DETAILED ACTION
The following claims are pending in this office action: 1-20
The following claims are amended: 1, 7-8, 11 and 14
The following claims are new: -
The following claim is cancelled: -
Claims 1-20 are rejected. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/31/2022 has been entered.
Previous Objections and Rejections Withdrawn
The objection to claim 7 is withdrawn based on the amendments. 
The 35 USC § 102(a)(1) rejections to claims 1-2, 4-5, 11, 14-16 and 18-20 are withdrawn in light of Applicant’s amendments and persuasive arguments, but stand newly rejected in view of Roy et al. (US Pub. 2020/0137084) in view of Olarig et al. (US Pub. 2018/0322285) under 35 USC § 103.  
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 05/31/2022 have been fully considered but are moot in view of new grounds of rejection.   
Applicant notes: “Olarig looks for incoming viruses which are external, incoming active threats to the host system, and the claims recite identifying internal weaknesses that can be exploited”.  Although Examiner respectfully disagrees with Applicant’s characterization that a virus is necessarily an incoming active threat, for the sake of compact prosecution, claim 1 has been mapped to Roy et al. (US Pub. 2020/0137084) in view of Olarig below.  Roy discloses a “security monitoring module… to detect vulnerabilities”.  See para. 0054.  “Vulnerabilities … may be caused by a mistake that a developer made when writing the original code”.  See para. 0033. Claims 11 and 14 are amended in a similar way to claim 1 and are also mapped to Roy et al. (US Pub. 2020/0137084) in view of Olarig below and rejected accordingly.  
Dependent claims 3, 6-7, 12, and 15 depend on independent claims 1, 11 and 14.  For the same reasons as above, Roy et al. (US Pub. 2020/0137084) in view of Olarig and Thankur discloses the software versions and patches described, and so any additional features to the dependent claims are rejected accordingly.
Dependent claims 8-10, and 17 has been remapped to Roy et al. (US Pub. 2020/0137084) in view of Olarig.  Although Examiner respectfully disagrees with Applicant’s view of the broadest reasonable interpretation of “logging” in view of the specification, for the sake of compact prosecution, Applicant’s meaning of the term “logging” is mapped to be disclosed by Roy, and so any additional features to the dependent claims are rejected accordingly.  
As for dependent claims 2, 4-5, 13 and 16, and 18-20 the amended and argued features are described by Roy et al. (US Pub. 2020/0137084), and so any additional features to the dependent claims are rejected in in view of Olarig (claims 2, 4-5, 16, and 18-20) or in view of Olarig and further in view of Liu (claim 13) accordingly.  
Claim Objections
Claim 8 is objected to because of the following informalities:
Claim 8 recites the limitation “information related to the software program” (claim 8, ln. 5).  Examiner recommends “the information related to the software program” so that the limitation is consistent to language used throughout.  For example, see claim 1, ln. 7-8.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-5, 8-11, 14, 16, and 17, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Roy (US Pub. 2020/0137084) (hereinafter “Roy”) in view of Olarig et al. (US Pub. 2018/0322285) (hereinafter “Olarig”).

As per claim 1, Roy teaches a method, comprising: scanning a computer system to obtain information related to a software program, ([Roy, Fig. 1] the security monitoring module 160 exists in host server 110 [a computer system]; [para. 0054] “The security monitoring module…  responsible for security monitoring tasks such as scanning… access logs [information] associated [related] with the web page files [a software program]”; [para. 0030] “in an embodiment, the storage include web files such as web pages and files 152… binaries [a software program] required to run the web server”) based on a rule set defined in a baseboard management controller ([para. 0054] “rules … are inside the service processor”) (BMC) on the computer system; ([Fig. 1] the security monitoring module and service processor exist inside the BMC which is on the computer system)
obtaining, by the NAND flash memory, metrics related to the software program via the BMC; ([Roy, 0054] “The security monitoring module…  responsible for security monitoring tasks such as scanning web files such as web pages to detect changes”; [para. 0080] “the web files are copied to the shared storage and compared… to detect any changes; changes may include the addition of a new function to the code”; an addition to the file stored is a metric according to the BRI of metric – see para. 0024 of the instant application [“examples of the metrics… include…. storage usage”])
analyzing, by the NAND flash memory, the information related to the software program along with the metrics related to the software program to identify a security vulnerability ([Roy, para. 0082] “The continuous checking [obtaining] of the web files [software program] for changes [metrics] and scanning of the logs [information related to the software program] allows the analytics block [analyze] to learn [identify] attack [security vulnerability]”) that is an exploit in the computer system that may be used to perform an unauthorized action within the computer system; and ([para. 0090] “the hacker is attempting to add [perform] additional parameters to the function [an unauthorized action] …This exploit [an exploit in the computer system] may be found”)
providing information related to the security vulnerability in the computer system to the BMC. ([Roy, para. 0082] “the continuous checking… and scanning… learn attack patterns [information related to the security vulnerability] to the update [provide] the learning DB [the BMC] accordingly; [para. 0062] “service processor… includes…. a learning database”; [Fig. 1] the BMC contains the service processor which contains the learning database)
Roy does not clearly teach via/by the NAND flash memory ([Roy, para. 0020] “embodiments can be implemented in numerous ways, including as a …  computer-readable medium … For example, the computer-readable storage medium or computer-usable medium may be, but is not limited to… flash memory”)
However, Olarig teaches that the instructions are performed via/by the NAND flash memory.  ([Olarig, para. 0081] “the information processing system 400 according to the disclosed subject matter may further include a non-volatile memory 430 … a NAND or flash memory”; [para. 0013] “the non-volatile memory (NVM) may be configured to store data and manage the execution of a task”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Roy with the teachings of Olarig to include that the instructions are performed via/by the NAND flash memory.  One of ordinary skill in the art would have been motivated to make this modification because non-volatile NAND flash memory capitalizes on the internal parallelism of flash-based storage devices, allowing for mirroring the parallelism of contemporary CPUs, platforms, and applications, thereby providing benefits of lower latency and faster media. (Olarig, para. 0007)

As per claim 2, Roy in view of Olarig teaches claim 1.  
Roy also teaches wherein the rule set includes a parameter to be determined for the software program.  ([Roy, para. 0078] an access request [information related to the software, based on the ruleset – see above] may be reviewed [scanned] to determine … parameters used in [for] script code [software])

As per claim 4, Roy in view of Olarig teaches claim 1.  
Roy also teaches generating an alert related to the security vulnerability in the computer system by the BMC. ([Roy, para. 0054-0055] “The security monitoring module [BMC – see above] includes… taking actions based on discovery of an attack [related to the security vulnerability in the computer system]”; “Actions may include … generating alerts and notifications”)

As per claim 5, Roy in view of Olarig teaches claim 4.  
Roy also teaches providing the alert related to the security vulnerability in the computer system to a user. ([Roy, para. 0055] “Actions may include … generating alerts and notifications for an administrator [to a user]”)

As per claim 8, Roy in view of Olarig teaches claim 1.  
Roy also teaches logging into an operating system of the computer system; and ([Roy, para. 0048] “a system administrator to monitor … servers [host server/the computer system]… by remote control [logging into]”; [para. 0051] “the … BMC … may have access to [into] the host operating system”)
scanning, the operating system of the computer system to obtain information related to the software program.  ([Roy, para. 0046] “systems and techniques are provided for an out-of-band method of scanning the web server files”; [para. 0030] “web files such as … binaries required to run the web server”;  [para. 0138] an operating system [binary] is required to run the host server)
Roy does not clearly teach via/with the NAND flash memory
However, Olarig teaches that the instructions are performed via/with the NAND flash memory.  ([Olarig, para. 0081] “the information processing system 400 according to the disclosed subject matter may further include a non-volatile memory 430 … a NAND or flash memory”; [para. 0013] “the non-volatile memory (NVM) may be configured to store data and manage the execution of a task”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Roy with the teachings of Olarig to include that the instructions are performed via/with the NAND flash memory.  One of ordinary skill in the art would have been motivated to make this modification because non-volatile NAND flash memory capitalizes on the internal parallelism of flash-based storage devices, allowing for mirroring the parallelism of contemporary CPUs, platforms, and applications, thereby providing benefits of lower latency and faster media. (Olarig, para. 0007)

As per claim 9, Roy in view of Olarig teaches claim 8.  
Roy also teaches scanning a computer application present in the computer system to obtain information related to the computer application. ([Roy, para. 0054] “The security monitoring module…  is responsible for … scanning web files [computer application – see para. 0030: web files include binaries required to run the server; a number of web computer applications as binaries are also named] … to detect changes indicating the web page files may have been compromised [information related to the computer application]”)
Roy does not clearly teach by the NAND flash memory ([Roy, para. 0020] “embodiments can be implemented in numerous ways, including as a …  computer-readable medium … For example, the computer-readable storage medium or computer-usable medium may be, but is not limited to… flash memory”)
However, Olarig teaches that the instructions are performed by the NAND flash memory.  ([Olarig, para. 0081] “the information processing system 400 according to the disclosed subject matter may further include a non-volatile memory 430 … a NAND or flash memory”; [para. 0013] “the non-volatile memory (NVM) may be configured to store data and manage the execution of a task”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Roy with the teachings of Olarig to include that the instructions are performed by the NAND flash memory.  One of ordinary skill in the art would have been motivated to make this modification because non-volatile NAND flash memory capitalizes on the internal parallelism of flash-based storage devices, allowing for mirroring the parallelism of contemporary CPUs, platforms, and applications, thereby providing benefits of lower latency and faster media. (Olarig, para. 0007)

As per claim 10, Roy in view of Olarig teaches claim 1.  
Roy also teaches the scanning is performed automatically by the computer system.  ([Roy, para. 0091] “a flow for automating vector pattern analysis [scanning – see para. 0054] is based on a passive automated mode of operation”)

As per claim 11, Roy teaches a system. ([Roy, para. 0020] “described embodiments can be implemented … as … a system”)
The system performs the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  

	As per claim 14, Roy teaches a non-transitory machine-readable storage medium comprising instructions, the instructions executable by a processor ([Roy, para. 0020] “described embodiments can be implemented … as … a [non-transitory – see para. 0126] computer-readable medium … containing computer-readable instructions ”)
The non-transitory machine-readable storage medium performs the steps of the method of claim 1, has language that is identical or substantially similar to the method of claim 1, and thus is rejected with the same rational applied against claim 1.  

	As per claim 16, Roy in view of Olarig teaches claim 14.  
	Roy also teaches wherein the computer system is part of a datacenter ([Roy, para. 0060] “In a specific embodiment, systems … are provided for a server having a built-in out-of-band security monitoring module … in a data center”)

	As per claim 17, Roy in view of Olarig teaches claim 14.  
	Roy also teaches wherein the software program includes an operating system ([Roy, para. 0030] “web files such as … binaries [software program] required to run the web server”; [para. 0138] an operating system [binary] is required to run the host server)

	As per claim 18, Roy in view of Olarig teaches claim 14.  
	Roy also teaches wherein the software program includes a computer application.  ([Roy, para. 0030] “Examples of web applications include an e-commerce application, banking application, airline reservation application, customer relationship management (CRM) application, and many others” [computer applications])

	As per claim 19, Roy in view of Olarig teaches claim 14.  
	Roy also teaches wherein the scan is initiated by a user.  ([Roy, para. 0079] “the administrator user may configure scanning to occur”)

As per claim 20, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

Claims 3, 6-7, 12, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Roy in view of Olarig as applied to claims 1-2, 11, and 14 above and further in view of Thakur (US Pub. 2014/0331326) (hereinafter “Thakur”).

As per claim 3, Roy in view of Olarig teaches claim 2.  
Roy in view of Olarig does not clearly teach wherein the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  
However, Thakur teaches the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  ([Thakur, para. 0025] parameters for security vulnerabilities also include obsolete software versions [version of the software program], vulnerabilities in OS patches [patch applied to the software program], firewall vulnerabilities [a port related to the software program], protocol vulnerabilities [a protocol related to the software program], and service vulnerabilities)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Roy in view of Olarig with the teachings of Thakur to include the parameter includes one of a version of the software program on the computer system, a patch applied to the software program, a port related to the software program, a protocol related to the software program, and a service related to the software program.  One of ordinary skill in the art would have been motivated to make this modification because such vulnerabilities allow an attacker to reduce a system’s security and it would be beneficial for such vulnerabilities to be detected by a scanner. (Thakur, para. 0024-0025)

As per claim 6, Roy in view of Olarig teaches claim 1.  
Roy in view of Olarig does not clearly teach generating a report related to the security vulnerability in the computer system by the BMC.  
However, Thakur teaches generating a report related to the security vulnerability in the computer system by the BMC.  ([Thakur, para. 0029] the scanners may routinely scan and provide reports detailing risks [security vulnerabilities].  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Roy above)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Roy in view of Olarig with the teachings of Thakur to include generating a report related to the security vulnerability in the computer system by the BMC.  One of ordinary skill in the art would have been motivated to make this modification because reports allow other entities of the system such as end users to perform further processing on security vulnerabilities such as end users to start an exception/suppression process, initiate a change in management/service, and other security activities. (Thakur, para. 0023-0024)

As per claim 7, Roy in view of Olarig teaches claim 1.  
Roy in view of Olarig does not clearly teach obtaining a report related to the security vulnerability in the computer system from the BMC. 
However, Thankur teaches obtaining the report related to the security vulnerability in the computer system from the BMC. ([Thakur, para. 0029] the reports related to security vulnerabilities in the computer system are obtained from the scanner.  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Roy above)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Roy in view of Olarig and Thakur for the same reasons as disclosed above.

As per claim 12, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 15, Roy in view of Olarig teaches claim 14.  
Roy in view of Olarig does not clearly teach instructions to obtain the information related to the security vulnerability from the BMC.
However, Thankur teaches instructions to obtain the information related to the security vulnerability in the computer system from the BMC. ([Thakur, para. 0029] the reports [information] related to security vulnerabilities in the computer system are obtained from the scanner.  Scanners are implemented in hardware to scan network devices, such as a computer system, for vulnerabilities and a BMC computer system to scan network devices was disclosed in Roy above)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Roy in view of Olarig and Thakur for the same reasons as disclosed above.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Roy in view of Olarig as applied to claim 11 above and further in view of Liu et al. (US Pub. 2016/0217283) (hereinafter “Liu”).

As per claim 13, Roy in view of Olarig teaches claim 11.  
Roy in view of Olarig does not clearly teach wherein the NAND flash memory is an embedded NAND flash memory device.  
However, Liu teaches wherein the NAND flash memory is an embedded NAND flash memory device. ([Liu, para. 0027] the computer system 100 may be an embedded system storing instructions that are embedded, making the firmware memory an embedded NAND flash device)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Roy in view of Olarig with the teachings of Liu to include that the NAND flash memory is an embedded NAND flash memory device.  One of ordinary skill in the art would have been motivated to make this modification because an embedded memory allows use of the SPI bus for short distance communications between the memory and other components of the embedded device when the computer system is an embedded device (Liu, para. 0011)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Harsany et al. (US Pub. 2019/0156039) discloses firmware engines including a baseboard management controller that is configured to detect and diagnose malware by scanning data on the storage drive and identifying vulnerabilities in a storage center.  The data includes application specific data and the OS/operating system.  
Khatri et al. (US Pub. 2019/0034635) discloses a system management audit system that can provide assurance that a computer has not been tampered with by using a system audit log snapshot to address vulnerabilities, and to determine that malicious code could not be inserted.   
Ponnuru et al. (US Pub. 2020/0351293) discloses a security monitoring and analysis system that includes a management controller to detect vulnerabilities in a enterprise network based on configuration state information such as firmware version information, update information, and dependency information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493