DETAILED ACTION
The following claims are pending in this office action: 1-20
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 07/16/2019 are accepted.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/06/2019 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 09/06/2019 is attached to the instant Office action. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 4-5, 11, 14-16 and 18-20 are rejected under 35 USC § 102 (a)(1) as being anticipated by Olarig et al. (US Pub. 2018/0322285) (hereinafter “Olarig”). 

As per claim 1, Olarig teaches a method comprising scanning, ([Olarig, para. 0017] the BMC device utilizes a buffer rolling window [memory 115] to scan for any malicious signatures) via a NAND flash memory ([para. 0003; para. 0028] SSD Flash NAND as an embodiment of memory is taught) a computer system to obtain information related to a software program, ([Fig. 2; para. 0031] data [information] from potentially malicious software in computer system 100 is received; the data is received in memory 115) ([para. 0031] the memory 115 of the BMC on computer system 100 scans data for virus codes or malicious signatures.  [Para. 0032] the BMC device maintains the database of signatures and codes [a rule set as they are parameters to be determined for a software program – see para. 0022 of the instant application])
obtaining, by the NAND flash memory, metrics related to the software program via the BMC; ([Olarig, para. 0031] the received software data is written into memory 115, which includes malicious software signatures.  A signatures defined in the art include, for example, CPU usage [see, for example, Farel et al., US Patent No. 6,792,393, col. 4, ln. 48-58].  Thus obtaining signatures from software data include obtaining metrics related to the software program [see para. 0024 of the instant application: CPU usage as a type of metric])
analyzing, by the NAND flash memory, the information related to the software program along with the metrics related to the software program to identify a security vulnerability in the computer system; and ([Olarig, para. 0031-0032] the received data [information] containing signatures [metrics] related to possible malicious software is assembled/analyzed by the memory to enable identification of malicious signatures [a security vulnerability] in the computer system 100)
providing, by the NAND flash memory, information related to the security vulnerability in the computer system to the BMC. ([Olarig, para. 0033] the memory by means of the eSSD may provide additional information to the BMC device, information to more efficiently perform a virus scan, such as the format of a malicious signature [information related to the security vulnerability])

As per claim 2, Olarig teaches claim 1.  
Olarig also teaches wherein the rule set includes a parameter to be determined for the software program.  ([Olarig, para. 0031] the BMC device determines whether the software signature scanned [a parameter to be determined for the software program] corresponds to a particular malicious signature [a rule in the rule set])

As per claim 4, Olarig teaches claim 1.  
Olarig also teaches generating an alert related to the security vulnerability in the computer system by the BMC. ([Olarig, para. 0017] once an infection [security vulnerability in the computer system] is determined, the BMC device generate a notification [generate an alert])

As per claim 5, Olarig teaches claim 4.  
Olarig also teaches providing the alert related to the security vulnerability in the computer system to a user. ([Olarig, para. 0017] the malware detected notification is sent to a system administrator [a user])

As per claim 11, Olarig teaches a system with a NAND flash memory that performs the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  

	As per claim 14, Olarig teaches a non-transitory machine-readable storage medium comprising instructions, the instructions executable by a processor ([Olarig, para. 0016] the instructions are implemented in programmable circuitry [memory] that stores instructions executed by an integrated circuit [processor]) that performs the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  


Olarig also teaches instructions to obtain the information related to the security vulnerability from the BMC. ([Olarig, para. 0032] the BMC device updates the database of virus signatures [information related to the security vulnerability].  [Fig. 2; para. 0024] The instructions for the BMC device is stored in the memory 115, and thus, the instructions for updating the database is stored in memory 115)

	As per claim 16, Olarig teaches claim 14.  
	Olarig also teaches wherein the computer system is part of a datacenter ([Olarig, para. 0024; Fig. 1] the system includes a management server that controls the BMC device that is used to control the eSSD server device in a plurality of eSSD server devices [or a datacenter].  The BMC device as a management device that allows a management server to control a server in a datacenter is commonly known in the art [see for example, Podgorsky et al., US Patent No. 10,489,142, col. 3, ln. 1-7: a management server uses REDFISH to request data from the BMC device; col. 2, ln. 5-10: REDFISH allows for management of server computers in a data center])

	As per claim 18, Olarig teaches claim 14.  
	Olarig also teaches wherein the software program includes a computer application.  ([Olarig, para. 0016] the software may be embodied as a software package [a computer application]) 

	As per claim 19, Olarig teaches claim 14.  
	Olarig also teaches wherein the scan is initiated by a user.  ([Olarig, para. 0023-0024] the BMC device scans data that is controlled by a management port though a management server that is operated [initiated] by an administrator [a user])

.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 6, 7, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Olarig as applied to claims 1-2, and 11 and further in view of Thakur (US Pub. 2014/0331326) (hereinafter “Thakur”).

As per claim 3, Olarig teaches claim 2.  
Olarig does not teach wherein the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  
However, Thakur teaches the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  ([Thakur, para. 0025] parameters for security vulnerabilities also include obsolete software versions [version of the software program], vulnerabilities in OS patches [patch applied to the software program], firewall vulnerabilities [a port related to the software program], protocol vulnerabilities [a protocol related to the software program], and service vulnerabilities)
such vulnerabilities allow an attacker to reduce a system’s security and it would be beneficial for such vulnerabilities to be detected by a scanner. (Thakur, para. 0024-0025)

As per claim 6, Olarig teaches claim 1.  
Olarig does not teach generating a report related to the security vulnerability in the computer system by the BMC.  
However, Thakur teaches generating a report related to the security vulnerability in the computer system by the BMC.  ([Thakur, para. 0029] the scanners may routinely scan and provide reports detailing risks [security vulnerabilities].  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Olarig above)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Thakur to include generating a report related to the security vulnerability in the computer system by the BMC.  One of ordinary skill in the art would have been motivated to make this modification because reports allow other entities of the system such as end users to perform further processing on security vulnerabilities such as end users to start an exception/suppression process, initiate a change in management/service, and other security activities. (Thakur, para. 0023-0024)


Olarig does not teach obtaining the report related to the security vulnerability in the computer system from the BMC. ([Thakur, para. 0029] the reports related to security vulnerabilities in the computer system are obtained from the scanner.  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Olarig above)
At the time of filing it would have been obvious for one of ordinary skill in the art to combine the teachings of Olarig and Thakur for the same reasons as disclosed above.

As per claim 12, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

Claims 8-10, 13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Olarig as applied to claims 1, 11, and 14 above and further in view of Liu et al. (US Pub. 2016/0217283) (hereinafter “Liu”).

As per claim 8, Olarig teaches claim 1.  
Olarig does not teach logging, via the NAND flash memory, into an operating system of the computer system; and scanning, by the NAND flash memory, the operating system of the computer system to obtain information related to the software program.
However, Liu teaches logging, via the NAND flash memory, into an operating system of the computer system; and ([Liu, para. 0017] a method for logging a firmware attack is taught.  The log is stored in memory firmware memory such as NVRAM [see para. 0009 – NVRAM is NAND memory].  [Para. 0014] the system hardware is for loading the operating system from the firmware memory, and so the log is generated into the operating system of the computer system 100)
and scanning, by the NAND flash memory, the operating system of the computer system to obtain information related to the software program.  ([Liu, para. 0010] the BCM implements an intelligent platform management interface [IPMI] to monitor [scanning using the NAND flash memory of the BCM as taught by Olarig above] of the computer system including processors, firmware, and the operating system of the computer system.  [Para. 0024] Monitoring results in logs of security/rule violations of software and firmware attacks [information related to the software program])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include logging, via the NAND flash memory, into an operating system of the computer system; and scanning, by the NAND flash memory, the operating system of the computer system to obtain information related to the software program.  One of ordinary skill in the art would have been motivated to make this modification because logging such information allows a system administrator to query information about malicious events and take actions necessary to mitigate further attacks. (Liu, para. 0010)

As per claim 9, Olarig teaches claim 8.  
Olarig also teaches scanning, by the NAND flash memory, a computer application present in the computer system to obtain information related to the computer application. ([Olarig, para. 0017] the BMC utilizes a buffer rolling window [NAND flash memory] to scan for malicious signatures [information] in the computer system.  The possible malicious signatures are signatures of computer software [related to the computer application]) 

As per claim 10, Olarig teaches claim 1.  

However, Liu teaches the scanning is performed automatically by the computer system.  ([Liu, para. 0010] the BMC that implements the IPMI autonomously scans/monitors the system)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include that the scanning is performed automatically by the computer system.  One of ordinary skill in the art would have been motivated to make this modification because by autonomously scanning and generating logs, an administrator can manage a system that may be powered off or otherwise unresponsive by means of a network connection and need not rely on manually checking security issues with in-band hardware/software. (Liu, para. 0010)

As per claim 13, Olarig teaches claim 11.  
Olarig does not explicitly teach wherein the NAND flash memory is an embedded NAND flash memory device.  (Examiner notes that embedded system is synonymous with computer system, and disclosed by Fig. 1, element 100 of Olarig)
However, Olarig teaches wherein the NAND flash memory is an embedded NAND flash memory device. ([Liu, para. 0027] the computer system 100 may be an embedded system storing instructions that are embedded, making the firmware memory an embedded NAND flash device)

As per claim 17, Olarig teaches claim 14.  
Olarig does not explicitly teach wherein the NAND flash memory is an embedded NAND flash memory device.  (Examiner notes that embedded system is synonymous with computer system, and disclosed by Fig. 1, element 100 of Olarig)
([Liu, para. 0027] the computer system 100 may be an embedded system storing instructions that are embedded, making the firmware memory an embedded NAND flash device)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include that the NAND flash memory is an embedded NAND flash memory device.  One of ordinary skill in the art would have been motivated to make this modification because an embedded memory allows use of the SPI bus for short distance communications between the memory and other components of the embedded device when the computer system is an embedded device (Liu, para. 0011)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Segal et al. (US Pub. 2019/0050234) discloses logic that measures components of a computing platform to ensure security of the system.  Fastabend et al. (US Pub. 2019/0004929) discloses a software condition evaluation apparatus/method that determines an operation status of software/application based on a measurement of the software/application.   Montgomery et al. (US Pub. 2009/0144332) discloses a management controller that measures/determines a signature of trusted software with obtained signature of the same software and takes action to prevent security issues related to such software based on the determination.   Yu, Zhilou, and H. Ji. "Notice of Retraction Research of IPMI Management Based on BMC SOC." International Conference on Management and Service Science IEEE, 2010: pg. 2-4 teaches a BMC with non-volatile storage memory, for example, NAND memory for use of remote monitoring of software that allows for alarm, logging and reports to be generated in a similar manner claimed in the instant application.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493