DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/28/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
The claims 7 and 16 are objected to because each claim doesn’t end with a period. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 8, 11-13, 18 are rejected under 35 U.S.C. 103 as being unpatentable over BELFIORE, JR, et al. (Pub. No.: US 2018/0146004, hereinafter BELFIORE) in view of Reybok, JR. et al. (Pub. No.: US 2018/0324207, hereinafter Reybok).
Regarding claim 1: BELFIORE discloses A system for defining security vulnerabilities of computer-related processes and implementing automated remediation, the system comprising: 
a distributed computing network comprising a plurality of computing apparatus that are configured to communicate via the distributed computing network (BELFIORE, JR  - Fig. 10. [0104]); 
a computing platform disposed in one or more of the computing apparatus and comprising a memory and one or more processing devices in communication with the memory (BELFIORE, JR  - Fig. 9, [0092]); 
a vulnerability assessment plan generation module stored in the memory, executable by one or more of the processing devices (BELFIORE, JR - Fig. 8, [0080]: The system 802 for cyber risk assessment, tracking, and recommendation may include an asset evaluation engine 816, a cyber control evaluation engine 818,) and configured to: 
receive first data from a plurality of disparate data sources (BELFIORE, JR - [0035]: an asset evaluation module 105 for receiving and evaluating a client technology infrastructure profile 110. For example, the asset evaluation module 105 may present survey questions to a user or accept survey information collected from multiple users (e.g., multiple IT leads within a large organization) to analyze the existing infrastructure of the organization. [0037]: the asset evaluation module 105 receives information regarding business objectives 112 related to the organization corresponding to criticality of various segments of the client technology infrastructure 110); 
identify, from the first data, critical vulnerability assets associated with a selected one of a plurality of computer-related processes (BELFIORE, JR - [0038]: Based on the client technology infrastructure profile 110 and the business objectives 112, the asset evaluation module 105 can calculate an asset criticality score); 
[implement one or more machine learning algorithms and a process-related control framework] to identify a plurality of controls for a selected one of the computer-related processes based at least on the critical vulnerability assets (BELFIORE, JR - [0039]: The threat profiling module 120 determines the threat profile 125 as a function of asset criticality (e.g., determined by the asset evaluation module 105) and particular threats 122 mapped to aspects of the client technology infrastructure profile 110); and 
generate a vulnerability assessment specific to the selected computer-related process including the plurality of controls (BELFIORE, JR - [0039]: For each threat actor 122 a relevant to each segment of the client technology infrastructure 110, in other words, a threat can be determined including an intent, objectives, and capabilities of the threat actor's actions 122 b upon the identified segment of the client technology infrastructure); 
a vulnerability assessment module stored in the memory, executable by one or more of the processing devices (BELFIORE, JR – Fig. 8, The system 802 for cyber risk assessment, tracking, and recommendation may include … a threat profile engine 822) and configured to: 
implement one or more threat modeling algorithms to define vulnerabilities for the selected one of the computer-related processes (BELFIORE, JR - [0070]: Each security domain, in some implementations, includes predetermined controls that may further be evaluated to consider any vulnerability on an individual control basis. [0071]: a performance level of control environment is calculated (508). The performance level of control environment may include current control performances (e.g., individual performance scores) of the organization's IT infrastructure in relation to cybersecurity vulnerability. The performance scores, in one example, may be based on the predetermined domains and, additionally, controls corresponding to each security domain); and 
a network remediation module stored in the memory executable by one or more of the processing devices (BELFIORE, JR - Fig. 8, The system 802 for cyber risk assessment, tracking, and recommendation may include … a threat tracking analysis engine 826, a third-party solution recommending engine 828, and a peer performance benchmarking engine 830) and configured to: 
determine one or more network tasks for optimizing the distributed computing network-based on the defined vulnerabilities (BELFIORE, JR - [0041]: The cyber control evaluation module 130 can determine a target level of protection for each segment of the client technology infrastructure 110 and each threat. See also [0087]); 

implement one or more machine learning algorithms and a process-related control framework (Reybok, JR. - [0086]: analyze the results of the searches using a machine learning module (e.g., a neural network or a support vector machine) to identify a kill chain of related network security vulnerabilities in one of the respective customer networks of one of the plurality of customer instances);
in response to determining the one or more network tasks, execute at least one of the tasks to optimize the distributed computing network (Reybok, JR. - [0095]: A better solution may be to identify this kill chain and select a network security threat mitigation/remediation measure that addresses a sufficient subset of the detected vulnerabilities to break the kill chain and thus avoid the more critical risks that the kill chain poses).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of BELFIORE with Reybok so that a machine leaning is used to identify network security and mitigation measure is deployed. The modification would have allowed the system to improve security. 
Regarding claim 2: BELFIORE as modified discloses further comprising a taxonomy module stored in the memory, executable by the one or more processing devices and configured to: 
identify a plurality of computer-related critical functions; receive second data from a plurality of second disparate data sources, identify, from the second data, a plurality of computer-related critical services and a plurality computer-related processes (BELFIORE, JR - [0037]: the asset evaluation module 105 receives information regarding business objectives 112 related to the organization corresponding to criticality of various segments of the client technology infrastructure 110); and 
map (i) the identified computer-related critical functions to the computer-related critical services (BELFIORE, JR - [0039]: The threat profiling module 120 determines the threat profile 125 as a function of asset criticality (e.g., determined by the asset evaluation module 105) and particular threats 122 mapped to aspects of the client technology infrastructure profile 110), and (ii) the computer-related critical services to the computer-related processes (BELFIORE, JR - [0039]: the threat profiling module 120 identifies threat actors 122 a relevant to individual segments of the client technology infrastructure profile 110). 
Regarding claim 8: BELFIORE as modified discloses wherein the network remediation module is further configured to: 
monitor the execution of the one or more network tasks (BELFIORE, JR - [0043]: the cyber control evaluation module 130 can determine a target control performance which can be based on the threat profile 125); and 
generate and communicate one or more remediation reports that indicate a progress of the monitored one or more network tasks (BELFIORE, JR - [0072]: the capabilities of the IT infrastructure may be provided with a per-domain “report card”, scored on an A to F rating based upon the abilities of the IT infrastructure to deal with identified threat vectors).
Regarding claim 11: BELFIORE as modified discloses wherein the vulnerability assessment plan generation module is further configured to: 
implement one or more supervised logistic regression algorithms to assign the critical vulnerability assets to the selected computer-related process (BELFIORE, JR - [0056]: the asset criticality evaluation may be provided to the threat profiling module 120 for use in developing the threat profile 125); and 
implement one or more supervised decision forest algorithms to identify the plurality of controls for the selected one of the computer-related processes (BELFIORE, JR - [0039]: The threat profiling module 120 determines the threat profile 125 as a function of asset criticality (e.g., determined by the asset evaluation module 105) and particular threats 122 mapped to aspects of the client technology infrastructure profile 110).
Regarding claim 12: BELFIORE as modified discloses further comprising a vulnerability reporting module stored in the memory, executable by one or more of the processing devices and configured to: 
map the defined vulnerabilities to industry benchmarks (BELFIORE, JR - [0069]: The security domains may relate to domains defined by one or more cybersecurity standards.); and 
generate and communicate a vulnerability assessment report that is based on the mapping of the defined vulnerabilities to the industry standards and indicates an estimated impact of the defined BELFIORE, JR - [0071]: current control performances (e.g., performance level of the control environment 432) can be based on an evaluation of the control environment's (e.g., client IT infrastructure profile 426) estimated capability to respond to the threat scenarios 420 and threat vectors 422. The security mechanisms identified within the client IT infrastructure, for example, may be mapped to the threat scenarios and threat vectors and further mapped to security domains to categorize preparedness relative to the capability of the IT infrastructure to respond to the security scenarios and threats across security domains).
Regarding claim 13: this claim defines a computer-implemented method claim that corresponds to system claim 1 and does not define beyond limitations of claim 1. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 1. 
Regarding claim 18: this claim defines a computer program product claim that corresponds to system claim 1 and does not define beyond limitations of claim 1. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 1. Furthermore, BELFIORE in para. [0092] discloses computer readable storage medium.

Claims 7 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over BELFIORE, JR, et al. (Pub. No.: US 2018/0146004, hereinafter BELFIORE) in view of Reybok, JR. et al. (Pub. No.: US 2018/0324207, hereinafter Reybok) and Nordstrom et al. (Patent No.: US 8,042,171, hereinafter Nordstrom).
Regarding claims 7 and 16: BELFIORE as modified doesn’t explicitly teach but Nordstrom discloses wherein the network remediation module is further configured to: 
determine the one or more network tasks, wherein the network tasks include at least one of (i) re-routing network traffic from one or more first computing apparatus to one or more computing apparatus, (ii) opening and closing ports in one or more of the computing apparatus, and (iii) changing communication protocols for one or more network communications delivered via the distributed communication network (Nordstrom - [Col. 3, Line 41-46]: the network protection service is configured to monitor for a condition to provide protective assistance to the subscribing host, and upon detecting that condition, cause that network traffic directed to the subscribing host be rerouted to the network protection service for processing),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of BELFIORE with Reybok so that network traffic is re-routed to a protect service if network threat is detected. The modification would have allowed the system to protect the network security. 
Regarding claim 17: BELFIORE as modified discloses further comprising: 
monitor the execution of the one or more network tasks (BELFIORE, JR - [0043]: the cyber control evaluation module 130 can determine a target control performance which can be based on the threat profile 125); and 
generate and communicate one or more remediation reports that indicate a progress of the monitored one or more network tasks (BELFIORE, JR - [0072]: the capabilities of the IT infrastructure may be provided with a per-domain “report card”, scored on an A to F rating based upon the abilities of the IT infrastructure to deal with identified threat vectors).

Allowable Subject Matter 
Claims 3-6, 9-10, 14-15 and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim. The reason for allowance will be furnished upon allowance of the application.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Martinez et al. (Pub. No.: US 2014/0137257 A1) - System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure
Dietrich et al. (Pub. No.: US 2016/0234240 A1) - RULES ENGINE FOR CONVERTING SYSTEM-RELATED CHARACTERISTICS AND EVENTS INTO CYBER-SECURITY RISK ASSESSMENT VALUES 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437