Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/11/2021 has been entered.



EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such amendment, it MUST be submit no later than the payment of the issue fee.


Please replace the current listing of claims with the following:

1. (currently amended)	A system for sanitizing an organization’s network against attacker breach, comprising:
	a data collector, gathering information about network hosts, including endpoint computers and server computers within an organization’s network, and about credentials stored on these computers, the credentials being used to grant users access to hosts;
	an analyzer applying graph theory to construct the organization’s network topology and connections between hosts, and to depict hosts that have credentials stored therein;
	a machine learning engine categorizing the hosts into users, groups and organizational units, and identifying key assets of the organization; and
	a security rules engine mapping real-time data collected from said data collector, analyzed by said analyzer and categorized by said machine learning engine, [[and]] automatically generating security rules for the organization’s network, that prescribe on which specific hosts which specific credentials are permitted to be stored so as to prevent exploitation of the specific credentials in case of an attacker breach, and simulating the generated security rules for existing network data offline.
2. (canceled)
3. (previously presented)	The system of claim 1 wherein said security rules engine implements production versions of the generated security rules.
4. (original)	The system of claim 1 further comprising a notification engine generating a report of all changes applied by security rule implementation, and all security rule violations that have been eliminated.
5. (original)	The system of claim 1 further comprising an analyst dashboard visualizing in real-time activities within the organizations’ network.
6. (previously presented)	The system of claim 5 wherein said analyst dashboard automatically generates security rules for the network.
7. (previously presented)	The system of claim 6 wherein said analyst dashboard activates the generated security rules in the network.
8. (original)	The system of claim 7 wherein said analyst dashboard eliminates potential attack vectors for which the activated security rules are violated.
9. (original)	The system of claim 1 further comprising an attacker view visualizing the endpoints and the servers within the organization’s network.
10. (original)	The system of claim 9 wherein said attacker view represents connections by protocol and by credentials within the network.
11. (original)	The system of claim 10 wherein said attacker view visualizes real and deceptive connections within the network.
12. (original)	The system of claim 11 wherein said attacker view identifies security rule violations across the organization’s network.
13. (original)	The system of claim 12 wherein said attacker view enables removal of credential-based security rule violations by use of actions.
14. (currently amended)	A method for sanitizing an organization’s network against attacker breach, comprising:
	gathering information about network hosts, including endpoint computers and server computers within an organization’s network, and about credentials stored on these computers, the credentials being used to grant users access to hosts;
	applying graph theory to construct the organization’s network topology and connections between hosts, and to depict hosts that have credentials stored therein;
	categorizing the hosts into users, groups and organizational units, and identifying key assets of the organization;
	mapping real-time data collected from said gathering information, analyzed by said applying graph theory and categorized by said categorizing; [[and]]
	automatically generating security rules for the organization’s network, that prescribe on which specific hosts which specific credentials are permitted to be stored so as to prevent exploitation of the specific credentials in case of an attacker breach; and
simulating the generated security rules for existing network data offline.
15. (canceled)
16. (previously presented)	The method of claim 14 further comprising implementing production versions of the generated security rules.
17. (original)	The method of claim 14 further comprising generating a report of all changes applied by security rule implementation, and all security rule violations that have been eliminated.
18. (original)	The method of claim 14 further comprising:
	visualizing in real-time activities within the organizations’ network;
	automatically inferring security rules for the network;
	activating the security rules in the network; and
	eliminating potential attack vectors for which the activated security rules are violated.
19. (previously presented)	The method of claim 14 further comprising:
	visualizing the endpoints and the servers within the organization’s network;
	representing connections by protocol and by credentials within the network; and
	visualizing real and deceptive connections within the network.
20. (original)	The method of claim 14 further comprising:

	enabling removal of credential-based security rule violations by use of actions.




Allowable Subject Matter
Claims 1, 3-14 and 16-20 are allowed.
The following is an examiner's statement of reasons for allowance: The following is an examiner's statement of reasons for allowance: This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, applicant’s amendments with arguments filed on 11/11/2021 and Examiner’s amendment make the record clear as to the reasons for allowance for this application, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed 




Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure: 
US 20120180133 A1		Systems, Program Product and Methods For Performing a Risk Assessment Workflow Process For Plant Networks and Systems
US 20030212909 A1		Tool, method and apparatus for assessing network security
US 20040015728 A1		System and method for network vulnerability detection and reporting
US 20140007241 A1		SYSTEM AND METHOD FOR IDENTIFYING EXPLOITABLE WEAK POINTS IN A NETWORK
US 20110277034 A1		SYSTEM AND METHOD FOR THREE-DIMENSIONAL VISUALIZATION OF VULNERABILITY AND ASSET DATA
US 10044745 B1		Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US 20180084012 A1		DYNAMIC POLICY INJECTION AND ACCESS VISUALIZATION FOR THREAT DETECTION

US 20050138413 A1		Network security planning architecture
US 20180191726 A1		ACCESS RELATIONSHIPS IN A COMPUTER SYSTEM
US 20150128205 A1		METHODS AND SYSTEMS FOR SECURE NETWORK CONNECTIONS
US 20140067779 A1		PREDICTIVE INFORMATION TOPOLOGY MODELING AND VISUALIZATION
US 20160191532 A1		SYSTEMS FOR NETWORK RISK ASSESSMENT INCLUDING PROCESSING OF USER ACCESS RIGHTS ASSOCIATED WITH A NETWORK OF DEVICES
US 20170048215 A1		SECURE STORAGE OF ENTERPRISE CERTIFICATES FOR CLOUD SERVICES

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/JASON CHIANG/Primary Examiner, Art Unit 2431