DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Applicant(s) Response to Official Action
The response filed on 8/15/2022 has been entered and made of record.  

Response to Amendment/Remarks
In the response filed Claims 2-3, 5-8, 10-12, and 14-21 were amended.  Claims 1, 4, 9, and 13 were canceled.  Claims 2-3, 5-8, 10-12, and 14-21 were presented for examination.  

Applicants’ amendments/arguments overcome the prior art of record; the rejections of the claims under AIA  35 U.S.C. 103; and are persuasive.  Accordingly, said rejections are withdrawn.  Examiner further articulates the differences between the prior art and in allowed claims in the examiners reason for allowance below. 

Allowable Subject Matter
Claims 2-3, 5-8, 10-12, and 14-21 are allowed.  

The following is an Examiner's statement of reasons for allowance:

The independent claims generally describe various similarly linked methods to check firmware code for malware.  Various examples have been found in the art describe aspects of the claimed invention.  Jha et al. (US 2006/0280150 A1) ¶ 42 teaches firmware verification module that generates a verification test result which is an outcome of a test interval.  Jha, Fig. 1, ¶ 27-28, Firmware Verification Module is distinct from firmware and the it interacts with remote firmware management module for testing the firmware of the device.  Jha, ¶ 50-52, a log is created for the firmware verification at particular times or predetermined intervals and includes information about the device.  Jha, ¶ 48, and 63-66 the results are compared with predetermined CRC values to determine if the firmware is compromised.  
Jha does not, but in related art, Avisror et al. (US 2019/0294536 A1) ¶ 78-79 teaches applying timestamps to code testing.  Avisror, ¶ 82, 84-87, 90, and 95-96 teaches correlating the various tests using time stamp information to determine risk values for various pieces of code.    
Jha in view of Avisror does not, but in related art, Clark (US 2019/0129511 A1) ¶ 18 teaches allowed and not allowed inputs in a BIOS system being evaluated in a configuration platform.
Similarly, Jha does not, but in related art, Ofek et al. (US 2019/0303585 A1) ¶ 114, teaches SIEM system that monitors events during runtime.  Ofek ¶ 39, firmware is part of the protected code.  Ofek, ¶ 106, and 118-123 micro-functional fixes are hooked into code and activated to protect code from abnormal events.
However, regarding independent claim 5, the cited prior art does not teach, “wherein a timestamp of the at least one event correspond to timestamps of the one or more test instances, wherein said correlating comprises associating the test name with the at least one event and with the testing results, wherein, based on said associating, performing an analysis of the test name to determine normal and abnormal behaviors of the device during tests associated with the test name”.  Regarding claim 6, the cited prior art does not teach, “detecting normal and abnormal behaviors associated with different events of the test name; determining a baseline of abnormal behavior based on said detecting; and determining the one or more vulnerabilities based on the baseline and based on said correlating”.  Regarding, claims 7, 10-12, and 17, the cited prior art, does not teach, “associating the test type to testing results of the one or more test instances and to one or more events in the log, wherein the one or more events correspond to timestamps of the one or more test instances, detecting normal and abnormal behaviors associated with the test type, and determining the one or more vulnerabilities based on the normal and the abnormal behavior”.  Regarding claim 18, the cited prior does not teach, “determining that the real time event was not specified in the indications from the testing agent; and reporting the real time event to enable a discovery of a new vulnerability in the firmware”.  Regarding claims 19 and 20, the cited prior art does not teach, “after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events”.  Regarding claim 21, the cited prior art does not teach, “correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; load to the RAM unit, a modified version of the firmware, wherein the modified version of the firmware is a computer executable program that comprises the testing agent; and boot the modified version of the firmware, whereby executing the testing agent”. 
Hence, while various art tangentially discusses aspects of the claimed invention none of the prior individually or in reasonable combination discloses the claimed invention.  
Dependent claims being dependent on their respective independent claims are therefore allowed under the same rationale.

Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments to Statement of Reasons for Allowance.”  

Additionally, the closest prior art has been supplied in the record.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507.  The examiner can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-273-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.  



/STEPHEN T GUNDRY/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435