Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-3, 5, 7-11, 13, and 15-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by XIE et al. (United States Patent Application Publication US 2021/0240489), hereinafter XIE.

Regarding claim 1, XIE teaches a volatile memory, ([0024] “The computing system 10 may further include memory 14 that may be operatively coupled to the processor 12 such that the processor 12 may store data in the memory 14 and retrieve data from the memory 14. The memory 14 may include Random Access Memory (RAM) 20.” Random Access Memory (RAM) is a nonvolatile memory.) comprising a protected storage segment (PSS), ([0034] “The memory 14 of the computing system 10 may further include system management random access memory (SMRAM) 26 configured to be read and written to by the firmware 52 but not the operating system 50. The SMRAM 26 may include an SMRAM buffer 32 into which firmware update instructions are configured to be loaded. The SMRAM buffer 32 may be accessible by the firmware 52 and inaccessible by the operating system 50 of the computing system 10.” SMRAM included in the RAM is only accessible by the firmware, which is interpreted as a protected storage segment.)
the PSS configured to store firmware-authentication program code for authenticating firmware of the computer system; ([0028] “The firmware update patch 40 may include a plurality of code instructions to modify the firmware 52 of the computing system 10.” [0034] “The SMRAM 26 may include an SMRAM buffer 32 into which firmware update instructions are configured to be loaded.” [0036] “the processor 12 may be configured to generate a firmware update patch copy 60. The firmware update patch copy 60 may include a firmware volume copy 62, a platform public key copy 66, and a patch signature copy 68.” [0037] “The instructions may further cause the processor 12 to perform a second verification check 72 on the firmware update patch copy 60 stored in the SMRAM buffer 32.” The instruction to perform a verification check on the firmware update patch copy stored in the SRAM buffer is interpreted as firmware -authentication program code for authenticating firmware of the computer system.) and 
at least one processor, configured to: receive a trigger to switch to a given version of the firmware; ([0048] “The updating process 220 of FIG. 6 may be executed when the processor 12 receives the /update command at the command line utility URPUtil.exe included in the operating system 50.” The processor receives command to update the firmware, which is interpreted as a trigger to switch to a given version of the firmware.)
in response to the trigger, obtain a privilege to access the PSS, ([0050] “the processor 12 may be further configured to run a URP verification sequence including one or more of the checks included in the first verification check 70 and the second verification check 72.” When receiving the command to update the firmware, the first verification check is performed to access the SMRAM for the firmware update patch copy.) and 
authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS; ([0033] “In embodiments in which the firmware patch version indicator 45 is checked as part of the first verification check 70, the processor 12 may determine that the firmware update patch 40 passes the first verification check 70 at least in part by determining that a firmware version indicated by the firmware patch version indicator 45 is more recent than a currently installed firmware version 53. Thus, by checking the firmware patch version indicator 45, the processor 12 may be configured to determine whether the firmware update patch 40 is compatible with the currently installed firmware version 53.” [0034] “The SMRAM 26 may include an SMRAM buffer 32 into which firmware update instructions are configured to be loaded.” During the first and second verification check, the firmware patch version indicator is checked to determine or authenticate whether the firmware update patch is compatible. Furthermore, firmware update instructions are loaded to an SMRAM buffer, which performs the firmware update including verification step. Thus, the given version of the firmware is authenticated using the instructions of the SMRAM buffer and the firmware update patch copy in the SMRAM. Thus, the code to perform verification such as the firmware update instructions, and the signature, and the code to be verified, such as the firmware patch version indicator are loaded into the SMRAM.) and 
switch to the given version of the firmware upon successfully authenticating the given version, (Fig. 12A 610 “WHEN THE COPY OF THE FIRMWARE UPDATE PATCH PASSES THE SECOND VERIFICATION CHECK, EXECUTING THE COPY OF THE FIRMWARE UPDATE PATCH” When the first and second verification check is successful, the firmware update patch is performed to update the firmware.) and 
take an alternative action upon failing to authenticate the given version. ([0046] “When the first verification check 70 fails, installation of the URP capsule may be prevented at step 213…When the URP capsule fails the second verification check 72, installation of the URP capsule may be prevented at step 217.” If the verification checks fail, then the installation of the update is prevented, which is interpreted as take an alternative action.)

Regarding claim 2, XIE teaches a read-only-memory (ROM), ([0084] “Non-volatile storage device 706 may include…semiconductor memory (e.g., ROM, EPROM, EEPROM, FLASH memory, etc.)”) which is configured to store one or both of (i) part of the firmware-authentication program code and (ii) data used by the firmware-authentication program code, wherein, in response to the trigger, the at least one processor is configured to obtain a privilege to access both the PSS and the ROM. ([0027] “The instructions may be included in the non-volatile storage 22. The runtime buffer 30 may be included in UEFI runtime memory 24, which may be included in the RAM 20 and configured to read and/or written to by both the operating system 50 and the firmware 52.” The instructions included in the non-volatile storage or ROM is also used by the processor while the instruction stored in the volatile memory are performed as discussed above.)

Regarding claim 3, XIE teaches wherein the at least one processor is configured to obtain the privilege, authenticate the given version and switch to the given version, without a reset. ([0031] “the instructions may further cause the processor 12 to perform a first verification check 70 on the firmware update patch 40 stored in the runtime buffer 30.” [0037] “The instructions may further cause the processor 12 to perform a second verification check 72 on the firmware update patch copy 60 stored in the SMRAM buffer 32.” [0072] “When the copy of the firmware update patch passes the second verification check, the method 600 may further include, at step 610, executing the copy of the firmware update patch.” [0040] “the firmware update patch copy 60 may be executed in a runtime SMM without rebooting the computing system 10.” The processor performs the instructions for verification check and the firmware update. Furthermore, the firmware update process is executed without a rebooting, which is interpreted as without a reset.)

Regarding claim 5, XIE teaches a privilege control circuit that is configured to grant the privilege to access the PSS to the at least one processor, in response to detecting that the at least one processor accesses a defined address. ([0050] “The _ModuleEntryPoint method may initialize an EFI_STAGED_DRIVER_ENTRY with a staging globally unique identifier (GUID), as described in further detail below. The _ModuleEntryPoint method may be further configured to pass the staging GUID to a StageUrpDriver method of the UrpSmmCore driver.” [0055] “In addition, the SMM driver 400 may have a primary GUID 404 that indicates a location of a protocol interface 406 in the SMRAM.” Based on the GUID for the firmware update performed by the processor, the firmware update is executed by the processor, which performs the verification checks and accessing to the RAM.)  

Regarding claim 7, XIE teaches wherein the volatile memory and the at least one processor are comprised in a network device. ([0079] “Computing system 700 may take the form of one or more…server computers…network computing devices,…,mobile computing devices, mobile communication devices…” The computing system including a processor and a RAM may take a form of server computers, network computing devices, mobile computing devices, or mobile communication devices, which is interpreted as a network device.)

Regarding claim 8, XIE teaches wherein the network device comprises one of a network adapter, a network switch, a network router and a network-enabled Graphics Processing Unit (GPU). ([0026] “one or more input devices, one or more output devices, or one or more networking devices.” [0090] “the communication subsystem may be configured for communication via a wireless telephone network, or a wired or wireless local- or wide-area network, such as a HDMI over Wi-Fi connection…the communication subsystem may allow computing system 700 to send and/or receive messages to and/or from other devices via a network such as the Internet.” The communication subsystem via a wireless telephone network, a wired or wireless local or wide-area network, and the internet is interpreted as a network adapter, a network switch, and a network router.)

	Regarding claims 9-11, 13, 15, and 16, the claims 9-11, 13, 15, and 16 are the method claims of the apparatus claims 1-3, 5, 7, and 8. The claims 9-11, 13, 15, and 16 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, XIE teaches all the limitations of the claims 9-11, 13, 15, and 16.

	Regarding claims 17-20, the claims 17-20 do not further teach or define the limitation over the limitations recited in the rejected claims 1, 3, 7, and 8 above. Therefore, XIE teaches all the limitations of the claims 17-20.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claims 4, 6, 12 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over XIE in view of Sakthikumar (United States Patent US 11321077), hereinafter Sakthikumar.

Regarding claim 4, XIE teaches all the limitations of the computer system according to claim 1, as discussed above.
However, XIE does not teach wherein, in response to a reset, the at least one processor is configured to boot an initial version or the firmware, to authenticate the initial version of the firmware, and to load the firmware-authentication program code to the PSS.
Sakthikumar teaches wherein, in response to a reset, (Col. 7 Lines 19-21 “The boot can be an initial boot or a reboot, as may be the result of a manual user action or a system initiated instruction, among other such options.” Boot includes a reboot, which is interpreted as in response to a reset.) the at least one processor is configured to boot an initial version of the firmware, (Col. 7 Lines 25-28 “For a UEFI-based process, this can include an initial SEC security phase, which contains initialization code for a main central processing unit (CPU), and an initialization phase that configures the entire hardware platform.” After boot or reboot, a UEFI-based process performs initialization code, which is interpreted as boot an initial version of the firmware.) to authenticate the initial version of the firmware, (Col. 8 Lines 38-39 “a component of the RLE can verify 406 a signature on the API call before processing the update.” The RLE, which is loaded as a part of an initialization, verifies the signature before the update is executed.) and to load the firmware-authentication program code to the PSS. (Col. 8 Lines 40-44 “this can include determining that an appropriate credential or secret was used to digitally sign the API request, where an instance of that credential or secret can be stored to the protected RLE memory or another secure location.” Lines 54-57 “execution of runtime code in the RLE is paused 408 in order to perform the update…While paused, the patch or update can be loaded and applied 410 to the runtime code or models in the RLE, which can involve updating the relevant runtime configuration data.” After verification, an instance of that credential or secret is loaded to the protected RLE memory or another secure location.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified XIE by incorporating the teaching of Sakthikumar of in response to a reset or a reboot, the processor to boot an initial version or the firmware, to authenticate the initial version of the firmware, and to load the firmware-authentication program code to the PSS. They are all directed toward updating the firmware. As recognized by Sakthikumar, current approaches to updating or patching BIOS code require a rebooting of the host in order to update the firmware, which results in downtime for the host device and at least some period of unavailability for users of that computing device. (Col. 1 Lines 18-22) By loading or storing the code into a protected memory at a reboot, a code can be accessible to an operating system or processing component via one or more API, which allow a patch or an update to be executed without rebooting. (Col. 1 Line 55-Col. 2 Line11) Therefore, it would be advantageous to incorporate the teaching of Sakthikumar of in response to a reset or a reboot, the processor to boot an initial version or the firmware, to authenticate the initial version of the firmware, and to load the firmware-authentication program code to the PSS in order to update the firmware to update the firmware without reboot.

Regarding claim 6, XIE teaches all the limitations of the computer system according to claim 1, as discussed above.
XIE, as modified above, further teaches input interfaces. ([0089] “When included, input subsystem 710 may comprise or interface with one or more user-input devices such as a keyboard, mouse, touch screen, or game controller.” [0090] “When included, communication subsystem 712 may be configured to communicatively couple various computing devices described herein with each other, and with other devices.”)
Sakthikumar further teaches wherein the at least one processor is configured to ignore inputs from the input interfaces while having the privilege to access the PSS. (Col. 8 Lines 50-51 “the RLE can otherwise be prevented from accepting new requests, at least during the update process.”)

Regarding claims 12 and 14, the claims 12 and 14 are the method claims of the apparatus claims 4 and 6. The claims 12 and 14 do not further teach or define the limitation over the limitations recited in the rejected claims above. Therefore, XIE in view of Sakthikumar teaches all the limitations of the claims 12 and 14.

Response to Arguments
Applicant's arguments filed 9/1/2022 with respect to “Patentability” have been fully considered but they are not persuasive.
Applicant argues
SMRAM 26 stores "firmware update instructions" (paragraph [0034]), a "URP capsule" (paragraphs [0043], [0053]), and a "SMM driver 400" (paragraph [0055] [0056]), but none of these is a "firmware-authentication program code" as recited in claim 1. The "firmware update instructions" are instructions on how to perform an update, not instructions for authentication. The patch signature key 68, mentioned in paragraph [0037] is a signature used by a "firmware-authentication program code", not the "firmware-authentication program code". The URP capsule is a firmware update patch 40 (paragraph [0032]) and similarly is not related to authentication. The SMM driver is a system management mode driver included in the firmware (paragraph [0040]). It is placed in the SMRAM between the first and second verification stages (Fig. 4) and is not executed from the SMRAM. Therefore, even if the SMM driver includes instructions which perform the verification, these instructions perform the verification as part of firmware 52 and not from the SMRAM.
Remarks Page 6

Examiner respectfully disagrees with applicant’s argument that SMRAM 26 stores "firmware update instructions" (paragraph [0034]), a "URP capsule" (paragraphs [0043], [0053]), and a "SMM driver 400" (paragraph [0055] [0056]), but none of these is a "firmware-authentication program code" as recited in claim 1. The claim limitation discloses “authenticate the given version of the firmware by executing the firmware program code from the PSS.” The PSS stores the “firmware-authentication program code for authenticating firmware of the computer system.” Thus, “executing the firmware program code from the PSS” is interpreted as executing firmware program code stored in the PSS, which further can be loaded into another storage, such as a SMRAM or executed on the PSS. Furthermore, the firmware program code is to authenticate firmware of the computer system. Thus, the firmware program code can be a code or an algorithm to perform authentication or a code to be authenticated or verified to authenticate the firmware, such as key, firmware version information, and signatures. As disclosed in the paragraph [0028], “the firmware update patch 40 may include a plurality of code instructions to modify the firmware 52 of the computing system.” Also, as disclosed in the paragraph [0036], the firmware update patch copy is loaded into the SMRAM buffer for further updating process. As disclosed in [0036]-[0037], the firmware update patch copy loaded into the SMRAM buffer is verified using the platform public key and a firmware patch version indicator included in the firmware update patch copy, which is interpreted as a code to be authenticated or verified to authenticate the firmware. Furthermore, in the paragraphs [0028] and [0034], “a plurality of code instructions to modify the firmware” and “firmware instructions” loaded into the SMRAM buffer include instructions for updating the firmware, which further includes verification steps as disclosed in the paragraphs [0035]-[0039].

Applicant argues:
The first and second verifications performed by Xie are carried out by "the instructions" (paragraphs [0031] and [0037]), which seem to be the instructions stored in non-volatile memory 22 (paragraphs [0024], [0026]-[0027]), not in SMRAM 26. More specifically, the verification is carried out by a verification process 200 (paragraphs [0041]-[0042]) and a UrpSmmCore driver (paragraph [0043]). The UrpSmmCore may copy the URP capsule to the SMRAM buffer 32 (paragraph [0044 ]), but Applicant could not find any indication that the UrpSmmCore itself is in the SMRAM 26. As shown in Fig. 4, the SMRAM is used to protect the URP capsule, not to protect the verification instructions.
The Examiner stated that "the instructions to perform a verification check on the firmware update patch copy stored in the SRAM buffer is interpreted as firmware -authentication program code for authenticating firmware of the computer system." Applicant respectfully submits that "the instructions" are not executed from the SMRAM, which the Examiner identified as the PSS, and therefore "the instructions" do not meet the requirement of "executing the firmware-authentication program code from the PSS".
Remarks Page 6

Examiner respectfully disagrees with applicant’s argument that Applicant respectfully submits that "the instructions" are not executed from the SMRAM, which the Examiner identified as the PSS, and therefore "the instructions" do not meet the requirement of "executing the firmware-authentication program code from the PSS". As discussed above, the firmware program code can be a code or an algorithm to perform authentication or a code to be authenticated or verified to authenticate the firmware, such as key, firmware version information, and signatures. Thus, the firmware update instruction and the firmware update patch including a plurality of code instructions to modify the firmware, which includes verification steps, are interpreted as the firmware-authentication program code, are copied or loaded into the SMRAM, which is interpreted as the firmware-authentication program code from the PSS. Furthermore, the firmware update instruction and the firmware update patch in the SMRAM is used to perform verification steps in the paragraphs [0031]-[0039]. Also, a URP capsule manifest header, which includes a signing key length, a bas BIOS version, and a URP capsule version number of the URP capsule in the paragraph [0028]. In the paragraph [0036], “the firmware update patch copy is a URP capsule…which may…include a firmware patch version indicator copy 65.” As a part of the verification check, the firmware patch version indicator copy of the firmware update patch copy in the SMRAM buffer is verified in the paragraph [0038]. Thus, XIE teaches the firmware update patch copy to be authenticated and the firmware update instructions to verify or authenticate the updating process, which executing the authentication using the code stored in the SMRAM buffer.

Applicant argues:
Claim 14, for example, recites "ignoring inputs from input interfaces of the computer system while having the privilege to access the PSS." 
In the office action, the Examiner referred to col. 8, lines 50-51, of Sakthikumar, which teaches that "the RLE can otherwise be prevented from accepting new requests". In response, Applicant respectfully notes that the prevention of accepting new requests is of requests to the RLE, "to submit new updates or patch code" (col. 3, lines 38-39), and has nothing to do with input interfaces of the computer systems. Sakthikumar specifically states that other processes on the device can continue without interruption unless those processes rely on access to the RLE (col. 8, lines 50-54). The RLE is a runtime loader environment and Applicant could not find any suggestion that the RLE controls or is otherwise necessary for using input interfaces.
Remarks Page 7

Examiner respectfully disagrees with applicant’s argument that Applicant could not find any suggestion that the RLE controls or is otherwise necessary for using input interfaces. Sakthikumar discloses “the RLE is prevented from accepting new requests,” which is interpreted as ignore inputs, at least during the update process,” which is interpreted as “while having the privilege to access the PSS. In Col. 7 Lines 52-56 “runtime drivers can relate to runtime operations rather than boot operations, such as to detect and handle system hardware errors (such as may relate to memory or peripheral devices), analyze runtime errors, and isolate failing components.” Thus, RLE to detect and handle system hardware, such as peripheral devices, which includes keyboards and the like (Col. 4 Line 22).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HYUN SOO KIM whose telephone number is (571)270-1768. The examiner can normally be reached Monday - Friday 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on (571) 270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/H.K./            Examiner, Art Unit 2187    

/JAWEED A ABBASZADEH/            Supervisory Patent Examiner, Art Unit 2187