Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 1-20 are subject to examination.  

Specification
The amendment to the specification 1/26/21 is acknowledged. 
The amendment to the title 1/26/21 is acknowledged.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1, 3-6, 11, 13-16, is/are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker et al., 20130247205 in view of Galtsev et al., 20170093863 and Noel et al., 2017/0289187.
Referring to claim(s) 1, 11, 20, Schrecker discloses a computer-implemented method for managing cybersecurity vulnerabilities of resources within a network, the method comprising: a cybersecurity vulnerability management system operating within  network, the system comprising: input processing engine for collecting data including application risk rank and network location;  computer memory storing instructions; computer processor accessing the stored instructions and the collecting data for performing steps including: a non-transitory computer-readable medium, executed by a processor for managing cybersecurity vulnerabilities of resources within  network by performing steps including:
collecting, by a processor over a network (network monitor102, figure 2 collecting data), data pertaining to multiple network resources (resources of the network, figure 2), the data including application risk rank (figures 6A/6B, para 52); utilizing the processor to manage cybersecurity vulnerabilities within the network by performing operations including:
determining vulnerability scores corresponding to vulnerabilities of the network resources (para 74); determining severity scores for the network resources based on the application risk rank and network location of the network resources  (para 46, 10); and integrating each vulnerability score and a corresponding severity score for the network resources to create a two-dimensional risk ranking (para 9). Schrecker does not specifically mention about, network location, which is well-known in the art, which Galtsev discloses,  
[0003] When a user attempts to access an application which uses a risk engine, the application requests that the risk engine evaluate the attempt against the applicable risk policy to determine the risk of allowing the user to access the application.  In some cases, this evaluation involves generating a risk score by combining scores of a number of conditions.  For example, a risk engine could generate a risk score by combining a score generated based on a time when the access is attempted, a score generated based on an IP address from which the access is attempted, and a score generated based on a location from which the attempt originates.  The risk engine can then return the risk score to the application to allow the application to decide whether to allow the access.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of location of the network.  A risk score would be calculated by combining scores of a number of conditions.  For example, a risk engine could generate a risk score by combining a score generated based on a time when the access is attempted, a score generated based on an IP address from which the access is attempted, and a score generated based on a location 

Schrecker and do not specifically mention about, which is well-known in the art, which Noel discloses, enabling visualization and characterization of resource vulnerabilities for the network resources connected over the network
[0018] Described herein are systems and methods for visualizing and analyzing computer network vulnerabilities that employ a graph database to effectively monitor and assess security threats to a computing infrastructure in real-time.  The systems and methods described herein can be used to synthesize information from disparate and varied sources to create an overall visualization of the security posture of a particular computing network.   [0019] The system and methods can employ a plurality of sensors designed to provide real-time information about the state of the computer network and integrate the data from the sensors into a graph database that can allow a user of the system to visualize attack pattern relationships, highlight exposed vulnerabilities of the network, provide mission impact analysis, and provide cyber-security modeling and simulation capabilities, among other services.       [0033] The cyber posture layer 206 can include nodes and edges associated with potential exploitable vulnerabilities within a network infrastructure.  As an example, the nodes and edges associated with the cyber posture layer 206 can be populated with data from the Common Vulnerabilities and Exposure (CVE) platform that provides a dictionary of common names for publicly known cybersecurity vulnerabilities and can evaluate network infrastructure to determine the exposure of the network to such vulnerabilities.  In addition, the nodes and edges associated with the cyber posture layer 206 can be populated with data from the Common Vulnerability Scoring System (CVSS) platform.  CVSS is a standard for assessing the severity of computer system security vulnerabilities.  CVSS can attempt to assign severity scores to vulnerabilities, allowing network managers to prioritize responses and resources according to the threat.   [0035] As discussed above the graph model 200 can include a network infrastructure layer 208.  The network infrastructure layer 208 can include information that captures the configuration and policy aspects of the network environment, which can form the basis for modeling security posture (i.e., potential vulnerability paths).  As an example, the graph model 200 can leverage known tools such as Cauldron that can aid in visualizing potential attacks against an enterprise by building a network model using results from vulnerability scanners, asset management, firewall rules, and other network data sets. 


    PNG
    media_image1.png
    571
    843
    media_image1.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known visualization and characterization of the vulnerabilities. This would provide to synthesize information from disparate and varied sources to create an overall of the security posture of a particular computing network, para 18, 33.

Referring to claim(s) 3, 13, Schrecker discloses scheduling remediation of vulnerabilities based on the two-dimensional risk ranking, para 112.

Referring to claim(s) 4, 14, Schrecker providing a user interface facilitating one-click generation of a prioritized remediation list based on the two-dimensional risk, para 112.

Referring to claim(s) 5, 15, Schrecker matching a vulnerability on the remediation list with a pre-determined patch for remediating the vulnerability, para 55.

Referring to claim(s) 6, 16, Schrecker automatically applying the patch to impacted network hosts, para 30.

Claim(s) 2, 9, 12, 19, is/are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker in view of Galtsev and Scates 20100043074.
Referring to claim(s) 2, 12, Schrecker and Galtsev do not disclose, which is well known in the art, which Scates discloses, calculating a vulnerability index as a weighted sum of vulnerabilities associated with an application and host, claim 9, para 44, 14, 15.

    PNG
    media_image2.png
    407
    543
    media_image2.png
    Greyscale

    PNG
    media_image3.png
    535
    792
    media_image3.png
    Greyscale

    PNG
    media_image4.png
    776
    559
    media_image4.png
    Greyscale

    PNG
    media_image5.png
    711
    520
    media_image5.png
    Greyscale

    PNG
    media_image6.png
    536
    749
    media_image6.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of calculating vulnerability index.  Based on weighted sum of the vulnerabilities for the associated objects would be utilized for generating the index. The index would enable user to know whether the vulnerabilities have exceed a predetermined threshold so that necessary action can be taken, para 44, 14, 15.

Referring to claim(s) 9, 19, Scates discloses, generating a user interface displaying a comparison of an infrastructure vulnerability index and an application vulnerability index, para 14, 15.


Claim(s) 7, 17, is/are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker in view of Galtsev and Chen et al., 20090077666.
Referring to claim(s) 7, 17, Schrecker and Galtsev do not disclose, which is well known in the art, which Chen discloses, determining a weight associated with a risk rank and a weight associated with a network location and summing the weights (para 77) to calculate a total severity weight (para 23). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of calculating weight based on risk ranking network location. The calculated total severity weight would enable a user to know whether the severities based on location of a network have exceed a predetermined threshold so that necessary action can be taken, para 77, 23.

Claim(s) 8, 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker in view of Galtsev, Chen and Hall et al., 20050283834.
Referring to claim(s) 8, 18, Schrecker, Chen and Galtsev do not disclose, which is well known in the art, which Hall discloses, associating the total severity weight with a corresponding severity score, para 37. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the total severity weight with a corresponding severity score. The calculated total severity weight would for the associated severity score would enable a user to know whether the severity weight and severity score are within threshold. When it exceeds a predetermined threshold a necessary action would be taken to secure the system, para 37.
.

Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker in view of Galtsev and Bianco, 20090007269.
Referring to claim(s) 10, Schrecker and Galtsev do not disclose, which is well known in the art, which Bianco discloses, generating a user interface displaying network hosts impacted by a selected vulnerability, para 81. 

    PNG
    media_image7.png
    569
    682
    media_image7.png
    Greyscale

    PNG
    media_image8.png
    565
    764
    media_image8.png
    Greyscale

    PNG
    media_image9.png
    607
    784
    media_image9.png
    Greyscale

    PNG
    media_image10.png
    554
    777
    media_image10.png
    Greyscale


    PNG
    media_image11.png
    641
    514
    media_image11.png
    Greyscale

    PNG
    media_image12.png
    641
    607
    media_image12.png
    Greyscale

    PNG
    media_image13.png
    500
    550
    media_image13.png
    Greyscale

    PNG
    media_image14.png
    607
    545
    media_image14.png
    Greyscale

    PNG
    media_image15.png
    515
    557
    media_image15.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of user interface for displaying information associated with vulnerability. The hosts that are impacted by the vulnerability would be displayed to the user so that the user would determine what action to take. The vulnerable hosts would be provided necessary action by the user which would enable securing the hosts from the vulnerability, para 81.

 Terminal Disclaimer
The terminal disclaimer filed on 1/26/21 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of 10372915 has been reviewed and is accepted.  The terminal disclaimer has been recorded.


Response to Arguments
Applicant's arguments filed 1/26/21, pages 8-13 have been fully considered but they are not persuasive.  Therefore, rejection of claims 1-20 is maintained. 
Regarding, additional limitations, enabling visualization and characterization of resource vulnerabilities for the network resources connected over the network, the rejections are updated accordingly based on further updated search. As seen below Noel discloses overlapping limitations besides relying upon limitations.
Schrecker discloses a computer-implemented method for managing cybersecurity vulnerabilities of resources within a network, the method comprising: a cybersecurity vulnerability management system operating within  network, the system comprising: input processing engine for collecting data including application risk rank and network location;  computer memory storing instructions; computer processor accessing the stored instructions and the collecting data for performing steps including: a non-transitory computer-readable medium, executed by a processor for managing cybersecurity vulnerabilities of resources within  network by performing steps including:
collecting, by a processor over a network (network monitor102, figure 2 collecting data), data pertaining to multiple network resources (resources of the network, figure 2), the data including application risk rank (figures 6A/6B, para 52); utilizing the processor to manage cybersecurity vulnerabilities within the network by performing operations including:
determining vulnerability scores corresponding to vulnerabilities of the network resources (para 74); determining severity scores for the network resources based on the application risk rank and network location of the network resources  (para 46, 10); and integrating each vulnerability score and a corresponding severity score for the network resources to create a two-dimensional risk ranking (para 9). Schrecker does not specifically mention about, network location, which is well-known in the art, which Galtsev discloses,  
[0003] When a user attempts to access an application which uses a risk engine, the application requests that the risk engine evaluate the attempt against the applicable risk policy to determine the risk of allowing the user to access the application.  In some cases, this evaluation involves generating a risk score by combining scores of a number of conditions.  For example, a risk engine could generate a risk score by combining a score generated based on a time when the access is attempted, a score generated based on an IP address from which the access is attempted, and a score generated based on a location from which the attempt originates.  The risk engine can then return the risk score to the application to allow the application to decide whether to allow the access.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could location 
from which the attempt originates, which would manage vulnerability of the resource of the network, para 3.
Schrecker and do not specifically mention about, which is well-known in the art, which Noel discloses, enabling visualization and characterization of resource vulnerabilities for the network resources connected over the network
[0018] Described herein are systems and methods for visualizing and analyzing computer network vulnerabilities that employ a graph database to effectively monitor and assess security threats to a computing infrastructure in real-time.  The systems and methods described herein can be used to synthesize information from disparate and varied sources to create an overall visualization of the security posture of a particular computing network.   [0019] The system and methods can employ a plurality of sensors designed to provide real-time information about the state of the computer network and integrate the data from the sensors into a graph database that can allow a user of the system to visualize attack pattern relationships, highlight exposed vulnerabilities of the network, provide mission impact analysis, and provide cyber-security modeling and simulation capabilities, among other services.       [0033] The cyber posture layer 206 can include nodes and edges associated with potential exploitable vulnerabilities within a network infrastructure.  As an example, the nodes and edges associated with the cyber posture layer 206 can be populated with data from the Common Vulnerabilities and Exposure (CVE) platform that provides a dictionary of common names for publicly known cybersecurity vulnerabilities and can evaluate network infrastructure to determine the exposure of the network to such vulnerabilities.  In addition, the nodes and edges associated with the cyber posture layer 206 can be populated with data from the Common Vulnerability Scoring System (CVSS) platform.  CVSS is a standard for assessing the severity of computer system security vulnerabilities.  CVSS can attempt to assign severity scores to vulnerabilities, allowing network managers to prioritize responses and resources according to the threat.   [0035] As discussed above the graph model 200 can include a network infrastructure layer 208.  The network infrastructure layer 208 can include information that captures the configuration and policy aspects of the network environment, which can form the basis for modeling security posture (i.e., potential vulnerability paths).  As an example, the graph model 200 can leverage known tools such as Cauldron that can aid in visualizing potential attacks against an enterprise by building a network model using results from vulnerability scanners, asset management, firewall rules, and other network data sets. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Schrecker to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could to synthesize information from disparate and varied sources to create an overall of the security posture of a particular computing network, para 18, 33

 Conclusion

Pertinent prior arts for the claimed invention:
Raz et al., 20140215630
[0028] It is appreciated that vulnerability C, having a severity of 1, has a higher impact on lowering the compliance score of asset #125 for compliance control #3 than the impact of vulnerability B, having a 

    PNG
    media_image16.png
    663
    459
    media_image16.png
    Greyscale

20170098086 Hoernecke et al., [0017] Based on the security risk score, the applications present within the service provider system may be ranked, prioritized, and/or categorized in order to provide and perform an appropriate security testing regime.  Additionally, logging requirements, access controls, and other control and/or monitoring techniques may be required for individual applications based on their security risk scores of applications may range from 0 to 100, in a given embodiment, with 100 being the highest score associated with the application or applications that pose the greatest security risk.  In some embodiments, the application security system, as described herein, may indicate that all applications scoring greater than 80 should be subject to a first testing regime of automated security tests or security test modules and all applications scoring 80 or less but more than 60 should be subject to a second testing regime of automated tests.  The first regime of security tests may include more tests or more stringent tests than the second regime of automated tests.  In another embodiment, all applications scoring greater than 60 may be flagged or included on a list for manual security testing such as, penetration testing, by administrative security personnel; while all applications scoring 60 or less but more than 50 may be subject to a first security test every two weeks and all applications scoring 50 or less but more than 40 may be subject to the first security test every month.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973.  The examiner can normally be reached on M-F 9-5:30.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 5712723862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HARESH N PATEL/Primary Examiner, Art Unit 2493