DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 10/21/2020 has been entered.
As per instant Amendment, Claims 1, 6 and 22 are independent claims.  Claims 1, 5-6, 8, 15-17, 19 and 22-33 have been examined and are pending. This Action is made Non-FINAL. 

Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 10/21/2020, with respect to limitations listed below, have been fully considered but they are not persuasive.
a.	Applicant’s arguments: “the combination of Yehuda, Baikalov and Singh fails to teach or suggest "wherein the analyzing of the past compliance scans uses a machine learning algorithm, and wherein the determining of the time period based on the use of the predictive algorithm is further based on the analyzing of the past compliance scans using the machine learning algorithm" as specifically recited in claims 17, 19 and 30.” 
              The Examiner disagrees with the Applicants. The Examiner respectfully submits that Singh does disclose the above mentioned limitation (Singh: col. 17 lines 23-28 classification engine 140 may use a decision-tree learning algorithm as a predictive model, where the decision-tree learning algorithm may be level-oped using machine learning techniques from prior analysis of labelled and unlabeled malware and benign objects). More specifically, Singh discloses the training engine 130 is configured to receive an identifier for the object in order to determine if the object has been previously analyzed in a potential update of the current predictive model. If not, the training engine 130 makes use of one or more features  of the suspect object from the first detection engine 122 to determine if the object is malicious and determines which portions within the current predictive model need to be modified to better detect such features for classifying files as malicious [col. 7 lines 11-20]; the training engine 130 receives the identifier 126 of the object (e.g., hash value of the object) to determine if the object has been evaluated previously in accordance with the current predictive model. This may be accomplished by comparing a listing of identifiers maintained by the training engine 130, where each identifier represents an object whose features have already been evaluated in updating the current predictive model. If the suspect object 240 has been previously evaluated, the training engine 130 may disregard such features or further adjust parameters within the updated current predictive (reference) model [col. 11 lines 31-41] and if the object is determined by the object comparison logic 450 to have been previously evaluated in generation of the reference model 475, the parameter modification logic 455 may disregard col. 14 lines 60-64]. Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.
 
b.        Applicant’s arguments: “the combination of Yehuda, Baikalov and Singh further fails to teach or suggest "wherein the compliance rules included in the compliance policy comprise a rule governing a specified order of execution of activities" as specifically recited in claims 25, 28 and 32.” 
              The Examiner disagrees with the Applicants. The Examiner respectfully submits that Singh discloses the above mentioned limitation (Singh: col. 10 lines 50-51 analyzed compliance with certain message formats established for the protocol (e.g., out-of-order commands)). Moreover, Singh discloses the classification engine is responsible for classifying data as malicious or not based on whether such data includes one or more features that already have been determined to suggest maliciousness at an associated probability level. These features may include (i) a particular file size, (ii) presence of an attachment, (iii) format type (e.g., whether the file includes an executable, a portable document format "pdf' document, etc.), (iv) specific data patterns, (v) source of the file, and (vi) a structure of the file [col. 1 lines 57-65] and the processing engine 110 of the first TDP 1501 is configured to receive an incoming object 240 (operation 1) and to convert the object 240 into a format that may be subsequently analyzed by the static analysis engine 120 to determine if the object 240 includes one or more features that are considered potentially associated with malicious activity [col. 9 lines 48-54]. Therefore as the metes 
The new reference Rasumov (US 2017/0236078) used to address newly added limitations.
The amended claims 1, 6 and 22 have been addressed in rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


Claims 1, 6, 8, 22, 24, 27 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Yehuda et al. (“Yehuda,” US 8499331), published on July 30, 2013,  in view of Baikalov et al. (“Baikalov,” US 2013/0091569), published on April 11, 2013, and Rasumov (US 2017 /0236078), published on August 17, 2017. 

Regarding claim 1:  Yehuda discloses a method performed by a system comprising a hardware processor, comprising:
analyzing event data of events related to information technology (IT) components (Yehuda: col. 5 lines 62-65 the data collection manager 119 can be configured to analyze the message data transmitted in network 150 and store appropriate information about different monitored connections in the repository 140);
Yehuda: col. 5 lines 65-67 based on analysis of the message data, the data collection manager 119 can identify different types of information; col. 6 lines 5-9 the compliance manager 110 can apply rules [...] to identify whether certain applications are allowed to communicate with each other or whether the applications communicate with each other using a proper protocol as specified by a rule);
generating, based on the identifying of compliance rules for the IT components, a compliance policy that comprises the compliance rules (Yehuda: col. 5 lines 7-11 the method of policy-based testing network resource compliance [...] each policy in the set contains i) a set of rules; col. 6 lines 47-54  the compliance manager 110 enables a respective user to create policies and corresponding rules to verify compliance with respect to resource configurations (e.g., based on information stored in repository 140 from the direct and indirect queries) as well verify compliance with respect to two or more resources that communicate with each other over network 150 (e.g., based on message information transmitted between resources)).

However Baikalov discloses analyzing past compliance scans performed on the IT components according to the generated compliance policy (Baikalov: ¶0054 the historical scan data 32 provides, at a minimum, a listing of computing devices and the date(s) of the scan(s) performed [...] the comparison of the login event information 22 to the historical scan data 32 results in a determination of whether the computing device 24 has been previously scanned and, if so the date(s) of the previous scan(s) and  ¶0048 and ¶0056);
Baikalov: ¶0048 the system checks a scan database to determine if the device has been previously scanned; ¶0068 the scan determination routine 20 is additionally configured to provide for scan determination 26 (i.e., whether a scan is currently required) for the computing device 24 based on the login event information 22, predetermined scan criteria 28 and historical scan data 32 stored in scan database 30); and
in response to determining that the compliance scan is to be performed on the IT components according to the generated compliance policy (Baikalov: ¶0070 scan results 78 may be associated with each individual prior scan and/or a group of previous scans [...] and/or all of the previous prior scans [...] scan results may include indication of a non-compliant or unacceptable result for a specific task within a previous scan [...] the scan criteria 28 may dictate that additional or less scanning or more frequent or less frequent scanning be performed based on previous scan results);
Baikalov: ¶0078 scan criteria, preconfigured by the scanning party administrator or the like, will define the required scan period, i.e., the period of time in which a scan is required to be performed. The determination is made by comparing the scan criteria to the scan database to determine if the last-in-time scan was performed with the required scan period; 0009 a level of scanning can be determined based on previous scan dates and/or scan results, which may dictate more or less scanning. In addition, dates of last-in-time scans and/or scan results may dictate the priority of the impending scan), and
initiating, at the determined time period, scanning of the IT components according to the generated compliance policy (Baikalov: ¶0079 if the determination is made that that the computing device has not been previously scanned or the determination is made that last-in-time scan was performed outside of the required scan period, at Decision 214, a determination is made as to whether the date and/or results of previous scans warrant priority scanning. If the results of previous scans indicate that the device is a high-risk or the previous scan date is beyond a predetermined priority threshold, at Event 216 a high-priority scan of the computing device is performed).
Baikalov: ¶0002).
Yehuda in view of Baikalov does not explicitly disclose wherein real time events including the generated compliance policy are weighted more than previous events including the past compliance scan when determining whether a compliance scan is to be performed on the IT components.
However Rasumov discloses wherein real time events including the generated compliance policy are weighted more than previous events including the past compliance scan when determining whether a compliance scan is to be performed on the IT components (Rasumov: ¶0063 the weighted relationship information 272 generated by the weighting module 270 [...] may be used to dynamically adjust cybersecurity risk scores for various entities. For example, the strength of the relationship, as indicated by the weight applied to the relationship information by the weighting module 270, may be used to determine the degree to which a cybersecurity risk score is adjusted up or down based on a relationship. For example, a strong relationship (e.g., high weight) may cause the cybersecurity risk score to adjusted up or down to a higher degree than a weak relationship (e.g., low weight)).
Rasumov: ¶0004).

Regarding claim 6: Yehuda discloses a system, comprising:
a processor (Yehuda: fig. 6); and
a non-transitory storage medium (Yehuda: fig. 6) storing instructions executable on the processor to:
analyze events generated on information technology (IT) components to identify compliance rules for the IT components (Yehuda: col. 5 lines 62-65 the data collection manager 119 can be configured to analyze the message data transmitted in network 150 and store appropriate information about different monitored connections in the repository 140);
generate, based on the identifying of the compliance rules, a compliance policy comprising the compliance rules (Yehuda: col. 6 lines 47-54  the compliance manager 110 enables a respective user to create policies and corresponding rules to verify compliance with respect to resource configurations (e.g., based on information stored in repository 140 from the direct and indirect queries) as well verify compliance with respect to two or more resources that communicate with each other over network 150 (e.g., based on message information transmitted between resources)).

However Baikalov discloses analyze previous compliance scans performed on the IT components according to the generated compliance policy (Baikalov: ¶0054 the historical scan data 32 provides, at a minimum, a listing of computing devices and the date(s) of the scan(s) performed [...] the comparison of the login event information 22 to the historical scan data 32 results in a determination of whether the computing device 24 has been previously scanned and, if so the date(s) of the previous scan(s) and  ¶0048 and ¶0056); and
Baikalov: ¶0048 the system checks a scan database to determine if the device has been previously scanned; ¶0068 the scan determination routine 20 is additionally configured to provide for scan determination 26 (i.e., whether a scan is currently required) for the computing device 24 based on the login event information 22, predetermined scan criteria 28 and historical scan data 32 stored in scan database 30); and
in response to determine that the IT components are to be scanned according to the generated compliance policy (Baikalov: ¶0070 scan results 78 may be associated with each individual prior scan and/or a group of previous scans [...] and/or all of the previous prior scans [...] scan results may include indication of a non-compliant or unacceptable result for a specific task within a previous scan [...] the scan criteria 28 may dictate that additional or less scanning or more frequent or less frequent scanning be performed based on previous scan results);
Baikalov: ¶0078 scan criteria, preconfigured by the scanning party administrator or the like, will define the required scan period, i.e., the period of time in which a scan is required to be performed. The determination is made by comparing the scan criteria to the scan database to determine if the last-in-time scan was performed with the required scan period; 0009 a level of scanning can be determined based on previous scan dates and/or scan results, which may dictate more or less scanning. In addition, dates of last-in-time scans and/or scan results may dictate the priority of the impending scan), and 
initiate, at the determined time period, scanning of the IT components according to the generated compliance policy (Baikalov: ¶0079 if the determination is made that that the computing device has not been previously scanned or the determination is made that last-in-time scan was performed outside of the required scan period, at Decision 214, a determination is made as to whether the date and/or results of previous scans warrant priority scanning. If the results of previous scans indicate that the device is a high-risk or the previous scan date is beyond a predetermined priority threshold, at Event 216 a high-priority scan of the computing device is performed).
Baikalov: ¶0002).
Yehuda in view of Baikalov does not explicitly disclose wherein real time events including the generated compliance policy are weighted more than previous events including the previous compliance scan when determining whether the IT components are to be scanned for compliance.
However Rasumov discloses wherein real time events including the generated compliance policy are weighted more than previous events including the previous compliance scan when determining whether the IT components are to be scanned for compliance (Rasumov: ¶0063 the weighted relationship information 272 generated by the weighting module 270 [...] may be used to dynamically adjust cybersecurity risk scores for various entities. For example, the strength of the relationship, as indicated by the weight applied to the relationship information by the weighting module 270, may be used to determine the degree to which a cybersecurity risk score is adjusted up or down based on a relationship. For example, a strong relationship (e.g., high weight) may cause the cybersecurity risk score to adjusted up or down to a higher degree than a weak relationship (e.g., low weight)).
Rasumov: ¶0004).

Regarding claim 8: Yehuda in view of Baikalov and Rasumov discloses the system of claim 6.
Baikalov further discloses wherein the instructions are executable on the processor to determine a priority for performing the scanning of the IT components (Baikalov: fig. 3 item 81; ¶0049 determining a priority for the scan based on date/time of the last-in-time scan and/or the previous scan results. Thus, if a device has not been scanned within a predetermined time period and/or if previous results place the device in a high-risk category, the device is be placed in a high priority queue, in which scanning occurs in the immediate future).
The motivation is the same that of claim 6 above.

Regarding claim 22: Yehuda discloses a non- transitory machine-readable storage medium comprising instructions that upon execution cause a system to:
analyze event data of events of a plurality of information technology (IT) components (Yehuda: col. 5 lines 62-65 the data collection manager 119 can be configured to analyze the message data transmitted in network 150 and store appropriate information about different monitored connections in the repository 140);
Yehuda: col. 5 lines 65-67 based on analysis of the message data, the data collection manager 119 can identify different types of information; col. 6 lines 5-9 the compliance manager 110 can apply rules [...] to identify whether certain applications are allowed to communicate with each other or whether the applications communicate with each other using a proper protocol as specified by a rule),
identify, based on the compliance rules, a compliance policy that comprises the compliance rules (Yehuda: col. 6 lines 42-44 the compliance manager 110 applies policies and corresponding rules to verify compliancy; col. 6 line 67 through col. 7 lines 1-3 150 based on application of rules to the repository of data, the compliance manager 110 is able to identify compliancy with respect to corresponding configurations of the application resources; col. 7 lines 50-52 The policy and rule data 146 includes applicable policies 147-1 ... 147-N (147 generally), each including a set of rules 121-1 ... 121-N (121 generally)).

However Baikalov discloses analyze previous compliance scans performed on the plurality of IT components according to the identified compliance policy (Baikalov: ¶0054 the historical scan data 32 provides, at a minimum, a listing of computing devices and the date(s) of the scan(s) performed [...] the comparison of the login event information 22 to the historical scan data 32 results in a determination of whether the computing device 24 has been previously scanned and, if so the date(s) of the previous scan(s) and  ¶0048 and ¶0056);
Baikalov: ¶0048 the system checks a scan database to determine if the device has been previously scanned; ¶0068 the scan determination routine 20 is additionally configured to provide for scan determination 26 (i.e., whether a scan is currently required) for the computing device 24 based on the login event information 22, predetermined scan criteria 28 and historical scan data 32 stored in scan database 30); and
in response to determining that the compliance scan is to be performed on the plurality of IT components according to the identified compliance policy (Baikalov: ¶0070 scan results 78 may be associated with each individual prior scan and/or a group of previous scans [...] and/or all of the previous prior scans [...] scan results may include indication of a non-compliant or unacceptable result for a specific task within a previous scan [...] the scan criteria 28 may dictate that additional or less scanning or more frequent or less frequent scanning be performed based on previous scan results);
Baikalov: ¶0078 scan criteria, preconfigured by the scanning party administrator or the like, will define the required scan period, i.e., the period of time in which a scan is required to be performed. The determination is made by comparing the scan criteria to the scan database to determine if the last-in-time scan was performed with the required scan period; 0009 a level of scanning can be determined based on previous scan dates and/or scan results, which may dictate more or less scanning. In addition, dates of last-in-time scans and/or scan results may dictate the priority of the impending scan), and
initiate the compliance scan on the plurality of IT components at the determined time period, to cause scanning of the plurality of IT components according to the identified compliance policy (Baikalov: ¶0079 if the determination is made that that the computing device has not been previously scanned or the determination is made that last-in-time scan was performed outside of the required scan period, at Decision 214, a determination is made as to whether the date and/or results of previous scans warrant priority scanning. If the results of previous scans indicate that the device is a high-risk or the previous scan date is beyond a predetermined priority threshold, at Event 216 a high-priority scan of the computing device is performed).
Baikalov: ¶0002).
Yehuda in view of Baikalov does not explicitly disclose wherein real time events including the identified compliance policy are weighted more than previous events including the previous compliance scans when determining whether a compliance scan is to be performed on the plurality of IT component.
However Rasumov discloses wherein real time events including the identified compliance policy are weighted more than previous events including the previous compliance scans when determining whether a compliance scan is to be performed on the plurality of IT component (Rasumov: ¶0063 the weighted relationship information 272 generated by the weighting module 270 [...] may be used to dynamically adjust cybersecurity risk scores for various entities. For example, the strength of the relationship, as indicated by the weight applied to the relationship information by the weighting module 270, may be used to determine the degree to which a cybersecurity risk score is adjusted up or down based on a relationship. For example, a strong relationship (e.g., high weight) may cause the cybersecurity risk score to adjusted up or down to a higher degree than a weak relationship (e.g., low weight)).
Rasumov: ¶0004).

Regarding claim 24: Yehuda in view of Baikalov and Rasumov discloses the non-transitory machine-readable storage medium of claim 22.
Baikalov further discloses wherein the time period determined based on the use of the predictive algorithm is different from a scheduled time period (Baikalov: ¶0069 dynamic customization may include more frequent or less frequent scanning of the computing device, additional or less scanning than standard scan routine, such as configuration of additional or less scan tasks to meet the needs of the previous scan results; ¶0071 the scan criteria 28 may define that a full scan needs to performed once every seven days, once every fourteen days, once every thirty day or the like and that a partial or quick scan needs be performed once every day, once every other day, once every seven days or the like [schedule]).
The motivation is the same that of claim 22 above.

Regarding claim 27: Claim 27 is similar in scope to claim 24, and is therefore rejected under similar rationale.

Regarding claim 31: Yehuda in view of Baikalov and Rasumov discloses the system of claim 6.
Baikalov further discloses wherein the time period determined based on the use of the predictive algorithm is different from a scheduled time period (Baikalov: ¶0054 the comparison of the login event information 22 to the historical scan data 32 results in a determination of whether the computing device 24 has been previously scanned and, if so the date(s) of the previous scan(s) [predictive algorithm] and  ¶0048 and ¶0056; ¶0071 the scan criteria 28 may define that a full scan needs to performed once every seven days, once every fourteen days, once every thirty day or the like and that a partial or quick scan needs be performed once every day, once every other day, once every seven days or the like [schedule]).
The motivation is the same that of claim 6 above.


Claims 5 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Yehuda et al. (“Yehuda,” US 8499331), published on July 30, 2013, in view of Baikalov et al. (“Baikalov,” US 2013/0091569), published on April 11, 2013, Rasumov (US 2017 /0236078), published on August 17, 2017 and Shah et al. (“Shah,” US 2011/0225275), published on September 15, 2011.

Regarding claim 5: Yehuda in view of Baikalov and Rasumov discloses the method of claim 1.

However Shah discloses wherein the IT components are part of a data center (Shah: fig. 1; ¶0022 All or portions of system 100 may reside on a datacenter system center computer).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Shah with the system and method of Yehuda, Baikalov and Rasumov to include the IT component is part of a data center to provide user with a means for checking for compliance against one or more defined configuration baselines (Shah: ¶0019).

Regarding claim 15: Yehuda in view of Baikalov and Rasumov discloses the non-transitory machine-readable storage medium of claim 22.
Yehuda in view of Baikalov and Rasumov does not explicitly disclose wherein the plurality of IT components are part of a cloud system.
However Shah discloses wherein the plurality of IT components are part of a cloud system (Shah: fig. 1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Shah with the system and method of Yehuda, Baikalov and Rasumov to include the IT component is part of a data center to provide user with a means for checking for compliance against one or more defined configuration baselines (Shah: ¶0019).

Regarding claim 16: Yehuda in view of Baikalov and Rasumov discloses the method of claim 1.
Yehuda in view of Baikalov and Rasumov does not explicitly disclose wherein the IT components are part of a cloud.
However Shah discloses wherein the IT components are part of a cloud (Shah: fig. 1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Shah with the system and method of Yehuda, Baikalov and Rasumov to include wherein the IT components are part of a cloud to provide user with a means for checking for compliance against one or more defined configuration baselines (Shah: ¶0019).


Claims 17, 19, 23, 25, 28, 30 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Yehuda et al. (“Yehuda,” US 8499331), published on July 30, 2013, in view of Baikalov et al. (“Baikalov,” US 2013/0091569), published on April 11, 2013, Rasumov (US 2017 /0236078), published on August 17, 2017 and Singh et al. (“Singh,” US 9690933), published on June 27, 2017.

Regarding claim 17: Yehuda in view of Baikalov and Rasumov discloses the method of claim 1.

However Singh discloses wherein the analyzing of the past compliance scans uses a machine learning algorithm, and wherein the determining of the time period based on the use of the predictive algorithm is further based on the analyzing of the past compliance scans using the machine learning algorithm (Singh: col. 17 lines 23-28 classification engine 140 may use a decision-tree learning algorithm as a predictive model, where the decision-tree learning algorithm may be level-oped using machine learning techniques from prior analysis of labelled and unlabeled malware and benign objects).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Singh with the system and method of Yehuda, Baikalov and Rasumov to include the analyzing of the past compliance scans uses a machine learning algorithm to provide user with a means for checking for automatically updating a classification engine that analyzes an object and determines whether the object is to be classified as malicious (Singh: col. 1 lines 10-13).


Regarding claim 19: Claim 19 is similar in scope to claim 17, and is therefore rejected under similar rationale.


Regarding claim 23: Yehuda in view of Baikalov and Rasumov discloses the non-transitory machine-readable storage medium of claim 22.

However Singh discloses wherein the analysis of the previous compliance scans is based on a machine learning algorithm (Singh: col. 9 lines 42-43 using machine learning techniques from prior analysis of labelled and unlabeled malware).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Singh with the system and method of Yehuda, Baikalov and Rasumov to include the analysis of the previous compliance scans is based on a machine learning algorithm to provide user with a means for checking for automatically updating a classification engine that analyzes an object and determines whether the object is to be classified as malicious (Singh: col. 1 lines 10-13).

Regarding claim 25: Yehuda in view of Baikalov and Rasumov discloses the non-transitory machine-readable storage medium of claim 22.
Yehuda in view of Baikalov and Rasumov does not explicitly disclose wherein the compliance rules included in the compliance policy comprise a rule governing a specified order of execution of activities.
However Singh discloses wherein the compliance rules included in the compliance policy comprise a rule governing a specified order of execution of activities (Singh: col. 10 lines 50-51 analyzed compliance with certain message formats established for the protocol ( e.g., out-of-order commands)).
Singh: col. 1 lines 10-13).

Regarding claim 28: Claim 28 is similar in scope to claim 25, and is therefore rejected under similar rationale.

Regarding claim 30: Claim 30 is similar in scope to claim 17, and is therefore rejected under similar rationale.

Regarding claim 32: Claim 32 is similar in scope to claim 25, and is therefore rejected under similar rationale.


Claims 26, 29 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Yehuda et al. (“Yehuda,” US 8499331), published on July 30, 2013, in view of Baikalov et al. (“Baikalov,” US 2013/0091569), published on April 11, 2013, Rasumov (US 2017 /0236078), published on August 17, 2017 and Gemmell et al. (“Gemmell,” US 2013/0091486), published on April 11, 2013.

Regarding claim 26: Yehuda in view of Baikalov and Rasumov discloses the non-transitory machine-readable storage medium of claim 22.
Yehuda in view of Baikalov and Rasumov does not explicitly disclose wherein the compliance rules included in the compliance policy comprise a rule governing a characteristic of a password.
However Gemmell discloses wherein the compliance rules included in the compliance policy comprise a rule governing a characteristic of a password (Gemmell: ¶0033 control objective or one or more other control objectives may specify that a length of the password is to be eight or more characters, the password is to includes at least one letter and at least one number, the password is to include at least one upper case letter and at least one lower case letter, the password).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Gemmell with the system and method of Yehuda, Baikalov and Rasumov to include a rule governing a characteristic of a password to provide user with a means for checking for automatically updating a classification engine that analyzes an object and determines whether the object is to be classified as malicious (Singh: col. 1 lines 10-13).

Regarding claim 29: Claim 29 is similar in scope to claim 26, and is therefore rejected under similar rationale.

Regarding claim 33: Claim 33 is similar in scope to claim 26, and is therefore rejected under similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/FAHIMEH MOHAMMADI/    Examiner, Art Unit 2439                                                                                                                                                                                         
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439