DETAILED ACTION
 	Claims 2-16 and 19-20 are pending. This is in response to the application filed on December 19, 2019 which claims priority to a foreign application filed on Jun 20, 2017.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 2 is objected to because of the following informalities in the limitation:  storing said first and said second scanning rule comprising according to a s in at least one of said local device and a remote device.  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the device recites logic components to execute a process which will be interpreted as software per se. Software is not one of the four eligible subject matter.
Claim 16 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter by claiming a computer program.  The claim(s) 
Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the device recites logic components to execute a process which will be interpreted as software per se. Software is not one of the four eligible subject matter.
 	Claim 2 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) several steps to obtain a signature of vulnerability in a version of a computer program then assign a level of severity (e.g. indication of a defect). A set of rules are generated based on the signature, the level of severity and a level of trust. Then an alert is sent if found this version being used in a device. This judicial exception is not integrated into a practical application because assigning a level of severity and a level of trust and an alert is notified for a vulnerability is no more than mere instructions to apply the exception. These additional elements do not integrate the abstract idea into a practical application because they do not add meaningful limits on practicing the abstract idea. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements are insignificant extra-solution activity.
	Claims 3-14 are rejected because of dependency to claim 2.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 2-4, 7, 9, 12, 15-16 and 19-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by PG Pub 20170098087 (hereinafter Li)
 	Regarding claim 2, Li discloses a machine-implemented vulnerability detection method for a local electronic device in a system of electronic devices (par. [0005]), comprising: 
 	determining a distinguishing characteristic of at least one version of a computer program in a format as installed in usable form on at least one local electronic device to distinguish said at least one version of said computer program in said format from at least one further version of said computer program in said format (Fig.2, par. [0025]-
 	at least one of generating at a remote device and receiving at said local device at least one indication of a defect giving rise to vulnerability to malicious activity in a portion of at least one of code and data; 	determining that said portion is used by said at least one version (par. [0026] discloses the Scan application 108 may check whether the signature of XYZ.exe matches any known software elements populated in local repository 112. If there are any known vulnerabilities of XYZ.exe noted in local repository 112, they may be noted); 
 	maintaining a mapping between said at least one version of said computer program and said at least one indication (par. [0025]-[0026] discloses the unique identification may precisely identify the version, build of XYZ.exe, of which there may be many versions. The Scan application 108 may check whether the signature of XYZ.exe matches any known software elements populated in local repository with any known vulnerabilities the entries of local repository may be marked or indexed according to a hash, signature, or other identifier. Moreover, the vulnerabilities may be categorized or defined by a unique identifier); 
 	creating a first scanning rule comprising said distinguishing characteristic and said indication; creating a second scanning rule according to a level of trust for a scanner; storing said first and said second scanning rule comprising according to [[a s in]] at least one of said local device and a remote device (Fig. 3 and par. [0032]-[0039] disclose the policy manager, the system evaluation database and the security 
 	scanning according to said stored first scanning rule only portions of storage on said local device that are available according to said second scanning rule to detect instances of said distinguishing characteristic in at least one usable computer program in at least one of an installed state and a to-be-installed state thereon, the act of scanning being performed by at least one of said local device and said remote device (par. [0023] discloses the scan application look for signatures of software binaries that are defined in local repository. Such signatures may be imported from original sources, such as databases 138, 140. Scan application may search and scan software located on a given computer, desktop, smartphone, tablet, or other suitable electronic device. In some embodiments, scan application may search and scan a defined installation image that is to be installed); and 
 	responsive to a determination that said electronic device has an installed instance of said at least one version of said computer program according to said distinguishing characteristic of said first scanning rule, emitting an alert signal indicating that said electronic device is vulnerable to said malicious activity according to said indication (par. [0032] discloses the scan application reports vulnerabilities to other parts of system for corrective action or reporting).  	Regarding claim 3, Li discloses said determining a distinguishing characteristic comprising finding at least one of a clear text instance of a version indicator, an encoding of a version indicator, and a sequence of symbols unique to at least one of said version and a range of versions (par. [0025]).  	Regarding claim 4, Li discloses said indication of a defect comprising an indication of an exploitable program data construct (par. [0019] discloses vulnerability including security related software flaws and misconfigurations). 

 	Regarding claim 7, Li discloses maintaining a mapping in at least one of local volatile storage, local non-volatile storage, remote volatile storage and remote non-volatile storage (See Fig. 1 for various database and both local and server repository). 

 	Regarding claim 9, Li discloses said format as installed in usable form comprising at least one of a compiled object format, a compiled and linked object format and a compiled, linked and loaded object format (see claim1 rejection for XYZ.exe). 	Regarding claim 12, Li discloses responsive to said alert signal, performing an automated mitigation action (par. [0042] discloses the corrective action to fix XYZ.exe is  
Regarding claims 15-16, the claims are rejected in view of claim 1 rejection. 	Regarding claim 19, Li discloses scanning device having logic components adapted to receive a list of vulnerability indicators or signatures for assessing a vulnerability of an electronic device in a system of electronic devices, the scanning device comprising 
 	scanning logic to scan the system for presence of a distinguishing characteristic of at least one version of a computer program as installed in a usable format to distinguish said at least one version of the computer program in the format from at least one further version of the computer program in the format;
 	 determining logic to determine that the portion of at least one of code and data is used by the at least one version of the computer program; and responsive logic to determine that an electronic device has at least one installed instance of said at least one version of said computer program, indicator logic to indicate with at least one vulnerability indicator that the electronic device is vulnerable to said malicious activity; and 
 	output logic to output an alert to either an operator or to an automated system. 
See claim 1 rejection. 	Regarding claim 20, Li discloses a machine-implemented method of generating a set of data assessing a vulnerability of an electronic device in a system of electronic devices, the method comprising 
 	scanning the system for presence of a distinguishing characteristic of at least one version of a computer program as installed in a usable format to distinguish said at least one version of the computer program in the format from at least one further version of the computer program in the format; 
 	determining that the portion of at least one of code and data is used by the at least one version of the computer program; and determining that an electronic device has at least one installed instance of said at least one version of said computer program, indicating with at least one vulnerability indicator that the electronic device is vulnerable to said malicious activity; and 
 	outputting an alert to either an operator or to an automated system.
 	See claim 1 rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Li in view of PG Pub 20150213260 (herein after Park)
 	Regarding claim 5, Li, as presented above, discloses detecting vulnerability including security related software flaws but does not discuss to a detail level such as said exploitable program data construct comprising a stack. Park discloses detecting vulnerability by inspecting call stack return address (Summary, and par. [0075]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Li with Park to further teach the claimed feature. One would have done so to further cover more aspect of detection by including behavior-based diagnosis rather than just signature-based diagnosis using hooking function (Park, par. [0011]-[0012]). 	Regarding claim 6, Park discloses said at least one of code and data comprising at least one of an object, a local code procedure, a remote called procedure, a data definition for defining a portion of a memory, and a cryptographic key structure (Summary section and Fig. 11 discloses inspecting erroneous function call execution in the whole area of memory.  	
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Li in view of PG Pub 20170048259 (hereinafter Dodge) 	Regarding claim 8, Li does not disclose said level of trust comprising one of an access control level in an access control hierarchy, a memory privilege key, and an administrator permission level above a user permission level. Dodge discloses an application is inspected for malware when transferring from one high side domain (e.g. administrator of a IT network domain) to another where permissions and trust level applied since one domain has a more secure network infrastructure, higher level of content clearance, and/or higher level of security requirements that the other low side domain (e.g. user domain) (Fig. 1, par. [0008]-[0021]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Li with Dodge to further teach the claimed feature. One would have done so to prevent improper transfer of information through error or under the control of threat actors to broach information assurance controls or security (Dodge). 	Claims 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Li in view of PG Pub 20190104415 (hereinafter Gehrmann) 	Regarding claim 10, Li discloses scanning on a client device for vulnerability but does not say said local electronic device comprising an Internet of Things device. Gehrmann discloses vulnerability detection can also apply to Iot devices (par. [0029]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Li with Gehrmann to further teach the claimed feature. One would have done so to arrive at the claimed feature by incorporating known vulnerability detection application with benefits taught by Gehrmann with reasonable expectation for success.
said remote electronic device comprising at least one of an Internet of Things deployment device and an Internet of Things management server device (par. [0002] discloses IoT devices perform security critical tasks in systems for industry process control, building automation, power control, and healthcare. This teaches Gehrmann’s Iot devices are as deployment devices but not user device (e.g. said local device)). 
Claim  13 is rejected under 35 U.S.C. 103 as being unpatentable over Li in view of PG Pub 20180097695 (hereinafter Bender) 	Regarding claim 13, Li does not disclose said performing an automated mitigation action comprising isolating said electronic device from communication with a remainder of said system of electronic devices. Bender discloses if vulnerabilities are detected in an IoT device which will not meet the user's requirements then the device will be disabled (par. [0020] and [0029]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Li with Bender to further teach the claimed feature. One would have done so to monitor the registered devices to provide additional input during the active life of the IoT device that is being rented or purchased by a user among other benefits as disclosed by Bender.
Claim  14 is rejected under 35 U.S.C. 103 as being unpatentable over Li in view of PG Pub 20170220808 (hereinafter Schmidt) 	Regarding claim 14, Li does not disclose said scanning further comprises reversal of relocation effects on said at least one of code and data. Schmidt discloses if .
Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 

/TRI M TRAN/Primary Examiner, Art Unit 2432