DETAILED ACTION
The following claims are pending in this office action: 1-20
The following claims are amended: -
The following claims are new: -
The following claim is cancelled: -
Claims 1-20 are rejected. This rejection is FINAL.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 02/04/2022 have been fully considered but are they are not persuasive.  The reasons are set forth below.
Applicant’s position is that Olarig does not teach “obtaining, by the NAND flash memory, metrics related to the software program via the BMS”.  Applicant explains: 
… Olarig simply discloses “The replica of the received Ethernet packets is written into a memory 114 (shown in FIG. 2) where it may be assembled into the received data.  The BMC 102 may scan the assembled data for malicious software to determine whether the received data contains any virus codes or malicious signatures at 305” … scanning of data to determine presence of virus codes or malicious signatures is categorically different from obtaining metrics related to the computer program … examples of the metrics related to the software program … “include CPU usage, memory usage, storage usage, and I/O usage related to software program”.  

	A claimed invention may be rejected under 35 U.S.C. 102 when the invention is anticipated (or is “not novel”) over a disclosure that is available as prior art.  To reject a claim as anticipated the disclosure must teach every element required by the claim under its broadest reasonable interpretation.  
The elements of the claim, under its broadest reasonable interpretation, cited by the applicant are taught by Olarig.  The main contention of the applicant is that Olarig does not teach “obtaining, by the NAND flash memory, metrics related to the computer program”.  Olarig teaches obtaining ethernet 
Obtaining malicious software, and malicious signatures of the malicious software is consistent with the broadest reasonable interpretation of “obtaining metrics related to the computer program”. As applicant explains, para. 0024 of the application describes the metrics includes CPU usage related to the software program.  Olarig teaches malicious signatures, which the Office Action equates to metrics.  Extrinsic evidence may be used to explain the meaning of terms and phrases used in the reference relied upon as anticipatory of the claimed subject matter.  See MPEP 2131.01, Section II.  The meaning of the phrase, malicious signatures, includes CPU usage related to the software program.  Computer system “signatures” are characteristic and repeatable system behaviors that occur in response to specific operational conditions.  See Farel et al., US Patent No. 6,792,393, col. 4, ln. 34-36.  Signatures may be dependent on (or consist of) a single parameter such as CPU Usage.   See Farel, col. 4, ln. 48-49.  An graphical representation of characteristic computer system behaviors representing a third signature where one of the behaviors is CPU Utilization (or usage) is shown on figure 2(e) of Farel.  See Farel, col.4, ln. 10-12; Fig. 2(e).  As a signature means includes characteristics including CPU usage, and metrics includes characteristics including CPU usage, the meaning of metrics, and signatures are identical.  Just as in re Baxter Travenol Labs., 952 F.2d 388, 21 USPQ2d 1281 (Fed. Cir. 1991), where a technical progress report was used to show blood bags to contain DEHP, here, Farel is used to show that the common meaning of the term signature includes the metric of CPU usage.  Thus, Olarig clearly teaches obtaining, 
As for independent claims 11 and 14, arguments similar to those set forth above in relation to claim 1 are presented, and so for similar reasons, the arguments are not persuasive, and the rejections are not withdrawn.  
As for dependent claims 2-10, 12-13, and 15-20, arguments similar to those set forth above in relation to independent claims 1, 11, and 14 are presented, and so for similar reasons, the arguments are not persuasive, and the rejections are not withdrawn.  
Claim Objections
Claim 7 is objected to because of the following informalities:
Claim 7 recites the limitation “the report” (claim 7, ln. 1). This lacks antecedent basis.  Examiner suggests replacing “the report” with “a report”.  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 4-5, 11, 14-16 and 18-20 are rejected under 35 USC § 102 (a)(1) as being anticipated by Olarig et al. (US Pub. 2018/0322285) (hereinafter “Olarig”). 

As per claim 1, Olarig teaches a method comprising scanning, ([Olarig, para. 0017] the BMC device utilizes a buffer rolling window [memory 115] to scan for any malicious signatures) via a NAND flash memory ([para. 0003; para. 0028] SSD Flash NAND as an embodiment of memory is taught) a computer system to obtain information related to a software program, ([Fig. 2; para. 0031] data [information] from potentially malicious software in computer system 100 is received; the data is received in memory 115) based on a rule set defined in a baseboard management controller (BMC) on the computer system; ([para. 0031] the memory 115 of the BMC on computer system 100 scans data for virus codes or malicious signatures.  [Para. 0032] the BMC device maintains the database of signatures and codes [a rule set as they are parameters to be determined for a software program – see para. 0022 of the instant application])
obtaining, by the NAND flash memory, metrics related to the software program via the BMC; ([Olarig, para. 0031] the received software data is written into memory 115, which includes malicious software signatures.  A signatures defined in the art include, for example, CPU usage [see, for example, Farel et al., US Patent No. 6,792,393, col. 4, ln. 48-58].  Thus obtaining signatures from software data include obtaining metrics related to the software program [see para. 0024 of the instant application: CPU usage as a type of metric])
analyzing, by the NAND flash memory, the information related to the software program along with the metrics related to the software program to identify a security vulnerability in the computer system; and ([Olarig, para. 0031-0032] the received data [information] containing signatures [metrics] related to possible malicious software is assembled/analyzed by the memory to enable identification of malicious signatures [a security vulnerability] in the computer system 100)
providing, by the NAND flash memory, information related to the security vulnerability in the computer system to the BMC. ([Olarig, para. 0033] the memory by means of the eSSD may provide additional information to the BMC device, information to more efficiently perform a virus scan, such as the format of a malicious signature [information related to the security vulnerability])

As per claim 2, Olarig teaches claim 1.  
([Olarig, para. 0031] the BMC device determines whether the software signature scanned [a parameter to be determined for the software program] corresponds to a particular malicious signature [a rule in the rule set])

As per claim 4, Olarig teaches claim 1.  
Olarig also teaches generating an alert related to the security vulnerability in the computer system by the BMC. ([Olarig, para. 0017] once an infection [security vulnerability in the computer system] is determined, the BMC device generate a notification [generate an alert])

As per claim 5, Olarig teaches claim 4.  
Olarig also teaches providing the alert related to the security vulnerability in the computer system to a user. ([Olarig, para. 0017] the malware detected notification is sent to a system administrator [a user])

As per claim 11, Olarig teaches a system with a NAND flash memory that performs the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  

	As per claim 14, Olarig teaches a non-transitory machine-readable storage medium comprising instructions, the instructions executable by a processor ([Olarig, para. 0016] the instructions are implemented in programmable circuitry [memory] that stores instructions executed by an integrated circuit [processor]) that performs the steps of the method of claim 1, has language that is identical or 

As per claim 15, Olarig teaches claim 14.  
Olarig also teaches instructions to obtain the information related to the security vulnerability from the BMC. ([Olarig, para. 0032] the BMC device updates the database of virus signatures [information related to the security vulnerability].  [Fig. 2; para. 0024] The instructions for the BMC device is stored in the memory 115, and thus, the instructions for updating the database is stored in memory 115)

	As per claim 16, Olarig teaches claim 14.  
	Olarig also teaches wherein the computer system is part of a datacenter ([Olarig, para. 0024; Fig. 1] the system includes a management server that controls the BMC device that is used to control the eSSD server device in a plurality of eSSD server devices [or a datacenter].  The BMC device as a management device that allows a management server to control a server in a datacenter is commonly known in the art [see for example, Podgorsky et al., US Patent No. 10,489,142, col. 3, ln. 1-7: a management server uses REDFISH to request data from the BMC device; col. 2, ln. 5-10: REDFISH allows for management of server computers in a data center])

	As per claim 18, Olarig teaches claim 14.  
	Olarig also teaches wherein the software program includes a computer application.  ([Olarig, para. 0016] the software may be embodied as a software package [a computer application]) 

	As per claim 19, Olarig teaches claim 14.  
([Olarig, para. 0023-0024] the BMC device scans data that is controlled by a management port though a management server that is operated [initiated] by an administrator [a user])

As per claim 20, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 6-7, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Olarig as applied to claims 1-2, and 11 and further in view of Thakur (US Pub. 2014/0331326) (hereinafter “Thakur”).

As per claim 3, Olarig teaches claim 2.  
Olarig does not clearly teach wherein the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  
However, Thakur teaches the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  ([Thakur, para. 0025] parameters for security vulnerabilities also include obsolete software versions [version of the software program], vulnerabilities in OS patches [patch applied to the software program], firewall vulnerabilities [a port related to the software program], protocol vulnerabilities [a protocol related to the software program], and service vulnerabilities)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Thakur to include the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  One of ordinary skill in the art would have been motivated to make this modification because such vulnerabilities allow an attacker to reduce a system’s security and it would be beneficial for such vulnerabilities to be detected by a scanner. (Thakur, para. 0024-0025)

As per claim 6, Olarig teaches claim 1.  
Olarig does not clearly teach generating a report related to the security vulnerability in the computer system by the BMC.  
However, Thakur teaches generating a report related to the security vulnerability in the computer system by the BMC.  ([Thakur, para. 0029] the scanners may routinely scan and provide reports detailing risks [security vulnerabilities].  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Olarig above)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Thakur to include generating a report related to the security vulnerability in the computer system by the BMC.  One reports allow other entities of the system such as end users to perform further processing on security vulnerabilities such as end users to start an exception/suppression process, initiate a change in management/service, and other security activities. (Thakur, para. 0023-0024)

As per claim 7, Olarig teaches claim 1.  
Olarig does not clearly teach obtaining the report related to the security vulnerability in the computer system from the BMC. ([Thakur, para. 0029] the reports related to security vulnerabilities in the computer system are obtained from the scanner.  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Olarig above)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Olarig and Thakur for the same reasons as disclosed above.

As per claim 12, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

Claims 8-10, 13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Olarig as applied to claims 1, 11, and 14 above and further in view of Liu et al. (US Pub. 2016/0217283) (hereinafter “Liu”).

As per claim 8, Olarig teaches claim 1.  

However, Liu teaches logging, via the NAND flash memory, into an operating system of the computer system; and ([Liu, para. 0017] a method for logging a firmware attack is taught.  The log is stored in memory firmware memory such as NVRAM [see para. 0009 – NVRAM is NAND memory].  [Para. 0014] the system hardware is for loading the operating system from the firmware memory, and so the log is generated into the operating system of the computer system 100)
and scanning, by the NAND flash memory, the operating system of the computer system to obtain information related to the software program.  ([Liu, para. 0010] the BCM implements an intelligent platform management interface [IPMI] to monitor [scanning using the NAND flash memory of the BCM as taught by Olarig above] of the computer system including processors, firmware, and the operating system of the computer system.  [Para. 0024] Monitoring results in logs of security/rule violations of software and firmware attacks [information related to the software program])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include logging, via the NAND flash memory, into an operating system of the computer system; and scanning, by the NAND flash memory, the operating system of the computer system to obtain information related to the software program.  One of ordinary skill in the art would have been motivated to make this modification because logging such information allows a system administrator to query information about malicious events and take actions necessary to mitigate further attacks. (Liu, para. 0010)

As per claim 9, Olarig teaches claim 8.  
([Olarig, para. 0017] the BMC utilizes a buffer rolling window [NAND flash memory] to scan for malicious signatures [information] in the computer system.  The possible malicious signatures are signatures of computer software [related to the computer application]) 

As per claim 10, Olarig teaches claim 1.  
Olarig does not clearly teach the scanning is performed automatically by the computer system.
However, Liu teaches the scanning is performed automatically by the computer system.  ([Liu, para. 0010] the BMC that implements the IPMI autonomously scans/monitors the system)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include that the scanning is performed automatically by the computer system.  One of ordinary skill in the art would have been motivated to make this modification because by autonomously scanning and generating logs, an administrator can manage a system that may be powered off or otherwise unresponsive by means of a network connection and need not rely on manually checking security issues with in-band hardware/software. (Liu, para. 0010)

As per claim 13, Olarig teaches claim 11.  
Olarig does not clearly teach wherein the NAND flash memory is an embedded NAND flash memory device.  (Examiner notes that embedded system is synonymous with computer system, and disclosed by Fig. 1, element 100 of Olarig)
([Liu, para. 0027] the computer system 100 may be an embedded system storing instructions that are embedded, making the firmware memory an embedded NAND flash device)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include that the NAND flash memory is an embedded NAND flash memory device.  One of ordinary skill in the art would have been motivated to make this modification because an embedded memory allows use of the SPI bus for short distance communications between the memory and other components of the embedded device when the computer system is an embedded device (Liu, para. 0011)

As per claim 17, Olarig teaches claim 14.  
Olarig does not clearly teach wherein the NAND flash memory is an embedded NAND flash memory device.  (Examiner notes that embedded system is synonymous with computer system, and disclosed by Fig. 1, element 100 of Olarig)
However, Olarig teaches wherein the NAND flash memory is an embedded NAND flash memory device. ([Liu, para. 0027] the computer system 100 may be an embedded system storing instructions that are embedded, making the firmware memory an embedded NAND flash device)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Olarig with the teachings of Liu to include that the NAND flash memory is an embedded NAND flash memory device.  One of ordinary skill in the art would have been motivated to make this modification because an embedded memory allows use of the SPI bus for short distance communications between the memory and other components of the embedded device when the computer system is an embedded device (Liu, para. 0011)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:Eno et al. (US Pub. 2018/0246763) discloses a baseboard management controller that collects the CPU usage state of a virtual computer [computer software].
Hu (US Pub. 20196/014681) teaches a BMC of a server device that monitors whether the device has sufficient resources (processor loading, memory usage, and/or storage usage)
Pino et al. (US Pub. 2019/0187909) discloses a baseboard management controller that collects and sends to an LMC statistical data including I/O performance of monitored software.   
Kant. "Data center evolution: A tutorial on state of the art, issues, and challenges." Computer Networks 53.17 (2009): pg. 2939-2965 describes BMC using SSD memory (including NAND/non-volatile flash memory) to measure metrics of various hardware and software elements to resolve performance problems, minimize power consumption and to determine security attacks.  
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493                                      

/Jeremy S Duffield/Primary Examiner, Art Unit 2498