DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 

Double Patenting
Claims 1-4, 7-10 and 13-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,944,770. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application represent a modest broadening and rearrangement of the subject matter of the claims of the ‘770 Patent, and on that basis the ’770 Patent anticipates the instant application.
As to claim 1, the ‘770 Patent discloses a method for protecting a server against attacks comprising (Claim 7: A method for protecting against attacks to web files hosted on a web server comprising): 
performing a plurality of monitoring tasks by a service processor, the service processor being hosted by a baseboard management controller (BMC) and independent of a central processing unit (CPU) of the server, the plurality of monitoring tasks comprising (Claim 7: performing a plurality of monitoring tasks by a service processor, 
receiving a plurality of incoming packets at the server (Claim 7: receiving a plurality of packets forming access requests made to the web files); and 
performing a deep packet analysis on at least a subset of the packets (Implicit in claim 7, given that claim 7 of the ‘770 Patent performs all of the stated function) , the deep packet analysis comprising: 
maintaining state information about the packets, the state information comprising timestamps indicating when the packets arrived (Claim 7: updating a learning block with information about each suspicious packet, the information comprising a signature associated with the suspicious packet, a source IP address associated with the suspicious packet, and a time indicating when the suspicious packet arrived); 
examining the state information to identify an order in which the packets arrived (Claim 7: analyzing the suspicious packet in conjunction with other packets previously determined to be suspicious, the analyzing comprising: rearranging an order in which the suspicious packet and the other suspicious packets arrived to form a new arrival sequence of the suspicious packets); 
reassembling the packets into a new arrival sequence that is different from the order in which the packets arrived (Claim 7: analyzing the suspicious packet in conjunction with other packets previously determined to be suspicious, the analyzing comprising: rearranging an order in which the suspicious packet and the other suspicious packets arrived to form a new arrival sequence of the suspicious packets); 

upon the new arrival sequence matching an attack pattern, adding source Internet Protocol (IP) addresses associated with the packets to a blacklist (Claim 7: upon the new arrival sequence of the suspicious packets matching an attack pattern, adding source IP addresses associated with the suspicious packets matching the attack pattern to the blacklist).  
As to claim 2, the ‘770 Patent discloses the method of claim 1 further comprising: decoding header information associated with the plurality of incoming packets; checking the header information against a whitelist and the blacklist; when the header information matches with the whitelist, passing the packet; when the header information matches with the blacklist, dropping the packet; and when the header information does not match with the whitelist and the blacklist, performing the deep packet analysis Claim 7: determining that a packet is suspicious when a source Internet Protocol (IP) address associated with the packet is not on a whitelist or a blacklist; updating a learning block with information about each suspicious packet;  the elements about passing packets on the white list and blocking those on the blacklist are implied in Claim 7 as the ordinary and usual operations of the white and black lists). 
As to claim 3, the ‘770 Patent discloses the method of claim 1 wherein the plurality of monitoring tasks comprise: maintaining an original copy of web files hosted by the server in a shared storage space accessible by the service processor; and periodically checking the web files hosted by the server against the original copy of the 
As to claim 4, the ‘770 Patent discloses the method of claim 1 wherein the plurality of monitoring tasks comprise: periodically copying access logs to web files hosted by the server to a shared storage space accessible by the service processor; scanning the access logs copied to the shared storage space for access requests indicating an attack; and adding a source IP address associated with the access requests indicating an attack to the blacklist (Clam 10: The method of claim 7 wherein the plurality of monitoring tasks comprise: requesting, by the service processor, that logs associated with the web files be copied to a shared storage accessible by the service processor and host CPU, the logs comprising entries storing access requests made to the web files; comparing the access requests against a database of attack patterns; and generating an alert notification upon detecting that an access request matches an attack pattern).  
Claims 7-10 recite a system commensurate in scope to the method of claims 1-4 and are thus rejected under a substantially similar rationale in view of claims 1-6 of the ‘770 Patent.
Claims 13-16 recite a system commensurate in scope to the method of claims 1-4 and are thus rejected under a substantially similar rationale in view of claims 13-18 of the ‘770 Patent.

Claims 5, 11, and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,944,770 in view of U.S. Patent Application Publication no. 2-15/037038 by Blackwell. 
As to claims 5, 11 and 17, the ’770 Patent discloses all recited elements of claims 1, 7 and 13 from which claims 5, 11 and 17 depend.
The ‘770 Patent does not expressly disclose wherein the service processor is associated with a network out- of-band from a network associated with the CPU of the server.  
Blackwell discloses wherein the service processor is associated with a network out- of-band from a network associated with the CPU of the server (Blackwell: Page 1, Sec 10 and Page 2, Sec 16; service processor located on OOB network separate from the server).  
The ’770 Patent and Blackwell are analogous art because they are from the common area of network security.
It would have been obvious to one of ordinary skill, at or before the effective filingh date of the instant application, to use the OOB network of Blackwell in the system Blackwell: Page 1, Sec 10).

Allowable Subject Matter
Claims 6, 12 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter:  None of the art of record discloses, individually or in reasonable combination, having the service processor of a system in a lower trust level than the CPU of the server, in a system where the service processor monitors the server to protect it from attacks, as discloses in the independent claims.


Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Application Publication No. 2005/0114700 by Barrie et al. discloses data processing for network systems
U.S. Patent Application Publication No. 2006/0048228 by Takemori et al. discloses security in a network system
U.S. Patent Application Publication No. 2008/0052774 by Chesla et al. discloses dynamic network protection
U.S. Patent Application Publication No. 2012/0084423 by McGleenon discloses steering in a data network
U.S. Patent Application Publication No. 2013/0312082 by Izu et al. discloses determining invalid data packets in a network
U.S. Patent Application Publication No. 2015/0089625 by Swanson et al. discloses a network access control manager
U.S. Patent Application Publication No. 2015/0128246 by Feghali et al. discloses redirecting network attacks
U.S. Patent Application Publication No. 2016/0308886 by Lee et al. discloses preventing network attacks on BMC devices
U.S. Patent Application Publication No. 2017/0163670 by Manadhata et al. discloses packet logging

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MICHAEL S. MCNALLY
Primary Examiner
Art Unit 2432



/Michael S McNally/Primary Examiner, Art Unit 2432