DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-12 are pending and rejected as follows:
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 5-9 and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi US 10776132 B1 in view of Martinez US 20170010875 A1
Regarding claim 1, Joshi teaches a method (Fig.1- 5) comprising:
configuring one or more random access memory (RAM) devices of an information handling system as a RAM disk trust zone; (Fig. 1, RAMdisk 325, Fig. 5, 510-515, col. 8, l. 55- col. 9, l. 26, col.9, l. 62-col. 10, l. 21)
enabling an embedded controller (EC) of the information handling system to provide attestation for one or more modules to access the RAM disk trust zone, wherein the EC provides one or more system management functions and one or more keyboard controller functions ( (Fig. 5, step 515- 517, verify the manifest col. 16, ll. 20-26, In recovery mode; OOB network connection may be established using an OOB management controller; col. 9, ll. 43-59. BMC 180 refers to as service processor or embedded controller which provides various management functions for information handling system 100. [col. 2, l. 40-58] and performs out of band access prior to execution of BIOS [col. 3, ll. 11-22])
attesting, by the EC, the one or more modules for interacting with the RAM disk trust zone (Fig. 5, step 530-540, verify authenticity of OS and device drivers by matching hash against checksum for each manifest; and store in RAMdisk if authenticated, col. 16, ll. 32-38 );
performing a cumulative hash verification of two or more files downloaded to the RAM disk trust zone based on individual hash value and identifier for each file (Fig. 3, 530-540, verifies the integrity or authenticity of downloaded files by matching their SHA256 hash against the checksum returned for each file in system manifest, col. 16, ll. 32-38, tag identify specific component )
migrating a memory identification (ID) table to an operating system (OS) runtime environment to enable secure access to RAM disk contents during the OS runtime (Fig. 5, step 570-590, access and mount RAMdisk to service including location, start address, UEFI variable, BIOS table, configuration or ACPI table, etc. during the recovery stage col. 10, ll. 5-21 and col. 15, ll. 4-23)
Though Joshi discloses verifying the integrity or authenticity of downloaded files by matching their SHA256 hash against the checksum returned for each file in system manifest (col. 16, ll. 32-38). Joshi does not explicitly disclose the term cumulative hash value wherein the cumulative hash verification includes requesting data identifying each of the two or more files, individual hash values for each of the two or more files, and a cumulative hash value for the two files.
Martinez teaches a verifying the integrity of a BIOS/UEFI delivery installation package (Fig. 5- 6 par. 12 and 24 and 28) wherein cumulative hash verification (par. 28 has of the entire package is sent, and used to compared for a match to ensure authenticity) includes requesting data identifying each of the two or more individual hash values for each of the two or more files (Fig. 3, par. 24 and 27, map file 310 stored includes one or more range descriptors and corresponding hashes; map file is store in the package. See also par. 25-26) and a cumulative hash value for the two files (par. 27, 28, hash of the entire executable 300).
It would have been obvious to one having ordinary skill in the art before the effective filing date to use the hash verification method of Martinez to provide a secured and simple verification of the integrity of the package.
Claim 2 based on the method of claim 1, Joshi further teaches wherein: configuring the one or more RAM devices as a RAM disk trust zone includes provisioning, by a trusted platform module a trust zone attestor (TZA) service
(RAM disks created in pre-boot environment, DXE phase in a TPM environment Col. 12, ll. 7-9 and col. 15, 24-32,TPM, col. 9. ll. 9-25)
Claim 3 based on the method of claim 2, Joshi further teaches, wherein the TZA service maintains a table of memory identifiers for the dynamically created RAM disks during a driver execution environment (DXE) phase of a universal extensible firmware interface (UEFI) boot sequence (RAM disks created in pre-boot environment, DXE phase; Col. 12, ll. 7-9 and col. 15, 24-32)
Claim 5 based on the method of claim 2, Joshi further teaches, further comprising: performing attestation of the modules before permitting access to the RAM disk trust zone (Fig. 5, step 517-535 prior to 540)
Claim 6 based on the method of claim 2, Joshi further teaches, further comprising: attesting, by the TZA service, a preboot download service before permitting the preboot download service to access the RAM disk trust zone (Fig. 5, step 510-560 is during preboot, prior to step 570, OS service stage)
Regarding claim 7, Josh teaches a CPU 102 (Fig. 1) and a TPM (col. 9. ll. 9-25). The rest of the claims are the same as claim 1 and therefore rejected accordingly.
Claims 8-9 and 11-12 are the same as claims 2-3 and 5-6 and therefore rejected accordingly
Claims 4 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi in view of Martinez and further in view of Tsai US 20180293162 A1
Regarding Claims 4 and 10, Josi teaches deallocate RAMDISK and freeing up more memory space upon loading the OS base image (col. 14, ll. 61-68) but does not explicitly disclose updating the table of memory identifiers during this process.
Tsai teaches memory space management list for monitoring the file ID in a directory predetermined directory and update the file information of the file into the memory space management to dynamically manage memory space (par. 32 and 42, and 66). It would have been obvious to one having ordinary skill in the art before the effective filing date to implement the teaching of updating the memory for space reservation to make sure there is enough memory space for executing the target process without introducing any unwanted side effect (Tsai, par. 2)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US-20120084552, US-10055357, US-20200356357, and US-20240403432 discloses various methods for security update firmware.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KIM HUYNH whose telephone number is (571)272-4147. The examiner can normally be reached M-Th 5:30am-3:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JAWEED ABBASZADEH can be reached at (571)270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KIM HUYNH/Primary Patent Examiner, Art Unit 2175