DETAILED ACTION
This is a response to Applicant reply filed on 12/16/2019, in which claims 1-20 are presented for examination.  Claims 1 and 20 are of independent form. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Allowable Subject Matter
Claims 1-20 are allowed.  
The following is an examiner’s statement of reasons for allowance: 
Independent claim 1 and intervening claims 2-19 and independent claim 20 are allowable over prior art since the prior arts taken individually or in combination fails to particularly disclose, fairly disclose, or render obvious the following limitations:
In claim 1, “…d. checking whether the selected potential attacking network node can communicate with the selected target network node to the extent required for exploiting the vulnerability corresponding to the selected target network node; 
e. in response to determining that the selected potential attacking network node can communicate with the selected target network node to the extent required, determining that the selected target network node is compromisable by the attacker; 
f. determining the way for the attacker to compromise the networked system, wherein the way for the attacker to compromise the networked system includes a step of compromising the selected target network node using the vulnerability corresponding to the selected target network node” (emphasis added) in combination with other limitations as recited in claim 1.  
Independent claim 20 recites similar limitations when compared with claim 1.    

Note that the first closest prior art Sivan (US 20160352771 A1) teaches a method for performing automatic penetration testing (PT) in an organization (par. 0009-0012) using a PT device that is physically separated into two data storage sections for performing the penetration testing and storing test results.  Sivan discloses steps for scanning the network to identify all end units and vulnerabilities in the network and creating possible attack scenarios for testing (par. 0014-0015, 0074 and 0123-0126).  However, Sivan’s attach scenarios do not include steps of selecting the attackers and the target nodes. Sivan fails to disclose the limitations of “checking whether the selected potential attacking network node can communicate with the selected target network node to the extent required for exploiting the vulnerability corresponding to the selected target network node” and “determining the way for the attacker to compromise the networked system, wherein the way for the attacker to compromise the networked system includes a step of compromising the selected target network node using the vulnerability corresponding to the selected target network node.”

Note that the second closest prior art Lucangeli (US 20110035803 A1) teaches a method for extending automated penetration testing of a target network with steps of running an attack planner using the scenario as input, to produce at least one attack plan that achieves the goal, and executing actions defined in the at least one attack plan against the target network from the penetration testing (par. 0012 and 0028-0029). However, Lucangeli dose not discloses steps of using a set of network node for selecting a target network node and a potential attacking network node from the group of nodes. Lucangeli fails to disclose the limitations of “checking whether the selected potential attacking network node can communicate with the selected target network node to the extent required for exploiting the vulnerability corresponding to the selected target network node” and “determining the way for the attacker to compromise the networked system, wherein the way for the attacker to compromise the networked system includes a step of compromising the selected target network node using the vulnerability corresponding to the selected target network node.”

Note that the third closest prior art Ashkenazy (US 20190068631 A1) discloses methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system (see the Abstract).  Ashkenazy discloses displaying a scenario to a user as one pre-defined scenario within a plurality of pre-defined scenarios made available for user selection (par. 0089-0091) wherein the lateral movement strategy of the attacker is specified (par. 0010 and 0015).  Ashkenazy teaches the user-selected type of the attacker (par. 0191), but not the step of selecting a potential attacking network node from the plurality of network nodes of the networked system which are already determined to be compromisable prior to the determination of conditional compromisability for a set of network nodes.  Furthermore, Ashkenazy fails to disclose the limitations of “checking whether the selected potential attacking network node can communicate with the selected target network node to the extent required for exploiting the vulnerability corresponding to the selected target network node” and “determining the way for the attacker to compromise the networked system, wherein the way for the attacker to compromise the networked system includes a step of compromising the selected target network node using the vulnerability corresponding to the selected target network node.”
Therefore, independent claims 1 and 20 are allowable. Dependent claims 2-19 are allowed by virtue of their dependencies on claim 1 as they further limit the scope of the claimed invention.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272-9953.  The examiner can normally be reached on Monday ~ Friday, 7:30 A.M ~ 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on (571) 272â€3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        12/11/2021