Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The instant application is continuation of application 15/466632.
Detailed action
Claims 1-21 are pending and are being considered.
Claims 1-12 are rejected based on nonstatutory double patenting and will be allowable when the obviousness type double patenting rejection set for the below is overcame by
filing terminal disclaimer
Claims 13-21 are rejected based on nonstatutory double patenting and 35 USC § 103.

Specification 
The specification filed on July 23, 2020 is accepted.
Drawings
The drawings filed on July 23, 2020 are accepted.
Claim Objections
Claims 1 and 13 objected to because of the following informalities: 
Claim 1 line 19 recites “…second request are satisfied” should read as “….second request are not satisfied” because the subsequent limitation recites “responsive to…….second request are not satisfied”
Claim 13 recites “determining that the first processing does not include any vulnerability of the candidate set of vulnerabilities that is exploitable by request of first type” and “determining that the second processing node does not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by requests of the second request type” in both of the above cases the request is routed to the node which does not include any vulnerability exploitable by the request. What happens when any or both processing nodes includes a vulnerability that is exploitable by first or second request? Will the  Appropriate correction is required.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/31/2020 was filed after the mailing date of the application 16/936427 on 07/23/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 3, 8-9, and 11 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-28 of U.S. Patent No. 10785248 in view of Boren (US 20100100962).
Claims 13, 14, 16, 17, 20 and 21 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-28 of U.S. Patent No. 10785248 in view of Pope et al (US 20180124092).

Current Application 16/936427
Patent Application 10785248
Claim 1:   One or more non-transitory machine-readable media storing instructions which, when executed by one or more processors, cause: identifying a candidate set of one or more vulnerabilities associated with a plurality of processing nodes; 


determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node;
 receiving a first request to be processed by at least one of the plurality of processing nodes;
 determining whether one or more criteria for applying a vulnerability-based distribution algorithm for the first request are satisfied; responsive to determining that the criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied: selecting a first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node; routing the first request to the first processing node; receiving a second request to be processed by at least one of the plurality of processing nodes; determining whether the criteria for  responsive to determining that the criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied: selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; routing the second request to the second processing node.


determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node;
 receiving a request to be processed by at least one of the plurality of processing nodes; 
selecting a particular node, of the plurality of processing nodes, for processing the request based on (a) the respective vulnerability score for each processing node and (b) a load-based distribution algorithm applied to at least a subset of the plurality of the processing nodes; wherein each of the plurality of processing nodes is analyzed for determining the respective vulnerability score; and routing the request to the particular node that was selected for processing the request based on (a) the respective vulnerability score for each processing node and (b) the load-based distribution 
identifying a candidate set of vulnerabilities associated with a plurality of processing nodes including a first processing node and a second processing node;
 analyzing each processing node, of the plurality of processing nodes, to determine a respective subset of the candidate set of vulnerabilities that are detected in each processing node;
 receiving a first request to be processed by at least one of the plurality of processing nodes; 
selecting the first processing node, rather than the second processing node, for processing the first request; 
Attorney Docket No. R00223C1 wherein the first processing node includes at least one vulnerability of the candidate set of vulnerabilities;

 



routing the first request to the first processing node; 
receiving a second request to be processed by at least one of the plurality of processing nodes; 

responsive at least to (a) determining that the second request is of the second request type and 
 selecting the second processing node, rather than the first processing node, for processing the second request; routing the second request to the second processing node.


 determining that a second processing node, of the plurality of processing nodes, does not include any vulnerability that is exploitable by requests of the first request type; 

 wherein the second processing node includes the second vulnerability that is exploitable by requests of the second request type; 
routing the first request to the second processing node;
 receiving a second request to be processed by at least one of the plurality of processing nodes; 


selecting the first processing node, rather than the second processing node, for processing the second request; 
wherein the first processing node includes the first vulnerability that is exploitable by requests of the first request type; routing the second request to the first processing node; determining that each of at least a subset of the plurality of processing nodes includes a respective vulnerability that is exploitable by requests of a third type; receiving a third request to be processed by at least one of the plurality of processing nodes; responsive at least to (a) determining that the third request is of the third type and (b) determining that each of at least the subset of the plurality of processing nodes includes the respective vulnerability that is exploitable by requests of the third type: 


All the limitations of independent claim 1 is taught by the patent application except for underlined limitation, which is taught by Boren (US 20100100962).
Boren on [0018, 0042-0042, 0055 and 0074] teaches processing request which are invulnerable based on criteria being stratified without using vulnerability score. Thus it would have been obvious for a person of ordinary skill in the art for preventing and defeating network attacks, such as denial of service or other similar network attacks.
All the limitations of independent claim 14 is taught by the patent application except for underlined limitation, which is taught by Pope et al (US 20180124092).
Pope on [0024 and 0041-0042] teaches analyzing plurality of processing nodes for set of vulnerabilities. Analyzing set of vulnerabilities at each node based on its value or score. Thus it would have been obvious for a person of ordinary skill in the art to identifying a vulnerability of an asset of a network infrastructure to mitigate and a control to implement the mitigation of the vulnerability.
The mapping of dependent claims: 
Current Application 16/927,943
3
8
9
11
14
16
17
20
21

4
2
3
4
7
8
9
10
20


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13 and  15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Boren (US 20100100962) in view of  Pope et al (hereinafter Pope) (US 20180124092). 
Regarding claim 13 Boren teaches One or more non-transitory machine-readable media storing instructions which, when executed by one or more processors, cause: (Boren on [0014] teaches the security and dynamic risk assessment and management program product stored in the memory of the defended server, can include instructions that when executed by the defended computer, cause the defended computer to perform the operations);
receiving a first request to be processed by at least one of the plurality of processing nodes (Boren on [0008-0009] teaches sending multiple service type requests to target computers 71 and 81 (i.e. plurality of nodes) as shown on Fig 1. See on [0035] teaches the service request includes pinging a computer system with an inspection code based in which it is determined that requesting computing device is vulnerable to the request or not);
responsive at least to (a) determining that the first request is of a first request type (Boren on [0008-0009] teaches sending multiple service type requests to target computers 71 and 81 (i.e. plurality of nodes) as shown on Fig 1. See on [0035] teaches the service request includes pinging a computer system with an inspection code based in which it is determined that requesting computing device is vulnerable to the request or not);
 and (b) determining that the first processing node does not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by requests of the first request type (Boren on [0042-0043] teaches the global communication network 63 is further in communication with both uncompromised computers 71 and other service requesting computers 81 by sending request to those computer which are invulnerable (i.e. node without any vulnerability that is exploitable because computers 71 are invulnerable to any request). See on [0018] teaches sending request to those computers which are invulnerable to request. See on [0055] teaches sending a user response request (urr) to each of the invulnerable computers 71, associated with the assigned set of blocked IP addressed to determine which of the IP addresses are associated with actual customers. See on [0074] teaches determining the vulnerability to exploitation and not the specific virus to which the requesting computer/system is vulnerable and the protected computer/system could either completely restrict access by the requesting computer/system and prioritize access according to the vulnerability so that during a denial of service attack, machines that are most vulnerable are provided the lowest priority in being served);
selecting the first processing node, rather than the second processing node, for processing the first request (Boren on [0016 and 0018] teaches sending request to service requesting computer if it is determine to be invulnerable. See also on [0043] teaches sending a user response request to those computers shown to be invulnerable to this simulated attack to determine which of the IP addresses are associated with compromised computers 81. See also on [0055 and 0071] teaches the steps/operations can also include sending a user response request (urr) to each of the invulnerable computers 71 (i.e. selecting a node which is invulnerable to request));
(Boren on [0016, 0018] teaches on [0055 and 0071] teaches the steps/operations can also include sending a user response request (urr) to each of the invulnerable computers 71);
receiving a second request to be processed by at least one of the plurality of processing nodes (Boren on [0008-0009] teaches sending multiple service type requests to target computers 71 and 81 (i.e. plurality of nodes) as shown on Fig 1. See on [0035] teaches the service request includes pinging a computer system with an inspection code based in which it is determined that requesting computing device is vulnerable to the request or not);
responsive at least to (a) determining that the second request is of the second request type (Boren on [0008-0009] teaches sending multiple service type requests to target computers 71 and 81 (i.e. plurality of nodes) as shown on Fig 1. See on [0035] teaches the service request includes pinging a computer system with an inspection code based in which it is determined that requesting computing device is vulnerable to the request or not);
 and (b) determining that the second processing node does not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by requests of the second request type (Boren on [0042-0043] teaches the global communication network 63 is further in communication with both uncompromised computers 71 and other service requesting computers 81 by sending request to those computer which are invulnerable (i.e. node without any vulnerability that is exploitable because computers 71 are invulnerable to any request). See on [0018] teaches sending request to those computers which are invulnerable to request. See on [0055] teaches sending a user response request (urr) to each of the invulnerable computers 71, associated with the assigned set of blocked IP addressed to determine which of the IP addresses are associated with actual customers. See on [0074] teaches determining the vulnerability to exploitation and not the specific virus to which the requesting computer/system is vulnerable and the protected computer/system could either completely restrict access by the requesting computer/system and prioritize access according to the vulnerability so that during a denial of service attack, machines that are most vulnerable are provided the lowest priority in being served); 
selecting the second processing node, rather than the first processing node, for processing the second request (Boren on [0016 and 0018] teaches sending request to service requesting computer if it is determine to be invulnerable. See also on [0043] teaches sending a user response request to those computers shown to be invulnerable to this simulated attack to determine which of the IP addresses are associated with compromised computers 81. See also on [0055 and 0071] teaches the steps/operations can also include sending a user response request (urr) to each of the invulnerable computers 71 (i.e. selecting a node which is invulnerable to request));
 routing the second request to the second processing node (Boren on [0016-0018] teaches on [0055 and 0071] teaches the steps/operations can also include sending a user response request (urr) to each of the invulnerable computers 71).
Although Boren teaches vulnerabilities associated with computer but fails to explicitly teach identifying a candidate set of vulnerabilities associated with a plurality of processing nodes including a first processing node and a second processing node, analyzing each processing node, of the plurality of processing nodes, to determine a respective subset of the candidate set of vulnerabilities that are detected in each processing node wherein the first processing node includes at least one vulnerability of the candidate set of vulnerabilities, however Pope from analogous art teaches identifying a candidate set of vulnerabilities associated with a plurality of processing nodes including a first processing node and a second processing node (Pope Fig 2 block 220 and associated text on [0024] teaches the security recommendation component 200 may include a nodes vulnerabilities sub-component 220 that may identify the vulnerabilities associated with each of the nodes of the network graph. each vulnerability may contribute a certain amount or a certain percentage. respective node that is enabled to mitigate one of the vulnerabilities of the respective asset. See also Fig 4b shows nodes 430, 444 and 445 with set of vulnerabilities as shown on the tables. Also on [0041] each node may be assigned one or more vulnerabilities);
analyzing each processing node, of the plurality of processing nodes, to determine a respective subset of the candidate set of vulnerabilities that are detected in each processing node (Pope Fig 4b block 444, 430 and 445 indicate nodes, table 445, 451 and 456 of Fig 4b shows set of vulnerabilities at each node. See also on [0041-0043] teaches analyzing set of vulnerabilities at each node based on its value or score);
Attorney Docket No. R00223C1wherein the first processing node includes at least one vulnerability of the candidate set of vulnerabilities (Pope Fig 2 block 220 and associated text on [0024] teaches the security recommendation component 200 may include a nodes vulnerabilities sub-component 220 that may identify the vulnerabilities associated with each of the nodes of the network graph. each vulnerability may contribute a certain amount or a certain percentage. respective node that is enabled to mitigate one of the vulnerabilities of the respective asset. See also Fig 4b shows nodes 430, 444 and 445 with set of vulnerabilities as shown on the tables. Also on [0041] each node may be assigned one or more vulnerabilities).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pope into the teaching of Boren by identifying a candidate set of vulnerabilities associated with a plurality of processing nodes. One would be motivated to do so in order to identifying a vulnerability of an asset of a network infrastructure to mitigate and a control to implement the mitigation of the vulnerability (Pope on [0002]).
Regarding claim 15 the combination of Boren and Pope teaches all the limitations of claim 13 above, Pope further teaches wherein the candidate set of vulnerabilities are identified from a database (Pope on [0027] teaches the vulnerabilities assigned known for each of the hardware or software characteristics may be identified from a database or a data store).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pope into the teaching of Boren by identifying a candidate set of vulnerabilities associated with a plurality of processing nodes. One would be motivated to do so in order to identifying a vulnerability of an asset of a network infrastructure to mitigate and a control to implement the mitigation of the vulnerability (Pope on [0002]).

Regarding claim 16 the combination of Boren and Pope teaches all the limitations of claim 13 above, Boren further teaches wherein analyzing each processing node, of the plurality of processing nodes, to determine the respective subset of the candidate set of vulnerabilities that are detected in each processing node comprises: executing one or more scans on each processing node (Boren on [0006, 0035 and 0048] teaches system developers have created tools to test computer and/or network security. These tools include such things as vulnerability scans which identify potentially compromised ports).
Regarding claim 17 the combination of Boren and Pope teaches all the limitations of claim 16 above, Boren further teaches wherein the one more scans comprise at least one of: a port scan, a file system scan, and a payment card industry (PCI) scan (Boren on [0006, 0035 and 0048] teaches system developers have created tools to test computer and/or network security. These tools include such things as vulnerability scans which identify potentially compromised ports).

Regarding claim 18 the combination of Boren and Pope teaches all the limitations of claim 13 above, Boren further teaches determining that a third processing node, of the plurality of processing nodes, does not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by Boren on [0042-0043] teaches the global communication network 63 is further in communication with both uncompromised computers 71 and other service requesting computers 81 by sending request to those computer which are invulnerable (i.e. node without any vulnerability that is exploitable because computers 71 are invulnerable to any request). See on [0018] teaches sending request to those computers which are invulnerable to request. See on [0055] teaches sending a user response request (urr) to each of the invulnerable computers 71, associated with the assigned set of blocked IP addressed to determine which of the IP addresses are associated with actual customers. See on [0074] teaches determining the vulnerability to exploitation and not the specific virus to which the requesting computer/system is vulnerable and the protected computer/system could either completely restrict access by the requesting computer/system and prioritize access according to the vulnerability so that during a denial of service attack, machines that are most vulnerable are provided the lowest priority in being served). 
 Pope teaches determining that a first vulnerability score associated with the first processing node is lower than a third vulnerability score associated with the third processing node (Pope on [0043] the vulnerability 3 may be assigned a value of 1 indicating a lower contribution to the probability of the vulnerability resulting in the successful security breach of the asset that is represented by the node 444).
Regarding claim 19 the combination of Boren and Pope teaches all the limitations of claim 13 above, Boren further teaches wherein selecting the first processing node, rather than the second processing node, for processing the first request comprises: identifying a subset of the plurality of processing nodes that do not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by requests of the first request type (Boren on [0042-0043] teaches the global communication network 63 is further in communication with both uncompromised computers 71 and other service requesting computers 81 by sending request to those computer which are invulnerable (i.e. node without any vulnerability that is exploitable because computers 71 are invulnerable to any request). See on [0018] teaches sending request to those computers which are invulnerable to request. See on [0055] teaches sending a user response request (urr) to each of the invulnerable computers 71, associated with the assigned set of blocked IP addressed to determine which of the IP addresses are associated with actual customers. See on [0074] teaches determining the vulnerability to exploitation and not the specific virus to which the requesting computer/system is vulnerable and the protected computer/system could either completely restrict access by the requesting computer/system and prioritize access according to the vulnerability so that during a denial of service attack, machines that are most vulnerable are provided the lowest priority in being served);  
Pope teaches determining a ranking of the subset of the plurality of processing nodes based on a respective vulnerability score of the subset of the plurality of processing nodes; determining that the first processing node is associated with a lowest vulnerability score based on the ranking (Pope on [0035] teaches a node representing an entity may be assigned a first type of conditional probability table that specifies a first value representing a low risk level and a second value representing a high risk level of the entity being subjected to an attack by an unauthorized entity. See on [0043] teaches the node 444 may be associated with vulnerabilities 3 and 9 where the vulnerability 99 is assigned a higher value than the vulnerability 3 where the higher value indicates a higher contribution to the probability of the vulnerability resulting in a successful security breach of the asset represented by the node 444. However, the vulnerability 99 is associated with the node 444 and not the nodes 430 and 445. The vulnerability 3 may be assigned a value of 1 indicating a lower contribution to the probability of the vulnerability resulting in the successful security breach of the asset that is represented by the node 444).
(Pope on [0002]).

Regarding claim 20 the combination of Boren and Pope teaches all the limitations of claim 13 above, Boren further teaches wherein selecting the first processing node, rather than the second processing node, for processing the first request comprises: identifying a subset of the plurality of processing nodes that do not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by requests of the first request type (Boren on [0042-0043] teaches the global communication network 63 is further in communication with both uncompromised computers 71 and other service requesting computers 81 by sending request to those computer which are invulnerable (i.e. node without any vulnerability that is exploitable because computers 71 are invulnerable to any request). See on [0018] teaches sending request to those computers which are invulnerable to request. See on [0055] teaches sending a user response request (urr) to each of the invulnerable computers 71, associated with the assigned set of blocked IP addressed to determine which of the IP addresses are associated with actual customers. See on [0074] teaches determining the vulnerability to exploitation and not the specific virus to which the requesting computer/system is vulnerable and the protected computer/system could either completely restrict access by the requesting computer/system and prioritize access according to the vulnerability so that during a denial of service attack, machines that are most vulnerable are provided the lowest priority in being served).  
Pope teaches determining that a vulnerability score associated with the first processing node is below a threshold value (Pope on [0035] teaches a node representing an entity may be assigned a first type of conditional probability table that specifies a first value representing a low risk level and a second value representing a high risk level of the entity being subjected to an attack by an unauthorized entity. See on [0043] teaches the node 444 may be associated with vulnerabilities 3 and 9 where the vulnerability 99 is assigned a higher value than the vulnerability 3 where the higher value indicates a higher contribution to the probability of the vulnerability resulting in a successful security breach of the asset represented by the node 444. However, the vulnerability 99 is associated with the node 444 and not the nodes 430 and 445. The vulnerability 3 may be assigned a value of 1 indicating a lower contribution to the probability of the vulnerability resulting in the successful security breach of the asset that is represented by the node 444. See on [0051] teaches a vulnerability may be identified based on the impact of the successful security breach. For example, a request may be to identify a vulnerability that contributes the most to the probability of a successful security breach between nodes that are associated with an impact above a threshold value).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pope into the teaching of Boren by identifying a candidate set of vulnerabilities associated with a plurality of processing nodes. One would be motivated to do so in order to identifying a vulnerability of an asset of a network infrastructure to mitigate and a control to implement the mitigation of the vulnerability (Pope on [0002]).

Claims 14 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Boren (US 20100100962) in view of  Pope et al (hereinafter Pope) (US 20180124092) and further in view of Cam (US 20170046519)

Regarding claim 14 the combination of Boren and Pope teaches all the limitations of claim 13 above, the combination fails to explicitly teach wherein the candidate set of vulnerabilities are identified (Cam on [0006 and 0075] teaches  the National Institute of Standards and Technology (NIST), supports the National Vulnerability Database (NVD) providing a repository for known vulnerabilities and software that contains these vulnerabilities).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Cam into the combined teaching of Boren and Pope by identifying based on a National Vulnerability Database. One would be motivated to do so in order to provide a repository for known vulnerabilities and software that contains these vulnerabilities (Cam on [0006]).
Regarding claim 21 combination of Boren and Pope teaches all the limitations of claim 13 above, Boren further teaches wherein: analyzing each processing node, of the plurality of processing nodes, to determine the respective subset of the candidate set of vulnerabilities that are detected in each processing node comprises: executing one or more scans on each processing node (Boren on [0006, 0035 and 0048] teaches system developers have created tools to test computer and/or network security. These tools include such things as vulnerability scans which identify potentially compromised ports);
 the one more scans comprise at least one of: a port scan, a file system scan, and a payment card industry (PCI) scan (Boren on [0006, 0035 and 0048] teaches system developers have created tools to test computer and/or network security. These tools include such things as vulnerability scans which identify potentially compromised ports);
selecting the first processing node, rather than the second processing node, for processing the first request comprises: identifying a subset of the plurality of processing nodes that do not include any vulnerability, of the candidate set of vulnerabilities, that is exploitable by requests of the first request Boren on [0042-0043] teaches the global communication network 63 is further in communication with both uncompromised computers 71 and other service requesting computers 81 by sending request to those computer which are invulnerable (i.e. node without any vulnerability that is exploitable because computers 71 are invulnerable to any request). See on [0018] teaches sending request to those computers which are invulnerable to request. See on [0055] teaches sending a user response request (urr) to each of the invulnerable computers 71, associated with the assigned set of blocked IP addressed to determine which of the IP addresses are associated with actual customers. See on [0074] teaches determining the vulnerability to exploitation and not the specific virus to which the requesting computer/system is vulnerable and the protected computer/system could either completely restrict access by the requesting computer/system and prioritize access according to the vulnerability so that during a denial of service attack, machines that are most vulnerable are provided the lowest priority in being served).  
Pope teaches determining a ranking of the subset of the plurality of processing nodes based on a respective vulnerability score of the subset of the plurality of processing nodes; determining that the first processing node is associated with a lowest vulnerability score based on the ranking (Pope on [0035] teaches a node representing an entity may be assigned a first type of conditional probability table that specifies a first value representing a low risk level and a second value representing a high risk level of the entity being subjected to an attack by an unauthorized entity. See on [0043] teaches the node 444 may be associated with vulnerabilities 3 and 9 where the vulnerability 99 is assigned a higher value than the vulnerability 3 where the higher value indicates a higher contribution to the probability of the vulnerability resulting in a successful security breach of the asset represented by the node 444. However, the vulnerability 99 is associated with the node 444 and not the nodes 430 and 445. The vulnerability 3 may be assigned a value of 1 indicating a lower contribution to the probability of the vulnerability resulting in the successful security breach of the asset that is represented by the node 444. See on [0051] teaches a vulnerability may be identified based on the impact of the successful security breach. For example, a request may be to identify a vulnerability that contributes the most to the probability of a successful security breach between nodes that are associated with an impact above a threshold value).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pope into the teaching of Boren by identifying a candidate set of vulnerabilities associated with a plurality of processing nodes. One would be motivated to do so in order to identifying a vulnerability of an asset of a network infrastructure to mitigate and a control to implement the mitigation of the vulnerability (Pope on [0002]).
The combination fails to explicitly teach the candidate set of vulnerabilities are identified from a National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology, however Cam from analogous art teaches the candidate set of vulnerabilities are identified from a National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (Cam on [0006 and 0075] teaches  the National Institute of Standards and Technology (NIST), supports the National Vulnerability Database (NVD) providing a repository for known vulnerabilities and software that contains these vulnerabilities).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Cam into the combined teaching of Boren and Pope by identifying based on a National Vulnerability Database. One would be motivated to do so in order to provide a repository for known vulnerabilities and software that contains these vulnerabilities (Cam on [0006]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Kuperman et al (US 20170244737) is directed towards A system is configured for protecting web applications at a host by analyzing web application behavior to detect malicious client requests. Example embodiments described herein include a proxy configured to handle network traffic between a host and clients. The proxy includes two request classification mechanisms, first a list of known clients, malicious and non-malicious, for identifying known malicious and known non-malicious requests and second a web application firewall for determining a classification for unknown requests.
Patel et al (US 20130086688) is directed towards a method for facilitating security in an information technology environment. The method includes, for instance, inspecting behavior of a web application during execution thereof in the information technology environment to determine whether a security vulnerability associated with execution of the web application in the information technology environment exists. The method further includes, for instance, responsive to determining that the security vulnerability exists, generating at least one virtual patch, the at least one virtual patch comprising one or more logical pattern expressions representative of the security vulnerability determined based on the behavior of the web application during execution.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOEEN KHAN/               Examiner, Art Unit 2436                                                                                                                                                                                         /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436