DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the first inventor to file provisions of the AIA . 

Applicant(s) Response to Office Action
The response filed on 9/23/2021 has been entered and made of record.
Response to Amendment/Remarks
Claims 1, 7, 10-11, and 13-17 have been amended.  Claims 8-9 and 18-19 have been cancelled.  Claims 20-22 have been added new.  Claims 1-7, 10-17, and 20-22 remain pending in the application.

Applicant's remarks and/or amendments to claims have overcome each and every claim rejection under 35 U.S.C. 101 previously set forth.  Accordingly, said claim rejections as articulated therein are withdrawn.

Regarding, 35 USC 112(f) as well as corresponding rejections under 35 USC 112(b) and 35 USC 112(a), examiner appreciates the effort made to advance prosecution, but respectfully disagrees. 
	Before digressing into the details, examiner notes that the interpretation and corresponding rejections can be overcome by simply incorporating a “processor coupled to a memory” executing the disclosed “generator” and “constructor”.  Such an addition 
	As for the amendments to claims 10-11, and 13-16 simply replace one generic placeholder for another.  For example a “generator configured to generate” and a “constructor configured to generate” also invoke 35 USC 112(f).  Other claim language used within this grouping of claims have case law which clearly distinguishes the structure of the limitation (e.g. “interface” in claim 10 and “engine” in claim 12).  However, “generator” and “constructor” are more generic placeholders which do not use the word “means” which nonetheless invoke the statute.  Applicant states that there is an inherent reference to structure for these generic terms, however the instant specification does not even make a broad generalization to the effect of “the units describe herein can be implemented with a “processor coupled to a memory” or something to this effect which is commonly done in patent applications.  Hence, the structure for these generic placeholders does not exist.  Accordingly, said rejections under 35 USC 112(a) and 35 USC 112(b) have been updated based on the amendments and are maintained.  

Applicant's remarks regarding rejections under 35 USC 102 and 35 USC 103 have been fully considered but are moot in light of new grounds of rejection necessitated by applicant’s amendments.  Examiner notes that the claim limitations of canceled claims 8-9 and 18-19 have not been explicitly incorporated into their respective independent claims, but done so with modification of various claim limitations, thus presenting a newly amended claim scope of the instant claims.


Claim Objections
Claim(s) 12 and 22 is/are objected to because of the following informalities: The examiner suggests the following corrections:Claim 12:
Replacement of "the method according claim 11" with "the apparatus according claim 11".
Claim 22:
Move quotation mark after period to right after the word “comprise”.

Claim Interpretations - 35 USC § 112(f)
The following is a quotation of 35 U.S.C. 112 (f): 
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

	(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
	(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
	(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
	Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
	Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  
Such claim limitation(s) is/are: “an attack graph generator configured to …” in claims 10, and 14-16; “an attack graph ontology constructor configured to…” in claim 10; “an attack graph semantic instance generator configured to generate…” in claims 10, and 13.

	Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112 (b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim(s) 10-17  are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding claim(s) 10 and 13-16, the claim limitations identified above, respectively invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, 
Dependent claim(s) 11-12, and 17 is/are rejected for the reasons presented above with respect to rejected claim(s) 10 in view of their dependence thereon. 
	Applicant may:
	(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
	(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
	(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
	If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 

	(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

The following is a quotation of 35 U.S.C. 112 (a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

	Claim(s) 10-17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.

 	Examiner recommends adding a processor coupled to a memory which execute the described units.	

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-7, and 10-17 and 20-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cohen et al. (US 2005/0193430 A1), in view of Falodiya et al. (“Security Vulnerability using Ontology-based Attack Graphs”, 2017, IEEE, 2017 14th IEEE India Council International Conference (INDICON), pp 1-5).

Regarding claims 1 and 10, Cohen teaches:
“A method of searching for an attack path (Cohen, Fig. 2, ¶ 57-66 teach a computer implement system to search for attack paths), the method comprising: 	generating an attack graph by using information (Cohen, ¶ 27-32, and 46, attack graph is generated based on the states of various computing entities); 	generating an attack graph ontology for the attack graph (Cohen, ¶ 33, edges connect nodes of the graph representing vulnerability actions); 	generating a semantic attack graph by imparting semantics to the attack graph on the basis of the attack graph and the attack graph ontology (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed. Cohen Fig. 5 depicts an example of this);  	searching for an attack path from the semantic attack graph to identify one or my security vulnerabilities (Cohen, ¶ 34-37, 48-52 and 54 the graph is traversed from various start points to various endpoints to identify possible attacks through attack paths of the graph to , i.e., Cohen ¶ 37and ¶ 54); and 
outputting a result of the searching for the attack path (Cohen, ¶ 61, and 63-64 analytic engine generates an output of the search results which is delivered to the report generator which is then delivered to the user through the graphical user interface)”.
Cohen does not, but in related art, Falodiya teaches:	“by determining a relationship between two nodes in the attack to a property, and imparting the property to an edge connected between the two nodes (Falodiya, Figs. 2, 3, Table III and Algorithm 1 depict and describe creating edges between subjects and objects and relating them with a predicate value);
wherein the property comprises a subject, a predicate , and an object (Falodiya, Fig. 3, and Table III depicts subjects and objects and relating them with a predicate value), and 
wherein the subject comprises information on the subject of an action (Falodiya, Fig. 3, and Table III depicts exemplary subjects as hosts and attacks), the predicate comprises information on the action of the subject and the relationship between the subject and the object (Falodiya, Fig. 3, and Table III depicts exemplary predicates connecting subjects and objects including “has”, “performs” and “includes”), and the object comprises information on a configuration on which the action of the subject is performed (Falodiya, Fig. 3, and Table III depicts exemplary objects as vulnerabilities,, admin privileges and attacks)” .
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Cohen and Falodiya, to modify the graph based attack detection system of Cohen to include the ontology based attack graph vulnerability analysis as taught in Falodiya.  The motivation to do so constitutes applying a known technique (i.e., ontology based attack graph vulnerability analysis) to known devices and/or methods (i.e., the graph based attack detection system) ready for improvement to yield predictable results.
 
Regarding claims 2, 11, and 12, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the searching for the attack path comprises: 	generating an instance of the semantic attack graph (Cohen, ¶ 34 user enters the start and end points for analysis of attack paths); and 	generating an attack path for the instance of the semantic attack graph (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed.  Cohen Fig. 5 depicts an example of this)”.

Regarding claims 3 and 13, Cohen in view of Falodiya teaches:
“The method according to claim 2 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the searching for the attack path is performed on the basis of the generated attack path (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed)”.

Regarding claims 4 and 14, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the generating of the attack graph comprises configuring a state node in the attack graph, in which the state node includes status information and vulnerability information of a host (Cohen, ¶ 29-32 graph nodes contain a state of a given service or device including their vulnerability information which sets logical constraints on the actions that it can use to reach additional nodes)”.

Regarding claims 5 and 15, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the generating of the attack graph comprises generating a network path between two hosts in the attack graph (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes )”.

Regarding claims 6 and 16, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the generating of the attack graph comprises: 	receiving, as an input, a network reachability between two hosts (Cohen, ¶ 34 user enters the start and end points for analysis of attack paths), 	determining whether an attack is to occur on the basis of a vulnerability (Cohen, ¶ 53-56, the likelihood that an attack will occur is determined based on aspects of the vulnerability), and 	generating the attack path (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed)”.

Regarding claims 7 and 17, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the information includes at least one of information selected from among host information, network topology information, (Cohen, ¶ 28-32 the information includes network topology information and information about the states of the host machines)”.

Regarding claim 20, Cohen in view of Falodiya teaches:
A non-transitory computer readable medium storing instructions that, when executed by the processor (Cohen, ¶ 16 teaches a computer readable storage medium to perform the method steps), cause the processor to perform the method of claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above). 

Regarding claim 21, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the object comprises any one or any two or more of a vulnerability node, a host device, and a component privilege (Falodiya, Fig. 3, and Table III depicts exemplary objects as vulnerabilities, hosts, admin privileges, and attacks). 

Regarding claim 22, Cohen in view of Falodiya teaches:
“The method according to claim 1 (Cohen in view of Falodiya teaches the limitations of the respective parent claims as discussed above), wherein the predicate comprises any one or any two or more of "exploit," "has," (Falodiya, Fig. 3, and Table III depicts exemplary predicates connecting subjects and objects including “has” and “exploits”)”. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 
 	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO 

/STEPHEN GUNDRY/
Examiner, Art Unit 2435

/J. BRANT MURPHY/Primary Examiner, Art Unit 2435