Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
This is in response to the amendments filed on 12/06/2021.  Claims 1, 3, 9 and 15 have been amended.  Claims 1-20 are pending and have been considered below.

Priority
Acknowledgment is made of no claim of foreign priority.

Drawings
The drawings filed on 11/18/2019 are accepted.

Specification
The amendment to the specification filed on 11/18/2019 is accepted.

Response to Arguments
Applicant’s arguments with respect to newly amended independent claims such as “ prior art of record fails to teaches the newly added limitations to the claim, remarks pages 8-10 have been considered but are moot in view of the newly find prior art to Mcwan et a
Applicant arguments with respect to “Pistoia is directed to privacy vulnerabilities in a mobile application. See J [0005]. Pistoia mitigates privacy vulnerabilities by tracking how information flows through an application, detecting when the application releases private information, and obfuscating the information before it is released. See § [0006]. Thus, Pistoia operates on only one type of data—private information—and takes only one type of action—obfuscation. Pistoia does not configure targeted actions based at least in part on a type of data stored on the computer system” remarks  page 10 have been fully considered but they are not persuasive: because Pistoia  operate on different type of private data (see par.31, device location, device identifier user name , user’s surfing habits, mobile phone number, a WiFi network, ) and different action based on type of private data see par.[0026]wherein Pstoia teaches that the  method then enables a user, via an interface or automatically, to precisely modify only the private value, leaving the remaining values intact. This can be achieved in multiple ways: for example, once the user is prompted with the information about the private value that is about to be leaked by the application, the user can be prompted with an automatically-generated substitution or given the option to choose which alternative value to replace the sensitive value with. The system can also be configured in a fully automated way so that the use is not even prompted, and the sensitive values are automatically substituted with privacy-preserving values. And par 33-35 teaches that the processor run monitoring method 300 for tracking how the detected privacy value for that method is used or transformed by the particular mobile application and, generates a value-derivation tree and records any of the private values as part of the value-derivation tree
Applicant’s arguments with respect to newly amended dependent claim 3 such as “ prior art of record fails to teaches the newly added limitations to the claims, remarks page 10 have been considered but are moot in view of the newly find prior art to Hugard, IV et al U.S. 2013/0247207.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 6-10, 12, 14-17, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hackenberger et al U.S. 2002/0184532 A1 in view of Phillips et al U.S. 2005/0182967 A1 in further view of Mcwan et al U.S 2011/0138467 A1.
Claim 1: Hackenberger et al teaches a computer-implemented method, comprising: 
configuring a vulnerability lockdown module (response module) implemented on a computer system to perform targeted actions to change a configuration of the computer system (par.5, 28, the response module 170 is an example of a security response module that can take action to correct a security issue identified by one of the monitoring modules.  A response module is able to address intrusions or security vulnerabilities that are identified by a monitoring or assessment module. Examples of response modules are auto-fix modules which correct vulnerabilities by changing permissions or applying patches);
 identifying a vulnerability on the computer system by scanning with a vulnerability scanner (assessment module) (par.5, 28, 36,  an assessment module is able to identify and evaluate potentially exploitable weaknesses or security risks in the network or on one or more computers making up that network. Examples of assessment modules are host based modules which assess file access permissions or patch states, and scanners which identify vulnerabilities by attempting to exploit them across the network);
 communicating the vulnerability to the vulnerability lockdown module (par.5, 28, the response module 170 could receive security data directly from a monitoring module and take an action to correct a security issue identified by one of the monitoring modules); and
Hackenberger et al teaches that the vulnerability lockdown module to correct security issue identified by monitoring module (par .28), but fails to specify that the action is to restrict functionality of the computing system.  Philipps et al in the same field of endeavor teaches
 implementing, by the vulnerability lockdown module (network security module), a vulnerability lockdown mode by causing the computer system to perform the targeted actions to change the configuration of the par.42-45, 48, 50, the network security module to obtain the most accurate and sufficient security information to protect the computer 302 according to the computer's specific current configuration. Based on the computer's particular configuration information in the security information request, the security service 306 identifies relevant security information to protect the computer from known or perceived computer system vulnerabilities. The security information includes protective security measures, to be implemented by the network security module 304, that enable the network security module to insulate the computer 302 from computer exploits of known vulnerabilities. Protective security measures may include any number of network activity controls, or combinations thereof, including, but not limited to: blocking all network activities between the computer 302 and the network 110, except communications between certain known, secure network locations; blocking network traffic on specific communication ports and addresses; blocking communications to and/or from certain network-related applications; and blocking access to particular hardware or software components on the computer 302). 
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Hackenberger et al with the addition feature of Phillips et al in order to provide the ability for Phillips et al par.2.
The combination fails to teach, however Mcwan et al in the same field of endeavor teaches
wherein the targeted actions performed by the computer system comprise increased logging of system activities (par.31, 36, Depending on the type of security event, the response may include sending a notification to an incident response team 310, notifying the content provider through provider portal 312, increasing logging of events on the network or at various systems within the network, or initiating automatic attack mitigation procedures).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Hackenberger et al with the addition feature of Mcwan et al in order to provide the ability to monitor  network for potentially malicious traffic , correlate the information and the potentially malicious traffic to identify a security event, and trigger a response to the security event, as suggested by Mcwan et al abstract.
Claims 9 and 15: Hackenberger et al a non-transitory computer readable medium having stored therein instructions that are executable by one or more processors to perform operations for providing a vulnerability lockdown mode and a computer system, the operations including, comprising:
Fig.2A, par.28-30); and 
a processor coupled to the memory and operable to execute the processor readable instructions (Figs.1, 2 A-B, par.28-30) for performing operations including:
 	configuring a vulnerability lockdown module to perform one or more targeted actions to change a configuration of the computer system (par.5, 28, The response module 170 is an example of a security response module that can take action to correct a security issue identified by one of the monitoring modules.  A response module is able to address intrusions or security vulnerabilities that are identified by a monitoring or assessment module. Examples of response modules are auto-fix modules which correct vulnerabilities by changing permissions or applying patches); 
identifying vulnerabilities on the computer system (par.5, 28, 36, an assessment module is able to identify and evaluate potentially exploitable weaknesses or security risks in the network or on one or more computers making up that network. Examples of assessment modules are host based modules which assess file access permissions or patch states, and scanners which identify vulnerabilities by attempting to exploit them across the network); 
 	communicating the vulnerability to the vulnerability lockdown module (par.5, 28, the response module 170 could receive security data directly from a monitoring module and take an action to correct a security issue identified by one of the monitoring modules); and 
Hackenberger et al teaches that the vulnerability lockdown module to correct security issue identified by monitoring module (par .28), but fails to specify that the action is to restrict functionality of the computing system. Philipps et al in the same field of endeavor teaches
implementing a vulnerability lockdown mode by the vulnerability lockdown module (network security module) by causing the computer system to perform the targeted actions to change the configuration of the computer system by restricting functionality of portions of the computer system affected by the identified vulnerability (par.42-45, 48, 50, the network security module to obtain the most accurate and sufficient security information to protect the computer 302 according to the computer's specific current configuration. Based on the computer's particular configuration information in the security information request, the security service 306 identifies relevant security information to protect the computer from known or perceived computer system vulnerabilities. The security information includes protective security measures, to be implemented by the network security module 304, that enable the network security module to insulate the computer 302 from computer exploits of known vulnerabilities. Protective security measures may include any number of network activity controls, or combinations thereof, including, but not limited to: blocking all network activities between the computer 302 and the network 110, except communications between certain known, secure network locations; blocking network traffic on specific communication ports and addresses; blocking communications to and/or from certain network-related applications; and blocking access to particular hardware or software components on the computer 302). 
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Hackenberger et al with the addition feature of Phillips et al in order to provide the ability for protecting a computing device in a networked environment from attacks, as suggested by Phillips et al par.2.
The combination fails to teach, however Mcwan et al in the same field of endeavor teaches
causing the computer system to perform the targeted actions, which include increased logging of system activities (par.31, 36, Depending on the type of security event, the response may include sending a notification to an incident response team 310, notifying the content provider through provider portal 312, increasing logging of events on the network or at various systems within the network, or initiating automatic attack mitigation procedures).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Hackenberger et al with the addition feature of Mcwan et al in order to provide the ability to monitor network for potentially malicious traffic, correlate the information and the potentially malicious traffic to identify a security event, and trigger a response to the security event, as suggested by Mcwan et al abstract.
Claim 2: the combination teaches 
wherein the configuring the vulnerability lockdown module comprises: configuring one or more targeted actions to be performed by the computer system in response to identification of a specific vulnerability or type of vulnerability (Phillips et al par. 43-45, 48, 50, 62, 65). 
The same motivation to modify Hackenberger et al in view of Phillips et al applied to claim 1 above applies here.
Clams 10 and 16: the combination teaches 
Phillips et al par. 43-45, 48, 50, 62, 65). 
The same motivation to modify Hackenberger et al in view of Phillips et al applied to claims 9 and 15 above applies here.
Claims 4, 12 and 17: the combination teaches  
the vulnerability lockdown mode is operable to change the configuration of the computer system by limiting functionality of the computer system with respect to operations of the computer system that are affected by the identified vulnerability while permitting operations of the computer system unaffected by the identified vulnerability (Phillips et al, par.43-45, 65-67, 69-70). 
The same motivation to modify Hackenberger et al in view of Phillips et al applied to claims 1, 9 and 15 above applies here.
Claim 6: the combination teaches  
wherein the vulnerability lockdown module comprises a part of an operating system of the computer system (Philipps et al, par. 61). 
The same motivation to modify Hackenberger et al in view of Phillips et al applied to claim 1 above applies here.
Claims 7 and 20: the combination teaches  
wherein the vulnerability lockdown module comprises an application executing on the computer system (Phillips et al par. 61). 
The same motivation to modify Hackenberger et al in view of Phillips et al applied to claims 1 and 15 above applies here.
Claims 8, 14 and 19: the combination teaches  
disabling the vulnerability lockdown mode when the identified vulnerability is no longer detected by a subsequent vulnerability scan (Phillips et al, par. 45, 68). 
The same motivation to modify Hackenberger et al in view of Phillips et al applied to claims 1, 9 and 15 above applies here.

Claim 11 is  rejected under 35 U.S.C. 103 as being unpatentable over Hackenberger et al U.S. 2002/0184532 A1 in view of Phillips et al U.S. 2005/0182967 A1 in further view of Mcwan et al U.S 2011/0138467 A1 and  Pistoia et al U.S. 2020/0082096 A1.
Claim 11: the combination fails to teach, however Pistoia et al in the same field of endeavor teaches
wherein the targeted actions are configured based at least in part on a type of data stored on the computer system (par.6, 21, 23). 
Hackenberger et al with the addition feature of Pistoia et al in order to provide the ability for repairing security vulnerabilities of an application running on a device, as suggested by Pistoia et al abstract.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Hackenberger et al U.S. 2002/0184532 A1 in view of Phillips et al U.S. 2005/0182967 A1 in further view of Mcwan et al U.S 2011/0138467 A1 and Hugard, IV et al U.S. 2013/0247207 A1.
Claim 3: the combination fails to teach, however Hugard, IV et al in the same field of endeavor teaches
wherein the targeted actions are configured based at least in part on a type of data stored on the computer system  and the potential severity of the impact on the computer system if the vulnerability is exploited (par.15, 21-22) . 
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Hackenberger et al with the addition feature of Hugard, IV et al in order to provide the ability A vulnerability manager 20 is coupled to scan engine 14 and is configured to permit users 16 to design and execute customized vulnerability scans on the Hugard, IV et al par.13.

Claims 5, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hackenberger et al U.S. 2002/0184532 A1 in view of Phillips et al U.S. 2005/0182967 A1 in further view of Mcwan et al U.S 2011/0138467 A1 and  Diamant et al U.S. 2009/0038015 A1.
Claims 5, 13 and 18: the combination fails to teach, however Diamant et al in the same field of endeavor teaches
providing a notification requesting configuration information via a user interface device when the targeted actions have not been configured for an identified vulnerability (par.26). 
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the combined teaching of Hackenberger et al with the addition feature of Diamant et al in order to provide the ability for automatic detection of a vulnerability exploit, as suggested by Diamant et al abstract.
Conclusion
The following prior art are cited to further show the state of the art at the time of applicant’s invention.
Oliphant et al U.S. 2016/0094576 A1 anti-vulnerability system, method and computer program product.
Wolff U.S. 2013/0198848 A1 remediation of computer security vulnerabilities.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685. The examiner can normally be reached 6:30-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





Saturday, January 15, 2022

/FATOUMATA TRAORE/             Primary Examiner, Art Unit 2436