DETAILED ACTION
Response to Amendment
This action is in response to amendment filed February 04, 2021 for the application # 16/410,382 filed on May 13, 2019. Claims 1-20 are pending and are directed toward SYSTEM FOR MANAGING INFORMATION SECURITY ATTACK AND DEFENSE PLANNING.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 2, 4, 6, 7, 9, 11, 12, 14, 16, 17 and 19 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Brueckner et al. (US 2009/0208910, Pub. Date: Aug. 20, 2009), hereinafter referred to as Brueckner.
As per claim 1, Brueckner teaches a system for managing information security attack and defense planning (automated execution and evaluation of computer network training exercises, Brueckner, ABSTRACT), comprising:
106- CONTROL/MONITORING SYSTEM, Brueckner, FIG. 1A);
a hacker end communicatively connected to the monitoring and control server and conducting a real-world hacking exercise (110- ATTACK SYSTEM, Brueckner, FIG. 1A) to hack the targeted website (Target system 112 may be modeled to include a firewall/router and multiple web servers in a subnet that are to be protected. Brueckner, [0078]);
an observer end communicatively connected to the hacker end (108- TRAINEE DEVICE, Brueckner, FIG. 1A); and
a manager end communicatively connected to the observer end (104- INSTRUCTOR DEVICE, Brueckner, FIG. 1A) and providing an analysis platform and the monitoring and control server, wherein the analysis platform is communicatively connected to the observer end and the monitoring and control server (connections between 104,106, 108, Brueckner, FIG. 1A);
wherein the hacker end and the observer end generate a first independent report and a second independent report respectively according to logged information during the real-world hacking exercise and transmit the first independent report and the second independent report to the targeted institution (Brueckner, [0053],[0054]).
the targeted institution generates a piece of recorded information and forwards the first independent report, the second independent report, and the piece of recorded information to the analysis platform provided by the manager end for the manager end to generate a summary report including flaws and vulnerabilities in information security and transmit the summary report to the targeted institution (Brueckner, [0054]-[0058]).
claim 2, Brueckner teaches the system as claimed in claim 1, wherein the observer end performs packet logging according to information of a secure protocol and generates the second independent report (Brueckner, [0075]). 
As per claim 4, Brueckner teaches the system as claimed in claim 1, wherein the manager end logs information generated during the real-world hacking exercise and performs an after action review (AAR) procedure according to a result of executing the real-world hacking exercise (Brueckner, [0103]).
As per claim 6, Brueckner teaches the system as claimed in claim 1, wherein the analysis platform further has an analysis module, the targeted institution transmits the first independent report, the second independent report, and the piece of recorded information to the analysis module, and the analysis module generates the summary report according to the first independent report, the second independent report and the piece of recorded information and transmits the summary report to the targeted institution (Brueckner, [0073]).
As per claim 7, Brueckner teaches the system as claimed in claim 2, wherein the analysis platform further has an analysis module, the targeted institution transmits the first independent report, the second independent report, and the piece of recorded information to the analysis module, and the analysis module generates the summary report according to the first independent report, the second independent report and the piece of recorded information and transmits the summary report to the targeted institution (Brueckner, [0073]).
As per claim 9, Brueckner teaches the system as claimed in claim 4, wherein the analysis platform further has an analysis module, the targeted institution transmits the first independent report, the second independent report, and the piece of recorded information to the analysis module, and the analysis module generates the summary report according to the first independent Brueckner, [0073]).
As per claim 11, Brueckner teaches the system as claimed in claim 6, wherein when acquiring the first independent report, the second independent report and the piece of recorded information, the analysis module of the analysis platform performs a cross analysis procedure in generation of the summary report with the flaws and vulnerabilities in information security (Brueckner, [0054]-[0058]).
As per claim 12, Brueckner teaches the system as claimed in claim 7, wherein when acquiring the first independent report, the second independent report and the piece of recorded information, the analysis module of the analysis platform performs a cross analysis procedure in generation of the summary report with the flaws and vulnerabilities in information security (Brueckner, [0054]-[0058]).
As per claim 14, Brueckner teaches the system as claimed in claim 9, wherein when acquiring the first independent report, the second independent report and the piece of recorded information, the analysis module of the analysis platform performs a cross analysis procedure in generation of the summary report with the flaws and vulnerabilities in information security (Brueckner, [0054]-[0058]).
As per claim 16, Brueckner teaches the system as claimed in claim 11, wherein the cross analysis procedure includes a hacking method analysis and an information leakage analysis (Brueckner, FIG. 6).
As per claim 17, Brueckner teaches the system as claimed in claim 12, wherein the cross analysis procedure includes a hacking method analysis and an information leakage analysis (Brueckner, FIG. 6).
claim 19, Brueckner teaches the system as claimed in claim 14, wherein the cross analysis procedure includes a hacking method analysis and an information leakage analysis (Brueckner, FIG. 6).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 3, 5, 8, 10, 13, 15, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brueckner et al. (US 2009/0208910, Pub. Date: Aug. 20, 2009) in view of Styslinger (US 2005/0138426, Pub. Date: Jun. 23, 2005), hereinafter referred to as Brueckner and Styslinger respectively.
As per claim 3, Brueckner teaches the system as claimed in claim 1, but does not teach SSL traffic over the SSL connection, Styslinger however teaches wherein when the targeted website has SSL (Secure Socket Layer) cryptographic functions, the cryptographic functions are pre-configured to employ a dynamic key disallowing the monitoring and control server to decrypt SSL traffic over a SSL connection between the hacker end and the targeted website, the manager end generates a static key and offers the hacker end and the monitoring and control server the static key for the hacker end to employ the static key to encrypt SSL traffic over the SSL connection between the hacker end and the targeted website and for the monitoring and Styslinger, FIG. 5a, [0088], [0101]).
Brueckner in view of Styslinger are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Brueckner in view of Styslinger. This would have been desirable because proxies are standard well-known Internet technology components that allow companies to funnel traffic through a single point. This provides a number of useful characteristics and capabilities (e.g., caching for increased download speed, anonymity, access control, filtering, IP address space, etc.) Various types of proxies exist. For gateway proxies, the proxy is an SSL end-point; essentially a separate SSL session is set up between each client/server pair (e.g., browser/company proxy, company   proxy/reverse proxy, etc), so at each proxy the communication is fully decrypted then re-encrypted with a new key known by the communicating pair. Proxies are intermediary programs which act as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, with possible translation, to other servers. A proxy must implement both the client and server requirements of this specification (Styslinger, [0033]).

As per claim 5, Brueckner in view of Styslinger teaches the system as claimed in claim 3, wherein the piece of recorded information includes information associated with Security Information and Event Management (SIEM), an Intrusion Prevention System (IPS), an Intrusion Detection System (IDS), a Web Application Firewall (WAF), or a Web Access Log (Brueckner, [0107]).
As per claim 8, Brueckner in view of Styslinger teaches the system as claimed in claim 3, wherein the analysis platform further has an analysis module, the targeted institution transmits the first independent report, the second independent report, and the piece of recorded information to the analysis module, and the analysis module generates the summary report according to the first independent report, the second independent report and the piece of recorded information and transmits the summary report to the targeted institution (Brueckner, [0073]).
As per claim 10, Brueckner in view of Styslinger teaches the system as claimed in claim 5, wherein the analysis platform further has an analysis module, the targeted institution transmits Brueckner, [0073]).
As per claim 13, Brueckner in view of Styslinger teaches the system as claimed in claim 8, wherein when acquiring the first independent report, the second independent report and the piece of recorded information, the analysis module of the analysis platform performs a cross analysis procedure in generation of the summary report with the flaws and vulnerabilities in information security (Brueckner, [0054]-[0058]).
As per claim 15, Brueckner teaches the system as claimed in claim 10, wherein when acquiring the first independent report, the second independent report and the piece of recorded information, the analysis module of the analysis platform performs a cross analysis procedure in generation of the summary report with the flaws and vulnerabilities in information security (Brueckner, [0054]-[0058]).
As per claim 18, Brueckner in view of Styslinger teaches the system as claimed in claim 13, wherein the cross analysis procedure includes a hacking method analysis and an information leakage analysis (Brueckner, FIG. 6).
As per claim 20, Brueckner in view of Styslinger teaches the system as claimed in claim 15, wherein the cross analysis procedure includes a hacking method analysis and an information leakage analysis (Brueckner, FIG. 6).
Response to Arguments
Applicant’s arguments with regards to claims 1-20 have been fully considered, but they are not persuasive.
argument – Applicant argues that the limitations "monitoring and control server", "observer end", "manager end" in claim 1, are not properly disclosed by Brueckner (REMARKS, page 2).
Response: limitations of claim 1 require: a monitoring and control server communicatively connected to a targeted website provided by a targeted institution (106- CONTROL/MONITORING SYSTEM, Brueckner, FIG. 1A);a hacker end communicatively connected to the monitoring and control server and conducting a real-world hacking exercise (110- ATTACK SYSTEM, Brueckner, FIG. 1A) to hack the targeted website (Target system 112 may be modeled to include a firewall/router and multiple web servers in a subnet that are to be protected. Brueckner, [0078]);an observer end communicatively connected to the hacker end (108- TRAINEE DEVICE, Brueckner, FIG. 1A); anda manager end communicatively connected to the observer end (104- INSTRUCTOR DEVICE, Brueckner, FIG. 1A) and providing an analysis platform and the monitoring and control server, wherein the analysis platform is communicatively connected to the observer end and the monitoring and control server (connections between 104,106, 108, Brueckner, FIG. 1A);Further, Examiner points Applicant attention to at least to Brueckner, [0078], and specifically to “During the same training exercise within training environment 100, out-of-band data is also exchanged between control/monitoring system 106, attack system 110, and target system 112. This out-of-band data may include observation and control data. In one embodiment, the out-of-band data is not visible to a trainee and does not interfere with scenario traffic that is exchanged between systems 106, 110, and 112. Control/monitoring system 106 may monitor and observe the progress, events, responses, or status of attack system 110 and target system 112 by 
“In contrast” argument – Applicant argues that In contrast, the present application (Fig. I, lines 4-6, page 5) recites "the hacking end 10 conducts a real-world hacking exercise to hack the targeted website 40 through the monitoring and control server 50." (REMARKS, page 2).
Response: As preliminary subject matter Applicant seems to consider that his “exercise” could be done only by a real-world hacker and not a real-world trainee. How this relates to invention as currently claimed is not clear. As per “through” remark, first it was not claimed, just disclosed; second, please see “Thus, in one embodiment, out-of-band controller 204 may be implemented on and between each of attack system 110, target system 112, and control/monitoring system 106” (Brueckner, [0048]).
“are not disclosed” argument – Applicant argues that the limitations "the hacker end and the observer end generate a first independent report and a second independent report respectively according to logged information during the real-world hacking exercise and transmit the first independent report and the second independent report to the targeted institution" in claim 1, are not disclosed by Brueckner (REMARKS, page 4).
Response: according to cited by Examiner references: “This type of information may be collected, for example, by gathering data directly from machines (such as machines 109A-109N and/or 111A-111N) or from out-of-band data transferred between control/monitoring system 106 
“generic conceptual description” argument – Applicant argues that Styslinger fails to disclose the specific technical details of SSL communication among the monitoring and control server 50, the hacker end 10 and the targeted website 40 in claim 3. (REMARKS, page 6).
Response: as was stated by Examiner in NFOAM (pages 6-7) Brueckner but does not teach SSL traffic over the SSL connection, Styslinger however teaches wherein when the targeted website has SSL (Secure Socket Layer) cryptographic functions, the cryptographic functions are pre-configured to employ a dynamic key disallowing the monitoring and control server to decrypt SSL traffic over a SSL connection between the hacker end and the targeted website, the manager end generates a static key and offers the hacker end and the monitoring and control server the static key for the hacker end to employ the static key to encrypt SSL traffic over the SSL connection between the hacker end and the targeted website and for the monitoring and control 
Further Applicant somehow truncated the limitation “pre-configured to employ a dynamic key” to just a “to employ a dynamic key” (REMARKS, page 6). Examiner interpretation of the cited limitation is that both sites have functionality to establish SSL connection with a session key. No less, but also no more than that. This is a standard procedure based on SSL standard and extremely well known in the art, so could be considered as generic. The other part of the limitation requires proxy to be able to intercept traffic by decrypting and encrypting it back by intermediate keys shared with each of end-points. A well-known practice as well, and completely disclosed by secondary reference by (Styslinger, FIG. 5a, [0088], [01011). With motivation to combine based on Styslinger, [0033], which is also reads on cited limitation “This would have been desirable because proxies are standard well-known Internet technology components that allow companies to funnel traffic through a single point. This provides a number of useful characteristics and capabilities (e.g., caching for increased download speed, anonymity, access control, filtering, IP address space, etc.) Various types of proxies exist. For gateway proxies, the proxy is an SSL end-point; essentially a separate SSL session is set up between each client/server pair (e.g., browser/company proxy, company proxy/reverse proxy, etc), so at each proxy the communication is fully decrypted then re-encrypted with a new key known by the communicating pair.”
Conclusion -Therefore, in view of the above reasons, Examiner maintains rejections.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on Monday-Friday 7:30am - 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the 




/OLEG KORSAK/
Primary Examiner, Art Unit 2492