DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/30/2019 and 03/15/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim interpretations under 112 (f)
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claims 17, 19 and 20 contain limitations invoking 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph as detailed in the following:
Each of the following Claim limitations:
Claim 17: “an installation base determiner that calculates  …”;
“a classification and prioritization unit that applies …”;
Claim 17: “a vulnerability remediation unit that transmits …”;
Claim 19: “the classification and prioritization unit generates …”;
Claim 20: “the installation base determiner calculates …”;
has been interpreted under 35 U.S.C. 112 (f), or pre-AIA  35 U.S.C. 112 sixth paragraph, because it uses a generic placeholder “determiner, unit” coupled with functional languages without reciting sufficient structure to achieve the function and equivalents thereof. Furthermore, the generic placeholder is not preceded by a structural modifier.  
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 17, 19 and 20 have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: NONE. It should be noted that specification par. [0051] states that “The CVR 200 can include a processor 210, a storage 215, a hard disk drive (HDD) 220, an optical disk drive (ODD) 225, a network interface 230, an input/output (I/O) interface 235, drivers 240, a vulnerability assessment (VA) unit 245, a vulnerability scoring (VS) unit 255, an installation base determiner (IBD) 265, a classification and prioritization (CAP) unit 275, a vulnerability remediation (VR) unit 285 … Any one or more of the computing resources 215 to 295 (including, for example, the VA unit 245, VS unit 255, IBD 265, CAP unit 275, or VR unit 285) can be a device or a module that is separate from the processor 210 ” It appears that the stated “determiner, unit” including an open definition and the specification fails to show the corresponding structures of the “determiner, unit”.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not 
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 17-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 17, 19 and 20 are interpreted under 35 U.S.C. 112(f) (see above). Therefore Claim(s) 17, 19 and 20 contain placeholders that require corresponding structure(s).  It is unclear whether the recited structure, material, or acts in these claims are sufficient for performing the claimed function because the Specification is unclear about the corresponding structure(s).  A block diagram such as FIG. 3 does not provide indications of corresponding structure(s).  
Claims 17-20 are rejected under 35 U.S.C. 112 (b) for the above reasons.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences 


Claims 1, 3-10, 12-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hovor et al. (Pub. No.: US 2017/0061132, hereinafter Hovor) in view of Rhee et al. (Pub. No.: US 2019/0050562, hereinafter Rhee).
Regarding claim 1: Hovor discloses A method for remediating a cyberattack risk for a computing resource located at a node in a computer network having a plurality of nodes, the method comprising: 
receiving vulnerability score data that includes a severity level for a vulnerability in the computing resource at said node (Hovor - [0019]: The system may use the identified assets to determine trends in the threat data, such as a number of occurrences that a particular asset or attribute of an asset is mentioned in the threat data. The number of occurrences may be representative of a severity of a vulnerability. [0020]: The system generates scores for the assets and the attributes of the assets using the priority information and the threat data trends); 
applying a severity adjustment matrix to the severity level to determine a true severity level for the vulnerability in the computing resource (Hovor - [0070]: the system may weight the business imperative scores, e.g., using a degree to which the business imperative uses the attributes, the importance of the attributes, or some other method); 
reprioritized the vulnerability in the computing resource based on the true severity level (Hovor - [0076]: The user interface 216 allows a user to rank the exploit targets, e.g., the vulnerabilities, by either the asset relevance scores 222 or the business imperative scores 224); and 
mitigating the cyberattack risk for the computing resource based on the true severity level (Hovor - [0020]: the system takes action to correct vulnerabilities identified in a particular subset of threat data, e.g., a document, with a higher score, e.g., that identifies higher priority attributes, attributes that are trending more than other attributes, or both, before eliminating other potential vulnerabilities that have a lower score, are trending less, or both).
However Hovor doesn’t explicitly teach, but Rhee discloses:
CRi) that indicates a number of instances the computing resource is included in the plurality of nodes (Rhee - [0066]: the nodes and edges of the global lineage graph include node counters and edge counters that track the number of user machines 2, which have installed the program version associated with a node);
determining a percentile of occurrence value (POCRi) for the computing resource based on the number of installations value (NCRi) (Rhee - [0066]: An analysis in accordance with the present principles converts node counters and edge counters into global prevalence percentages that are relative ratios to the total number of counts in the global lineage graph);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Hovor with Rhee so that a percentile of node counter to the total number of counters in the global lineage graph is determined. The modification would have allowed the system to detect security vulnerability of installed programs (Rhee - [0068]). 
Regarding claim 3: Hovor as modified discloses further comprising: generating a remediation plan for the computer network (Hovor - [0082]: In response to receipt of data indicating a selection of the option to create a service ticket 228, the second user interface 226 may generate instructions for solutions to remove the vulnerability).
Regarding claim 4: Hovor as modified discloses wherein the generating the remediation plan comprises generating a weighted vulnerability classification summary matrix that includes the vulnerability in the computing resource (Hovor - [0075]: the system may cause the presentation of a user interface, e.g., to an administrator, that includes a list of all the business imperatives affected by a particular subset of threat data or vulnerability, and the extent to which the particular subset of threat data affects the business imperatives).
Regarding claim 5: Hovor as modified discloses wherein the computing resource comprises a software application (Hovor - [0024]: an asset may be … a string representing a particular software application executing on the asset).
Regarding claim 6: Hovor as modified discloses wherein the determining the percentile of occurrence value (POCRi) for the computing resource is calculated based on the number of installations value (NCRi) according to the equation 
CRi = (NCri/n) x 100
where n is the total number of nodes in the computer network (Rhee - [0066]: An analysis in accordance with the present principles converts node counters and edge counters into global prevalence percentages that are relative ratios to the total number of counts in the global lineage graph).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Hovor with Rhee so that a percentile of node counter to the total number of counters in the global lineage graph is determined. The modification would have allowed the system to detect security vulnerability of installed programs (Rhee - [0068]). 
Regarding claim 7: Hovor as modified discloses wherein the true severity level comprises a critical rating when the percentile of occurrence value (POCRi) for the computing resource is determined to be in a top percentile group (Hovor - [0048]: The ranking engine 118 may rank a list of exploit targets that affect business imperatives of an entity using a percentage of assets or a percentage of asset attributes, for a business imperative, that are affected by an exploit target).
Regarding claim 8: Hovor as modified discloses further comprising: generating a weighted vulnerability classification summary matrix that includes the vulnerability in the computing resource; and transmitting the weighted vulnerability classification summary matrix to a communicating device in the computer network (Hovor - [0075]: he system may cause the presentation of a user interface, e.g., to an administrator, that includes a list of all the business imperatives affected by a particular subset of threat data or vulnerability, and the extent to which the particular subset of threat data affects the business imperatives).
Regarding claim 9: Hovor as modified discloses wherein the mitigating the cyberattack risk for the computing resource based on the true severity level is executed by the communicating device (Hovor - [0078]: The user interface 216 may help an administrator determine which vulnerabilities are most important to a particular entity, e.g., the entity that employs the administrator, and should be acted on first).
Regarding claims 10, 12-16: Claims are directed to computer readable medium claims and do not teach or further define over the limitations recited in claims 1, 3-7. Therefore, claims 10, 12-16 are also rejected for similar reasons set forth in claims 1, 3-7. 
Regarding claims 17, 19-20: Claims are directed to apparatus/device claims and do not teach or further define over the limitations recited in claims 1, 6 and 8. Therefore, claims 17, 19-20 are also rejected for similar reasons set forth in claims 1, 6 and 8. 

Claims 2, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hovor et al. (Pub. No.: US 2017/0061132, hereinafter Hovor) in view of Rhee et al. (Pub. No.: US 2019/0050562, hereinafter Rhee) and Cam (Pub. No.: US 2017/0046519).
Regarding claims 2, 11 and 18: Hovor as modified doesn’t explicitly teach but Cam discloses wherein the vulnerability score data comprises a Common Vulnerability Scoring System (CVSS) score for the vulnerability in the computing resource (Cam - [0058]: initial scores are assigned to each vulnerability in block 103 using the Common Vulnerability Scoring System (CVSS) that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Hovor and Rhee with Cam so that vulnerability score can be assigned using the Common Vulnerability Scoring System. The modification would have allowed the system to provide an open framework for communicating the characteristics and impacts of IT vulnerabilities (Cam - [0058]). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Modi et al. (Pub. No.: US 2016/0065598) - SECURITY THREAT INFORMATION ANALYSIS 
Martinez et al. (Pub. No.: US 2014/0137257) - SYSTEM, METHOD AND APPARATUS FOR ASSESSING ARSK OF ONE ORMORE ASSETS WITHIN AN OPERATIONAL TECHNOLOGY INFRASTRUCTURE

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437