Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This communication is in response to the application filed on 10/05/2018 in which Claims 1-20 are presented for examination.
Drawings
The applicant’s drawings submitted on 10/05/2018 are acceptable for examination purposes. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-12 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Castel U.S. Publication No. 20190068650 A1 in view of CHOI U.S. Publication No. 20190050578 A1.
As to claim 1, Castel discloses receiving, using the interface (Castel Pa. [0086]) [the communication components 1040 may include a network interface component or other suitable device to interface with the network], network activity data including at least one device that is unknown to the vulnerability assessment device (Castel Pa. [0019]) [the security configuration management system has access to a vulnerability database that identifies “device and software profiles” (read activity data of one device that is unknown to the vulnerability assessment device) and corresponding known security vulnerabilities]; determining, using a processor executing instructions stored on a memory and providing a classifier, whether the at least one unknown device shares at least one feature with a known device that is scanned; and scanning, using the vulnerability assessment device, the at least one unknown device to identify any vulnerabilities of the at least one unknown device after the processor determines the at least one unknown device shares at least one feature with a known device that is scanned (Castel Pa. [0046]) [The security vulnerability determination module 408 analyzes the aggregated asset database to identify “device and software profiles” (read unknown device). This includes information about the individual devices in the network and the software running on the individual devices, such as the software types, versions, etc. The security vulnerability determination module 408 matches the “device and software profiles” (read unknown device) identified from the aggregated asset database to the known device and software profiles in the vulnerability database to identify corresponding security vulnerabilities listed in the vulnerability data]
Castel does not appear explicitly disclose a method for identifying a network vulnerability, the method comprising:  receiving, using an interface, scan configuration data from a vulnerability assessment device, wherein the scan configuration data includes: at least one device that is known to the vulnerability assessment device, whether the at least one known device is scanned by the vulnerability assessment device, and at least one feature related to the at least one known device.
However, CHOI discloses a method for identifying a network vulnerability, the method comprising:  receiving, using an interface, scan configuration data from a vulnerability assessment device, wherein the scan configuration data includes: at least one device that is known to the vulnerability assessment device, whether the at least one known device is scanned by the vulnerability assessment device, and at least one feature related to the at least one known device (CHOI Pa. [0008]) [including a vulnerability database (DB) for storing vulnerability assessment items; a communication unit for configuring an environment for serial communication with an assessment target device and configuring a network environment for update of the vulnerability DB and system management; a vulnerability scanning unit for selecting a vulnerability assessment item for which cybersecurity vulnerability assessment is to be performed on the assessment target device, from among the vulnerability assessment items stored in the vulnerability DB, and for performing scanning for checking the selected vulnerability assessment item on the assessment target device]
(CHOI Pa. [0002])

As to claim 2, the combination of Castel and CHOI discloses wherein the at least one feature includes at least one of a set of ports receiving data on the at least one known device, a number of peers connected to the at least one known device, a volume of data sent from the at least one known device, a volume of data received by the at least one known device, a busiest time period of day, and a least busy time period of day (CHOI Pa. [0091]) [the assessment target device (see 300 of FIG. 3) connected through a serial port (see 350 of FIG. 3) interface in order to check vulnerability assessment items selected for the assessment target device]

As to claim 4, the combination of Castel and CHOI discloses wherein the network activity data is received from at least one of a Netflow record, an address resolution protocol announcement, a web proxy, a domain name server, and a firewall (Castel Pa. [0017]) [Network security devices, such as network firewalls]

As to claim 5, the combination of Castel and CHOI discloses wherein at least one device that is not scanned includes a printer (Castel Pa. [0035]) [the various functional modules depicted in FIG. 4 may reside on a single computing device or may be distributed across several computing devices in various arrangements such as those used in cloud-based architectures.]

As to claim 6, the combination of Castel and CHOI discloses wherein at least one device that is not scanned includes a healthcare device (Castel Pa. [0028]) [in the healthcare industry, the DICOM protocol is used to transport information between medical imaging devices such as MRI machines and workstations or file servers]

As to claim 7, claim recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale.

As to claim 8, the combination of Castel, CHOI and Cam discloses wherein the classifier includes at least one of a random forest classifier, a support vector machine classifier, decision trees, Bayesian networks, neural networks, and logistic regression techniques (Cam “US 20170046519 A1”, Pa. [0051]) [system as a vulnerability assessment module… dynamic Bayesian network (DBN)]

As to claims 9-10, the combination of Castel and CHOI discloses further comprising issuing an alert using a user interface, wherein the alert indicates that the scan configuration data should be updated to include the at least one unknown device; autonomously updating the scan configuration data to include the at least one unknown (CHOI Pa. [0013]) [include a DB management unit for updating and managing the vulnerability assessment items stored in the vulnerability DB]

As to claim 11, claim 11 recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale.

As to claim 12, claim 12 recites the claimed that contain similar limitations as claim 2; therefore, it is rejected under the same rationale.

As to claim 14, claim 14 recites the claimed that contain similar limitations as claim 4; therefore, it is rejected under the same rationale.

As to claim 15, claim 15 recites the claimed that contain similar limitations as claim 5; therefore, it is rejected under the same rationale.

As to claim 16, claim 16 recites the claimed that contain similar limitations as claim 6; therefore, it is rejected under the same rationale.

As to claim 17, claim 17 recites the claimed that contain similar limitations as claim 1; therefore, it is rejected under the same rationale.

As to claim 18,
As to claim 19, claim 19 recites the claimed that contain similar limitations as claim 9; therefore, it is rejected under the same rationale.

As to claim 20, claim 20 recites the claimed that contain similar limitations as claim 10; therefore, it is rejected under the same rationale.

Allowable Subject Matter
Claims 3 and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438.  The examiner can normally be reached on Monday -Thursday 7:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B. Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/EVANS DESROSIERS/Primary Examiner, Art Unit 2491