Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant’s arguments, with respect to the rejection(s) of claim(s) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Bhatia US 2020/0134184, and Van Heuklon US 2020/03100779


Claim Rejections - 35 USC § 103


The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 6, 7, 9, 10, 11, 13-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhatia US 2020/0134184 in view of Van Heuklon US 2020/0310779
As per claims 1, 15, 18. Bhatia teaches A computer-implemented method comprising: generating one or more control state configuration profiles for one or more hardware components of at least one out-of-band server management controller, wherein each control state configuration profile comprises configuration state information; collecting data from the at least one out-of-band management controller via one or more interfaces; analyzing the collected data by comparing the collected data to the one or more control state configuration profiles and applying at least one rule-based engine to the collected data; and generating an output comprising a notification of one or more security vulnerabilities associated with the at least one out-of-band server management controller based at least in part on the analyzing of the collected data, wherein the output is to be utilized in connection with one or more security-related actions on at least a portion of at least one server; wherein the method is performed by at least one processing device comprising a processor coupled to a memory.  [0003][0032]-[0039]
(teaches that the baseboard management controller includes out of band, and utilizing a security vulnerability analyzer to determine the control state, or firmware ID, and determining security vulnerabilities to be patched with a new firmware, outputting a report and patching the BMC) 
Van Heuklon teaches control state configuration profiles for hardware components including at least one out of band server management controller, which includes hardware component identification information and configuration state information that the profile contains hardware component identification information and configuration state information. [0027][0037]-[0039] (compliance policies for hardware components including at least one out of band server management controller, which includes hardware type and model identifier, and firmware version) 
It would have been obvious to use the hardware identification of Van Heuklon with the system of Bhatia because it ensures hardware software compatibility.
As per claim 4. Van Heuklon teaches the computer-implemented method of claim 1, wherein the one or more security vulnerabilities comprise at least one of a firmware attack, a signature failure, a pre-boot configuration error, a firmware compliance issue, and a driver compliance issue. [0038] (firmware compliance)As per claim 6. Bhatia teaches the computer-implemented method of claim 1, wherein the at least one out-of-band server management controller is embedded within the at least one server. [0004]
As per claim 7. Van Heuklon teaches the computer-implemented method of claim 1, wherein generating the one or more control state configuration profiles is based at least in part on information derived from one or more additional servers. [0027][0037][0038] (firmware policies)As per claims 9, 16, 19. Bhatia teaches The computer-implemented method of claim 1, wherein the configuration state information comprises at least one of firmware version information, update information, and dependency information. [0032]-[0039]As per claim 10. Van Heuklon teaches the computer-implemented method of claim 1, further comprising: updating the one or more control state configuration profiles subsequent to an update to at least a portion of the one or more hardware components of the at least one out-of-band server management controller.  [0038]-[0040] (updating profiles/compliance policies including with new firmware updates, and test/production update identifiers)As per claims 11, 17, 20  Bhatia teaches  The computer-implemented method of claim 1, wherein collecting the data from the at least one out-of-band management controller comprises collecting data pertaining to at least one of firmware-related activity from the at least one out-of-band management controller and hardware-related activity from the at least one out-of-band management controller. [0032]-[0039]As per claim 13. Bhatia teaches the computer-implemented method of claim 1, wherein the one or more security vulnerabilities associated with the at least one out-of-band server management controller comprise one or more security vulnerabilities attributed to one or more end-user devices within the at least one server linked to the at least one out-of-band server management controller. [0032] (remote device)As per claim 14. Bhatia teaches the computer-implemented method of claim 1, further comprising: transmitting the output, via at least one interface, to one or more security-related entities associated with the at least one server. [0038] [0039] (report)

Claims 2, 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhatia US 2020/0134184 in view of Van Heuklon US 2020/0310779 in view of Kumer Ujjwal US 2019/0363894

As per claim 2.  Kumer Ujjwal the computer-implemented method of claim 1, wherein the one or more control state configuration profiles comprise one or more control state configuration profiles specific to one or more original equipment manufacturer platform hardware components. [0033] (OEM security profile and policies)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the specific profile of Kumer because it is more tailored to specific hardware.As per claim 3. Kumer Ujjwal teaches the computer-implemented method of claim 1, wherein the at least one rule-based engine comprises at least one set of original equipment manufacturer-agnostic security policies for monitoring and analyzing one or more hardware security-related issues. [0065] (agnostic profile and policies)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the agnostic profile of Kumer because it is more widely compatible.

Claims 5, 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhatia US 2020/0134184 in view of Van Heuklon US 2020/0310779 in view of Findlay US 20170346846

As per claim 5. Findlay teaches the computer-implemented method of claim 1, further comprising: providing the output to one or more enterprise security information event management tools. [0242]- [0251] (enterprise security system)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the enterprise security of Findlay with the previous art because it would increase the security of the enterprise system.

As per claim 12. Findlay teaches the computer-implemented method of claim 1, wherein collecting the data from the at least one out-of-band management controller is carried out by at least one enterprise endpoint security system. [0242]- [0251] (enterprise security system)

Claims 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhatia US 2020/0134184 in view of Van Heuklon US 2020/0310779in view of Brandyberry US 2008/0270827

As per claim 8. Brandyberry teaches the computer-implemented method of claim 1, wherein the at least one server comprises at least one high performance computing server. [0007] (high performance enterprise server)
It would have been obvious to one of ordinary skill in the art to use the high performance sever of Brandyberry with the previous system because it is well known and improves performance.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439