Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2. 	This is the initial office action that has been issued in response to patent application, 17/076,371, filed on 10/21/2020. Claims 1-20 are currently pending and have been considered below. Claim 1, 8 and 15 are independent claims. 

Priority
3. 	No priority claimed. 
Drawings
4. 	The drawings filed on 10/21/2020 are accepted by the examiner. 

Information Disclosure Statement
5. 	The information disclosure statements (IDS’s) submitted on 05/12/2021 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement




Claim Rejections - 35 USC § 103
6. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


7. 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Savage (US Patent Publication No. 20190332775 A1) in view of Smith (US Patent Publication No. 2008/0126779 A1).

8. 	Regarding Claim 1, Savage discloses, an information handling system, comprising: 
 	at least one processor (Savage, Claim 1, least one processor); 
a one time programmable non-volatile memory medium coupled to the at least one processor (Savage, [0036], In one example, processor 120 may execute processor instructions of one or more of OS 162 and APPs 164-168 via non-volatile memory medium 160.); and 
a memory medium, coupled to the at least one processor, that stores instructions executable by the at least one processor, which when executed by the at least one processor, cause the information handling system to (Savage, [0037], As illustrated, non-volatile memory medium 170 may include information handling system firmware (IHSFW) 172. In one or more embodiments, IHSFW 172 may include processor instructions executable by processor): 
determine a second hash value of the key manifest public encryption key (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determine that the first hash value matches the second hash value (Savage, Claim 15, determine that the first hash value matches the second hash value); 
after executing the initial boot block: 
validate a plurality of subordinate certificates, associated with a respective plurality of firmware volumes, with a root certificate (Savage, [0041], the certificate may include one or more permissions of APIs. In one or more embodiments, the root authority may issue the certificate with one or more permissions for one or more respective APIs.); 
determine a plurality of firmware hash values respectively from the plurality of firmware volumes (Savage, [0015], information handling system firmware to store a service tag, one or more media access control addresses (MACs), and a piece part identifier (PPID), among others. For instance, a PPID may be or include a hash value (e.g., a one-way hash value, a cryptographic hash value, etc.); 
determine that the plurality of firmware hash values respectively match the plurality of decrypted signatures (Savage, Claim 15, decrypt the digital signature, utilizing a public key associated with the certificate, to determine a first hash value.); and - 25 -ATTORNEY DOCKET NO.PATENT APPLICATION 016295.5715 
in response to determining that the plurality of firmware hash values respectively match the plurality of decrypted signatures, execute the plurality of firmware volumes (Savage, [0008], the information handling system firmware, signed based at least on information associated with a certificate signed by a certificate authority; may decrypt the digital signature. Claim 1, information handling system firmware, executable by the at least one processor); 
Savage does not explicitly disclose the following limitations that Smith teaches:
retrieve a first hash value of a key manifest public encryption key from the one time programmable non-volatile memory medium (Smith, Claim 27, wherein the machine readable instructions cause the machine to measure the at least one manifest, whitelist, or policy object to calculate a first composite hash value, the first composite hash value stored in a secure memory.); 
after determining that the first hash value matches the second hash value, retrieve a third hash value of an initial boot block from the boot policy manifest (Smith, [0036], Verification occurs if the two hashes match, Claim 27, wherein the machine readable instructions cause the machine to measure the at least one manifest, whitelist, or policy object to calculate a first composite hash value, the first composite hash value stored in a secure memory.); 
determine a fourth hash value of the initial boot block (Smith, [0042], the policy written to the TPM-NV 134 (block 312) may include the hash value associated with the CRTM 132 so that any subsequent boot refers to this secure hash value);     
     determine that the third hash matches the fourth hash value (Smith, [0036], Verification occurs if the two hashes match); 
in response to determining that the third hash matches the fourth hash value, execute the initial boot block (Smith, [0036], to compare the measured hash with the secure hash previously stored as a policy in the TPM-NV 134. Verification occurs if the two hashes match, such that the requesting CRTM 132 is deemed valid and allowed to be started (i.e., executed by the processor 108); 
decrypt a plurality of signatures respectively associated with the plurality of firmware volumes to obtain a respective plurality of decrypted signatures, wherein the plurality of signatures are decrypted with a plurality of public encryption keys of the respective plurality of subordinate certificates(Smith, [0016], In general, the ME 102 associated with one or more of the blocks of system 100 employs the TPM interface 106 to allow system level software and firmware (e.g., pre-operating system software, runtime management mode firmware, etc.) to invoke various TPM 104 cryptographic processes (e.g., generating security keys, data encryption and/or decryption, data certification and/or verification, identity authentication and/or verification, software authentication and/or verification, etc.)).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention a hash value of the public encryption within the initial block wherein two hashes match and the firmware obtains a decrypted signature to enhance security features.
  
9. 	Regarding Claim 2, Savage and Smith disclose, the information handling system of claim 1, wherein the instructions further cause the information handling system to(Savage, [0002],  An information handling system generally processes, compiles, stores, and/or communicates information): 
before validating the plurality of subordinate certificates, associated with the respective plurality of firmware volumes, with the root certificate (Savage, [0041], the certificate may include one or more permissions of APIs. In one or more embodiments, the root authority may issue the certificate with one or more permissions for one or more respective APIs.): 
retrieve a fifth hash value of a root certificate public encryption key from the boot policy manifest (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determine a sixth hash value of the root certificate public encryption key (Savage, Claim 1, utilizing a public key associated with the certificate, to determine a first hash value); 
Savage does not explicitly disclose the following limitations that Smith teaches:
and       
determine that the fifth hash matches the sixth hash value (Smith, [0036], Verification occurs if the two hashes match).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to match hash values to enhance security features.

10. 	Regarding Claim 3, Savage and Smith disclose, the information handling system of claim 2, wherein the instructions further cause the information handling system to (Savage, [0002],  An information handling system generally processes, compiles, stores, and/or communicates information):    
before retrieving the fifth hash value of the root certificate public encryption key from the boot policy manifest: 
retrieve a seventh hash value of a boot policy manifest public encryption key from the key manifest (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determine an eighth hash value of the boot policy manifest public encryption key (Smith, [0046], the hash comparison (block 512) described above considers comparing the hash of a computed whitelist, such hash comparisons (block 512) may include, but are not limited to, comparing a hash of acceptable code, comparing a hash of an acceptable list, and/or comparing a hash of a public key.); and 
determine that the seventh hash value matches the eighth hash value (Smith, [0036], Verification occurs if the two hashes match). 
 
11. 	Regarding Claim 4, Savage and Smith disclose, the information handling system of claim 1, further comprising: 
a platform controller hub coupled to the at least one processor (Savage, [0039], The SoC may include processor 120 and a platform controller hub); 
wherein the platform controller hub includes the one time programmable non-volatile memory medium (Savage, [0039], The SoC may include processor 120 and a platform controller hub [0040], an example remote access controller is illustrated, according to one or more embodiments. As shown, RAC 190 may include a processor 220, a volatile memory medium 250, a non-volatile memory medium 270).  

12. 	Regarding Claim 5, Savage and Smith disclose, the information handling system of claim 1, 
	Savage does not explicitly disclose the following limitations that Smith teaches:
wherein the instructions further cause the information handling system to: - 26 -ATTORNEY DOCKET NO.PATENT APPLICATION 
016295.5715write the hash value of the key manifest public encryption key to the one time programmable memory medium (Smith, [0041], the particular TPM-NV 134 accessed during the TPM-NV configuration process (block 206) is only modified when appropriate owner credentials are asserted. Accordingly, alternate TPM-NV memories may be written to and/or edited to store policy information for alternate verification purposes. [0042], Accordingly, the policy written to the TPM-NV 134 (block 312) may include the hash value associated with the CRTM 132 so that any subsequent boot refers to this secure hash value before allowing the process). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to manifest the public encryption of the has with a memory to enhance security features.
 
13. 	Regarding Claim 6, Savage and Smith disclose, the information handling system of claim 1, wherein the instructions further cause the information handling system to: 
validate a plurality of attributes of the plurality of subordinate certificates with a plurality of object identifiers (Savage, [0060], In one or more embodiments, the digital certificate of the HSM may include one or more identifiers that are associated with one or more remote access controller manufacturing APIs.).  

14. 	Regarding Claim 7, Savage and Smith disclose, the information handling system of claim 1, wherein the instructions further cause the information handling system to:   
determine a plurality of public encryption key hash values of a plurality of public encryption keys of the plurality of subordinate certificates (Savage, [0064], For example, a certificate revocation list may be stored via the firmware of the remote access controller. In one or more embodiments, a certificate revocation list may be obtained via a network.); 
determine that at least one public encryption key hash value of the plurality of public encryption key hash values matches at least one hash value of a plurality of hash values of a revocation list (Savage, [0003], In one or more embodiments, the remote access controller may include the certificate revocation list. For example, firmware of the remote access controller may include the certificate revocation list. For instance, the remote access controller may access its firmware to access the certificate revocation list. In one or more embodiments, the remote access controller may access a network for the certificate revocation list.); and 
determine at least one subordinate certificate associated with the at least one hash value of the plurality of hash values of the revocation list(Savage, [0065], If the digital certificate is on the certificate revocation list, access may be denied at 620. If the digital certificate is not on the certificate revocation list, access to the remote access controller manufacturing API may be permitted at 632. In one or more embodiments, after access to the remote access controller manufacturing API is permitted); 
wherein, to execute the plurality of firmware volumes, the instructions further cause the information handling system to execute the plurality of firmware volumes without executing at least one firmware volume of the plurality of firmware volumes associated with the at least one subordinate certificate associated with the at least one hash value of the plurality of hash values of the revocation list (Savage, [0037],  In one or more embodiments, IHSFW 172 may include processor instructions executable by processor 120. For example, IHSFW 172 may include one or more structures and/or functionalities of one or more of a basic input/output system (BIOS), an Extensible Firmware Interface (EFI), a Unified Extensible Firmware Interface (UEFI), and an Advanced Configuration and Power Interface (ACPI), among others. In one instance, processor 120 may execute processor instructions of IHSFW 172 via non-volatile memory medium 170.). 
 
15. 	Regarding Claim 8, Savage and Smith disclose, a method, comprising: 
retrieving a first hash value of a key manifest public encryption key from a one time programmable memory medium of an information handling system (Savage, [0036], In one example, processor 120 may execute processor instructions of one or more of OS 162 and APPs 164-168 via non-volatile memory medium 160.); 
determining a second hash value of the key manifest public encryption key (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determining that the first hash value matches the second hash value (Savage, Claim 15, determine that the first hash value matches the second hash value); 
after the executing the initial boot block:
validating a plurality of subordinate certificates, associated with a respective plurality of firmware volumes, with a root certificate (Savage, [0041], the certificate may include one or more permissions of APIs. In one or more embodiments, the root authority may issue the certificate with one or more permissions for one or more respective APIs.); 
determining a plurality of firmware hash values respectively from the plurality of firmware volumes (Savage, [0015], information handling system firmware to store a service tag, one or more media access control addresses (MACs), and a piece part identifier (PPID), among others. For instance, a PPID may be or include a hash value (e.g., a one-way hash value, a cryptographic hash value, etc.); 
determining that the plurality of firmware hash values respectively match the plurality of decrypted signatures (Savage, Claim 15, decrypt the digital signature, utilizing a public key associated with the certificate, to determine a first hash value.); and 
in response to the determining that the plurality of firmware hash values respectively match the plurality of decrypted signatures, executing the plurality of firmware volumes (Savage, [0008], the information handling system firmware, signed based at least on information associated with a certificate signed by a certificate authority; may decrypt the digital signature. Claim 1, information handling system firmware, executable by the at least one processor);  
Savage does not explicitly disclose the following limitations that Smith teaches:
after the determining that the first hash value matches the second hash value, retrieving a third hash value of an initial boot block from the boot policy manifest (Smith, [0036], Verification occurs if the two hashes match, Claim 27, wherein the machine readable instructions cause the machine to measure the at least one manifest, whitelist, or policy object to calculate a first composite hash value, the first composite hash value stored in a secure memory.);  
determining a fourth hash value of the initial boot block (Smith, [0042], the policy written to the TPM-NV 134 (block 312) may include the hash value associated with the CRTM 132 so that any subsequent boot refers to this secure hash value);      - 27 -ATTORNEY DOCKET NO.PATENT APPLICATION 016295.5715 
 	determining that the third hash matches the fourth hash value(Smith, [0036], Verification occurs if the two hashes match);  
in response to the determining that the third hash matches the fourth hash value, executing the initial boot block(Smith, [0036], to compare the measured hash with the secure hash previously stored as a policy in the TPM-NV 134. Verification occurs if the two hashes match, such that the requesting CRTM 132 is deemed valid and allowed to be started (i.e., executed by the processor 108): 
decrypting a plurality of signatures respectively associated with the plurality of firmware volumes to obtain a respective plurality of decrypted signatures, wherein the plurality of signatures are decrypted with a plurality of public encryption keys of the respective plurality of subordinate certificates (Smith, [0016], In general, the ME 102 associated with one or more of the blocks of system 100 employs the TPM interface 106 to allow system level software and firmware (e.g., pre-operating system software, runtime management mode firmware, etc.) to invoke various TPM 104 cryptographic processes (e.g., generating security keys, data encryption and/or decryption, data certification and/or verification, identity authentication and/or verification, software authentication and/or verification, etc.)). 

16. 	Regarding Claim 9, Savage and Smith disclose, the method of claim 8, further comprising: 
before the validating the plurality of subordinate certificates, associated with the respective plurality of firmware volumes, with the root certificate (Savage, [0041], the certificate may include one or more permissions of APIs. In one or more embodiments, the root authority may issue the certificate with one or more permissions for one or more respective APIs.): 
retrieving a fifth hash value of a root certificate public encryption key from the boot policy manifest (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determining a sixth hash value of the root certificate public encryption key (Savage, Claim 1, utilizing a public key associated with the certificate, to determine a first hash value); 
Savage does not explicitly disclose the following limitations that Smith teaches:
 and determining that the fifth hash matches the sixth hash value (Smith, [0036], Verification occurs if the two hashes match).
  
17. 	Regarding Claim 10, Savage and Smith disclose, the method of claim 9, further comprising: 
before the retrieving the fifth hash value of the root certificate public encryption key from the boot policy manifest: retrieving a seventh hash value of a boot policy manifest public encryption key from the key manifest (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the);  - 28 -ATTORNEY DOCKET NO.PATENT APPLICATION 016295.5715 
Savage does not explicitly disclose the following limitations that Smith teaches:
determining an eighth hash value of the boot policy manifest public encryption key (Smith, [0046], the hash comparison (block 512) described above considers comparing the hash of a computed whitelist, such hash comparisons (block 512) may include, but are not limited to, comparing a hash of acceptable code, comparing a hash of an acceptable list, and/or comparing a hash of a public key.); and 
determining that the seventh hash value matches the eighth hash value (Smith, [0036], Verification occurs if the two hashes match).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the boot policy of the hash values and to match the hash within the public encryption to enhance security features.

18. 	Regarding Claim 11, Savage and Smith disclose, the method of claim 8, 
	Savage does not explicitly disclose the following limitations that Smith teaches:
wherein a platform controller hub of the information handling system includes the one time programmable memory medium (Smith, [0014], system memory 114 on which coded instructions 128 are stored, a memory controller hub).  
  



19. 	Regarding Claim 12, Savage and Smith disclose, the method of claim 8, further comprising: 
Savage does not explicitly disclose the following limitations that Smith teaches:
writing the hash value of the key manifest public encryption key to the one time programmable non-volatile memory medium (Smith, [0041], the particular TPM-NV 134 accessed during the TPM-NV configuration process (block 206) is only modified when appropriate owner credentials are asserted. Accordingly, alternate TPM-NV memories may be written to and/or edited to store policy information for alternate verification purposes. [0042], Accordingly, the policy written to the TPM-NV 134 (block 312) may include the hash value associated with the CRTM 132 so that any subsequent boot refers to this secure hash value before allowing the process).  
  
20. 	Regarding Claim 13, Savage and Smith disclose, the method of claim 8, further comprising: 
validating a plurality of attributes of the plurality of subordinate certificates with a plurality of object identifiers (Savage, [0060], In one or more embodiments, the digital certificate of the HSM may include one or more identifiers that are associated with one or more remote access controller manufacturing APIs.).  

21. 	Regarding Claim 14, Savage and Smith disclose, the method of claim 8, further comprising: 
determining a plurality of public encryption key hash values of a plurality of public encryption keys of the plurality of subordinate certificates (Savage, [0064], For example, a certificate revocation list may be stored via the firmware of the remote access controller. In one or more embodiments, a certificate revocation list may be obtained via a network.); 
determining that at least one public encryption key hash value of the plurality of public encryption key hash values matches at least one hash value of a plurality of hash values of a revocation list (Savage, [0064], For example, a certificate revocation list may be stored via the firmware of the remote access controller. In one or more embodiments, a certificate revocation list may be obtained via a network.); and 
determining at least one subordinate certificate associated with the at least one hash value of the plurality of hash values of the revocation list (Savage, [0003], In one or more embodiments, the remote access controller may include the certificate revocation list. For example, firmware of the remote access controller may include the certificate revocation list. For instance, the remote access controller may access its firmware to access the certificate revocation list. In one or more embodiments, the remote access controller may access a network for the certificate revocation list.); 
wherein the executing the plurality of firmware volumes includes executing the plurality of firmware volumes without executing at least one firmware volume of the plurality of firmware volumes associated with the at least one subordinate certificate associated with the at least one hash value of the plurality of hash values of the revocation list (Savage, [0037], In one or more embodiments, IHSFW 172 may include processor instructions executable by processor 120. For example, IHSFW 172 may include one or more structures and/or functionalities of one or more of a basic input/output system (BIOS), an Extensible Firmware Interface (EFI), a Unified Extensible Firmware Interface (UEFI), and an Advanced Configuration and Power Interface (ACPI), among others. In one instance, processor 120 may execute processor instructions of IHSFW 172 via non-volatile memory medium 170.). 
  
22.	 Regarding Claim 15, Savage and Smith disclose, a computer-readable non-transitory memory medium that includes instructions that, when executed by at least one processor of an information handling system, cause the information handling system to(Savage, Claim 1, least one processor): - 29 -ATTORNEY DOCKET NO.PATENT APPLICATION 016295.5715 
retrieve a first hash value of a key manifest public encryption key from a one time programmable non-volatile memory medium of the information handling system (Savage, [0036], In one example, processor 120 may execute processor instructions of one or more of OS 162 and APPs 164-168 via non-volatile memory medium 160.); 
determine a second hash value of the key manifest public encryption key (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determine that the first hash value matches the second hash value (Savage, Claim 15, determine that the first hash value matches the second hash value); 
determine a plurality of firmware hash values respectively from the plurality of firmware volumes (Savage, [0015], information handling system firmware to store a service tag, one or more media access control addresses (MACs), and a piece part identifier (PPID), among others. For instance, a PPID may be or include a hash value (e.g., a one-way hash value, a cryptographic hash value, etc.); 
determine that the plurality of firmware hash values respectively match the plurality of decrypted signatures (Savage, [0008], the information handling system firmware, signed based at least on information associated with a certificate signed by a certificate authority; may decrypt the digital signature. Claim 1, information handling system firmware, executable by the at least one processor); and 
in response to determining that the plurality of firmware hash values respectively match the plurality of decrypted signatures, execute the plurality of firmware volumes (Savage, [0008], the information handling system firmware, signed based at least on information associated with a certificate signed by a certificate authority; may decrypt the digital signature. Claim 1, information handling system firmware, executable by the at least one processor).  
Savage does not explicitly disclose the following limitations that Smith teaches:
after determining that the first hash value matches the second hash value, retrieve a third hash value of an initial boot block from the boot policy manifest (Smith, [0036], Verification occurs if the two hashes match, Claim 27, wherein the machine readable instructions cause the machine to measure the at least one manifest, whitelist, or policy object to calculate a first composite hash value, the first composite hash value stored in a secure memory.); 

determine a fourth hash value of the initial boot block  
(Smith, [0042], the policy written to the TPM-NV 134 (block 312) may include the hash value associated with the CRTM 132 so that any subsequent boot refers to this secure hash value); 
determine that the third hash matches the fourth hash value (Smith, [0036], Verification occurs if the two hashes match); 
in response to determining that the third hash matches the fourth hash value, execute the initial boot block (Smith, [0036], to compare the measured hash with the secure hash previously stored as a policy in the TPM-NV 134. Verification occurs if the two hashes match, such that the requesting CRTM 132 is deemed valid and allowed to be started (i.e., executed by the processor 108); 
after executing the initial boot block: validate a plurality of subordinate certificates, associated with a respective plurality of firmware volumes, with a root certificate (Smith, [0036], Verification occurs if the two hashes match, Claim 27, wherein the machine readable instructions cause the machine to measure the at least one manifest, whitelist, or policy object to calculate a first composite hash value, the first composite hash value stored in a secure memory.); 
decrypt a plurality of signatures respectively associated with the plurality of firmware volumes to obtain a respective plurality of decrypted signatures, wherein the plurality of signatures are decrypted with a plurality of public encryption keys of the respective plurality of subordinate certificates (Smith, [0016], In general, the ME 102 associated with one or more of the blocks of system 100 employs the TPM interface 106 to allow system level software and firmware (e.g., pre-operating system software, runtime management mode firmware, etc.) to invoke various TPM 104 cryptographic processes (e.g., generating security keys, data encryption and/or decryption, data certification and/or verification, identity authentication and/or verification, software authentication and/or verification, etc.)). 

23. 	Regarding Claim 16, Savage and Smith disclose, the computer-readable non-transitory memory medium of claim 15, wherein the instructions further cause the information handling system to (Savage, [0002], An information handling system generally processes, compiles, stores, and/or communicates information): 
before validating the plurality of subordinate certificates, associated with the respective plurality of firmware volumes, with the root certificate (Savage, [0041], the certificate may include one or more permissions of APIs. In one or more embodiments, the root authority may issue the certificate with one or more permissions for one or more respective APIs.): 
retrieve a fifth hash value of a root certificate public encryption key from the boot policy manifest (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determine a sixth hash value of the root certificate public encryption key (Savage, Claim 1, utilizing a public key associated with the certificate, to determine a first hash value); 
Savage does not explicitly disclose the following limitations that Smith teaches:
and - 30 -ATTORNEY DOCKET NO.PATENT APPLICATION	
016295.5715determine that the fifth hash matches the sixth hash value (Smith, [0036], Verification occurs if the two hashes match).  

Regarding Claim 17, Savage and Smith disclose, the computer-readable non-transitory memory medium of claim 16, wherein the instructions further cause the information handling system to (Savage, [0002],  An information handling system generally processes, compiles, stores, and/or communicates information): 
before retrieving the fifth hash value of the root certificate public encryption key from the boot policy manifest: 
retrieve a seventh hash value of a boot policy manifest public encryption key from the key manifest (Savage, [0003], a public key associated with the certificate, to determine a first hash value; may determine a second hash value of the request for utilization of the); 
determine an eighth hash value of the boot policy manifest public encryption key (Smith, [0046], the hash comparison (block 512) described above considers comparing the hash of a computed whitelist, such hash comparisons (block 512) may include, but are not limited to, comparing a hash of acceptable code, comparing a hash of an acceptable list, and/or comparing a hash of a public key.); and 
determine that the seventh hash value matches the eighth hash value (Smith, [0036], Verification occurs if the two hashes match).  

24. 	Regarding Claim 18, Savage and Smith disclose, the computer-readable non-transitory memory medium of claim 15, 
Savage does not explicitly disclose the following limitations that Smith teaches:
wherein the instructions further cause the information handling system to: 
write the hash value of the key manifest public encryption key to the one time programmable memory medium (Smith, [0041], the particular TPM-NV 134 accessed during the TPM-NV configuration process (block 206) is only modified when appropriate owner credentials are asserted. Accordingly, alternate TPM-NV memories may be written to and/or edited to store policy information for alternate verification purposes. [0042], Accordingly, the policy written to the TPM-NV 134 (block 312) may include the hash value associated with the CRTM 132 so that any subsequent boot refers to this secure hash value before allowing the process).  
  
25. 	Regarding Claim 19, Savage and Smith disclose, the computer-readable non-transitory memory medium of claim 15, wherein the instructions further cause the information handling system to: 
validate a plurality of attributes of the plurality of subordinate certificates with a plurality of object identifiers (Savage, [0060], In one or more embodiments, the digital certificate of the HSM may include one or more identifiers that are associated with one or more remote access controller manufacturing APIs.).  

26. 	Regarding Claim 20, Savage and Smith disclose, the computer-readable non-transitory memory medium of claim 15, wherein the instructions further cause the information handling system to: 
determine a plurality of public encryption key hash values of a plurality of public encryption keys of the plurality of subordinate certificates (Savage, [0064], For example, a certificate revocation list may be stored via the firmware of the remote access controller. In one or more embodiments, a certificate revocation list may be obtained via a network.); 
determine that at least one public encryption key hash value of the plurality of public encryption key hash values matches at least one hash value of a plurality of hash values of a revocation list (Savage, [0003], In one or more embodiments, the remote access controller may include the certificate revocation list. For example, firmware of the remote access controller may include the certificate revocation list. For instance, the remote access controller may access its firmware to access the certificate revocation list. In one or more embodiments, the remote access controller may access a network for the certificate revocation list.); and 
determine at least one subordinate certificate associated with the at least one hash value of the plurality of hash values of the revocation list (Savage, [0065], If the digital certificate is on the certificate revocation list, access may be denied at 620. If the digital certificate is not on the certificate revocation list, access to the remote access controller manufacturing API may be permitted at 632. In one or more embodiments, after access to the remote access controller manufacturing API is permitted); - 31 -ATTORNEY DOCKET NO.PATENT APPLICATION 
016295.5715 wherein, to execute the plurality of firmware volumes, the instructions further cause the information handling system to execute the plurality of firmware volumes without executing at least one firmware volume of the plurality of firmware volumes associated with the at least one subordinate certificate associated with the at least one hash value of the plurality of hash values of the revocation list (Savage, [0037],  In one or more embodiments, IHSFW 172 may include processor instructions executable by processor 120. For example, IHSFW 172 may include one or more structures and/or functionalities of one or more of a basic input/output system (BIOS), an Extensible Firmware Interface (EFI), a Unified Extensible Firmware Interface (UEFI), and an Advanced Configuration and Power Interface (ACPI), among others. In one instance, processor 120 may execute processor instructions of IHSFW 172 via non-volatile memory medium 170.).





Conclusion
27. 	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433
	
/WASIKA NIPA/Primary Examiner, Art Unit 2433