DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
	This action is in response to application filed on 7/18/2019.
	Claims 1-20 have been examined and are pending with this action. 

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 11/17/2020  is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered if signed and initialed by the Examiner.

Claim Rejection - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 10-17 & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Suwad et al (US Pub # 2021/089647) in view of Jain et al (US Pub # 2019/0207814).

As per claim 1, Suwad discloses a method of performing a security assessment of a system] (Suwad: [0044]: “one or more processors, cause the one or more processors to perform operations. The operations can include monitoring critical assets for a violation of one or more security requirements, and raising an alarm when a violation of one or more of the security requirements corresponding to the critical assets is detected.”),  comprising: 
analyzing a static structure of the system and storing, in a semantic system model, structure information about the static structure of the system (Suwad: [0219 & 0278]: “detection techniques survey three signatures detection techniques, namely content-based, semantic-based, and vulnerability-driven & If a file name is found, the file name will be extracted from the system call and stored in a string for later processing.”),
	performing a semantic composition analysis on the structure information to identify at least one vulnerability of the system (Suwad: [0219 & 0044]: “detection techniques survey three signatures detection techniques, namely content-based, semantic-based, and vulnerability-driven & one or more processors, cause the one or more processors to perform operations. The operations can include monitoring critical assets for a violation of one or more security requirements, and raising an alarm when a violation of one or more of the security requirements corresponding to the critical assets is detected.”),
	generating, based on the at least one vulnerability of the system and the at least one anomalous behavior of the system, a vulnerability of the system  (Suwad: [0032]: “the system can perform an information collection phase in which (a) information about the critical assets corresponding to the one or more security requirement are captured, and (b) generating a reachability graph representing one or more interrelationships between one or more of the critical assets and one or more other objects in the system.”);
Suwad does not explicitly teaches the discrete temporal system states.  
Jain however discloses observing the system during a plurality of discrete temporal system states & storing, in the semantic system model, dynamic information about the system during the plurality of discrete temporal system states  (Jain: [0008 & 0014]: “by sharing the same programs and discrete states of those programs for many devices, the system can provide many different combinations of experiences with a small number of programs and states &  The server system includes a data storage subsystem configured to store data indicating a management plan for a device, the management plan indicating a device-specific set of program states for the plurality of programs.”);
performing a flow analysis on the dynamic information to identify at least one anomalous behavior of the system during at least one of the plurality of discrete temporal system states (Jain: [0199]: “The processes and logic flows described in this specification may be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows may also be performed by, and apparatus may also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit)..”);

 Therefore it would have been obvious to a person of ordinary skill in art at time invention was made to modify system of Suwad in view of Jain to figure out the performance of flow analysis and system states.  One would be motivated to do so because this technique advantageously allows to manage operations of devices. (Jain: [ABS]).

Claim 11 and 19 are rejected based on claim 1 rejection. 

Suwad/Jain discloses the method of claim 1, further comprising changing an activation state of at least one component of the system in response to the vulnerability assessment  (Suwad: [0350]: “Performance ratio = R on R off ( 7.2 ) ##EQU00001## [0351] where Ron is the response time when the security system is activated and Roff is the response time when the security system is not activated. This performance metric measures the security system overhead or slowdown in terms of response time.”).As per claim 3, Suwad/Jain discloses the method of claim 1, wherein the system is a distributed embedded system comprising firmware. (Suwad: [0512]: “The functions, processes and algorithms described herein may be performed in hardware or software executed by hardware, including computer processors and/or programmable circuits configured to execute program code and/or computer instructions to execute the functions, processes and algorithms described herein.”).As per claim 4, Suwad/Jain discloses the method of claim 1, wherein analyzing the static structure of the system includes at least one of network scanning, interrogation of at least one component of the system, and accessing a system log (Suwad: [0236]: “The asset-based taxonomy builds a comprehensive organization system for asset-based security solutions. After analyzing the assets in each system and the security requirements for it, a taxonomy is introduced that depends on both, this taxonomy can be viewed in FIG. 2..”).As per claim 5, Suwad/Jain discloses the method of claim 1, wherein analyzing the static structure of the system comprises deploying an artifact in the system (Suwad: [0404]: “when the security requirement is set before the system goes online it can be noticed that from the before system deployment stage as in FIG. 14, the passive objective means that the attacker will not notice the existence of the system and this is what is inherited when the system is operated at the hypervisor level as depicted in FIGS. 12, 16, and 17.”).As per claim 6, Suwad/Jain discloses the method of claim 5, wherein the artifact is an instruction set deployed in an executable component of the system (Suwad: [0404]: “when the security requirement is set before the system goes online it can be noticed that from the before system deployment stage as in FIG. 14, the passive objective means that the attacker will not notice the existence of the system and this is what is inherited when the system is operated at the hypervisor level as depicted in FIGS. 12, 16, and 17.”). As per claim 7, Suwad/Jain discloses the method of claim 1, wherein storing, in the semantic system model, structure information about the static structure of the system is performed responsive to detecting a change in the static structure of the system (Suwad: [0219 & 0278]: “detection techniques survey three signatures detection techniques, namely content-based, semantic-based, and vulnerability-driven & If a file name is found, the file name will be extracted from the system call and stored in a string for later processing.”).As per claim 8, Suwad/Jain discloses the method of claim 1, wherein observing the system during the plurality of discrete temporal system states is performed during an emulation operation, further comprising applying at least one input to the system during the emulation operation  (Jain: [0008 & 0014]: “by sharing the same programs and discrete states of those programs for many devices, the system can provide many different combinations of experiences with a small number of programs and states &  The server system includes a data storage subsystem configured to store data indicating a management plan for a device, the management plan indicating a device-specific set of program states for the plurality of programs.”).
Therefore it would have been obvious to a person of ordinary skill in art at time invention was made to modify system of Suwad in view of Jain to figure out the performance of flow analysis and system states.  One would be motivated to do so because this technique advantageously allows to manage operations of devices. (Jain: [ABS]).

As per claim 10, Suwad/Jain discloses the method of claim 1, wherein performing the semantic composition analysis on the structure information to identify the at least one vulnerability of the system comprises constructing an attack vector (Suwad: [0219 & 0278]: “detection techniques survey three signatures detection techniques, namely content-based, semantic-based, and vulnerability-driven & If a file name is found, the file name will be extracted from the system call and stored in a string for later processing.”).
Claims 12-18 and 20 are rejected based on rationale provided for claims 2-10. 

Allowable Subject Matter
Claims 9 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. This includes:

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571) 272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SIBTE H BUKHARI/Examiner, Art Unit 2449