrity verifications of the plurality of firmware ode modules  to  the boot firmware modular update dispatcher of the manageability engine. Further performing verifications of single or multiple firmware volumes of a version during a boot session) ] 
    It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Laredo with Prakash.  Prakash’s teaching enables individual boot firmware code modules to be updated rather than requiring download and update of an entire boot firmware monolithic image would substantially improve Laredo’s system by providing security with an integrity check of updated modules/drivers, and provide a more user-friendly update process since the user is not required to reboot his or her system to receive a modular boot firmware update [0063].

 However Laredo, Prakash does not expressly disclose offloading the integrity verifications processing to an application processor in early driver execution environment phase of a basic input/output system.

 In the same field of endeavor (e.g. pre-authentication process to authenticate the second image to update the current boot path to utilize the second image), Jreij teaches 
offloading the plurality of individual integrity verifications processing to an application processor in early driver execution environment phase of a basic input/output system[ 0043; “In response to authenticating the second image, the image/boot loader is modified such that the image loader points to the second image (which identifies the second image as the primary boot option). Thus, the current boot path is updated during the DXE phase prior to attempting to switch bootable images by the boot/image loader during a next booting of IHS  ..”, 0045; “processor 102 initializes a current boot path associated with a first image. BMC 144 detects an attempt to update the current boot path to utilize a second image (block 506). At block 508, BMC 144 performs a pre-authorization process to authenticate the second image. BMC 144 then determines whether the second image was authenticated successfully (block 510).”, 0052; ( i.e offloading the authentication process to BMC during the DXE phase)  ].

   It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Laredo in view of Prakash with Jreij.  Jreij’s teaching of a pre-authentication process  of the second image during the device execution phase (DXE) and to utilize the second image in the current boot path by the Baseboard Management Controller (BMC) will substantially improve Laredo in view of Prakash’s  system to prevent the non-operational state of the system in case of failure of the second image, by operating the system using the first image by the processor .

Regarding claims 3, 9, 15, Prakash teaches wherein the instructions may further cause the processor to perform the plurality of individual integrity verifications during a single boot session of the information handling system [0043-0044; “The boot firmware modular update mechanism described herein enables individual boot firmware code modules to be updated rather than requiring download and update of an entire boot firmware monolithic image.  The techniques described herein provide security with an integrity check of updated modules/drivers, and provide a more user-friendly update process since the user is not required to reboot his or her system to receive a modular boot firmware update”, 0063].  

Regarding claims 6, 12, 18 Prakash teaches wherein the instructions may further cause the processor to perform a single one of the plurality of individual integrity verifications during a boot session of the information handling system [0043-0044; 0052; 0063].  

Claims 2, 4, 5, 8, 10, 11, 14, 16, 17,  are rejected under 35 U.S.C. 103 as being unpatentable over Laredo in view of  Prakash in view of Jreij as applied to claims 1, 3, 7, 9, 13, 15 further in view of Tabone et.al. (U.S Patent Application Publication 2013/0047031; hereinafter “Tabone”)

Regarding claims 2, 8, 14, Laredo, Prakash  discloses, the limitations outlined in claims 1, 7, 13. 
However Laredo, Prakash,  does not expressly disclose,  wherein the instructions may further cause the processor to determine that integrity verification of the secondary firmware image passed if all of the plurality of individual integrity verifications pass 


   In the same field of endeavor (e.g. verifying multiple levels of boot code during a sequence of boot cycles and recovering a boot image from a secure location if a level of boot code is unusable), Tabone teaches,

wherein the instructions may further cause the processor to determine that integrity verification of the secondary firmware image passed if all of the plurality of individual integrity verifications pass [ “As system 100 is booted, a cryptographic key may be used to verify the boot image, or a portion of the boot image. In this regard, system 100 may perform a checksum at each level up from a core trusted piece of boot code”, 0014-0015;” Boot image 105, redundant boot image 106, and secure boot image 108 may include a boot code for a single boot level, or may include code partitioned into multiple levels. Since boot code may be restored on a level by level basis,” system 100 initiates a sequence of boot cycles, with each cycle loading a level of boot code from a memory medium.  In step 302, system 100 attempts to load and execute boot code for a boot cycle, and, in step 303, determines whether the boot code is usable. “verification of the code may be performed to determine whether it is usable to boot the device…”, 0021;” If the boot code is usable, it is executed…”, 0022;( i.e performing an integrity verification at each level or a portion of a boot image and the boot code is executed only upon verifying all levels).   

       It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Laredo in view of Prakash in view of Jreij with Tabone. Tabone’s teaching of restoring the boot code on a level by level basis will substantially improve Laredo in view of Prakash in view of Jreij’s system by repairing that portion of code that is unusable and resuming the boot cycle at the last known verifiable level [0015]. 
     Regarding claims 4, 10, 16, Tabone teaches, 
    wherein the instructions may further cause the processor to perform the plurality of individual integrity verifications during cycles of the processor for which the processor would otherwise be idle [“Processor 401 may be configured to execute code or instructions to perform the operations and functionality described herein, manage request flow and address mappings, and to perform calculations and generate commands..”, 0024; .“As system 100 is booted, a cryptographic key may be used to verify the boot image, or a portion of the boot image. In this regard, system 100 may perform a checksum at each level up from a core trusted piece of boot code,..”, 0014;” system 100 initiates a sequence of boot cycles, with each cycle loading a level of boot code from a memory medium.  In step 302, system 100 attempts to load and execute boot code for a boot cycle, and, in step 303, determines whether the boot code is usable.  In one aspect, a verification of the code may be performed to determine whether it is usable to boot the device…”, 0021; ( i.e. the processor performing plurality of integrity verifications of the boot code at each level during the sequence of boot cycles)].

Regarding claims 5, 11, 17, Tabone discloses, wherein the instructions may further cause the processor to perform the plurality of individual integrity verifications across multiple boot sessions of the information handling system [0014; “Boot image 105, redundant boot image 106, and secure boot image 108 may include a boot code for a single boot level, or may include code partitioned into multiple levels. Since boot code may be restored on a level by level basis, once an unusable image, or portion thereof, is determined, the process may be operable to stop the boot cycle, access redundant copy 106 and/or secure copy 108 to repair that portion of code, and then resume the boot cycle at the last known verifiable level…”, 0015; ”.. System 100 initiates a sequence of boot cycles, with each cycle loading a level of boot code from a memory medium.  In step 302, system 100 attempts to load and execute boot code for a boot cycle, and, in step 303, determines whether the boot code is usable…”, 0021]  

Response to Arguments
          The newly amended limitations with respect to claim(s) 1, 7, 13 have been considered but are moot and  do not apply to Laredo in view of Prakash in view of Jreij references being used in the current rejection.
      
Conclusion

    Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

    The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Zimmer et.al. U.S Patent Application Publication 2009/0249053, teaches a system and method for sequential invocation of hypervisors on the platform.
Khatri et al. U.S Patent Application Publication 2019/0018966, teaches a method and an information handling system (IHS) for authenticating unified extensible firmware interface (UEFI) images in an IHS  and in particular to validating secure boot entries in an information handling system.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GAYATHRI SAMPATH whose telephone number is (571)272-5489. The examiner can normally be reached 8:30AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 5712701640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/GAYATHRI SAMPATH/           Examiner, Art Unit 2187          

/PHIL K NGUYEN/           Primary Examiner, Art Unit 2187