DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3, 4, 6, 7, 8, 18, 19, 21, 22, 23, 33, 34, 36, 37, 38 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 3, 4, 6, 7, 8, 18, 19, 21, 22, 23, 33, 34, 36, 37, 38 recite “…the data privacy compliance…”  There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –



Claims 1-45 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rieke (Pub. No. US 2016/0072831).

As per claims 1, 16, 31, Rieke discloses an apparatus for implementation of a system for modeling and analysis in a computing environment, the apparatus comprising: a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to implement at least: identify elements of an information system configured for implementation by a system platform, the elements including components and data flows there between, the components including one or more of a host, process, data store or external entity (see computing elements, network elements, management elements, security elements…par. 40-44); compose a data flow diagram for the information system, the data flow diagram including nodes representing the components and edges representing the data flows, providing structured information including attributes of the components and data flows (see par. 50-52, 111); monitor an environment (see the security control software can monitor changes…par. 74); receive a trace from the monitored environment (see par. 74-75); create an inventory of active and relevant computing assets (see par. 54-57, 74-75); generate a topology of computing assets and interactions (see par. 111); store the topology in a catalog (see par. 131); and identify at least one of a privacy compliance and a security compliance of the monitored environment (…generating a compliance level for each compliance control…see par. 94-95).


As per claims 2, 17, 32, Rieke discloses a compliance analyzer indicator configured to perform an analysis which includes being configured to: identify at least one of a measure of the privacy compliance and a measure of the security compliance of the environment, and identify at least one of a suggested mitigation and a suggested remediation wherein the suggested mitigation and suggested remediation are implementable to reduce at least one of the measure of the privacy compliance and the security compliance to a lower measure of privacy compliance and a lower measure of security compliance (see par. 97-101).


As per claims 3, 18, 33, Rieke discloses a processor configured to at least one of automatically mitigating the data privacy compliance, automatically mitigating the security compliance, automatically remediating the data privacy compliance, and automatically remediating the security compliance (see par.88).


As per claims 4, 19, 34, Rieke discloses wherein at least one of automatically mitigating the data privacy compliance, automatically mitigating the security compliance, automatically remediating the data privacy compliance, and automatically remediating the security compliance is based on a plug-and-play virtualized control (see par. 97-99).


As per claims 5, 20, 35, Rieke discloses wherein the privacy compliance and the security compliance refers to a circumstance or an event with a likelihood to have an adverse impact on the environment, and the measure of a current risk is a function of measures of the privacy compliance and the security compliance (see par. 109-110).


As per claims 6, 21, 36, Rieke discloses a processor configured to at least one of transparently monitoring the data privacy compliance, and transparently monitoring the security compliance (see par. 95-97).


As per claims 7, 22, 37, Rieke discloses wherein the at least one of transparently monitoring the data privacy compliance, and transparently monitoring the security compliance includes threat modeling of at least one of the data privacy compliance and the security compliance (see par. 33).


As per claims 8, 23, 38, Rieke discloses wherein the data privacy compliance monitoring is achieved with a binary instrumentation (see par. 109).


As per claims 9, 24, 39, Rieke discloses wherein the security compliance monitoring is achieved with a network capture (see par. 112).


As per claims 10, 25, 40, Rieke discloses wherein a compliance analyzer indicator is configured to: perform an analysis which includes being configured to: obtain execution environment-specific information from all the running applications within the environment; capture a flow of information between network objects; and generate facts from received flow information (see par. 111-112).


As per claims 11, 26, 41, Rieke discloses generate meaningful facts from received execution environment- specific information (see par. 113-114).


As per claims 12, 27, 42, Rieke discloses wherein generate meaningful facts includes determine the availability of software assets (see par. 111-112).


As per claims 13, 28, 43, Rieke discloses wherein the trace from the monitored environment is at least one of a security-relevant trace and a data privacy- relevant trace from an application through an agent (see par. 58-60).


As per claims 14, 29, 44, Rieke discloses wherein traces are stored in a trace repository (see par. 54-55).


As per claims 15, 30, 45, Rieke discloses wherein one or more traces are joined (see par. 74).


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to providing automated security service tools for target software in a virtualized execution environment.

Tripp (Pat. No. US 9690945); “Security Analyzing Using Relational Abstraction of Data Structures”;
-Teaches analyzing and detecting an instance of a container within program code using a processor and tracking a data flow of the program code…see col.1 lines 53-61.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 5712724219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2436