DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This correspondence is response to Amendments/REMARKS, filed on 10/30/2020.
Claims 1—27 are pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1—7, 9, 11, 12, 14—21, 23, 25 and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Schwoegler” et al. [US 8,799,189 B2] in view of “Bowers” et al. [US 8,813,234 B1], and further in view of “Jalan” et al. [US 9,621,575 B1].

Regarding Claim 1. Schwoegler disclose A method for optimizing a defense model using available security capabilities, comprising: 
of the defense model [Schwoegler disclose defense model; i.e., multiple hypothesis tracking (FIGS.1—3) and an optimal security implementation; i.e., applying hypothesis tracking to different cyber-security (FIGS.4A—5G)]; 

Schwoegler may not expressly disclose; but, Bowers, disclose the limitation: “wherein the defense model defines an optimal defense behavior with respect to a certain threat” [Bowers disclose optimal defense strategy for a defense based attack escalation states and minimum cost (see Abstract and FIG.2)]; 
Therefore, It would have been obvious to a person having ordinary skill in the art to modify the system of Schwoegler by incorporating the defense model that define optimal defense behavior teaching Bowers before the effective filing of applicant’s invention for the benefit of protecting information technology infrastructure from security threats.

Schwoegler in view of Bowers further disclose:
evaluating available security capabilities deployed in an enterprise environment to determine a plurality of variant security applications implementing the defense model [Schwoegler disclose [Schwoegler disclose “Multiple hypothesis tracking involves determining the probability that a given set of observations (i.e., a track) corresponds to a particular target, object or linked set of events” (col.5, lines 32—48 with FIG.1); “The systems and methods described herein are applicable to a variety of domain and observation types …” (col.6, lines 3—9); etc.];
determining a quality score for each of the plurality of the variant security applications [Schwoegler disclose: “The method also includes sending the updated set of tracks with track quality scores for each track to a domain agnostic hypothesis manager…” (col.3, lines 3—29); “The association engines 120 then send the track information with track quality scores for each track to the domain agnostic hypothesis manager 104 via the MHS 116…” (col.6, lines 47—63 with FIG.1); etc.];
selecting, from the plurality of variant security applications, a variant security application having a highest quality score [Schwoegler disclose: “formHypotheses (step 332) includes grouping compatible tracks into hypotheses, finding the best hypothesis (highest score), and…” (col.11, lines 5—20 with FIG.3); “3. if only one family exists in the cluster, the best hypothesis is the highest score track in the family and the track probability is calculated directly using EQNS. (8) and (9) below…” (col.11, lines 40—60); etc.];
selecting, from the plurality of variant security applications, a variant security application having a highest quality score [Schwoegler disclose “finding” “threshold” and “maximum” hypothesis score(s); “save” “the best hypothesis which is the hypothesis with the best score”; etc. (col.12, lines 1—65)]; 

see 408 (FIG.4), where Jalan disclose “…APPLY A SECURITY POLICY…”]. 
Therefore, It would have been obvious to a person having ordinary skill in the art to modify the system of Schwoegler/Bowers by incorporating the policy applying teaching of Jalan before the effective filing of applicant’s invention for the benefit of dynamically protecting threat in a data network.

REGARDING CLAIMS 14 & 15. They are A computer readable medium and A system for optimizing a defense model using available security capabilities claims; and they recite similar limitations as that of the method claim. Therefore, they have been rejected for the same rationale applied in rejecting claim 1 above. 

Additionally, Schwoegler/Bowers/Jalan further disclose a processing circuitry; a memory coupled to the processing circuitry [(col.16, lines 38—49 of Schwoegler) - (FIGS.3 and 8 of Jalan)]. The motivation to combine is the same as that of claim 1 above.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claim 2. The method of claim 1, further comprising: deploying the selected security application in the enterprise environment [Schwoegler disclose enterprise environment (FIGS.4A—5G)] [see 408 (FIG.4), where Jalan disclose “…APPLY A SECURITY POLICY…”; see also FIGS.6 and 7]. The motivation to combine is the same as that of claim 1 above.
Claim 16 is rejected for the same rationale applied in rejecting claim 2 above.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claims 3 and 4. The method of claim 1, wherein the optimal security application defines an optimal set of security engines; wherein each variant security application includes at least one of: a subset of the of optimal set of security engines and alternative for security engines included the optimal set of the security engines [Schwoegler disclose: “formHypotheses (step 332) includes grouping compatible tracks into hypotheses, finding the best hypothesis (highest score), and…” (col.11, lines 5—20 with FIG.3); “3. if only one family exists in the cluster, the best hypothesis is the highest score track in the family and the track probability is calculated directly using EQNS. (8) and (9) below…” (col.11, lines 40—60); etc.]. 
Claim 17, 18 are rejected for the same rationale applied in rejecting claims 3 and 4.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claim 5. The method of claim 1, wherein the defense model is predefined and stored in a data repository [Schwoegler disclose defense model; i.e., multiple hypothesis tracking (FIGS.1—3) and an optimal security implementation; i.e., applying hypothesis tracking to different cyber-security (FIGS.4A—5G)] [see Also FIGS.4 and 8 of Jalan]. The motivation to combine is the same as that of claim 1 above.
Claim 19 is rejected for the same rationale applied in rejecting claim 5 above.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claims 6 and 7. The method of claim 4, wherein evaluating the available security capabilities further comprises: generating a list of currently available security engines and their respective quality scores; further comprising: computing the quality score based on a performance score of each security engine defined in the variant security application [Schwoegler disclose: “formHypotheses (step 332) includes grouping compatible tracks into hypotheses, finding the best hypothesis (highest score), and…” (col.11, lines 5—20 with FIG.3); “3. if only one family exists in the cluster, the best hypothesis is the highest score track in the family and the track probability is calculated directly using EQNS. (8) and (9) below…” (col.11, lines 40—60); etc.]. 
Claims 20 and 21 are rejected for the same rationale applied in rejecting claims 6 and 7.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claim 9. The method of claim 2, wherein each variant security application maintains a logical structure of the optimal security application of the defense model [Schwoegler disclose defense model; i.e., multiple hypothesis tracking (FIGS.1—3) and an optimal security implementation; i.e., applying hypothesis tracking to different cyber-security (FIGS.4A—5G)] [see Also FIGS.4 and 8 of Jalan]. The motivation to combine is the same as that of claim 1 above.
Claim 23 is rejected for the same rationale applied in rejecting claim 9.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claim 11. The method of claim 1, further comprising: monitoring the available security capabilities periodically during the execution of the security application to identify any changes; and optimizing the executed security application when changes in the available security capabilities are detected [Schwoegler disclose: “formHypotheses (step 332) includes grouping compatible tracks into hypotheses, finding the best hypothesis (highest score), and…” (col.11, lines 5—20 with FIG.3); “3. if only one family exists in the cluster, the best hypothesis is the highest score track in the family and the track probability is calculated directly using EQNS. (8) and (9) below…” (col.11, lines 40—60); etc.]. 
Claim 25 is rejected for the same rationale applied in rejecting claim 11.

Schwoegler in view of Bowers, and further in view of Jalan further disclose claim 12. The method of claim 3, wherein the security engines are operable in an orchestration system deployed in the enterprise environment, wherein each security engine is associate with a security capability executed by a security product deployed in the enterprise environment [Schwoegler disclose enterprise environment (FIGS.4A—5G)] [see 408 (FIG.4), where Jalan disclose “…APPLY A SECURITY POLICY…”; see also FIGS.6 and 7]. The motivation to combine is the same as that of claim 1 above. 
Claim 26 is rejected for the same rationale applied in rejecting claim 12 above.

Claims 8 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Schwoegler” in view of “Bowers” et al. [US 8,813,234 B1], and further in view of “Jalan” et al. [US 9,621,575 B1], and further in view of “Bane” et al. [US 2015/0139074 A1].

Schwoegler in view of Bowers, and further in view of Jalan further disclose The method of claim 7. Schwoegler/Jalan do not disclose; but, Bane, analogues art, disclose claim 8, wherein the performance score is based on at least one of: an offline score determined by an attack database of a respective security product, a runtime score determined by attack logs provided by a respective security product, and a unified score determined by the offline score and runtime score [see par.0038 and 0062 of Bane]. 
Therefore, It would have been obvious to a person having ordinary skill in the art to modify the system of Schwoegler/Jalan by incorporating the offline score teaching of Bane before the effective filing of applicant’s invention for the benefit of generating and provide connection quality data for networks based on past performance of those networks.
Claim 22 is rejected for the same rationale applied in rejecting claim 8.

Claims 10 and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Schwoegler” et al. [US 8,799,189 B2] in view of “Bowers” et al. [US 8,813,234 B1], and further in view of “Jalan” et al. [US 9,621,575 B1], and further in view of “Aniszczyk” et al. [US 7,774,289 B2].

Schwoegler in view of Bowers, and further in view of Jalan disclose The method of claim 1. Schwoegler/Jalan does not; but, Aniszczyk, analogues art, disclose claim 10, wherein the selected variant security application provides a unified abstract representation that is agnostic to the security products used for detection and mitigation of the cyber threats [see FIG.1 and col.7, lines 58—64  of Aniszczyk]. 
Therefore, It would have been obvious to a person having ordinary skill in the art to modify the system of Schwoegler/Jalan by incorporating the unified/abstract representation teaching of Aniszczyk  before the effective filing of applicant’s invention for the benefit of reducing implementation time for product-level integration of related computer program products to yield end-to-end solutions. 
Claim 24 is rejected for the same rationale applied in rejecting claim 10.

Claims 13 and 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Schwoegler” et al. [US 8,799,189 B2] in view of “Bowers” et al. [US 8,813,234 B1], and further in view of “Jalan” et al. [US 9,621,575 B1], and further in view of “Kaplan” et al. [US 10,628,764 B1].

Schwoegler in view of Bowers, and further in view of Jalan further disclose The method of claim 12. Schwoegler/Jalan fail to disclose; Kaplan, analogues art, disclose claim 13, further see FIG.6 and 9; and col.23, lines 41—52 of Kaplan]. 
Therefore, It would have been obvious to a person having ordinary skill in the art to modify the system of Schwoegler/Jalan by incorporating the unified/abstract representation teaching of Kaplan before the effective filing of applicant’s invention for the benefit of performing network penetration testing, attack testing, identification of security vulnerabilities, and security testing of web applications, server computers, and network elements. 
Claim 27 is rejected for the same rationale applied in rejecting claim 13.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMARE F TABOR whose telephone number is (571)270-3155.  The examiner can normally be reached on Mon.—Fri.: 8:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/AMARE F TABOR/Primary Examiner, Art Unit 2434