DETAILED ACTION
	Claims 1-8 and 10-20 are presented on 10/30/2018 for examination on merits.  Claim 9 is cancelled by preliminary amendment.  Claims 1, 6, 11 and 16 are independent base claims.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Set #1.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted as for examination on merits are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner. See the annotated 1449 documents.

Claim Interpretation - 35 USC § 112(f)

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claims 6-8 and 10 contain limitation(s) invoking 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph as detailed in the following.
Each of the following Claim limitations
Claim 6: a task reading module configured to read a vulnerability scan task …;
Claim 6: a popularity coefficient obtaining module configured to find a website corresponding to the vulnerability scan task …; 
Claim 6: a security risk coefficient obtaining module configured to acquire historical vulnerability scan data and a vulnerability risk level table...;
Claim 6: a time coefficient obtaining module configured to acquire update time data of the vulnerability scan task …;
Claim 6: a priority weight obtaining module configured to input the popularity coefficient, the security risk coefficient …; 
Claim 6: a scan task execution module configured to execute vulnerability scan tasks in the scan task pool...;
Claim 7: a task risk coefficient obtaining module configured to acquire a first historical vulnerability scan data of the website…;
Claim 7: a website risk coefficient obtaining module configured to acquire a second historical vulnerability scan data of the scan task pool …;
module configured to calculate the security risk coefficient of the vulnerability scan task …;
Claim 8: a scan time coefficient obtaining module configured to acquire scan time data of all the vulnerability scan tasks …;
Claim 8: an update time coefficient obtaining module configured to acquire a content update time data of all the vulnerability scan tasks in the scan task pool…;
Claim 8: a time coefficient calculation module configured to obtain the time coefficient of the read vulnerability scan task according to the scan time characteristic value…;
Claim 10: a first time acquiring module configured to acquire a first time when the latest task content of the read vulnerability scan task being updated;
Claim 10: an update time interval calculation module configured to find a vulnerability scan task with the shortest task content update time interval …;
Claim 10: an update characteristic value calculation module configured to calculate the update time characteristic value according to the first time and the update time interval
have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because it uses/they use a generic placeholder “module” coupled with functional language without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier. For example, the phrase “scan task execution” is not a structural modifier.  
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 6-8 and 10 have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: NONE.  

If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claims 1-8 and 10-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claim 1 recites the limitation "executing vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights" in the last clause of the claim unclearly, because the claimed method appears to be a series of steps for evaluating/obtaining an execution priority weight of a vulnerability scan task.  However, the limitation indicates executing a plurality of vulnerability scan tasks in the scan task pool according to a plurality of execution priority weights, which are not necessarily obtained yet.  Therefore, it is unclear how calculation of weight for the single scan task leads to executing a plurality of vulnerability scan tasks in the pool. 
Claim 1 recites the limitation "the execution priority weights" in plural form in the last clause of the claim.  There is insufficient antecedent basis for this limitation in the claim.
Claim 6 recites the limitation “a scan task execution module configured to execute vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights” unclearly for the same reason as claim 1.  Therefore, claim 6 is rejected.
Claim 11 and 16 each recite the limitation “executing vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights” unclearly for the same reason as claim 1. Therefore, claims 11 and 16 are rejected.

Dependent claims 2-5, 7-8 and 10, 12-15, and 17-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as they depends from the rejected base claims 1, 6, 11, and 16, respectively.

Claims 6-8 and 10 are further rejected under 35 U.S.C. 112 (b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.  This determination is explained in the following.

Claim 6: a task reading module configured to read a vulnerability scan task …;
Claim 6: a popularity coefficient obtaining module configured to find a website corresponding to the vulnerability scan task …; 
Claim 6: a security risk coefficient obtaining module configured to acquire historical vulnerability scan data and a vulnerability risk level table...;
Claim 6: a time coefficient obtaining module configured to acquire update time data of the vulnerability scan task …;
Claim 6: a priority weight obtaining module configured to input the popularity coefficient, the security risk coefficient …; 
Claim 6: a scan task execution module configured to execute vulnerability scan tasks in the scan task pool...;
Claim 7: a task risk coefficient obtaining module configured to acquire a first historical vulnerability scan data of the website…;
Claim 7: a website risk coefficient obtaining module configured to acquire a second historical vulnerability scan data of the scan task pool …;
Claim 7: a risk coefficient calculation module configured to calculate the security risk coefficient of the vulnerability scan task …;
Claim 8: a scan time coefficient obtaining module configured to acquire scan time data of all the vulnerability scan tasks …;
Claim 8: an update time coefficient obtaining module configured to acquire a content update time data of all the vulnerability scan tasks in the scan task pool…;
Claim 8: a time coefficient calculation module configured to obtain the time coefficient of the read vulnerability scan task according to the scan time characteristic value…;
module configured to acquire a first time when the latest task content of the read vulnerability scan task being updated;
Claim 10: an update time interval calculation module configured to find a vulnerability scan task with the shortest task content update time interval …;
Claim 10: an update characteristic value calculation module configured to calculate the update time characteristic value according to the first time and the update time interval;
is interpreted under 35 U.S.C. 112(f) .  Therefore the above claims each contain placeholders that require corresponding structure(s).  It is unclear whether the recited structure, material, or acts in these claims are sufficient for performing the claimed function because the Specification is unclear about the corresponding structure(s).  
If applicant wishes to have the claim limitation treated under 35 U.S.C. 112 (f), applicant may amend the claim so that the phrase “means for” or “step for” or the non-structural term is clearly not modified by sufficient structure, material, or acts for performing the claimed function, or present a sufficient showing that the claim limitation is written as a function to be performed and the claim does not recite sufficient structure, material, or acts for performing the claimed function.
If applicant does not wish to have the claim limitation treated under 35 U.S.C. 112 (f), applicant may amend the claim so that it will clearly not invoke 35 U.S.C. 112 (f), or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112 (f).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-2, 4, 6-8 and 11-12, 14, 16-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ramzan (US 8850570 B1) in view of Zhao (US 7836502 B1).

As per claim 1, Ramzan teaches a method of scanning website vulnerability, comprising: 
reading a vulnerability scan task in a scan task pool (Ramzan, col. 7, lines 9-23: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis); 
finding a website corresponding to the vulnerability scan task, acquiring access data of the website, and obtaining a popularity coefficient of the website according to the access data Ramzan, col. 9, lines 5-17: The security server 110 generates 516 a filter score for the candidate suspicious website by applying a filter classifier 350 (FIG. 3) to the feature set); 
acquiring historical vulnerability scan data and a vulnerability risk level table (Ramzan, col. 5, lines 30-47: Information indicating whether the candidate suspicious website is within a categorized directory … with past characteristics of the heuristic), and obtaining a security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table (Ramzan, col. 6, lines 1-9: identify the candidate suspicious website. 11) Information indicating traditional characteristics of malware websites. For example, information indicating the presence of a small inline frame (IFRAME) or other element used to embed documents such as HTML documents inside other documents); 
executing vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights (Ramzan, col. 7, lines 9-17: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis to the malicious code scanning module 422).
However, Ramzan does not explicitly disclose inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task. This aspect of the claim is identified as a further difference.
In a related art, Zhao teaches:
acquiring update time data of the vulnerability scan task, and calculating a time coefficient of the vulnerability scan task according to the update time data (Zhao discloses acquiring different criteria such as: the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); col. 7, lines 5-15); 
priority weight of the vulnerability scan task (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the size of the resource, the scanning time consumption, the access frequency rate, and the like; col. 7, lines 5-15: the scheduler is configured to determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); and 
Ramzan and Zhao are analogous art, because they are in a similar field of endeavor in improving security scans of websites.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Zhao to modify Ramzan’s system to include a set of criteria/coefficients for schedule prioritization.  For this combination, the motivation would have been to improve the level of security with accurate scans of all websites with potential threats.

As per claim 2, the references as combined above teach the method of scanning website vulnerability of claim 1, wherein the acquiring historical vulnerability scan data and the vulnerability risk level table, and obtaining the security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table comprises: 
acquiring a first historical vulnerability scan data of the website corresponding to the vulnerability scan task, and obtaining a task risk characteristic value of the vulnerability scan task according to the first historical vulnerability scan data and the vulnerability risk level table (Zhao, col. 1, lines 35-41: access the infected document may be at risk; for example, col. 1, lines 55-60: some of the resources may be fairly large, thereby requiring a long scanning time; the time required to scan the resource exceeds the time limit); 
(Zhao, col. 7, lines 7-15: the frequency at which a resource is accessed – obviously a risk factor); and 
calculating the security risk coefficient of the vulnerability scan task according to the task risk characteristic value and the website risk characteristic value (Zhao, col. 7, lines 5-15:, determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate).

As per claim 4, the references as combined above teach the method of scanning website vulnerability of claim 1, wherein the acquiring update time data of the vulnerability scan task, and calculating the time coefficient of the vulnerability scan task according to the update time data comprises: 
acquiring scan time data of all the vulnerability scan tasks in the scan task pool, and calculating a scan time characteristic value of the read vulnerability scan task according to the scan time data (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the scanning time consumption, for some companies, it may require hours or even days to be completed; see col. 6, lines 18-28); 
acquiring a content update time data of all the vulnerability scan tasks in the scan task pool, and calculating an update time characteristic value of the read vulnerability scan task according to the content update time data (Zhao, col. 12, lines 1-15: scanner 526 may be updated to enable real -time scanning; Additionally or alternatively, the resource may be rescanned each time the background malware scanner database is updated with a new virus 
obtaining the time coefficient of the read vulnerability scan task according to the scan time characteristic value and the update time characteristic value (Zhao, col. 11, lines 27-40: obtaining a set of criteria, such as “the scanning time consumption” and “the access frequency rate.” Here in Zhao, the criteria for “the scanning time consumption” and “the access frequency rate” as combined obviously suggests using time characteristic value and the update time requirement as the time coefficient of scheduling the scan task).

As per claim 6, Ramzan teaches a device of scanning website vulnerability comprising: 
a task reading module configured to read a vulnerability scan task in a scan task pool (Ramzan, col. 7, lines 9-23: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis); 
a popularity coefficient obtaining module configured to find a website corresponding to the vulnerability scan task (Ramzan, col. 9, lines 5-17: The security server 110 generates 516 a filter score for the candidate suspicious website by applying a filter classifier 350 (FIG. 3) to the feature set);, acquire access data of the website, and obtain a popularity coefficient of the website according to the access data (Ramzan, col. 5, lines 30-47: Information indicating whether the candidate suspicious website is within a categorized directory … with past characteristics of the heuristic); 
a security risk coefficient obtaining module configured to acquire historical vulnerability scan data and a vulnerability risk level table, and obtain a security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table (Ramzan, col. 6, lines 1-9: identify the candidate suspicious website. 11) Information indicating traditional characteristics of malware websites. For example, information 
a scan task execution module configured to execute vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights (Ramzan, col. 7, lines 9-17: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis to the malicious code scanning module 422).
However, Ramzan does not explicitly disclose inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task. This aspect of the claim is identified as a further difference.
In a related art, Zhao teaches:
a time coefficient obtaining module configured to acquire update time data of the vulnerability scan task, and calculate a time coefficient of the vulnerability scan task according to the update time data (Zhao discloses acquiring different criteria such as: the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); col. 7, lines 5-15); 
priority weight obtaining module configured to input the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtain an execution priority weight of the vulnerability scan task (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the size of the resource, the scanning time consumption, the access frequency rate, and the like; col. 7, lines 5-15: the scheduler is configured to determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); and 
Ramzan and Zhao are analogous art, because they are in a similar field of endeavor in improving security scans of websites.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Zhao to modify Ramzan’s system to include a set of criteria/coefficients for schedule prioritization.  For this combination, the motivation would have been to improve the level of security with accurate scans of all websites with potential threats.

As per claim 7, the references as combined above teach the device of scanning website vulnerability of claim 6, wherein the security risk coefficient obtaining module comprises: 
a task risk coefficient obtaining module configured to acquire a first historical vulnerability scan data of the website corresponding to the vulnerability scan task, and obtain a task risk characteristic value of the vulnerability scan task according to the first historical vulnerability scan data and the vulnerability risk level table (Zhao, col. 1, lines 35-41: access the infected document may be at risk; for example, col. 1, lines 55-60: some of the resources may be fairly large, thereby requiring a long scanning time; the time required to scan the resource exceeds the time limit);  
a website risk coefficient obtaining module configured to acquire a second historical vulnerability scan data of the scan task pool, and obtain a website risk characteristic value of the website corresponding to the vulnerability scan task according to the second historical vulnerability scan data and the vulnerability risk level table (Zhao, col. 7, lines 7-15: the frequency at which a resource is accessed – obviously a risk factor); and 
a risk coefficient calculation module configured to calculate the security risk coefficient of the vulnerability scan task according to the task risk characteristic value and the website risk characteristic value (Zhao, col. 7, lines 5-15:, determine the priority score of a resource. The 

As per claim 8, the references as combined above teach the device of scanning website vulnerability of claim 6, wherein the time coefficient obtaining module comprises: 
a scan time coefficient obtaining module configured to acquire scan time data of all the vulnerability scan tasks in the scan task pool, and calculate a scan time characteristic value of the read vulnerability scan task according to the scan time data (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the scanning time consumption, for some companies, it may require hours or even days to be completed; see col. 6, lines 18-28); 
an update time coefficient obtaining module configured to acquire a content update time data of all the vulnerability scan tasks in the scan task pool, and calculate an update time characteristic value of the read vulnerability scan task according to the content update time data (Zhao, col. 12, lines 1-15: scanner 526 may be updated to enable real -time scanning; Additionally or alternatively, the resource may be rescanned each time the background malware scanner database is updated with a new virus pattern. Thus, when a new virus pattern is received by SGSA 512, background malware scanner 526 may be updated with the new virus pattern); and 
a time coefficient calculation module configured to obtain the time coefficient of the read vulnerability scan task according to the scan time characteristic value and the update time characteristic value (Zhao, col. 11, lines 27-40: obtaining a set of criteria, such as “the scanning time consumption” and “the access frequency rate.” Here in Zhao, the criteria for “the scanning time consumption” and “the access frequency rate” as combined obviously suggests using time characteristic value and the update time requirement as the time coefficient of scheduling the scan task)..

As per claim 11, Ramzan teaches a server comprising: 
one or more processors, and a memory storing computer readable instructions, which, when executed by the one or more processors cause the one or more processors to perform steps comprising: 
reading a vulnerability scan task in a scan task pool (Ramzan, col. 7, lines 9-23: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis); 
finding a website corresponding to the vulnerability scan task, acquiring access data of the website, and obtaining a popularity coefficient of the website according to the access data (Ramzan, col. 9, lines 5-17: The security server 110 generates 516 a filter score for the candidate suspicious website by applying a filter classifier 350 (FIG. 3) to the feature set); 
acquiring historical vulnerability scan data and a vulnerability risk level table (Ramzan, col. 5, lines 30-47: Information indicating whether the candidate suspicious website is within a categorized directory … with past characteristics of the heuristic), and obtaining a security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table (Ramzan, col. 6, lines 1-9: identify the candidate suspicious website. 11) Information indicating traditional characteristics of malware websites. For example, information indicating the presence of a small inline frame (IFRAME) or other element used to embed documents such as HTML documents inside other documents); 
executing vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights.
(Ramzan, col. 7, lines 9-17: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis to the malicious code scanning module 422).
Ramzan does not explicitly disclose inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task. This aspect of the claim is identified as a further difference.
In a related art, Zhao teaches:
acquiring update time data of the vulnerability scan task, and calculating a time coefficient of the vulnerability scan task according to the update time data (Zhao discloses acquiring different criteria such as: the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); col. 7, lines 5-15); 
inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the size of the resource, the scanning time consumption, the access frequency rate, and the like; col. 7, lines 5-15: the scheduler is configured to determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); and 
Ramzan and Zhao are analogous art, because they are in a similar field of endeavor in improving security scans of websites.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Zhao to modify Ramzan’s system to include a set of criteria/coefficients for schedule prioritization.  For this combination, the motivation would have been to improve the level of security with accurate scans of all websites with potential threats.


As per claim 12, the references as combined above teach the server of  claim 11, wherein the memory further comprises instructions, which, when executed by the processor, cause the processor to perform steps comprising: 
acquiring a first historical vulnerability scan data of the website corresponding to the vulnerability scan task, and obtaining a task risk characteristic value of the vulnerability scan task according to the first historical vulnerability scan data and the vulnerability risk level table  (Zhao, col. 1, lines 35-41: access the infected document may be at risk; for example, col. 1, lines 55-60: some of the resources may be fairly large, thereby requiring a long scanning time; the time required to scan the resource exceeds the time limit); 
acquiring a second historical vulnerability scan data of the scan task pool, and obtaining a website risk characteristic value of the website corresponding to the vulnerability scan task according to the second historical vulnerability scan data and the vulnerability risk level table (Zhao, col. 7, lines 7-15: the frequency at which a resource is accessed – obviously a risk factor); and 
calculating the security risk coefficient of the vulnerability scan task according to the task risk characteristic value and the website risk characteristic value (Zhao, col. 7, lines 5-15:, determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate).

As per claim 14, the references as combined above teach the server of  claim 1t, wherein the memory further comprises instructions, which, when executed by the processor, cause the processor to perform steps comprising: 
acquiring scan time data of all the vulnerability scan tasks in the scan task pool. and calculating a scan time characteristic value of the read vulnerability scan task according to the scan time data (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the 
acquiring a content update time data of all the vulnerability scan tasks in the scan task pool, and calculating an update time characteristic value of the read vulnerability scan task according to the content update time data (Zhao, col. 12, lines 1-15: scanner 526 may be updated to enable real -time scanning; Additionally or alternatively, the resource may be rescanned each time the background malware scanner database is updated with a new virus pattern. Thus, when a new virus pattern is received by SGSA 512, background malware scanner 526 may be updated with the new virus pattern); and 
obtaining the time coefficient of the read vulnerability scan task according to the scan time characteristic value and the update time characteristic value (Zhao, col. 11, lines 27-40: obtaining a set of criteria, such as “the scanning time consumption” and “the access frequency rate.” Here in Zhao, the criteria for “the scanning time consumption” and “the access frequency rate” as combined obviously suggests using time characteristic value and the update time requirement as the time coefficient of scheduling the scan task).

As per claim 16, Ramzan teaches at least one non-transitory computer readable storage medium comprising computer readable instructions, which, when executed by one or more processors, cause the one or more processors to perform steps comprising: 
reading a vulnerability scan task in a scan task pool (Ramzan, col. 7, lines 9-23: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis); 
finding a website corresponding to the vulnerability scan task, acquiring access data of the website, and obtaining a popularity coefficient of the website according to the access data Ramzan, col. 9, lines 5-17: The security server 110 generates 516 a filter score for the candidate suspicious website by applying a filter classifier 350 (FIG. 3) to the feature set); 
acquiring historical vulnerability scan data and a vulnerability risk level table (Ramzan, col. 5, lines 30-47: Information indicating whether the candidate suspicious website is within a categorized directory … with past characteristics of the heuristic), and obtaining a security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table (Ramzan, col. 6, lines 1-9: identify the candidate suspicious website. 11) Information indicating traditional characteristics of malware websites. For example, information indicating the presence of a small inline frame (IFRAME) or other element used to embed documents such as HTML documents inside other documents); 
executing vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights (Ramzan, col. 7, lines 9-17: The suspicious website priority queue 412 communicates with the malicious code scanning module 422 to transmit the unique identifier for the suspicious website having the highest priority for analysis to the malicious code scanning module 422).
However, Ramzan does not explicitly disclose inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task. This aspect of the claim is identified as a further difference.
In a related art, Zhao teaches:
acquiring update time data of the vulnerability scan task, and calculating a time coefficient of the vulnerability scan task according to the update time data (Zhao discloses acquiring different criteria such as: the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); col. 7, lines 5-15); 
priority weight of the vulnerability scan task (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the size of the resource, the scanning time consumption, the access frequency rate, and the like; col. 7, lines 5-15: the scheduler is configured to determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate, and the resource recent scanning performance data (e.g. scanning time consumption); and 
Ramzan and Zhao are analogous art, because they are in a similar field of endeavor in improving security scans of websites.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Zhao to modify Ramzan’s system to include a set of criteria/coefficients for schedule prioritization.  For this combination, the motivation would have been to improve the level of security with accurate scans of all websites with potential threats.

As per claim 17, the references as combined above teach the storage medium of claim 16, wherein the computer readable instructions, which, when executed by one or more processors, cause the one or more processors to perform steps comprising: 
acquiring a first historical vulnerability scan data of the website corresponding to the vulnerability scan task, and obtaining a task risk characteristic value of the vulnerability scan task according to the first historical vulnerability scan data and the vulnerability risk level table (Zhao, col. 1, lines 35-41: access the infected document may be at risk; for example, col. 1, lines 55-60: some of the resources may be fairly large, thereby requiring a long scanning time; the time required to scan the resource exceeds the time limit); 
acquiring a second historical vulnerability scan data of the scan task pool, and obtaining a website risk characteristic value of the website corresponding to the vulnerability scan task (Zhao, col. 7, lines 7-15: the frequency at which a resource is accessed – obviously a risk factor); and 
calculating the security risk coefficient of the vulnerability scan task according to the task risk characteristic value and the website risk characteristic value (Zhao, col. 7, lines 5-15:, determine the priority score of a resource. The scheduler may create the priority score based on different criteria, including but are not limited to, the size of the resource, the resource access frequency rate).

As per claim 19, the references as combined above teach the storage medium of claim 16, wherein the computer readable instructions, which, when executed by one or more processors, cause the one or more processors to perform steps comprising: 
acquiring scan time data of all the vulnerability scan tasks in the scan task pool, and calculating a scan time characteristic value of the read vulnerability scan task according to the scan time data (Zhao, col. 11, lines 32-34: a set of criteria, including but not limited to, the scanning time consumption, for some companies, it may require hours or even days to be completed; see col. 6, lines 18-28);; 
acquiring a content update time data of all the vulnerability scan tasks in the scan task pool, and calculating an update time characteristic value of the read vulnerability scan task according to the content update time data (Zhao, col. 12, lines 1-15: scanner 526 may be updated to enable real -time scanning; Additionally or alternatively, the resource may be rescanned each time the background malware scanner database is updated with a new virus pattern. Thus, when a new virus pattern is received by SGSA 512, background malware scanner 526 may be updated with the new virus pattern); and 
obtaining the time coefficient of the read vulnerability scan task according to the scan time characteristic value and the update time characteristic value (Zhao, col. 11, lines 27-40: .

Allowable Subject Matter
Claim 3, 5, 10, 13, 15, 18, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
It is noted that claims 3, 13, and 18 each similarly recite the limitations “summing risk scores of the historical scan security vulnerabilities of the vulnerability scan task to obtain a risk value of the vulnerability scan task; summing risk scores of the historical scan security vulnerabilities of the corresponding website to obtain a risk value of the corresponding website; and calculating the task risk characteristic value of the vulnerability scan task according to the risk value of the corresponding website and the risk value of the vulnerability scan task” which are are not anticipated by, nor made obvious over the prior art of record when in combination with the other limitations in their base independent claims.
Claims 5, 10, 15, and 20 each similarly recite the limitations “acquiring a first time when the latest task content of the read vulnerability scan task being updated; finding a vulnerability scan task with the shortest task content update time interval and a vulnerability scan task with the longest task content update time interval in the scan task pool, and calculating an update time interval of the two found vulnerability scan tasks; and calculating the update time characteristic value according to the first time and the update time interval” when in combination with the other limitations in their base independent claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953.  The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        05/21/2021