DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	The claims 1-20 are pending.

Information Disclosure Statement
	The information disclosure statement (IDS) submitted on 12/10/19 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement filed 6/27/18 fails to comply with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because Non-Patent Literature Documents #4 lacks a publication date.  It has been placed in the application file, but the information referred to therein has not been considered as to the merits.  Applicant is advised that the date of any re-submission of any item of information contained in this information disclosure statement or the submission of any missing element(s) will be the date of submission for purposes of determining compliance with the requirements based on the time of filing the statement, including all certification requirements for statements under 37 CFR 1.97(e).  See MPEP § 609.05(a).

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:


Claims 13-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because independent claim 13 is directed to “computer-readable storage medium” where the Specification at [0122] clearly states “computer-readable medium may include transmission media or signals…”, and as such the claim is drawn to a form of energy.  Energy is not one of the four categories of invention and therefore the claims are not statutory.  Examiner respectfully recommends amending the claims from “computer-readable storage medium” to “non-transitory computer-readable storage medium”, “computer-readable storage device”, “computer-readable storage memory” or “computer-readable storage medium where the medium is not a signal” for example to be within a statutory category of invention. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Guri et al. (US Pub No. 2019/0334949) in view of Klaus (Us Pat. No. 5,892,903).

	With respect to claim 1, Guri teaches a system, comprising:  
5one or more computing devices configured to implement a network security evaluator (e.g., computing device ¶ 0069 & Fig. 4), wherein the network security evaluator is configured to: 
generate one or more queries of network configuration data for a network comprising a host computer, wherein the one or more queries are 10expressed in a query language, and wherein the one or more queries are generated based at least in part on a set of rules (e.g., network scanner may obtain information by scanning one or more ports used by querying the registry ¶ 0064 such as using QueryStringValue procedure call, RegGetValue procedure call, etc. ¶ 0070); 
determine one or more ports at the host computer that are open and reachable from outside the network, wherein the one or more ports 15are determined based at least in part on results of the one or more queries (e.g., network scanner comprises performing a port scan which is process that sends requests to a range of ports (which are used by services) and/or other components of operating system on a host in order to determine which ports are open ¶ 0064); 
determine one or more processes that are listening on the one or more ports, wherein the one or more processes are determined using an agent 20installed on the host computer (e.g., using a port scan, which teaches an agent installed on the host, to determine which processes, services, and/or other components of the OS that are listening on the port ¶ 0064 & 0068).
Guri disclose the claimed subject matter as discussed above in determining one or more port that are open and processes that are listening on the one or more ports, and further performing remediation by the operating system (¶ 0068) , but does not explicitly disclose generate a report descriptive of the one or more ports and the one or more processes.
However, Klaus teaches generate a report descriptive of the one or more ports and the one or more processes (e.g., the ports on which RPC services are located may be determined by querying a  in view of Klaus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Klaus to the system of Guri in order to detect and report to network administrator ports vulnerable to hacking (Col. 5, lines 4-6 and Col. 5, lines 33-41).
 
With respect to claim 2, the references above further teach wherein the network security evaluator is further configured to: determine and report one or more routes to the one or more ports from outside the network (e.g., determining and reporting the one or more services, which teaches each having different routes to access the port from outside the network @ Guri ¶ 0064 and Remote Procedure Call from outside the network @Klaus Col. 4, lines 58-67).
  
With respect to claim 3, the references above further teach wherein the network security evaluator is further configured to: determine and report one or more configuration settings that cause the one or more 5ports to be open and reachable from outside the network (e.g., determining and reporting comprising specific system configuration and setting such as “type and/or version of operating system installed on computing device, a type and/or version of service(s) installed and/or executing… and/or other characteristics of computing device ” @ Guri ¶ 0064 and building topology table @ Col. 11, lines 35-40).

With respect to claim 4, the references above further teach wherein the network security evaluator is further configured to:  10determine and report one or more corrective actions that, if performed, close one or more of the ports or make one or more of the ports unreachable from outside 

	With respect to claim 5, Guri teaches a computer-implemented method performed by one or more computing 15devices, comprising:
performing an analysis of network configuration data for a network comprising a computing device (e.g., network scanner may obtain information by scanning one or more ports used by querying the registry ¶ 0064 such as using QueryStringValue procedure call, RegGetValue procedure call, etc. ¶ 0070);
determining one or more ports at the computing device that are reachable from another computing device, wherein the one or more ports are determined based at least in part on the analysis (e.g., network scanner comprises performing a port scan which is process that sends requests to a range of ports (which are used by services) and/or other components of operating system on a host in order to determine which ports are open ¶ 0064); 
determining one or more routes to the one or more ports, wherein the one or more 25routes are determined based at least in part on the analysis (e.g., using a port scan to determine which processes, services, and/or other components of the OS that are listening on the port ¶ 0064 & 0068 each particular processes or services having different routes access the one or more port @ Guri ¶ 0064).
Guri disclose the claimed subject matter as discussed above in determining one or more port that are open and processes that are listening on the one or more ports, and further performing remediation by the operating system (¶ 0068) , but does not explicitly disclose generating a report descriptive of the one or more ports and the one or more routes.  
However, Klaus teaches generating a report descriptive of the one or more ports and the one or more routes (e.g., the ports on which RPC services are located may be determined by querying a UNIX operating system and reporting to a network administrator those ports which are coupled to RPC services which have little or no authorization checks @ Col. 4, lines 59-Col. 5, lines 7).  Therefore, based on Guri in view of Klaus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Klaus to the system of Guri in order to detect and report to network administrator ports vulnerable to hacking (Col. 5, lines 4-6 and Col. 5, lines 33-41).

With respect to claim 6, the references above further teach comprising:  determining and reporting one or more processes that are listening on the one or more ports, wherein the one or more processes are determined using agent software installed on the computing device (e.g., using a port scan, which teaches an agent installed on the host, to determine which processes, services, and/or other components of the OS that are listening on the port ¶ 0064 & 0068).

With respect to claim 7, the references above further teach comprising: determining and reporting one or more configuration settings that cause the one or more ports to be reachable (e.g., determining and reporting comprising specific system configuration and setting such as “type and/or version of operating system installed on computing device, a type and/or version of service(s) installed and/or executing… and/or other characteristics of computing device ” @ Guri ¶ 0064 and building topology table @ Col. 11, lines 35-40).



With respect to claim 9, the references above further teach comprising: displaying, in a user interface, one or more interface elements that, if selected, cause at least one of the corrective actions to be performed (e.g., changing the appropriate registry values to reflect the false information @ Guri ¶ 0074 and a GUI to activate each of the network verifiers individually or selectively identify a group of verifiers to automatically execute and build the information in table 46. The GUI also permits a user to enter information for execution of the verifiers such as defining or adding predetermined source port addresses, RPC services, addresses for computers added or deleted from a network or the like @ Klaus Col. 15, line 53-Col. 6, line 6).

With respect to claim 10, the references above further teach wherein the analysis is performed based at least in part on one or more queries of the network configuration data, wherein the one or more queries are expressed in a query language, and wherein the one or more queries are generated based at least in part on a set of rules (e.g., queries the registry for network configuration data @ Guri ¶ 0064 and using portmapper @ Klaus Col. 4, lines 60-67).

With respect to claim 11, the references above further teach wherein the one or more ports are determined without sending packets to the one or more ports (e.g., queries the registry without sending packets @ Guri ¶ 0064 and using portmapper @ Klaus Col. 4, lines 60-67).



The limitations of claim 13 are substantially similar to claims 1 and 5 above, and therefore the claim is likewise rejected.

The limitations of claim 14 are substantially similar to claim 6 above, and therefore the claim is likewise rejected.

The limitations of claim 15 are substantially similar to claim 7 above, and therefore the claim is likewise rejected.

The limitations of claim 16 are substantially similar to claim 8 above, and therefore the claim is likewise rejected.

The limitations of claim 17 are substantially similar to claim 9 above, and therefore the claim is likewise rejected.

The limitations of claim 18 are substantially similar to claim 10 above, and therefore the claim is likewise rejected.



	With respect to claim 20, the references above further teach wherein an additional one or more open and reachable ports are excluded from the report based at least in part on a whitelist of trusted locations (e.g., whitelist of trusted location and also a blacklist of suspicious location @ Guri ¶ 0062).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL COLIN can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 






/CHAU LE/Primary Examiner, Art Unit 2493