Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-4, 6-11, 13-18, 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Jacobs (United States Patent Application Publication US 2022/0004640), hereinafter Jacobs, in view of Rothman et al. (United States Patent Application Publication US 2007/0234029), hereinafter Rothman.

Regarding claim 1, Jacobs teaches an information handling system comprising a processor; (Fig. 1 18b “PROCESSOR”) the BIOS comprising: a protocol notification manager configured to: receive a protocol notification registration from a consumer driver of the plurality of protocol drivers; ([0020] “At OS runtime, OS 42 may, using BIOS services, update the white and black lists to change which drivers ( e.g., OS loaders, etc.) BIOS 26 will allow.” [0025] “Using this implementation, memory 20c in baseboard management controller 24a can be used to store the UEFI secure boot variables (e.g., white list 34a, black list 36a, and platform key 38a) in the form of a monolithic signed blob, which may be populated into baseboard management controller 24a at server (e.g., managed server 24a) provisioning time. This can enable management server 12 to modify these lists per deployment requirements (e.g., OS supported, driver revision blacklisting, etc.). The blob may be read from baseboard management controller 24a when BIOS 26 boots up early in a power on self-test (POST).” [0037] “At 406, during the power on self-test, the BIOS requests a platform key, key exchange key list, white list, and black list from a baseboard management controller. In an example, the platform key, key exchange key list, white list and black list are included in a blob of data sent to the BIOS from the baseboard management controller.” [0039] “At 506, a driver in a managed server requests to be loaded and ran. At 508, a BIOS in a managed server accesses a white list and a black list to determine if the driver should be loaded and run.” As a request to load and run the driver is received from the driver, a BIOS receives a blob of data including the platform key, key exchange key list, white list and black list, which is interpreted as a protocol notification registration from a consumer driver of the plurality of protocol drivers. A function of BIOS to receive a protocol notification registration from a consumer driver, which is a portion or one functions of BIOS, is interpreted as a protocol notification manager.)
receive a unique key associated with the consumer driver; ([0019] “platform key 38a may facilitate authentication of the lists. The lists can be used by BIOS 26 to authenticate loading of BIOS (UEFI) drivers such as an OS loader (e.g., WINDOWS® 8), and third-party UEFI I/O device drivers (formerly known as Option ROMS) as a tool to prevent injection of non-authentic code into BIOS 26. Non-authentic code in BIOS 26 can execute a Denial of Service (DoS) attack, capture control of BIOS 26 and inject root kit code, or other malicious activity.” ).” [0037] “At 406, during the power on self-test, the BIOS requests a platform key, key exchange key list, white list, and black list from a baseboard management controller. In an example, the platform key, key exchange key list, white list and black list are included in a blob of data sent to the BIOS from the baseboard management controller.” [0039] “At 506, a driver in a managed server requests to be loaded and ran. At 508, a BIOS in a managed server accesses a white list and a black list to determine if the driver should be loaded and run.” BIOS receives the list including a platform key, key exchange key list, white list, and black list. A platform key included in the blob is used to authenticate loading of BIOS (UEFI) drivers, and third-party UEFI I/O device loaders, which is interpreted as a unique key associated with the consumer driver.)
receive a pre-authorized list from a producer driver of the plurality of protocol drivers, ([0020] “the lists are created at BIOS 26 during build time in a factory setting, and, at that time, a static structure of the lists is injected into the BIOS image.” [0027] “Baseboard management controller 24a can make the blob of data available to BIOS 26 through a secure channel 44 established across chipset 22 when requested by BIOS 26. When BIOS 26 boots, BIOS 26 can request the blob of data from baseboard management controller 24a and then use the contents of the blob to populate white list 34b, black list 36b, platform key 38b, and key exchange key list 40b in memory 20d. BIOS 26 may then utilizes these variables locally during runtime (per UEFI 2.3.lc specification) to authenticate UEFI drivers and OS loader execution.” BIOS receives the list including a whitelist.)
the pre-authorized list comprising one or more signed consumer identifiers, ([0028] “the contents of white list 34b and black list 36b to control what BIOS 26 allows and disallows on subsequent boot cycles.” [0039] “At 506, a driver in a managed server requests to be loaded and ran. At 508, a BIOS in a managed server accesses a white list and a black list to determine if the driver should be loaded and run… if the driver is included in the white list, then the driver is loaded and allowed run.” A whitelist is used to authenticate BIOS drivers, and third-party UEFI I/O device drivers. Thus, a whitelist includes a list of drivers, which is interpreted as one or more signed consumer identifier.)
each of the one or more signed consumer identifiers identifying a respective one of the plurality of protocol drivers authorized to receive a protocol notification from the producer driver; (Fig. 4 406 Fig. 5 502-504. Drivers in the white list are used to identify or determine if the drivers are authenticated to be loaded or updated. The request to load or update for drivers is interpreted a protocol notification from the producer driver. Furthermore, only the driver included in the white list is loaded and allowed to run, which is interpreted as identifying a respective one of the plurality of protocol drivers authorized to receive a protocol notification from the producer driver.)
determine if the unique key successfully decrypts a signed consumer identifier associated with the consumer driver; (Fig. 5 508. As discussed above, the platform key and the key exchange key list are used to authenticate the list, which includes a signed consumer identifier associated with the consumer driver. Authentication using the key is interpreted as determine if the unique key successfully decrypts a signed consumer identifier.) and 
perform access control of protocol notification from the producer driver to the consumer driver based on whether the unique key successfully decrypts the signed consumer identifier associated with the consumer driver. (Fig. 5 508. Based on the successful authentication, which is interpreted as based on whether the unique key successfully decrypts the signed consumer identifier associated with the consumer driver, drivers are loaded and run. As discussed above, the result of determination at the step 508 of FIG. 5 by the BIOS is interpreted as access control of protocol notification from the producer driver to the consumer driver. Furthermore, the limitation “perform access control of protocol notification” is interpreted as controlling the access to the drivers, such as being loaded and run which is determined based on the authentication.)
However, Jacobs does not teach a basic input/output system (BIOS) embodied in non- transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state, the BIOS comprising a plurality of protocol drivers.
Rothman teaches a basic input/output system (BIOS) embodied in non-transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state, the BIOS comprising a plurality of protocol drivers. (Fig. 2 208 “NONVOLATILE MEMORY” 220 “FIRMWARE/BIOS” 218 “DRIVER X, DRIVER Y, DRIVER Z” [0016] “The firmware/BIOS 220 contains the instructions needed to initialize the computer or server and to instantiate the context sensitive component dispatch functionality. The firmware/BIOS 220 includes a plurality of drivers 218 that interact with particular devices in the system. Each driver 218 includes associated DEPEXs 214.” Firmware/BIOS in nonvolatile memory to initialize the computer and to instantiate the context sensitive component dispatch functionality is interpreted as a BIOS embodied in non-transitory computer-readable media and configure to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state. Furthermore, as shown in Fig. 2, BIOS includes DRIVERs X, Y, and Z.)
It would have been have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jacobs by incorporating the teaching of Rothman of a BIOS embodied in non-transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system in to a known state and comprising a plurality of drivers. They are all directed toward controlling a BIOS. As disclosed in Rothman, it is well known in the art that the BIOS is the first software/firmware to search for devices required for the booting process, such as drivers before loading an OS. ([0002]) Furthermore, as recognized by Rothman and as well known in the art, in order for BIOS to initiate the computer, the drivers in the BIOS or BIOS drivers are required to communicate with the hardware during booting process. ([0002]-[0004]) However, since the OS has not been loaded during the initial boot process by BIOS, the BIOS are required to include drivers to communicate with hardware during the booting process until the OS is loaded. ([0003], [0004]) Therefore, it is well known in the art that the BIOS embodied in non-transitory computer-readable media and configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system in to a known state and comprising a plurality of drivers.

Regarding claim 2, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control comprises allowing protocol notification from the producer driver to the consumer driver if the unique key successfully decrypts the signed consumer identifier associated with the consumer driver. (Fig. 7 706, 708 [0019] “platform key 38a may facilitate authentication of the lists. The lists can be used by BIOS 26 to authenticate loading of BIOS (UEFI) drivers such as an OS loader (e.g., WINDOWS® 8), and third-party UEFI I/O device drivers (formerly known as OptionROMS) as a tool to prevent injection of non-authentic code into BIOS 26. Non-authentic code in BIOS 26 can execute a Denial of Service (DoS) attack, capture control of BIOS 26 and inject root kit code, or other malicious activity.” The list including the white list of drivers are authenticated by the platform key. Based on the authentication, the list is changed or updated.)

Regarding claim 3, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control comprises denying protocol notification from the producer driver to the consumer driver if the unique key is unsuccessful in decrypting the signed consumer identifier associated with the consumer driver. ([0040] “If the OS loader cannot be authenticated, then the BIOS registers the failure to authenticate the OS loader, as in 612.” [0041] “If the OS does not have a valid encryption key, then the BIOS registers the failed request by the OS to change the white list and/or the black list, as in 712.” The failure of authentication with the platform key does not allow to change or update the list, which does not allow the request.)

Regarding claim 4, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 3, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control further comprises logging information regarding denial of protocol notification. ([0041] “If the OS does not have a valid encryption key, then the BIOS registers the failed request by the OS to change the white list and/or the black list, as in 712. At 714, the registered failure is sent to a baseboard management controller. At 716, the registered failure is sent to a management controller. In an example, the failure is sent to the management server by the baseboard management controller.” The failure of authentication is registered in the BIOS, a baseboard management controller, and a management server.)

Regarding claim 6, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above. 
Jacobs, as modified above, further teaches wherein the BIOS comprises a Unified Extensible Firmware Interface. ([0019] “platform key 38a may facilitate authentication of the lists. The lists can be used by BIOS 26 to authenticate loading of BIOS (UEFI) drivers such as an OS loader (e.g., WINDOWS® 8), and third-party UEFI I/O device drivers (formerly known as OptionROMS) as a tool to prevent injection of non-authentic code into BIOS 26. Non-authentic code in BIOS 26 can execute a Denial of Service (DoS) attack, capture control of BIOS 26 and inject root kit code, or other malicious activity.”)

Regarding claim 7, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
Jacobs, as modified above, further teaches wherein performing access control comprises determining whether the unique key in combination with a system public key successfully decrypts the signed consumer identifier associated with the consumer driver. ([0028] “During OS runtime, BIOS 26 can accommodate updates to white list 34b and black list 36b by authenticated OS accesses (e.g., using platform key 38b or key exchange key list 40b). This enables OS 42 to change the contents of white list 34b and black list 36b to control what BIOS 26 allows and disallows on subsequent boot cycles, as per UEFI specifications. Because BIOS 26 may be updated asynchronously and without notification, to retain these updates, BIOS 26 can communicate, during runtime, any changes to these lists back to baseboard management controller 24a, across secure channel 44, to securely store the changed lists.” [0015] “Key exchange key lists 40a and 40b may each contain cryptographic keys to facilitate the exchange of cryptographic data.” [0032] “A key exchange key variable contained in key exchange key list 40a may be used to update the lists (e.g., signature database) and can be used either to update a current list or to sign binaries for valid execution.” [0041] “the BIOS may use a key exchange key list (e.g., key exchange key list 40b) to determine if the OS has a valid encryption key.”)

	Regarding claims 8-14, the claims 8-14 are the method claims of the apparatus claims 1-7. The claims 8-14 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Jacobs in view of Rothman teaches all the limitations of the claims 8-14.

Regarding claims 15-21, the claims 15-21 are an article of manufacture comprising: a non-transitory computer readable medium and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to execute the instructions of the method claims 8-14. The claims 15-21 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, Jacobs in view of Rothman teaches all the limitations of the claims 15-21.

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Jacobs in view of Rothman as applied to claims 1, 8, and 15 above, and further in view of Orleth et al. (United States Patent Application Publication US 2004/0215754), hereinafter Orleth.

Regarding claim 5, Jacobs in view of Rothman teaches all the limitations of the information handling system of claim 1, as discussed above.
However, Jacobs in view of Rothman does not teach wherein each of the plurality of protocol drivers includes protocol driver code and at least one of: a unique key for each producer driver from which the protocol driver is authorized to receive protocol notification; and a list of signed consumer identifiers for each consumer driver authorized to receive protocol installation notifications from the protocol driver.
Orleth teaches teach wherein each of the plurality of protocol drivers includes protocol driver code and a unique key for each producer driver from which the protocol driver is authorized to receive protocol notification. ([0077] “The driver component (e.g., assembly) versions are distinguished by labeling each driver assembly container with a unique identifier name-i.e., any suitable identifier that achieves a high likelihood of distinguishing between two differing versions of a particular driver… the strong names are based upon a checksum or hashing operation performed on information distinguishing the driver version from other driver versions.” The unique name for each driver based upon a checksum or hashing operation is interpreted as a unique key for each producer driver. The strong name is to authorize and distribute a correct version, which is interpreted as from which the protocol driver is authorized to receive protocol notification. Furthermore, the driver component includes at least portion or components of drivers, which is interpreted as protocol driver code.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jacobs in view of Rothman by incorporating the teaching of Orleth of each of the plurality of protocol drivers including protocol driver code and a unique key for each producer driver from which the protocol driver is authorized to receive protocol notification. They are all directed toward managing drivers in the computing system. As recognized by Orleth, managing peripheral device drivers in large networks comprising multiple peripheral devices shared by hundreds of users involves finding, storing, installing, and updating drivers on the client machines. ([0004]) Thus, as each driver includes driver code and a unique for each driver, each driver can be easily recognized by the management server or an administrator, which further reduce time to organize and update each driver for each user. Therefore, it would be advantageous to incorporate the teaching of Orleth of each of the plurality of protocol drivers including protocol driver code and a unique key for each producer driver from which the protocol driver is authorized to receive protocol notification to improve performance to manage and update each driver in a large network.

Response to Arguments
Applicant's arguments filed 7/1/2022 with respect to “Rejections under 35 U.S.C. 103 -  Claims 1, 8 and 15” have been fully considered but they are not persuasive.
Applicant argues that 
For example each of the independent claims expressly recites performing controlling protocol notifications from producer drivers to consumer drivers based on whether a unique key of the producer drivers successfully decrypts a signed consumer identifier of the consumer driver. Addressing this claimed feature, at pages 6-7 of the Office Action, Examiner cited and relied upon Jacobs' FIG. 5 step 508, which states that a management server BIOS accesses a white list and a black list "to determine if the driver should be loaded."
Remarks page 9	

	Examiner respectfully disagrees with applicant’s argument that each of the independent claims expressly recites performing controlling protocol notifications from producer drivers to consumer drivers based on whether a unique key of the producer drivers successfully decrypts a signed consumer identifier of the consumer driver. As discussed above in the claim rejection under 35 U.S.C. 103 regarding claim 1, the limitation “perform access control of protocol notification from the producer driver to the consumer driver” is interpreted as the protocol notification from the producer driver to the consumer driver is controlled “based on whether the unique key successfully decrypts the signed consumer identifier associated with the consumer driver.” Jacobs discloses that, based on the determination using a white list and a black list,  a request of a driver in a managed server to be loaded and ran is determined or access of a driver in a managed server to be loaded and ran is controlled , which is interpreted as the protocol notification from the producer driver to the consumer driver is controlled.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/H.K./Examiner, Art Unit 2187                                                                                                                                                                                                        


/JI H BAE/Primary Examiner, Art Unit 2187