Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the request for continued examination (RCE) dated August 23, 2021.
In the RCE dated on August 23, 2021, claims 1, 3-11 and 14-20 have been amended and all other claims are previously presented.
Claims 1-20 are allowed.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on August 23, 2021 has been entered.
 
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Ms. Christa Brown-Sanford of registration number 58,503, on September 23, 2021.  During the telephone conference, Ms. Brown-Sanford has agreed and authorized the examiner to further amend Claims 1-20 on the request for continued examination dated on August 23, 2021.

Claims
Replacing Claims 1-20 of the request for continued examination dated on August 23, 2021 with the following:

Claim 1:	
	A vulnerability assessment method comprising:
receiving, from a client device, at a vulnerability assessment server, a set of metadata corresponding to a plurality of  programs stored on the client device, wherein the  plurality of programs includes a first program from a first vendor and a second  program from a second vendor that is different than the first vendor;
generating, at the vulnerability assessment server, based on the set of metadata, a first set of query tokens corresponding to the first program;
generating, at the vulnerability assessment server, based on machine learning and the set of metadata, 
generating, at the vulnerability assessment server, a first  query based on the first set of query tokens and second query based on the second set of query tokens, 
performing a search based on the first  query  and the second query, in one or more storage systems that maintain sets of unstructured vulnerability data, for a first  set of unstructured vulnerability data corresponding to the first  program and a second set of unstructured vulnerability data corresponding to the second  program;
identifying, at the vulnerability assessment server, one or more first vulnerabilities of the first program based on the first set of unstructured vulnerability data corresponding to the first program;
wherein the method is performed by one or more computing devices.  

Claim 2:	
The vulnerability assessment method of claim 1, further comprising:
	providing the client device with an update that prevents exploitation of the one or more vulnerabilities.

Claim 3:	
The vulnerability assessment method of claim 1, wherein the set of metadata is received from a third-party agent that executes on the client device to collect sets of metadata corresponding to the plurality of programs stored on the client device.  

Claim 4:	


Claim 5:	
The vulnerability assessment method of claim 4, wherein generating the first query includes modifying a particular query parameter of the one or more query parameters.  

Claim 6:	
The vulnerability assessment method of claim 4, wherein generating the first query includes adding one or more additional query parameters.  

Claim 7:	
The vulnerability assessment method of claim 4, wherein generating the first query comprises generating, for each query parameter of the one or more query parameters, a respective weight associated with the query parameter.  

Claim 8:	
The vulnerability assessment method of claim 7, wherein generating the first query includes modifying a weight associated with a particular query parameter of the one or more query parameters.  

Claim 9:	
The vulnerability assessment method of claim 1 further comprising:
extracting, at the vulnerability assessment server, at least one of a program name, a vendor name, or a version identifier from the set of metadata;
wherein generating the first query is based on one or more of: the program name, the vendor name, or the version identifier.  

Claim 10:	
The vulnerability assessment method of claim 1 further comprising extracting at least a program name from the set of metadata and storing the first query in association with the program name.

Claim 11:	
A vulnerability assessment server system comprising: 	
	one or more processors; and
	one or more non-transitory storage media storing instructions which, when executed by the one or more processors, cause:
		receiving, from a client device, at a vulnerability assessment server, a set of metadata corresponding to a program stored on the client device; 
generating, at the vulnerability assessment server, a first query that comprises a first set of query tokens based on the set of metadata;

performing a search based on the first query tokens and the second query, in one or more storage systems that maintain sets of unstructured vulnerability data, for a set of unstructured vulnerability data corresponding to the program;
identifying, at the vulnerability assessment server, one or more vulnerabilities of the program based on the set of unstructured vulnerability data corresponding to the program.  

Claim 12:	
The vulnerability assessment server system of claim 11, wherein the instructions, when executed by the one or more processors, further cause: 
providing the client device with an update that prevents exploitation of the one or more vulnerabilities.  

Claim 13:	
The vulnerability assessment server system of claim 11, wherein the set of metadata is received from a third-party agent that executes on the client device to collect sets of metadata corresponding to a plurality of programs stored on the client device.

Claim 14:	
The vulnerability assessment server system of claim 11, wherein generating the second query comprises generating one or more query parameters.

Claim 15:	
The vulnerability assessment server system of claim 14, wherein generating the second query includes modifying a particular query parameter of the one or more query parameters.  

Claim 16:	
The vulnerability assessment server system of claim 14, wherein generating the second query includes adding one or more additional query parameters.  

Claim 17:	
The vulnerability assessment server system of claim 14, wherein generating the second query comprises generating, for each query parameter of the one or more query parameters, a respective weight associated with the query parameter.  

Claim 18:	
The vulnerability assessment server system of claim 17, wherein generating the second query includes modifying a weight associated with a particular query parameter of the one or more query parameters.  

Claim 19:	
The vulnerability assessment server system of claim 11 wherein the instructions, when executed by the one or more processors, further cause: 
extracting, at the vulnerability assessment server, at least one of a program name, a vendor name, or a version identifier from the set of metadata;
wherein generating the second query is based on one or more of: the program name, the vendor name, or the version identifier.  

Claim 20:	
The vulnerability assessment server system of claim 11 wherein the instructions, when executed by the one or more processors, further cause extracting at least a program name from the set of metadata and storing the second query in association with the program name.

Allowable Subject Matter
Claims 1-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claim 1 is allowable based on the amendment presented in the request for continued examination dated on August 23, 2021 and the examiner’s amendment dated on September 24, 2021.
Specifically, the independent claim 1 now recites limitations as follows:

receiving, from a client device, at a vulnerability assessment server, a set of metadata corresponding to a plurality of  programs stored on the client device, wherein the  plurality of programs includes a first program from a first vendor and a second  program from a second vendor that is different than the first vendor;
generating, at the vulnerability assessment server, based on the set of metadata, a first set of query tokens corresponding to the first program;
generating, at the vulnerability assessment server, based on machine learning and the set of metadata, 
generating, at the vulnerability assessment server, a first  query based on the first set of query tokens and second query based on the second set of query tokens, wherein, based on the first vendor being different than the second vendor, the weightings for the first set of query tokens are different than weightings for the  second set of query tokens;
performing a search based on the first  query  and the second query, in one or more storage systems that maintain sets of unstructured vulnerability data, for a first  set of unstructured vulnerability data corresponding to the first  program and a second set of unstructured vulnerability data corresponding to the second  program;
identifying, at the vulnerability assessment server, one or more first vulnerabilities of the first program based on the first set of unstructured vulnerability data corresponding to the first program;
wherein the method is performed by one or more computing devices”.  
The cited reference Nickolov et al. (US PGPUB. # US 2017/0034023) discloses,  a request for recommendation, telemetry data received, received adverse information (e.g., package version being superseded or rolled back, downtime/crash reports, etc.). (¶230). The vulnerability server is responsible for keeping the database vulnerability data up to date, and for updating the association of vulnerabilities to packages. (¶389). The term attribute means any of: any operating system identifier including name, version, CPE (Common Platform Enumeration) name, bug report URL, or vendor product URL; any identifier for an installed package including name, version, release, architecture, vendor, dependencies (requires), provides, or obsoletes, or identifiers for CVEs which have been fixed in the package; BIOS version; chipset identifiers; virtualization driver identifiers; CPU architecture identifiers; IP address; hostname; FQDN; machine ID; or any setting or data read from any package, application, program, service or operating system configuration file. (¶311). Thus Nickolov teaches, a vulnerability server receives a request from a client device that includes attributes (metadata). Nickolov further discloses tokenize, and/or encrypt sensitive information from the subscriber environment, such as host names, IP addresses, company names, URL, etc., from telemetry information and queries; preferably in a way that can be reversed when data is returned back (e.g., encrypt hostnames from Tracked Servers, and decrypt them when returned on a queried list of servers affected by a given vulnerability). (¶300). Perform custom query or operations instructed by the DevOps systems. (¶187). Analyze data collected from (¶227). GUI 1301 may serve as a starting point for a user to search for packages they may be interested in using or evaluating. The search bar 1302 allows the user to enter some or all or part of a package name. As the package name is entered, or upon the user pressing the Enter key or mouse-clicking on the magnifying glass icon, the system searches the database and displays packages which match the user query, ordered by popularity (see FIG. 14).  (Fig. 14, ¶707).
The reference by Tang et al. (US PGPUB. # US 2017/0300530) discloses, each query-title pair here includes a query previously submitted by a user and a title of a document selected by the user in response to the query. As such, each query-title pair may represent a good exemplary pair of a user-submitted (¶34). The query rewrite model learner 740 in this example may retrieve the parallel training data from the training data database 735 and generate a query rewrite model based on the parallel training data, e.g. via a machine learning algorithm. In one embodiment, the query rewrite model may be in form of a table as shown in FIG. 6, such that an original phrase can be translated into a translated phrase with an associated score. The query rewrite model learner 740 may store the query rewrite model into the query rewrite model database 155, and update it periodically based on new training data in the training data database 735. In one embodiment, the query rewrite model learner 740 may generate multiple versions of the query rewrite model and store them into the query rewrite model database 155. Different versions of the model may have been generated based on different training data, or different granularities of training data. For example, one version may be generated without considering user profiles of the users related to the training data, while another version may be generated by considering the user profiles. (¶60). A query rewrite model is generated based on the parallel training data at 810. A request is received at 812 for rewriting a query, e.g. from a search engine. At 814, a rewritten query is generated based on the query and the query rewrite model. (Fig. 8, ¶63). The query rewrite model generator 940 in this example may generate a query rewrite model based on the extracted phrase pairs corresponding to each determined alignment for each query-title pair. In one example, the query rewrite model may be in form of a table as shown in FIG. 6, with the score for each phrase pair filled therein. The query rewrite model may be utilized to translate or rewrite an original phrase to a translated phrase, with an associated score as shown in FIG. 6. The query rewrite model generator 940 may store the query rewrite model into the query rewrite model database 155 for future use. (Fig. 6, ¶70). One can consider titles of documents as rewritten queries that search engines can recognize. (¶33).
The reference by Hovor et al. (US PGPUB. # US 2016/0065599) discloses, unstructured threat intelligence gathering may automate the process of analyzing threat information from unstructured data sources, such as security advisories, security alerts, security warnings, or blog sources, using natural language processing techniques. A system may parse unstructured data from security advisories provided by agencies like the Federal Bureau of Investigation, the Center for Internet Security or the Multi-State Information Sharing Analysis Center, or the United States Computer Emergency Readiness Team. The system may use natural language processing, such as the Apache OpenNLP library, and a machine learning library, such as Waikato Environment for Knowledge Analysis (Weka) or in the R programming language, to identify relevant threat information from these advisories and map (Fig. 1, ¶27). The analysis system 202 may use a web crawler to scan documents referenced by specified uniform resource identifiers (URIs), e.g., for one or more of the unstructured data sources 204, to identify unstructured data. In some examples, the analysis system 202 may analyze a particular document, e.g., presented in a web browser or otherwise selected by a user, to determine unstructured data. For instance, a plugin in a web browser or another application may analyze content presented in the web browser and, upon identifying unstructured threat information, send that identified information to a server associated with the analysis system 202, e.g., that executes at least part of the analysis system 202. (¶53).
Updated search has yielded the following reference:
The reference by Joshua Cajetan Rebelo (US PGPUB. # US 2016/0085970) discloses, a vulnerability assessment engine is disclosed. The vulnerability assessment engine may include a shim application and a shim agent. The shim application sits at a relatively low level in an operational stack, such as just above the operating system itself. It may intercept system calls through operating system hooks or other means, so as to determine whether an action taken by an executable object should be allowed. The vulnerability assessment engine sends an identifier, such as a common platform enumeration (CPE)-like string to a server, which queries a database to determine a response code for the action. The response code may indicate (Abstract). The reference talks about plurality software running on a client device having different vendors for different software. It has CPE string that has metadata regarding vendor name, software version etc. (¶63-¶64, Table - 1).
The reference by Garg et al. (US PAT. # US 7,953,746) discloses, a current search query is received during a search session. The current search query includes one or more current search tokens. Potentially inaccurate search tokens are identified from the one or more current search tokens. A possible replacement token is identified based upon the potentially inaccurate search token. A group of related tokens is identified from query logs, and a modified search query is generated if the replacement token is not included in the related tokens. (Abstract). 
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “……generating, at the vulnerability assessment server, a first query that comprises a first set of query tokens based on the set of metadata;
generating, at the vulnerability assessment server, based on machine learning, a second query that comprises a second set of query tokens that is based on the set of metadata, wherein tokens in the second set of query tokens are  

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 11 is a system claim of above method claim 1, therefore, it is also allowed.
Claims 2-10 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 12-20 depend on the allowed claim 11, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498