Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Arguments
In communications filed on 10/15/2021, claims 1, 8-10, 13, 20-22, 25, and 26 are presented for examination. Claims 1 and 13 are independent.
Amended claims: 1, 13
New claims: 25-26
Restriction: Applicants’ arguments, see Applicant Arguments/Remarks field 10/15/21, are unpersuasive. Claims 7 and 19 recite a subspecies of the invention that require interfacing with data in the system model based on an underlying reasoning infrastructure to provide domain-specific semantically relevant language for the one or more semantically relevant queries. The subspecies of claims 7 and 19 are closely related to Group II subspecies as Group II claims deal with query processing. Contrary to Applicant’s arguments, the Restriction Requirement has clearly articulated rationale for requiring restriction between multiple distinct sets of subspecies recited in the claims. The species are independent or distinct because they are 
Applicants’ arguments, see Applicant Arguments/Remarks field 10/15/21, with respect to claims rejected under prior art have been fully considered and are unpersuasive. Contrary to Applicant’s argument, Lotem et al combination discloses: converting one or more features from cyber threat reports to one or more semantically relevant queries over the system model; (Lotem: col. 5:28 to col. 6:14, i.e., creating system relevant dictionary (i.e., semantic) of attacks from vulnerabilities reports provided by CVE and wherein (col. 7:60 to col. 8:16 and col.9:44-61) the dictionary allows queries to be run over the model). Lotem implicitly teaches ‘semantically’ as Lotem discloses creating a dictionary of attacks from vulnerabilities reports. However, Lotem does not explicitly disclose ‘semantically’ as recited in the claim. In analogous art, Wang teaches applying semantic technologies to vulnerability models such as defined by standard vulnerabilities reports CVE, CVSS et 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of 
Claim 1, 8, 10, 13, 20, 22, 25, and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 8407798 B1 (hereinafter ‘Lotem’) in view of US 20190354809 A1 (hereinafter ‘Ralhan’) in view of Wang, Ju An, and Minzhe Guo. "Security data mining in an ontology for vulnerability management." 2009 International Joint Conference on Bioinformatics, Systems Biology and Intelligent Computing. IEEE, 2009 (hereinafter ‘Wang’).

As regards claim 1, Lotem (US 8407798 B1) discloses: A computer-implemented method for acting on cyber risks, comprising (Lotem: Fig. 1, col. 1:40 to col. 2-34): gathering system characteristics and system information for a cyber system; (Lotem: Fig. 1, col.4:55 to col.5:25, i.e., modeling the network by gathering various attributes and characteristics of the various elements of the network system)
pre-processing the system characteristics and system information to identify vulnerabilities that are relevant to the 
generating a system model of a cyber environment for the cyber system, wherein; (Lotem: Fig. 1, col.4:55 to col.5:25, i.e., generating the model)
the system model comprises multiple layers; (Lotem: Fig. 1, col. 2:63 to col. 3:15, col.4:55 to col.5:25, i.e., generating the model wherein the model includes all hardware, software, services of the network. See also, Wang: pages 4-6, Figs. 4-6) the multiple layers comprise a hardware layer, a software layer, a file layer, and a work process layer; (Lotem: Fig. 1, col. 2:63 to col. 3:15, col.4:55 to col.5:25, i.e., generating the model wherein the model includes all hardware, software, services (i.e., workflow) of the network. See also, Wang: pages 4-6, Figs. 4-6)
However, Lote et al do not but in analogous art, Relhan teaches: the work process layer comprises work processes that comprise mission tasks or objectives; (Relhan: Figs. 8-10, ¶106-¶124, i.e., the system model includes workflow process modeling, file system, deployment workflow process associated with the objective of system)

Lotem et al combination the file layer comprises data that supports the work processes; the software layer comprises applications that supports the data or work processes; and the hardware layer comprises hardware infrastructure for the cyber system; (Lotem: Fig. 1, col. 2:63 to col. 3:15, col.4:55 to col.5:25, i.e., generating the model wherein the model includes all hardware, software, services of the network. See also, Wang: pages 4-6, Figs. 4-6. See also, Relhan: Figs. 8-10, ¶106-¶124)
converting one or more features from cyber threat reports to one or more semantically relevant queries over the system model, wherein the converting is based on the multiple layers; (Lotem: Fig. 1, col. 2:63 to col. 3:15, col.4:55 to col.5:25,  col. 5:28 to col. 6:14, i.e., creating system relevant dictionary of attacks from vulnerabilities reports provided by CVE and wherein (col. 7:60 to col. 8:16 and col.9:44-61) the dictionary allows queries to be run over the network (i.e., cyber) model)
However, Lotem does not explicitly disclose ‘semantically’ as recited in the claim. In analogous art, Wang teaches applying 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify Lotem to including applying semantic technologies to vulnerability models such as defined by standard vulnerabilities reports CVE, CVSS et al and converting the reports to semantically relevant model as taught by Wang with the motivation to perform reasoning, gain knowledge, and perform queries on the converted reports (Wang: Abstract, pages 1-5, Figs. 2, 5, 6)    
Lotem et al combination further teaches: reasoning over the multiple layers of the system model to generate one or more answers relevant to the one or more semantically relevant queries; and (Lotem: col. 5:28 to col. 6:14, i.e., creating system relevant dictionary of attacks from vulnerabilities reports provided by CVE and wherein (col. 7:60 to col. 8:16 and col.9:44-61) the dictionary allows queries to be run over the model. See also, Wang: Abstract, pages 1-5, Figs. 2, 5, 6) 
executing attack models over the system model to generate actionable intelligence. (Lotem: col. 6:19 to col. 7:3, i.e., 

Claim 13 recites substantially the same features as recited in claim 1 above and is rejected based on aforementioned rationale discussed in the rejection. Lotem, Wang combination further discloses the additional recited element of software application (Lotem: Col. 2:5-35, col 13:48 to col 14:4. See also, Wang: Fig. 6, Abstract, pages 1-5)

As regards claim 8, Lotem et al combination further discloses the computer-implemented method of claim 1, wherein the reasoning comprises: utilizing the system characteristics and system information as one or more facts; (Lotem: Fig. 1, col.4:55 to col.5:25, i.e., modeling the network by gathering various attributes and characteristics of the various elements of the network system represented as events/data items) accepting one or more rules to operate on the one or more facts; and (Lotem: Col. 3:29 to col. 4:46, i.e., applying rules on the events/data items) conducting the reasoning using logical deduction over the one or more rules and one or more facts. (Lotem: Col. 3:29 to col. 4:46, i.e., performing analysis on the application of the rules to the events/data items) 

Claim 20 recites substantially the same features as recited in claim 8 above and is rejected based on aforementioned rationale discussed in the rejection.

As regards claim 10, Lotem et al combination further discloses the computer-implemented method of claim 8, wherein the reasoning further comprises: ranking the one or more answers by the confidence scores; and utilizing the ranking to select one or more of the one or more answers. (Lotem: Col. 3:29 to col. 4:46, i.e., performing analysis on the application of the rules to the events/data items)

Claim 22 recites substantially the same features as recited in claim 10 above and is rejected based on aforementioned rationale discussed in the rejection.

As regards claim 25, Lotem et al combination further discloses the computer-implemented method of claim 1, wherein: the one or more semantically relevant queries are specific to the cyber system. (Lotem: Fig. 1, col. 2:63 to col. 3:15, col.4:55 to col.5:25,  col. 5:28 to col. 6:14, i.e., creating system relevant dictionary of attacks from vulnerabilities reports provided by CVE and wherein (col. 7:60 to col. 8:16 and col.9:44-61) the dictionary allows queries to be run over the 

Claim 26 recites substantially the same features as recited in claim 10 above and is rejected based on aforementioned rationale discussed in the rejection.

Claim Objections
Claims 9 and 21 are objected.  Claims recite allowable subject matter: “passing each of the one or more factors through an age function, wherein the age function computes an age value confidence, for each factor, with respect to age; and aggregating the age value confidences for all factors to determine the confidence score for the fact; and combining the confidence scores for all of the facts to determine an analysis score for the generated answer” not taught by prior art taken alone or in combination. Claims would be allowable if rewritten in independent form including all of the limitations of the respective base claims and any intervening claims.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/Primary Examiner, Art Unit 2432